[dayglored]

> Okay. Now tell me they shouldn't be running EMET or similar programs that upload crashdump information that might contain personal data, because they can't insure that they will never inadvertently capture personal data. That's the logical conclusion all of this is supposed to lead to, isn't it?

I'm not sure we're on the same page here :-)

I don't care what they read, capture, select, and transmit, as long as they're totally upfront about it. Like making the user agree to a brief, readable disclaimer.

There are good reasons why a software company would want to see what happened in a user's machine. I'm a system admin and programmer, I know how important that is. But given the high likelihood of inadvertently transmitting private data, there should be a clear, agreed-to disclaimer.

Now it's true that others would like to see all such transmissions, whatever their purpose or excuse, prohibited. But that's not what I'm saying. I'm only saying that there ought to be:

1. A statement like mine above, that personal data is collected and transmitted, and ask the user to agree to it, -AND-
2. If the user does NOT agree to it, the data is NOT collected and NOT transmitted.

That's not all that difficult, really, is it?

[dayglored]

Oh, and yes of course, if the user does NOT agree to the transmission of potentially personal data, then they don’t get the benefits of the crashdumps and failure diagnoses. Ya pays yer money and ya takes yer choice.

[tacticalogic]

That's not all that difficult, really, is it?

Not difficult to do, but I think it would make accomplishing the objective of collecting that crash dump data nearly impossible. The people most likely to turn it off are going to be the ones most likely to end up compromised.

It's easy to say that what you do with your computer is your business, and that works as long as it's your computer. If it gets compromised, then it's not your computer any more.