detekt.exe imports from WS2_32.DLL "ntohl" function, which shouldn't be a cause for concern, but then shortly after startup it does spawn another instance of itself, which listens... debugging into the child process, I set a breakpoint on all of ws2_32.dll's functions and resume, leading to this:
This leads back to _socket.pyd , sip.pyd, and eventually QtCore4.dll. Tracing a bit further, I see what's happening:
It starts a local Python web server in order to serve the main dialog of the application, the one with the language selector, which is an HTML page embedded in a browser control. No wonder it hung when you denied the connection and showed a blank frame. If you let it continue and figure out where it's listening, you can actually visit the page in your web browser and see the program's dialog. One of the most convoluted ways to display a dialog I've ever seen, and probably worth a "WTF?", but I don't think it's intended to be malicious. The developer could've handled this a bit better, that's for sure.
consider that the majority of the people who aim to download and use this THING are those who do something against their government's red lines. This is quiet enough to make this THING a good Trojan horse for hiding anything than can track/detect(detekt!?) an activist. serving the main dialog of the application may be merely a camouflage for other uses of Python inside the file.
The developer has re-opened my report now, which will probably never be addressed anyway, since the UI is so convoluted.
Funny thing is that this 'anti-spyware' app creates more confusion than most of the spyware I've seen. Sadly, most people will just run this thing and think they're safe, since they believe the authorities (eff.org, amnesty) but don't even use a firewall.
https://github.com/botherder/detekt/issues/20
The developer immediately closed my report, without discussion and all he could say is: "Trust me. Detekt definitely isn't spyware."
Somehow, this does not make me feel secure.