[Reader-list] downloads and privacy
Shuddhabrata Sengupta
shuddha at sarai.net
Tue May 22 13:19:09 IST 2001
MORE ON DOWNLOADS AND PRIVACY
This is a follow up from Monica's forwarding of Josephine Bosma's post on
Steve Gibson's analysis of "privacy violations". I went to the Steve
Gibson site mentioned in the posting http://grc.com/downloaders.htm - and
after wading through much (fascinating, but difficult geeky stuff about the
detective work done by Gibson around the question of how RealNetworks
actually keeps tabs on people who have downleaded stuff from them). What I
could make out is as follows. For any media files downloaded using
RealNetwork software, the software itself generates a unique code that
marks out the specific download session and the specific computer being
used and then sends this information back to RealNetworks. This means that
RealNetwork then has a bank of data about the download activities of
specific computers and the individuals associated with them. What is to
prevent a corporation such as RealNetwork from farming out this data to
1. corporations that might be interested in an ongoing surveillance of
individual's internet usage for the purposes of building very nuanced and
detailed 'consumer profile'
2. state agencies that need and want to know our online habits
I am appending below the concluding parts of Gibson's findings so that
those of us who do not have the time or the facility for actually going to
the site can get some idea of what he is saying
But what strikes me after all this is that -
Given, that in India, proposals for actually having physical identification
cards for cybercafe usage (refer: Ravi Sundaram's earlier posting 'the New
Authoritarianism" ) are being put into practice, I would not be surprised
if a large scale violation of online privacy is also actually taking place.
Is there any way of finding out whether or not internet usage pattern data
is being sold or given to the government or to private parties by
corporations? I know that it is unlikely that any such 'understanding'
would be public knowledge, but given the penchant that such entities have
for bureaucratic records, perhaps there would be some 'Memorandums of
Understanding' floating around somewhere? Any ideas where?
Cheers
Shuddha
---------------------------------------------------
from Steve Gibson's site - http://grc.com/downloaders.htm
In Summary . . .
So what does it all mean?...
For most people, the main issue revolves around whether or not a report of
every file downloaded with those utilities is transmitted back to their
home base . . . and there's just no question any longer that unless
deliberately disabled by the user, this is being actively done. If that
bothers you, you may wish to immediately remove these downloading tools
from your system.
Any of these file download spies may be removed through Windows' standard
Add/Remove Programs feature located in the Windows Control Panel. You will
find them listed as "Netscape SmartDownload", "RealDownload", and "NetZip
Download Demon".
An additional privacy risk involves whether, to what degree, and to what
end, historical file downloading profiles are being compiled about
individuals, whether or not they are known by name and address and
"personally identifiable."
Netscape has been completely silent on this issue, whereas RealNetworks has
gone absolutely ballistic over my pointing out what it has apparently lied
about and what it could be doing with the data that has been sent to its
servers. As I have repeatedly stated, I have no evidence, information, or
knowledge either way. But trust is what it all boils down to, and
RealNetworks' record on that score seems to be getting shakier with every
passing day.
Why is a unique ID tag being transmitted at all?
I can only address that larger question by asking: "If these companies do
not care about us in any unique way separate from everyone else (as they
claim) then WHY are they going to all the trouble of uniquely tagging
every user's computer and deliberately transmitting not only that unique ID
tag, but also in the case of Netscape sending the user's Internet IP
address with each and every download file report?" This is not required for
the purpose of identifying what files are downloaded "in aggregate", or
learning when their downloading program is installed or removed from the
host computer . . . contrary to what seems to be stated in their various
license agreements.
Therefore, it is difficult to understand the motivation behind collecting
personal data which is, on its face, unnecessary for the stated objective.
One Final Observation:
The stated purpose behind all of this download profiling (in their
respective licenses) is to inform these vendors about the files we are all
(collectively) downloading so that they can provide some sort of
additional, useful, or auxiliary information to us (this is never really
made clear). Yet, the date shown for the NetZip Downloader (version 1.0.62
which was captured in the outbound TCP/IP data packet shown above) is
December 7th of 1998. So, this data gathering has presumably been underway
since before that date. That's been quite a while.
When does the payback for all these years of "aggregate" user profiling
begin? And who receives the value? And, moreover, given the highly dynamic
nature of Internet content, does the whole idea of collecting such data
really make any sense anyway?
It makes one wonder what's really going on here . . . doesn't it?
Shuddhabrata Sengupta
SARAI: The New Media Initiative
Centre for the Study of Developing Societies
29, Rajpur Road, Delhi 110 052, India
www.sarai.net
More information about the reader-list
mailing list