Pulse Question

[DaveLembke]

So I decided to try out this Pulse program, but had a few questions.

1.) When part of a pulse team, does your stats stand out as far as the frequency in which keys are used... such as could someone look and see that you used say a special character very infrequently and so this special character could be part of a password for access to some sort of account etc?

2.) If I wanted to collect these stats only for myself, but not for the world to see, is there an offline mode in which i can look at my collected keystroke stats, but of which it never uploads this info to the web where others can try to figure out information based on frequency of specific keystrokes etc?

3.) On a Pulse Team, does it pool together the total qty of keystrokes for each individual key of the 104 keys or just total keys pressed such as 109,943 keystrokes today from the team in which its just a single count statistic?

I was kind of hesitant to  trying out this program because god forbid someone ever had an exploit with it that made it act like a keyboard broadcast, then everything typed would be out for someone to view and piece together in which my biggest concerns are not the content typed which would bore most people  , but rather the user names and passwords to important sites etc.

[Mulreay]

So I decided to try out this Pulse program, but had a few questions.

1.) When part of a pulse team, does your stats stand out as far as the frequency in which keys are used... such as could someone look and see that you used say a special character very infrequently and so this special character could be part of a password for access to some sort of account etc?

2.) If I wanted to collect these stats only for myself, but not for the world to see, is there an offline mode in which i can look at my collected keystroke stats, but of which it never uploads this info to the web where others can try to figure out information based on frequency of specific keystrokes etc?

3.) On a Pulse Team, does it pool together the total qty of keystrokes for each individual key of the 104 keys or just total keys pressed such as 109,943 keystrokes today from the team in which its just a single count statistic?

I was kind of hesitant to  trying out this program because god forbid someone ever had an exploit with it that made it act like a keyboard broadcast, then everything typed would be out for someone to view and piece together in which my biggest concerns are not the content typed which would bore most people  , but rather the user names and passwords to important sites etc.

1: No, it counts key presses not specific keys. Although there is a way for only you to see which keys you press most but not in any specific order.

2: It will always upload to the web as it's a cloud based system. You can choose to 'not pulse' but if you ever get a fault with your software you will lose EVERYTHING if you have not pulsed to the cloud. You don't have to join a team and that means only you will enjoy your information. Again it counts key strokes but does not record the order or specific chains of key presses.

3: It's an aggregate score as in the total we have all done since we started. It's added together with everyone else in your team. again you don't have to be in a team you can just have it for your own personal interest.

I've been using this for quite a few years and had no problems. Plus do you think that computerhope would have a team set up with a program that would compromise it's users data? Chill your boots bud this software is harmless and just a bit of fun. 

[BC_Programmer]

1.) When part of a pulse team, does your stats stand out as far as the frequency in which keys are used... such as could someone look and see that you used say a special character very infrequently and so this special character could be part of a password for access to some sort of account etc?

I think this is a bit paranoid. Even if that information is tracked, it's not going to be useful. Lets' say that $ appears more frequently.

1. This says nothing about it being typed in as a password character.
2. It says nothing about what it is being used in a password for
3. It says nothing about what other characters are in that password.

It's not really going to give you any information that would make an attempt to determine somebody's E-mail password (for example) easier to guess than random chance.

2.) If I wanted to collect these stats only for myself, but not for the world to see, is there an offline mode in which i can look at my collected keystroke stats, but of which it never uploads this info to the web where others can try to figure out information based on frequency of specific keystrokes etc?

Whatpulse has a "work offline" mode which claims to do pretty much exactly that. here is the kb article on it.

3.) On a Pulse Team, does it pool together the total qty of keystrokes for each individual key of the 104 keys or just total keys pressed such as 109,943 keystrokes today from the team in which its just a single count statistic?

I can't find a way to view any of that information either for a specific user nor a given team. It may only be accessible to the user who pulsed the information, if at all.

I was kind of hesitant to  trying out this program because god forbid someone ever had an exploit with it that made it act like a keyboard broadcast, then everything typed would be out for someone to view and piece together in which my biggest concerns are not the content typed which would bore most people  , but rather the user names and passwords to important sites etc.

The same logic applies to any proprietary program you use. Or open source, really- I doubt many people exhaustively audit the OSS products they use.

Personally I stopped using it because the whatpulse client was crashing and annoying the piss out of me. my user is evidently still up there, though. (and somehow even then I have more than Nathan? Wut).

I think that highlights one important thing for software like this- since it serves no critical function (usually), if it causes problems, it will simply be gone. if I have issues with it for example I am far more likely to just remove it and forget about it than fart about trying to workaround say bugs or issues with the software, even if overall the software is reasonably well-made.

[DaveLembke]

Thanks for the info guys..

As far as:

Plus do you think that computerhope would have a team set up with a program that would compromise it's users data? Chill your boots bud this software is harmless and just a bit of fun.

I know that CH wouldnt allow that to happen intentionally 

Its just that I got bitten a long time ago by a different forum that promoted Real VNC as a god send free remote admin tool and about 9 months later I got hit by a VNC hacker who used an exploit to gain remote access without a password on one of my Windows 2000 SP4 systems

It wasnt the forums fault and i suppose it was just a matter of time before someone found an exploit and used it on it.

For the fact that the more reading I do on this the safer it looks, I am not as cautious/paranoid  as I was when I initially posted this today. So far I have about 10,000 keystrokes and 324 mouse clicks... Now I know why a new keyboard after 4 months has polished keys.

Also it was interesting that they have a couple different heat views where it shows in addition to the keystroke usage also hot spots of frequently used areas of the display in relation to the mouse use, as well as I wasnt expecting it to also have system spec info logging etc for network traffic and program usage etc.

Its actually a quite cool program that is beyond what I expected of it. 

[BC_Programmer]

Its just that I got bitten a long time ago by a different forum that promoted Real VNC as a god send free remote admin tool and about 9 months later I got hit by a VNC hacker who used an exploit to gain remote access without a password on one of my Windows 2000 SP4 systems

A bit different, I think- in design, Whatpulse is a PUSH client. What this means is that Whatpulse itself- the one you run on your computer, is actively seeking and sending data to a webserver (again, if not in offline mode) when you pulse. For RealVNC, it is a tool that you install specifically so that other computers can take control of yours, and it is network-live, so any PC can connect to you and take control if they know the password. So of course in this instance exploits are going to be FAR more damaging to users. Since whatpulse is a "pusher" it is not a scenario where say a network attack could connect to your PC and take over whatpulse or such.

I'm unsure exactly what data is sent and stored on the server, since that data is in a state where it could be compromised. However- even with that, the pulse information doesn't have any say, sequence information- so even with a fully compromised whatpulse website/server, it would be impossible to say "keylog" you, to get passwords and such.