TWO’S COMPLEMENT, LLC
T HE V I E W S E N D E R P A TH A N D P R O M I S E
BUSINESS PLAN-APPENDIX
VERSION 1.10 - JUNE 2009
Contact Information:
Owner:
Website:
Contact:
Address:
Telephone:
E-mail:
Two’s Complement, LLC
www.TwosComplementLLC.com
Scott Deaver
2777 Woodland Park Drive #814
Houston, Texas 77082-6648
832.889.5089
scottdeaver@hotmail.com
June 20, 2009
[THE VIEWSENDER PATH AND PROMISE - APPENDIX]
Cover page
NOTICE AND DISCLAIMER
This document contains confidential and proprietary information belonging exclusively to
Scott Deaver and Two’s Complement, LLC. Note: This is a business plan only. It does not
imply or propose a sale or offering of Securities.
Copy Number ___
2
Notice and disclaimer | ©2006-2009 Two's Complement, LLC.
[THE VIEWSENDER PATH AND PROMISE - APPENDIX] June 20, 2009
DISCLOSURE STATEMENT
The information presented in this document has been prepared to provide information to
potential investors or other interested parties in order to familiarize them with the
business concept, organizational details, and future prospects as defined herein.
Information contained herein is sensitive and confidential and is solely intended for the
purpose of evaluating the company for future possible investment consideration. The
information contained herein shall be treated as Confidential and Proprietary in nature.
By accepting receipt of this document the recipient agrees not to disclose, reproduce, or
distribute this information, in whole or in part, to any other person or entity without the
prior written permission of Two’s Complement, LLC management.
__________________________________________________________________________
Name (typed or printed)
________________________
Date
__________________________________________________________________________
Signature
©2006-2009 Two's Complement, LLC. | Disclosure Statement
3
June 20, 2009
[THE VIEWSENDER PATH AND PROMISE - APPENDIX]
TABLE OF CONTENTS
Notice and disclaimer .......................................................................................................................................... 2
Disclosure Statement ........................................................................................................................................... 3
A-1: Additional Confidential Information Disclosure Notice and Statement ................................... 6
A-1.1:ONE-WAY CONFIDENTIALITY AND NON-DISCLOSURE AGREEMENT ............................................ 7
A-1.1.1: PARTIES ............................................................................................................................................................ 7
A-1.1.2: BACKGROUND AND PURPOSE OF DISCLOSURE .............................................................................. 7
A-1.1.3: DESCRIPTION OF CONFIDENTIAL INFORMATION ........................................................................ 7
A-1.1.4: AGREEMENT TO MAINTAIN CONFIDENTIALITY............................................................................ 7
A-1.1.5: EFFECTIVE DATE AND LENGTH OF OBLIGATION.......................................................................... 7
A-1.1.6: EXCEPTIONS TO CONFIDENTIAL INFORMATION .......................................................................... 8
A-1.1.7: RETURN OF CONFIDENTIAL INFORMATION ................................................................................... 8
A-1.1.8: DISCLAIMER OF OTHER RELATIONSHIPS ......................................................................................... 8
A-1.1.9: GOVERNING LAW ......................................................................................................................................... 8
A-1.1.10: AMENDMENTS ............................................................................................................................................ 8
A-1.1.11: BREACH .......................................................................................................................................................... 8
A-2: Background Summaries of Principals................................................................................................ 10
A-2.1: Scott Deaver ........................................................................................................................................................... 10
A-2.2: Geethanjali Manjuladevi Ramachandrappa .............................................................................................. 12
A-2.3: Chandra Thornton-Fontenot .......................................................................................................................... 12
A-2.4: Susanne Pack ......................................................................................................................................................... 13
A-2.5: James A. Cardle ..................................................................................................................................................... 13
A-3: Company Management Considerations ............................................................................................. 14
A-3.1: The reluctant entrepreneur ............................................................................................................................ 14
A-3.2: Fallback plan.......................................................................................................................................................... 14
A-4: Detailed Discussion of Products and Services ................................................................................ 15
A-5: Product Version Notes and Release Schedule ................................................................................. 18
A-5.1: Product version marketing notes ................................................................................................................. 19
A-6: Detailed Marketing Comments ............................................................................................................. 20
A-6.1: Promotional ideas ............................................................................................................................................... 21
A-6.1: Opportunities ........................................................................................................................................................ 25
A-6.2: Challenges............................................................................................................................................................... 27
A-6.2.1: Establishing recognition for a new product class.......................................................................... 27
4
Table of Contents | ©2006-2009 Two's Complement, LLC.
[THE VIEWSENDER PATH AND PROMISE - APPENDIX] June 20, 2009
A-6.2.2: Avoiding associations with the wrong product class ................................................................... 28
A-6.2.3: Competitive products for sale................................................................................................................ 28
A-6.2.4: Products customers currently use ....................................................................................................... 31
A-6.2.5: Unique risks .................................................................................................................................................. 32
A-6.3: Our conclusions .................................................................................................................................................... 33
A-7: Business Plan Section 5 supplemental Information ..................................................................... 34
A-7.1: Comments ............................................................................................................................................................... 34
A-7.2: Transition in customer relationship............................................................................................................ 35
A-7.3: Transition in physical infrastructure .......................................................................................................... 36
A-7.4: Transition in product lineup........................................................................................................................... 36
A-7.5: Ancillary products ............................................................................................................................................... 37
A-7.5.1: Derived from text extraction .................................................................................................................. 37
A-7.5.2: Derived from image collection .............................................................................................................. 38
A-7.5.3: Derived from keystrokes and user information ............................................................................. 38
A-7.5.4: Other product opportunities .................................................................................................................. 38
A-7.6: Addition of services to the mix ...................................................................................................................... 39
A-7.6.1: Custom software ......................................................................................................................................... 40
A-7.6.2: Turnkey setup and monitoring ............................................................................................................. 40
A-7.6.3: Analysis and archiving .............................................................................................................................. 40
A-7.6.4: Custom deployments ................................................................................................................................. 41
A-7.6.5: Service and support contracts ............................................................................................................... 41
A-7.6.4: Solutions for special circumstances .................................................................................................... 41
A-7.7: Unique and boutique opportunities ............................................................................................................ 43
A-8: For investors ............................................................................................................................................... 44
A-8.1: Detailed Development Milestones................................................................................................................ 44
A-8.1.3: Assumptions.................................................................................................................................................. 45
A-8.1.4: Milestones ...................................................................................................................................................... 46
A-9: Errata ............................................................................................................................................................. 49
A-9.1:Security Considerations Regarding the ViewSender Agent ................................................................ 49
A-9.1.1: Issues................................................................................................................................................................ 49
A-9.1.2: Resolution ...................................................................................................................................................... 51
©2006-2009 Two's Complement, LLC. | Table of Contents
5
June 20, 2009
[THE VIEWSENDER PATH AND PROMISE - APPENDIX]
A-1: ADDITIONAL CONFIDENTIAL INFORMATION DISCLOSURE
NOTICE AND STATEMENT
If you are considering investing or participating in the ViewSender project, you may have an
interest or need to review certain highly-sensitive proprietary information not included in
the business plan, such as samples of our source code or copies of internal
communications.
To request information of a confidential nature that is not included in the business plan,
please write a letter stating the specific information you are requesting, a detailed reason
for your request, and a description of yourself and the entity you are representing (if
appropriate). If you are submitting the request on the behalf of others, please list
descriptive and identifying information for all individuals and organizations who will view
or possess the confidential information. Please complete the non-disclosure agreement in
the pages following this notice, and submit the completed signed agreement along with the
letter by mail to:
F. Scott Deaver
2777 Woodland Park Drive #814
Houston, Texas 77082-6648
or by email to: mailto:mscottdeaver@hotmail.com.
Please note that not all requests can be honored, and each request will be independently
evaluated based on its merits and circumstances. No requests will be honored without a
signed non-disclosure.
6
| ©2006-2009 Two's Complement, LLC.
[THE VIEWSENDER PATH AND PROMISE - APPENDIX] June 20, 2009
A-1.1:ONE-WAY CONFIDENTIALITY AND NON-DISCLOSURE AGREEMENT
A-1.1.1: PARTIES
This Agreement is between Disclosing Party (as described below), the Disclosing Party of
certain confidential information, and Receiving Party (as described below), the Receiving
Party of certain confidential information.
A-1.1.2: BACKGROUND AND PURPOSE OF DISCLOSURE
Disclosing Party and Receiving Party are evaluating or are engaged in a business
relationship (the "Projects"), during which Disclosing Party may disclose certain valuable
confidential and proprietary information.
A-1.1.3: DESCRIPTION OF CONFIDENTIAL INFORMATION
Confidential Information, whether disclosed in written, oral, visual, or tangible form,
disclosed by Disclosing Party to Receiving Party shall be subject to the provisions of the
Agreement when: (a) the information is disclosed in written form which is marked
confidential; or (b) the information is disclosed orally or visually (such as through visits to
facilities of the Disclosing Party) and is identified at the time of disclosure as being
confidential, and within thirty (30) days thereafter, a written summary of such oral or
written disclosures is provided to the Receiving Party; or (c) when disclosed in tangible
form (such as product samples), it is identified at the time of disclosure as being
confidential. Moreover, Confidential Information shall also include (whether marked
confidential or not) data regarding the quantity, price, delivery, or other commitments or
proposals between the parties.
A-1.1.4: AGREEMENT TO MAINTAIN CONFIDENTIALITY
The Receiving Party agrees to hold any Confidential Information disclosed to it in
confidence, to cause its employees, agents or other third parties to hold such Confidential
Information in confidence, and to use the same standard of care used to protect its own
proprietary and confidential information in protecting the Confidential Information.
Receiving Party shall not disclose Confidential Information to others or use it for purposes
other than the Project(s).
A-1.1.5: EFFECTIVE DATE AND LENGTH OF OBLIGATION
This Agreement is effective as of the last date of execution by both parties and may be
terminated by either party at any time upon written notice. Parties’ obligation of
confidentiality and non-use of Confidential Information hereunder shall last for seven (7)
years from the date of such written notice.
©2006-2009 Two's Complement, LLC. | A-1: Additional Confidential Information
Disclosure Notice and Statement
7
June 20, 2009
[THE VIEWSENDER PATH AND PROMISE - APPENDIX]
A-1.1.6: EXCEPTIONS TO CONFIDENTIAL INFORMATION
Confidential Information shall not include any information which (a) was publicly available
at the time of disclosure; (b) became publicly available after disclosure without breach of
this Agreement by either party; (c) was in parties’ possession prior to disclosure, as
evidenced by parties’ written records, and was not the subject of an earlier confidential
relationship with the other party; (d) was rightfully acquired by party after disclosure by
the other party from a third party who was lawfully in possession of the information and
was under no obligation to the other party to maintain its confidentiality; (e) is
independently developed by the parties’ employees or agents who have not had access to
the Confidential Information; or (f) is required to be disclosed by the party pursuant to
judicial order or other compulsion of law, provided that the party shall provide to the other
party prompt notice of such order and comply with any protective order imposed on such
disclosure.
A-1.1.7: RETURN OF CONFIDENTIAL INFORMATION
At any time requested by one of the parties, the other party shall return or destroy all
documents, samples or other materials embodying Confidential Information, shall retain no
copies thereof, and shall certify in writing that such destruction or return has been
accomplished.
A-1.1.8: DISCLAIMER OF OTHER RELATIONSHIPS
This Agreement does not create a relationship of agency, partnership, joint venture or
license between the parties. This Agreement does not obligate either party to purchase
anything from or sell anything to the other party, and each party acknowledges the other
party may enter into (a) other similar activities and/or (b) business relationships with
third parties, provided no Confidential Information is disclosed or used by either party.
A-1.1.9: GOVERNING LAW
This Agreement shall be governed by and construed in accordance with the laws of the
State of Texas, without reference to conflicts of law principles. The parties hereby submit
and consent to the jurisdiction of the federal and state courts of the state referenced in the
preceding clause for purposes of any legal action arising out of this Agreement.
A-1.1.10: AMENDMENTS
This Agreement supersedes all previous agreements between the parties regarding the
Confidential Information and cannot be canceled, assigned or modified without the prior
written consent of the Parties.
A-1.1.11: BREACH
8
A-1: Additional Confidential Information Disclosure Notice and Statement | ©2006-2009
Two's Complement, LLC.
[THE VIEWSENDER PATH AND PROMISE - APPENDIX] June 20, 2009
If either party breaches the term(s) of this Agreement, the other party shall have the right
to (a) terminate this Agreement and/or demand the immediate return of all Confidential
Information; (b) recover its actual damages incurred by reason of such breach, including,
without limitation, its attorneys fees and costs of suit as well as profits obtained by the
breaching party as a result of misusing the Confidential Information; (c) obtain injunctive
relief to prevent such breach or to otherwise enforce the terms of this Agreement; and (d)
pursue any other remedy available at law or in equity. Failure to properly demand
compliance or performance of any term of this Agreement shall not constitute a waiver of
the parties’ rights hereunder.
Receiving Party
Disclosing Party
Signature _________________________________
Name _____________________________________
Title _______________________________________
Company _________________________________
Date _______________________________________
Signature __________________________________________
Name ______________________________________________
Title _______________________________________________
Company _Two's Complement LLC____________
Date _______________________________________________
By signing above or entering electronically below, both parties agree to be bound by the
terms of this document.
©2006-2009 Two's Complement, LLC. | A-1: Additional Confidential Information
Disclosure Notice and Statement
9
June 20, 2009
[THE VIEWSENDER PATH AND PROMISE - APPENDIX]
A-2: BACKGROUND SUMMARIES OF PRINCIPALS
A-2.1: SCOTT DEAVER
Scott Deaver has been a successful software engineer and consultant on leading-edge,
innovative, or highly-specialized software for twenty years. He has been successful
developing state-of-the-art software in environments as diverse as global Fortune 500
corporations through the smallest of family-owned software-based startups. A brief list of
the companies for whom he was worked and the nature of the projects he worked on
would include the following:
















Weatherford International
Production optimization for gas and liquid wells
ICS, Inc. (CommandSystems.com)
Video, entrance control, and status/detection device monitoring
SysInformation, Inc.
Forensic extraction of data from hard drives for the legal profession
Smith International, Inc.
Drill string torque and drag calculation during drilling operations
Emerson Process Management, Inc.
Gas chromatograph communications and control
Continental Airlines, Inc. (two projects)
Customer care application and migrating data to Windows from a mainframe
ProSys, Inc.
Application to monitor and manage controls in a petrochemical plant
Hewlett-Packard (two projects)
Application to manage exchange of bad memory modules in computers
ChevronTexaco
What-you-see-is-what-you-get report generator for oil/natural gas drilling sites
Hilton Hotels
Migration of business applications to Windows from other environments
American Buildings Company
Virtual building engineering application for modular structures
ExxonMobil Upstream Research Center
Software docking station for oilfield drilling and reservoir applications
Schlumberger GeoQuest
TDAS application for drilling – torque/drag, stuck pipe, drill string modeling
JFL Communications (SOLA)
Rain-fade attenuation and saturation adjustment for satellite uplink
communications
Sulzer Intermedics
External re-programming of embedded heart pacemakers
Tuboscope
Software tracking of pipeline cleaning and inspection equipment
10
A-2: Background Summaries of Principals | ©2006-2009 Two's Complement, LLC.
[THE VIEWSENDER PATH AND PROMISE - APPENDIX] June 20, 2009



















Metro IS/Enron Energy Services
Using pager communications protocols to send residential meter readings for Enron
Lockheed Martin/NASA (two projects)
Air-to-Ground Voice System for communications between the shuttle/space station
and ground
BMC Software
Windows adaptation of software to monitor enterprise applications and resource
consumption
American Express
Windows-based reservation and ticketing system
FutureSoft
Consumer software for dialup and terminal communications over phone lines
BancTec/Recognition
Status and control of automated high-speed check processing and document OCR for
banks
VCON
Video-conferencing hardware device driver and configuration software
AT&T GIS/JCPenny Customer Focus Team
Design and programming of Windows applications to support point-of-sale and
other programs
General Signal/Edwards System Technologies
Monitoring and control of fire and smoke detection and suppression equipment
MCI
GPS/GIS software to investigate suitability of PCS antenna locations in Mexico
Tandy Information Services
Creation of libraries to provide data migration services from UNIX to Windows
databases
American Airlines Decision Technologies
Windows NT communications interfaces to the SABRE online reservations system
Fisher Controls
Calculation engine for determining valve sizing in pipelines and plants
Merit Technology
Created the first consumer retail drill-down mapping application from a shareware
prototype
Coopers and Lybrand
Built a windows management and tracking groupware interface around Lotus Notes
Practitioner's Publishing
Rescued a Windows auditing package in development, re-built the project in place
DacEasy
Adapted code produced overseas into the DacEasy Lite product for US consumers
Wal-Mart General Offices
Engineered communications and GUI components for editing data stored on UNIX
servers
CE Software
Ported Apple Macintosh applications to the Windows environment
©2006-2009 Two's Complement, LLC. | A-2: Background Summaries of Principals
11
June 20, 2009


[THE VIEWSENDER PATH AND PROMISE - APPENDIX]
Legal Services Incorporated
Wrote prototype applications to electronically submit legal documents to
courthouses
Micro Software Solutions/Computer Supply Store
Programmed an inventory and sales tracking package for an office supply store
Scott Deaver’s complete resume can be seen at
http://www.ViewSender.com/documents/resume.doc.
A-2.2: GEETHANJALI MANJULADEVI RAMACHANDRAPPA
Geethanjali is one of four prospective equity partners in Two's Complement LLC with
whom we will negotiate for shares in the company after the general business attorney has
finalized the business structure. Geethanjali has spent the past month learning the
software, and has recently been producing new code for the ViewSender Agent component.
Geethanjali has over 5 years of experience in the software industry. Geethanjali is
proficient in C, C++, Visual C++ and the MFC. She is also familiar with PHP, MySQL,
SybaseSQL, XML, SOAP, C#, .NET 3.5 and HTML. She worked previously with Siemens in
India as a Senior Systems Engineer. She was involved in developing Microsoft Windows
applications for the medical field, which involved DICOM image processing. She also has
experience in developing web applications.
Geethanjali received her Bachelor's Degree in Engineering (Computer Sciences) from
V.T.U., India and Master's Degree in Software Systems from B.I.T.S. Pilani, India.
Geethanjali's full resume is available upon request.
A-2.3: CHANDRA THORNTON-FONTENOT
Chandra is another potential partner who is already contributing to the project - she is redesigning our current web page. Chandra has extensive experience (since early 2000) as a
Web professional, with a strong understanding of modern web technologies, strategic on
line marketing, copywriting and site design and development. Her background is in writing
and content creation, but she has also lead the development of brand building Web sites
through design, production and launch. She has advanced knowledge of CSS, JavaScript and
XHTML as well as Photoshop, Fireworks and Illustrator.
Her experience and expertise includes SEO, SEM, copywriting, strategic content
development, Web analytics, site design, HTML, CSS, and Flash.
She has received several honors, teaches web page design and development, and has also
attained her MBA.
Chandra's full resume is available upon request.
12
A-2: Background Summaries of Principals | ©2006-2009 Two's Complement, LLC.
[THE VIEWSENDER PATH AND PROMISE - APPENDIX] June 20, 2009
A-2.4: SUSANNE PACK
Susanne is also a candidate for equity partnership, and comes to us as a marketing and
sales professional from Cologne, Germany. Susanne spent two years in the United States,
and speaks and writes fluent English as well as her native German. She has spent her
professional life self-employed in marketing and entrepreneurship, and has an extensive
family history of self-employed business consultants and direct selling specialists. Her
education is in accounting (she was an assistant to a tax consultant), graphic design and
web design, architecture and marketing (specifically Internet marketing, search engine
optimization, copywriting, and related content management disciplines).
Susanne's full resume is available upon request.
A-2.5: JAMES A. CARDLE
James is a patent attorney practicing in Brainerd, Minnesota. James has offered and we
intend to accept an agreement in principle where he will provide the patent and other
intellectual property protection we need. He will perform his services for the intellectual
property holding company the general business attorney is setting up (rather than for
Two's Complement LLC). As a means to extend our resources during the interim and as an
expression of his confidence in the ViewSender project, James has agreed to defer receipt of
the majority of the payment for his services until we receive venture capital or other
funding.
James has been a consulting engineer (he received his PHD in civil engineering from the
University of Minnesota in 1984) and maintains his engineering registration in the State of
California. He is also a retired professor from the University of Nevada, Las Vegas where
he taught fluid mechanics and related topics to civil engineering and mechanical
engineering students. He also contributed significantly to the development of an entirely
new engineering program at the University. His research at the University of Nevada, Las
Vegas was sponsored by the Lawrence Livermore National Laboratory for a number of
years.
The University granted him an extended leave of absence to attend law school, as he
wished to utilize his engineering background to work with intellectual property
issues. After completing law school at the University of Notre Dame in 2005, he returned to
the University of Nevada, Las Vegas where he served as Intellectual Property Counsel. In
that position, he developed policies and procedures to identify and protect the patentable
inventions developed within the university.
As a patent attorney in private practice in California and Minnesota, he has experience in
the mechanical arts, medical devices, physical and chemical processes, software, circuits,
semiconductors, nanotechnology, cooling of electrical devices, and alternative energy
production.
©2006-2009 Two's Complement, LLC. | A-2: Background Summaries of Principals
13
June 20, 2009
[THE VIEWSENDER PATH AND PROMISE - APPENDIX]
James' full resume is available upon request.
A-3: COMPANY MANAGEMENT CONSIDERATIONS
A-3.1: THE RELUCTANT ENTREPRENEUR
This business plan is unusual in that its proponent and author does not intend to own or
control the business that ultimate derives from it. Scott Deaver may well be a pioneering
software architect of unusual vision and considerable talent; however, he is not by nature
or experience a businessman. Scott's experience in the industry and corporate world at
large have prepared him well to know what to do, but he lacks the training and foundation
in how to do it (that he knows what to do has positively affected the quality of the software
- the hooks necessary to support all of the possibilities discussed here are already built into
the ViewSender software design). Therefore the goal of the current business plan is to
attract skilled business professionals as major or controlling partners to mold a successful
business around the technologies and vision advanced. We would then ascribe all of our
resources and assets to the business that results.
The legal structure as defined in the main body of the business plan will allow the exchange
of a majority of Two's Complement shares, management, and control to a venture
capitalist’s chosen team if necessary, while allowing distribution of remaining equity to the
currently-anticipated sweat-equity partners. Control of the intellectual property licenses
would remain with the second corporation described in the main body of the business plan
(tentatively identified as SourceCrafters LLC) until and unless a licensing agreement was
reached between SourceCrafters LLC and the management team of Two's Complement LLC.
A-3.2: FALLBACK PLAN
Should the events contemplated in the previous section not happen, we will continue as we
have, funding the project from Scott Deaver's income as a software engineer, improving it
as we go forward and as we learn. We will leverage the expertise available through SCORE
and low-cost memberships in organizations specializing in small business and softwarebased startups (PartnerUp, Startup Nation, etc.). As part of the current plan, we expect to
bring on board talented artisans and experts in the areas of business and asset
management, accounting, finance, and marketing. As these individuals become available
and provide insight and expertise, we will amend this plan so that over time it will produce
an ever-more-refined depiction of where we want to go and how we want to get there.
To attract talented and skilled professionals in the beginning when we most need their help
is going to be challenging, especially in light of limited resources. Obviously, to attempt the
ambitious goals of this business plan on just those resources would simply not be feasible our point here is simply to illustrate that even in the worst-case scenario the product could
continue to be developed and eventually brought to market as shareware, if nothing else.
14
A-3: Company Management Considerations | ©2006-2009 Two's Complement, LLC.
[THE VIEWSENDER PATH AND PROMISE - APPENDIX] June 20, 2009
During the course of that effort, hopefully general economic conditions will improve and
we will continue to look for venture capital and partner opportunities. And, there is
another outlet by which we can gain access to resources and expertise - since ViewSender's
intellectual property is entirely ours, we can leverage a small portion of that interest
and/or equity shares in the ViewSender business entity to attract participation from other
professionals. Of course, we will reserve the lion's share of the I/P to ourselves to retain
control over the product, and we will keep the greatest share of the business interest to
barter for venture capital and/or a stake in an existing business that wants to manage or
take over the ViewSender business. We can exchange small percentages of what is left to get
services from the technical and professional community to help speed ViewSender's
development. We have already demonstrated success with this method - we have
individuals now performing work to advance the ViewSender product as a direct or
indirect result of ads for sweat-equity partners placed on CraigsList.com and Kijiji.com in
several communities as well as on tech-oriented employment and gateway websites.
As of this moment, our palette overflows with possibilities, and the challenge is to identify
the best and least of these.
A-4: DETAILED DISCUSSION OF PRODUCTS AND SERVICES
Any evaluation of the business, its potential, or especially its risk, requires a discussion and
examination of the software that the business promotes.
The ViewSender family of applications provides services that enhance trust, provide
security, support audit trails, and mitigate litigation in both corporate and non-corporate
environments where business and social activities involve personal computers. For the
purposes of this document, we have adopted the convention that “ViewSender” is the name
we use to identify the system or architecture as a whole, or a component that is shared
among many products. You will also see references to “iEavesdrop”, which identifies
specifically the consumer version of the software or one of its components. The employee
work-from-home products are identified by the "pcTelecommute" brand, and references to
“pcOversight” identify the commercial product directed at corporations and institutions.
You may see the ViewSender name used interchangeably with either iEavesdrop,
pcTelecommute, or pcOversight.
As the name implies, ViewSender applications achieve their goals by delivering information
about the contents of computer screens to interested administrators, parents, security
personnel, educators, employers, or partners. To be more accurate, ViewSender delivers
expressly that information the requestor wants – as much or as little as desired. Unlike
other applications limited to screenshots or captured keystrokes (though ViewSender
applications have patentable ultra-efficient means to deliver those as well), ViewSender's
output is based instead on text extracted from the screen, either at the computer itself or
by a remote server acting on small binary files shipped to it. The derived text includes
everything readable on the computer monitor, regardless whether the source is the user’s
©2006-2009 Two's Complement, LLC. | A-4: Detailed Discussion of Products and Services
15
June 20, 2009
[THE VIEWSENDER PATH AND PROMISE - APPENDIX]
keyboard, graphic images, window captions, file content, or Web pages… or technologies as
yet not invented. What the user sees, ViewSender reads, unlike other applications which
must have a priori knowledge about windows, browsers, or applications running in the
monitored computer’s workspace.
And, ViewSender applications offer something you can’t get anywhere else: complete
unattended automation of the entire process, from extraction of the requested information
all that way through analysis and comparison to word/phrase watch lists (no more blearyeyed parents or sleepy security personnel poring over screenshot after screenshot looking
for bad behaviors).
On foundations this solid great applications can be built. ViewSender can be used to
enhance trust on both sides of a work-from-home opportunity, providing the employer a
means of verifying work is being done, especially when other metrics are unavailable or too
coarse to accurately measure progress. The employee benefits from the assurance that
his/her contributions are well-documented and provide a platform for advancement and
other opportunities. The employer, the employee, the natural environment, and society at
large all benefit from successful work-from-home relationships, and these benefits enjoy
heightened awareness given recent economic and energy news.
The work-from-home implementation is a cooperative and transparent one, where both
parties are aware of, and gain from, ViewSender’s deployment. There are other situations in
corporate and social environments where ViewSender is employed more discreetly. In the
corporate world, monitoring on-site employees for their computer usage has become a
requirement, not just to check on productivity but as a defensive measure. When sexual
harassment, discrimination, abuse, or misuse of resources occur in the workplace, it is
rarely the offending employee alone who suffers. The employer is at risk for lawsuits (the
perceived “deep pockets” problem), morale problems, and retaliation from disgruntled
employees. To deal with misbehavior occurring on personal computers in an after-the-fact
fashion is extremely expensive and distracting to an organization. Most companies now
control, and may even monitor, computer usage by employees is some fashion to stop or
catch inappropriate behaviors before they cause serious problems, to prevent issues (the
knowledge that employees are being monitored has been shown to in and of itself reduce
incidents), or as an early-warning mechanism for getting a head start on resolving
problems that have already occurred.
The tools currently employed to achieve these tasks are relatively primitive – they often
require creating and managing “white” (expressly allowed) and “black” (expressly
disallowed) lists of website and e-mail addresses, maintaining staff to monitor output
and/or manage security applications, and require significant training in a number of
disparate applications and systems. Few (perhaps none) are sufficiently consistent,
reliable, tamper-proof, or compliant with rules of evidence to be above reproach in a
lawsuit. ViewSender addresses all of these issues. Because ViewSender can be implemented
as a fully-automated system (including the automatic and selective distribution of
ViewSender upgrades and modifications to monitored computers), ViewSender deployment
16
A-4: Detailed Discussion of Products and Services | ©2006-2009 Two's Complement, LLC.
[THE VIEWSENDER PATH AND PROMISE - APPENDIX] June 20, 2009
significantly reduces human resources requirements for monitoring and maintaining the
system or its outputs. ViewSender’s tools for deployment and maintenance are richlyfeatured, highly efficient, and easily learned. ViewSender’s performance, output, and
modifications all provide verifiable audit trails – when a potential problem has been
identified that may involve litigation, a ViewSender Agent can be remotely tweaked to
increase its scrutiny or even to provide timed captured information in the absence of an
event (where the concern is non-performance or maintaining a consistently-spaced record
over time). ViewSender also provides value in mitigating or preventing lawsuits where an
individual’s performance has led to discipline or termination – ViewSender provides
uniform, non-biased monitoring across all of the computers it supervises, and therefore can
be used as an irreproachable source of documentation for the disciplinary process. It will in
effect record the control group for comparing what constitutes “normal” behavior at the
same time it is recording the behaviors causing concern.
ViewSender’s value is not limited to the business world. The greatest share of early
ViewSender downloads (as reported by the client at the time of the download) are from
parents wanting to monitor a child’s activities on-line. The next largest group identified
themselves as being concerned about the behaviors of a spouse or partner. ViewSender
offers a discreet e-mail-based version which serves those purposes well (and doesn’t
require a server).
ViewSender can also be used for a number of less-popular, but important functions. It can
be used to validate and archive the on-screen environment during on-line tests in both
academic and non-academic environments (such on-line driving courses and technical
skills assessments). It can be used to oversee a closeted system which can report activity to
a video card (even when no computer monitor is attached). It can be used to watch the
watcher – plant control operators spend their day observing large screens which report
alarms, maintenance activity, outages (planned and unplanned), and other information.
ViewSender can be set up to monitor those screens and look for the occurrence of various
keywords or phrases, as a backup in the case of human error. It can be used in disaster
recovery to re-create documents or work product by following the progress of the work as
captured on-screen or in text by the ViewSender Agent.
The proprietary binary character recognition engine in the base product can resolve
characters in 39 languages – we can even add support for Asian languages (but currently at
an additional charge to the purchaser). Because we can send images in very small file sizes,
we can visually support any language. We will add GUI support for languages other than
English as the product matures.
Finally, ViewSender can run without a wire – that is, when offline (temporarily or
permanently) it can save captured information in extremely compact forms to local
storage, sending out the information captured once back online (if desired). This makes
ViewSender an ideal solution for mobile computers and notebooks.
©2006-2009 Two's Complement, LLC. | A-4: Detailed Discussion of Products and Services
17
June 20, 2009
[THE VIEWSENDER PATH AND PROMISE - APPENDIX]
For a more complete and current description of the ViewSender software, please see the
ViewSender website at http://www.ViewSender.com.
A-5: PRODUCT VERSION NOTES AND RELEASE SCHEDULE
Product release schedule
Product
Dependent upon these components
iEavesdrop2
Agent, Agent Configuration Utility, Viewer
Agent, Agent Configuration Utility, Viewer,
Server, Server Manager
Agent, Agent Configuration Utility, Viewer,
Server, Server Manager
pcTelecommute Pro
pcOversight Pro
pcTelecommute/pcOversight
Server Viewer3
iEavesdrop Amplified
pcTelecommute Basic
pcOversight Basic
Release
day1
156
315
329
351
Agent, Agent Configuration Utility, Viewer,
Server Lite, Server Lite Manager
Agent, Agent Configuration Utility, Viewer,
Server Lite, Server Lite Manager
Agent, Agent Configuration Utility, Viewer,
Server Lite, Server Lite Manager
IEavesdrop Amplified Server
Viewer3
1Expressed as days from receipt of funding, relies on manpower available as described in the section
410
431
451
455
Development
timeline.
2iEavesdrop basic product without Server Lite and Server Lite Manager
3The Server Viewer is an optional component for products that use Server and Server Lite components, for viewing large
numbers of files containing captured Agent data in the native ViewSender data formats.
The major ViewSender versions are as follows:
1. iEavesdrop on-line protection and trust validation – this version is intended for use
by parents and caregivers to monitor the on-line activities of their loved ones and
charges, and to monitor general computer usage for abuse, misuse or violations of
trust;
2. pcTelecommute bundle – this version supports working from home by validating
the trust relationship between the employee and employer and verifying work
output during working hours. This version differs from the pcOversight Site Monitor
application in that the employee and employer are both aware of its implementation
and derive benefit from it, whereas the Site Monitor application is more discreet and
serves the express needs of the facility manager or owner; and
3. pcOversight bundle – this version monitors activity on computers, networks, and
occasionally-connected computers controlled by the corporation or institution. It is
intended to collect, process, store, and report discreetly and at the behest of the
facility manager or owner.
18
A-5: Product Version Notes and Release Schedule | ©2006-2009 Two's Complement, LLC.
[THE VIEWSENDER PATH AND PROMISE - APPENDIX] June 20, 2009
The marketing of the pcTelecommute application will span both consumer and commercial
segments – the intent is to heavily promote pcTelecommute to consumers so that they will
take the information to their employers (since it is in the employee’s interest to do so). We
will at the same time aggressively promote pcTelecommute directly to employers.
A-5.1: PRODUCT VERSION MARKETING NOTES
This section includes information not presented in the main body of the business plan:
1. The ViewSender Agent (which is the silent, invisible part of all our product that does
the work of capturing images, extracting text, collecting keystrokes, and reporting
user information) is identical for all ViewSender products (both iEavesdrop and
pcOversight brands) with the exception that, unlike all other versions, the free
version of the basic iEavesdrop product does not provide the Agent as a USB selfinstalling/self-collecting flash memory device, and does not offer a utility to create
the USB image on the customer's own flash memory device. A free version can be
upgraded to the paid registered version, and the USB device and the utility will then
be provided to the customer at no additional charge as an incentive (see A note
about included Agents);
2. The ViewSender Viewer (the part of all our products that can view captured images,
extracted text, keystrokes and user information in their native ViewSender data
types) may be slightly different in appearance between the different ViewSender
product versions, though any ViewSender Viewer variant can read the data output
by any ViewSender application;
3. The iEavesdrop-branded version of the ViewSender Viewer will display advertising
for the pcTelecommute application during initial Viewer setup, in the background
images of normal runtime windows and dialog boxes and in the About box (no other
ViewSender applications will be advertised in iEavesdrop components);
4. An iEavesdrop-branded consumer version will come bundled with one ViewSender
Agent, one iEavesdrop-branded ViewSender Viewer, and one iEavesdrop-branded
Agent Configuration Utility;
5. iEavesdrop-branded consumer products will initially be available only as virtual
applications (no physical packaging) downloadable from shareware sites and from
our website;
6. An additional specialized Eavesdrop Amplified, pcTelecommute, or pcOversight
branded commercial Viewer may be provided for viewing and selecting large
volumes of ViewSender data stored by ViewSender Servers;
7. Each version of the ViewSender software that includes a ViewSender Agent will also
include an appropriately-branded ViewSender Agent Configuration Utility unique to
that version;
©2006-2009 Two's Complement, LLC. | A-5: Product Version Notes and Release Schedule
19
June 20, 2009
[THE VIEWSENDER PATH AND PROMISE - APPENDIX]
8. The iEavesdrop-branded ViewSender Agent Configuration Utility will display
advertising for the pcTelecommute application during initial Agent Configuration
Utility setup, in the background images of normal runtime windows and dialog
boxes and in the About box (no other pcOversight applications will be advertised in
iEavesdrop components);
9. iEavesdrop-branded consumer versions will not initially be shipped with
ViewSender Servers, although an optional lightweight iEavesdrop Amplified branded
Server will be offered later, bundled with multiple iEavesdrop Agents, an
iEavesdrop Agent Configuration Utility, and an iEavesdrop Viewer; and
10. pcOversight-branded ViewSender Servers will be offered as both stand-alone
licenses and as bundles of various combinations of pcOversight-branded Agents,
Viewers, Agent Configuration Utilities, and Server Managers.
A-6: DETAILED MARKETING COMMENTS
We wanted to use this section to present information we haven’t touched on elsewhere
related to our perceptions of opportunities and risks inherent to the project, with respect
to both marketing and the business as a whole. We have repeated, probably too often, that
we lack business experience and specifically marketing knowledge. Blame our Midwestern
roots – we do not want to misrepresent our skill set, nor do we want anyone to think we
are dismissive of the marketing effort that will be required.
To demonstrate that the opposite is true, and that we’ve put a great deal of effort and
thought into how we can address the subject of marketing, we’ve retained in this version of
the business plan some of our earlier concerns in the sections below. Since the paragraphs
below were written, we’ve identified the plan of attack described in the sections above. In
summary, we know that our inexpensive or free, easily distributed iEavesdrop consumer
product has an emotional appeal (family on-line safety) we can link to public concerns and
external events. We can achieve wide distribution on-line very quickly and cheaply as
shareware (this is something we have experience doing with our “CodeClip” product). We
can embed advertising in those products to promote our pcOversight Telecommute bundle,
with the intent of persuading employees to introduce employers to the concept and to our
tools. We can coordinate this approach with more traditional on-line, media and directmail based campaigns for pcOversight targeting employers. Employers who deploy the
pcOversight Telecommute bundle will then receive advertising through the Telecommute
agent setup, server management, and captured data viewer tools for the pcOversight Site
Monitor bundle (our flagship product). The pcOversight Site Monitor bundle will also be
independently advertised on-line and with traditional media. Both the pcOversight
Telecommute and pcOversight Site Monitor bundles can generate significant revenues
though Agent and Server licensing, ancillary products, and services (including deployment
assistance and leased servers and custom programming).
20
A-6: Detailed Marketing Comments | ©2006-2009 Two's Complement, LLC.
[THE VIEWSENDER PATH AND PROMISE - APPENDIX] June 20, 2009
Combined with a professional market research service utilizing modern survey and
sampling approaches, we now believe we could address the issue of a marketing plan well
enough to generate some business while we seek out skilled marketing professionals to
join our team if we had no other choice but to go forward before a marketing professional
was on board (something we will avoid if at all possible). Therefore, some of the opinions
and concerns expressed below may be less relevant that they once were, but still bear
acknowledgement.
A-6.1: PROMOTIONAL IDEAS
The next few pages represent seed ideas for promoting the three product lines:
©2006-2009 Two's Complement, LLC. | A-6: Detailed Marketing Comments
21
June 20, 2009
[THE VIEWSENDER PATH AND PROMISE - APPENDIX]
slut
An ugly word… a word you don’t ever want to see on
your teenager’s computer screen.
But if it’s there, wouldn’t you want to know about it?
iEavesdrop tells you when words like this are
viewed by your children on a computer – whether
they are off-line, on-line, or just looking at a picture
on a CD.
I love my kid…
iEavesdrop.
Learn more about iEavesdrop and how it works at www.iEavesdrop.com.
22
A-6: Detailed Marketing Comments | ©2006-2009 Two's Complement, LLC.
[THE VIEWSENDER PATH AND PROMISE - APPENDIX] June 20, 2009
I’m late to work
These are some of the few words pcTelecommute
can’t find on your computer screen, along with “I’ve
got to get gas on the way to the office”. Oh, there’s
nothing wrong with the copy of pcTelecommute
running on your computer- they can’t be found
because they don’t exist. You aren’t late and you’ll
walk a few feet to work, because you are already
there. You work from the comfort of your own home.
When you and your boss agree to use
pcTelecommute for one or more days a week, you
can be more productive, happier, and easier on your
car and the environment. Your boss can have
confidence in the work you are doing, and your
paycheck goes further.
Put your drive into your work instead.
pcTelecommute.
Learn more about pcTelecommute and how it works at www.pcTelecommute.com.
©2006-2009 Two's Complement, LLC. | A-6: Detailed Marketing Comments
23
June 20, 2009
[THE VIEWSENDER PATH AND PROMISE - APPENDIX]
sexual harassment suit
Three little words you wouldn’t want to appear on
your employee’s computer screen. If the words were
there and you didn’t see them, get ready for a long
ride: litigation, morale issues, counter-claims, and
disciplinary problems. The only people happy about
the situation will be any attorneys you happen to
have on hourly retainer.
pcOversight tells you when words like this are
viewed by your employees on a company computer –
whether they are off-line, on-line, or just viewing a
fax from a paralegal. pcOversight gives you advance
warning so you can tackle this or any other issue
early on: Investigate. Counsel, reassign, or discipline
staff. Provide sensitivity training for your employees
and pro-active support for the aggrieved. Get ahead
of the problem.
Or learn to love smiles on lawyers.
Know your business.
pcOversight.
Learn more about pcOversight and how it works at www.pcOversight.com.
24
A-6: Detailed Marketing Comments | ©2006-2009 Two's Complement, LLC.
[THE VIEWSENDER PATH AND PROMISE - APPENDIX] June 20, 2009
A-6.1: OPPORTUNITIES
Were it not for the current economic conditions, ViewSender has come into being at a
fortuitous time. The many needs it addresses seem to be constantly in the news:
1. On-line security in the workplace, schools, churches, and home;
2. Transportation costs and environmental issues tied to the daily commute to and
from the office;
3. Accusations of discrimination, bigotry, and abuse (real and imagined) in our
institutions, organizations, and governmental bodies;
4. Rage and mental illness expressing itself violently in the workplace (as in the slang
term “going Postal”); and
5. Independent of item 1, sexual predators using the computer to exploit children.
These are the issues we hear and read about constantly which relate directly or indirectly
to ViewSender’s capabilities. There are other less prominent concerns many of us keep in
the back of our minds – the faithfulness of a partner, the kinds of friends my child has, or
the things my children are curious about that I might want to proactively address with
them as a parent.
Therefore, the needs that ViewSender is intended to address seem readily identifiable and
numerous. The question then becomes: How well does ViewSender address those needs? A
significant portion of that question more properly belongs in the ‘Risk’ section below, but at
the same time ViewSender enjoys overwhelming advantages, certainly over any existing
competitors, and especially as a general matter of applied technology.
To fully grasp ViewSender’s advantages, an understanding of currently available
applications and approaches is necessary. At the time of this writing, a Google search using
“capture computer screen keyboard spyware security” pulls up a plethora of screen
capture utilities (Virtual Screen Spy, PCScreen Spy Monitor, SpyRecon), e-mail monitoring
tools, website tracking applications, and keystroke loggers (KeyLogger, Keyboard Monitor).
Interestingly, there are more entries related to defeating these programs than in selling
them.
We are and remain concerned many of these programs, in addition to being poorly written,
hint at being used for sinister purposes (capturing passwords, e-mail addresses, and logon
names for identity theft). There are comments in the ‘Risks’ section about the need to
distance the ViewSender products from these kinds of programs.
That aside, each and every program that we’ve downloaded or purchased from store
shelves had the same illogical assumptions:
1. That someone is actually going to have the time and patience (or the money to pay
someone else) to look at all those screenshots and keystrokes files;
2. That e-mail servers, networks, and file systems have infinite storage capacity and
bandwidth to store or send huge graphics files. To put things in perspective: A 1284
©2006-2009 Two's Complement, LLC. | A-6: Detailed Marketing Comments
25
June 20, 2009
[THE VIEWSENDER PATH AND PROMISE - APPENDIX]
x 1024 screenshot of this Word screen as I’m typing this, captured and saved into
the standard Paint application as a JPEG file, required 144 kilobytes (147,456 bytes)
on disk. Suppose you captured the screen every five minutes throughout an 8-hour
work day – in one day, you’ve consumed 14 megabytes (14,155,776 bytes) on disk
and used the same amount of bandwidth over your network. Assuming you were
monitoring ten machines in your office, you’ve invested 140 megabytes in storage
and network traffic. Incidentally, referencing item 1, you’ve got 960 full-screen
images to look through!;
3. That keystrokes entered by a user absent any information what the user was typing
into (or in response to) is meaningful or even understandable. This issue is
especially problematic, even dangerous. There are any number of words or phrases
a person can enter into a computer that seem completely innocent taken out of
context, or which cast things in the wrong light – see the www.ViewSender.com
website real-world examples; and
4. That website captions and addresses alone provide useful information – like the
alcoholic who keeps his liquor in a cologne bottle, most illicit websites are aware of
web address trackers and have taken steps to make their purpose and wares less
obvious to such tools.
Depending on the specific program, there are some other presumptions or assumptions
that make no sense in the adult world – some are downright silly.
Should there be a need to emulate any of these behaviors, ViewSender could be set up to do
any or all of them (in one application, at one time – that in itself would be a major
advantage). However, ViewSender’s image files would be smaller by a factor of ten to
twenty. Yes, you read that correctly – as I am typing this, ViewSender is producing fullscreen screenshots averaging 12.2KB (12,493 bytes). Compare that value to the 147,456
bytes required for a JPEG screenshot. Along with the compact screenshot, you would
receive the complete text extracted from that screenshot, and a list of words in that text
which matched words or phrases from a ‘bad’ words dictionary. You would also receive a
keystrokes report accurately reporting the keys entered since the most previous
screenshot. All told, the information would consume less than 18 KB of disk space and
bandwidth.
Two of the items listed in the last paragraph are simply not available from any product
other than ViewSender – the extraction of all of the text from the screen, and the list of ‘bad’
word/phrase matches. From those two items comes a third feature that no other product
can offer - full automation. All other products, including “professional” applications like PC
Pandora and TrendMicro, require human intervention to ascertain whether a problem has
occurred. ViewSender can do the analysis itself (by extracting text from the screen and
comparing words and phrases in that text to an administrator-defined ‘bad’ word/phrase
list), and report a problem only after it is already known to be worth having human
inspection. While the convenience to the user and the significant improvements over
existing technology are in and of themselves advantages in the marketplace, the
26
A-6: Detailed Marketing Comments | ©2006-2009 Two's Complement, LLC.
[THE VIEWSENDER PATH AND PROMISE - APPENDIX] June 20, 2009
automation ViewSender provides is a watershed event in the new world of environmental
security. Because it removes the need for human oversight, and provides efficient digital
packages of information, ViewSender can now be fully integrated into comprehensive
security systems that monitor physical access (badge swiping and door control), video, fire
safety and other systems. Systems like Integrated Command Software (ICS)’s
EnterpriseSMS can include ViewSender monitoring of both on- and off-site personal
computers and notebooks just as they would internal and external video or still cameras.
Similarly, enterprise resource planning (ERP) software from vendors like SAP could
incorporate ViewSender reports into their asset management modules. Even less elaborate
management tools that incorporate very basic communicates protocols such as SNMP can
receive events tied to ViewSender-generated reports. Finally, ViewSender can work
cooperatively with third-party systems – it can generate superb-quality images at 200-300
dpi resolutions to be fed into high-production OCR software at a server, or to video
analytics software capable of detecting inappropriate non-textual content.
If the opportunities presented by the business venture are in directly proportional to the
advantages ViewSender software has over existing technologies, and the software’s abilities
to extend itself, then the venture is on firm footing.
We can make a sound argument that ViewSender products serve a need, and that they serve
that need well. If you accept those statements, then the opportunities presented are
limited only by the traditional issues facing startup business, which are fundamentally
marketing, management, and resources.
Marketing and business administration are not among the core competencies of the
principals currently in the project. The business plan envisions bringing the necessary
partners and staff on board in a timely manner to expertly address all three, and we will
extend this document to encompass their findings and opinions as they become available.
A-6.2: CHALLENGES
A-6.2.1: ESTABLISHING RECOGNITION FOR A NEW PRODUCT CLASS
We will need to effectively name and describe a new class of product behaviors and
capabilities. Before ViewSender was created:
1. The ability to accurately extract all the text from multiple computer screens at
regularly intervals without disturbing the computer operator, and discreetly ship
the text on the network did not exist;
2. The ability to capture images from multiple computer screens at regularly intervals
without disturbing the computer operator, compress those images into tiny file
sizes, and discreetly ship them on the network without severely impacting the
network did not exist;
©2006-2009 Two's Complement, LLC. | A-6: Detailed Marketing Comments
27
June 20, 2009
[THE VIEWSENDER PATH AND PROMISE - APPENDIX]
3. The concept of using a monitoring tool with the capabilities listed above (along with
keystrokes and user info) to promote and ensure quality employee work from their
own homes did not exist; and
4. The idea of post-processing screen text collected from all over the enterprise and
analyzing it for employee morale, rumor control, investigations, performance
evaluations, loss prevention, and detecting impending anger management,
discrimination, or harassment issues before they escalate to a formal complaint
didn’t exist (because the collected text didn’t exist).
A-6.2.2: AVOIDING ASSOCIATIONS WITH THE WRONG PRODUCT CLASS
We will also need to separate the new product class described above from other product
groups that exist.
With respect to item 2 in the previous list, it should be noted that not only did ViewSender’s
compression algorithms not exist in other products, but the earth has been salted
somewhat because of past attempts made by other vendors with crude tools which clogged
up networks and filled up hard drives with alarming rapidity.
Finally, our major concern in this category is about the more general issue of avoiding
associations and groupings with other products that would link us with "big brother". We
need to stress the appropriate proper usage of our products and their positive benefits,
while recognizing the potential for our products to be abused and used for the wrong
reasons. We have done some subtle things to help this effort - we've branded the consumer
and commercial products differently so that any damage done to one doesn't automatically
transfer to the other. We've deliberately used the same branding for the employee workfrom-home product and the site monitor product so that our commercial customers can
point to the positive attributes of the EWCH version if their usage of the pcOversight
product becomes known in a negative light. We simply need to be sure we are always
sensitive to this issue and respond to the question proactively should it come up, and we
also need to avoid any association with other products that are not sensitive to the issue.
A-6.2.3: COMPETITIVE PRODUCTS FOR SALE
With respect to encouraging employees working from home by mutual agreement to
computer content monitoring, we found no other product that supports such a relationship
(the only references to the topic currently visible on the Internet at the time of this writing
all trace back to our own website). Therefore, the only relevant “competition” is with
respect to ViewSender’s more generic role as computer and network content monitor.
The immediate issue for us in identifying competitive products was to define how far to
extend the definition of “competitor”, since there is nothing out there having ViewSender's
capabilities. The ViewSender Agent, the data capturing component, has at least five major
features not found together in any other product, in part because the first two are our
proprietary intellectual property:
28
A-6: Detailed Marketing Comments | ©2006-2009 Two's Complement, LLC.
[THE VIEWSENDER PATH AND PROMISE - APPENDIX] June 20, 2009





The Agent can capture large screen images into tiny high-quality files averaging 12K
to 30K in size (ten times smaller than comparative JPEG files);
The Agent can accurately extract the screen text wherever it occurs on the screen;
The Agent can compare extracted screen text to lists of words and phrases to see if
they are relevant before sending or storing the image;
The Agent can silently ship captured or analyzed information out using whatever
means are available, without modifying the environment (i.e., forcing ports open
through firewalls); and
If network connectivity is not available, the Agent can continue capturing and
processing information until a connection is available, whereupon it can send out
pending data.
The Agent has other lesser capabilities as well (collecting keystrokes since the last report,
gathering currently logged on user information), but despite extensive Internet searches
we weren't able to locate any package that came close to the capabilities listed. I may have
forgotten to mention this, but the ViewSender agent can do all of this for free (there is a
version specifically intended for protecting children from on-line predators that is offered
to parents and care-givers at no charge). This is an important distinction, because it is
possible (at tremendous cost of CPU load and disk space) to create text output from a
computer screen using image manipulation and a commercial OCR engine like OmniPage...
but the license for the OCR engine alone will cost you $100 regardless of the vendor (screen
images are too coarse for cheaper alternatives like SimpleOCR to produce accurate output)
and the image has to be extensively massaged beforehand to attain any accuracy.
There are specialty applications which can capture the screen or windows as JPEG or TIFF
images and automatically e-mail or send them via ASPUpload to a Web Server. Most are of
poor quality and design. We found several which claimed they could "spy" on the computer
screen discreetly - however, they tend to error often, and when they do, the Microsoft
exception handler window loudly announces both their presence and their failings. We
didn't find any that can span multiple monitors attached to the same computer (as
ViewSender can), but even if they exist, the file sizes they produce would be astronomical.
There are dozens of key-loggers, and any number of applications that are specifically
targeted to grab text from the address bar of a browser or to scrape text from the edit
window of MSN Messenger, or even to copy the display pane for Outlook Express e-mails.
Of course, the application for one purpose can't do anything other than what it was
intended to do, and if you want to know what someone typed into Notepad, or what the
text encoded into a graphics image says, you are out of luck. If someone switch to another
e-mail application or from MSN to Yahoo! Messenger, the text capture applications are
rendered useless.
We have to assume, as a purely logical matter, that more competitive applications exist and
are simply not visible to us, certainly for Department of Defense computers, government
contractors, and highly secure or secret projects in industry. Some may be owned or
©2006-2009 Two's Complement, LLC. | A-6: Detailed Marketing Comments
29
June 20, 2009
[THE VIEWSENDER PATH AND PROMISE - APPENDIX]
developed by government entities, others may be custom applications written in-house or
by direction of the owning corporation or institution, still others available only to
credentialed personnel or entities, or known only to a select subset of security
professionals. There is an understandable general reluctance for corporations and
institutions to reveal what tools or processes they may use for security purposes, and some
refuse to answer whether they use such tools or processes at all (oddly enough, we have
discovered a few companies who publish that they monitor employee computer usage, yet
evidence strongly suggests that in fact they do not – taking advantage of the fear factor and
self-censorship, we presume). And yet, we continually hear of breaches and problems in
the news media, and with an application like ViewSender in place and working properly,
that should not be possible. I suspect that the issue is dealt with symptomatically, that is
only after the fact as a matter of locking the barn after the horse is gone, for each individual
circumstance where there has been a problem. We are aware of anecdotal reports of
companies bringing tremendous computer monitoring resources to bear after an incident,
but we have no direct knowledge of any company having or utilizing the capability for preemptive engagement based on monitored information.
We certainly know many of the issues making it difficult for any competitor to create and
deploy an application like ViewSender in the absence of ViewSender's proprietary
technologies. If you wanted some meaningful subset of ViewSender's capabilities without
using ViewSender:
1. As described elsewhere, you could license a commercial OCR product and, with
some investment in image enhancement code, produce text results close to what
ViewSender produces, but at a licensing cost of $100 per workstation for the OCR
engine alone and disruption of the user's work because of CPU processing load
along with tremendous consumption of memory and disk space;
2. You could capture the image and send it to a central server for enhancement and
processing through a high-volume OCR station, but without ViewSender's
proprietary compression algorithms you will bring your network to its knees
transporting the images from all your workstations, and the server and OCR
horsepower necessary would be substantial (that is, expensive);
3. You could forgo text extraction and ship more highly compressed (lossy) images
suitable for viewing only, but then your labor costs reviewing the images go through
the roof (and the quality of the viewing effort declines rapidly over time). You would
lose all of the benefits of pattern matching text, or later analysis of the text for
trends and patterns, and certainly of any automated processing from the capture
through the processing.
Choices 2 and 3 mean that every image would have to be shipped out over the network,
since the image's suitability for storage couldn't be determined until after processing or
viewing. Each of these options is an order of magnitude more expensive than better, more
relevant, more compact, and automated results via ViewSender. It is undoubtedly true that
the government and certain specific applications in industry can justify these higher
30
A-6: Detailed Marketing Comments | ©2006-2009 Two's Complement, LLC.
[THE VIEWSENDER PATH AND PROMISE - APPENDIX] June 20, 2009
expenses in light of the importance, security, or secrecy required - however, that hardly
makes these deployments competition to ViewSender.
Our conclusion is that there is no single product that can even remotely compete with
ViewSender; there may be a combination of products you could link together to emulate
some of the behaviors, but not with nearly the same efficiency, ease of use, features,
completeness, low cost, or small footprint.
Since there is seemingly no competitive product with which to compare ViewSender, and no
customers seemed to be using it if there was, we wanted to be sure there was interest in a
product having ViewSender's capabilities. We put the issue into the form of two questions
to view it from the eyes of the customer: Once a prospective customer who was using some
other partial solution became aware of ViewSender’s capabilities and comparative costs,
would that customer switch? And, if a prospective customer who was not currently
controlling or monitoring his network or computers for content became aware of
ViewSender’s capabilities and comparative costs, would that customer try ViewSender? We
believe the answer to the first question is an unequivocal yes; we believe the answer to the
second is that some would, some would not, depending on how well their perceived needs
matched ViewSender's feature set. We think we should have asked two other questions: 1.)
Would you use ViewSender if you knew other companies, including your competition, were
using it? and 2.) Would you use ViewSender if you suffered losses from a lawsuit,
investigation, or criminal proceeding where improper behaviors on a computer were part
of the issue? We suspect the answers to both questions would have been overwhelmingly
yes.
A-6.2.4: PRODUCTS CUSTOMERS CURRENTLY USE
Separate and apart from the question of what products are for sale is the question of how
customers currently are addressing their needs. The presumptive answer would be an
arrangement of the available products ordered by percentage of use. However, in this case
the answer actually seems to be "none of the above" (we suspect for some of the many
reasons described in the preceding section).
When we directly questioned nearly four dozen network administrators at companies all
over the United States (many of whom Scott Deaver had worked for at one time or another)
about what products they were using to track employee behavior and expression on their
company networks, we discovered the following patterns:



Most said they block ports using a firewall of one kind or another, and some monitor
traffic volume between nodes, but they say they do not monitor content in network
or computer activity (and we believe them);
Some said they do not control or monitor network or computer activity (but we
believe they do and choose not to admit it because of political sensitivities);
Some said they monitor network or computer content, but we couldn't find any
evidence that they do - there was no unaccounted-for software on the machines, and
©2006-2009 Two's Complement, LLC. | A-6: Detailed Marketing Comments
31
June 20, 2009

[THE VIEWSENDER PATH AND PROMISE - APPENDIX]
test traffic we generated at considerable risk to ourselves did not trip any alarms,
though it should have;
Some said they monitor network or computer content, and we believe they do, but
primarily as traps of browser addresses and text traffic through a port (which
explains why so much of your junk e-mail arrives as images rather than text).
The first and fourth items are interesting to us because we know from previous experience
that nearly all evidence in civil and criminal cases is discovered in e-mail (using ports that
are never blocked), by a factor of nearly 100 to 1 over the next biggest offender (which is
not porn or other offensive sites, which come in at number three, but MSN and Yahoo!
Messenger – we suspect that a more recent survey would include Facebook and Twitter).
Back to the point: Nearly every one we spoke to immediately assumed we were asking
about controlling access to the Internet rather than monitoring content of any type to and
from a computer. When we separated the issue of control from monitoring in our
questions, we discovered every one of our participants was relying on control alone to
police their networks, and in very nearly every case where we were able to engage in a
candid conversation, the participants admitted that control was ineffective, and that they
knew from random accidental discovery their computers were being used for undesirable
activity (from running a personal eBay store on company time, to a programmer writing
computer games on the clock, to harassing fellow employees, and one case where an
employee was racking up overtime during evening hours while he was in fact in Messenger
sessions all night with a girl he wanted to bring into the U.S. from the Philippines as his
wife). We could not find one network administrator who could (or would) tell us what, if
any, software product they use for viewing screen content (as text or as an image) on a
computer on a regular basis to detect improper computer usage. At the same time, asking
the question prompted a great deal of interest in ViewSender's capabilities, and from those
conversations we have to conclude either that there is nothing like it available in the
general marketplace, or if there is, it isn't broadly published. In any case, we found that
ViewSender's description was well received by everyone we spoke with.
A-6.2.5: UNIQUE RISKS
Generally, we feel the ViewSender project is no more or less subject to risk than any other
software-based startup in the current economic environment.
That having been said, the unique opportunities presented for ViewSender’s success are
somewhat the product of our place in time and current news topics: the need for workplace
security, the desirability to work from home (as both an environmental and economic
matter), the on-line dangers faced by our children, the ubiquitous presence of desktop and
notebook computers in our homes and workplaces, and the public’s growing acceptance of
the need to monitor our public (and with appropriate safeguards, private) environments.
As time move on, one or more of those elements may dissipate or change.
32
A-6: Detailed Marketing Comments | ©2006-2009 Two's Complement, LLC.
[THE VIEWSENDER PATH AND PROMISE - APPENDIX] June 20, 2009
And, at the time of this writing ViewSender dominates any competitive product
technologically because of several proprietary innovations. Some of those innovations are
not yet fully protected as intellectual property because funding has not yet become
available. We expect to address IP protection as a first priority as the business moves
forward, but it is an area of immediate concern for us. For the moment, we are substituting
extreme caution in what we reveal to others, but that caution inserts its own risk as it
frustrates our desire for openness and forthrightness in seeking out potential business
partners and investors.
One risk that we perceive as being unique to ViewSender has to do with other products in
the marketplace. We need to distinguish our product and its purposes from other software
that performs what to a layperson will seem to be similar functions. This will be a two-fold
effort: managing public perception of our product, and actively discouraging use of our
products for illegitimate purposes (while at the same time not turning away legitimate
business). The software that we need to distinguish ourselves from includes (but may not
be limited to) spyware, key-loggers (for attempting to capture passwords), and
sneakerware (software intended to capture or exploit embarrassing or compromising
information). We have built some safeguards into the system – for example, screen text and
keystrokes we capture are always encrypted, and never visible as clear text except through
the ViewSender Viewer (which can be password-protected) . However, we cannot prevent
someone from downloading the demo version of ViewSender and installing it on a
computer without the computer owner’s permission (nor for that matter, can we stop them
from registering a version and installing it where they shouldn’t). It should be noted that
this problem is not unique to ViewSender – the same is true for any product, although other
products do not have ViewSender’s enhanced capture capabilities once installed on a
machine. If this issue becomes a problem, we may want to attack it head-on and offer a free
utility to the general public they can use to detect unauthorized installations of the demo
version of our ViewSender product (we will not provide detection for the registered
versions, but we will scan a machine via a tool on our website upon request - if a registered
version of ViewSender is found on the complainant’s machine we will contact the registrant
to relay and possibly investigate the complaint).
There are capabilities in the software itself that may indirectly create additional costs and
risks for the business. The nature of what ViewSender does may place it at somewhat
greatest exposure to hackers or other malevolent attackers (they may rationalize
ViewSender as an invasion of their privacy). Carefully monitored, this can be reduced from
a risk to an ongoing cost component, meaning we’ll have to diligently employ software
products in our development and distribution efforts to prevent viruses and worms. We
will also need to watch for reports from our customers as well as the hacker sites about
attempts to infiltrate, modify, or defeat our software and systems.
A-6.3: OUR CONCLUSIONS
©2006-2009 Two's Complement, LLC. | A-6: Detailed Marketing Comments
33
June 20, 2009
[THE VIEWSENDER PATH AND PROMISE - APPENDIX]
Our analysis is hardly scientific or thorough, and we are not trying to persuade potential
investors or partners of our conclusions. Again, as noted at the start of this section, a
professional market research and plan is going to be required at some point to move
forward, and we would strongly encourage anyone interested in joining us at this stage of
our development to do their own research. But for our purposes - justification for the
continued development of ViewSender - the evidence we've gathered clearly shows that at
least some segment of the corporate market has interest in and need for a product like
ViewSender and doesn't currently have access to such a product.
Some of the potential uses for ViewSender, particularly those described in the section
Solutions for special circumstances), didn't even exist until the technology in ViewSender
was invented to address them, and we lack the command of the language to know even
how to ask the right questions to assess that market. Other uses for ViewSender
(encouraging employees working from home) are ideas of our own creation and didn’t
occur to anyone until we published our website.
Ultimately, we've determined that even in the worst-case scenario where a competitive
product of some kind does exist, we're very likely to have at least one of our proprietary
technologies and probably price to our advantage in a head-to-head matchup. Given that,
frankly we might welcome another application having blazed a trail for us that we can
follow in the early going. At least we could piggy-back on the terminologies, keywords, and
descriptions of the products and market segments we want to address - if ViewSender is
truly the only application out there with its capabilities, we will have to create the language
in order to have the conversation.
A-7: BUSINESS PLAN SECTION 5 SUPPLEMENTAL INFORMATION
A-7.1: COMMENTS
The e-commerce phase of the business provides us an opportunity to get exposure for the
product and raise some capital, and should provide a boost up if we are unable to attract
interest from professional business people and/or investors.
However, shareware distribution of our product has some limitations and some risks
(though the risks are slight). First, while we can make inroads into the consumer market,
corporations do not purchase or implement shareware, and ultimately the software's
greatest profit and growth potential lies in servers and multi-seat licenses sold to
corporations. In fact, we intend to use different branding and packaging for the consumer
product than we do for the corporate customer.
Secondly, we feel there is likely to be a practical limit to the profitability of our software
sold as shareware. The software can be used for a period of time (typically thirty days)
without registration, a necessity to give curious potential customers the opportunity to
34
A-7: Business Plan Section 5 supplemental Information | ©2006-2009 Two's
Complement, LLC.
[THE VIEWSENDER PATH AND PROMISE - APPENDIX] June 20, 2009
test-drive our products. Unfortunately, we suspect a substantial number of our customers
will explore the software only as a tool for spying on a cheating spouse, or to resolve a
caretaker's short-term loss of trust with a charge. In these situations, the tremendous
technical advantages ViewSender has may not have sufficient value to the customer to
justify the cost of registration, or they may be satisfied with the lesser capabilities of a free
key-logger or simple snapshot application. We do feel there is a core constituency in the
parents of adolescent, pre-teen, and teenaged children who will appreciate the features
built into the consumer version of ViewSender, and that shareware is a viable vehicle to
reach those customers.
Thirdly, there are some risks in attempting to become well-known on the Internet in order
to drive sales. We are more likely to attract hackers who may try to defeat the protection in
our software or harass our websites -unfortunately these kinds of attacks are the normal
cost of doing business on the Internet, for anyone. Our software may be a more attractive
target than others because in the immature mindset ViewSender might be equated to
spyware, or as "Big Brother", or as discrimination against teenagers.
Finally, the e-commerce component will be targeting the general consumer marker. There
is a well-known truth among software professionals - that general consumers are the
biggest drain on a software venture's support staff and budget. We will attenuate some of
that demand by incorporating robust help into our application, providing ample on-line
help (including FAQ's and user forums) and rendering direct support by e-mail rather than
in real time, but support is yet another incentive to move on to the next business
component in the suite as soon as is feasible (subsequent business components are biased
towards the small business and corporate consumer). Note: It is true that corporate client
also have support requirements - however, the tradition of paid contract-based support for
corporate software is well-established and accepted, and support in that environment can
be both a profit center and a training mechanism for our developers.
A-7.2: TRANSITION IN CUSTOMER RELATIONSHIP
In the e-commerce shareware model, the relationship is between a consumer and a specific
instance of a product, and our interest is in tracking that instance of the software. In the
product and services licensing model, our interest is in a specific customer (presumably
but not always a school, small business, corporation, or other organization) and the
software is incidental to an agreement we have with that customer. In other words, in the
e-commerce model an instance of software is valid if the registration is current and valid;
in the licensing model, any instance of software is valid if our relationship with the
customer is current and valid (assuming of course, the software is a part of that
agreement). A license relationship is much harder to achieve - some part of attaining one
usually requires an effort specifically targeted towards that customer - but has the
advantage that the customer's needs (and the software's role in addressing those needs)
are better understood. Instead of the thirty-day trials, word-of-mouth, and anonymous
©2006-2009 Two's Complement, LLC. | A-7: Business Plan Section 5 supplemental
Information
35
June 20, 2009
[THE VIEWSENDER PATH AND PROMISE - APPENDIX]
approach used in e-commerce, this relationship will require personal visits, demos,
prepared presentations, and building rapport with potentially multiple individuals. The
opportunities for profit are greater, and here all of the advanced capabilities, intellectual
property, and extensibility bound into the software find a home, and can be properly
exploited. The potential for additional sales (upgrades, ancillary products and services,
service/support contracts, and exposure to the customer’s vendors and competitors) is
much greater - and the bulk of the upfront marketing investment to attain those sales is
waived, since the relationship already exists.
A-7.3: TRANSITION IN PHYSICAL INFRASTRUCTURE
This business component will require investments in targeted advertising, a sales staff, and
a marketing team capable of managing the environment (and coordination with the Web
presence of the e-commerce component). This will be a significant change in approach
from the e-commerce module, which has very little infrastructure or running costs. We
expect that the implementation of this module will also start a transition to a brick-andmortar presence. While we can begin the effort with professionals working from their
homes (or as contractors working from their own offices) using leased servers, a virtual
Internet presence, and rented post office boxes, as the organization grows some
centralization and consolidation of the management will be required or desirable. For
security and safety reasons, we will want to control our own servers (not necessarily those
used to distribute product, but certainly those which contain our source code, customer
data, accounting data and software, personnel records, and business conversations). We
will need to have an in-house Ethernet backbone (that is, not using the Internet) for the
transportation of sensitive information to and from those servers and the consumers of
that information. We will need a demonstration center, conference room, and training
center to educate and persuade customers and their staff. For some tasks, daily interaction
at a common location is required - others require an occasional meeting at a common
location. For all of these reasons, there will be a tendency towards some kind of community
office space as we grow and extend ourselves into the product and services licensing phase.
However and at the same time, we would always want as large a work-from-home staff as
is feasible, in part because our products specifically promote and support work-from-home
but also because of the cost efficiencies.
A-7.4: TRANSITION IN PRODUCT LINEUP
With respect to the ViewSender software, going after the small business and corporate
customer means servers and management software. The ViewSender product has several
modes of operations, but its core premise has been that data captured by ViewSender
Agents will be captured (and optionally processed) at the monitored computer and
delivered by a number of means to ViewSender servers, which will do any additional
processing (if required), perform analysis on aggregated images and/or text, post any
36
A-7: Business Plan Section 5 supplemental Information | ©2006-2009 Two's
Complement, LLC.
[THE VIEWSENDER PATH AND PROMISE - APPENDIX] June 20, 2009
resultant alarms and notifications, and archive the collected data. The servers themselves
imply multiple installed ViewSender Agents, requiring management, mass deployment, and
bulk configuration software for them, and configuration and management software for the
server(s). From a software development perspective, this is not as challenging as it might
sound since the expectation for servers is designed into (and in many cases already built
into) the software. However, in every other context - support, marketing, implementation,
and customer interaction - this is a major step forward, and an exciting fulfillment of the
software's potential.
A-7.5: ANCILLARY PRODUCTS
Like this business plan, everything about ViewSender is specifically designed to support
flexibility and extensibility. While there is a fundamental set of products and services that
intuitively go with a licensed ViewSender Server and Agents bundle, there are a number of
additional products that could be developed and sold (by us or by a third party with tools
purchased from us) or simply added as a feature to enhance the bundle (and generate
greater revenues). While there is incentive to develop add-on products ourselves, there is
also an argument that says we should encourage development by third parties of products
dependent upon our technologies, because these third-party dependencies build or
reinforce the perception that our file and transfer formats are the industry standards. Of
course, the sweet spot is to develop customized products for individual clients at their
expense, and then to take desirable elements of those customizations (now free to us) and
insert them into our standard offerings to improve their appeal and frustrate competition.
The software that could be developed would fall into these general categories:
1. Software based on parsing information we collect from monitored ViewSender
Agents, including extracted text, captured images, keystrokes, and logged-on user
information;
2. Software that enhances OCR performance at the server (or re-routes images to a
customer's licensed high-volume third-party OCR application);
3. Scripting and developer tools that enable third parties to build applications on top
of our architecture and products; and
4. Software that we develop as a customization or specialization service for customers
(and then propagate back into our general product) - this topic is discussed more
expansively in the Custom software section, rather than in the section below.
A-7.5.1: DERIVED FROM TEXT EXTRACTION
As of this writing, we have the only commercial product capable of reliably delivering the
entire content of a computer screen or window as text (among our many other capabilities)
for a reasonable price, regardless of the source of that text (though there are many
applications which can capture just keystrokes, or return the content of a browser address
bar, or copy what the user enters into the textbox of an e-mail application as distinct
©2006-2009 Two's Complement, LLC. | A-7: Business Plan Section 5 supplemental
Information
37
June 20, 2009
[THE VIEWSENDER PATH AND PROMISE - APPENDIX]
entities). Besides the technical superiority that gives us for collecting meaningful data from
the user, this opens the door wide open to applications that can manipulate the data after
collection at the monitored computer. These include intelligent analysis or pre-filtering
before the data is sent to a server (in the standard version, ViewSender simply compares
words and phrases it found on the screen to a list prepared beforehand, and if any match is
found the entire contents are sent to the server) as well as a host of services that could be
provided by the server after receipt of the data. These server-based add-on applications
could perform services like sophisticated analysis of text data for trends and pre-conditions
towards undesirable behaviors on the part of an individual or a group (i.e., assessing a
group's morale or reaction to a layoff announcement), or for desirable traits (such as
suitability for promotion).
A-7.5.2: DERIVED FROM IMAGE COLLECTION
We also have the only commercially-available product capable of delivering sharp accurate
images in tiny file sizes, with the capability to further increase image resolution or change
color options on the fly, for a single monitored work-station or for a group of workstations.
This means that, for minimal cost, images can be sent to the server for processing. At the
server, add-on applications could be developed for packaging those images into filmstrips
for viewing, or gathering into workgroups or other groupings for archiving. It may be
possible to develop an application based on intelligent pattern recognition to recognize
pornographic images, or other undesirable image contents. An application could be
developed for taking the text content of an image (delivered at the same time as the image
by the monitored computer's ViewSender Agent) and extracting keywords from that text,
and then storing those keywords with the image in a database for very fast searches when
a need to retrieve specific images arises.
A-7.5.3: DERIVED FROM KEYSTROKES AND USER INFORMATION
Because the keystrokes typed by the user of a monitored computer can be shipped by the
ViewSender Agent as well as information about that user, add-on applications could be
developed to track a single user's activities across several computers, or to separate out
what the user typed from other text that appears in the text extracted from the image.
A-7.5.4: OTHER PRODUCT OPPORTUNITIES
A-7.5.4.1: OPTICAL CHARACTER RECOGNITION (OCR)
The ViewSender Agent and Server provide highly sophisticated, proprietary binary
character recognition for extracting text from screen and window images. This capability is
tailored to efficiently utilizing possibly limited resources on the monitored computer
without disturbing the computer user, and is specifically written to process single images
as they are captured. When the images are being sent to a server, it is possible to defer
binary character recognition at the ViewSender Agent in favor of binary character
38
A-7: Business Plan Section 5 supplemental Information | ©2006-2009 Two's
Complement, LLC.
[THE VIEWSENDER PATH AND PROMISE - APPENDIX] June 20, 2009
recognition processing at the ViewSender Server (which doesn't have to worry about either
limited resources or not interrupting a logged-on user). We have this option only because
the ViewSender Agent's proprietary image compression technology compresses images so
tightly and so accurately - the Server receives an image of the same quality seen by the
Agent, without bogging down the network or chewing up disk space. We can take it one
step further - the ViewSender Agent and Server can take an image, process it, and instead of
producing extracted text, it can produce a modified image that can be run through thirdparty Optical Character Recognition software to produce high-quality text output from the
image. There are several reasons a customer may want to do this. First, commercial OCR
applications can handle extremely high volumes of input, and the customer may decide that
is an appropriate place to offload some of the image processing. Secondly, the OCR
applications are often part of a document management system, which integrates processed
documents into the business' normal document retrieval, search, and storage processes.
Applications can be written to integrate ViewSender Server with a client's in-house OCR
system as a custom application; more generic applications can be created as add-ons to
ViewSender Server that recognize and interact with known major OCR engines and
applications.
A-7.5.4.2: DEVELOPER TOOLKITS, API SETS, AND SCRIPTING SUPPORT
As described above, we would like to encourage third-party developers to build their own
applications and customizations on top of our technology. We would like ViewSender to
become a de facto standard for computer monitoring software, and one means to
encourage that is for third parties to build and distribute products of their own that are
dependent upon our proprietary ways of doing things. To promote that, we could offer API
sets (libraries, assemblies, and programming that developers can use to "hook into" our
proprietary technologies without exposing our source code to them) and scripting tools.
These will allow them to rapidly build and deploy applications that tap into our special
capabilities (including screen capture, image compression, binary character recognition,
sending information from a computer without user detection, conversion of screen images
to OCR-able images) and piggyback on our architecture (conversations between the
ViewSender Agent and Server, transportation of images, extracted text, keystroke and
logged-on user information through the system, or Server post-processing).
The API sets and libraries are in particular attractive because the code necessary to
support them is already written into our products. Some effort will be required to repackage that code, ensure it against tampering, reverse-engineering or re-distribution
without license, and test it in its new footprint. The market for this product is small, but the
value can be high to the end user.
A-7.6: ADDITION OF SERVICES TO THE MIX
The change in emphasis from individual ViewSender Agents to ViewSender Server and
Agent systems opens the door to providing services to configure, manage, and modify those
©2006-2009 Two's Complement, LLC. | A-7: Business Plan Section 5 supplemental
Information
39
June 20, 2009
[THE VIEWSENDER PATH AND PROMISE - APPENDIX]
systems or their subsystems. Once we are able to provide those services, a very desirable
direct consequence is that those services can then be taken on the road - that is, rapidly
deploying and tearing down ViewSender Server and Agent installations for special
circumstances.
A-7.6.1: CUSTOM SOFTWARE
A customer may request that custom features be added to the software, and we will encode
those features at a package price agreed to with the customer. The advantage to doing this
is not necessarily any profit in the customization, or even the dependency it may create for
the customer upon our products into the future (as opposed to those of competitors) - it is
that we can fold desirable elements of the custom features back into the generallydistributed product, adding to its appeal to other customers. Unlike other features we
might add to our products, these features have the added benefits that we know them to be
desired by at least one customer, and of sufficient value the customer was willing to pay for
them.
A-7.6.2: TURNKEY SETUP AND MONITORING
We can bundle services and software into a complete turnkey package for the customer's
enterprise, using their equipment or leasing ours, custom-tailored to the customer's goals.
Whether the desired end result were to support work-for-home employment for their staff,
monitoring on-site staff, or providing an enhancement to their overall security, we would
install and configure ViewSender Agents and Servers, arrange for post-server processing
and storage (including leasing storage facilities), maintain and upgrade the system as
necessary, provide regular performance and exception reports, provide on-demand access
to real-time and historical data, and respond to special needs, all for a contractual price. In
addition to providing a revenue stream for us, and a carefree one-stop-shop solution for
our customers, these installations would provide excellent test-beds for validating
improvements in our software as they are released.
A-7.6.3: ANALYSIS AND ARCHIVING
There are any number of services we can provide based on analysis of various
combinations of collected data types (extracted text, captured images, collected keystrokes,
and logged-on user information). We can find linkages between users and other users, or
between users and data, or between computers and users, or between all three by tracking
where similar text appears on individual computer screens. We can track trends - for
example, where negative text appears in response to an external or internal event. We can
even track the origin and spread of rumors based on keywords associated with those
rumors.
40
A-7: Business Plan Section 5 supplemental Information | ©2006-2009 Two's
Complement, LLC.
[THE VIEWSENDER PATH AND PROMISE - APPENDIX] June 20, 2009
We can also provide services for archiving and compressing data captured by Agents, and
for intelligent search and retrieval from that data.
A-7.6.4: CUSTOM DEPLOYMENTS
Separate from the issue of building custom software to order is the custom deployment of
the software. We can modify the ViewSender deployment to fit any combination of using
our servers versus using theirs, or of using our built-in binary character recognition at
either the ViewSender Agent or the ViewSender Server versus sending optimized images to
their OCR engine or application. For customers who are particularly sensitive to having
their employees become aware of monitoring activity, we can even have the ViewSender
Agents ship captured data to our networks - even if the Agent were discovered, the
company would have plausible deniability as to any processing that was being done to that
data.
We can also offer deployment assistance for short-term situations, such as providing
additional servers to handle temporary overflow or helping out with moves or expansions.
A-7.6.5: SERVICE AND SUPPORT CONTRACTS
In the licensing model, software support (working around through implementation issues,
resolving defects and applying patches and upgrades, and user training) becomes a
potential profit center, rather than a cost center, through the mechanism of service
contracts. This change is a welcome one from the consumer model because the express
level of support (and associated costs) is worked out with the full participation and
understanding of the customer. Service contracts can specify, as a la carte menu items, a
contact person for routing support requests (so that we do not have to deal with multiple
users having varying degrees of technical skill and familiarity with our product), the type of
support we will offer and the number or degree of incidents permitted within the contract,
and a formal escalation procedure for more difficult issues (which helps frame the
customer's expectations and to monitor our own performance).
A-7.6.4: SOLUTIONS FOR SPECIAL CIRCUMSTANCES
Once we have perfected our ability to deploy ViewSender Server and Agents as a service to
our customers, we can offer shrink-wrapped deployments for special circumstances. These
might include short-term deployments for trade shows, seminars, and job fairs where the
event itself is of short duration; they may also include circumstances where a targeted
situation does not require a permanent deployment. Scott Deaver had the opportunity to
work on a project involving forensics examination of computer hard drives for lawyers in
court cases - this is a special subcategory of computer software that has sprung up to
support either side in litigation. The idea is to discover and document evidence that
indicates behaviors and intentions of a computer user with respect to a particular issue
©2006-2009 Two's Complement, LLC. | A-7: Business Plan Section 5 supplemental
Information
41
June 20, 2009
[THE VIEWSENDER PATH AND PROMISE - APPENDIX]
after-the-fact. Though they are becoming a significant part of modern court case, hard disk
extractions have very little use until after damage has already been done. They have the
additional limitation that they can only capture the state of a hard drive at a specific
moment in time, and may therefore conceal evidence of mitigation or intent that occurs
over time. Interestingly, for an organization that already has ViewSender deployed, the
ViewSender captured data is probably much more useful.
Let us suppose an organization that does not use ViewSender in the course of its normal
operations is made aware of an internal allegation that has not yet reached the level of an
official complaint or legal action, and further assume that the allegation has serious
implications for the organization. It could be an insinuation that the coaching staff of a
university is having ongoing improper contacts with recruits, or a complaint to a co-worker
in a corporation that an individual in the market department is harassing her. Due diligence
requires verifying whether the problem actually exists, but a formal investigation or even
interviews carry their own risks (such as tending to validate or give importance to a false
accusation, creating disruption in the workplace, or putting witnesses on the defensive).
This is a situation for which ViewSender is the perfect solution. ViewSender Agents and
Servers (if not using our offsite Servers) can be deployed during off-hours, left in place as
long as needed, and then discreetly removed. This can be done voluntarily by the
organization itself, or involuntarily by court order or by law enforcement.
We see this exploitation of ViewSender as a highly-lucrative boutique business (see the
later comments regarding franchising) answering the needs of the legal community, law
enforcement, units of government, the insurance industry (fraud prevention and
investigation) and investigative professionals.
As an example of the latter, Scott Deaver recently performed work for ICS
(commandsystems.com), which provides management software for entrance and video
security (see Scott Deaver’s resume at
http://www.ViewSender.com/documents/resume.doc). They have a primitive system that
collects and reports badge swipes at secured entrances (as well as other SCADA devices
that monitor sensors or detectors and alarming equipment), routes video to and between
observation posts, and allows you to switch and monitor video streams using a map
metaphor from a central command station.
Although that description may sound impressive to a layperson, the underlying technology
is quite crude – essentially the software talks to third party devices and controls that speak
using protocols based on the ancient MODBUS register polling, and passes instructions and
status between workstations using software queues. Underneath the smoke and mirrors,
nothing that ICS has done contributes to the science – that is, there is nothing proprietary
in their system (where ”proprietary” is defined as beyond the normal work product of
someone skilled in the trade). Vendors of the individual video and security devices provide
API sets to talk to their devices (or provide MODBUS register mappings for communicating
42
A-7: Business Plan Section 5 supplemental Information | ©2006-2009 Two's
Complement, LLC.
[THE VIEWSENDER PATH AND PROMISE - APPENDIX] June 20, 2009
with the devices) and there are much better ways to distribute that information than that
embedded in the ICS system.
This technology is relevant to ViewSender in that it addresses similar issues: monitoring
and security of assets associated with a facility (or more accurately, the monitoring of
human behavior in a facility by electronic devices). Where ViewSender monitors computer
screens and contents, the ICS system instead monitors doorways and video camera; other
than what is being monitored, the other elements of the systems are identical – that is:



Configuring the collection of information from electronic devices;
Collecting, filtering and storing captured information; and
Searching and displaying user-selected portions of the collected data.
We are not recommending that ViewSender should someday try to acquire ICS. ICS may well
be the poster child for how not to run a company – it is millions of dollars in debt, its
technology is dated, and it has no brand recognition or loyalty (it is highly likely ICS will be
in receivership in the near future). The only assets that ICS would have that we might be
interested in are the software drivers they’ve written to access vendor devices. We are
recommending that when the time is appropriate ViewSender should look at extending its
technologies to include electronic facilities security as a natural fit. The situation at ICS
demonstrates that the state of the technology in that industry makes the industry
vulnerable to outside competition, and there may be an opening there for ViewSender to
expand its superior technologies into that space (a glaring reason for not doing so: the
tremendous number of third-party device vendors whose products require writing
software interfaces for communication, assuming we can’t obtain those by other means).
This example is meant to illustrate an avenue of expansion for ViewSender through
acquisition or new software development: becoming a one-stop shop for complete facility
monitoring, from the parking lot cameras all the way to the shipping department’s PCs.
A-7.7: UNIQUE AND BOUTIQUE OPPORTUNITIES
There are a number creative niche products and services that could be based on
ViewSender products. We like one idea for a specialty service in particular because of our
long-term involvement in consulting and contracting. As the software development
industry has matured, it has been increasingly difficult to sort out the programmers who
write solid, modular, maintainable and cost-effective code from those who merely tell a
good story. The landscape is littered with an overwhelming number of failed projects
where costs and deliverables were skewed out of reality by having the wrong personnel for
the job. At the same time (though fewer in number), there have been some very notable
successes, again because of the quality of the individual contributors.
Unfortunately, the differences between good and bad coder are subjective and not easily
measured (how, and how well, a programmer interacts with co-workers or how well he or
she documents the code) or identified in a round of interviews.
©2006-2009 Two's Complement, LLC. | A-7: Business Plan Section 5 supplemental
Information
43
June 20, 2009
[THE VIEWSENDER PATH AND PROMISE - APPENDIX]
The idea advanced was to set up a registry service for the elite, best-of-the-best
programmers to promote themselves (at high rates, of course). A coder's price of admission
would be a self-collected ViewSender Agent database (subject to certain minimum criteria)
containing snapshots of his/her work effort during their most recent assignments. The
potential employer would pay a fee for access to the registry, and could access any
member's Agent database to do searches to assess whether that individual's captured work
style and habits was desirable to the employer. The ViewSender Agent already has all the
capabilities necessary to support that kind of deployment, including database encryption to
prevent alteration.
A-8: FOR INVESTORS
At the time of this writing, we do not have the management team in place to address the
needs of the casual investor whose interest is limited to a hands-off calculation of how
much return he/she can expect over what length of time with a specific investment
amount. We are working towards attracting participants who can help steer us down a
path where we can eventually provide reliable information to support that class of
investor.
This leaves us two options: assemble our own management, marketing, and development
team piecemeal from the parties available as we find them, or find someone with an
existing business or team who can wrap themselves around the ViewSender product and
vision.
For the hands-on investor who has access to his or her own management team with
expertise in enterprise software startups, ViewSender in its current state may well
represent the most potentially lucrative opportunity around in a very long time. Let me put
it in the form of a question: How many debt-free startups with a demonstrable prototype
are there out there with topical and proprietary software, no competition, a technology
champion who has delivered reliably for twenty years, and sufficient bandwidth to define
their own market sub-segment?
As stated previously, Scott Deaver would prefer to stay in the technical arena and has
neither the skills nor the interest to run a business, other than for a short duration until
better-qualified individuals can take the reins. He would happily give up a very significant
percentage of the business, so long as he retained the majority interest in the intellectual
property, his interests were well-protected, and he were assured an appropriate return on
his own sweat-equity investment and an influential ongoing role in the continued
development of the technology.
A-8.1: DETAILED DEVELOPMENT MILESTONES
We have gone to great lengths to anticipate and prepare for any number of possibilities
while writing this plan. The milestones laid out below are illustrative, rather than
44
A-8: For investors | ©2006-2009 Two's Complement, LLC.
[THE VIEWSENDER PATH AND PROMISE - APPENDIX] June 20, 2009
definitive, and describe one very narrow middle of-the-road path from among any number
of others that could be taken in response to changing conditions, partners, resources, or
goals. Given the uncertainty of the current economic climate with respect to venture
capital, we have referenced our time projections in terms of days from receipt of funding.
While it is true that the project will continue to advance in the period of time before
funding is acquired, that progress is likely to be slow since the amount of time we can
devote to the project will be limited by the time we must spend earning income by other
means. If we are able to advance the project meaningfully during that period, we will adjust
the milestones accordingly. For any other assumptions, conditions, qualifications, or errata,
please see the Notes section.
A-8.1.3: ASSUMPTIONS
The development milestones laid out in the project plan and described in the sections
following make some basic assumptions:
1. These milestones assume that a business management individual or team is already
in place, as a partner in ViewSender or as provided by our funding source;
2. The milestones do not consider the issue of a graphic artist and Web master. At
some point in time, the organization will require one or more staff to manage
graphics production for packaging and advertising materials, and we expect that in
the beginning the same staff member(s) would maintain our websites. We believe
that point in time is beyond the 456 days specifically covered in our development
project plan, and that our needs up to that point will not justify full-time staff.
Therefore, we are assuming these needs will be outsourced on an as-needed basis.
We have made the same assumption about our clerical needs;
3. The development project plan assigns the tasks of on-line and context help
documentation production to the developers. This will tend to produce
documentation that is technically accurate, but not particularly attractive or easy to
read. We believe this will be adequate to get us through day 456, and presume that
the management team will elect to hire a professional documentation person
afterwards as needs and sales warrant. That person can then use the documentation
in place to trains themselves on the product and as a foundation for better
documents;
4. Beginning with the release of the pcOversight EWFH Pro version 1.0 on day 316, we
may need to provide deployment assistance to our corporate and institutional
customers (for which we will charge a fee). We can use Support Developer 3 for this
purpose for very brief time periods, but if demand is high (this would be a very good
thing for all concern) we would need to quickly hire and train someone for that role
(the person, once fully utilized, would pay for themselves as well as generate some
profit through service fees);
5. The development project plan assumes that the development of the ViewSender
software is at roughly the same place it was left at the time of this writing - if
funding takes a very long time to acquire, it is probable some progress will have
©2006-2009 Two's Complement, LLC. | A-8: For investors
45
June 20, 2009
[THE VIEWSENDER PATH AND PROMISE - APPENDIX]
been made by Scott Deaver in the meantime, and from time to time the development
project plan will be adjusted to reflect that progress; and
6. The development project plan assumes sufficient financing to support the resources
described in the project plan (funding that as of this writing is not yet available).
Until funding is available, the development project plan cannot move forward as
written, though once funded it can be implemented immediately. Milestones are
shown below as number of days from receipt of funds.
A-8.1.4: MILESTONES
Those milestones that come from the development project plan are marked with a "[DPP]"
in the list below.
A-8.1.4.1: DAY 1

The marketing research service is retained based on previous searches and
interviews and consultation with funding partner.

The intellectual property attorney or patent agent is retained based on previous
searches and interviews and consultation with funding partner.
The candidate selected from previous developer interviews is notified of his/her
start date (this is the developer identified as "Developer 1" in the development
project plan).
[DPP] Scott Deaver resigns his position at Weatherford to work exclusively on
ViewSender development, prepares for start of iEavesdrop (no Server) version 1.0
development.


A-8.1.4.2: DAY 3

[DPP] iEavesdrop (no Server) version 1.0 development is officially launched,
Developer 1 begins work.
A-8.1.4.3: DAY 90

Intellectual property protection status reviewed with attorney/agent.

Marketing research report completed.
A-8.1.4.4: DAY 92

[DPP] Scott Deaver turns iEavesdrop (no Server) version 1.0 development over to
Developer 1, and starts pcOversight EWFH Pro version 1.0 development.
A-8.1.4.5: DAY 96

Interviewing begins for QA/Tester 1 position.
A-8.1.4.6: DAY 108
46
A-8: For investors | ©2006-2009 Two's Complement, LLC.
[THE VIEWSENDER PATH AND PROMISE - APPENDIX] June 20, 2009

Interviewing begins for Support/Developer 2 position.
A-8.1.4.7: DAY 122

[DPP] Selected QA/Tester 1 candidate begins orientation.
A-8.1.4.8: DAY 136

[DPP] iEavesdrop (no Server) version 1.0 is released to QA for final testing.

[DPP] Selected Support/Developer 2 candidate begins training.
A-8.1.4.9: DAY 157

[DPP] iEavesdrop (no Server) version 1.0 is completed, and distributed to
shareware sites and our website - support cycle begins.
A-8.1.4.10: DAY 249

Interviewing begins for Support/Developer 3 position.

Interviewing begins for marketing professional.
A-8.1.4.11: DAY 277

[DPP] Selected Support/Developer 3 candidate begins training.
A-8.1.4.12: DAY 280

Selected sales/marketing professional is hired, begins development of marketing
plan to coincide with pcOversight EWFH Pro version 1.0 and subsequent products.

Interviewing begins for sales professional.
A-8.1.4.13: DAY 288

[DPP] Scott Deaver turns over development of pcOversight EWFH Pro version 1.0 to
Developer 1, and starts pcOversight Site Monitor Pro version 1.0 development.
A-8.1.4.14: DAY 291

[DPP] Scott Deaver stops development on pcOversight Site Monitor Pro version 1.0
to be picked up later by Developer 1, and starts development of pcOversight Server
Viewer version 1.0.
A-8.1.4.15: DAY 301

Selected sales professional begins work.
A-8.1.4.16: DAY 305

[DPP] pcOversight EWFH Pro version 1.0 is released to QA for final testing.
©2006-2009 Two's Complement, LLC. | A-8: For investors
47
June 20, 2009
[THE VIEWSENDER PATH AND PROMISE - APPENDIX]
A-8.1.4.17: DAY 316

[DPP] pcOversight EWFH Pro version 1.0 passes final testing, is released to our
website and to the marketing department.
A-8.1.4.18: DAY 317

[DPP] Scott Deaver stops development on pcOversight Server Viewer version 1.0 to
be picked up later by Developer 1, and starts development of iEavesdrop Amplified
version 1.0.
A-8.1.4.19: DAY 323

[DPP] pcOversight Site Monitor Pro version 1.0 is released to QA for final testing.
A-8.1.4.20: DAY 330

[DPP] pcOversight Site Monitor Pro version 1.0 passes final tests, is released to our
website and to the marketing department.
A-8.1.4.21: DAY 350

[DPP] pcOversight Server Viewer version 1.0 is released to QA for final testing.
A-8.1.4.22: DAY 352

[DPP] pcOversight Server Viewer version 1.0 passes final testing, is released to our
website and to the marketing department.
A-8.1.4.23: DAY 364

[DPP] Scott Deaver stops development iEavesdrop Amplified version 1.0 to be
picked up by Developer 1 later, and starts work on requirements and prototypes for
the next versions of all products.
A-8.1.4.24: DAY 406

[DPP] Developer 1 begins development on pcOversight EWFH Basic version 1.0
project.
A-8.1.4.25: DAY 408

[DPP] iEavesdrop Amplified version 1.0 is released to QA for final testing.
A-8.1.4.26: DAY 413

[DPP] iEavesdrop Amplified version 1.0 passes final testing, is released to our
website and to the marketing department.
A-8.1.4.27: DAY 427
48
A-8: For investors | ©2006-2009 Two's Complement, LLC.
[THE VIEWSENDER PATH AND PROMISE - APPENDIX] June 20, 2009

[DPP] Developer 1 begins development on pcOversight Site Monitor Basic version
1.0 project.
A-8.1.4.28: DAY 429

[DPP] pcOversight EWFH Basic version 1.0 is released to QA for final testing.
A-8.1.4.29: DAY 434

[DPP] pcOversight EWFH Basic version 1.0 passes final testing, is released to our
website and to the marketing department.
A-8.1.4.30: DAY 448

[DPP] Developer 1 begins development on iEavesdrop Amplified Server Viewer
version 1.0 project.
A-8.1.4.31: DAY 450

[DPP] pcOversight Site Monitor Basic version 1.0 is released to QA for final testing.
A-8.1.4.32: DAY 452

[DPP] pcOversight Site Monitor Basic version 1.0 passes final tests, is released to our
website and to the marketing department.

[DPP] iEavesdrop Amplified Server Viewer version 1.0 is released to QA for final
testing.
A-8.1.4.33: DAY 456

[DPP] ] iEavesdrop Amplified Server Viewer version 1.0 passes final testing, is
released to our website and to the marketing department. At this point, all
anticipated version 1.0 products have been completed and released for sale or
distribution.
A-9: ERRATA
A-9.1:SECURITY CONSIDERATIONS REGARDING THE VIEWSENDER AGENT
The sections below address opportunities we've identified to prevention potential
consequential and malicious abuse using the ViewSender Agent.
A-9.1.1: ISSUES
One of the ViewSender guiding principles is that wherever possible we need to distinguish
ourselves and our products from lesser companies and applications that cannot provide
the level of service we do (though they may claim otherwise). Above all, we want to
©2006-2009 Two's Complement, LLC. | A-9: Errata
49
June 20, 2009
[THE VIEWSENDER PATH AND PROMISE - APPENDIX]
discourage and avoid any situation where our products or people are put in a negative
light.
As the ViewSender Agent has developed, it is becoming apparent that it has become a very
competent and complete component - so much so that we may now have an
embarrassment of riches. The Agent’s ability to silently capture and transmit information
from a monitored computer for honest intentions is good enough that it may attract the
attentions of those who have more sinister purposes.
There are four areas of concern:
1. Unauthorized monitoring of one or more computers for other than lawful or
intended purposes;
2. Incapacitating or slowing one or more computers by filling hard-drives with
collected information;
3. Mass collection of data by insinuating multiple copies of an agent onto many
computers using virus, worm, or spyware techniques; and
4. Using the Agent for denial of service attacks against a server, or harassment of an email address (similar to 3.).
The problems are compounded by the fact that we will be distributing, via shareware and
through various product promotions, free versions that even when not yet registered have
capabilities that could be abused to harass or otherwise cause harm to people or
equipment. Further exacerbating these issues is the fact we are going to be distributing
automatic self-installing Agents on USB devices, which could potentially make a target of
any computer out in the open with a USB port.
As regards security, the current Agent design considers only the corporate network
environment and relies on the fact that the Agent will be in constant conversation with a
ViewSender Server. With each message, the Agent will relay its unique instance ID, its
location on the network, its currently logged-on user, and its host computer’s machine
name. We can force registration of the ViewSender Agent Configuration Utility (ACU) tool
that creates Agents, and enforce the relationship between a registered ACU and the unique
instance IDs of any Agents it creates or edits. The Server can immediately detect and react
to unauthorized use, registration issues, duplicated Agents (the same registration ID
reporting from two different computers) – it can even shut down or pause individual,
grouped, or all Agents with a single command from the Server Manager console.
However, in the world of disconnected computers or those connected only to the Internet
(“in the wild” is the term often applied to these machines), we don’t (usually) have the
benefits of an always- connected two-way conversation with other machines. The
information collected by the Agent in these environments is either stored to the hard drive
or sent out one-way as e-mails.
We cannot preempt a user from misusing the Agent by monitoring a computer without
authorization or legal right, because we have no way to determine intent or
50
A-9: Errata | ©2006-2009 Two's Complement, LLC.
[THE VIEWSENDER PATH AND PROMISE - APPENDIX] June 20, 2009
appropriateness of purpose. If a user wants to register a version of the Agent or one of our
other applications and then use it for illegal spying, they can go ahead and install the Agent.
However, using the means described below, there is a way to trace back the offender once
the illegal spying is detected by the victim or someone acting on their behalf – we can tie
the Agent on the machine to a registered ACU, and we will be able to definitively identify
the ACU registrant.
The other problems generally involve misuse of bulk copies of Agents (although filling up a
computer’s hard drive with information could apply to the situation described in the
preceding paragraph, as well). With the Agent’s current design, when there is no two-way
connectivity to a Server, there is no means to detect that duplicate Agents are running on
two separate computers. Furthermore, if the free unregistered (shareware) version of the
ACU is used to generate the original Agent, we have no means of identifying the person
connected to that ACU. Therefore, an attacker could produce a single Agent by legitimate
means with a free ACU download, and then force that Agent onto 10, 1000, or a million
computers electronically using virus, worm or spyware tactics (or physically with a USB
device).
By setting the Agent capture configurations, and outgoing e-mail or server addresses, to
certain values, the attacker can then through multiple copies of the Agent:



Slow down and fill up hard drives (eventually shutting down the hosts) on
thousands (millions?) of computers by setting the image collection to very high
rates and large file sizes;
Render an e-mail address useless with millions of e-mails; and/or
Perform a classic denial-of-service attack by keeping a server too busy handling
messages to do other work.
A-9.1.2: RESOLUTION
I’ve come up with what I believe to be an elegant solution that not only resolves the issues,
but has the side benefits of separating us from our less worthy competition and providing
an incentive for those who download free ViewSender versions to register their products.
The corporate versions of the ViewSender Agent will remain exactly as they are. For “in the
wild” free (unregistered) versions, we are going to change the behavior used to create and
install the Agent, and we will change the registration process a little.
Here are the changes:
1. Any attempt to create a new Agent with a free, unregistered version of the
ViewSender ACU will now become a two-step process:
a. The Agent creator will first have to access the machine to be monitored and
run a ViewSender “discovery” applet. That applet will collect information
about the target computer, including the CPU registration ID, the computer’s
©2006-2009 Two's Complement, LLC. | A-9: Errata
51
June 20, 2009
2.
3.
4.
5.
6.
7.
8.
[THE VIEWSENDER PATH AND PROMISE - APPENDIX]
tag (a unique ID embedded into the computer’s BIOS by manufacturers like
Dell and HP), disk drive IDs, operating system type and registration ID, and
other identifying information, along with the available hard drive letters and
free space;
b. The Agent creator will then reference the discovery applet’s data when
creating the Agent in the ACU.
The created Agent on each startup will validate that its host computer’s identifying
information matches that collected by the discovery applet when the Agent was
created – if not a match the Agent will not run;
When editing an existing Agent after it was created, the free unregistered ACU will
not be able to modify any of the discovery applet’s original data – if the monitored
machine’s configuration has changed, the Agent creator will have to download a
new free ViewSender ACU and start over;
A free unregistered version of the ViewSender ACU can create one and only one
unique Agent;
To avoid all of the restrictions above, the user will be encouraged and motivated to
register their downloaded ViewSender software (in some cases registration will not
cost them anything);
When registering, even if the registration is free (as for give-away versions), the
registrant will be required to provide a credit card to firmly identify the user (in the
case of a give-away registration, we will charge the card $1.00 to ensure it is
legitimate, and then refund the $1.00 all in the same session). Even if the card is
stolen, we can provide useful information to law enforcement (online IP address, for
example) and give the theft victim deniability for any untoward activities the
ViewSender registration is used for. We will also require other identifying
information in the registration process;
Once we have a registered ViewSender ACU tied to a user and a credit card, we can
link any Agent created by that ACU to the registrant’s information. We do not need a
two-step Agent installation process because any activity done with the created
Agent that is discovered and deemed to be inappropriate can be traced back to the
registrant; and
This attention to security will discourage the casual user who wants to spy on
classmates or stalk an ex-wife (and wouldn’t have registered anyway), and will set
us apart from imitators as being legitimately committed to acceptable usage of our
products.
52
A-9: Errata | ©2006-2009 Two's Complement, LLC.