PSA ElvUI Users - "ElvUI has a backdoor and how to remove it"

[rda]

My friends are/were amateurs, which is why they included those back doors, its a pretty common practice among programmers and coders who just do it for fun.

OK, this I believe.

Now I am telling you and your friends: this is dangerous. Very dangerous. And if some user of your code gets hurt in some way (and there are many ways they can get hurt, people are creative), it could get *you* in trouble.

Don't do this, this isn't cool.

[Paula Deen]

OK, this I believe.

Now I am telling you and your friends: this is dangerous. Very dangerous. And if some user of your code gets hurt in some way (and there are many ways they can get hurt), it could get *you* in trouble.

Don't do this, this isn't cool.

Really? Because Banks do it, the NSA does it, Google does it, Microsoft does it. Why is it dangerous. Microsoft has a god damn keylogger, albeit a pretty harmless one, inside there Windows 10 preview. It isn't dangerous if you don't abuse it and you use it correctly, which Elvine did. What is dangerous is screaming the sky is falling every time something happens because guess what? When it does actually fall, you are so fucked.

[rda]

You cant be serious

http://www.forbes.com/sites/gordonke...dows-10-spying

Oh look another backdoor for TESTING purposes.

This isn't at all a backdoor. This is telemetry. Yes, there are issues there, but they are very different.

[Xisa]

I am the author of ElvUI. I use this as a development tool with guildies it lets me execute things such as changing ElvUI options, getting information for debugging, etc... It clearly outputs to chat what is executed. The code has been there for close to two years. In any case I will simply use a standalone addon from this point forward with them to do this.

Version 7.08 has had the code removed.

http://www.tukui.org/git/?a=commitdi...8f11ad122dc11a
http://www.tukui.org/changelog.php?ui=elvui

The reason you did it is incredibly unimportant.

This was an absurd and scummy thing to do. How could you possibly have thought that was a good idea?

[Lime]

I find this nothing more then a personal attack by the reddit poster and elvine. Known and played with this guy for 2 years during my wrath days and he would never even come close to even attempting to do what people are attacking him for. Blowing something minor over the top. If it was there since cata why the problem now I mean come on 2 whole years and not a single complain then some random randomly decided to check the coding? Come on people think. I myself will still use the UI since its one of the better ones in this game and to stop trying to shut down this UI out of spite or following a hate bandwagon.

Yeah, what you just said doesn't mean much. Whether what the redditor claims is true or not, people are going to question it. It's the defense's job to show why this is or is not harmful (and yes, I know other people have already done this). Your post is just coming off as a personal attack to the redditor, which is a bit hypocritical of you.

Here's how people who are worried about this and trying to get information will decipher your post:

Known and played with this guy for 2 years during my wrath days and he would never even come close to even attempting to do what people are attacking him for.

Oh this guys is his friend... Should I really trust this guy? A friend lying to protect another is an extremely common thing.

If it was there since cata why the problem now I mean come on 2 whole years and not a single complain then some random randomly decided to check the coding?

This could easily be seen two ways:

- Maybe it did happen and nobody reported it or figured out how it happened. Maybe he just targeted someone specific. Why would he do it more often and make himself a bigger target? That wouldn't seem smart.

And the other way being that people agree with you, which wouldn't be too unlikely in this example.

It blows my mind that alot of the people defending this can't grasp that the idea that people don't understand code, nor should they be expected to. It's not a 'hate bandwagon'. It's generally people who just don't know the 'truth'. Like I said in a previous post, rather than insult them for not knowing something that isn't going to affect their lives, just explain it to them. An explanation is all that most people are looking for so that they can decide if it's worth using.

[Paula Deen]

The reason you did it is incredibly unimportant.

This was an absurd and scummy thing to do. How could you possibly have thought that was a good idea?

Judging by the fact that he removed it without contest or complaint, I would say he doesn't think it was that great of an idea.

[rda]

Really? Because Banks do it, the NSA does it, Google does it, Microsoft does it. Why is it dangerous. Microsoft has a god damn keylogger, albeit a pretty harmless one, inside there Windows 10 preview. It isn't dangerous if you don't abuse it and you use it correctly, which Elvine did. What is dangerous is screaming the sky is falling every time something happens because guess what? When it does actually fall, you are so fucked.

Banks don't do it (when they do, it's a scandal and they are punished), Google don't do it (same), Microsoft do it in a very limited way which very highly varies by territory (same), NSA do it and that's an issue.

Anything else?

[Nerraw]

That's great to hear. If it's not needed, then removing it would be best for both sides.

The update that removed it was out less than an hour after the post on reddit.

[rda]

Oh i dunno, how about the whole Microsoft and NSA stuff earlier this year? Hell in their windows 10 preview they have an actual keylogger that registers every key press.

But they are obviously amateurs who think its just for the lolz right.

They do register every keypress but they don't send that data verbatim, for one. It's telemetry. If you don't understand how it works and why they do it, I can explain, but perhaps you can Google.

There are some issues with that, yes, but they are different.

The backdoor in the ElvUI is a completely different story, it's way worse.

[Deleted]

1. Not all software in this world is produced by these companies. There are many different companies and many different open source projets. These guys do not make up the majority of codes written.
2. I could believe that the companies you mention could actually put backdoors but "every electronic company ever". Ridiculous.
3. These companies produce very different products which some of the are open source. I very much doubt all of their products have backdoors
4. I was basically addressing the absurd claim of "hurr durr backdoor is everywhere", not claiming it does not exist.

Oh come on this could get really silly. What do you want of me? looking up every program i know of and looking in the code if i can find a potenial backdoor? Those are the ones i know by experience or read enough about.
When i said everywhere i mean there are lots of and people acting like this is huge need to get shaken up.
Hell just using a browser without noscript is a backdoor alone. people running scripts in the background on your PC and installing all kind of stuff when you simply go to a site.
So i herby correct my statement, they are not everywhere but they are pretty common.

[Darsithis]

I'm sorry this ran on so long.

Elv has issued an apology and an update that removes the offending code (as seen earlier in the thread), available on their site (www.tukui.org/dl.php). You're welcome to update to it if you're concerned. At this point there is nothing left to discuss and the NSA has nothing to do with this.

Closing.