- Portals
- The Current Year
- ED in the News
- Admins
- Help ED Rebuild
- Archive
- ED Bookmarklet
- Donate Bitcoin
Contact an admin on Discord or EDF if you want an account. Also fuck bots.
BeCandid/Code: Difference between revisions
imported>Cobaltcat Put ads into a textframe |
imported>Cobaltcat No edit summary |
||
Line 28: | Line 28: | ||
Now here comes the fun part, Candid is making a list and checking it twice of which apps are naughty and nice: | Now here comes the fun part, Candid is making a list and checking it twice of which apps are naughty and nice: | ||
[[File:BeCandid Code 8.png| | <center> | ||
[[File:BeCandid Code 9.png| | {{Photoframe|Datamining|border: 2px solid #FE0000; padding: 5px;|font-weight: bold; | ||
[[File:BeCandid Code 10.png| | |[[File:BeCandid Code 8.png|File:BeCandid Code 8.png||600px]]{{center|'''Installed Apps'''}} | ||
|[[File:BeCandid Code 9.png|File:BeCandid Code 9.png||600px]]{{center|'''Installed Apps'''}} | |||
|[[File:BeCandid Code 10.png|File:BeCandid Code 10.png||600px]]{{center|'''Installed Apps'''}} | |||
}} | |||
Now what could Kochava possibly want with our installed apps? They already know our geo location, (cellphone numer & first last name (if you used those services) youre googleadid which it was given freely by candid. | Now what could Kochava possibly want with our installed apps? They already know our geo location, (cellphone numer & first last name (if you used those services) youre googleadid which it was given freely by candid. |
Revision as of 11:52, 14 October 2016
BREAKING NEWS!! Their newest release has removed almost all references to Kochava. Expect them to find a new way to data mine you |
This was done by downloading an official APK, then decompiling it by using Eclipse, Dex2jar and jd-gui all freeware tools so from a legal aspect there are no issues. They didn’t even secure the APK. Although Kochava had encrypted some files as to how they store user information on the database candid is running. This does not impact the results of the finding. Most of decompiling was done by itgoybe so all complaints should be sent to him.
How You Know This Code Is 100% Accurate
Imagine that when the company you said you used disagrees with you.
Candid Is Taking Your Facebook Info
Candid uses this to connect to your Facebook account, which they’ve announced on their site, what they haven’t said is that they’re downloading your user information and uses it to data mine you. Now note it is optional to skip Facebook integration via a very obscure skip button in the top right corner. Some of the information Candid is taking is where you work, what education you have, your age, gender and hometown. These are classic datamining fields used by many many corporations This code snippet was found in the file: sd.java
How Candid Datamines You
Now this block of code is very fucking interesting, if you connected to candid with a Facebook account, this is what you give Candid / Kochava access too. Your feed, your likes, your app invites and your messages. This is Clear data-mining and for an anonymous app this is really fucked up There are Lots of other ways candid is datamining you, they get your first name, last name if you connected it to candid, they get your cellphone number either from Facebook or if you registered it yourself, they get your phone model, your phone OS, all your installed apps. They also use this information via their partners google firebase and Kochava to get your custom google advertising id they then store this and use it for promoting customized ads too you This is a whole lot of fucked up to take in, for an app that claims to be free speech and anonymous they sure as hell collect a lot of data on you.
Here candid and Kochava is getting your location, your very accurate location. This is regardless of if you used Facebook or not.
Now here comes the fun part, Candid is making a list and checking it twice of which apps are naughty and nice:
Now what could Kochava possibly want with our installed apps? They already know our geo location, (cellphone numer & first last name (if you used those services) youre googleadid which it was given freely by candid.
Candid literally gives you a tracking id after you’ve completed the signup procedure:
These code snippets were found in the file: “GossipApplication.java”
Candid And Advertisement
This is something that is baffling, for an app that claim they don’t do advertisement they have fucking lots of advertisement code, wherether this is future proofing or copypaste from mylikes can't be confirmed.
Google Play Store Adtracking In this image you can clearly see candid connecting to google and get your personalized Advertising ID I would assume this is already given to them via google play store, which a lot of people use under their personal name, this is handed off to kochava in the mess that is the candid sourcecode, now why they would need this since theyre “ad-free”, we have no idea. |
Previous | Next |
Candid And Their AI Synthetic
A name that was noticed by us when we scoured the source code of candid was the name Synthetic; mentioned 2268 times and it is involved in everything
This seems to be the 3 levels the AI operates on, the Behavior aka level c is the really scary one, you'll see more of that as we delve into the shit that is Candid AI.
These are all the badges you can get, now if you notice something, you can see GossipApplication is called here. No that’s strange why would Kochava need access to the badge factory?
Could it be because Kochava is integrated everywhere in this application? (Yes)
Now were getting onto the Quality scoring system, which is a whole fucking bundled up in itself. The image above says “The more liberal you are” the higher our AI ranks you.
They run the quality score on both your user and what you post, overkill much?
Candid uses their AI synthetic to check your posts against your score this score is affected by any likes and dislikes you have, fall too far below the line I think and you will be auto shadowbanned. This would be really easy to abuse if you could manage to ID the person behind a post. Which in theory is possible by looking at the live sourcecode of the app. This is unconfirmed and untested but seeing as there is so many fucking unique identifiers going about its at least plausible.
Candid Is Connected To Google With Firebase
Firebase Analytics reports help you understand clearly how your users behave, which enables you to make informed decisions regarding app marketing and performance optimizations
this shows that Candid is handing off a lot of data to google for analytics, and who knows what else they're handing over?
Here we have proof that theyre syncing with google firebase and from the description above theyre syncing the user interaction and data.
Obsolete info
Warning: This is old news
In these two pictures you can see Kochava in action and the BuildConfig and that its being used but as referenced above Kochava has encrypted a lot of the storage processes and its referenced in 149 Documents in the APK. Now what exactly is Kochava?
Now this is fucking scary, Kochava is integrated in everything you do. It's directly connected, for an app that claims to be “free speech” and “anonymous” this is pretty fucking de-anonymizing. Now this will be expanded upon, but Kochava gets all this information from Candid and uses it to sell you ads. They get your first name, (middle), last name, geo location, where you work, how old you are, what education you have, and candid has its own feature of deciding how “politically correct” you are, NIGGER.
These code snippets were found in the file: “Logging.java” & “BuildConfig.Java”