[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: IP: Real, Netscape/AOL, NetZip ~may~ be monitoring all browser-initiated file downloads
> >To: Dave Farber <farber@cis.upenn.edu> >From: Jeff.Hodges@stanford.edu >Date: Sun, 16 Jul 2000 10:45:47 -0700 > >I've skimmed the stuff below and the key web page.. > > http://grc.com/downloaders.htm > >..and it certainly appears damning. But, Gibson isn't explicit on that >page as >to whether the link he clicked on to download the test file (from one of his >own machines) was being materialized to him in a vanilla web page (this is >what is being implied, seems to me), or somehow via the "Smart Download" >functionality itself -- dunno how that might be set up, but it's a reasonable >question to ask. Anyways, if it is the former (yikes), then I'm also curious >about what all other user actions are being monitored, plus his article >doesn't analyze anything beyond the one (albeit significant) test case. > >Personally, I'm not surprised this is occurring (sigh). I thought to >myself at >least a couple of years ago that it's just a matter of time before someone >distributes retail not-just-business-site-focused software that >surreptitiously communicates with others without end user knowledge, and I >wondered when it would come to light. Well, between Richard Smith and Gibson, >it's now apparently happening. Note that in the IBM-based mainframe world, >surreptitious monitoring of end-user behavior was an explicitly supported >feature of the environment (OS/MVS in my personal experience), but was >strictly confined to the workplace, plus there was (for most folks) no >Internet connectivity over which to (surreptitiously or not) communicate this >stuff to other organizations. I wonder if a portion of the rationalization >for >incorporating such monitoring facilities is something like "well, it's >nothing >new, been done for years, our license agreement doesn't preclude it (modulo >the significant NetZip boo-boo that Gibson points out on the above-referenced >page)? > > >JeffH > >------- Forwarded Message > >To: JeffH <jeff.hodges@kingsmountain.com> >From: "Steve Gibson's MailBot" <mailbot-elyzwrd4@grc.com> >Reply-To: "Steve Gibson's MailBot" <mailbot-elyzwrd4@grc.com> >Date: Sun, 16 Jul 2000 09:38:09 -0800 >Subject: Steve Gibson's July/2000 News from GRC.COM ... > >Hello JeffH, > >_________________________________________________________________ > > The File Download Utilities from Real Networks, > Netscape/AOL, and NetZip *ARE* Spying On Us! >_________________________________________________________________ > > >Before I tell you about this latest threat to our privacy ... > > I MUST ASK YOU PLEASE not to reply directly to this eMail. This > mailing is being sent to more than 325,000 people, so there is > JUST NO WAY for us to read and answer individual questions. > > I have created two resources for you to use for follow up: > > 1. A comprehensive new page on my web site which discusses this > threat at greater length and shows the detailed contents of > a "spyware packet" as it was leaving a test machine of mine: > > http://grc.com/downloaders.htm"; >File Downloaders > > 2. A very active PUBLIC DISCUSSION FORUM which you are invited > to use for asking questions and getting more information. > Any standard Internet newsreader -- like those included in > Internet Explorer and Netscape Navigator -- can be used to > participate in the free discussion forums at grc.com. Just > click the link below to launch your reader and begin > participating ... > > news://grc.com/newsletter"; >The Newsletter Forum > > Or, if that doesn't work, you can access the forum through > our web-based interface (though it is much less cool.) > > http://grc.com/newsletter.htm"; >Web Discussion > > >The SERIOUS New Spyware Threat ... > > NetZip's "Download Demon" was purchased by Real Networks and > renamed "Real Download". then Netscape/AOL licensed it from > Real and called it "Netscape Smart Download." > > By watching the "packet traffic" flowing out of one of my > machines while downloading a file through the Internet, I > verified the rumors which you may have heard regarding these > programs: All of these programs immediately tag your computer > with a unique ID, after which EVERY SINGLE FILE you download > from ANYWHERE on the Internet (even places that might not be > anyone else's business) is immediately reported back to the > program's source, along with your machine's unique ID *and* > its unique Internet IP address. > > This information allows them to compile and create > a detailed "profile" about who you are based upon the > web sites you visit and the files you have downloaded. > > Perhaps you don't mind being watched and tracked as you move > around the Internet ... and having every file you download > reported along with your unique ID and IP address. But the > idea of this being done WIHTOUT YOUR KNOWLEDGE, seems invasive > to me in the extreme. And even if you carefully read the > program's license, you might not be aware that this is going > on or that "you agreed to it" when you accepted their terms! > > More than 14 Million people are already using the original > NetZip Download Demon. NetZip knows the exact number, since > every copy of their program "phones home" to report on what > their users are doing! And I'm sure people are downloading Real > Network's ReadDownload and Netscape's SmartDownload like crazy. > > A Class Action lawsuit was recently filed against Netscape/AOL > because of this privacy invasion, so perhaps the PC industry > will begin to receive the message that this sort of secret > spying and profiling is not okay with the rest of us, even if > it is buried within a lengthy license agreement. You decide. > > And, of course, the next release of my own OptOut spyware > detection and removal utility WILL consider these programs to > be dangerous, and warn its users of their presence in their > systems. But I wanted to be sure that you knew RIGHT AWAY what > was going on, and that I had independently confirmed that this > invasive file download and trackability really was occurring. > > Our web page has the FULL STORY, with plenty of background: > > http://grc.com/downloaders.htm"; >File Downloaders > > And if you have questions or comments, please see ... > > news://grc.com/newsletter"; >The Newsletter Forum > > ... or ... > > http://grc.com/newsletter.htm"; >Web Discussion > >_________________________________________________________________ > >Thank you for your time. I hope this has been useful to you. > >Steve Gibson. http://grc.com/"; >GRC Website > >________________________________________________________________ >You may change your eMail address or remove yourself from this >eMail system entirely, by visiting your personal page anytime: >http://grc.com/x/ne.dll?6elyzwrd46"; >Update Info > >------- End of Forwarded Message
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC