AOL Using Netscape to Spy?

Keepiru writes "AOL is the target of a class action lawsuit that accuses it of violating federal privacy laws." Basically it says that the SmartDownload feature in communicator is dumping back user download information to big brother, and this violates the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act.

They are spying, it has been proven

[Snaller]

Of course since the guys at slashdot probably have stocks in netscape they didn't care to run it as a major story. Gibson Research has tested them with packet sniffers:
RealNetworks RealDownload, Netscape/AOL Smart Download, and NetZip Download Demon utilities all report back to their respective owners, reporting the URL of what you are downloading, a unique ID tagging your machine, and your IP number - the IP number is sent along in the package so proxies etc won't help.

Have a look
http://grc.com/downloaders.htm

--

Where the heck did this story come from?

[molo]

Where the heck did this story come from?
I found it on my "Older Stuff" slashbox on my main page with 0 comments listed. Whats the deal? Bug in slashcode?

I never saw it posted to begin with.

Re:Where the heck did this story come from?

[DrPsycho]

Definitely very VERY strange. I don't remember seeing this posted on the main page (and having broken a toe recently, I've been propped up checking Slashdot far too often). I too saw in the Older Stuff slashbox... only mine indicated ONE comment. :^)

Nothing wrong with that, except that all the other adjacent stories seem to be up in the several hundreds as far as posts are concerned.

I don't know if I'd run out and call this a bug in Slashcode though. I'd call it a feature! I look at this way. No hot grits. No Natalie Portman naked, petrified, shaken nor stirred. No races for first post bragging rights. No ASCII art of beer, sheep, or beer with sheep. No flamebait. No bitching about karma and moderation. No trolls.

My, oh my! This just might be the next logical step in the evolution of Slashdot!

Of course... having publically professed all of this just opens the floodgates for all of the above. Ya just can't win, can ya?

Re:Where the heck did this story come from?

[jasonepowell]

I was thinking the same thing... something like aol being big brother should have incited a virtual riot.

The Glories of Legitimate News

[gunner800]

First, my obligatory "WTF, why is this just in 'Older Stuff'?"

This story (on Yahoo! news for those who don't want to read it) gives absolutely no technical details. I have no way to verify to my own satisfaction whether the claims are accurate. I don't even have a starting point from which to determine if I, too, have been violated.

If some "underground hacker site" had reported this, it would be loaded with information that is actually useful.

Damned hackers, always educating the public...


My mom is not a Karma whore!

Wasn't happy about it.

[AtariDatacenter]

The moment I tried the "What's Related" button, I was a little miffed. (It was among the buttons I never use like "netscape" and "search" cluttering my browser pane.) They're getting the URLs I visit to see "what's related"? Now just what are the chances of them recording it for other purposes?

If you're worried about web bugs or cookies, here's a big one that people should be turning OFF.

Re:Wasn't happy about it.

[Muttonhead]

"What's Related" works whether you click the button or not. Go into Pref, Navigator, Smart Browsing and turn the beast off. If that doesn't stop it then AOL is lying to you.

The Privacy Market

[TheNightOwl]

There is a large market niche of folks who value security and privacy in their browser. Ultimately this niche will be filled by someone, but the question is who? Microsoft appears to have only limited appeal to this market segment, and if the charges made here are correct, AOL/Netscape also seems to be squandering their opportunity.

A commitment to target this niche must come from the top levels of an organization. The corporate leaders must make it very clear that backdoors, bugs, data capture etc. are not permitted in their software. Without this leadership from the top, there is too much temptation (in the middle) to participate in this type of shenanigans.

The folks at AOL/Netscape have a great opportunity to differentiate themselves in how they handle privacy issues. From a PR standpoint, it seems like a no-brainer for AOL/Netscape management to proclaim that this type of backdoor is unacceptable, and that they will immediately investigate and close it. If it turns out that the alleged backdoor exists, and AOL/Netscape does not immediately and proactively work to correct it, their credibility in this market will be irreparably damaged.

Re:The Privacy Market

You assume corporations value individual's privacy. MS does not value your privacy, IE checks in with ms.com every time you open it. Real Networks puts it in the license agreement '...it sends the name and URL of the file you are downloading along with relevant product and Internet communication information to RN'. What violations of privacy?

The corporation will feel more secure knowing everywhere you go, everyone you talk to, but they aren't volunteering to make your life easier. They won't tie this valued marketing information to you as a person or an IP address. They will not send targeted ad's to you based on the demographics you generate. So they steal my demographics, then they don't make my life easier by giving me almost relevent junk noise. Go figure.

Leadership from the top will come in the form of the Big Person watching over you. That's the kind of leadership we keep letting the companies move towards. What ever happened to the customer is always right? That wasn't as profitable as gouging the customer. MS didn't make $500B last year by listening to the consumers. Why should they change?

Without backdoors how will the FBI access your computer through the ISP they have a wiretap through?

AOL had credibility? Yeah I know AOL/Netscape, but still...

Re:The Privacy Market

[alleria]

I was under the impression that open source projects like Mozilla are filling this niche?

Ouch.

[BSDvsBSOD]

You saw this coming eventually. AOL, of course everyone's favorite company for so many reasons buys Netscape. Everyone at Netscape jumps ship. AOL continues ahead and sees and sees this great way to gather information on a very large segment of the 'Net; forget doubleclick, AOL gets you first. (Of course, assuming this isn't just sensationalism . . . very little in the article beyond "Netscape/AOL is being sued")

As web browsers become the worlds cross platform solution for programs (not to mention microsoft.net), this has a possibility to spiral out of control unless users become informed and there are laws--especially in the U.S. where many of these companies in question are based and where we have very weak privacy laws--to protect the end user.

Did anyone see this in the EULA? Is this on every platform? Is the smart download part of Communicator in Mozilla somewhere, or is it just a closed part? I think I'm going to have to look at some source soon. . .

Re:Ouch.

[MindStalker]

No smart download is something that you download as a plugin for 4.x Its a very popular and advertised plugin as it allows you added ability to pause, and resume downloads, which you should be able to do anyways, but the regular download sucks. All this for the price of having to watch ads as you download :( (or atleast when you want to see the download progress.)

Re:Ouch.

[BandSaw]

Want to resume downloads? Suck down entire websites with just a single command? Just use wget.

SmartDownload

[Mutok]

I don't think this is much of an issue; I've downloaded Communicator in the past (I'm waiting for NS6 now!) and did not have to deal with the SmartDownload if I didn't want to. Therefore, the only people who should be concerned with this are net-sheep (and AOL already has their information).

Crime?

[www.sorehands.com]

I would think that this is not just a civil issue, but also criminal.

They go after people who write viruses, they go after Mitnik?

Why don't they go after corporations that do the same sort of thing?

Remember Bait & Switch?

[cnj]

Remember Bait and Switch?

Companies have money, they have lots of highly paid lawyers. They have massive PR machines churning out propaganda ("We need to be allowed to inovate . . .")

Individuals are worthless. Heck, once you're in jail you can't even vote anymore in the US, so politicians don't have to worry about one, already insignificant vote, going to 'the other guy'.

Individual privacy is, unfortunately, not expressly guaranteed in the US (except in some state constitutions). Only relatively recently has any privacy been afforded by (weak) laws against corporations.

Then again, back when we were a bunch of agrarian farmers, nobody really had the ability to amass large databases of your daily actions. Good thing the Constitution is a living document . . . too bad government is stuck playing catch-up.

--

Keep-alive

[11223]

This appears to be the oldest unarchived article. Let's see how long this will stay alive.

Last post.

Re:Keep-alive

[11223]

test

Re:Keep-alive

[11223]

test test

Re:Keep-alive

[11223]

test test lame? why?

my trip to dictionary.com...

[Karl_Hungus]

I posted this on K5, but I'll repeat it here:
http://www.kuro5hin.org/?op=comments&sid=2000/7/ 6/212050/2958&pid=19#25

This was a download that started spontaneously while I was looking up a word at dictionary.com

my system: (If you'll indulge a luser for a sec ;)

Windows 98
Netscape Communicator 4.72
MSIE 5.00.2014.0216 40-bit cipher
Norton Antivirus 5.0.0.26

NPNZDAD.EXE (in windows\system) 2, 0, 0, 12
(N.B.: does not appear in taskbar, system tray, or CTL+ALT+DEL CloseProgram dialog)

excerpted from C:\Program Files\Norton AntiVirus\Activity.log:

allowed.a M The file
C:\WINDOWS\SYSTEM\NPNZDAD.EXE
tried to write to
C:\My Download Files\tracker.exe.$ P C:\My Download Files\tracker.exe
u Windows S Windows Auto-Protect
Ü V Ó Ú p v a ( t A The action was allowed.a M The file
C:\WINDOWS\SYSTEM\NPNZDAD.EXE
tried to write to
C:\My Download Files\tracker.exe.$ P C:\My Download Files\tracker.exe
u Windows S Windows Auto-Protect z
Ê V Ó Ú p v a ( t A The action was allowed.a M The file
C:\WINDOWS\SYSTEM\NPNZDAD.EXE
tried to write to
C:\My Download Files\tracker.exe.$ P C:\My Download Files\tracker.exe
u Windows S Windows Auto-Protect OE

V Ó p v a ( t a - A The action was not allowed.a M The file
C:\WINDOWS\SYSTEM\NPNZDAD.EXE
tried to write to
C:\My Download Files\tracker.exe.$ P C:\My Download Files\tracker.exe
u Windows S Windows Auto-Protect z z
V Ó p v a ( t c - A The action was not allowed.a M The file
C:\WINDOWS\SYSTEM\NPNZDAD.EXE
tried to write to
C:\My Download Files\tracker.exe.$ P C:\My Download Files\tracker.exe
u Windows S Windows Auto-Protect ÿÿÿÿOE

Only 49b made it down; strings tracker.exe yielded only GIF89a

Digging in C:\Windows\Temporary Internet Files\ ...

Excerpted from JavaScript in the htnl in the cache:

function ahwyaudiobooks() {
hitsWindow=window.open('http://ads.admonitor.net/l inktrack.cgi?F262|link|C|||PF793_AudioHi ghwaybuttons_net|audiobooks_text.link|http://www.a udiohighway.com/library/partners.asp?PID =10071&LinkID=ahaudiobook','hitsPopWin','width=500 ,height=388,toolbar=no,location=no,scrol lbars=no,directories=no,resizable=no,menubar=no');
}

Then:
<SCRIPT LANGUAGE="JavaScript" SRC="http://ads.admonitor.net/adengine.cgi?F262|10 01|1|jscript|C2908|weasel||">
</SCRIPT>

Then looked for a .js in cache, found this:

document.write("<A HREF=\"http:\/\/ads.admonitor.net\/clicktrack.cgi? F262|1007|1|jscript2|C8017|||_admonitor| 1894|9931|http:\/\/click.avenuea.com\/go\/latitude 90_onvia926_032900pn_88x31_1\/direct\/01 %958625140\" TARGET=\"_admonitor\">");document.write("<IMG SRC=\"http://view.avenuea.com/view/latitude90_onvi a926_032900pn_88x31_1/direct/01%95862514 0\" BORDER=0 HEIGHT=31 WIDTH=88 ALT=\"Onvia.com. Work. Wisely.\"></A>");

Whither www.avenuea.com? This is straight from their site:
<slime>
Avenue A currently serves over 90 clients, including Eddie Bauer, Expedia.com, Gateway, Gear.com, Microsoft Corporation (MSN), MTV Networks, Onvia.com, RealNetworks, TicketmasterOnline-CitySearch and Toysrus.com. The company is based in Seattle with offices in Chicago and New York.
</slime>

WTF? Somebody puts something called tracker.exe on _my_ machine without telling me?

This went thru smartdownload&tm;

I don't know what exactly was going on and was unable to replicate the process, but if you want details to chew over, I HTH.

And yes, before you open your mouth, I know this wouldn't have happened if I weren't running windows.

AOL-Netscape follows your browsing

[heymull]

I used to allow Netscape to follow and read my 'crashes', until AOL bought them. Since when has AOL been pro-consumer? They've always been about mass-marketing and profiting thusly.

Secret anti-troll story

[noweb4u]

Since it didn't appear on the main page, it seems it didn't fall victim to the "first post"! Were the slashdot folks clumsy, or incredibly intelligent?

Slashdot Develop Time Travel

[Dhericean]

I just find it very interesting that according to the date/time stamp on this article (which is what has caused it to appear in the old news section) it actually predates the Yahoo article by some 17 hours.

I'm presuming that when posting it CmdrTaco tried to give it the same date/time as the Yahoo article. However he translated 01:16 PM EDT into 01:16 UDT (24 hour clock). The correct value would have been 18:16 UDT (+12 +5). There is however the question of why do this at all and not just use the actual posting time (any conspiracy nuts out there?).

Of course I could be wrong and the title of this article could be accurate. Maybe Yahoo failed to credit the Slashdot article (Chronal Recursion - the bane of all time travelling civilisations).

AOL / Netscape spies on surfers

[tecDude]

I found a neatly written report on this topic on tecChannel. The guys there did a pretty good job. They describe in great technical detail what exactly is going on and what you can do about it. The English version can be found here: http://www.tecchannel.de/internet/469/

hey

[nomadic]

Maybe this is like a secret level on slashdot, and we're all going to win a prize. Hey, anything's possible.

The Register runs the story

[dingbat_hp]

UK IT industry on-line mag The Register has just run the SmartDownload story.

I'm glad the guys at Vulture Central ran it, because I certainly didn't get to read this story on the main /. page. Looking at the tiny number of comments so far, I wasn't the only one to miss it.

Bad Slashdot. No VC cash.

Re:Why doesn't anyone remember it?

[aphr0]

My GOD man. That was the most insightful thing I've read in years. Too bad it wasn't posted in a place that more people would read.