This originally started as a five-minute review of Trillian 3, and ended with something entirely different- forcing me to ask “Is Trillian Spyware?”
After installing Trillian, I was looking through the configuration options in Trillian, and was a bit disturbed to find that Trillian had an option to “submit anonymous usage statistics” enabled by default.
I actually wanted to be fair, so I fired up a packet sniffer, so that I could determine the nature of the usage statistics Trillian was sending. What I discovered was rather troubling:
When Trillian Basic 3 starts, it establishes an encrypted connection with www.ceruleanstudios.com
I still wanted to be fair, since I know so many people _genuinely like_ this software, but I was a bit suspicious. So I turned off Trillians feature to send these stats. Guess what:
*Even when you turn off usage stat reporting, Trillian 3 establishes an encrypted connection with www.ceruleanstudios.com*
If you have trouble believing me, here are the captured packets, for your enjoyment.
* “What is being sent to www.ceruleanstudios.com”:/download/482/sent.txt
* “Data received from www.ceruleanstudios.com”:/download/482/received.txt
The capture was made using “Ethereal 0.10.8 “:http://www.ethereal.com/ and “WinPcap 2.3”:http://winpcap.polito.it/ and is from the session when I had told Trillian not to report usage stats. Before anyone asks: Trillian’s feature to check for new versions was also turned off.
* Why is Trillian establishing this encrypted session?
* Why aren’t Cerulean Studios telling us about this?
* More importantly: *What is Trillian sending that is so secret and important that they can’t send it in plain text over the wire?*