Converstion to Paddle => Observations <=

Th
The-End
Posts: 2
Joined: Thu Jun 27, 2019 2:32 am
Platform: Mac

Thu Jun 27, 2019 3:02 am Post

I am a long term Scrivener/Scapple/macos user. All licenses were purchased directly from L&L web store with licenses generated by eSellerate, I just upgraded both Scrivener and Scapple - it worked fine but a few observations...

=> Security <=

I am using Little Snitch to monitor oubound connecttions and I received the following messages when outbound connections from Paddle were requested.

"TCP connections on port 443 to cdn.paddle.com, static.paddle.com, buy.paddle.com, checkout.paddle.com
If these connections are denied, the built-in store will not function properly. You will need to purchase Scrivener through our web store.

TCP connections on port 443 to checkout-service.paddle.com, create-checkout.paddle.com
If you block these connections, you will be unable to complete your purchase in the software. You will need to purchase Scapple through our web store."

I allowed these connections and everything ran ok. BUT upon researching further I found that these above network connections must always be allowed if your software is connect to ANY operational network interface. If I take the network interface down the software also works. Why do I need a constant network connection to Paddle if my network interface is active? eSellerate did not requre this.

=> eSellerate artifacts remain on macos <=

I understand why the move to Paddle, but eSellerate has left a trail of crumbs on my macos. I do not know what to remove. There is the directory /Users/<username>/Library/Application Support/eSellerate
Can this be removed? Are there any other crumbs?

User avatar
KB
Site Admin
Posts: 20718
Joined: Tue Jun 13, 2006 11:23 pm
Platform: Mac
Location: Truro, Cornwall
Contact:

Thu Jun 27, 2019 3:36 pm Post

Hi,

All of those Little Snitch messages were written by us (via the Internet access policy file) so that Little Snitch can report what is going on. It's also covered on our updated privacy page:

https://www.literatureandlatte.com/privacy

I allowed these connections and everything ran ok. BUT upon researching further I found that these above network connections must always be allowed if your software is connect to ANY operational network interface. If I take the network interface down the software also works. Why do I need a constant network connection to Paddle if my network interface is active? eSellerate did not requre this.


I'm not quite sure what you mean here, sorry. But bear in mind that Scrivener runs a two-monthly check to ensure the licence is still valid, so it's a good idea not to deny connections to Paddle (Scrivener did this with eSellerate too).

Paddle does use an unfortunate number of connections; something we raised with them ourselves. We were very careful about picking providers, though - with eSellerate closing down, Paddle is the only company that offers anything comparable.

As for the eSellerate artefacts, also look out for the /MindVision folder in ~/Library/Application Support. You can safely remove the eSellerate folder provided you don't have other software still using it.

All the best,
Keith
"You can't waltz in here, use my toaster, and start spouting universal truths without qualification."

Th
The-End
Posts: 2
Joined: Thu Jun 27, 2019 2:32 am
Platform: Mac

Thu Jun 27, 2019 5:41 pm Post

Thanks for the quick response. To boil down my comment on network interface being active... The user must always have Paddle connections when on the internet. I believe you answered this question (as a yes). The information on eSellerate artifacts also very helpful. Thanks again. excellent product.

User avatar
AmberV
Posts: 23718
Joined: Sun Jun 18, 2006 4:30 am
Platform: Mac + Linux
Location: Ourense, Galiza
Contact:

Thu Jun 27, 2019 6:56 pm Post

Just for the record, and as another Little Snitch user, I've only needed to activate the connections that I marked as essential in the Little Snitch help system during activation (so consider using the "Until Quit" mode). I.e. if it requests your confirmation to deny a connection, then you will need it to activate or buy the software. If it does not request confirmation you can block it and these functions will still work.

And more importantly, once you activate, you can block whatever you want entirely. So if you are security minded, again consider using the "Until Quit" option once you are past the checks, then relaunch and block as you see fit.
.:.
Ioa Petra'ka
“Whole sight, or all the rest is desolation.” —John Fowles