in case you didn't know...
m


>
>The singing spy
>
>Neil McIntosh on the Jukebox that listens to you - and tells all
>
>Thursday November 4, 1999
>The Guardian
>
>The company that supplies the web's most popular software for downloading
>and listening to music has been condemned by privacy activists after being
>caught secretly
>gathering information on surfers.
>
>RealNetworks has admitted that its RealJukebox program surreptitiously
>reports back to them on individual users' identities and listening habits,
>along with other
>information.
>
>After several months of silence in the face of accusations, RealNetworks'
>privacy statement at www.real.com was quietly amended last weekend to
>include references to
>the Globally Unique Identifier (GUID) - an electronic serial number issued
>when the software is registered - which is used in the clandestine
>communications.
>
>This week the company issued a software "patch" which will allow
>RealJukebox's 12 million users to block some of the data which was being
>sent without their permission.
>The company has also disabled the GUID system.
>
>Its doings were revealed by Richard M Smith, a US-based internet security
>consultant, in a report published on his website. He had found RealJukebox
>sends a mass of
>information to RealNetworks, including:
>
>? The number of songs stored on the user's hard drive;
>
>? The type of portable music player, the user connects to their computer;
>
>? The formats those songs are stored in - such as MP3 or RealAudio;
>
>? The user's favourite types of song;
>
>? The user's GUID number, which, when tallied against RealNetwork's own
>records, can identify each user, their email address and postcode.
>
>He also discovered that, if users do not change their default settings,
>the software will send details of any CD that they insert into their
>computer, along with the GUID
>number.
>
>Jason Catlett, of privacy watchdog Junkbusters, wrote an open letter to
>RealNetworks claiming that "the surreptitious transfer of information _ is
>a kind of Trojan Horse
>attack that should constitute 'exceeding authorised access' under the
>Computer Fraud and Abuse Act of 1986."
>
>But Shari Steele, director of legal services for online rights body the
>Electronic Frontier Foundation (EFF), said she was taking a less severe
>attitude after talks with the
>company.
>
>"While the information that was being collected could have led to pretty
>serious privacy abuses, such as a record of all of the music a person was
>permitted to download or
>had downloaded and all CDs they had played, RealNetworks wasn't actually
>using that information in a privacy-eroding way," she said. "They were
>collecting the
>information for future personalisation of their system, where they'd be
>able to provide music in preferred formats, notify users of new releases
>and so on, based on their past
>behaviours. But none of that has been implemented yet."
>
>"Obviously, there were concerns over this," said Tom Frank, RealNetwork's
>chief operating officer. "We take the privacy of our consumers extremely
>seriously, and we
>wanted to be responsive and decisive."
>
>Chief executive Rob Glaser admitted that RealNetworks had made a mistake
>in "not being clear enough to our users about what kinds of data was being
>generated and
>transmitted by the use of RealJukebox.
>
>"It was intended for aggregate purposes only," he said - contradicting a
>statement from the company to the New York Times on Monday, which said the
>information was
>being used to determine whether a user was "naive" or "sophisticated" in
>their use of the software.
>
>Earlier this year, similar rows about the potential for invasions of
>privacy involved Microsoft and chip maker Intel. Microsoft Word, the word
>processor, was found to be
>embedding a GUID in every document. This could, like an electronic
>fingerprint, enable someone to identify the PC used to produce it.
>
>Intel had also started embedding a serial number in its new Pentium III
>chips, for security purposes. But it could allow direct marketers and
>others to monitor the habits of
>web surfers.
>
>The EFF says self-regulation of online profiling has failed, and will tell
>the US Federal Trade Commission next week that new solutions are needed to
>stem "the misuse of
>personal information".
>
>The RealNetworks row is "exactly the type of abuse we're talking about" in
>a submission to the FTC, says Steele. "In fairness to RealNetworks, they
>claim that privacy was
>simply an oversight and that they really want to do the right thing.
>RealNetworks seems to have learned from the experience and is trying to be
>a good net citizen."
>
>But he sounds a cautionary note. "The problem is that few, if any,
>companies have an analysis of privacy considerations woven into their
>development cycle. This is really
>what needs to be done if companies want to avoid these kinds of faux pas
>in the future.
>
>"I suspect we'll be seeing a lot more of these cases over the next few
>months."
>
>? Richard M Smith's report: www.tiac.net/users/smiths/privacy/realjb.htm
>
>? Junkbusters: www.junkbusters.com
>
>                                                 © Copyright Guardian
>Media Group plc. 1999
>



>>you're willing to do
>>something during the opening party; are you a band too?
http://www.art-bag.net/convextv



 |   |   |   |   |   |   |   |   |   |   |   |   |   |
(a) (c) (o) (u) (s) (t) (i) (c) ( ) (s) (p) (a) (c) (e)
 |   |   |   |   |   |   |   |   |   |   |   |   |   |
information&comunication channel | for net.broadcasters
http://xchange.re-lab.net  (Xchange)  net.audio network
xchange search/webarchive: http://xchange.re-lab.net/a/