OK listers, Zoomtext 8.03 does NOT contain spyware. After posting my
original message to another list, I now understand what is going on.
Read on, if you are a technical type. To recap, I used a network sniffer and
saw that Zoomtext was transmitting a clear text packet containing user info.
I then used an "IP whois" tool and it reported that the IP address in
question was a server on MCI's network. This info was erroneous. After using
another "whois" tool, it reported this address is part of a network IP block
dedicated to RFC 3171 (multicast). These packets should not leave a LAN if
it is properly configured. Therefore, user info does not reach the internet.
The packets generated by Zoomtext are used to insure license compliance.
Thanks to everyone whom responded.
-----Original Message-----
From: VICUG-L: Visually Impaired Computer Users' Group List
[mailto:[log in to unmask]] On Behalf Of Joe Clever
Sent: Thursday, October 09, 2003 1:24 PM
To: [log in to unmask]
Subject: Re: Zoomtext 8.03 may contain spyware
Ian,
I understand their need to limit the number of machines running Zoomtext =
by
license. But, this does not explain why Zoomtext needs to transmit a UDP
packet in clear text, containing my user info, every 60 seconds to their
server on the internet? Even if they do not collect any data (yea, =
sure),
anyone with a sniffer can see this data. It's a matter of privacy and =
the
fact that they are not up front with customers by putting this info in =
their
EULA.
-----Original Message-----
From: VICUG-L: Visually Impaired Computer Users' Group List
[mailto:[log in to unmask]] On Behalf Of Ian Sangree
Sent: Thursday, October 09, 2003 8:28 AM
To: [log in to unmask]
Subject: Re: Zoomtext 8.03 may contain spyware
Joe,
This is the official blurb from AI Squared release notes. This is =3D
undoubtedly what your network sniffer is finding.=3D20
Quote
" ZoomText 8.0 utilizes network discovery to limit=3D20
product usage to the limits of its license.
+ When running a single-user copy, if another=3D20
single-user copy with the same serial number is=3D20
discovered, the new instance of ZoomText will=3D20
receive a License Violation message and be forced=3D20
to exit. Note: The License Violation message will=3D20
identify the copy that's already running by=3D20
displaying the registration information (name and=3D20
company) along with the machine name.
+ When running a Site License or District License,=3D20
if any license of the same type is discovered=3D20
(serial numbers need not match), the higher number=3D20
of users is used to determine if the new instance=3D20
has exceeded to the number of licensed users. If it=3D20
has, it will receive a License Violation message=3D20
and be forced to exit."
End Quote
Please note that the information provided here is my own opinion and in =
=3D
no way reflects the opinions of the Lighthouse of Houston. =3D20
Ian Sangree
Director of Adaptive Technology Services
The Lighthouse of Houston
3602 W. Dallas
Houston, TX 77019
voice (713) 284-8430
fax (713) 527-8451
-----Original Message-----
From: Joe Clever [mailto:[log in to unmask]]
Sent: Wednesday, October 08, 2003 4:18 PM
To: [log in to unmask]
Subject: Zoomtext 8.03 may contain spyware
After using a network sniffer on my LAN, it appears to me that Zoomtext =
=3D
=3D3D
8.03
is transmitting user information back to a server (IP address =3D3D
239.240.18.21)
on the internet. The information is being transmitted in plain text. Ai
Squirm appears to be collecting information you supply during the
installation process of Zoomtext, such as serial number, user name, =
=3D3D
company
name, computer name and possibly more. The info is transmitted every 60
seconds, or so.=3D3D20
I hope someone more knowledgeable about TCP/IP, than I, can confirm or =
=3D
=3D3D
deny
my findings. I have not checked earlier versions of Zoontext for this
behavior.
I see no mention of this data collection in Ai Squared's End User =3D3D
License
Agreement or in their site privacy policy. To me, this is sad, =3D3D
irritating
and annoying and this meets my definition of "spyware".
VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask] In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html
VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask] In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html
VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask] In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html
VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask] In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html
|