I've perused the forums here and quickly came to the unfortunate fact that this program is closed-source. May I ask why you guys (the developers) have firmly decided to keep this product closed-source? |
|||
 |
Support usIf you like our tool, please donate 10$ to support further development of this tool. Many thanks! Poll |
|
Ads
Recent comments
|
|
Copyright (c) 2008 - 2009 All rights reserved.
Partners: Free Internet TV |
I think it would be nice if
I think it would be nice if this was open sourced..
It cannot be trusted unless we can see the source
The idea of this program is great, it looks like it is a well developed tool, especially for migrating from a regular Gmail account to a Your Domain Gmail Account.
I would really love to use this tool, but I am afraid I just cannot trust it or its developers. I appreciate that you are developing and releasing this tool as freeware, but there is too much privacy at stake to trust your software. Many users of Gmail will have used their accounts for many financial transactions and private correspondence. We cannot just blindly hand over the keys to our account to you. We have to assume that you may be collecting usernames and passwords for these accounts in a type of phishing scam.
Were we cannot see the source code of your software this is a perfectly reasonable to assume. It has already been discovered after decompiling another program that did the same job, that the developer was indeed sending collected user details to his own account. The program in question is called G-Archiver, read more here http://uneasysilence.com/archive/2008/03/13052/
If you want users to trust you and use your software, and you would like more donations and input into your project, then release the code. What do have to hide.
Ok, it does not have to be
Ok, it does not have to be open source before it can be trusted. Expecting everyone who writes a useful app to release the source code is pretty crazy. Why would I spend countless hours writing a useful app only to have some jerk steal my code?
All you need to do is install it in a sandbox or use some test gmail account with it and monitor the internet traffic to see what its doing. If you see it sending out your account name and password to some 3rd party site, then you know its doing bad things lol...i mean honestly...you can't really hide that kind of thing.
Yes, you CAN hide that kind
Yes, you CAN hide that kind of things.
Simple, imagine the program log in your gmail account, email de user/password to a specific email address, delete de sent mail, and delete the contact from sugguested conctacs.
Then you magic "internet traffic monitor" will not work because the program will only connect to gmail sites.
I have heard good things about this program, but I cannot trust unless I see the code, and use a version compiled by myself from the source.
Hi, we know about the
Hi,
we know about the previous program called G-Archiver and it is a shame!
Yes, we do not have anything to hide; as a result, I would appreciate if anyone could test our program and say "As far as I know it is safe to use." As mentioned in this thread, you can check Internet traffic which this tool generate and spy on our program.
The reason why we do not want to make it public is that we want to eventually sell it. Sooner or later when the tool will be stable and reliable enough. We have families, as others, and we are in need of money :-). We do not have anything against open-sourcing the code but we want to be payed for our work at least a bit .
The true about donations is that they are not enough to cover the time we spend for developing of this tool.
The future price of this tool will be approximately equal to price of a value meal for McDonald's (something between $5-$10). So, I believe that the price will be acceptable (approximately price of one lunch) for anyone who cares about their emails.
Best, Filip
password security
I agree about the availability, or lack thereof, of source code. I think Gmail Backup is a good program but I un-installed it, will not use it in the future, and have changed my Gmail password. The reason? I do not see ANY information in your documentation relating to password privacy and security. My Gmail has a lot of important info in it, and I just cannot risk exposure. If I KNEW that my password was secure using your software, I'd continue using Gmail Backup. Short of this, I'll have to pass.
The Problem
Filip, the problem I forsee with that theory is that unless you're going to be bought out by Google, the money you'll be making won't be that significant in the end. So at the end of the day, you'll likely end up with:
1. An inferior product (nothing against you guys, but surely there's expertise in your userbase that you're not tapping into).
2. A smaller userbase, because people like myself both won't pay for the product and don't really want to use it because it's closed source.
3. *Perhaps* not as much money. Now, this is a very arguable point, since I have not as of yet donated to an open source project, but that has a lot to do with the fact that I'm a college student without much "disposable income." However, if I were going to pay for a piece of software like this or donate to an open source one, there is no contest who I'd support.
4. Finally, the problem you haven't factored in is that if you insist on closed source, *someone* is going to start competing with you, and that someone is going to release their code as open source. That's how it often works. An amazing product like yours comes out, but it's closed source, so some people who would otherwise love your product and know the appropriate programming skills (or want to learn them) go ahead and start their own project. There's already open-source libraries out there to get started. All that needs to be done is to put in some elbow grease and make it more of a usable product. You guys have done a great job here, but there's no reason to believe that someone else isn't going to come along and do at least as good a job and want to give it away for real.
Now don't get me wrong: I understand that some people do software development for a living and need to get paid. As a Computer Science major in college, I'm having trouble reconciling the idea of wanting to work on open source and get paid (the jobs are not nearly as numerous as proprietary development). However, for something relatively small and one-off like this, unless you're planning to be bought out, I don't think the money you'll end up making is really going to be significant enough,*especially* considering the man-hours you're putting into it. If you're really in this for the money, you're probably better off getting a part-time job or selling some old crap on eBay.
Nothing against Google and I
Nothing against Google and I really like their products but I do not want to be bought up by them. It is not definitely my plan. ;-)
I and my friend provide simple tool and we might charge for it in the future a bit. We do not do it now because we recognise that it is far from being perfect now.
Yes, someone else can develop a better solution to the problem. A better program which will be open-sourced and for free. And I would be actually pleased if someone did it. But as long as no one has done it, we have chance. And the true is we do not expect to build another M$ based on this piece of SW.
I have open-sourced lots of my code, you can easily find my home page on Google where are links directing to the code. However, I retain my right to not to do so if I do not want. It is just my decision and I do not feel obligated to do so and no one should be obligated do do so. Still, I am one who like the idea of open-source and I support it.
Cannot trust anyone with my gmail account credentials
Hi there, I just wanted to chime in with Dan and his comments. I stumbled across this site while searching for a gmail backup tool today and I am disappointed that it is not open source.
My Gmail messages contain a well documented portion of my life and I don't let anyone read messages over my shoulder.
I know there are many people out there that blindly trust application developers with such information and I really hope you guys are upstanding citizens who would never even think of capturing private information.
There are a number of tech-minded folks, such as myself, who wouldn't touch this application with a ten-foot pole because of such a huge private issue and the fact is that few of us have the time, or inclination to test your application and watch the traffic it sends/receives. Besides that, who would trust some anonymous person who has tested it and says it's safe?
Best of luck guys but it looks like I'm using Windows Mail for my backup needs.
Open source for Linux/Mac
If you use Linux or Mac, getmail has been able to download Gmail accounts for quite a while. It's open source but command-line based. I've also written a wrapper script for getmail that basically automates the backup process. It's called ImapGrab (also open source), and has some special options to make backing up Gmail easier. It's command-line based, too, but I want to add a simple gui in the future. No idea on how I'd port it to Windows since getmail is only for *nix systems.
http://daylightpirates.org/index.php/Programs/ImapGrab
Open source trust
It's true that I can trust code that isn't open source (it isn't as though I have the source code to gmail). But if I can't trust the source code itself, I need to trust the authors, and in this case, gmail-backup is written by some random guys on the Internet from another country. That's not good enough.
It also isn't realistic to expect users to just fire up wireshark and run the app on a test account. Even if it were realistic, it would prove nothing, as the program could simply idly spawn another task that transmits usernames and passwords at some future date. There are innumerable ways the program could compromise my security without detection in a network sniffing program. The only way to trust this program is to trust its authors or read the code. And since I don't know you, the latter is the only option.
As for someone "ripping off your code" -- come on, what you've done here is far from rocket science.
Until you open source this, I won't be using it. But I might write a nice pygtk front-end to ImapGrab.
I almost used this app - and would have paid for it!
Hey filip.jurcicek,
To be honest, this app is just what I was looking for - and I would have paid $15, without batting an eye, for it - (especially once I tried it and knew it worked).
But right after I downloaded it I thought "SECURITY" - How do I know this is safe?
The thing is I don't know it's safe. I want to believe you, but it's just too risky to go on faith. And the point that guy made about how this software could theoretically use the gmail server to email credentials secretly makes ping tracking useless as a trust builder.
If you want to sell this you definitely need to find a robust way to assure the security of our credentials.
By the way if you do have a solid way to prove this software is secure, email me because I'm ready to buy/donate.
I can assure you that we do not keep logins and passwords
I can assure you that we do not keep logins and passwords; however, I can not prove it. It is similar to Google. You trust Google that it does not do anything evil but who knows ...
You can check our program on your own. You can sandbox it and control all traffic initiated by the program but it is up to you.
If you use binaries of FireFox, how do you know that you can trust it?
How do you know that the binaries were compiled from the source code as you expect - does it include any backdoor?
Did you check its original source code?
How do you know that the original source code is safe?
In my opinion, it is hard to answer ...
Your problem is your presence ...
From your responses you at least seem trustworthy on a personal level. But your problem is your presence - or lack thereof - in the U.S. legal system.
If Google steals my identity, there's a multi-billion dollar U.S. based company I can sue. If Firefox does something bad there's still a multi-million dollar U.S. based company I can get justice from. So both have enough "skin in the game" to make them trust-able.
Your small size, unknown reputation and Czech location makes it unlikely that I could ever get to you, let alone be compensated for damages if your code was not legit.
Again because of that other guys comment on how your code could sneakily email out credential through gmail servers (even from inside a sandbox with only gmail access).
I think you at least need to find a highly reputable U.S. based person or organization to vouch for the legitimacy of your code. Then you'll have the trust of more security conscious Americans.
open source
I really like your program, but as far as my opinion is concerned - it should be open sourced. I've even sent you polish translation files, but unfortunately I won't ever use it. It is not only a matter of trust, but a philosophy. Closed source is bad.
Thank you for the translation files
Thank you for the translation files!
Your decision not to use this program is completely fine with me. It is your choice. We do not force anyone to use this program.
I think that is great that we have that freedom to chose what we want to use, support, ...
Open source is not the answer to this problem
I have to agree with the security concerns mentioned previously, but I don't agree that the solution is to open source the code. First, not very many users would take the time to look at the source code. Second, to make me feel any more comfortable some reputable organization would have to vouch for the code. Third, someone would have to review the code again after each new release. Fourth, the file downloads would have to be hosted by some trusted third party. Fifth, lots of large US-based companies have had security breaches that exposed their customer's sensitive data. Sixth...
The Gmail Backup program is hardly the only potential security hole when using e-mail. Life is filled with risks, the trick to surviving is to manage those risks. In this particular case, I feel much better having a reliable backup than not having a backup, and Gmail Backup seems like the best solution for me so far.
Here are my suggestions to help you sleep at night:
1) Always remember that e-mail is inherently unsecure. You never know who has access to Google's servers, any router your message passes through, the security on the recipient's servers, the recipient's computer, etc. So never e-mail credit card numbers, or anything like that.
2) If you have to mail things that contain trade secrets or other sensitive information encrypt it using PGP or something similar so you know that only the recipient will be able to see it. There are lots of free ways to encrypt the e-mails, or just attachments, and I'm amazed that more people still don't do that.
3) Change your passwords frequently. And don't stick them up on your cubicle wall.
4) Monitor security mailing lists for any mention of Gmail Backup, and any other program you use.
5) Promote Gmail Backup to all your friends and neighbors. The more people we have using it the more likely it will be that security holes are discovered quickly.
6) Send Filip some money. Help make sure that he has more to gain from delivering a reliable, secure product than he stands to gain when he loses the trust of his customers.
http://Rstoeber.com
You are right! ;-)
You are right! ;-)
There are just too many ways how to "steel" emails from GMail.
So I can only recommend to be cautious.
Security Gmail Offline and Gmail Backup
Backup is a critical function for gmail, especially as many people continue to store sensitive info in their gmail despite the risks of doing so.
The security concerns are very real.
I dont think some users will ever get over the potential risk of their gmail user id and password info transmitted by accident or in an unauthorized way.
Unltamately, Google should come out w their own backup solution, but until now this wasnt in thier best interests I suppose since they couldnt serve up offline ads... So that said, what are the opinions aboutGoogle's recently introduced Gmail Offline? How does it differ from Gmail Backup
Thanks
==> You can set a tmp
==> You can set a tmp password just to perform the backup...
My concern would be if some of my emails would be backed up on my hard drive as well as on some other server on internet... Could be done by "forwarding" mails and I can't really track that as it would be gmail communication..
Only a tool from google is
Only a tool from google is acceptable. No other possibilities.
Hi Filip, As with the other
Hi Filip,
As with the other posts; it's asking too much to just pass on one's gmail credentials.
In my estimation you are best trying to dialogue with Google (yes; I know you don't want the product to be bought by them) and see if they can incorporate your code into one of their own offerings.
The irony in all of this is the fact that all of us using gmail are already implicitly 'trusting' Google with our email data (but we can always trust BIG institutions; just like our banks ...).
I'm impressed with how far you've taken this.
Best of luck,
PB.