EDRLab: Difference between revisions

Line 12:

==Incidents==

===Thorium Reader privacy policy and terms of use===

Despite Thorium's homepage stating that <blockquote>This application is free, with no ads and no private data leaks.</blockquote><ref>{{Cite web |title=Thorium Reader |url=https://www.edrlab.org/software/thorium-reader/ |url-status=live |website=edrlab.org |archive-url=https://web.archive.org/web/20260619033750/https://www.edrlab.org/software/thorium-reader/ |archive-date=19 Jun 2026 |access-date=24 Jun 2026}}</ref>There is data collection, but it is stated that it is "non-personal." The application calling itself private might give some users the wrong impression if they take it to mean "no calling home." The reader sends this "non-personal" data to EDRLab's servers. It is impossible to opt out of "notifications" that are sent to a server every time the application is started. They state that this information <blockquote>is for analytics only and not accessed by any third party. It is used to get information about the evolution of the number of installs of the application per operating system, the evolution of usage sessions and the main locales in use.</blockquote>And<blockquote>Parameters of such notification are:

~~This~~ is a ~~list~~ of ~~all consumer~~-~~protection incidents~~ this ~~company~~ is ~~involved in~~. ~~Any incidents~~ not ~~mentioned here~~ can be ~~found~~ in the ~~[[:Category:{{FULLPAGENAME}}|{{PAGENAME}} category]]~~.

*a timestamp,

~~===Example incident one~~ (~~''date''~~)~~===~~

*the version of Thorium Reader,

~~{{Main|link~~ to the ~~main CR Wiki article}}~~

*the operating system of the device and its version,

~~Short summary~~ of the ~~incident (could~~ be the ~~same as~~ the ~~summary preceding the article)~~.

*the locale of the application at the time it is started,

===~~Example incident two (''~~date~~'')~~===

*if this is the first start of Thorium Reader after a fresh install.

...

The IP address of the device is not stored along with the above information.

It is not possible to opt-out from this notification.</blockquote>Also <blockquote>a notification is sent to an LCP Server each time a protected publication is open. This is required by the LCP specification for checking if the license of use of the publication has been updated. There is not centralized LCP Server, each server is operated by the distributor of the protected publication acquired by the user.

Parameters of such notification are:

*a device identifier, automatically generated at the install of the application.

*a device name, automatically generated at the install of the application.

The codebase of Thorium Reader is open-sourced and can therefore be fully inspected, with the exception of a small software library used as core for the Readium LCP DRM, which does not store or send any data.</blockquote>

The terms of privacy policy can also evidently be changed without users being notified in their actual reading application, but rather: <blockquote>We may change the Privacy Policy from time to time. We will notify you by posting the revised Privacy Policy on this page and the date on which the last changes were made will be noted at the top of the page.</blockquote>

There are several interesting things in the terms of service. First <blockquote>You hereby agree to indemnify and hold harmless the EDRLab Parties from and against any and all claims, actions or proceedings of any nature whatsoever and all damages, judgments, losses, liabilities, costs and expenses, including reasonable attorneys’ fees and expenses (including those incurred to enforce this provision), arising out of your use of the Application, the Content, any actual or alleged breach by you of these Terms of Use, or any violation by you of any applicable law or the rights of any other person or entity.</blockquote>Especially: <blockquote>any actual or alleged breach by you of these Terms of Use</blockquote>

As per this, one is agreeing to "indemnify and hold harmless the EDRLab Parties" even for alleged breaches of the terms of service.

In one of the quotes above, it is mentioned that due to Thorium's open source nature, one can inspect its source code apart from a "small software library used as core for the Readium LCP DRM, which does not store or send any data" Which, one cannot verify that part, since: <blockquote>In addition, you may not rent, sell, modify, decompile, disassemble, reverse engineer or transfer the Application in whole or in part. You may not use any device, software or routine to interfere with or attempt to interfere with the proper functioning of the Application in whole or in part.</blockquote>So it would appear that it is up to individual users to decide if not being able to verify that part is acceptable to them. Finally, there is also this:<blockquote> However, you acknowledge that the EDRLab Parties have the right to monitor the use of the Application, at its sole discretion, and to disclose any information necessary to comply with any law, regulation or government request, in order to be able to operate the Application adequately or in order to protect itself or its users under the “Privacy Policy”</blockquote><ref>{{Cite web |title=Thorium Reader – Terms of Use |date=22 Nov 2022 |url=https://www.edrlab.org/software/thorium-reader/terms-of-use/ |website=edrlab.org |archive-url=https://web.archive.org/web/20260617083801/https://www.edrlab.org/software/thorium-reader/terms-of-use/ |archive-date=17 Jun 2026 |access-date=24 Jun 2026}}</ref><ref>{{Cite web |title=Thorium Reader – Privacy Policy |date=22 Nov 2022 |url=https://www.edrlab.org/software/thorium-reader/privacy-policy/ |website=edrlab.org |archive-url=https://web.archive.org/web/20260617083801/https://www.edrlab.org/software/thorium-reader/privacy-policy/ |archive-date=17 Jun 2026 |access-date=24 Jun 2026}}</ref>

==Products==

@@ Line 12: / Line 12: @@
 ==Incidents==
-{{Ph-C-Inc}}
+===Thorium Reader privacy policy and terms of use===
+Despite Thorium's homepage stating that <blockquote>This application is free, with no ads and no private data leaks.</blockquote><ref>{{Cite web |title=Thorium Reader |url=https://www.edrlab.org/software/thorium-reader/ |url-status=live |website=edrlab.org |archive-url=https://web.archive.org/web/20260619033750/https://www.edrlab.org/software/thorium-reader/ |archive-date=19 Jun 2026 |access-date=24 Jun 2026}}</ref>There is data collection, but it is stated that it is "non-personal." The application calling itself private might give some users the wrong impression if they take it to mean "no calling home." The reader sends this "non-personal" data to EDRLab's servers. It is impossible to opt out of "notifications" that are sent to a server every time the application is started. They state that this information <blockquote>is for analytics only and not accessed by any third party. It is used to get information about the evolution of the number of installs of the application per operating system, the evolution of usage sessions and the main locales in use.</blockquote>And<blockquote>Parameters of such notification are:
-This is a list of all consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:{{FULLPAGENAME}}|{{PAGENAME}} category]].
+*a timestamp,
-===Example incident one (''date'')===
+*the version of Thorium Reader,
-{{Main|link to the main CR Wiki article}}
+*the operating system of the device and its version,
-Short summary of the incident (could be the same as the summary preceding the article).
+*the locale of the application at the time it is started,
-===Example incident two (''date'')===
+*if this is the first start of Thorium Reader after a fresh install.
-...
+The IP address of the device is not stored along with the above information.
+It is not possible to opt-out from this notification.</blockquote>Also <blockquote>a notification is sent to an LCP Server each time a protected publication is open. This is required by the LCP specification for checking if the license of use of the publication has been updated. There is not centralized LCP Server, each server is operated by the distributor of the protected publication acquired by the user.
+Parameters of such notification are:
+*a device identifier, automatically generated at the install of the application.
+*a device name, automatically generated at the install of the application.
+The codebase of Thorium Reader is open-sourced and can therefore be fully inspected, with the exception of a small software library used as core for the Readium LCP DRM, which does not store or send any data.</blockquote>
+The terms of privacy policy can also evidently be changed without users being notified in their actual reading application, but rather: <blockquote>We may change the Privacy Policy from time to time. We will notify you by posting the revised Privacy Policy on this page and the date on which the last changes were made will be noted at the top of the page.</blockquote>
+There are several interesting things in the terms of service. First <blockquote>You hereby agree to indemnify and hold harmless the EDRLab Parties from and against any and all claims, actions or proceedings of any nature whatsoever and all damages, judgments, losses, liabilities, costs and expenses, including reasonable attorneys’ fees and expenses (including those incurred to enforce this provision), arising out of your use of the Application, the Content, any actual or alleged breach by you of these Terms of Use, or any violation by you of any applicable law or the rights of any other person or entity.</blockquote>Especially: <blockquote>any actual or alleged breach by you of these Terms of Use</blockquote>
+As per this, one is agreeing to "indemnify and hold harmless the EDRLab Parties" even for alleged breaches of the terms of service.
+In one of the quotes above, it is mentioned that due to Thorium's open source nature, one can inspect its source code apart from a "small software library used as core for the Readium LCP DRM, which does not store or send any data" Which, one cannot verify that part, since: <blockquote>In addition, you may not rent, sell, modify, decompile, disassemble, reverse engineer or transfer the Application in whole or in part. You may not use any device, software or routine to interfere with or attempt to interfere with the proper functioning of the Application in whole or in part.</blockquote>So it would appear that it is up to individual users to decide if not being able to verify that part is acceptable to them. Finally, there is also this:<blockquote> However, you acknowledge that the EDRLab Parties have the right to monitor the use of the Application, at its sole discretion, and to disclose any information necessary to comply with any law, regulation or government request, in order to be able to operate the Application adequately or in order to protect itself or its users under the “Privacy Policy”</blockquote><ref>{{Cite web |title=Thorium Reader – Terms of Use |date=22 Nov 2022 |url=https://www.edrlab.org/software/thorium-reader/terms-of-use/ |website=edrlab.org |archive-url=https://web.archive.org/web/20260617083801/https://www.edrlab.org/software/thorium-reader/terms-of-use/ |archive-date=17 Jun 2026 |access-date=24 Jun 2026}}</ref><ref>{{Cite web |title=Thorium Reader – Privacy Policy |date=22 Nov 2022 |url=https://www.edrlab.org/software/thorium-reader/privacy-policy/ |website=edrlab.org |archive-url=https://web.archive.org/web/20260617083801/https://www.edrlab.org/software/thorium-reader/privacy-policy/ |archive-date=17 Jun 2026 |access-date=24 Jun 2026}}</ref>
 ==Products==