Comment way out of proportion (Score 1) 164
"The whole story": this is not news and was actually publicized a long time ago, before it was actually put into use, however, several overly paranoid, overly dramatic people were only just made aware that it was happening, and all of a sudden it has become:
"my phone system is transmitting my credit card number to a multi-million dollar commercial entity who is only interested in robbing all the people who use its FREE software solution, because this established entity doesnt make any money on their commercial product that is $400-500 per port, which has thousands of installations world wide."
unfortunately they were lax in their notification of statistic gathering and did not place a 10 page EULA on the installer that users never read anyways.
FYI - the system collects hardware stats, such as what brand trunk card you use, which phones, and which server architecture, it does not transmit any actual usage stats, which would still be completely harmless. They then use these stats to get capital from the manufacturers of the hardware that these stats report on, which is used to fund development of this wonderful FREE PBX. This reporting is pretty close to plain site, and can be disabled, just the same as Automatic Updates on a Windows PC.
The concerning part, yes it calls for some code at the fonality data center - again - you can turn it off. If you are that much of a security geek, you should know how to use cron, or stay away from linux servers, chances are you will leave a whole open on something a lot more important then a phone system - would hate to think of how many people have leaked credit cards from shopping carts. the REALLY concerning part - this hole is being talked about on security forums like this.
Really if they dont like that, no one has forced them to use this FREE software, and they have paid no money out to expect anything more (although they should). Fonality now has a full Opt-in disclaimer so that people like this can know that their phone system could be sending vital information about which handset they use before they start.
Signed,
Someone who supports the development of FREE open source software.
"my phone system is transmitting my credit card number to a multi-million dollar commercial entity who is only interested in robbing all the people who use its FREE software solution, because this established entity doesnt make any money on their commercial product that is $400-500 per port, which has thousands of installations world wide."
unfortunately they were lax in their notification of statistic gathering and did not place a 10 page EULA on the installer that users never read anyways.
FYI - the system collects hardware stats, such as what brand trunk card you use, which phones, and which server architecture, it does not transmit any actual usage stats, which would still be completely harmless. They then use these stats to get capital from the manufacturers of the hardware that these stats report on, which is used to fund development of this wonderful FREE PBX. This reporting is pretty close to plain site, and can be disabled, just the same as Automatic Updates on a Windows PC.
The concerning part, yes it calls for some code at the fonality data center - again - you can turn it off. If you are that much of a security geek, you should know how to use cron, or stay away from linux servers, chances are you will leave a whole open on something a lot more important then a phone system - would hate to think of how many people have leaked credit cards from shopping carts. the REALLY concerning part - this hole is being talked about on security forums like this.
Really if they dont like that, no one has forced them to use this FREE software, and they have paid no money out to expect anything more (although they should). Fonality now has a full Opt-in disclaimer so that people like this can know that their phone system could be sending vital information about which handset they use before they start.
Signed,
Someone who supports the development of FREE open source software.
