This is a pretty amazing story about a free utility with a malicious back-end twist.

This is so bad that I assumed it was a hoax. However, I downloaded the program, installed it (on a virtual machine), decompiled it, and verified that it is, in fact, “phoning home” with your gmail user name and password. Yikes.

The manufacturer’s page has been updated to indicate that this “was in no way intentional,” but does it really matter?