Re: RealNetworks is spying on Internet users again

From: Emlyn (pentacle@enternet.com.au)
Date: Mon May 29 2000 - 17:07:33 MDT


I would think that the best way of dealing with this would be for a group of
coders to get together and write software which sends bogus info to these
companies. For example, software which just makes up pretend info and spams
it to RealNetworks via the mechanism now being used by them to steal your
eBehaviour.

What I evisage is an app designed to stuff up the info being sent out in any
product known to have this type of "function". Of course, you'd have to code
for each one, but hey.

Such an app could be freely available (put advertising in it, and who knows,
it might make a few bucks). Alternatively, a less scrupulous group might
release it as a benign virus aka melissa et al, which sits silently in the
background and messes with nasty software as above.

Emlyn
Arr arr, shiver me timbers

----- Original Message -----
From: Harvey Newstrom <mail@HarveyNewstrom.com>
To: <transhuman@logrus.org>; <extropians@extropy.com>
Sent: Tuesday, May 30, 2000 1:48 AM
Subject: RealNetworks is spying on Internet users again

> Another company is caught spying on your PC. RealNetworks installs a
> "Download Demon" on your PC when you download their free players. It
> records every download you make from the Internet and reports it back to
> RealNetwork for marketing purposes.
>
> Why do companies think they have the right to do this? I am seeing more
and
> more of this!
>
> --
> Harvey Newstrom <http://HarveyNewstrom.com>
> IBM Certified Senior Security Consultant, Legal Hacker, Engineer,
Research
> Scientist, Author.
>
> > ----- Original Message -----
> > From: "PRIVACY Forum" <privacy@vortex.com>
> > To: <PRIVACY-Forum-List@vortex.com>
> > Sent: Thursday, May 18, 2000 9:33 PM
> > Subject: PRIVACY Forum Digest V09 #15
> >
> >
> > > PRIVACY Forum Digest Thursday, 18 May 2000 Volume 09 : Issue
> 15
> > >
> > > (http://www.vortex.com/privacy/priv.09.15)
> > >
> > > Moderated by Lauren Weinstein (lauren@vortex.com)
> > > Vortex Technology, Woodland Hills, CA, U.S.A.
> > > http://www.vortex.com
> > >
> > > ===== PRIVACY FORUM =====
> > >
> >
  -------------------------------------------------------------------
> > > The PRIVACY Forum is supported in part by
> > > the ACM (Association for Computing Machinery)
> > > Committee on Computers and Public Policy,
> > > Cable & Wireless USA, Cisco Systems, Inc.,
> > > and Telos Systems.
> > > - - -
> > > These organizations do not operate or control the
> > > PRIVACY Forum in any manner, and their support does not
> > > imply agreement on their part with nor responsibility
> > > for any materials posted on or related to the PRIVACY Forum.
> >
  -------------------------------------------------------------------
> > >
> > >
> > > CONTENTS
> > > RealNetworks Returns: The "Spy" in "Download Demon"
> > > (Lauren Weinstein; PRIVACY Forum Moderator)
> > >
> > >
> > > *** Please include a RELEVANT "Subject:" line on all submissions! ***
> > > *** Submissions without them may be ignored! ***
> > >
> >
>
> --------------------------------------------------------------------------
> > ---
> > > The Internet PRIVACY Forum is a moderated digest for the discussion
and
> > > analysis of issues relating to the general topic of privacy (both
> personal
> > > and collective) in the "information age" of the 1990's and beyond.
The
> > > moderator will choose submissions for inclusion based on their
relevance
> > and
> > > content. Submissions will not be routinely acknowledged.
> > >
> > > All submissions should be addressed to "privacy@vortex.com" and must
> have
> > > RELEVANT "Subject:" lines; submissions without appropriate and
relevant
> > > "Subject:" lines may be ignored. Excessive "signatures" on
submissions
> > are
> > > subject to editing. Subscriptions are via an automatic list server
> > system;
> > > for subscription information, please send a message consisting of the
> word
> > > "help" (quotes not included) in the BODY of a message to:
> > > "privacy-request@vortex.com". Mailing list problems should be
reported
> to
> > > "list-maint@vortex.com".
> > >
> > > All messages included in this digest represent the views of their
> > > individual authors and all messages submitted must be appropriate to
be
> > > distributable without limitations.
> > >
> > > The PRIVACY Forum archive, including all issues of the digest and all
> > > related materials, is available via anonymous FTP from site
> > "ftp.vortex.com",
> > > in the "/privacy" directory. Use the FTP login "ftp" or "anonymous",
> and
> > > enter your e-mail address as the password. The typical "README" and
> > "INDEX"
> > > files are available to guide you through the files available for FTP
> > > access. PRIVACY Forum materials may also be obtained automatically
via
> > > e-mail through the list server system. Please follow the instructions
> > above
> > > for getting the list server "help" information, which includes
details
> > > regarding the "index" and "get" list server commands, which are used
to
> > access
> > > the PRIVACY Forum archive.
> > >
> > > All PRIVACY Forum materials are available through the Internet Gopher
> > system
> > > via a gopher server on site "gopher.vortex.com". Access to PRIVACY
> Forum
> > > materials is also available through the Internet World Wide Web (WWW)
> via
> > > the Vortex Technology WWW server at the URL: "http://www.vortex.com";
> > > full keyword searching of all PRIVACY Forum files is available via
> > > WWW access.
> >
>
> --------------------------------------------------------------------------
> > ---
> > >
> > > VOLUME 09, ISSUE 15
> > >
> > > Quote for the day:
> > >
> > > "All gamblers die broke."
> > >
> > > -- Bim (Leo Gorcey)
> > > "Angels with Dirty Faces" (First National; 1938)
> > >
> > > ----------------------------------------------------------------------
> > >
> > > Date: Thu, 18 May 2000 12:20 PDT
> > > From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
> > > Subject: RealNetworks Returns: The "Spy" in "Download Demon"
> > >
> > > Greetings. You'd think they'd have learned by now. After their
public
> > > relations snafus with the Globally Unique Identifier in their
RealPlayer
> > > product, and concerns over information being transmitted to Real by
> their
> > > RealJukebox package, one would have hoped that they'd figured out how
> > folks
> > > feel about their activities being monitored, even when the monitoring
is
> > > theoretically anonymous. After all, RealNetworks, Inc.
> > > (http://www.real.com) takes pains to mention that they're a member of
> the
> > > Online Privacy Alliance, whose stated aim is to "... create an
> environment
> > > of trust and foster the protection of individuals' privacy online."
> > >
> > > But it's hard not to mutter some choice expletives under your breath
> upon
> > > learning the details of RealNetwork's latest heavily-promoted goodie
> from
> > > their Netzip, Inc. (http://www.netzip.com) subsidiary--the "Download
> > Demon"
> > > package. Actually, Real should win the "honesty in product naming"
> award
> > for
> > > this one--"demon" seems to be a particularly apt description.
> > >
> > > You may already have stumbled across this little surprise on your
> system.
> > > I found it apparently bundled in with other downloads I had made from
> > > RealNetworks. The Download Demon attempts to automate various file
> > > downloading functions, to permit downloads to be interrupted and later
> > > resumed, plus other related functionality. It attracted my attention
> > since
> > > it had silently linked itself into my Web browsers to take over all
> > > downloading operations--*without* my having taken any specific actions
> to
> > > install or enable it--and my system was hanging in the course of
various
> > > downloads! I removed it with some difficulty. Only later did I
> discover
> > > the much less obvious "feature" of the Download Demon--for all files
you
> > > download, from *any* sites, the Demon sends details (e.g. file names
and
> > > URLs) to RealNetworks/Netzip! Surprise!
> > >
> > > I'll give them some credit--at least this is all spelled out in their
> > > privacy policy (http://www.netzip.com/about/privacy.html). Of course,
> > this
> > > assumes that you thought to even bother reading a privacy policy for a
> > > "simple" downloading package, or had the time to plow through the
entire
> > > lengthy document (which of course is subject to change at any time).
> > > A handy attorney to help you analyze the policy might also be useful.
> > >
> > > Real makes the usual "you can trust us" sorts of boilerplate
statements.
> > > They say that they don't store your Internet IP addresses in tandem
with
> > the
> > > data that they record about what you download. They claim that it's
all
> > > "anonymous" and that they don't link in personally identifiable
> > > information. The stated purpose for the flow of information about
your
> > > detailed downloading activities is to target the ads in the "free"
> version
> > > of the Download Demon software, and for (here it comes) "aggregate,
> > > anonymous statistical analysis" purposes. There is no suggestion that
> > this
> > > data flow ceases if a user upgrades the product by paying for
> registration
> > > (to turn off the ads).
> > >
> > > This whole area of commercial monitoring of Internet user activity in
> > various
> > > ways, both in "free" and non-free software, is a gigantic growth
> industry,
> > > largely fueled by the absence of even basic legislation to provide
> > consumers
> > > with specific rights in this regard. Such software packages may
> entangle
> > > themselves into users' systems in manners that are difficult to
notice,
> > > understand, control, or remove. The ongoing controversy over the
> > technology
> > > used by Radiate, Inc.--formerly Aureate Media (http://www.radiate.com)
> to
> > > track various aspects of users' behavior in many popular "freeware"
> > software
> > > packages is a case in point.
> > >
> > > The "trust us, it's anonymous, you have nothing to be concerned about"
> > > philosophy expounded in so many complex commercial privacy policies
> might
> > > satisfy Alfred E. Neuman ("What, me worry?") of "Mad Magazine" fame,
but
> > > seems increasingly inadequate for the rest of us.
> > >
> > > As far as the "Download Demon" is concerned, if you feel that it's
> > > RealNetwork's business to know the details of your file downloads from
> > > whatever sites you visit, by all means continue to use it. If not,
you
> > may
> > > want to consider trying to remove it (in the MS Windows case, via the
> > Windows
> > > Add/Remove Programs controls), and take care that it isn't
automatically
> > > installed again in the course of some other software installations.
You
> > > might also wish to consider dropping a note to privacy@netzip.com
> letting
> > > them know how you feel about these issues, pro or con.
> > >
> > > To many firms, the Web has become the vehicle for all manner of
invasive
> > > systems and policies which few of us would tolerate in the routine,
> > > "non-computer" aspects of our lives. It's up to you to decide whether
> or
> > > not you wish to passively play along with the salacious circus of
> > > software spies.
> > >
> > > --Lauren--
> > > Lauren Weinstein
> > > lauren@pfir.org or lauren@vortex.com
> > > Co-Founder, PFIR: People for Internet Responsibility -
> http://www.pfir.org
> > > Moderator, PRIVACY Forum - http://www.vortex.com
> > > Member, ACM Committee on Computers and Public Policy
> > >
> > > ------------------------------
> > >
> > > End of PRIVACY Forum Digest 09.15
> > > ************************
> > >
> >
>
>



This archive was generated by hypermail 2.1.5 : Fri Nov 01 2002 - 15:28:53 MST