Protecting strategies from Multicharts? Do they spy?  [SOLVED]

Questions about MultiCharts and user contributed studies.
veritasig
Posts: 25
Joined: 09 Oct 2014
Has thanked: 10 times
Been thanked: 8 times

Protecting strategies from Multicharts? Do they spy?

Postby veritasig » 22 Apr 2015

Straight question. IP theft is commonplace. Brokers, clearing firms and software vendors regularly study, front-run and reverse engineer profitable traders. How can I be sure Multicharts isn't doing the same? The MT4 virtual dealer plug-in that allowed brokers to shade prices and slip customer accounts on fills was a nice tip of the hat to what really goes on behind the multi-million dollar PR front FX shops put up.

I'm not accusing Multicharts. I simply don't trust anyone. Given the Snowden/Binney revelations regarding wholesale NSA dragnetting, all the high-level theft going on at Wallstreet firms, all the major ISP's working with the NSA along with Google, Facebook, Twitter etc. It seems nearly every company with an electronic footprint now spies on their customers. Fortune 100 companies along with the Federal Government routinely lie through their teeth as a matter of daily course. I simply don't trust "reputable" companies at their word anymore.

What can we do at a user-level to protect the security of our strategies? Can third-party firewalls be used to ensure Multicharts doesn't "call home" unnecessarily? Can logs be watched to catch strategy code being sent back to Multicharts? What can the average Multicharts user do, from a security standpoint?

In my opinion, it's in the best interests of Multicharts developers to create a host of safe-guards that demonstrate transparency and security surrounding user strategies/code. The more confidence users have in the product, ultimately the more popular the platform becomes. Bear in mind, many of us have spent many years and thousands of hours studying, developing and testing strategies, to generate consistent income from the markets. Not unlike the developers of Multicharts have in creating their product. Which is why Multicharts instituted DRM and use license codes - to ensure their hardwork isn't stolen. Whereas us traders who invest the same amount of time and effort have zero safeguards our intellectual property won't be stolen......This is a real problem.

For the record, I purchased a lifetime Multicharts license and think it's a fantastic product.
However, if I had the option, I would auto-trade all my strategies using an open-source platform, if one were available, simply out of security concerns.

Regards,

User avatar
MAtricks
Posts: 789
Joined: 09 Apr 2012
Has thanked: 286 times
Been thanked: 288 times

Re: Protecting strategies from Multicharts? Do they spy?

Postby MAtricks » 22 Apr 2015

Excellent points. We're all thinking them... :)

orion
Posts: 250
Joined: 01 Oct 2014
Has thanked: 65 times
Been thanked: 104 times

Re: Protecting strategies from Multicharts? Do they spy?

Postby orion » 22 Apr 2015

Having led the development of some of these technologies, I agree that paranoia is justified. While I have no complaints regarding MC, the question as to what MC, or for that matter any other platform, is doing is unknowable without reverse engineering the software. That is an expensive proposition. You are better off building your own platform and even then you have no way around your broker unless you become your own broker.

User avatar
Henry MultiСharts
Posts: 9165
Joined: 25 Aug 2011
Has thanked: 1264 times
Been thanked: 2957 times

Re: Protecting strategies from Multicharts? Do they spy?

Postby Henry MultiСharts » 23 Apr 2015

Hello veritasig,

MultiCharts is a standalone application. There are no MultiCharts servers that keep/transfer your information. All modules, configuration parameters and user data (workspaces, studies, data) are kept on your computer and are not sent anywhere from it. Personal information is stored in a binary format and cannot be decoded. The data/broker connection is performed from your computer directly to your data/broker servers.
What can we do at a user-level to protect the security of our strategies?
You can move the main logic of your strategy into an external DLL, or export your studies as read-only and then import them back (make sure to save a copy of source code somewhere as the study will become binary file with no code). See Importing and Exporting Studies.
Can third-party firewalls be used to ensure Multicharts doesn't "call home" unnecessarily?
You can use a sniffer app to analyze your traffic.
Can logs be watched to catch strategy code being sent back to Multicharts?
Logs are designed for developers and are almost of no use for end users. They are stored in a text format and you are free to check them to make sure MultiCharts is not sending your code anywhere. You can also completely disable MultiCharts logging, but in this case we won't be able to troubleshoot any issues that can arise during MultiCharts operation. To disable logging - import AllTracesOff.reg fom the attached file corresponding to your version of MultiCharts while all MC processes are closed.
Attachments
AllTraces.zip
for 32 bit MultiCharts
(1.1 KiB) Downloaded 251 times
AllTraces64.zip
for 64 bit MultiCharts
(1.11 KiB) Downloaded 328 times

veritasig
Posts: 25
Joined: 09 Oct 2014
Has thanked: 10 times
Been thanked: 8 times

Re: Protecting strategies from Multicharts? Do they spy?

Postby veritasig » 24 Apr 2015

Hello veritasig,

MultiCharts is a standalone application. There are no MultiCharts servers that keep/transfer your information. All modules, configuration parameters and user data (workspaces, studies, data) are kept on your computer and are not sent anywhere from it. Personal information is stored in a binary format and cannot be decoded. The data/broker connection is performed from your computer directly to your data/broker servers.
What can we do at a user-level to protect the security of our strategies?
You can move the main logic of your strategy into an external DLL, or export your studies as read-only and then import them back (make sure to save a copy of source code somewhere as the study will become binary file with no code). See Importing and Exporting Studies.
Can third-party firewalls be used to ensure Multicharts doesn't "call home" unnecessarily?
You can use a sniffer app to analyze your traffic.
Can logs be watched to catch strategy code being sent back to Multicharts?
Logs are designed for developers and are almost of no use for end users. They are stored in a text format and you are free to check them to make sure MultiCharts is not sending your code anywhere. You can also completely disable MultiCharts logging, but in this case we won't be able to troubleshoot any issues that can arise during MultiCharts operation. To disable logging - import AllTracesOff.reg fom the attached file corresponding to your version of MultiCharts while all MC processes are closed.
Thanks for the detailed reply, Henry. I appreciate that. Being a neophyte to programming and networking, it will take me some time to implement your suggestions. I will keep this thread alive and updated as I make progress, as this topic is a big concern for me.

Ideally, I want to cordon off all internet contact Multicharts has with any outside server, except my brokerage. Would it be possible to configure a firewall so that a computer *only* has access to a brokerage? IE, so Multicharts running on that computer would only have access to that brokerage server?

I understand every XX days, Multicharts will have to bypass that firewall to log-in to the MC DRM server so that it can verify a licensed copy. That's fine. I'm also curious as to why an end-user instance of Multicharts would connect to a MC server, or a MC server connect to a end-user instance of MC, and transfer information? Beyond logging/debugging operations and DRM?

To be fair, like the other poster mentioned, this isn't just an issue with Multicharts, but all vendor trading applications. All software, for that matter...I appreciate all the replies.

Regards,

User avatar
TJ
Posts: 7740
Joined: 29 Aug 2006
Location: Global Citizen
Has thanked: 1033 times
Been thanked: 2221 times

Re: Protecting strategies from Multicharts? Do they spy?

Postby TJ » 24 Apr 2015

::
Ideally, I want to cordon off all internet contact Multicharts has with any outside server,
This is possible... the ability is already built into your Windows operating system. You can block out any site you like.
I block out all the known ad servers and spammers myself.
Just google and you will find lots of tutorial on how to do it.

User avatar
Henry MultiСharts
Posts: 9165
Joined: 25 Aug 2011
Has thanked: 1264 times
Been thanked: 2957 times

Re: Protecting strategies from Multicharts? Do they spy?  [SOLVED]

Postby Henry MultiСharts » 24 Apr 2015

Ideally, I want to cordon off all internet contact Multicharts has with any outside server, except my brokerage. Would it be possible to configure a firewall so that a computer *only* has access to a brokerage? IE, so Multicharts running on that computer would only have access to that brokerage server?

I understand every XX days, Multicharts will have to bypass that firewall to log-in to the MC DRM server so that it can verify a licensed copy. That's fine.
You need provide permanent access of MultiCharts to the authorization servers:
https://mcauth.com/
https://mcauth1.com/
https://mcauth2.com/

Port numbers 80 and 443 should be open.
I'm also curious as to why an end-user instance of Multicharts would connect to a MC server, or a MC server connect to a end-user instance of MC, and transfer information? Beyond logging/debugging operations and DRM?
As I have already mentioned - there is no such thing.

veritasig
Posts: 25
Joined: 09 Oct 2014
Has thanked: 10 times
Been thanked: 8 times

Re: Protecting strategies from Multicharts? Do they spy?

Postby veritasig » 27 Apr 2015

You need provide permanent access of MultiCharts to the authorization servers:
https://mcauth.com/
https://mcauth1.com/
https://mcauth2.com/

Port numbers 80 and 443 should be open.
So Multicharts requires permanent access to the authorization servers for live-trading?

And for back-testing without online access? How often does Multicharts require access to DRM servers then?

User avatar
Henry MultiСharts
Posts: 9165
Joined: 25 Aug 2011
Has thanked: 1264 times
Been thanked: 2957 times

Re: Protecting strategies from Multicharts? Do they spy?

Postby Henry MultiСharts » 27 Apr 2015

So Multicharts requires permanent access to the authorization servers for live-trading?
That is correct.
And for back-testing without online access? How often does Multicharts require access to DRM servers then?
Every 30 days.

zysmn
Posts: 68
Joined: 27 Feb 2014
Has thanked: 7 times
Been thanked: 4 times

Re: Protecting strategies from Multicharts? Do they spy?

Postby zysmn » 05 May 2015

If you are using broker host or other third side hosting, you can use your own hardware server, and store on it your private data in secure encryption container (for example True Crypt https://truecrypt.ch/), and mount it only in manual mode. I'm using such containers not only on servers, on notebook and other machines too, and storing all my private data, not only MC databases, logs and etc.
Also it is worth synchronizing data in secure encryption cloud. I know only three such clouds: spideroak.com, wuala.com, tresorit.com.
Also for connect to server can use VPN. For example like this zerotier.com or dynvpn.com. Teamviwer perhaps will be suitable for this purpose, but it not convenient. Or configure it yourself with openVPN.
But nobody will tell, that these decision don't have hacker holes or backdoors. And paranoia will still live :).

vindiou
Posts: 35
Joined: 01 Jun 2011
Has thanked: 8 times
Been thanked: 3 times

Re: Protecting strategies from Multicharts? Do they spy?

Postby vindiou » 26 Oct 2016

From my point of view, the best firewall is NO connection to the internet at ALL, keep you data on YOUR computer, locally.
https://www.cnet.com/news/nsa-working-o ... encryption


Return to “MultiCharts”