TIME EUROPE
July 31, 2000, Vol. 156 No. 5
Spies Among Us
Page One | Two
E.T. applications aren't quite that sinister. But they often spirit away personal information users would be appalled to know was being shared. "People may get a box to check, but they have no idea they're downloading tiny little spies that will report back on them," says Robert Ellis Smith, publisher of the Privacy Journal. "Most people don't even know that can be done."
Take the case of SurfMonkey, which is supposed to protect kids surfing the Web. The program blocks questionable language and prevents children from accessing inappropriate Web pages. But, according to Richard Smith, it also sends home information, including a user's personal ID, phone number and e-mail address. That's hardly privacy-friendly, says Smith.
SurfMonkey says it doesn't use the IDs to collect data on individuals; they're used to evaluate the appropriateness of websites for children. Any personal information that is gathered, the company says, is otherwise "ignored." In any case, the company plans to change its software in the next month to stop sending ID data to its server.
The roots of E.T. applications go back to a surprising place: Microsoft. When Windows 95 came out, it included a program called Registration Wizard, which let purchasers dispense with snail mail and register their Windows 95 software over the Internet. But it did something else too: it poked around on the purchaser's hard drive, making a list of other installed software — and sent the information back to Microsoft. Although Microsoft asked users for permission, it still caused an uproar. Critics contended that Bill Gates & Co. were snooping for commercial advantage: they charged that Microsoft wanted the data so that it could e-mail WordPerfect users to try to get them to switch to Microsoft's Word. Eventually the uproar died down, and Microsoft kept Registration Wizard just as it was.
In the five years since the Windows 95 rollout, E.T. applications have proliferated. More than 22 million people are believed to have downloaded them. The real driving force is that in the mad race for eyeballs and click-throughs on the Internet, information about who you are, where you live and what your surfing and buying patterns are is becoming increasingly valuable. "These days grabbing personal data is often seen as a surrogate for value by venture capitalists and Wall Street," says Jason Catlett, president of Junkbusters Corp., a privacy website.
There are hundreds of E.T. applications out there. Among the most popular: PKZip, shareware for compressing, storing and archiving files, and CuteFTP, widely used by the MP3 crowd to fetch music files. (Conducent, the company that embeds ads in PKZip and the current version of CuteFTP, says it sorts ad-view data only demographically and collects no personally identifiable information.) But even computer experts have trouble spotting E.T. programs. In some cases, they've come to light only when tech-savvy Internet-privacy advocates have picked apart the data streams moving in and out of their computers. That's how Smith blew the whistle on RealNetworks last fall.
RealNetworks makes the popular RealJukebox software, which lets users transfer music from the Net and their CDs to their hard drive so it can play on their computer. Smith noticed that when he put a CD in his computer, his music choice and his machine's unique identifier were sent back to RealNetworks. Since Smith had given RealNetworks his name and other identifying information when he registered his RealJukebox software, RealNetworks would be able to compile a database on what kind of music he was listening to. Under a fire storm of criticism, RealNetworks, which maintained it had no plans to correlate users' names with their musical tastes, nevertheless disabled its E.T. applications.
The most recent company to feel the heat over E.T. applications is Radiate, formerly known as Aureate. Radiate is an advertising company that works with the makers of shareware — software that can be downloaded free from the Internet. Shareware writers have long tried to support themselves by asking people who download their product to make voluntary payments. The problem was, few users paid up. Radiate's solution: placing ads on shareware. But these days the real money is in targeted ads that change to something else after they have been viewed once or that are matched to the interests and demographics of particular viewers. Radiate's ads — placed on such popular shareware as Go!zilla and older versions of Free Solitaire — came with E.T. software that embedded itself in 18 million people's computers and used their Internet connection to report back on what ads people were clicking on.
Internet-privacy advocates were furious. They argued that tracking the ads someone clicks on is inherently invasive. Computer users may not want it known that they're clicking on ads for, say, cancer drugs or pornography. A worst-case scenario: this kind of sensitive information, gleaned from a computer user's home Internet surfing, could make its way to the person's employer.
Worst of all, the original version of Radiate's software, which still resides in countless computers, was written to keep phoning home even after the shareware that put it there was deleted. In other words, even after you uninstall its shareware version of solitaire, your computer could keep reporting back on you. Users needed a special tool to delete the file, which the company provided on its website only later, after an outcry from privacy advocates.
Radiate insists it did nothing wrong. It says it never identified individual users who went to particular sites. "The information is anonymous," says spokesman Peter Fuller. "All we would know is that user XYZ123 clicked on an ad." And, Fuller says, no specific information about users was passed on to advertisers. Still, Radiate had the capacity to learn and share this information had it so wished.
One of the most insidious things about E.T. applications is that most computer users have no idea these invaders are in their computers. Steve Gibson, a computer consultant from Irvine, Calif., learned he had an E.T. application on his computer only when he was running Zone Alarm, an Internet-fire wall application. It listed applications on his computer that he knew were in contact with the Internet, such as his Internet Explorer browser and his Eudora e-mail. Then it asked him about one he'd never heard of: tsadbot.exe, which turned out to be an E.T. application he had unwittingly let into his computer a month earlier while downloading some shareware.
What can the average computer user do to guard against intrusions? Nothing — but Gibson wasn't an average user. Outraged, he developed a program called OptOut, which removes Radiate. He is working to extend it to other E.T. applications, including Conducent's adbot, the mysterious tsadbot.exe that he found lurking in his own computer.
One big question is, What will the law have to say about E.T. applications? Privacy advocates claim existing statutes ban many of them. In the United States, the Computer Fraud and Abuse Act, which was enacted to prohibit hacking of government computers, contains some broad language about unauthorized access to computer data. There's also a good chance the U.S. Congress may step in and pass new legislation that bans computer spying more directly. In any case, the first lawsuits have already been filed: a class action against RealNetworks seeks $500 million in damages on behalf of 1 million RealJukebox users in California.
Even before E.T. applications have their day in court, though, public resentment may be leading companies to be more cautious about using them. In an attempt to catch hackers who were crashing servers, EverQuest, a popular online role-playing game, devised an E.T. program that searched users' hard drives for hacker programs. As soon as it was announced, Verant Interactive, the company that makes EverQuest, was flooded with angry e-mail. "I got one from a veteran saying, 'I fought in Vietnam for the rights of this country, and one of those rights is the right to privacy,'" says Verant Interactive ceo John Smedley. In the face of the criticism, Smedley decided to dump the E.T. application and replace it with technology that looks for hackers on the company's servers. "It's probably not going to be as effective," he says. "But, hey, that's life."
Even Microsoft, which evoked the ire of privacy advocates with Registration Wizard, has joined the privacy crusade. It introduced a spot on Microsoft.com called Profile Center, which it says allows users to examine every piece of data Microsoft has collected about them — and delete data they don't want Microsoft to have. Yusef Mehdi, vice president of marketing for MSN, says Profile Center "has grown from the lessons we learned from Windows 95." One of the lessons, he notes, is that a well-advertised privacy policy can make business sense. "If you do that, you will inspire much more consumer confidence," he says, "and they will give you more data."
The new sensitivity many companies are exhibiting is good news for computer users concerned about privacy. Yet for every Radiate or Verant that gets caught and cleans up its act, there are probably more that haven't been caught — and are still spying. In the long run, Cheswick says, the answer may be to segment computer hard drives physically into public and private areas so downloads don't have access to information people want to keep confidential. For now, he has a simple solution: he just doesn't download applications from the Internet or from e-mail. That may seem drastic. But if you go the other route, don't be surprised at what your computer tells the world about you.
For more on Internet privacy, go to www.timeeurope.com
This edition's table of contents
TIME Europe home
More stories from TIME Europe and related links
E-mail us at mail@timeatlantic.com
COPYRIGHT © 2000 TIME INC.
|
|
|
|
July 31, 2000
SPECIAL REPORT
Spies Among Us
More than 20 million people have downloaded programs that secretly snoop inside their PCs. Are you one of them?
To Each His Own?
The answer's not clear when it comes to personal data. Ideas differ about how much control we need
EUROPE
The Final Reckoning
Businesses agree to compensation for wartime Germany's forced labor policies — but where's the money?
Sharing the Burden
German author Carola Stern talks about her call to share the compensation burden
A Nasty Tax Hangover
Sweden has one of Europe's lowest levels of booze-related illness — but now it faces an Absolut dilemma
Terror Reigns
Spain is rocked by a new wave of separatist attacks
Compensation Conflict
High politics and hidden treasure
MIDDLE EAST
Inside the Talks
How do you get Yasser Arafat and Ehud Barak to sit together? Time looks at the long, hard road just to reach the Camp David summit
BUSINESS
Don't Call Us
Telefónica's controversial chairman gets the cold shoulder from many of his former friends
He's Having a Mall
J.W. (Joe) Kaempfer is bringing discount culture to the staid commercial enclaves of Europe
TECHNOLOGY
Stamping Out Mines
Two machines designed in the U.K. offer hope for safe and speedy removal of war's deadly leftovers
SOCIETY
What Money Can't Buy
In a scathing book, super-shopper Mouna Ayoub claims her life married to a rich Saudi was hell
THE ARTS
Valentino's Day
As the Italian designer rethinks his business plan for the new millennium, his loyal "Val's Gals" celebrate 40 years of gowns with a timeless appeal
Unleashing a Storm
Digital effects play the major role in this would-be blockbuster — and make a splash in others too
Wickedly Good Fun
Bubble, bubble, months of trouble: Cameron Mackintosh's new show, The Witches of Eastwick, casts its spell in London
Coming of Age in Chaos
In a haunting debut novel, Moses Isegawa looks at his native Uganda through the eyes of a young boy
The Waltz of Progress
A readable guide to economic history suggests that we may not be quite as well off as we think we are
DEPARTMENTS
Techwatch
World Watch
|
|
