Hi, I just stumbled upon an critical article about PortableApps. Its published on one of the most important News-Sites in Germany, so i think you might be interested in it.
Its on the website of popular TV-News "heute".
A rough translation of the main part about portableapps.com (sorry for my bad english):
"[...] (I cut out the praise of PortableApps 
The portable Apps are running from the usb-stick. No private data is left behind on the host-computer, the website says. All data is only saved on the stick. A great thing, especially for holidays [...]
heute.de tested the portable office "PortableApps". We installed various application, like portable Thunderbird and Firefox. Then we launched Thunderbird and created a email-account. Everything worked perfect. We could download the first Test-Email immediately.
The Test-Email had a Link to heute.de in it. We clicked on it, and Firefox was opening: the site heute.de was shown correctly. Nice, it seems, that the portable Firefox is working great. Now we could have used the browser to do some Ebay or Amazon transactions.
Just one "bagatelle" disturbs this "protection of data privacy" - scenario: it wasn't the portable Firefox, that has been started by clicking on the link in the Email, it was the PCs standard Firefox. A little difference with big impact: the whole data produced by browsing from now on is saved on the Host-Computer, and that's what we wanted to avoid by using this portable Software!
There where more unexpected results, when we double clicked grafics-,video- oder document-files. Every time we did that, the software from the host computer opened and that resulted in a trail of data on the host computer. In the best case, annoying, in the worst case, the user doesn't notice and leaves files on the host computer behind.
The ingenuous user thinks himself in safeness with this portable office on his USB-Stick: For example the PortableApps-Suite offers a integrated Virus-Scanner, but that doesn't mean real-time-protection: "You have to scan your files manually" can be read on the portableapps-website. Usually, Anti-Virus-Tools search automatically for viruses in downloads etc.
Last but not least: If the host-computer is infected by a virus, the portable office can get infected, too, for example by a keylogger. That's why the pc-magazine "C't" advise to be careful: "Even if you use your own browser from an usb-stick, an infected host-computer can log your keyboard-input."
Install, connect, and start surfing? No. "Be careful when you connect your USB-device to a unknown system." says the "C't"
[...]"
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on BlueSky
Follow us on Facebook
Follow us on LinkedIn
Follow us on Mastodon
Follow us on Twitter
I don't want to be rude, but what a bunch of idiots.
They are doing everything with FFP and TBP that we've told people not to do.
I'll let the devs get more technical about their stupidity.
It may be an important news site, but they obviously didn't double check here about the proper use of our apps.
Tim
Things have got to get better, they can't get worse, or can they?
I agree, the article isn't appropriate
But one question:
They are doing everything with FFP and TBP that we've told people not to do.
Where? I took a fast look around, but i couldn't find a hint on such possible security issues or warnings about what not to do with FFP & TBP.
Edit: found it. But it wasn't that easy
Also don't forget:
https://portableapps.com/support/firefox_portable#helper_apps
Tim
Things have got to get better, they can't get worse, or can they?
Thanks! Interesting:
Firefox Portable supports the ability to set other portable apps as helper apps to handle additional document types even as you move between PCs. So, you can set Sumatra PDF Portable as your PDF viewer, OpenOffice.org Portable as your DOC opener and VLC Media Player Portable as your AVI handler and it will all work as you move to other PCs.
Isn't this pre-configured in the PortableApps-Suite?
No
Currently apps exist independently of the Suite, the Suite is like a menu.
There is currently no way of knowing if a user does/will want to use a particular helper app or if they even have it.
Currently You tell FFP and TBP what you want it to do with your setup, we don't.
Mozilla probably wouldn't like it anyway
Tim
Things have got to get better, they can't get worse, or can they?
I guess it's really time to get a file associator out the door before people start banging the door.
Insert original signature here with Greasemonkey Script.
Well, there are some options around there... I recommend (and use) CAFE Mod (sonn called EXpresso) and Convey Portable, but I think that the best "Dummy proof" option that we have is to integrate file association into the suite in a future release... what do you think?
If a packet hits a pocket on a socket on a port,
and the bus is interrupted as a very last resort,
and the address of the memory makes your floppy disk abort,
then the socket packet pocket has an error to report
And if one is not using the suite?
The suite is Optional
Tim
Things have got to get better, they can't get worse, or can they?
I use Pstart... then just download CAFE mod or convey by yourself and configure it by yourself...
If a packet hits a pocket on a socket on a port,
and the bus is interrupted as a very last resort,
and the address of the memory makes your floppy disk abort,
then the socket packet pocket has an error to report
I hope PortableApps will include the functionality offered by CAFE Mod/eXpresso into the platform as official way to link the OS' clicking of files and apps to be redirected to Portable versions of applications. (Or making CAFE Mod/eXpresso part of the official platform)
But there are also other drawbacks to some PA apps like the autoupdating of FireFox would mess with a local installed version. I sure hope FF3 would have fixed these issues but it IS a great problem for the 'average user' who installs and thinks he's ready to go without worrying about needing to change settings required for portability as he thinks "I downloaded a portable version, no additional tinkering needed". (Why a post install automatic fix by the platform's menu is not implemented / allowed is a bit unclear though.)
PortableApps.com is a great solution for having portable applications but some minor issues still need to be ironed out. I hope these issues can be added / fixed soon as some limitations are clearly be easy to be solved through a workaround without a huge impact to the platform in total.
I still love PA platform and use it on a daily basis!
In their training journalists learn: "Research can destroy the best story." It's tongue-in-cheek, but the authors Mr. Alfred Krüger and Mr. Volker Heil seem to have taken this for serious.
They did not read the directions about safe portable app-ing at portableapps.com (in English or in German).
They quoted an article (German) of the well reputed German computer magazine c't, but did not quote another important statement of the same article: " With portable applications [...] some things are slightly different. Files in Windows explorer can not be opened, as usual, by double clicking, because this starts either the application on the host system, or the file will not open at all. Therefore one should first start the desired application and with it open the file." *)
Including these facts into their article would have helped their readers, but would have destroyed the story. You may judge what was more important to them ...
.
.
*) The original quote was in German. If the translation should be poor, blame me, not the German computer magazine c't.
They did not read the directions about safe portable app-ing at portableapps.com
Perhaps they did, perhaps not. Krüger is a well know computer-security-expert, writing for Telepolis, too. Of course he knows, that everything he did in the research, he shouldn't. That's not the point! The point is, he is creating a Luser- or Dummy-user-situation. I think that MOST of the users of portableapps are NOT reading the security warning provided on portableapps.com. Of course you can tell, it's the users fault. But thats only half of the truth.
The other half of the truth is: On the frontpage, it says on prominent position: "Pick a PC. Any PC" and "Use them on any Windows computer. All without leaving any personal data behind". From there, you can download the suite in 2 Clicks, without ANY hint to possible security/privacy problems, and without a link to the safe portable app-ing - page.
IF you read on, click through at least 3 Links (if you know where to look, otherwise much more), you could find the security-advises. Most of the users, especially those with the need for these advises, wont do that.
I would suggest (like Ed P), that somewhere in the downloading process, there should be a short but distinct hint, that using portableapps is only safe and only leaves no traces behind, if you pay attention on some precepts. And then a link to the safe portable app-ing - page.
I second that.
"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate
What you are describing is a mistake in the website design, not necessarily a failure "with intention"... I second your proposal, a link or a warning in every page during the download process...
One problem is, the download goes to Sourceforge, so I think that the message can be placed in the front page and in the second one only.
If a packet hits a pocket on a socket on a port,
and the bus is interrupted as a very last resort,
and the address of the memory makes your floppy disk abort,
then the socket packet pocket has an error to report
I think no warning on Sourceforge is no problem, because nearly every dummy-user will download through portableapps.com, not through sourceforge directly.
would work.
Insert original signature here with Greasemonkey Script.
Rather than criticizing the author PortableApps should learn from it and try to improve the apps. Saying that the authors should have read some obscure page telling them how to prevent email links from using the host's browser is similar to telling new posters they should have searched before posting. It's counter productive and doesn't address the problem.
I suspect 80% of the users who download PA apps and suites do not read the referenced page on things to be careful of when using them. Yet they use the apps without the benefits of isolation they think they have.
Rather than having a webpage that users should read how about making it a part of the installs that a user must agree to seeing before the install proceeds? Granted no one reads those things either but it's closer to the point.
The ideal solution is having a link/app built into the menu that automatically determines what apps have been installed and then either automatically links them or advises the user to.
Ed
with your intent, but what I and others seem to have a problem with is that they are using FFP, and then complain when some other program is used and isn't secure/portable. Any time you open a link or app it's supposed to be opening a new program. That's inherent in the process. To blame FFP or TBP for it seems as punitive as it is for new users to not read every little detailed footnote about a program exclusion.
Don't be an uberPr∅. They are stinky.
Although the article has unrealistic expectations, so do many users.
There are many privacy-conscious people who are inexperienced. I am certain that many people see PortableApps as a shortcut, and treat the concept almost like a virtual machine.
I don´t think the article is meant to bash the portableapps suite -> it´s a warning against all that "plug in and play (without any concern about safety)" announcements on the use of usb drives on unknown computers - of course, they took PAM, because it´s free -> a lot people use it and I´d say a minimum of some five percent of them have read all the comments on safe apping or at least beyond the download button: remember all the rants on telling the same stories or links another thousand times.
And, of course - the authors are no dummies -, they found a major problem for the naive user -> an "automatic" or switchable file association manager or at least a warning on the accidentual call or use of host PC programms is missing. -> one more on the wish list for PAM 1.5
"Lorem ipsum dolor sit amet, consectetur adipisici elit, sed eiusmod tempor incidunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis .." Friday Next -
"May The Schwartz be with You!" Yogurt the Yoda