Tweet
OXReportClient Information Request
We are a small company with a paid software maintenance license for the SE version of OX and have had continued software maintenance with varieties of Open-xchange through the years. As those licensed for software maintenance are made aware, support is only guaranteed in the form of software updates unless additional support is purchased for troubleshooting system problems.
I'm particularly concerned with the recent requirement for the installation of a tool that is, in essence, spyware in order for users to continue obtaining software updates even if under a currently valid maintenance agreement. Open-xchange has noted this tool is only for Open-xchange to "improve its own support and maintenance offerings for you". However, I believe the rationale Open-xchange is using is only partially for improved technical support and mainly for tracking paid licensed use.
I do find the need to track number of utilized seat licenses reasonable to ensure Open-xchange remains viable and profitable. And, we all know there are those who'll try to game licensing schemes.
We may disagree but, I do not like to idea of forcing current users into installing a tool that is of minimal use to them especially with the threat of discontinuing software support. And, especially to those who are already under a valid software maintenance contract.
Please allay my fears and provide more detailed information regarding what your tool is transmitting back to Open-xchange.
From the Wiki entry, the following information is transmitted to Open-xchange
1. Version number of the Open-Xchange server package
Makes sense from a paid support/incidence standpoint.
2. Version number of the Open-Xchange admin package
Makes sense from a paid support/incidence standpoint.
3. Total user count.
Also, makes sense from a license standpoint but doesn't the license key already handle that? Or are there users that deploy multiple instances with the same license key?
4. Total context count
As per item 3.
5. Detailed context information: context age, creation date or date of creation, user count, context id
Are these the exact fields transmitted to Open-xchange? Are there any other fields that contain identifiable or personal information?
6. Detailed user information (per context): User access combination flags (which modules have been activated for the users)
What exact fields for "detailed" user information is transmitted? Are user names or any other potential identifying information transmitted? Could you please provide a list of the exact fields being transmitted? I do want to understand any security implications to our organization and to have a detailed understanding of the information that is being sent to Open-xchange. Will the list of transmitted items change in the future and how are users notified?
For example, I assume that the current license key information is transmitted but it is not in the list of the Wiki detailed transmitted items. So, I make the assumption, there are items transmitted that have not been listed in the Wiki or elsewhere.
Also, as a curiosity, is the information transmitted encrypted?
I really do not want to discover proprietary or personal information being leaked by a software tool on our server now or in the future. Please help me feel better about this and point me towards a detailed list. Additional information is appreciated.
Thank you.
Best regards,
Jay.
I'm particularly concerned with the recent requirement for the installation of a tool that is, in essence, spyware in order for users to continue obtaining software updates even if under a currently valid maintenance agreement. Open-xchange has noted this tool is only for Open-xchange to "improve its own support and maintenance offerings for you". However, I believe the rationale Open-xchange is using is only partially for improved technical support and mainly for tracking paid licensed use.
I do find the need to track number of utilized seat licenses reasonable to ensure Open-xchange remains viable and profitable. And, we all know there are those who'll try to game licensing schemes.
We may disagree but, I do not like to idea of forcing current users into installing a tool that is of minimal use to them especially with the threat of discontinuing software support. And, especially to those who are already under a valid software maintenance contract.
Please allay my fears and provide more detailed information regarding what your tool is transmitting back to Open-xchange.
From the Wiki entry, the following information is transmitted to Open-xchange
1. Version number of the Open-Xchange server package
Makes sense from a paid support/incidence standpoint.
2. Version number of the Open-Xchange admin package
Makes sense from a paid support/incidence standpoint.
3. Total user count.
Also, makes sense from a license standpoint but doesn't the license key already handle that? Or are there users that deploy multiple instances with the same license key?
4. Total context count
As per item 3.
5. Detailed context information: context age, creation date or date of creation, user count, context id
Are these the exact fields transmitted to Open-xchange? Are there any other fields that contain identifiable or personal information?
6. Detailed user information (per context): User access combination flags (which modules have been activated for the users)
What exact fields for "detailed" user information is transmitted? Are user names or any other potential identifying information transmitted? Could you please provide a list of the exact fields being transmitted? I do want to understand any security implications to our organization and to have a detailed understanding of the information that is being sent to Open-xchange. Will the list of transmitted items change in the future and how are users notified?
For example, I assume that the current license key information is transmitted but it is not in the list of the Wiki detailed transmitted items. So, I make the assumption, there are items transmitted that have not been listed in the Wiki or elsewhere.
Also, as a curiosity, is the information transmitted encrypted?
I really do not want to discover proprietary or personal information being leaked by a software tool on our server now or in the future. Please help me feel better about this and point me towards a detailed list. Additional information is appreciated.
Thank you.
Best regards,
Jay.
Comment