Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Vanilla = Open Source Spyware

edited October 2010 in Vanilla 2.0 - 2.8
I just installed Vanilla and noticed it making outbound connections to, there is nothing in the documentation about this, nothing in the dashboard about it and no request for my permission to do so. That makes it spyware.

If you're going to put open source code out there then be clear about what you're doing, don't try to hide the fact you make outbound connections by not mentioning it in the docs and not having an option to disable it.


  • I responded to your previous topic and would appreciate it if you didn't jump to conclusions like this.
  • Then explain why it isn't documented, there's no option to disable it and the app doesn't work if you are on a private network?
  • Waaaaaah waaaaaaaaaaaaah waaaaaaaah wah. Seriously, cry more. Don't be so paranoid.
  • Lucky me, I get paid to be paranoid. I'm very pissed about this, of course I'm not going to use it, but I am going to make damn sure everyone knows that it's spyware which it is until they document it and add a feature to disable it and explain why the app gets crippled unless it can make outbound connections.
  • I'm sorry you were dissatisfied with Vanilla.
    I hope you find an alternative product that suits you better.
  • MarkMark Vanilla Staff
    If people are seriously bothered by this, we are happy to accept code contributions to optionally switch off this feature.
  • RaizeRaize vancouver ✭✭
    It's not spyware man, far from it
  • @why im sure the contributors of vanilla would give you a full refund for this. So you paid £0.00 + £0.00 license fee per user + £0.00 license fee per server.

    by your definition windows is spyware, as is phpbb and ubuntu and all email applications.
  • It's not spyware man, far from it
    Then explain why would you not document it, not make it visible and not give an option to disable it? This is 2010, security and privacy issues are serious business.

    Before you hang me I would also like to give some positive feedback, I think the interface is very original and well thought out, especially the embedding and there may be an opportunity for significant growth if certain changes are made at the security and privacy 'attitude' level.
  • MarkMark Vanilla Staff
    Here's some info for those who want to disable update checks (from our documentation):
Sign In or Register to comment.