I've discovered some interesting things with the new Windows desktop client for Pogoplug.  I run under Windows 7 and got more than I bargained for when installing the upgraded client.  It basically turns your desktop into a pogoplug box, if you leave it on defaults.

I get an extra "Pogoplug Ethernet Interface" mapped on my PC:

Ethernet adapter Pogoplug:  

IPv4 Address. . . . . . . . . . . : 10.67.101.1   

Subnet Mask . . . . . . . . . . . : 255.255.255.0

It looks like a tunnel to 10.67.101.2 that shares out the folders to the Web which you have selected for access.

If you do *not* want this sharing to occur, you can open the pogoplug preferences by right clicking the icon and select Remote Acess 'Off'.  There's also a window that shows what's being shared to the web.  The icon goes from pink to black when access is off.  And the extra'pogoplug ethernet' is disconnected.  

By the way 'Shutdown Pogoplug' on that menu has nothing at all to do with the linux pogoplug box.  It shuts down the client on the PC!  Why didn't they name it something else like "cloud drive share" or something.

Another thing that bothers me is the tunnel.  I'm not too happy when software just connects me to an endpoint and enables the possibility of lots of default shares when it's installed.  It's supposed to be a 'client' - when in fact it's a pogoplug server coming though the back door and on to my system.  They see this as "a benefit" - I see it as a "security risk" for my data,

I can SSH port 22 to a host on 10.67.10.2 and I get an 'SSH-2.0-OpenSSH_4.3' banner and a login prompt.  So I'm not very impressed that it's firewalled correctly.  OK it's a private address range tunneled point to point, and non-routable over the internet. That's about all it's got in it's favor.  I've got to trust the people at the other end with my data, and I'm not sure I do... given the default share included my Desktop. 

Also in the root of every shared folder there are some hideden files to do with the share:

.ceid and .cedata

.cedata contains an index of all the files and generated thumbnails (like the pogoplug does).  By default, the software is grabbing CPU cycles and generating what amounts to checksums and thumbnails of all the files on my PC  in the folders that I have shared.  I don't see an option that says not to do this.  Also deleting the share does not delete  these hidden files form what I can see.

These are examples of why the application is badly behaved.  It aslo appears to violate Windows security, switching users with a drive shared lets other users can access the same P: drive directly.  They should be denied access to that drive instance, and not be able to access another user's desktop or folders without having an explicit share.

I'm just putting this out there... many of you will know this, but some may not.  I'll be turning off the "remote access" on my PC and let someone else be the guinea pig.

-Richard