Re: RealNetworks is spying on Internet users again

From: Ross A. Finlayson (raf@tiki-lounge.com)
Date: Tue May 30 2000 - 14:47:40 MDT


Harvey Newstrom wrote:

> "Ross A. Finlayson" <raf@tiki-lounge.com> wrote:
> > > Harvey Newstrom wrote:
> > >
> > > > Another company is caught spying on your PC. RealNetworks installs a
> > > > "Download Demon" on your PC when you download their free players. It
> > > > records every download you make from the Internet and reports it back
> to
> > > > RealNetwork for marketing purposes.
> > > > Why do companies think they have the right to do this? I am seeing
> more and
> > > > more of this!
> > >
> >
> > The above statement is ambiguous as to whether it means every file
> accessed
> > through RealPlayer or every file accessed through browser or network
> stack.
>
> It records every download accessed through the browser.
>
> --
> Harvey Newstrom <http://HarveyNewstrom.com>
> IBM Certified Senior Security Consultant, Legal Hacker, Engineer, Research
> Scientist, Author.

I would call that a serious breach, and RealPlayer a serious beatch.

Do you happen to have copies of their user agreements that we might dissect?

Can you describe the technical method used to interface with browser history
mechanism? Also, what method is used to store this data by RealPlayer, and to
what destinations, by what protocol, and in what format is this data sent to
RealPlayer?

Furthermore, what other commodity software exhibits this or similar behavior?

In reference to Lorrey post, it is possible that software user agreement might
contain verbiage that is either explicit or twistable to allow RealPlayer
permission to abscond with this data which has absolutely no bearing on the use
of RealPlayer. Even if that were the case, it may be so that the contents of
the user agreement are not clear or that they are intentionally unclear, thus
to some extent voiding agreement.

The existence of damages from use of purposefully mislabelled software that
breaches security while stealing one's private data is easily inferred.

So, in a hypothetical situation where a user gets free software advertised to
act as a scientific calculator that plays an advertisement, if this software
then uploads the contents of your unrelated personal finance software without
permission, then you have been damaged and seeking redress of damages is
justified.

The browsers should be made to not permit the export of their history, no?



This archive was generated by hypermail 2b29 : Thu Jul 27 2000 - 14:12:11 MDT