Slashdot Log In
RealNetworks to Create Patch to Block Personal Data
Posted by
Hemos
on Tue Nov 02, 1999 09:12 AM
from the trying-to-make-things-better dept.
from the trying-to-make-things-better dept.
Quite a number of people have sent us the word that RealNetworks' has apologized for not being clear about what data RealJukeBox was collecting and has updated their privacy statement. Additionally, they are making available a patch for RealJukeBox that will disable the data-collection.
This discussion has been archived.
No new comments can be posted.
RealNetworks to Create Patch to Block Personal Data
|
Log In/Create an Account
| Top
| 98 comments
(Spill at 50!) | Index Only
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
We're sorry we got caught! (Score:3)
This was a trojan horse that performed an unauthroized scan of your HD and sent the data back to Real. Let's turn the tables a moment and suppose that an individual had done this to one of Real's servers? They would be pursuing legal redress (as well they should). To let Real off the hook now that they've issued a patch is to forfeit the battle for privacy.
Real has basically said "we're sorry we got caught". They are not sorry for what they did. If they were, the CEO would resign in disgrace.
Boycott RealNetworks products permanently. If you owned their jukebox, contact a lawyer and file suit against them for "hacking" your system. File a complaint with the FBI.
This is the first instance of this type of behavior of which I am aware, and we all need to make an example of it. Accepting an insincere apology and patch lets them off too easily and will implicitly encourage others to follow suit, since the penatly is something most companies can live with. Unless we cause RealNetworks true pain, then we have just lost a crucial battle.
Be not so quick to forgive, kids (Score:3)
Knowing eventually they would be caught by someone checking out suspicious data packets sent out by their own machine, Real had only x amount of time before they were caught.
They used to this time to gather as much info that they needed to make a sweet music pref database that would have cost x amount to gather through legitimate means.
They weighed 2 conditions: What costs more the PR flack from putting a trojan in our software or paying for a legitimate survey? You can guess which ones they picked.
Now its all about saving face because they've saved the money.
My doctor calls me, "Oh BTW I wanted to tell you that the medicine I gave you isn't just for syphilis, its also a microcamera to identify girls you sleep with so we can better sell them the syphilis cure." "Umm, thanks Dr. R. Networks"
Ya gotta love it (Score:3)
Oh, you found out we've been scanning your hard drive and sending data on what music you listen to and what kind of files you have on your system without telling you we would be? Sorry, we'll stop! All better!
Oh, you found out we're using your personal registration information to build mailing lists that we sell to SPAM and junk snail-mail companies without telling you we would be? Sorry, we'll stop! All better!
Oh, you found out we've been embedding serial numbers in every document you create so we can track them as they travel across the computer systems of the world and we never let you know about it? Sorry, we'll stop! All better!
Oh, you found out that we've purposely left back-doors into our security products so that gov't agents can come in and look at what you're doing any time they'd like? Well, we deny it therefore it never happened! All better!
You'd think someone would actually get outraged enough to take some sort of counter-action at all this stupidity. I guess the sheep^H^H^H^H^H citizens of this country are so used to our government doing it that corporations can get away with it with nothing more than an apology and the statement that they'll "stop doing it" which of course, we must all believe is sincere since they were invading our privacy without telling us to begin with.
-=-=-=-=-
On A Scale Unimaginable... (Score:4)
Richard Smith, a Brookline, Massachusetts-based independent security consultant, said the numbers of songs stored on a user's hard drive, the kind of file formats in which the songs are stored, the user's preferred genre of music, and the type of portable music player, if any, the user has connected to the computer are sent to the company, the Times said.
People, this isn't just RealNetworks incidentally receiving information on what CDs you have by nature of that being the only way to send back the track titles.
RealNetworks invasively scanned millions of American's computers for content that had nothing to do with the functioning behavior of RealNetworks software. We're talking about code that looked for MP3s, music applications, hardware interface tools, and who else knows--I wouldn't look for RealNetworks to tell.
Open Source is many things, but I'd seriously rather it not degrade into the only way to trust that code isn't Trojan'd. I expect that kind of paranoia for my cryptology of choice, not to play some Garbage!
This isn't an issue about a few missing lines from a privacy statement. Should RealNetworks be able to upload any interesting file on your hard drive to the corporate servers as long as they mention that "From time to time, RealNetworks may request feedback from your internal storage systems according to specific parameters to be determined according to your usage profile"? Maybe it'd be fine for them to tap into your computer's microphone, as long as they don't neglect to tack on "User agrees to indemnify RealNetworks from any liability in relation to any data flowing through said user's Sound Card"?
This isn't about legality, at least, not yet. It's about trust, and RealNetworks is losing mine fast.
The real question is, whether TrustE will follow.
I'm no history expert, but there's an aspect of TrustE that just smacks of the ill-fated League of Nations from the first part of the century. Namely, the well-intentioned but utterly toothless, powerless, and secretly mocked nature of it. I think TrustE actually has enough Respect Capital(if there is such a thing) with the press to actually do something, this one time...
Or never again, because nobody will listen anymore.
TrustE needs to set up guidelines of what may be buried in the fine print and what needs explicit and large dialogs before the function is completed--yes, this includes specifications like "Default must be no, and the software must still run even if it isn't allowed to insert seven links to the audio playing software like RealPlayer G2 does--we counted." That's clear, from RealNetwork's rather shocking behavior.
The bottom line is TrustE simply needs to file suit for breach of contract and reach a settlement where RealNetworks needs to contact all possible users, mass deploy a tremendous upgrade, and notify victims of the violations in both online and TV/Magazine forums.
That, or some combination with what I'd like to call TrustEeth: Privacy Protected for x Days.
If you think about it, it's really just a much more positive version of "This Site Accident Free for x Days" signs. The system encourages TrustE certification, since the longer one puts it off, the longer it will take to get to privacy levels respected by customers. It will make it progressively more expensive over time for large companies to allow their ego to overpower the rights of their customers--the CEO will be quite peeved at the middle manager who took the nationwide corporation down to one day of privacy protection.
If not a system using literal days, then an accumulation of points, lowered by violations, maintained by fair and quick resolution of privacy concerns, and accelerated by respectful "voluntary" policies could also be functional.
The key is, people need to have a gauge by which they can determine whether or not to trust a site and the code it asks them to download, and managers need to know they could get called on the carpet if they try a stunt like RealNetworks did.
The irony is truly remarkable, if you ask me. The CEO of RealNetworks(then Progressive Networks, if I remember correctly) went and testified in front of The United States House Of Representatives, arguing against everybody's favorite monopolist, Microsoft, was making the playing field unfair.
Meanwhile, here we are in November of 1999, and RealNetworks is repeating the sin that Microsoft did wayyyy back in the day with its overly nosy Registration Wizard that reported if software like Wordperfect was installed. Incidentally, the above dig at RealPlayer G2 for the seven links it litters all over your desktop(collect them all) is even more beautifully ironic considering the now strangely difficult to find position paper regarding asking the user before doing anything of import.
On a plus note, I don't think the US Patent Office had anything to do with this one.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com