Daemon Tools is cataloging all your disc images, without permission Within Windows

Feb 2012

56 Comments

Daemon Tools is cataloging all your disc images, without permission

So after launching Daemon Tools Lite today, I noticed a new pane on the right labeled MountSpace. Turns out, it’s a cute little service that shows the top games and applications that folks are mounting and using in Daemon Tools. And to deliver that experience, Daemon Tools hashes every image you mount and sends it to MountSpace servers with or without permission. Combined with your IP address, and probably more, it doesn’t take a genius to realize this is a huge privacy issue.

Thinking I missed something, I went ahead and re-installed Daemon Tools. Sure enough, a MountSpace related dialog appears.

DAEMON Tools mount statistics dialog

Several problems:

The Daemon Tools Lite EULA only mentions the word “privacy” twice, both in irrelevant contexts. In fact, the EULA appears truncated.
Selecting “Don’t allow MountSpace to use my mount statistics” here doesn’t actually turn off MountSpace.
MountSpace doesn’t have a real privacy policy.

While MountSpace could argue that selecting the latter option here would simply flag your data for deletion server-side, there’s no way to validate they’ll actually follow through. So as a workaround, I recommend everyone block 212.117.184.51 and 212.117.185.149 in their firewalls, until the matter is clarified. Windows 8’s native ISO mounting couldn’t come quicker.

You can find already sent/received cached data in %AppData%\DAEMON Tools Lite\ImageInfoCache.

–

Update: A Daemon Tools administrator claims my information is false in their forums. I tried explaining but my post on their forum was delayed, then edited down. I queued up a reply, just waiting to get through the moderation queue again.

Also, popular German magazine CHIP picked up on the post. Of course, they didn’t attribute me at all.

http://www.wpdownunder.com Sheeds

I’m using Pro version 4.36 – sounds like another good reason not to update. Do not believe MountSpace was included in this version. Nice Pickup btw.
http://www.twitter.com/wixostrix WixosTrix

It shows up even without updating the software. I hope this gets some attention.

I am happy to see The Sims love though.
Guest

thankfully older version comes without mountspace and do not have that location, so I assume it’s in latest version, use older one (I download older files on filehippo)
Danny Smith

The correct path is %AppData%DAEMON Tools LiteImageInfoCache

This path won’t exist unless you have the Media Info panel enabled (under Settings -> Media Info) and you click on an image – there is also a button to clear the cache, though this won’t remove what’s been sent already from their servers.

The option during install is for the anonymous stats, but doesn’t turn off the Media Info panel. If you have both options disabled then you don’t need to block mountspace.com as the data is not collected about the image (you can check this by clicking on an image after deleting the folder – if the folder comes back, it means it’s downloaded data from their server) – though it wouldn’t hurt to do so, in case it’s doing other stuff behind the scenes.

http://www.withinwindows.com Rafael R.

Thanks I fixed the path.

The ability to slip and accidentally send your IP and a disc hash is too great to not block MountSpace on your PC.
need4steer

Thanks a lot for this information!.

http://www.theproweb.net ThePro

I always knew Daemon Tools had some kind of spyware in it, I wouldn’t be amazed if it has a keylogger in it. Anyone know any alternative?

http://twitter.com/ashius Luke James

I have never liked Daemon Tools since the change the ‘lite’ version. I have been using Virtual Clone drive it is freeware
http://www.slysoft.com/en/virtual-clonedrive.html

Leo

I switched to VirtualCloneDrive years ago, after I discovered that installing Daemon Tools (at least at the time) silently installed a root certificate authority for some (to me) unknown company.
Anonymous

Why use Daemon Tools which is almost adware? Use UltraISO Premium which is the best for disk image formats and covers A-Z operations for disk images.
http://twitter.com/vassie Ben

I’d remove it and install CloneDrive http://www.slysoft.com/en/virtual-clonedrive.html
X21

Rafael, Sooo you use pirated software/videos, but not NES emulators ;)

http://www.withinwindows.com Rafael R.

Nice try. Was just mounting secret Windows 8 builds :)

need4steer

Thanks a lot for this information!.
Sdgzsfg

Well, its time to look for other options.
Dontwantspam

MagicDisc
James D

It’s amazing the trivial problems Micro$hit users are having to battle. Mac, Linux, and almost every other known modern operating system has been able to do this for about a decade.

Anonymous

Mac OS X is a great operating system. The only problem is, that’s it; greatness ends there. But Linux and especially Kubuntu is orders of magnitude better than Mac OS X.

Anonymous

Sure they are, that’s why Ubuntu, Suse, Fedora market share is huge.
http://www.withinwindows.com Rafael R.

No one gives a shit about Linux as a desktop OS. Sorry, FleetCommand.
Anonymous

You can say that again Rafael R. No need to be sorry about telling the truth. I don’t know about others but I guess both me and you know which operating system has how much market share.

http://www.withinwindows.com Rafael R.

I replaced Micro$hit with Microsoft. Typo I’m assuming.

Anonymous

Well, it is not like there any better option that Daemon Tools out there. I am going to stick with it. I can always block its servers.

Nobody

SlySoft’s Virtual Clone Drive is not only non-invasive, it’s leaps and bounds better than Daemon Tools.

Anonymous

What? That piece of… Wait, I won’t offend the computer program that you like. But simply put: No, thanks. I love Daemon Tools better.
Mafdfsah

In all seriousness, how much did they pay you?
Anonymous

They paid me $1,000,000,000,000,000,000,000,000,000.00. So, what else do you want me to be except a paid Daemon Tools marketing employee? Saddam Hossein? Hitler? Atila? Stalin? Truman? Okay, I confess I am all of them and I still won’t use that piece of junk Virtual Clone Drive.
Anonymous

VCD is junk and is flagged by most copy protection software. It doesn’t work as well as you think it does. At the very least DT isn’t flagged but I have not used/needed my license for a long time so it wasn’t upgraded.

Michael Greenhill

I ditched Daemon Tools years ago after numerous program crashes, failed installs and outright BSODs for Slysoft’s Virtual Clone Drive. Never looked back.

Me

who cares mofo

Bajs

http://wincdemu.sysprogs.org/
Caesar Invicitus

VCD> Daemon
Anonymous

Thank you SO much for this info. I just wrote them very angry email on their “feedback” page (http://www.daemon-tools.cc/eng/contacts).

Uninstalled the Daemon Tools immediately and installed http://www.slysoft.com/en/virtual-clonedrive.html.

We should support companies that don’t do stupid stuff like this.
Harshmage

I have DT Pro, and it doesn’t do that to me. I have no cached data, as you say.
Mxx

As an alternative, Microsoft released their own very basic tool to mount iso images
https://en.wikipedia.org/wiki/Virtual_CD-ROM_Control_Panel
There’s also opensource app called WinCDEmu http://sourceforge.net/projects/wincdemu/

Anonymous

+1 on that. I use that program and it works well. The tool from Microsoft however is depreciated and no longer supported. Not sure if it even works on Windows 7.

Assembler Maniac

Gizmo – other features besides mounting an ISO (burn an ISO, hex editor, mount a VHD)
http://arainia.com/software/gizmo/
Artman

Mmm.. I do not see a problem here..
Go to preferences and you’ll notice 2 different checkboxes. One if for sending statistic and other is for showing this service panel..
Sending stats and using service are different things. you may not send stat, but get information.
Yorik

Found privacy policy at this site http://www.mountspace.com/eng/privacy
Also, there is opened discussion in dt forum http://forum.daemon-tools.cc/f16/discussion-daemon-tools-mountspace-service-29178/
Guest

WHAT.
F*** that s***, this needs to get public, inquiries and responses alike. Let’s see those greedy step in in the light and try weaseling their way out of this.
Vic

>sends it to MountSpace servers with or without permission

Do you have a capture of the content of the TCP/IP packets sent?

http://www.withinwindows.com Rafael R.

Not handy, you can get them easily tho.

NorwegianDude

http://www.slysoft.com/en/virtual-clonedrive.html
Problem solved.
Robert

How many “official” spywares exist built in official applications that we don’t know about? So do I have to trace my network communication all the time?
Robert

How many “official” spywares exist built in official applications that we don’t know about? So do I have to trace my network communication all the time?
FleetCommand

This whole “MountSpace” affair is very fishy. Why the hell would someone catalog and put on display a list of people’s disc images? Why would people see that list? To see a description of what they already have? Why? To buy them? (i.e. to buy exactly what they have already?)

Then, there is the censorship of your post in their forum…

As a rule I do not permit a program to connect to Internet unless it is absolutely necessary.
FleetCommand

CHIP.de isn’t the only one cover your blog post. Softpedia, Neowin and couple of others have done so too. But they did credit you.
Fpsting

Data stored in /appdata isn’t yours, this data is transferred from mount space, so you can see it in Media Window within Daemon tools program (check it out by yourself as i did – there will be no information about your last mounted discs in /appdata if you switch off data collecting. Only data that program get from mount space). And if you have switched off Mount space feature during installation then in /appdata will be only received information (also after turning it off in preferences).

Have you ever used Google search? Did you notice geographical tracking, personally relevant search results and saving information about your web sites surfing? This is not surprise for you? Throw all this information into one basket with your personal information from any social network… I think you understand the point.

TCP/IP protocol itself sending your IP – that how it works, not any special features about it. Even browsers tracking your IP.

They have updated their Privacy Policy from 20 of Feb http://www.mountspace.com/rus/privacy) and there are stated that mount space does not store any information to personally identify you.

I’m still using Daemon tools – it’s fast and reliable. And I believe you are smart enough to understand all latest features and opt out any unwanted one.

Fpsting

sorry for brocken link, use this instead http://www.mountspace.com/eng/privacy
http://www.withinwindows.com Rafael R.

Daemon Tools sends a hash of your ISOs to get that content, which could be used to personally identify you. This isn’t in the privacy policy, which is a shame.

Fpsting

Yes, they are sending hash of your ISOs… but wait, how hash can be used for personal identification? Hash can’t be re encrypted to get any personal details. Hash of ISO disk is just crypted data of 1024 bytes of the very beginning of disc where information about disc file system and folder system is stored. They just need this info to identify and compare discs with same information. For example if you have two discs with names “Star123_asd.iso” and “Game_we_weq_11.iso” but with same content – hash will help you to understand this, because data and so hash on those discs will be the same.
http://www.withinwindows.com Rafael R.

When someone opts into this data collection and sends actual ISO data, the hash could then be resolved (on the server side) to a name. Then with a little more log digging, it can be tied to an IP address. And now I know what ISOs you use.
Fpsting

There are no possibility to resolve hash, unless MD5 hash. You will head over a great trouble with resolving lot of hash with lot of collisions. Hash can tell you whats your ISO looks like if you can compare it to existing ones. There are no way to tell what the names of your ISO, name of folders, name of files e.t.c. using hash code.
http://www.withinwindows.com Rafael R.

I’m afraid you’re not understanding me. If someone opts into Mount Space statistics, their ISO filename is sent along with the hash.

If that hash matches another user’s hash, you can now tie requests for that hash to a filename. Get it?
Fpsting

Yes, sure. But you are talking about private ISOs. Not those ones that another user’s have.

software in action

Yes, I already mentioned that you found that thing.