Tradelink phoning home

[Rick May]

There was some discussion in the past (I believe it was this group) about Tradelink and how it was phoning home.  Does anyone know where that was happening?  I'd like to remove that from the code.

Thanks

[Dmitry Shevkoplyas]

Rick, I'm forwarding 2 related emails from October 2013 discussion

message 1 of 2

---------- Forwarded message ----------
From: Dmitry Shevkoplyas <shevk...@gmail.com>
Date: Sun, Oct 13, 2013 at 11:40 PM
Subject: PracPlay is tracking all your clicks in TradeLink
To: tradeli...@googlegroups.com

hi all,

For those who not yet aware, there's a feature in TradeLink (not documented) which tracks when/what you've started, how many times and what you clicked etc.

[how to reproduce]

1. take src-pure.rev3754.07-Aug-2013.before-pracplay-crippled-tradelink

2. compile

3. download and install http://www.wireshark.org/ (best packet capture tool)

    and start traffic capture

4. run any Tradelink component (say, replay or kadina)

5. click some controls, close Tradelink app

6. stop packet capture, you'll see something like 

see attached screenshot-1.png

and saved packet capture, so you don't have to do all it over again:

right after starting replay.pcapng

For now the server side is crashing and instead of some 200 OK server sends:

--------------(server crashed reply - begin)----------------------------

HTTP/1.1 500 Internal Server Error

Content-Type: text/html; charset=utf-8

Cache-Control: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Vary: Accept-Encoding

Date: Mon, 14 Oct 2013 02:04:29 GMT

Server: Google Frontend

Alternate-Protocol: 80:quic

Transfer-Encoding: chunked

665

<pre>Traceback (most recent call last):

  File &quot;/base/data/home/runtimes/python/python_lib/versions/1/google/appengine/ext/webapp/_webapp25.py&quot;, line 716, in __call__

    handler.post(*groups)

  File &quot;/base/data/home/apps/tradelinkappstore/1.347311633263061126/main.py&quot;, line 135, in post

    track.put()

  File &quot;/base/data/home/runtimes/python/python_lib/versions/1/google/appengine/ext/db/__init__.py&quot;, line 1070, in put

    return datastore.Put(self._entity, **kwargs)

  File &quot;/base/data/home/runtimes/python/python_lib/versions/1/google/appengine/api/datastore.py&quot;, line 602, in Put

    return PutAsync(entities, **kwargs).get_result()

  File &quot;/base/data/home/runtimes/python/python_lib/versions/1/google/appengine/api/apiproxy_stub_map.py&quot;, line 612, in get_result

    return self.__get_result_hook(self)

  File &quot;/base/data/home/runtimes/python/python_lib/versions/1/google/appengine/datastore/datastore_rpc.py

--------------(server crashed reply - end)----------------------------

So I was curious to see what would be actually submitted during normal program work (say Kadina replaying 1 day of some ticker against one of my responses). Biggest fear was that response itself is submitted :))

I quickly run own http server and logged all the POSTed fields/values and then fixed tradelink, repuild and run Kadina. Here what I saw collected on the server:

--------------(server-side collected POST fields - begin)----------------------------

 moved to attached file: what-would-be-normally-tracked.txt

--------------(server-side collected POST fields - end)----------------------------

As you can see every mouse click, app start/stop, tab navigation - all would be sent to the server!

[how to disable tracking]

if you search by "tradelinkappstore.appspot.com" you'll immediately find file:

tradelink\TradeLinkAppKit\AppTracker.cs

        string _URL = @"http://tradelinkappstore.appspot.com/apptracker";

---------------------

Now if you find all the references to the class AppTracker, then you see that

lots of apps uses it as a parent class. 

I remember when I noticed this suspicious tracking activity about a year ago (they used ec2-instance (Amazon) as a server to collect all the data back then) I just excluded AppTracker like this:

(original line)

public partial class kadinamain : AppTracker

(now we excluded tracker)

public partial class kadinamain : System.Windows.Forms.Form

but now I see there can be some value (for example for debugging) so as a final soluton on "How to disable PlackPlay tracking of TradeLink usage" I'd suggest to edit 2 lines in "tradelink\TradeLinkAppKit\AppTracker.cs" file:

1) remove URL just in case it is used somewhere else

//string _URL = @"http://tradelinkappstore.appspot.com/apptracker"; // <- original value

string _URL = @"http://127.0.0.1/non/existing/app.php";             // <- replaced to non-existing

2) comment the place where they actually POST date to the server

// this is where actual upload of all tracked detail is happaning (wc stands for webClient). 

// Just comment next line to disable tracking:

//wc.UploadValues(TrackUrl, "POST", t.ToQuery()); // <-- this is where actuall tracking (upload) use to happen

enjoy,

--

с ч.гл.ув.,
Дима Ш.

Dmitry's TWS API FAQ

[Dmitry Shevkoplyas]

Rick, I'm forwarding 2 related emails from October 2013 discussion

message 2 of 2:

---------- Forwarded message ----------
From: Dmitry Shevkoplyas <shevk...@gmail.com>
Date: Mon, Oct 14, 2013 at 2:08 AM
Subject: Re: PracPlay is tracking all your clicks in TradeLink
To: tradeli...@googlegroups.com

And also tradelink\TradeLinkAppKit\Version.cs

would make async web request each time you start anything.

It would compare registry key: "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\TradeLinkSuite"

with response from remote server: "http://code.google.com/p/tradelink/"

to disable, comment two lines: calls to "wc.DownloadStringAsync" method (note semicolon before comment)

                    ;// wc.DownloadStringAsync(new Uri(ProgramUrl), new verstate(Program, ProgramUrl, current, pause));

On Mon, Oct 14, 2013 at 12:28 AM, Wilhelm Stroods <wilhelm...@gmail.com> wrote:

Excellent work Dima

--
You received this message because you are subscribed to the Google Groups "TradeLink-Free" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tradelink-fre...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "TradeLink-Free" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tradelink-fre...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--
с ч.гл.ув.,
Дима Ш.

[Rick May]

That's great Dmitry.  Thanks. 

-Rick

For more options, visit https://groups.google.com/d/optout.

[tl lover]

it should be pointed out you have never needed any special instructions to disable anon tracking of tl apps.  for last 3-4 years you can unselect anon usage stats when you install, even if you're installing a really old version like is being pushed here.   

even if you don't, we actually have never been able to look at this data because of complications downloading the size of the database.   the apptracker project has about the same priority as responding to people that fork tradelink, so at some point we'll probably disable it in the main trunk.   however if you want to save pracplay a few bucks you can disable it as described here.  

[tl lover]

really appreciate the phone home reference though, ET the movie rocks.

[tl lover]

hopefully pracplay is home for people even who disable this feature

[Ted Penner]

I'd love to list some of this stuff. Get in touch with me at marketcoding.com