Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
I am an absolute fan of QSpace. I know some people won't use it because it's from China. But, the QSpace developer doesn't hide that at all. Bloom's site doesn't mention where they're from, but the developer is in China. I do not hold that against them and plan on trying it in the future.

On the other hand, any software website that doesn't have something like "about us" on it worries me. I will give Bloom a few years to get a bit of a reputation before I risk installing it. Brand new (the first release was a month ago), anonymous software is a serious risk, especially when it's given full access to all of your files.

Bloom's website shows the name INCHMAN1900 and the email asiafu1900@gmail.com. On https://github.com/INCHMAN1900/ you can see the location of Beijing and the domain asiafu.com (registered in 2018). The person is a pretty new developer with a few tiny projects on Github starting in 2017. I'm definitely going to give it a few years before testing it. At least give it long enough for Apple's security software to become aware of any problems in it.
 
I wonder if those are the same who are perfectly fine with US software, written under a jurisdiction that spies on you.

I sounds like you are focusing on the country more than the unknowns about the developer.

Wherever software comes from, it's important to be careful. It's quite a contrast I see on these forums. Some people say they need no anti-virus software because they're careful about what they install. Others will install a month-old application from an unknown developer. Did you run Bloom on your computer?
 
I wonder if those are the same who are perfectly fine with US software, written under a jurisdiction that spies on you.
The government of the USA is a long way from perfect, but they are far less repressive than China. The communists in China continuously spy on all their citizens, and morally bankrupt companies like Google are happy to help. I avoid all of them like the plague.
 
  • Haha
Reactions: it wasnt me
You said “China”, as if that was relevant. I don’t know most developers of any software I use.



Not yet, I’m out of town for the weekend. I plan to do it next week.

I only mentioned China and the developer's background to make sure people knew where Bloom was from so that they could make their own decisions. I do use QSpace, which is from China, so that part of it didn't put me off. But, it absolutely did bother me that the website didn't identify the developers.

I didn't know the QSpace developer before installing it, but it was an established program with a good track record. Before I install some software, I do a bit of checking to confirm many people are using it and to check for reports of problems. If I can find it, I read a company's statement about themselves from their website. Bloom's website saying nothing raised a red flag. Bloom's first version being released a month ago raised another.

Good luck with Bloom. In terms of software safety, the position that you install anything from anyone without checking is really living on the edge.
 
  • Haha
Reactions: rmadsen3
Certain telemetry goes back to the developer, from what I can remember it is debugging data only. IO've tried (I tyhink) all alternative file managers out there and I keep on coming back to QSpace Pro. It is fully featured and regularly updated. Any bugs I've reported are quickly fixed.
 
  • Like
Reactions: maflynn
Many users have said they don't recommend it for privacy or security reasons. It seems they are not being honest with the privacy documentation.

I'd also like to hear more about that. Their privacy policy is very short and explicit. https://qspace.awehunt.com/en-us/privacy.html

According to that they only collect:

  • QSpace version and account email address, macOS version and language, IP address, user ID and device ID.
  • PayPal payment related information: name, email address and address.
They say that it is only used for QSpace functions and never shared with third-parties.

Which part is dishonest?
 
  • Like
Reactions: maflynn
Which part is dishonest?

🔴 1️⃣ They collect more data than seems strictly necessary


"QSpace version and account email address, macOS version and language, IP address, user ID and device ID."

  • Why it’s a red flag:
    They collect device ID and IP address, which together can uniquely track a user across networks and devices — beyond what you'd expect for a file manager or productivity app.



🔴 2️⃣ Vague data usage explanation


"The information we collected is only used for QSpace functions and will not share with any third-parties."

  • Why it’s a red flag:
    They don’t define "QSpace functions" — it’s too broad.
    What exactly are those functions? Updates? Analytics? Error reporting? Marketing?
    A policy should explicitly describe specific uses.



🔴 3️⃣ No clear retention policy


  • Why it’s a red flag:
    They don’t say how long they keep your data.
    A responsible policy explains if data is kept permanently, only while the account is active, or a specific number of years.



🔴 4️⃣ No mention of security measures


  • Why it’s a red flag:
    No mention of data encryption, secure storage practices, or compliance with security standards (GDPR, CCPA, etc.).
    They just leave you guessing if they’re protecting your data or not.



🔴 5️⃣ Overly broad update clause


"We may update this Privacy Policy from time to time. If there are updates, you can receive notifications in QSpace 4.0 and above."

  • Why it’s a red flag:
    They can change the policy without requiring you to accept or even properly review it.
    Also, "receive notifications" is vague — will it be a popup? An email? A subtle mention you might not see?



🔴 6️⃣ Lack of opt-out or control options


  • Why it’s a red flag:
    There’s no mention of allowing you to access, correct, or delete your data.
    No opt-out of specific data collection (e.g., telemetry or analytics).
    Modern privacy standards almost always include these rights.



🔴 7️⃣ They mention PayPal data but no security details


"PayPal payment related information: name, email address and address."

  • Why it’s a red flag:
    They mention collecting sensitive payment data, but they don’t clarify how it is secured or whether they store it or just pass it to PayPal.
    Payment data needs strong security guarantees.



🔴 8️⃣ Mysterious "Others" section


"Others: Google Drive Privacy Policy"

  • Why it’s a red flag:
    It’s left hanging without context.
    Do they integrate with Google Drive? Do they sync your files? Do they collect Google Drive metadata?
    There’s no explanation of what data is transferred, stored, or accessed.

In short:
✅ The policy is super minimal — too simple for the amount of data they collect.
✅ It uses broad terms and lacks details on usage, sharing, security, and retention.
✅ It doesn’t give you any real control.
✅ It opens the door to future changes without meaningful consent.
 

🔴 1️⃣ They collect more data than seems strictly necessary




  • Why it’s a red flag:
    They collect device ID and IP address, which together can uniquely track a user across networks and devices — beyond what you'd expect for a file manager or productivity app.



🔴 2️⃣ Vague data usage explanation




  • Why it’s a red flag:
    They don’t define "QSpace functions" — it’s too broad.
    What exactly are those functions? Updates? Analytics? Error reporting? Marketing?
    A policy should explicitly describe specific uses.



🔴 3️⃣ No clear retention policy


  • Why it’s a red flag:
    They don’t say how long they keep your data.
    A responsible policy explains if data is kept permanently, only while the account is active, or a specific number of years.



🔴 4️⃣ No mention of security measures


  • Why it’s a red flag:
    No mention of data encryption, secure storage practices, or compliance with security standards (GDPR, CCPA, etc.).
    They just leave you guessing if they’re protecting your data or not.



🔴 5️⃣ Overly broad update clause




  • Why it’s a red flag:
    They can change the policy without requiring you to accept or even properly review it.
    Also, "receive notifications" is vague — will it be a popup? An email? A subtle mention you might not see?



🔴 6️⃣ Lack of opt-out or control options


  • Why it’s a red flag:
    There’s no mention of allowing you to access, correct, or delete your data.
    No opt-out of specific data collection (e.g., telemetry or analytics).
    Modern privacy standards almost always include these rights.



🔴 7️⃣ They mention PayPal data but no security details




  • Why it’s a red flag:
    They mention collecting sensitive payment data, but they don’t clarify how it is secured or whether they store it or just pass it to PayPal.
    Payment data needs strong security guarantees.



🔴 8️⃣ Mysterious "Others" section




  • Why it’s a red flag:
    It’s left hanging without context.
    Do they integrate with Google Drive? Do they sync your files? Do they collect Google Drive metadata?
    There’s no explanation of what data is transferred, stored, or accessed.

In short:
✅ The policy is super minimal — too simple for the amount of data they collect.
✅ It uses broad terms and lacks details on usage, sharing, security, and retention.
✅ It doesn’t give you any real control.
✅ It opens the door to future changes without meaningful consent.

You'd like their policy to be much more thorough than it is. But, you claimed they were being dishonest. What did you mean by that?
 
Are you for real?

You said they were dishonest. I understand that to mean they wrote an explicit lie or lied by omission. Which lines of their policy were intending to deceive. Are you aware of some policy they have and didn't disclose that is counter to a user's expectation?

You don't like their policy because it doesn't cover enough, but you accused them of dishonesty. Perhaps you chose the wrong words when you wrote "It seems they are not being honest with the privacy documentation." Maybe you just meant "It seems they are vague about their privacy practices."

They're probably just not very disciplined. But the data they are collecting is harmless and mostly needed to support their licensing approach. They should have mentioned that. I believe it's a very small shop - maybe just one person. Responses to my support requests always come from "Wenda". The website shows the name Tian Wenda as the copyright holder.
 
I am an absolute fan of QSpace. I know some people won't use it because it's from China. But, the QSpace developer doesn't hide that at all. Bloom's site doesn't mention where they're from, but the developer is in China. I do not hold that against them and plan on trying it in the future.

On the other hand, any software website that doesn't have something like "about us" on it worries me. I will give Bloom a few years to get a bit of a reputation before I risk installing it. Brand new (the first release was a month ago), anonymous software is a serious risk, especially when it's given full access to all of your files.

Bloom's website shows the name INCHMAN1900 and the email asiafu1900@gmail.com. On https://github.com/INCHMAN1900/ you can see the location of Beijing and the domain asiafu.com (registered in 2018). The person is a pretty new developer with a few tiny projects on Github starting in 2017. I'm definitely going to give it a few years before testing it. At least give it long enough for Apple's security software to become aware of any problems in it.


I wonder if those are the same who are perfectly fine with US software, written under a jurisdiction that spies on you.

actually China is better than USA. If China spies on you, what can they do? but if USA spies on you and you are in USA they can use it against you.

In any case, a file manager is very dangerous because it will see all your files and you never know what is reported back

Certain telemetry goes back to the developer, from what I can remember it is debugging data only. IO've tried (I tyhink) all alternative file managers out there and I keep on coming back to QSpace Pro. It is fully featured and regularly updated. Any bugs I've reported are quickly fixed.

how do you know what info goes back? they can be scanning your whole HDD and making copies
 
  • Like
Reactions: it wasnt me
actually China is better than USA. If China spies on you, what can they do? but if USA spies on you and you are in USA they can use it against you.

In any case, a file manager is very dangerous because it will see all your files and you never know what is reported back



how do you know what info goes back? they can be scanning your whole HDD and making copies
If you want to know what is being sent back and forth from your Mac, use Little Snitch or Lulu. Said apps can also give you more granular control over data packet use as well as specifically denying connections to and from your Mac.

I get being somewhat fearful. There is no need to go to extremes when you can educate yourself on what is happening in security apps.
 
If you want to know what is being sent back and forth from your Mac, use Little Snitch or Lulu.

Have you been able to figure out what actual data is transmitted? Applications probably use TLS (aka SSL) when communicating to their servers and that encrypted traffic is what is visible to Little Snitch. Correct me if I'm wrong. So, it would be hard to distinguish between my email address being sent versus my bank account number.

It is possible to set up man-in-the-middle interception and I've done it in the past using Fiddler. But, it's not entirely trivial and wouldn't be easy for the layman.
 
Deny internet access. Done.

do i have to use something like little snitch?

Have you been able to figure out what actual data is transmitted? Applications probably use TLS (aka SSL) when communicating to their servers and that encrypted traffic is what is visible to Little Snitch. Correct me if I'm wrong. So, it would be hard to distinguish between my email address being sent versus my bank account number.

It is possible to set up man-in-the-middle interception and I've done it in the past using Fiddler. But, it's not entirely trivial and wouldn't be easy for the layman.

my question exactly
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.