Johnakos Banner

Tuesday, February 14, 2012

Daemon Tools knows what you mounted last summer

You would have hoped that software developers would have taken the Path situation as a cue to adopt a little stricter privacy policy. According to Within Windows, Daemon Tools' anonymous data collection isn't really all that anonymous, and turning it off doesn't really turn it off.
MountSpace is a service that keeps track of the software that people are mounting and running in Daemon Tools. It does this by keeping track of every image you mount, along with information regarding the specific .iso file you used; it even knows if you're a first time user. By sending all of this information home, MountSpace ends up with your IP address, your history and who knows what else.
Daemon Tools offers you the option of disallowing MountSpace from using your mount statistics at installation, but this doesn't actually stop it from collecting them. As the privacy setting itself says, you're not telling it to stop collecting the information; you're just telling it to not 'allow Mountspace to use [your] mount statistics.' Ideally, these files are deleted immediately, but who knows?

Daemon Tools' privacy policy doesn't exactly make you feel better; its only mention of privacy comes in the form of a disclaimer saying that they aren't liable for any breaches of privacy. Ouch. And MountSpace? Actually, they don't even seem to have a privacy policy, unless you count cryptic paragraphs that don't actually say anything.
Certain (read: many and/or most, cough cough) of the .isos logged on MountSpace don't look like legitimate copies of the software in question (The Sims 3 - Razor1911 MAXSPEED.torrentz.iso doesn't sound like a legitimate file to us). Since they possess the information about these files and where they came from, this could lead to serious legal problems for the owners, if certain entities decided to focus their attention on them.

For everyone else – and, yes, there are plenty of legitimate uses of for Daemon Tools and other .iso mounting software – there's that whole invasion of privacy issue. Even if there are no legal pitfalls involved, the fact that a user's information is being collected without their consent is just wrong on principle. A little more transparency, and a little more respect for users' wishes, would go a long way.