Registration has been disabled and the moderation extension has been turned off.
Contact an admin on Discord or EDF if you want an account. Also fuck bots.

BeCandid/Code: Difference between revisions

From Encyclopedia Dramatica
Jump to navigation Jump to search
imported>Goybe
imported>Cobaltcat
No edit summary
 
(14 intermediate revisions by 4 users not shown)
Line 1: Line 1:
{{breakingnews|'''Their newest release has removed almost all references to Kochava. Except them to find a new way to data mine you'''}}
{{Subpage|BeCandid}}
{{Subpage|BeCandid}}
This was done by downloading an official [https://apkpure.com/candid/com.becandid.candid APK], then decompiling it by using Eclipse, Dex2jar and jd-gui all freeware tools so from a legal aspect there are no issues. They didn’t even secure the APK. Although Kochava had encrypted some files as to how they store user information on the database candid is running. This does not impact the results of the finding.
{{:BeCandid/nav}}
This was done by downloading an official [https://apkpure.com/candid/com.becandid.candid APK], then decompiling it by using Eclipse, Dex2jar and jd-gui all freeware tools so from a legal aspect there are no issues. They didn’t even secure the APK. Although Kochava had encrypted some files as to how they store user information on the database candid is running. This does not impact the results of the finding. Most of decompiling was done by {{twitter|itgoybe}} so all complaints should be sent to him.  


==How You Know This Code Is 100% Accurate==
==How You Know This Code Is 100% Accurate==
Line 15: Line 15:
Candid uses this to connect to your Facebook account, which they’ve announced on their site, what they haven’t said is that they’re downloading your user information and uses it to data mine you. Now note it is optional to skip Facebook integration via a very obscure skip button in the top right corner. Some of the information Candid is taking is where you work, what education you have, your age, gender and hometown. These are classic datamining fields used by many many corporations This code snippet was found in the file: '''sd.java'''
Candid uses this to connect to your Facebook account, which they’ve announced on their site, what they haven’t said is that they’re downloading your user information and uses it to data mine you. Now note it is optional to skip Facebook integration via a very obscure skip button in the top right corner. Some of the information Candid is taking is where you work, what education you have, your age, gender and hometown. These are classic datamining fields used by many many corporations This code snippet was found in the file: '''sd.java'''


==Candid Is Using A Datamining Service==
===How They Datamine You On Facebook===
[[File:BeCandid Code 2.png|center|600px]]<br />
[[File:BeCandid Code 30.png|center|600px]]<br />
[[File:BeCandid Code 3.png|center|600px]]<br />
In this code, candid is connecting to your Facebook and still gets your first name, middle name, last name, your friends, your work history, your education history and probably which one of your exes you stalk. To top it all off to access the desktop version because let’s be honest you don’t want to use the plebian cellphone when you can use the glorious pc mustard rice. You have to give them your Facebook or phone number to be able to use the web version. This is their trap to get you to give them your info because as Bindu claimed they don’t know how to log out of a session, this can be found out how too with a 30 second google search.
In these two pictures you can see Kochava in action and the BuildConfig and that its being used but as referenced above Kochava has encrypted a lot of the storage processes and its referenced in 149 Documents in the APK. Now what exactly is Kochava?
[[File:BeCandid Code 31.png|center|600px|The CEO of a privacy app, errybody]]
 
Now while were talking about Facebook this is another really interesting code snippet. What this looks like is that candid is using your Facebook connection to get a list of all your friends and do some sort of matching. <br />
{{quote|Kochava is a mobile app marketing tracker with a unique approach, it looks at all device identifiers as equal and as such is able to match the identifiers of different publishers to provide effective analysis and reporting to advertisers. In addition to this, Kochava also automatically engages a device fingerprinting system, using a number of algorithms incorporating carrier and geo-location to match clicks to installs with an accuracy rate of 85%. Offering deep level integration support, Kochava supports server-to-server integration as well as an SDK for Android and iOS. Match reporting for each attribution includes how (device, hash types etc) and Cohort analysis is offered for ROI overlay as well as optimization according to various campaign metrics (clicks, installs, post-install revenue etc).|{{archive|7WGmI|MobyAffliates}}}}
<center>
 
{{Photoframe|Datamining on Facebook|border: 2px solid #000; padding: 5px; background-color: #e9e315;|font-weight: bold;
Now this is fucking scary, Kochava is integrated in everything you do. It's directly connected, for an app that claims to be “free speech” and “anonymous” this is pretty fucking de-anonymizing. Now this will be expanded upon, but Kochava gets all this information from Candid and uses it to sell you ads. They get your first name, (middle), last name, geo location, where you work, how old you are, what education you have, and candid has its own feature of deciding how “politically correct” you are, [[NIGGER]].  
|[[File:BeCandid Code 32.png|File:BeCandid Code 32.png||600px]]{{center|'''Load Friends.'''}}
 
|[[File:BeCandid Code 33.png|File:BeCandid Code 33.png||600px]]{{center|'''FacebookInfo.java'''}}
'''These code snippets were found in the file: “Logging.java” & “BuildConfig.Java”'''
}}
</center>
<br />
There is a file called facebookinfo.java and this is the first thing they’re doing in that file. They create publics first so they can access this information from anywhere in the app as you see in the picture above they have already done this at least once. After they’ve gotten your precise age they get their Facebook access key out and scrape the Facebook IDs for all of your Facebook friends, all employers you’ve registered with on Facebook, and all the schools you’ve gone too. ''This is seriously fucked up for an application that claims to be focused on privacy and anonymity''.
[[File:BeCandid Code 34.png|center|600px]]<br />
[[File:BeCandid Code 35.png|thumb]]
This code snippet is to show you that they’re actually using the ids to cataloging the info, the code for school IDs and friend IDs are almost the same. What’s happening in this code is get an array or a list from Facebook of all your employers they then type this into a log file with the text
'''FBINFO''', '''Jobs ids:''' and here comes the best bit “the id of the place where you actually work” or have worked, longer down in the document you will see why this is scary. A scenario this can be used in if you like Bindu Reddy like to justify the holocaust on twitter or declare a person a deity. Candid can link this to your post history then they can go your employer and say “Hey, CIA your employee [[Hugh Mungus]] has been saying unpolitically correct things on the internet, plz baus fire him”
Here you can see candid doing exactly the same thing as they did with the places you’ve worked but only with your messages instead. Now what’s strange is why would candid need this information. Bindu Laden has claimed they don’t do any datamining, now why the fuck would they even use this information. They’re obviously using it for something.  
{{clear}}


==How Candid Datamines You==
==How Candid Datamines You==
Line 32: Line 41:
There are Lots of other ways candid is datamining you, they get your first name, last name if you connected it to candid, they get your cellphone number either from Facebook or if you registered it yourself, they get your phone model, your phone OS, all your installed apps.
There are Lots of other ways candid is datamining you, they get your first name, last name if you connected it to candid, they get your cellphone number either from Facebook or if you registered it yourself, they get your phone model, your phone OS, all your installed apps.
They also use this information via their partners google firebase and Kochava to get your custom google advertising id they then store this and use it for promoting customized ads too you
They also use this information via their partners google firebase and Kochava to get your custom google advertising id they then store this and use it for promoting customized ads too you
This is a whole lot of fucked up to take in, for an app that claims to be free speech and anonymous they sure as hell collect a lot of data on you.
This is a whole lot of fucked up to take in, for an app that claims to be free speech and anonymous they sure as hell collect a lot of data on you.  


[[File:BeCandid Code 6.png|center|600px]]<br />
[[File:BeCandid Code 6.png|center|600px]]<br />
Line 39: Line 48:


Now here comes the fun part, Candid is making a list and checking it twice of which apps are naughty and nice:
Now here comes the fun part, Candid is making a list and checking it twice of which apps are naughty and nice:
[[File:BeCandid Code 8.png|center|600px]]<br />
<center>
[[File:BeCandid Code 9.png|center|600px]]<br />
{{Photoframe|Datamining|border: 2px solid #000; padding: 5px; background-color: #e9e315;|font-weight: bold;
[[File:BeCandid Code 10.png|center|600px]]<br />
|[[File:BeCandid Code 8.png|File:BeCandid Code 8.png||600px]]{{center|'''Installed Apps'''}}
|[[File:BeCandid Code 9.png|File:BeCandid Code 9.png||600px]]{{center|'''Installed Apps'''}}
|[[File:BeCandid Code 10.png|File:BeCandid Code 10.png||600px]]{{center|'''Installed Apps'''}}
}}
</center>


Now what could Kochava possibly want with our installed apps? They already know our geo location, (cellphone numer & first last name (if you used those services) youre googleadid which it was given freely by candid.
Now what could Kochava possibly want with our installed apps? They already know our geo location, (cellphone numer & first last name (if you used those services) youre googleadid which it was given freely by candid.
Line 51: Line 64:
==Candid And Advertisement==
==Candid And Advertisement==
This is something that is baffling, for an app that claim they don’t do advertisement they have fucking lots of advertisement code, wherether this is future proofing or copypaste from mylikes can't be confirmed.
This is something that is baffling, for an app that claim they don’t do advertisement they have fucking lots of advertisement code, wherether this is future proofing or copypaste from mylikes can't be confirmed.
[[File:BeCandid Code 11.png|center|600px]]
{{center|{{Textframe|ads|border: 2px solid #000; padding: 5px; width: 40%; background-color: #e9e315;|font-weight: bold;
 
|{{center|<big>'''{{colortext|#00bbf9|Google Play Store Adtracking}}'''</big>}}<br />In this image you can clearly see candid connecting to google and get your personalized Advertising ID I would assume this is already given to them via google play store, which a lot of people use under their personal name, this is handed off to kochava in the mess that is the candid sourcecode, now why they would need this since theyre “ad-free”, we have no idea. <br /><br />[[File:BeCandid Code 11.png|center|600px]]
In this image you can clearly see candid connecting to google and get your personalized Advertising ID I would assume this is already given to them via google play store, which a lot of people use under their personal name, this is handed off to kochava in the mess that is the candid sourcecode, now why they would need this since theyre “ad-free”, we have no idea.  
|{{center|<big>'''{{colortext|#00bbf9|Twitterads}}'''</big>}}<br />Here you have clear proof that candid uses kochava for advertising purposes this is further de-anonymizing when they can link you to twitter ads, say for example you want to get fisted up the ass by a robot dildo and then on your personal twitter 24 hours later you suddenly see ads for robots or dildos, this is the scenario this can be used in.<br /><br />[[File:BeCandid Code 12.png|center|600px]]
[[File:BeCandid Code 12.png|center|600px]]
|{{center|<big>'''{{colortext|#00bbf9|Ads folder}}'''</big>}}<br />They even have folders named ads. How much clearer can it possibly get? <br /><br />
 
 
Here you have clear proof that candid uses kochava for advertising purposes this is further de-anonymizing when they can link you to twitter ads, say for example you want to get fisted up the ass by a robot dildo and then on your personal twitter 24 hours later you suddenly see ads for robots or dildos, this is the scenario this can be used in.  
 
[[File:BeCandid Code 13.png|center]]
[[File:BeCandid Code 13.png|center]]
They even have folders named ads. How much clearer can it possibly get?
|{{center|<big>'''{{colortext|#00bbf9|Upsell}}'''</big>}}<br />{{quote|Upselling is a sales technique whereby a seller induces the customer to purchase more expensive items, upgrades or other add-ons in an attempt to make a more profitable sale. While it usually involves marketing more profitable services or products, it can be simply exposing the customer to other options that were perhaps not considered. (A different technique is cross-selling in which a seller tries to sell something else.) In practice, large businesses usually combine upselling and cross-selling to maximize profit. In doing so, an organization must ensure that its relationship with the client is not disrupted.}}<br /><br />[[File:BeCandid Code 15.png|center]]<br />
 
This seems to be the 3 levels of advertising they have
[[File:BeCandid Code 14.png|center|600px]]
 
Another strange thing is that Candid uses the word upsell a lot, this is an advertising term:
{{quote|Upselling is a sales technique whereby a seller induces the customer to purchase more expensive items, upgrades or other add-ons in an attempt to make a more profitable sale. While it usually involves marketing more profitable services or products, it can be simply exposing the customer to other options that were perhaps not considered. (A different technique is cross-selling in which a seller tries to sell something else.) In practice, large businesses usually combine upselling and cross-selling to maximize profit. In doing so, an organization must ensure that its relationship with the client is not disrupted.}}
[[File:BeCandid Code 15.png|center]]
 
Upsell has been used 150 in the becandid source code which for an app that doesn't have advertising is really strange.  
Upsell has been used 150 in the becandid source code which for an app that doesn't have advertising is really strange.  
[[File:BeCandid Code 16.png|center|600px]]
|{{center|<big>'''{{colortext|#00bbf9|Upsell usage}}'''</big>}}<br />[[File:BeCandid Code 16.png|center|600px]]
 
|{{center|<big>'''{{colortext|#00bbf9|Upsell example}}'''</big>}}<br />Here you have a nice big code of an upsell example in Candid. What I think this code does it gets your phonenumber from candid or facebook and firstly archives this it's already been proved above that Candid and Kochava already knows what kind of phone and OS you are running.<br /><br />[[File:BeCandid Code 17.png|center|600px]]
Here you have a nice big code of an upsell example in Candid. What I think this code does it gets your phonenumber from candid or facebook and firstly archives this it's already been proved above that Candid and Kochava already knows what kind of phone and OS you are running.
}}}}
[[File:BeCandid Code 17.png|center|600px]]


==Candid And Their AI Synthetic==
==Candid And Their AI Synthetic==
Line 95: Line 95:


Candid uses their AI synthetic to check your posts against your score this score is affected by any likes and dislikes you have, fall too far below the line I think and you will be auto shadowbanned. This would be really easy to abuse if you could manage to ID the person behind a post. Which in theory is possible by looking at the live sourcecode of the app. This is unconfirmed and untested but seeing as there is so many fucking unique identifiers going about its at least plausible.
Candid uses their AI synthetic to check your posts against your score this score is affected by any likes and dislikes you have, fall too far below the line I think and you will be auto shadowbanned. This would be really easy to abuse if you could manage to ID the person behind a post. Which in theory is possible by looking at the live sourcecode of the app. This is unconfirmed and untested but seeing as there is so many fucking unique identifiers going about its at least plausible.
==Candid Mods==
[[File:BeCandid Code 36.png|center|250px]]
We guess some are created more equal than others, this block of code is everything that is contained within a comment. This proves as the CEO have explained candid do have human moderators. And now were going to talk a little bit about how they operate.
Notice some things here there’s the public field on all of these meaning all of these values can be accessed from anywhere in the app, and no doubt they are being used.
Notice the fields comment_id, post_id these are two fields that you really don’t want showing for an app that claims to be anonymous and privacy focused. Because once these fields are showed they can be categorized and candid does this vividly. There are ofcourse other things of concern like the field “Like_value” we can assume this is for the AI how much people like your shit posting and spreading of dank memes. What’s really funny is that It’s like they have a hard-on for DE anonymizing users.
[[File:BeCandid Code 37.png|center|250px]]
This is all the information candid stores on your user profile to date (version 1.5.1) here they check if you have signed up with your facebook or your cellphone numer. now this is information you willingly gave them.
Notice how it says need age and need onboarding. Onboarding seems to have replaced what Kochava did for kandid they use this 600 times in their code and it does almost everything Kochava did.
They then log the number of facebook friends you have, the number of groups you are a member of and the phone number of your friends who are connected to candid.
Again with the quality score, this is how they determine if youre a hater or an allstar which can be translated into two very easy terms to understand: alt-right or Social Justice WARRRRRRIOR!


==Candid Is Connected To Google With Firebase==
==Candid Is Connected To Google With Firebase==
Line 106: Line 117:


<center><big>If we were you, we would be very fucking careful about using candid, they are shady as fuck.</big></center>
<center><big>If we were you, we would be very fucking careful about using candid, they are shady as fuck.</big></center>
<center><small>For questions about this document contact {{twitter|itgoybe}}</small></center>
 
==Taking Info From Your Sim Card==
Bindu Laden and her ratchet team of curry pickers, have expanded on their datamining operations. Now instead of handing it off to Kochava they decided they will handle all their datamining “in-house” one can only assume.
With this huge update comes a lot of new files. They’ve expanded on their Facebook datamining operation, added new libraries for tracking your location, added a new library that can get your country ID from your sim, now this isn’t bad in itself because candid already knows so much about you. This would be handy when they decide to sell the information, they have stored over to their advertisers.<br />
<center>
{{Photoframe|Sim Card Data|border: 2px solid #000; padding: 5px; background-color: #e9e315;|font-weight: bold;
|[[File:BeCandid Code 27.png|File:BeCandid Code 27.png||500px]]{{center|''''''}}
|[[File:BeCandid Code 28.png|File:BeCandid Code 28.png||500px]]{{center|'''The author of this library’s own words'''}}
|[[File:BeCandid Code 29.png|File:BeCandid Code 29.png||500px]]{{center|'''This code is of course heavily in use with candid.'''}}
}}
</center>
 
==Storing Data About You==
[[File:BeCandid Code 38.png|600px|center]]
As we’ve gone over Public means this is accessible for anywhere in the app, static means that this is a static value the final keyword means that it’s supposed to be a constant value. Now this is a regex string which stands for regular expression and regex is a great way to search for data you may have stored somewhere.
Independent analysis of a third party who knows how to program:
{{quote|This pattern is likely used to search for rows of data in a text based database as a part of routine data access by the application. What is troubling is that a text based database is being used. What is further troubling being that users are linked to their posts, groups, and comments and that their activity is being tracked in relation to said comments. That posts are cross referencing as a singly linked list is understandable for continuity, but that continuity of a post chain in conjunction with the user-post association means that user activity is indeed possible to track by ID and that association networks of users are possible to construct.|EOF}}
Of course if you're a privacy and anonymity based company this is basically game over for you. It's proven you have intent to store this data. There is no way people should trust you after seeing this, you also have over 2200 references to SQLite in your code now as the 3dparty programmer said is that a text based database is being used. SQLite is a fantastic way to store large amounts of text because it’s easy to operate since it’s just a single file.<br />
To give an explanation of what the fields are:
*post_id: this is the identifier for when you create a post on any of the groups
*user_id: This is your user id this is tied to everything you do with the application
*comment_id: this is the identifier for when you create a comment in any of the posts
*group_id: this is the identifier for the group you made a comment of a post in
*last_activity_id: This gets identified as the last thing you did ie. Like or dislike something
*activity_id: This is the identifier for when you like, dislike, comment or post something
*referral_post_id: This is for the post your comment ID replied too<br />
[[File:BeCandid Code 39.png|600px|center]]
In this picture above you can see clearly that they’re creating a database and filling it with information from the app. Here it creates and stores all the information you do with the app this is whats called a write operation because they write data to the database
Again you can see public is being called that means anywhere in the app can be accessed from this code and again this block of code can access anything that is public which they do.
Now in this code they’re using something called fingerprint {{hover|metadata.|a set of data that describes and gives information about other data.}}<br />
The code above clearly shows intent to store data and this block of code shows that they’re actually storing data. Whats happening is that theyre taking different public fields from around the app and combining them here and in other places to store for usage later. For what how knows? But what we do know is that candid is not to be trusted.
 
 
==Obsolete info==
<span class="collapsibletoggle">[<span class="mw-customtoggle-obsolete showhidetext"><span class="collapsibletoggletext hiddentext">-</span><span class="collapsibletoggletext">+</span></span>]</span><big>Warning: This is old news</big>
<div id="mw-customcollapsible-obsolete" class="mw-collapsible mw-collapsed">
 
[[File:BeCandid Code 2.png|center|600px]]<br />
[[File:BeCandid Code 3.png|center|600px]]<br />
In these two pictures you can see Kochava in action and the BuildConfig and that its being used but as referenced above Kochava has encrypted a lot of the storage processes and its referenced in 149 Documents in the APK. Now what exactly is Kochava?
 
{{quote|Kochava is a mobile app marketing tracker with a unique approach, it looks at all device identifiers as equal and as such is able to match the identifiers of different publishers to provide effective analysis and reporting to advertisers. In addition to this, Kochava also automatically engages a device fingerprinting system, using a number of algorithms incorporating carrier and geo-location to match clicks to installs with an accuracy rate of 85%. Offering deep level integration support, Kochava supports server-to-server integration as well as an SDK for Android and iOS. Match reporting for each attribution includes how (device, hash types etc) and Cohort analysis is offered for ROI overlay as well as optimization according to various campaign metrics (clicks, installs, post-install revenue etc).|{{archive|7WGmI|MobyAffliates}}}}
 
Now this is fucking scary, Kochava is integrated in everything you do. It's directly connected, for an app that claims to be “free speech” and “anonymous” this is pretty fucking de-anonymizing. Now this will be expanded upon, but Kochava gets all this information from Candid and uses it to sell you ads. They get your first name, (middle), last name, geo location, where you work, how old you are, what education you have, and candid has its own feature of deciding how “politically correct” you are, [[NIGGER]].
 
'''These code snippets were found in the file: “Logging.java” & “BuildConfig.Java”'''
</div>
 
==Gallery==
{{cg|Code|Code|center|<gallery>
File:BeCandid Code 38.png
File:BeCandid CTO Code Reveal Is Wrong Because Proguard.jpg
File:BeCandid Code 25.png
File:BeCandid Friendlife Payout.jpg
</gallery>|<gallery>
File:BeCandid Likaholix Contest 2.jpg
File:BeCandid Code 39.png
File:BeCandid Code 18.png
File:BeCandid Code 28.png
File:BeCandid Likaholix Contest 4.jpg
File:BeCandid Code 5.jpg
File:BeCandid Code 14.png
File:BeCandid Code 19.png
File:BeCandid Code 16.png
File:BeCandid Code 9.png
File:BeCandid Code 36.png
File:BeCandid Code 11.png
File:BeCandid Code 31.png
File:BeCandid Code 1.png
File:BeCandid Code 23.png
File:BeCandid Code 2.png
File:BeCandid Code 12.png
File:BeCandid Code 32.png
File:BeCandid Code 6.png
File:BeCandid Code 33.png
File:BeCandid Code 26.png
File:BeCandid Code 29.png
File:Becandid Code 10 And A Half.png
File:BeCandid Code 24.png
File:Becandidprojectmanager0.jpg
File:Becandidprojectmanager.jpg
File:BeCandid Code 7.png
File:BeCandid Code 35.png
File:BeCandid Code 37.png
File:BeCandid Code 21.png
File:BeCandid Likaholix Contest 3.jpg
File:BeCandid Code 13.png
File:BeCandid Likaholix Contest 1.jpg
File:BeCandid Code 17.png
File:BeCandid Logo 2.png
File:BeCandid Code 15.png
File:BeCandid Code 10.png
</gallery>
}}
 
{{Social Media}}

Latest revision as of 07:28, 7 March 2023

<BeCandid
BeCandid - Speak your mind freely '

CandidCEOCodeCompaniesCabalistsContractsCheesePizzaShoe0nHeadArmouredSkepticHarmful Opinions

This was done by downloading an official APK, then decompiling it by using Eclipse, Dex2jar and jd-gui all freeware tools so from a legal aspect there are no issues. They didn’t even secure the APK. Although Kochava had encrypted some files as to how they store user information on the database candid is running. This does not impact the results of the finding. Most of decompiling was done by  itgoybe so all complaints should be sent to him.

How You Know This Code Is 100% Accurate


(archive)

(archive)

Imagine that when the company you said you used disagrees with you.

Candid Is Taking Your Facebook Info


Candid uses this to connect to your Facebook account, which they’ve announced on their site, what they haven’t said is that they’re downloading your user information and uses it to data mine you. Now note it is optional to skip Facebook integration via a very obscure skip button in the top right corner. Some of the information Candid is taking is where you work, what education you have, your age, gender and hometown. These are classic datamining fields used by many many corporations This code snippet was found in the file: sd.java

How They Datamine You On Facebook


In this code, candid is connecting to your Facebook and still gets your first name, middle name, last name, your friends, your work history, your education history and probably which one of your exes you stalk. To top it all off to access the desktop version because let’s be honest you don’t want to use the plebian cellphone when you can use the glorious pc mustard rice. You have to give them your Facebook or phone number to be able to use the web version. This is their trap to get you to give them your info because as Bindu claimed they don’t know how to log out of a session, this can be found out how too with a 30 second google search.

The CEO of a privacy app, errybody
The CEO of a privacy app, errybody

Now while were talking about Facebook this is another really interesting code snippet. What this looks like is that candid is using your Facebook connection to get a list of all your friends and do some sort of matching.

Load Friends.
FacebookInfo.java


There is a file called facebookinfo.java and this is the first thing they’re doing in that file. They create publics first so they can access this information from anywhere in the app as you see in the picture above they have already done this at least once. After they’ve gotten your precise age they get their Facebook access key out and scrape the Facebook IDs for all of your Facebook friends, all employers you’ve registered with on Facebook, and all the schools you’ve gone too. This is seriously fucked up for an application that claims to be focused on privacy and anonymity.


This code snippet is to show you that they’re actually using the ids to cataloging the info, the code for school IDs and friend IDs are almost the same. What’s happening in this code is get an array or a list from Facebook of all your employers they then type this into a log file with the text FBINFO, Jobs ids: and here comes the best bit “the id of the place where you actually work” or have worked, longer down in the document you will see why this is scary. A scenario this can be used in if you like Bindu Reddy like to justify the holocaust on twitter or declare a person a deity. Candid can link this to your post history then they can go your employer and say “Hey, CIA your employee Hugh Mungus has been saying unpolitically correct things on the internet, plz baus fire him” Here you can see candid doing exactly the same thing as they did with the places you’ve worked but only with your messages instead. Now what’s strange is why would candid need this information. Bindu Laden has claimed they don’t do any datamining, now why the fuck would they even use this information. They’re obviously using it for something.

How Candid Datamines You


Now this block of code is very fucking interesting, if you connected to candid with a Facebook account, this is what you give Candid / Kochava access too. Your feed, your likes, your app invites and your messages. This is Clear data-mining and for an anonymous app this is really fucked up There are Lots of other ways candid is datamining you, they get your first name, last name if you connected it to candid, they get your cellphone number either from Facebook or if you registered it yourself, they get your phone model, your phone OS, all your installed apps. They also use this information via their partners google firebase and Kochava to get your custom google advertising id they then store this and use it for promoting customized ads too you This is a whole lot of fucked up to take in, for an app that claims to be free speech and anonymous they sure as hell collect a lot of data on you.


Here candid and Kochava is getting your location, your very accurate location. This is regardless of if you used Facebook or not.


Now here comes the fun part, Candid is making a list and checking it twice of which apps are naughty and nice:

Installed Apps
Installed Apps
Installed Apps

Now what could Kochava possibly want with our installed apps? They already know our geo location, (cellphone numer & first last name (if you used those services) youre googleadid which it was given freely by candid. Candid literally gives you a tracking id after you’ve completed the signup procedure:


These code snippets were found in the file: “GossipApplication.java”

Candid And Advertisement

This is something that is baffling, for an app that claim they don’t do advertisement they have fucking lots of advertisement code, wherether this is future proofing or copypaste from mylikes can't be confirmed.

Google Play Store Adtracking

In this image you can clearly see candid connecting to google and get your personalized Advertising ID I would assume this is already given to them via google play store, which a lot of people use under their personal name, this is handed off to kochava in the mess that is the candid sourcecode, now why they would need this since theyre “ad-free”, we have no idea.

Twitterads

Here you have clear proof that candid uses kochava for advertising purposes this is further de-anonymizing when they can link you to twitter ads, say for example you want to get fisted up the ass by a robot dildo and then on your personal twitter 24 hours later you suddenly see ads for robots or dildos, this is the scenario this can be used in.

Ads folder

They even have folders named ads. How much clearer can it possibly get?

Upsell

   
 
Upselling is a sales technique whereby a seller induces the customer to purchase more expensive items, upgrades or other add-ons in an attempt to make a more profitable sale. While it usually involves marketing more profitable services or products, it can be simply exposing the customer to other options that were perhaps not considered. (A different technique is cross-selling in which a seller tries to sell something else.) In practice, large businesses usually combine upselling and cross-selling to maximize profit. In doing so, an organization must ensure that its relationship with the client is not disrupted.
 

 
 




Upsell has been used 150 in the becandid source code which for an app that doesn't have advertising is really strange.

Upsell usage

Upsell example

Here you have a nice big code of an upsell example in Candid. What I think this code does it gets your phonenumber from candid or facebook and firstly archives this it's already been proved above that Candid and Kochava already knows what kind of phone and OS you are running.

Previous  |  Next

Candid And Their AI Synthetic

A name that was noticed by us when we scoured the source code of candid was the name Synthetic; mentioned 2268 times and it is involved in everything

This seems to be the 3 levels the AI operates on, the Behavior aka level c is the really scary one, you'll see more of that as we delve into the shit that is Candid AI.

These are all the badges you can get, now if you notice something, you can see GossipApplication is called here. No that’s strange why would Kochava need access to the badge factory?

Could it be because Kochava is integrated everywhere in this application? (Yes)

Now were getting onto the Quality scoring system, which is a whole fucking bundled up in itself. The image above says “The more liberal you are” the higher our AI ranks you.

They run the quality score on both your user and what you post, overkill much?

Candid uses their AI synthetic to check your posts against your score this score is affected by any likes and dislikes you have, fall too far below the line I think and you will be auto shadowbanned. This would be really easy to abuse if you could manage to ID the person behind a post. Which in theory is possible by looking at the live sourcecode of the app. This is unconfirmed and untested but seeing as there is so many fucking unique identifiers going about its at least plausible.

Candid Mods

We guess some are created more equal than others, this block of code is everything that is contained within a comment. This proves as the CEO have explained candid do have human moderators. And now were going to talk a little bit about how they operate. Notice some things here there’s the public field on all of these meaning all of these values can be accessed from anywhere in the app, and no doubt they are being used. Notice the fields comment_id, post_id these are two fields that you really don’t want showing for an app that claims to be anonymous and privacy focused. Because once these fields are showed they can be categorized and candid does this vividly. There are ofcourse other things of concern like the field “Like_value” we can assume this is for the AI how much people like your shit posting and spreading of dank memes. What’s really funny is that It’s like they have a hard-on for DE anonymizing users.

This is all the information candid stores on your user profile to date (version 1.5.1) here they check if you have signed up with your facebook or your cellphone numer. now this is information you willingly gave them. Notice how it says need age and need onboarding. Onboarding seems to have replaced what Kochava did for kandid they use this 600 times in their code and it does almost everything Kochava did. They then log the number of facebook friends you have, the number of groups you are a member of and the phone number of your friends who are connected to candid. Again with the quality score, this is how they determine if youre a hater or an allstar which can be translated into two very easy terms to understand: alt-right or Social Justice WARRRRRRIOR!

Candid Is Connected To Google With Firebase

Firebase Analytics reports help you understand clearly how your users behave, which enables you to make informed decisions regarding app marketing and performance optimizations



this shows that Candid is handing off a lot of data to google for analytics, and who knows what else they're handing over?

Here we have proof that theyre syncing with google firebase and from the description above theyre syncing the user interaction and data.

If we were you, we would be very fucking careful about using candid, they are shady as fuck.

Taking Info From Your Sim Card

Bindu Laden and her ratchet team of curry pickers, have expanded on their datamining operations. Now instead of handing it off to Kochava they decided they will handle all their datamining “in-house” one can only assume. With this huge update comes a lot of new files. They’ve expanded on their Facebook datamining operation, added new libraries for tracking your location, added a new library that can get your country ID from your sim, now this isn’t bad in itself because candid already knows so much about you. This would be handy when they decide to sell the information, they have stored over to their advertisers.

'
The author of this library’s own words
This code is of course heavily in use with candid.

Storing Data About You

As we’ve gone over Public means this is accessible for anywhere in the app, static means that this is a static value the final keyword means that it’s supposed to be a constant value. Now this is a regex string which stands for regular expression and regex is a great way to search for data you may have stored somewhere. Independent analysis of a third party who knows how to program:

   
 
This pattern is likely used to search for rows of data in a text based database as a part of routine data access by the application. What is troubling is that a text based database is being used. What is further troubling being that users are linked to their posts, groups, and comments and that their activity is being tracked in relation to said comments. That posts are cross referencing as a singly linked list is understandable for continuity, but that continuity of a post chain in conjunction with the user-post association means that user activity is indeed possible to track by ID and that association networks of users are possible to construct.
 

 
 

—EOF

Of course if you're a privacy and anonymity based company this is basically game over for you. It's proven you have intent to store this data. There is no way people should trust you after seeing this, you also have over 2200 references to SQLite in your code now as the 3dparty programmer said is that a text based database is being used. SQLite is a fantastic way to store large amounts of text because it’s easy to operate since it’s just a single file.
To give an explanation of what the fields are:

  • post_id: this is the identifier for when you create a post on any of the groups
  • user_id: This is your user id this is tied to everything you do with the application
  • comment_id: this is the identifier for when you create a comment in any of the posts
  • group_id: this is the identifier for the group you made a comment of a post in
  • last_activity_id: This gets identified as the last thing you did ie. Like or dislike something
  • activity_id: This is the identifier for when you like, dislike, comment or post something
  • referral_post_id: This is for the post your comment ID replied too

In this picture above you can see clearly that they’re creating a database and filling it with information from the app. Here it creates and stores all the information you do with the app this is whats called a write operation because they write data to the database Again you can see public is being called that means anywhere in the app can be accessed from this code and again this block of code can access anything that is public which they do. Now in this code they’re using something called fingerprint metadata.
The code above clearly shows intent to store data and this block of code shows that they’re actually storing data. Whats happening is that theyre taking different public fields from around the app and combining them here and in other places to store for usage later. For what how knows? But what we do know is that candid is not to be trusted.


Obsolete info

[-+]Warning: This is old news



In these two pictures you can see Kochava in action and the BuildConfig and that its being used but as referenced above Kochava has encrypted a lot of the storage processes and its referenced in 149 Documents in the APK. Now what exactly is Kochava?

   
 
Kochava is a mobile app marketing tracker with a unique approach, it looks at all device identifiers as equal and as such is able to match the identifiers of different publishers to provide effective analysis and reporting to advertisers. In addition to this, Kochava also automatically engages a device fingerprinting system, using a number of algorithms incorporating carrier and geo-location to match clicks to installs with an accuracy rate of 85%. Offering deep level integration support, Kochava supports server-to-server integration as well as an SDK for Android and iOS. Match reporting for each attribution includes how (device, hash types etc) and Cohort analysis is offered for ROI overlay as well as optimization according to various campaign metrics (clicks, installs, post-install revenue etc).
 

 
 

MobyAffliates

Now this is fucking scary, Kochava is integrated in everything you do. It's directly connected, for an app that claims to be “free speech” and “anonymous” this is pretty fucking de-anonymizing. Now this will be expanded upon, but Kochava gets all this information from Candid and uses it to sell you ads. They get your first name, (middle), last name, geo location, where you work, how old you are, what education you have, and candid has its own feature of deciding how “politically correct” you are, NIGGER.

These code snippets were found in the file: “Logging.java” & “BuildConfig.Java”

Gallery

[Collapse GalleryExpand Gallery]

BeCandid/Code is part of a series on

Social Media

Visit the Social Media Portal for complete coverage.