Post by PaulHINT: Why would you even ask a question like this ?
Hi Paul,
I appreciate that you are reasonable and not a troll, so I will answer your
questions faithfully with care below.
The message literally said "functionality" was less on the non-EU software,
where I only "guessed" that this may have meant "privacy".
But, that's just a "guess", where it's not at all clear that my "guess" is
correct, and, in fact, since the writing literally said "functionality",
I'd be surprised if my "guess" is correct that what they mean by
"functionality", is "privacy".
Post by PaulHave you read their "Privacy" page ?
Hi Paul,
I know you're trying to be helpful, but my first response to that is:
"You've gotta be kidding, right?"
Bear in mind that I'm a logical person, as are you.
Even if we "guess" correctly that "functionality" means "privacy", then
reading their privacy page still doesn't answer the question of what's
different between US and EU versions.
Besides, undersstanding the truth in privacy policies is a bitch, as you
know. (For example, the analysis you request is VASTLY ABBREVIATED below!)
I read the whole thing, and analyzed the whole thing, and it still doesn't
answer the question posed in the subject line.
Snippets below...
* Last Updated Date: May 23, 2018
* We collect the following information about you:
* Basic Subscription Information. If you create an account in connection
with your use of any of the Services (ŽAccount¡ or ŽWPS ID¡), either
through our Sites or when you download and install our Products, weÿll
collect certain information about you, such as your name, email address,
postal address, phone number and credit card information (ŽPII¡).
I didn't give them any of that.
* If you create an Account using your login credentials from one of your
accounts with certain third-party social networking services such as
Google, Facebook or Twitter (each, an ŽSNS Account¡), weÿll be able to
access and collect your name and email address and other PII that your
privacy settings on the SNS Account permit us to access.
I didn't give them any of that either.
* If you create an Account, we may also collect other information that is
not considered PII because it cannot be used by itself to identify you.
They certainly know the IP address that downloaded the software, but it was
on VPN, so, they know the VPN IP address, unless they "collect" the IP
address when the product is in use, in which case it would be whatever IP
address I was using when I was using the product (it's not clear if they
collect IP address when the product is in use).
* Information Collected Using Cookies and Other Web Technologies. Like many
website owners and operators, we use automated data collection tools such
as Cookies and Web Beacons to collect certain information.
I used a Tor Browser on VPN, so, the cookies and web beacons are whatever
Tor allowed them to have.
* We may also use Cookies to monitor aggregate usage and Web traffic
routing on our Services, and to customize and improve our Services.
What on earth is "aggregate usage"?
* Some third-party services providers that we engage (including
third-party advertisers) may also place their own Cookies on your hard
drive on the basis of related arrangement. Please note that this Privacy
Policy covers only our use of Cookies but not use of Cookies by such third
parties.
Hmmmm.... does this product have ads?
* At the same time, our Services may include third-party tracking tools
without limitation to individual cookies, APIs (application programming
interface) and SDKs (software development kit) which belong to part of the
third-party services providers on behalf of Kingsoft to collect and analyze
technical data from you.
I have no idea what that means.
* Your devices or software data, such as your Internet Protocol (ŽIP¡)
address, device identifier, region and language settings, network settings
and status, operating system, device storage, Android ID and HDID, browser
or other software used to connect our Services;
I don't know if any of this stuff is collected during use of the product
since there should be no reason for the web - but it's a bit of a concern
what this Android ID is and what an HDID is.
* Your operation data, such as the aggregate number of time, frequency and
activity of your use of our Services, and when you use contact management
functions or interact with other persons or institutions through our
Services, we may collect data relating to your contacts and your
relationship with such contacts;
I have no idea if that means they're monitoring how many times I start the
software, but it could mean that, plus it could mean they access contacts,
but I'm not going to use it for anything other than word, excel, and
powerpoint file access so I'm not sure how contacts apply.
* The metadata shared by you, such as shooting, uploaded sharing photos or
videos, as well as exact date, time, place, and other data stored when
using our Services.
I don't understand yet why sharing of photos is related to word, powerpoint
and excel though.
* Information Related to Use of the Services. Our servers automatically
record certain data about how a person uses our Services (ŽLog Data¡),
including that of both Account holders and non-Account holders (either, a
ŽUser¡).
Hmmmm..... I'm not an account holder, AFAIK. I certainly didn't register.
I just downloaded and installed and used the product. So it's unclear how
that affects me.
* Log Data may include certain data such as a Userÿs IP address, browser
type, operating system, the web page that a User was visiting before
accessing our Services, the pages or features of our Services to which a
User browsed and the time spent on those pages or features, search terms,
the links on our Services that a User clicked on and other statistics.
I don't see where the browser plays a role except in the original download,
which was done on a Tor browser.
* We use Log Data to administer the Services and we analyze (and may engage
third parties to analyze) Log Data to improve, customize and enhance our
Services by expanding and tailoring features and functionalities of our
Services to our Usersÿ needs and preferences.
But do those logs apply only to browsers, which is a one-time thing, just
to download the software - or do those logs include use logs?
* We may use a personÿs IP address to generate aggregate, non-identifying
data about where our Services are used.
Yeah, but where do they get that IP address from? If it's from the initial
download, then it's a Tor exit node. If it's in use, then it could be the
real IP address. I can't tell from their words where that IP address comes
from.
* In addition, for the aforementioned purposes and providing better access
to and experience of our Services for you, we may allow certain third
parties to collect and use your information.
OK. Pretty much anything they collect, they can have a third party analyze,
but what do they collect while the product is in use? It's not clear.
* Information Sent by Your Mobile Device. We may collect certain data sent
by your mobile device when you use our Services, such as a device
identifier, the number and type of your devices you use to connect to the
Service, user settings, device storage, Android ID, HDID and the operating
system of your devices (e.g., iOS, Android etc.), as well as data relating
to your use of our Services.
But does this information happen when you're simply *using* the free
product? Or only when you use the web to access the product?
* Location Data. When you use our Services, our third party services
providers (such as Google Analytics, Firebase, Facebook Analytics, Umeng,
Flurry etc.) may collect and provide us with your location data by
converting your IP address into a rough geo-location. We may use such
location data to improve and personalize our Services for you.
Hmmmmmm.... again, the question is whether this IP address is obtained
simply by using the free product, or not. It's not clear to me.
* Information Received from Our Partners and Other Third Parties. We also
may link your subscription information with the data information we receive
from our partners or other third parties ( such as Google Analytics,
Firebase, Facebook Analytics, Umeng, Flurry etc.)
Hmmm.... HOW do they link that stuff? Again, if it's via web pages, that's
completely different than via using the software. It's not clear.
* Contact Information for Technical Support. We also may record your email,
telephone and dialogue contents when you contact us for service support by
sending emails or calling...
That's fair.
<tons of stuff deleted about how they *use* the information>
* ŽNon-Personal Data¡ is the data that cannot be used to identify you. We
collect Non-Personal Data to understand how people use our Products and
Services and to help us improve our Services to better satisfy customer
needs. We may, at our own discretion, collect, use, process, transfer or
disclose Non-Personal Data for other purposes as well.
Again, WHEN and HOW do they collect this non-personal data, in that does it
happen when you're merely using the product, or only when you visit a web
page?
* We will keep your information and Non-Personal Data separate and use
each independently. If we do combine Non-Personal Data with your
information, the combined data will be treated as personal data.
That's fair.
* We will protect the privacy of your information through strong security
and encryption and in accordance with this Privacy Policy.
That's good.
* Who We Share Your Information with
It's "whom" (saying who just makes them look stupid in a legal document).
Sort of like in a Nigerian email scam, they purposefully sound stupid.
* We may engage third-party services providers to work with us to
administer and provide the Services. For example, we work with third party
services providers to assist with credit card processing services and
customer management systems. Such third-party services providers will have
access to your PII for the purpose of performing certain services on our
behalf.
OK. Credit cards and maybe even a customer database will be sent to 3rd
parties. That's ok since I won't give them my credit card.
<skipped stuff about when they sell their company to someone else>
* Information Required by Law. We cooperate with government and law
enforcement officials or private parties to enforce and comply with the
law. We may disclose any information about you to government or law
enforcement officials or private parties as we, in our sole discretion,
believe necessary or appropriate: (i) to respond to claims, legal process
(including subpoenas); (ii) to protect our property, rights and safety and
the property, rights and safety of a third party or the public in general;
and (iii) to stop any activity that we consider illegal, unethical or
legally actionable.
OK. Nobody expected otherwise.
* Other Data Shared with Third Parties. We may share aggregated data and
non-personal data with third parties for industry research and analysis,
demographic profiling and other similar purposes.
OK. So we're guinnea pigs too.
* In addition we may share your information with companies in the same
group as us, as well as other third parties with your informed consent.
I'm not sure what that means (what's a "same group")?
* Transnational Data Transfer
It may be necessary for us to transfer your information to any third
party affiliated to us or with whom we have a cooperative relationship, and
such information may be maintained on computers and/or other servers
located outside of your state, province, country or other governmental
jurisdiction in whole or in part where the privacy laws and technology
level may not be as protective as those in your jurisdiction (ŽCross-border
Transmission of Information¡). If you want to know more about such
Cross-border Transmissions of Information, please send your e-mail to
***@wps.com. We will duly handle your response but please note that our
Services may not be available to you if you refuse Cross-border
Transmission of Information.
I'm not sure what the implications are but I assume they mean their servers
cross borders.
* We comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S.
Privacy Shield Framework (ŽFramework¡) regarding the collection, use, and
retention of personal data. When you and Kingsoft have agreed by contract
that your information from the European Economic Area (ŽEEA¡) or
Switzerland will be transferred and processed pursuant to the Privacy
Shield for the relevant services, for conducting these activities on behalf
of EEA or Swiss customers, we will hold and process your information
provided by the EEA or Swiss customer at the direction of the customer with
discretion under the Framework.
WTF? This is confusing.
* We will then be responsible for ensuring that third parties acting as an
agent on our behalf do the same.
That's fair enough if I only understood what "the same" really meant.
* You have rights under data protection law in relation to our use of your
information, including to:
Request access to your information, which you can do using this from
***@wps.com;
I guess it's nice you can request access to your information.
* Update or amend your information if it is inaccurate or incomplete;
Seems fair.
* Object to certain use of your information (which includes direct
marketing, processing based on legitimate interests, and processing for
purposes of scientific or historical research and statistics) on grounds
relating to your particular situation;
I guess you have to know it's being used for that before you can object to
it, and what good does objecting do you if you can't stop it?
* Request the deletion of your information, or restrict its use, in certain
circumstances (for example you can request that we erase your information
where the information is no longer necessary for the purpose for which it
was collected unless certain exceptions apply);
It's good you can request they delete your information.
* Withdraw any consent you have provided in respect of our use of your
information;
This is good that you can un-consent after the fact.
* Request us to return the information you have provided to us, to use for
your own purposes (often called your right to data portability) where the
processing is based on your consent or for the performance of a contract,
and such processing is carried out by automated means; and
Hmmmmm... I wonder what "data" they could "give back" to me?
* Lodge a complaint with the relevant supervisory authority.
Fair enough.
* You can exercise your right to access, update and delete your information
either on your Apps and Products, or you could contact us and we will
assist you to exercise your right
OK. But what information is it that you'd want deleted?
(The most important isn't the web stuff but the use stuff.)
<lots of data stuff deleted>
* When you sync your Devices with our Service, such data will be replicated
on servers maintained in the United States and Japan. This means that if
you store your information in or submit data to our Sites, Apps or
Products, your information will be transmitted, hosted, and accessed in
countries and/or districts outside the European Union district, such as in
the United States, Japan, Singapore and India.
Now why would I ever "sync" to their servers?
* Data privacy laws or regulations in your home country may differ from
those in the places where you are located. We will collect, store, and use
your information in accordance with this Privacy Policy and applicable
laws, wherever it is processed.
This is the one thing we're looking for, which is the difference between EU
and USA, and they just gloss over it.
<lots of stuff about how long they keep the information deleted>
* If we learn that we have collected personal data of a child under 16,
unless we have first obtained verifiable, explicit parental permission for
collecting personal data of such child, we will take steps to delete the
information as soon as we can.
That's interesting that you can't use the product if you're under 16,
<lots more kiddie download stuff deleted>
Well ... um ... that didn't answer the question (and no logical person
would think it would have).
But I've at least confirmed that the privacy policy does NOT distinguish
what "functioanlity" is different between the EU and COMMON versions.
Post by PaulIt doesn't meet the intent of GDPR, in that the
Privacy policy is so many weasel words laid
end to end.
That's a guess, I assume.
I read the privacy policy.
There's nothing in it that tells us the difference between the EU and USA
products.
Post by PaulIf you offer a "free" product, something pays
for it. What would that be exactly ? Your
info perhaps ?
That's a keyword-based guess, but not a bad guess, but still a guess that
doesn't tell us anything about what the difference is between the EU and
COMMON versions are in "functionality".
Post by PaulThe product tries to be a "cloud" product, so
right away that's a bad sign. It means at the
very least "this authorizes us to send communication
packets back to Home Base".
I didn't see any indication of the cloud when I used it to access an Excel
document. And, as you may suspect, I store nothing on the cloud that isn't
taken from me without me knowing it (or, in the case of email, with me
knowing it).
I don't see how use of the product involves the cloud yet.
Post by PaulDo you think the
EU version doesn't use the Cloud ? How would
their business plan work around such a shortcoming ?
It won't.
I can't tell a single thing yet about the difference between the EU and
COMMON versions, as the privacy policy does not distinguish between the
two.
The only thing they have told us is that the FUNCTIONALITY is less on the
EU product.
Post by PaulHow trustworthy would either product be, GDPR
or no GDPR ?
At the moment, I don't know, where all I want is to be able to read/write
office word, doc, and excel files.
Post by PaulUse your brain FFS.
:)
I'll take the FFS lightly - but I will scold you a bit for using FFS. :)
I think you are smart Paul, and you are logical, but you haven't answered
the question posed in the subject line (which is fine because I wouldn't
have asked it if it was easy to answer).
It's clear you don't know the answer and just as clear that I don't know
the answer and just as clear that we're both *guessing* that the answer has
"something" to do with privacy - but we have no proof or any logical reason
to believe that yet.
So saying FFS not only doesn't answer the question - but FFS imp[lies that
the answer is obvious.
Saying FFS doesn't tell me anything other than you think the answer is
obvious. OK. If it's so obvious. show me where you found the answer!
(Again, Paul, I say this with a smile and jovially - as I know you're
generally helpful - but saying FFS implies something that is not there.)
Saying FFS is just a platitude because you "guess" that the evil freeware
distributor is getting something (my data) from me which is their product.
While that is certainly the case, FFS still doesn't answer the question
posed in the subject line.
It just doesn't.
Post by PaulLibreOffice doesn't have an incentive to capture
your information with quite as much glee. Give
that a try.
I agree with you that the "incentive" aspect is critical.
I've already taken your advice (see other post) and downloaded all five of
the most-often recommended free offline office alternatives
1. Freeoffice (no EU vs US version visible)
2. Libreoffice (no EU vs US version visible)
3. Openoffice (EU and US versions of different sizes were both downloaded)
4. Polarisoffice (no EU vs US version visible)
5. WPSoffice (EU and US versions of different sizes were both downloaded)
Which do you think is better when there is an EU and US version?
(I presume the EU version is "better" but that's the whole question, isn't
it?)
Post by PaulHINT: We can shorten this analysis to
"Show Me The Money". How does a provider
like this, pay for the bandwidth ? No, the
answer is not "subscribers", because there
aren't enough suckers to sign up for dozens
of $9 plans a month. Even though there are some
dumbos in the industry who think this will
happen (all the various movie offerings
on the web).
Hi Paul,
I say this bluntly to you, but with respect since you are trying to be
helpful.
Your statement above is just a platitude.
It's a keyword driven response to *any* question about any free product.
It doesn't tell any of us anything we didn't know 10 years ago.
Certainly it doesn't answer the question posed in the subject line.
I want to temper what I just said by the knowledge that you are
purposefully helpful so you're trying to say to stay away from free stuff
if you don't want to be the product - but that wasn't the question.
I realize you're helpful by intimating that some free stuff has less
incentive than other free stuff to want to use you as the product, but that
too doesn't answer the question posed in the subject line.
Post by PaulIf the possibility of abusing you exists, a clever
marketer will have thought of it already. They probably
all subscribe to the same newsletter, which describes
these practices as a "goldmine".
This is true, but it's a platitude at the same time. :)
The question is and always was:
Q: What's the difference in FUNCTIONALITY between the EU & COMMON versions?