Privacy > Your Privacy and The OpenCandy Network
The OpenCandy Network is a software recommendation platform. The OpenCandy Network client is the software that developers include in downloads to show recommendations powered by OpenCandy. It is the OpenCandy software that users encounter most often.
Sure, it’s easy for anyone to say that they respect your privacy, but actions speak louder than words. That’s why we’ve created this page: to share in great detail the information that the OpenCandy network client sends back to us, and the reasons we collect this information. We want to give you the knowledge you need to have confidence in OpenCandy.
To read a short summary of this information, check out our Privacy Matters page instead.
Get familiar with The OpenCandy Network
Before you read all of the information on this page, you might want to glance over these other pages so that you understand what OpenCandy does and how it works:
- What We Do
A brief overview of what OpenCandy does from the perspective of developers and advertisers.
- Learn more about the OpenCandy Network SDK
An overview of the OpenCandy network client. It explains how the client works, what an offer powered by OpenCandy looks like, what gets installed and what information we send at a high level.
The OpenCandy network features only trustworthy software
All software that participates in the OpenCandy network is subjected to our rigorous compliance policy, including:
- Any product that shows recommendations powered by OpenCandy;
- Any product that is recommended via OpenCandy
Our compliance policy ensures not only that the product does exactly what it says it’s going to do, but just as importantly that it doesn’t do anything a user wouldn’t want it to do. We don’t allow any badware on our network, including malware, spyware, invasive or simply “shady” products. Our review team works day and night to weed out the bad apples. We aim to grow a network of great software built by great developers and we have rejected many non-compliant applications.
The OpenCandy compliance policy requires all recommendations shown as part of an installation to be presented in a non-deceptive manner where the user can easily opt-out, whether or not they are powered by OpenCandy.
The key points of our compliance policy are published on our website.
The OpenCandy client does not collect personal information
The OpenCandy client doesn’t collect any personal information or any personally identifiable information. All users who connect to the OpenCandy network are anonymous and we don’t use unique identifiers to track users across multiple sessions. When your computer connects to our server it sends your current IP address, as with every other internet connection, but we don’t store it in our database.
Information that is sent to OpenCandy by the client
Our client sends us just enough information to help us make the right recommendations, such as:
- The installer that is running;
- The operating system version;
- The installer and system languages;
- The local time;
- The OpenCandy network client version.
Our client downloads a list of checks to run for each offer that make sure the recommended product is not already installed and that the system meets the advertiser’s requirements, but none of that information is sent back to us.
When an offer is made we also note:
- Which, if any offer, was shown, and if it was accepted or not;
- Whether an offer that was accepted downloaded and installed successfully;
- How long some of the OpenCandy processes took, so that we can improve our network.
Inspecting the information sent to OpenCandy by the client
The OpenCandy network client sends and requests information using the standard HTTP protocol. It doesn’t try to hide what it’s doing, and you can easily monitor all of the data that it sends using commonly available web debugging tools. We provide two such tools on our Kick Apps page, Charles and Wireshark. Charles is the friendlier of the two when working with the client.
Charles looks like this:
Note: Charles monitors web requests by acting as a proxy server. When you run Charles, traffic from your web browser may be redirected through it. Charles is safe to use, but if you leave capture enabled for long periods of time your system may become slow because the captured data fills up your available memory. If you close Charles abnormally your original connection settings may not be automatically restored, causing your applications to lose connectivity. Restarting Charles normally fixes this problem.
Information sent to OpenCandy by the client in detail
We used Charles to capture HTTP requests while running an installer featuring recommendations powered by OpenCandy and accepting the recommendation. In this section we show you all of the information that was sent to OpenCandy along with each request. This section is rather long, so you need to click below to expand it. Remember that you can find Charles on our Kick Apps page if you’d like to try this yourself.
Most client requests have the following pieces of information in common:
| Parameter name | Example value | Meaning and purpose |
| clientv | 29 | The version of the OpenCandy client making the request. Sent so that the server can send a compatible response. |
| v | 1.0 | The minimum API version the client supports. Sent so that the server knows how to understand the client requests. |
| method | get_offers | The type of request being made of the server. |
| product_key | 748ad6d80864338c9c03b664839d8161 | A key that identifies the product installer running the client. The key is not specific to any one user. We use this to select recommendations from a list the developer has approved. |
| session_key | 100e0f11edfb1d27c03d0e25a541b1fb | A key that temporarily identifies the client during a single recommendation event so that the server can correlate all of the requests relating to the recommendation. |
| mstime | 11.825 | The time since the client was started. Used to improve the performance of the OpenCandy network. |
| signature | 5802ecba25b9383417044ec02074616f | A result used by the server to check the request was sent correctly by the client. |
No personal information or personally indefinable information is included.
Step 1 (Typical experience): Fetching recommendations
The client makes a request with method=get_offers, and the server sends back a list of potential recommendations to make. We captured this request:
http://api.opencandy.com?clientv=29&cltzone=-420&language=en,en
&method=get_offers&mstime=0.125&os=WIN6.1SP1-64
&product_key=748ad6d80864338c9c03b664839d8161
&v=1.0&signature=f5bac138e75bdaba4d1353ff30c65f8bb
The following data is specific to the get_offers method:
| Parameter name | Example value | Meaning and purpose |
| cltzone | -420 | The current time zone of the user, because some offers may be more relevant at certain times of day. |
| language | en,en | The languages of the product installer and operating system. Used so that OpenCandy doesn’t show offers the user can’t read. |
| os | WIN6.1SP1 | The operating system version, so that only compatible software is recommended. |
No personal information or personally indefinable information is included.
Step 2 (Typical experience): Fetching translations
The client makes a request with method=get_translations to fetch a list of translations so that messages shown to the user are displayed in a suitable language. We captured this request:
http://api.opencandy.com?clientv=28&language=en&method=get_translations
&product_key=748ad6d80864338c9c03b664839d8161
&session_key=100e0f11edfb1d27c03d0e25a541b1fb&v=1.0&version=0
&signature=41c1d2b9508dcadf16787a4d6b98f894
No personal information or personally indefinable information is included.
Step 3 (Typical experience): Reporting the result of a recommendation
When a recommendation is made, the client makes a request with method=track_offer_result to report which recommendations were made and if the user accepted an offer. We captured this request:
http://api.opencandy.com?accepted_ind=1&clientv=29&max=1
&method=track_offer_result&mstime=8.627
&offer_id=1784&offer_shown_secs=2670&opt_shown_count=0
&product_key=748ad6d80864338c9c03b664839d8161&ready=1
&session_key=100e0f11edfb1d27c03d0e25a541b1fb
&skipped_offer_ids=&v=1.0
&signature=e0bb041c0c3efd6d9e0094bf5e3d3126
The following data is specific to the track_offer_result method:
| Parameter name | Example value | Meaning and purpose |
| offer_id | 1784 | Indicates which offer was shown |
| accepted_ind | 1 | Indicates whether or not the offer was accepted |
| offer_shown_secs | 2670 | How long the offer screen was displayed so we can understand how users interact with OpenCandy recommendations |
| opt_shown_count | 0 | How many times the user was prompted to make a selection, so we can make sure users understand OpenCandy recommendation screens |
| max | 1 | The number of recommendations the client tried to fetch. This is used to improve network performance. |
| ready | 1 | The number of recommendations that were ready to be shown. This is used to improve network performance. |
| skipped_offer_ids | 1241,546 | If the user chose to view more than one offer, a list of offers they declined. Used to improve recommendations. |
No personal information or personally indefinable information is included.
Step 4 (Typical experience): Reporting the progress of an accepted download
When an recommendation is accepted, both the client and download manager may participate in the download of the third-party product. A request is made with either method=track_offer_downloaded or method=track_encapsulated_offer_download to report progress. We captured this request:
http://api.opencandy.com?clientv=29
&method=track_offer_downloaded&mstime=9.594
&offer_downloaded_secs=0.000&offer_id=1784
&package_md5=60bd82cf879755124faf6b8a1ca4eeb2
&product_key=748ad6d80864338c9c03b664839d8161
&session_key=100e0f11edfb1d27c03d0e25a541b1fb
&v=1.0&signature=9c32efddb9f3ee23f10d6fba11e378e8
The following data is specific to the track_offer_downloaded and track_encapsulated_offer_download methods:
| Parameter name | Example value | Meaning and purpose |
| offer_id | 1784 | Identifies the offer the download corresponds to. |
| offer_downloaded_secs | 5.743 | The time taken to download the offer. This is used to improve performance of the OpenCandy network. |
| package_md5 | 60bd82cf879755124faf6b8a1ca4eeb2 | A result used to check that the file was downloaded correctly. |
No personal information or personally indefinable information is included.
Step 5 (Typical experience): Reporting the progress of an accepted installation
When an accepted recommendation is downloaded, both the client and download manager may participate in the installation of the third-party product. A request is made with either A request is made with either method=track_offer_installed or method=track_encapsulated_offer_installed to report progress. We captured this request:
http://api.opencandy.com?clientv=29
&method=track_offer_installed&mstime=10.015&offer_id=1784
&product_key=748ad6d80864338c9c03b664839d8161
&session_key=100e0f11edfb1d27c03d0e25a541b1fb
&v=1.0&signature=3f737f27a646c890a56fadb3bb361953
The following data is specific to the track_offer_installed and track_encapsulated_offer_installed methods:
| Parameter name | Example value | Meaning and purpose |
| offer_id | 1784 | Identifies the offer that is being installed. |
No personal information or personally indefinable information is included.
Step 6 (Typical experience): Reporting success of the original installation
When the developers own installer finishes, the client makes a request with method=track_product_installed. We captured this request:
http://api.opencandy.com?clientv=29
&method=track_product_installed&mstime=11.825
&product_key=748ad6d80864338c9c03b664839d8161
&session_key=100e0f11edfb1d27c03d0e25a541b1fb
&v=1.0&signature=5802ecba25b9383417044ec02074616f
No personal information or personally indefinable information is included.
Summary
The OpenCandy network client sends only the information required to:
- Request appropriate recommendations
- Report the result of any recommendations that are made
- Report whether an offer that was accepted was downloaded and installed successfully
- Improve the experience of recommendations powered by OpenCandy and the performance of the OpenCandy network.
No personal information or personally indefinable information is included in any of the client requests.
What gets installed when OpenCandy runs
The OpenCandy client does not permanently install itself on end user systems. It is extracted temporarily by setup programs so that recommendations powered by OpenCandy can be shown during the installation process, and afterwards it is automatically cleaned up. Sometimes if a file is locked by the system it can’t be removed straight away. In this case the client exits and tries to clean itself up when the system is next restarted. This is standard practice for Windows programs.
If an end user accepts an offer powered by OpenCandy a download manager may run only for as long as is necessary to install the product they accepted, or until the download is cancelled. The OpenCandy client and download manager do not continue to run on their own.
When OpenCandy downloads a recommended product its setup program is stored in a folder named “OpenCandy” under the “Application Data” folder in the users profile directory. This third-party setup file may remain after the installation is complete because it may be required to perform maintenance operations requested by the user via the “Add/Remove Programs” or “Programs and Features” control panels. Examples include “Repair” functions that are offered by certain setup programs, or modifying the selection of installed components.
OpenCandy and “Adware”
The OpenCandy network client is a piece of software that is used to display advertisements. It does not, however, exhibit the negative traits people associate with the term “adware”. We’ve designed a safe, privacy-conscious system that respects end users and is used with confidence by high-quality, well-known developers whose products reach tens of millions every month.
