- Portals
- The Current Year
- ED in the News
- Admins
- Help ED Rebuild
- Archive
- ED Bookmarklet
- Donate Bitcoin
Contact an admin on Discord or EDF if you want an account. Also fuck bots.
BeCandid/Code
BeCandid - Speak your mind freely and get data mined
Candid • CEO • Code • Companies • Cabalists • Contracts • CheesePizza • Shoe0nHead • ArmouredSkeptic • Harmful Opinions |
This was done by downloading an official APK, then decompiling it by using Eclipse, Dex2jar and jd-gui all freeware tools so from a legal aspect there are no issues. They didn’t even secure the APK. Although Kochava had encrypted some files as to how they store user information on the database candid is running. This does not impact the results of the finding. Most of decompiling was done by itgoybe so all complaints should be sent to him.
How You Know This Code Is 100% Accurate
Imagine that when the company you said you used disagrees with you.
Candid Is Taking Your Facebook Info
Candid uses this to connect to your Facebook account, which they’ve announced on their site, what they haven’t said is that they’re downloading your user information and uses it to data mine you. Now note it is optional to skip Facebook integration via a very obscure skip button in the top right corner. Some of the information Candid is taking is where you work, what education you have, your age, gender and hometown. These are classic datamining fields used by many many corporations This code snippet was found in the file: sd.java
How They Datamine You On Facebook
In this code, candid is connecting to your Facebook and still gets your first name, middle name, last name, your friends, your work history, your education history and probably which one of your exes you stalk. To top it all off to access the desktop version because let’s be honest you don’t want to use the plebian cellphone when you can use the glorious pc mustard rice. You have to give them your Facebook or phone number to be able to use the web version. This is their trap to get you to give them your info because as Bindu claimed they don’t know how to log out of a session, this can be found out how too with a 30 second google search.
Now while were talking about Facebook this is another really interesting code snippet. What this looks like is that candid is using your Facebook connection to get a list of all your friends and do some sort of matching.
There is a file called facebookinfo.java and this is the first thing they’re doing in that file. They create publics first so they can access this information from anywhere in the app as you see in the picture above they have already done this at least once. After they’ve gotten your precise age they get their Facebook access key out and scrape the Facebook IDs for all of your Facebook friends, all employers you’ve registered with on Facebook, and all the schools you’ve gone too. This is seriously fucked up for an application that claims to be focused on privacy and anonymity.
This code snippet is to show you that they’re actually using the ids to cataloging the info, the code for school IDs and friend IDs are almost the same. What’s happening in this code is get an array or a list from Facebook of all your employers they then type this into a log file with the text FBINFO, Jobs ids: and here comes the best bit “the id of the place where you actually work” or have worked, longer down in the document you will see why this is scary. A scenario this can be used in if you like Bindu Reddy like to justify the holocaust on twitter or declare a person a deity. Candid can link this to your post history then they can go your employer and say “Hey, CIA your employee Hugh Mungus has been saying unpolitically correct things on the internet, plz baus fire him” Here you can see candid doing exactly the same thing as they did with the places you’ve worked but only with your messages instead. Now what’s strange is why would candid need this information. Bindu Laden has claimed they don’t do any datamining, now why the fuck would they even use this information. They’re obviously using it for something.
How Candid Datamines You
Now this block of code is very fucking interesting, if you connected to candid with a Facebook account, this is what you give Candid / Kochava access too. Your feed, your likes, your app invites and your messages. This is Clear data-mining and for an anonymous app this is really fucked up There are Lots of other ways candid is datamining you, they get your first name, last name if you connected it to candid, they get your cellphone number either from Facebook or if you registered it yourself, they get your phone model, your phone OS, all your installed apps. They also use this information via their partners google firebase and Kochava to get your custom google advertising id they then store this and use it for promoting customized ads too you This is a whole lot of fucked up to take in, for an app that claims to be free speech and anonymous they sure as hell collect a lot of data on you.
Here candid and Kochava is getting your location, your very accurate location. This is regardless of if you used Facebook or not.
Now here comes the fun part, Candid is making a list and checking it twice of which apps are naughty and nice:
Now what could Kochava possibly want with our installed apps? They already know our geo location, (cellphone numer & first last name (if you used those services) youre googleadid which it was given freely by candid. Candid literally gives you a tracking id after you’ve completed the signup procedure:
These code snippets were found in the file: “GossipApplication.java”
Candid And Advertisement
This is something that is baffling, for an app that claim they don’t do advertisement they have fucking lots of advertisement code, wherether this is future proofing or copypaste from mylikes can't be confirmed.
Google Play Store Adtracking In this image you can clearly see candid connecting to google and get your personalized Advertising ID I would assume this is already given to them via google play store, which a lot of people use under their personal name, this is handed off to kochava in the mess that is the candid sourcecode, now why they would need this since theyre “ad-free”, we have no idea. |
Previous | Next |
Candid And Their AI Synthetic
A name that was noticed by us when we scoured the source code of candid was the name Synthetic; mentioned 2268 times and it is involved in everything
This seems to be the 3 levels the AI operates on, the Behavior aka level c is the really scary one, you'll see more of that as we delve into the shit that is Candid AI.
These are all the badges you can get, now if you notice something, you can see GossipApplication is called here. No that’s strange why would Kochava need access to the badge factory?
Could it be because Kochava is integrated everywhere in this application? (Yes)
Now were getting onto the Quality scoring system, which is a whole fucking bundled up in itself. The image above says “The more liberal you are” the higher our AI ranks you.
They run the quality score on both your user and what you post, overkill much?
Candid uses their AI synthetic to check your posts against your score this score is affected by any likes and dislikes you have, fall too far below the line I think and you will be auto shadowbanned. This would be really easy to abuse if you could manage to ID the person behind a post. Which in theory is possible by looking at the live sourcecode of the app. This is unconfirmed and untested but seeing as there is so many fucking unique identifiers going about its at least plausible.
Candid Mods
We guess some are created more equal than others, this block of code is everything that is contained within a comment. This proves as the CEO have explained candid do have human moderators. And now were going to talk a little bit about how they operate. Notice some things here there’s the public field on all of these meaning all of these values can be accessed from anywhere in the app, and no doubt they are being used. Notice the fields comment_id, post_id these are two fields that you really don’t want showing for an app that claims to be anonymous and privacy focused. Because once these fields are showed they can be categorized and candid does this vividly. There are ofcourse other things of concern like the field “Like_value” we can assume this is for the AI how much people like your shit posting and spreading of dank memes. What’s really funny is that It’s like they have a hard-on for DE anonymizing users.
This is all the information candid stores on your user profile to date (version 1.5.1) here they check if you have signed up with your facebook or your cellphone numer. now this is information you willingly gave them. Notice how it says need age and need onboarding. Onboarding seems to have replaced what Kochava did for kandid they use this 600 times in their code and it does almost everything Kochava did. They then log the number of facebook friends you have, the number of groups you are a member of and the phone number of your friends who are connected to candid. Again with the quality score, this is how they determine if youre a hater or an allstar which can be translated into two very easy terms to understand: alt-right or Social Justice WARRRRRRIOR!
Candid Is Connected To Google With Firebase
Firebase Analytics reports help you understand clearly how your users behave, which enables you to make informed decisions regarding app marketing and performance optimizations
this shows that Candid is handing off a lot of data to google for analytics, and who knows what else they're handing over?
Here we have proof that theyre syncing with google firebase and from the description above theyre syncing the user interaction and data.
Taking Info From Your Sim Card
Bindu Laden and her ratchet team of curry pickers, have expanded on their datamining operations. Now instead of handing it off to Kochava they decided they will handle all their datamining “in-house” one can only assume.
With this huge update comes a lot of new files. They’ve expanded on their Facebook datamining operation, added new libraries for tracking your location, added a new library that can get your country ID from your sim, now this isn’t bad in itself because candid already knows so much about you. This would be handy when they decide to sell the information, they have stored over to their advertisers.
Storing Data About You
As we’ve gone over Public means this is accessible for anywhere in the app, static means that this is a static value the final keyword means that it’s supposed to be a constant value. Now this is a regex string which stands for regular expression and regex is a great way to search for data you may have stored somewhere. Independent analysis of a third party who knows how to program:
—EOF |
Of course if you're a privacy and anonymity based company this is basically game over for you. It's proven you have intent to store this data. There is no way people should trust you after seeing this, you also have over 2200 references to SQLite in your code now as the 3dparty programmer said is that a text based database is being used. SQLite is a fantastic way to store large amounts of text because it’s easy to operate since it’s just a single file.
To give an explanation of what the fields are:
- post_id: this is the identifier for when you create a post on any of the groups
- user_id: This is your user id this is tied to everything you do with the application
- comment_id: this is the identifier for when you create a comment in any of the posts
- group_id: this is the identifier for the group you made a comment of a post in
- last_activity_id: This gets identified as the last thing you did ie. Like or dislike something
- activity_id: This is the identifier for when you like, dislike, comment or post something
- referral_post_id: This is for the post your comment ID replied too
In this picture above you can see clearly that they’re creating a database and filling it with information from the app. Here it creates and stores all the information you do with the app this is whats called a write operation because they write data to the database
Again you can see public is being called that means anywhere in the app can be accessed from this code and again this block of code can access anything that is public which they do.
Now in this code they’re using something called fingerprint metadata.
The code above clearly shows intent to store data and this block of code shows that they’re actually storing data. Whats happening is that theyre taking different public fields from around the app and combining them here and in other places to store for usage later. For what how knows? But what we do know is that candid is not to be trusted.
Obsolete info
[+]Warning: This is old news
In these two pictures you can see Kochava in action and the BuildConfig and that its being used but as referenced above Kochava has encrypted a lot of the storage processes and its referenced in 149 Documents in the APK. Now what exactly is Kochava?
Now this is fucking scary, Kochava is integrated in everything you do. It's directly connected, for an app that claims to be “free speech” and “anonymous” this is pretty fucking de-anonymizing. Now this will be expanded upon, but Kochava gets all this information from Candid and uses it to sell you ads. They get your first name, (middle), last name, geo location, where you work, how old you are, what education you have, and candid has its own feature of deciding how “politically correct” you are, NIGGER.
These code snippets were found in the file: “Logging.java” & “BuildConfig.Java”
Gallery
BeCandid/Code is part of a series on Visit the Social Media Portal for complete coverage. |