I'm sure most of you will find the following of much interest.
On Mon, 17 Jul 2000 02:40:13 -0800, Steve Gibson's MailBot
<[log in to unmask]> wrote:
Hello dan,
_________________________________________________________________
The File Download Utilities from Real Networks,
Netscape/AOL, and NetZip *ARE* Spying On Us!
_________________________________________________________________
Before I tell you about this latest threat to our privacy ...
I MUST ASK YOU PLEASE not to reply directly to this eMail. This
mailing is being sent to more than 325,000 people, so there is
JUST NO WAY for us to read and answer individual questions.
I have created two resources for you to use for follow up:
1. A comprehensive new page on my web site which discusses this
threat at greater length and shows the detailed contents of
a "spyware packet" as it was leaving a test machine of mine:
<a href= "http://grc.com/downloaders.htm" >File Downloaders</a>
2. A very active PUBLIC DISCUSSION FORUM which you are invited
to use for asking questions and getting more information.
Any standard Internet newsreader -- like those included in
Internet Explorer and Netscape Navigator -- can be used to
participate in the free discussion forums at grc.com. Just
click the link below to launch your reader and begin
participating ...
<a href= "news://grc.com/newsletter" >The Newsletter Forum</a>
Or, if that doesn't work, you can access the forum through
our web-based interface (though it is much less cool.)
<a href= "http://grc.com/newsletter.htm" >Web Discussion</a>
The SERIOUS New Spyware Threat ...
NetZip's "Download Demon" was purchased by Real Networks and
renamed "Real Download". then Netscape/AOL licensed it from
Real and called it "Netscape Smart Download."
By watching the "packet traffic" flowing out of one of my
machines while downloading a file through the Internet, I
verified the rumors which you may have heard regarding these
programs: All of these programs immediately tag your computer
with a unique ID, after which EVERY SINGLE FILE you download
from ANYWHERE on the Internet (even places that might not be
anyone else's business) is immediately reported back to the
program's source, along with your machine's unique ID *and*
its unique Internet IP address.
This information allows them to compile and create
a detailed "profile" about who you are based upon the
web sites you visit and the files you have downloaded.
Perhaps you don't mind being watched and tracked as you move
around the Internet ... and having every file you download
reported along with your unique ID and IP address. But the
idea of this being done WIHTOUT YOUR KNOWLEDGE, seems invasive
to me in the extreme. And even if you carefully read the
program's license, you might not be aware that this is going
on or that "you agreed to it" when you accepted their terms!
More than 14 Million people are already using the original
NetZip Download Demon. NetZip knows the exact number, since
every copy of their program "phones home" to report on what
their users are doing! And I'm sure people are downloading Real
Network's ReadDownload and Netscape's SmartDownload like crazy.
A Class Action lawsuit was recently filed against Netscape/AOL
because of this privacy invasion, so perhaps the PC industry
will begin to receive the message that this sort of secret
spying and profiling is not okay with the rest of us, even if
it is buried within a lengthy license agreement. You decide.
And, of course, the next release of my own OptOut spyware
detection and removal utility WILL consider these programs to
be dangerous, and warn its users of their presence in their
systems. But I wanted to be sure that you knew RIGHT AWAY what
was going on, and that I had independently confirmed that this
invasive file download and trackability really was occurring.
Our web page has the FULL STORY, with plenty of background:
<a href= "http://grc.com/downloaders.htm" >File Downloaders</a>
And if you have questions or comments, please see ...
<a href= "news://grc.com/newsletter" >The Newsletter Forum</a>
... or ...
<a href= "http://grc.com/newsletter.htm" >Web Discussion</a>
_________________________________________________________________
Thank you for your time. I hope this has been useful to you.
Steve Gibson. <a href= "http://grc.com/" >GRC Website</a>
________________________________________________________________
You may change your eMail address or remove yourself from this
eMail system entirely, by visiting your personal page anytime:
<a href= "http://grc.com/x/ne.dll?6egurcjd46" >Update Info</a>
VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask] In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html
|