peppeddu

There's no need to inspect the code, just would like to know beforehands if it needs to phone home, and it will even better to give us an option to opt out. I am actually one of those guys that do read the EULAs and any other documents that comes with it, before installing a piece of software. I have a machine dedicated to all the crapware that has access only to the Internet, not the internal network. Paint.NET is installed in my internal network, and my first reaction after seeing the alarm popping up was, WTF? In 2011 "free software" usually means two things: #1 The developers are trying to get a wide enough user base to justify outside investors #2 The application just want to get a hold and sell your data for the privilege of using their software IMO Paint.NET falls into the first category. You're even signing the executable! You want to ping or collect usage statistics without prompting? fine, just let us know so that we can decide accordingly and we don't get surprised when an access alarm pops up. Even Microsoft in their Event Log Online Help prompts the user before sending the OS version number and other data. Personally that's the kind of software I would want to run on my machine. I may not be the only one.

Every respectable software that has no natural business of connecting to the Internet (e.g. a web browser) ask the user first before doing so, or it makes it clear in the EULA. As far as I know, Paint.NET (a paint program) doesn't fall into the above category. I know, it's 2011 and legitimate applications do connect to the Internet, but guess what? it's 2011 and lots of malware do connect to the Internet. What's the difference between the two? One thing for sure, they ask us first. --"Is it OK to send anonymous usage statistics?" Yes/No-- Even those free screensavers programs mention in the EULA that they do connect to the Internet and collect non PII. I hope Paint.NET can do better than that. Also, do you assume that everyone on the planet is on broadband just like you? I wouldn't want Paint.NET to start a dialup connection when I am in my hotel room overseas just because you need a ping back to the server. Yeah I know, I can set firewalls, sniffers, sandboxes, etc, etc. But if I have to do that I wouldn't want that software in the first place. Would you? Ask us first, you may be surprised to see how people are willing to cooperate to make Paint.NET even better.

OK, but why it doesn't say that in the EULA, so that I can decide wether to agree or disagree with the software installation? The setup program tried to grab (according to what you're saying) my OS version number without asking me first. And since what you say in the EULA is not true, how do we know that you're not sending also something else?

Why Paint.NET Setup is trying to access the Internet? What are you sending to 208.112.13.16? In your EULA it doesn't say that it needs to.

What's the logic in deciding the version number of Paint.NET? In the Roadmap, v3.5 comes after v.3.36 but isn't "36" bigger than "5"? It would make much more sense to use 3.50 instead, unless the "0" is implicit thus omitted. But if that's the case, what's the logic behind v3.10? The reason why I am asking is because I file all the old versions of the software I download, and this is first time I came across something like this. Windows put the folder in the wrong place, or, the number system is wrong????

The update checker has always been disabled (it was never enabled). I understand you explanation "those other connections are not Paint.NET" , but from my point of view the situation is: - Paint.NET EULA doesn't say it connects to the 'NET without my approval. - I install Paint.NET - Paint.NET tries to connect to the 'Net without my approval. The EULA needs to be updated to explain this behaviour, or remove the unauthorized 'Net connection functionality from the signed DLL. Otherwise you may get a lot of complains from users like me who actually reads the EULA before installing anything.

If that's the case, I don't understand why other digitally signed software doesn't have this behaviour. The EULA should also include the fact that Paint.NET may indeed try connect to the Internet.

Paint.net v2.5 worked without a problem for quite some time. The other day I've upgraded to Paint.net v2.6, during the installation I've opted out not to go online for anything (just like v2.5) Paint.net v2.5 never tried to connect to the 'net, however I just found out that when I start Paint.net v2.6 it tries 5 times (first PaintDotNet.exe, then WIAPROXY32.EXE) to connect to 202.232.140.20 Why?