|
HOME TOPICS ABOUT ME Did you ask for this? Did you tell someone it's OK to spy on you? |
technofile Al Fasoldt's reviews and commentaries, continuously available online since 1983 Netscape's 'SmartDownload' program is spying on your activitiesJuly 19, 2000 By Al Fasoldt Copyright ©2000, Al Fasoldt Copyright ©2000, The Syracuse Newspapers Your privacy means nothing to some of the companies you trust. Take Netscape. You'd think you could trust Netscape Communications, the company that started the Internet ball rolling for millions of computer users. The folks who founded Netscape invented the Web browser. I've been recommending Netscape's software for a long time. But it's time to reconsider. Not because the software isn't good. Because the company that makes it has lost its mind. If you are a Windows user, Netscape Communications has a surprise for you -- a hidden surprise. When you download and install Netscape's Web browser or the suite of programs called Netscape Communicator, the installation program tries to install something called "Netscape SmartDownload." What Windows user could resist? Wouldn't you like to have something that makes your downloads smart? But the "SmartDownload" program is doing something else. It's spying on you. It's keeping track of the files you download off the Internet and reporting back to a central Web site. It's logging your personal download habits -- and the personal download habits of everyone else in your family who uses your Windows PC -- and sending that information to someone else, without your permission. Did you ask for this? Did you tell someone it's OK to spy on you? Did you tell someone it's just fine to hide away in your Windows closet and take notes about every file you transfer to your computer? I'll bet there are sites you've gone to that might give somebody the wrong impression. Or sites you've gone to that might give somebody the RIGHT impression. Whose business is this but yours? Netscape's "SmartDownload" started out as a program from NetZip called "Download Demon." RealNetworks, the company that makes the famous Real Player, bought "Download Demon" and renamed it "Real Download." It then licensed it to AOL. America Online called it "Netscape Smart Download." Yes, AOL is behind this, too. America Online owns Netscape Communications. "Netscape Smart Download" was added to Netscape's software after AOL bought the browser company. I'd already known about one kind of spying RealNetworks was doing last winter. It was tracking the habits of Windows users through a program called RealJukebox. When word got out about the hidden spy program built into RealJukebox, RealNetworks said it had no intention of spying and wouldn't do such things in the future. Or something like that. You'll have to forgive me for failing to take this kind of statement seriously. I didn't memorize it. I just thought it was hot air. But the revelations about Netscape's spying were a real surprise. I learned about them from Steve Gibson, who runs a one-man crusade against spyware. Here's what Gibson said last week about NetZip's "Download Demon," Real Network's "Real Download" and Netscape's "Smart Download": "By watching the 'packet traffic' flowing in and out of one of my machines while downloading a file through the Internet, I verified the rumors which you may have heard regarding these programs: All of these programs immediately tag your computer with a unique ID, after which EVERY SINGLE FILE you download from ANYWHERE on the Internet (even places that might not be anyone else's business) is immediately reported back to the program's source where it is logged and recorded along with your machine's unique ID. They also have the opportunity to capture and record your machine's unique Internet IP address." The information collected on the sly, according to Gibson, "is then compiled and used to create a detailed 'profile' about who you are based upon the Web sites you visit and the files you have downloaded." The people who send out this kind of spyware sometimes play a game with your mind. Sometimes spyware just installs itself secretly, without a single sign that it's there. But the latest kind of spyware pretends to ask for permission. It's the old "fine print" pretense. The download spy program tells you it won't be installed unless you agree to the things it does. You remember seeing that notice, right? In big print, right on your screen? Nonsense. It's hidden away, and you can be sure it doesn't say something like "THIS PROGRAM SPIES ON YOU." "This seems extremely invasive to me," Gibson wrote in his newsletter last week. "Unless you have carefully read the program's license you might not be aware that this is going on or that 'you agreed to it' when you accepted the terms of the license." Gibson continued: "More than 14 Million people are already using the original NetZip Download Demon. NetZip knows the exact number, since every copy of their program 'phones home' to report on what their users are doing! And I'm sure people are downloading Real Network's RealDownload and Netscape's SmartDownload like crazy." If all this sounds familiar, that's because it is. When RealNetworks was caught spying on Windows users late last year, most of us who keep track of this kind of thing probably figured no respectable company would do such a thing again. It was a fluke, right? That's what we thought at the time. Of course, we now know it wasn't a fluke. We now know how much we can trust those big, respectable companies. We can't trust them at all. AOL, Netscape, RealNetworks. We simply can't trust them. AOL is facing a class action lawsuit because of this spying. But no lawsuit will change what's wrong. Taking companies to court doesn't teach good manners to the people who run them. Call it a question of ethics or morals if you want. It's surely that. But it's also a simple question of good manners. Nobody has the right to spy on you. Period. Until the world changes, you need to make sure the spies are kept away. At this time, the best protection is Steve Gibson's free spy-detection program for Windows. It's called OptOut. You can download it at no cost from Gibson's Web site, http://www.grc.com. Install OptOut and run it every day. It's very fast and doesn't have to run all the time. Once a day is fine. If you use Windows but don't run OptOut every day, you're trusting some big companies too much. |