AppZapper seems devious to me

Sometimes, you really just need to bite the bullet and admit the truth. Unfortunately, AppZapper isn’t going to do that.

For many years, my practice has been to create a unique e-mail alias for every company with which I e-mail regularly or need an address for a registration. Presently, there are nearly 150 address aliases defined.

The result of this effort is that I get practically no spam to my personal e-mail address, and when I do, it’s a pretty sure guarantee that I know who instigated.

It’s been many months—probably more than a year—since I’ve received any spam at all to any of my e-mail aliases. Yesterday, one came to an alias I had created for AppZapper, a utility that aids in removing preferences, caches, libraries, and more when uninstalling an application. Giving AppZapper the benefit of the doubt, I e-mailed to inform them that I didn’t appreciate my address being sold off for spam lists, but that if that didn’t happen, they may need to investigate a compromise in their database security.

The reply I got was essentially, “We don’t do that,” as in, they claim to not sell off e-mail lists.

Continuing to give them the benefit of the doubt, I responded to say they should investigate the breach since they do not sell e-mail lists, and I provided the complete source code of the e-mail and header.

The next reply from AppZapper was advice to contact my ISP (more correctly, my domain host), suggesting that the compromise is there. BZZZT. Wrong answer.

Seriously, I ask you: Spam arrives to a single e-mail alias among nearly 150 that have gone spam-free for a number of years. If a compromise of access to the database is the reason, where do you think that compromise occurred?

No, AppZapper, if the compromise was with my domain host, it is quite certain I’d be receiving spam to many of my e-mail aliases—not just the one for your product. Because of this dodge, I no longer believe a compromise is the explanation. If it were, you’d be willing to investigate and resolve the breach. By dodging the issue and blindly claiming it’s the fault of my domain host, I’m simply convinced that you do, in fact, avail e-mail lists to spammers.

Consequently, AppZapper will no longer live on my computers and any relevant venue I’m part of will hear about the shenanigans.

Moreover, a trusted friend has further reason to believe AppZapper has limited ethical standards. Apparently, AppZapper chose the Camino web browser as a sample application in its demonstrations for application removal. As a result, many users who don’t quite understand what’s going on are following the example and, expectedly, losing all their web site bookmarks. My friend, who is on the Camino development team, says they have repeatedly asked AppZapper to stop using them as an example, especially since AppZapper never asked permission in the first place. The requests have essentially fallen on deaf ears, and Camino support is getting the fallout of distraught users who’ve lost their bookmarks, caused by activities suggested by AppZapper. My friend’s supposition: “They’re probably assuming that we don’t have the legal resources to put up a fight if it comes to that. ‘Hey, let’s pick on an open-source example.'”

AppZapper is an AppFailure.

7 Responses

  1. Randy says:

    Not sure if it does everything that AppZapper does, but I’ve been using AppTrap with good results. Although I don’t go so far as creating a separate alias for each account but rather one dummy for all so to pinpoint to one defiler would be difficult/impossible.

    • Lee Bennett says:

      The multiple alias practice has worked really well for me. Aids in sorting/filing as well as identifying compromised addresses. It’s nice when I know I can simply filter messages that have XYZ as the e-mail address and know they all pertain to one particular service or product. As for alternatives, I found that I used AppZapper sparingly. It was handy when I used it, but I didn’t use it enough to justify switching to a different product. In fact, I’m skilled enough at finding relevant files to delete on my own. The utility just aided the process to go a little faster.

  2. Brian Ball says:

    Lee,

    Brian here from AppZapper – I’ll have to disagree with you here. If creating aliases for email were the answer to SPAM, do you think it would be a problem?

    You assert that SPAM is caused by people selling email addresses.

    This is ridiculous.

    WIth you solution, Google or any ISP could provide a simple tool that allows people to use disposal email addresses and SPAM wouldn’t be a problem for anybody – we’d all have single use emails that reverted back to a main account – which you think you are so cleverly doing.

    If it works 100% of the time, why don’t you patent it?

    It sounds like an amazingly genius solution.

    Before you go accusing somebody of doing something, that you can’t prove, why don’t you do the research yourself?

    Because you get some piece of spam in an inbox that YOU created with our name on it – you blame it on us?

    Let me know if you sell your alias solution – I’ll be the first in line to buy it.

    Warmly,

    Brian Ball

    • Lee Bennett says:

      You might remember that I conceded that perhaps you indeed do not sell lists of customer e-mail addresses. Yet, you were adamant about the fault likely being with my domain host service rather than agreeing that there’s at least some chance it was your system that the address came from. Logically to me, it simply doesn’t make sense that that the address could have been “found” from any other source. I understand what I claim is information you cannot verify, but I can 100% assure that an e-mail has never been sent out by me with the e-mail address alias in question. My aliases are only used for incoming messages. I entered the alias once, either on your web site or within the application itself, I don’t recall. Nor do I recall whether your system e-mailed registration information back to that alias, but if it did, it would only have been that one time. Given that NO other alias I’ve used for other products have been spammed, and that for myself, I know beyond doubt that a message has never been sent out from my computer using that address, I really have a hard time believing any other scenario. If the breach was indeed my domain host, it’s reasonable to assume more of my aliases than just yours would have been scraped.

  3. Lisa Baldasar says:

    Gee, I downloaded AppZapper, got billed $2,412.95 for one copy, and am now getting lots of spam. Of course, these weasels don’t answer my emails and I can’t find a phone number for them. Extremely untrustworthy, at the very least.

    • Lee Bennett says:

      I can’t speak to the incorrect billing (did you dispute the charge on your credit card?) because my copy was gifted to me from a friend’s app bundle purchase. But I *can* say I’ve not received any additional spam after deleting the alias I made for AppZapper.

  4. Frans says:

    I just opened AppZapper for the first time on ML and got the warning that “AppZapper would like to access your Contact Information”. Sound like this App is indeed dubious…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.