Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Privacy Concerns and The CueCat 158

An anonymous reader sent us a story running over at cnet about the privacy issues with the CueCat. The article gives them a (somewhat undeserved) benefit of the doubt as it talks about various privacy groups being concerned about what DC is doing. Fortunately there are instructions online about how to modify the cat to disable its internal identification code (its not any more difficult then decrypting their split-invert-xor "Intellectual Property") by simply cutting one wire. Or you can just use one of the many free programs floating around. Oh, and since their server was cracked a few days ago, not only are they sniffing all this data, but crackers probably have a copy too. I would have been sick of this story weeks ago, but it just keeps getting funnier every time it pops up.
This discussion has been archived. No new comments can be posted.

Privacy Concerns and The CueCat

Comments Filter:
  • They've already got this scenario covered... ;)

    From the FAQ at
    Q: Is my :CueCat(TM) reader water-resistant?
    A: No. Your :CueCat(TM) reader is not water-resistant.

    I have to wonder...what the hell are people trying to do with these things?!

  • When you break it down, the cue cat was a good idea. For marketing guys in ties.... It was really just meant to be a way of promoting, advertising, targetting and tracking. No wonder it was free, right? I laugh in the face of DC... didn't they realize that this would be the kind of thing that just asks to be modified? Think of the many CONSTRUCTIVE uses you can get out of it.. Someone can write a program that lets you scan barcodes on food packages and it takes you to a site that has tons of recipe ideas or if you are diabetic it warns you that it might not be a good idea to eat. Or you can scan a book and it will transport you to a site that shows related books and topics. Not the publisher that tries to promote and sell more stuff.. Or you can put codes on fliers for parties/concerts and it will jump you to a site that has more information, tickets, maps, etc. You can scan CD's and get the name of the napster user which has the corresponding mp3s ;p You can scan your electronic devices and have Kozmo deliver batteries ;p You can scan clothing and get a site that shows what would look good with that! You can scan a car part and get some detailed instructions on how to do it yourself You can scan a video game and get tips/tricks/codes/other info You can scan a porno ;o I'm out of ideas
  • Right.... and the best part is, you can check their database yourself to make sure that you've been removed...
  • Belo Corporation [] is one of the investors in CueCat. They own [] a number of TV stations such as WFAA channel 8 [] here in Dallas where I see CueCat promotions all the time now. They also own the Dallas Morning News []. Their web sites, which run on NT, have many web bugs, which made it necessary for me to block the domain names they use to deliver those bugged images (which also took out most of the ads). The evil is not so much in DC as it is in companies like Belo that want to get that private and personal information about your, your family, your web travels, and your spending habits. They will do what it takes to get such information, including investing in startups like DC and CueCat.

  • This one actually has an interesting side effect that could be a 'benefit' for D.C. -- if they consistently received an unissued activation code that was signed, but the server signature is not valid, they might use that as evidence that the code is coming from someone who has circumvented their program's activation code, violating the DMCA in the process.


    Violating what section of the DMCA?

    The DMCA only covers systems that control access to copyrighted works, not anything with encryption in it.
  • If an insurance company does genetic profiles, demand that the top 100 officers of that company publish the same data about themselves. If the IRs asks a bunch of intrusive questions, demand that IRS officers, auditors, etc. provide the same information. Often, two-way flows of information can remove the damaging effects of one-way flows without reducing the usefulness of the information flow.

    I think you're way off here. Now, if in addition to having personal info on these guys I had the power to cancel the health insurance of the CEO with a genetic defect/addiction/bad eating habits/etc. or initiate an audit of the IRS officers that would be different. Then maybe they'd stop asking for so much info in the first place. As it stands, what you're suggesting is quite asymmetric. It reminds me of someone's sig here (I forget who the quote is from, and I'm probably mangling it):
    Like the case of young women looking for husbands and husbands looking for young women, the situation is not as symmetrical as it first appears.

  • prove it
    if you can come up with proof that your interpretation as a metaphor, and what that metaphor stands for, is correct, i will lick your boots
    and if you can't, how bout you lose the inferiority complex, neh?
  • True. I really don't like the spin Wired puts on a lot of stories. They're almost worse than the AP in terms of whoring to corps.
  • What surprises me is that people are getting so worked up over this. Yeah, sure, it would be nice if DC actually tried to protect people's privacy. But unless you're completely clueless, why would you expect them to? If you didn't want your information to be recorded, and possibly distributed (whether by DC or by people 'cracking' their security), then you'd better take matters into your own hands and either not use the thing, or not use it in any way that gives them your personal information.

    If you want to cut the wires and use it yourself, that's great. It's your device, and you can do what you want. But if your buying habits have been spread all over the net, you have no one to blame but yourself.
  • Is it just me or would hte ultimat eslashdot post be about a Redhat version of CueCat drivers in mp3 format violating the GPL using DeCSS?
  • I think they can call whatever they want a copyrighted work. Perhaps they consider the screen displayed "after" the registration code to be copyrighted material, something someone who circumvented their encryption had no right to see. Whatever it is, hacking the signature key from their program could be construed as defeating an "access control mechanism." Perhaps they'll have a This web page Copyright 2000 by Digital Convergence tag at the bottom of each page distributed by their web site. Circumventing their secret signature key is the only way you could have gotten there.

    Whether or not the law actually applies is hardly necessary to bring charges up against someone. Look at the Wen Ho Lee (sp?) case. 59 counts of various crap (including espionage) were thrown at the guy. One count of "mishandling data" stuck. It's how the system works these days. The Justice Department is not interested in justice. They're interested in making sure that somebody who gets charged with something serves some time. Hackers are especially vulnerable these days (see Kevin Mitnik's or Bernie S.'s stories at 2600 magazine [] for more examples.)

    I'm just saying that the details of the law are determined in a courtroom. And most of us can't afford to start out in that courtroom, much less see a case like that to completion. Color us "chilled".


    The Church of the SubGenius [] -- because somebody had to put all that slack in there...

  • Targeted advertising? You mean I'll never see another feminine hygiene product advert again? Gasp! THE HORRORS! Plus, I'll know it's time to put a bullet in my head when I start picking up adverts for protective undergarments!

    Vote Nader

    Just the thing to have on your tag line after 2 paragraphs about a hypothetical silly party...

  • NO !!!

    You, the end-user, by DEFAULT should be OPTED OUT, and then you can offer politely to your users to OPT IN, explaining very clear and honestly what they can opt IN for.

    It should not be the burden of the gullible end- user to find out, that he can OPT OUT of something, he never had deliberately OPTED IN in the first place.

    It is just a matter of respecting your end-user's boundaries. It is the company's responsibility to step back. They should tell you HONESTLY what data they are interested in getting and why, and then ask you politely, if you might to WANT TO OPT IN on that? Anything else is misleading and abusing the technology.

  • The cuecats could go to the Library of Congress and chase some subject classifications. Haven't tried it yet, but hope it can be done.

    Then you could classify the web content scientifically according to the Library of Congress Subject Classification Schedule.

    A million cats chasing a million books and their subject categories...
  • i was curious when it arrived (as a free gift from wired mag), so i plugged it up. it caused immediate hardware problems. so i unplugged it, and i'll now be putting it in the trash after all this glorious news. i enjoy my privacy too much to put it in the hands of ppl who can't understand good crypto and network security...
  • If all you want to track is whether a Cat came from Forbes/Wired/RadioShaft then you don't need a unique ID for each Cat. A simple (Forbes = 1 : Wired = 2 : RS = 3) ID is all that is necessary. All Forbes users would have an ID of 1, etc., and now there are no privacy concerns.

    Except that then you need to know when you put the device together exactly where it's going to be shipped. If you change your mind about a shipment - "Oh, forget Radio Shack. They're assholes. Send these to Circuit City." - you're screwed. It also doesn't provide any kind of internal tracking for how many of the devices were sent to each vendor, while with their current system, all you need to do is count the unique IDs that were sent to them.

    It's entirely reasonable that they'd want to track this kind of information. The problem is that if you know who has which device, and you know which devices made which requests, you basically have to take their word for it that they want cross-reference the data.

    Or, as another example: it's your business if you want to click on a banner ad for Playboy. It's your business if you want to log in with a unique userID to a web site. It's in the site's best interest to be able to identify their ad click-through rate. They're on their honor, however, not to cross reference the information (unless you don't mind the site admins knowing that you're too chicken to go to a real porn site).

  • No they wouldn't make you scan the barcode on the CD as they'll stop supplying CD's with pre-ininstalled PCs.

    It would be much simpler for them to encourage the OEMs to put the bar code on the PC itself. Therefore enforcing one windows per PC

    However this does mean that
    you would never be able to change the case...
  • I don't know about you...

    Who wrote all that stuff?

    We did. It wasn't some corporate bean counter. It wasn't some fourth line manager who never programmed a line in his life. It wasn't the CEO of a big company. It was ordinary subversive evil citiziens. Just like me.

    Afraid yet?

    What if there were a bunch of us? What if we were working together? What if we were using our collected information to manipulate your behavior in subtle little ways that only a qualified chaos engineer could predict? Would you start a conspiracy investigation? We wrote the software that runs on the police computers. Would you meet in closed rooms to try to fight us? We can track your movements from your cell phones. That programmer in the next cube could be one of us. We mgiht be working for the IRS, the FBI, your bank. We could be anywhere.

    Or not.

    We now return you to your regularly scheduled paranoia trip.

  • No, the CueCat is a little different than a banner ad. The CutCat is a link to the physical world, whereas banner ads come from your internet feed. Now the company can possibly track anything you scan, ranging from your CD collection, your books, etc. And Digital Convergence isn't being exactly forthright about what they plan to do with the data. They call everything intellectual property, remember?

  • by Rurik ( 113882 ) on Thursday September 21, 2000 @04:47AM (#764562)
    If all you want to track is whether a Cat came from Forbes/Wired/RadioShaft then you don't need a unique ID for each Cat. A simple (Forbes = 1 : Wired = 2 : RS = 3) ID is all that is necessary. All Forbes users would have an ID of 1, etc., and now there are no privacy concerns.

    I don't think so. Yes, that would tell them which distributor that the user received theirs from, but nothing more. It doesn't tell them how many total users are using their CueCats. If 300k units were sent through Wired, how would they know who kept them, and who threw them away?

    They would see, on their side, that 40k scans with Wired CueCats were made today. Is that 40k people, or one person scanning 40k items?
  • Go to for this and other barcode/CueCat links. The detailed instructions for clipping the serial number are under "Declawing Your CueCat."

  • by Cy Guy ( 56083 ) on Thursday September 21, 2000 @04:51AM (#764564) Homepage Journal
    Detailed instructions are available from the Dissecting the CueCat [] page.

    I'm not sure, but I think there is a way to just flash the eeprom so it no longer sends out the ID. At least I think that's what this [] does.

  • I stopped using my card and started paying cash - the discount just isn't worth it. From the store's perspective, there is no connection between me and what I buy. Some people may wonder, "What's the big deal?" Well, people need to realize that they're PEOPLE, and not just revenue feeds for the commerce machine.

    So people can show that they're not "revenue feeds for a commerce machine" by ... paying the commerce machine more money for their groceries?

    The horror, my grocer knows what groceries I buy! If I don't do something quick, they might base local advertising on our aggregate purchase patterns, or even offer targeted discounts to cardholders! Why can't we go back to the good old days before these large corporations, when you bought your groceries from small town independent stores, where the proprietor knew you personally and rang up your purchase himself, but you had your privacy because ... um ... if you wanted to make unusual purchases you could buy them from another town to avoid gossip?

  • No of course I'm not arguing against reciprocity, or transparancy, or accountability. But what we need to do is make the entire institution accountable, and just knowing some personal info about the officers doesn't do that. What if insurance companies had to open the entire process to public inspection -- so we knew exactly what the criteria were for what medical procedures were/were not covered, and all internal communications about a case we made public. Things along those lines might make the companies more accountable.

    Two way info flow is exactly what we need, but the info that we need from them is not the same as the info they want from us.
  • DNA SAMPLES! Yes! Everywhere you go, you shed skin and hair cells! They sampled your DNA when they abducted you to their mother ship last month, and now they can track precisely where you are. The whole chain store selling crappy hardware is a brilliant cover! They're actually working with the Alien Invaders!

    Damn... Been watching too much X-Files...

  • http://www. 020438.txt []

    OUR RIGHT TO KEEP INFORMATION COLLECTED IN OUR DATABASES MAY BE CHALLENGED IN THE FUTURE. We intend to use our :C.R.Q. and :Cue:C.A.T. technology to develop and maintain a substantial database of consumer demographic information that our customers can use with our permission to conduct advertising campaigns. In particular, we intend to require each user of our technology to provide basic individual information in order to register and activate our :C.R.Q. software application. Under our privacy policy, individual user information will not be made available to outside parties and will be used internally by us only if a user gives express permission for such use. Some summary demographic data, however, may be made available to outside parties. Privacy concerns may cause users to resist providing the personal data necessary to support this profiling capability. More importantly, even the perception of security and privacy concerns, whether or not valid, may inhibit Internet user acceptance of our technology and products. Furthermore, users may bring lawsuits against us seeking to prohibit us from collecting this data. Even if without merit, lawsuits could impair Internet user acceptance of our technology and products. In addition, legal requirements may heighten these concerns if businesses must notify Internet users that the data captured after visiting certain websites may be used by marketing entities to direct product promotion and advertising to that user. We are not aware of any such laws currently in effect in the United States. Other countries and political entities, such as the European Economic Community, have adopted these types of laws. We cannot predict how the international roll-out of our technology will be affected by these types of laws.

  • I'm not justifing anything. I know that I get many good product ideas come into my In box every day. There are thousands of products out there you haven't the slightest clue exist, unless all you do is read the net and magazines 24 hours straight. Without advertising, you wouldn't even know it exists.

    Apparently you missed my point, because my point was advertising of the future will tell you about things you don't know anything about yet. All this "data gathering" is just the larval stage of it. Give it a few years to mature.

    Just because a product is good doesn't mean anything. Promotion is 1/4 of the marketing equation, and without inventive ways of promotion it will probably slip by unnoticed.

    I do marketing for a living, plus I am a geek too. I know both sides of the equation, and I know the happy middle. Without advertising there would be no economy because no one would know anything about anything. True, it does often go overboard. When it does, the public reacts by not buying it.

    The main idea I was trying to say is that it doesn't matter really. The information IS going to be gathered on the majority of the public. The important part is to make sure through laws, boycotts, picketing, or what have you that it isn't misused by any one entity. The information WILL be gathered, IS being gathered, and there is NOTHING you can do about it. It's too late for that, that battle was over six months after the invention of browser cookies. The battle that should be fought is the use of that data. Focus your attention on that, or your going to loose that one too.

  • I'm not off base. It's about accountability. They aren't accountable if there's not reciprocal transparency.

    Or are you arguing that there's NO value to reiprocal transparency, and being kept in the dark (one way info flow) is okay?

    ---- ----
  • I'm missing something.
    A new cat-shaped scanner being given away to millions of consumers
    Why would someone give away scanners to consumers? Why would someone make a scanner shaped like a cat? I use a flatbed scanner which is shaped like a sheet of paper and that's far more convenient.
    Privacy advocates are investigating the device, known as the CueCat, and its ability to snoop on consumers while swiping bar codes printed in catalogs and magazines
    Why would I scan barcodes in magazines? If you don't scan anything you won't get snooped. Simple as that. And why is a scanner connected to the Internet?
    So somebody! Please tell me what the hell this article is about. Have I missed some vital part of American culture or something? Does everyone except me scan their barcodes and I'm missing out on something?
  • Yeah, bit of an odd comparison, but that's where it's headed. Open your copy of TV Guide or your local paper's channel listings, and you'll probably see those inane VCR+plus codes attached to every listing. Right?

    But do you actually know anyone who owns (or ever owned) a VRC+plus? Me either.

    Those codes are there because the VCR+plus people made a big stink (and probably paid a bit) to have support for their product included in your TV listings. The CueCat's going down the same road. Five years from now, everyone will be printing barcodes in magazines to let CueCat users visit their site. But you won't know anyone who actually uses a CueCat.

  • It should not be the burden of the gullible end- user to find out, that he can OPT OUT of something, he never had deliberately OPTED IN in the first place.


    In the case of the Radio Shack scanner, you are opting in by supplying info (and I expect signing something) to get the scanner in the first place.

    In the case of the Forbes and Wired scanners, I expect there is an EULA that you click to accept when you install the software.

    Now, if you were going to use one of the Forbes/Wired scanners with the hacked drivers/software, then maybe you have an argument, but the courts will have to decide this given that as it currently stands you likely violated the DMCA (which unfortunately is still "the law of the land" at least until Suprems Court gets ahold of it.)

  • >are helped to burn capital by /.'ers
    >with 5+ Cuecats,

    5+... that's it?!?!?!?

    Hell, back over labor day weekend, just after DC started cease-and-desisting anyone who looked at a cuecat funny, some friends of mine and I went Radio Shack hopping throughout the SF penninsula.

    We got better than 100+.

    The next weekend we threw (or (baseball) batted, or drove(golfed)) most of them into the bay.

    We have tape. Once we get it edited down to a reasonable presentation, we'll compress it to a Quicktime movie, and DC and RS will get some intresting email!
  • Did you ever wonder how Microsoft fits into this?

    Can you imagine a bar code scanner driver built into the next Windows, and being unable to log into Windows unless you scan the barcode printed on the CD? Lost your CD? You must be a pirate.

    Is there any reason this couldn't happen?

    It would probably just be simpler to tattoo a barcode on each of us at birth.
  • You know, like for a library? We could really do with a few barcode scanners for our library and our filing system. Is there any software to just scan a code then have it entered at the current insertion point?
  • its a simple barcode scanner not a flatbed scanner so thats why its free... most of us wont scan barcodes, but there are those people who say the internet is "hard", this will help them by typing a URL for them (ive seen so many people mangle a URL (i.e. htp:/, oh and they love to put .com after everything, even if its, they will type, ugh) so its mostly for them... its connected to the internet because the UPC/ISBN code database is on the cuecat server, when you scan a barcode, it sends that code to the server, the server replies with the url to go to, and if the code isnt in the db is brings you to a page where you can add the item..... now more reasons for it to be free... i think its free because of the fact they track you... they can sell this info to advertisers and get lots of money, so this is why it spies..... anyway hope that helps
  • >Radio Shack also called a portion of their screen (a single character, iirc) used for the speach synthesizer a window.

    It was more than one character, of that I'm certain. I think it was more like 15.

  • hehe, just save it until they stop giving em away for free, then sell em on the black market..... or ebay
  • Uhhh...the red one. NO! NO!'s the blue one...I'm pretty sure it's the blue on- !!KABOOM!!

    tee hee...522666


  • Yes, but Mr. Matthews didn't say that they needed unique ID's to track distinct numbers of users. He said "There is a unique ID within the CueCat so that we can see that some Cats came from Forbes and some came from Wired," said Dave Mathews, vice president of new product development at DigitalConvergence."

  • I mean, surely people would expect their name, address, and demographic stuff to be collected in exchange for what is intentionally a device to take consumers to their commerce?

    The bit I like is that we can now use them unfettered, and there's nothing particularly illegal in it until UCITA is passed, yet we can still get them for free. I bet the majority of people who get these with their magazines (maybe not the Radio Shack people) will be psuedo-savvy, and will just use them as DC intended.

    DC do seem to have shown a misunderstanding of human nature, but overall I think their plan will work out. A small minority of people would actually buy these for the fun of scanning codes, but most people would like the free gimmick of scanning advertising codes. Heck, they could even be taken immediately to personalised commerce sites if DC start trading user info directly with the sites. Rather than a breach of privacy, it's an enhancement of the shopping experience, where you have to openly sell your soul anyway.
  • Don't forget the referrer tags. C|Net: "hey look, Slashdot posted another privacy story!" ;^)

  • by Anonymous Coward

    Salon ran an unflattering review [] on our beloved CueCat - stopping just short of using terms like "hare-brained" or "cockamamie". It does touch on privacy issues, but mostly it just blasts it for being such a dumb concept and not even functioning correctly.
  • []
    I don't care how much info your post contains, if it ain't pretty, why bother?

  • There's a file called dodger@slashdot.txt in a Cookies directory on my hard disk. It contains various encrypted codes. It is now apparent to me that Slashdot are tracking my every move on their website, profiling me by what news items I read, what sort of comments I post, what sort of comments I moderate, and meta-moderate!



  • Of course, to be able to do this they need to get broadcasters to insert their audio bug in their programming. And short of DC actually paying them to do so, that's not likely to happen.

    The audio bug is loud, obvious, and extremely annoying. It has to be loud and obvious so the monitoring software can be absolutely sure of what it is. So the signal can't go through any limiters that would lower the level too much, and automatic gains throw coniption fits when they encounter the bug. The upshot being to piss off engineers in as many ways possible.

    And anyway, it's not like you can't unplug your microphone. (Or, Goddess forbid, not install the software.)

  • It would sure be nice to have a convenient database of my target's purchases, and maybe even more importantly, purchase times and locations. It would save me hundreds of hours of surveillance time.

  • But if you throw their software away, and just use the cuecat as a plain old barcode scanner, you won't ever go to their servers, and won't see any of these theoretical copyrighted pages.

    Or if you write your own software to go directly to for books, imdb for DVDs, etc.
  • Being a marketing student, I have realized that this is the next form of marketing. Now that the means are there to track individuals directly and such, you no longer have to go off any demographics. You can just tell the computer "find me the people that like this and this and this" and it can give you an exact list.

    Yes, you may hate it, but it does have it's usefullness. This way you can receive information on products you have proven to be interested in, and might actually want. Eventually it will come down to you won't receive and advertisments except for the things you express interest in, even though you might not have realized it.

    It is not dangerous for any one company to have a small bit of information on you. What is dangerous is for any one entity to have all avalible information on you. If some company knows you went to their website, so be it. If some company knows what you do all day, then that's a different story. As long as the information is divided up between competing parties then there isn't really a need to freak out so much.

  • My cuecat sticker (on the bottom) is '06A00'.

    Thanks for the pin 4 confirmation bit.

  • Just make a photocopy of the CD when you get it. You could even print it on a CD labeler to get that "real ownership" effect.

  • Being a marketing student, I have realized that this is the next form of marketing. Now that the means are there to track individuals directly and such, you no longer have to go off any demographics. You can just tell the computer "find me the people that like this and this and this" and it can give you an exact list.

    Yes, you may hate it, but it does have it's usefullness. This way you can receive information on products you have proven to be interested in, and might actually want. Eventually it will come down to you won't receive and advertisments except for the things you express interest in, even though you might not have realized it.

    It is not dangerous for any one company to have a small bit of information on you. What is dangerous is for any one entity to have all avalible information on you. If some company knows you went to their website, so be it. If some company knows what you do all day, then that's a different story. As long as the information is divided up between competing parties then there isn't really a need to freak out so much.

  • Head on down to the Social Affairs office. Stand in a 2 hour queue to fill out the necessary requisition forms. Once the forms have been accepted, expect to recieve confirmation forms in 6-8 weeks. Return these forms in person and you will recieve your cue:cat in about 4-5 months depending on need and supply.
  • >But do you actually know anyone who owns (or ever owned) a VRC+plus?

    The last two or three VCRs I bought all had VCR+. I never set it up because it wasn't worth the effort, but these days just about every VCR has it.

    I just went to Crutchfield's page, out of the 20 VCRs they list all but three have VCR+.
  • > "plugged into the the keyboard porn" Oh, man, I can't believe I missed out on this fetish! (Click, click, "Oh GOD, Yes!", Click...) Virg
  • by cshotton ( 46965 ) on Thursday September 21, 2000 @07:54AM (#764597) Homepage
    One of the other things in my CueCat box that came from Forbes was a "Convergence Cable". This little insidious piece of hardware hasn't gotten as much notice as the wonderfully hackable barcode reader and has just as much potential to wreak privacy havoc. If you're not familiar with this, the Convergence Cable is essentially an audio cable you're supposed to run from your TV's audio source into your line input jack on your PC. Their CueCat software will then pick up audio cues associated with TV shows and commercials and automatically drive your browser to an associated Web site. Now, not only do they know what magazines you're reading (and scanning), they know what TV shows you're watching. The utter lack of concern for and shameless exploitation of the technology illiterate in our society shown by this company is inexcusable. I sleep better at night knowing that since their cheesy little scheme has been unmasked, we won't have to wait long before they're out of business.
  • >>it would probably just be simpler to tattoo a
    >>barcode on each of us at birth.

    >I refuse to take the mark of the beast!!!

    Now, it's been a LONG time since I've attended mass, but even *I* remember the important basics!

    It's only the mark of the beast if it's on a specific body location. IIRC, the forehead and/or the right hand are the parts specified.

    So the solution is simple. We'll simply require everyone to be barcoded on their LEFT hands, or the back of their neck, or the lower right buttock; or somewhere similarly non-biblical. Simple enough way to keep the fundies happy, eh?

    In any event, barcoding at birth wouldn't work anyway. The body does a LOT of growing in its early years, and a barcode done that early would just streach and become distorted and unreadable.

    Barcoding should be done when the body's finished most of its growth. Perhaps at age 18, as a prerequisite to being considered a legal adult, able to vote, go to college, buy alcohol, enter the workforce, buy/rent a car, get married, etc.
    Resistance is NOT futile!!!

    I am not a drone.
    Remove the collective if

  • I'm frustrated by Wired on-line []'s unwillingness to cover this story. Not a peep out of them. They're supposed to be disconnected in all ways from the print version, so why won't they do a story on this?

    I've e-mailed them twice about this, but I'm yet to receive a response. I assume that they really are tied to the print version still, and they're simply not allowed to write about it. Still, I guess I've come to expect more of Wired. I never thought I'd see the day when C|Net was proved to be a more useful news resource than Wired.

  • Well, that's what he says :) For now at least, but I think that they do have an alterior motive. But you are right, they should be pushed underwater for crap like this.
  • HAH-hah!

    DC made one of the biggest mistakes that any hardware designer can make: using the beta stage prototype as the final product. If they had used their brains, they would've used ALL the wires to transmit the ID code. And they would've used a MUCH more complex algorithm for encrypting the protocol. Obviously, these brainless capitalists only thought of one thing: profit. Go to any business college and you'll see the greek letter pi numerous times, but it won't stand for 3.1415926535897932384626433...; it will stand for profit.

  • by Anonymous Coward on Thursday September 21, 2000 @05:04AM (#764602)
    I found a link to a page called "Getting your CueCat declawed" ( ) at the Lineo CueCat site ( ).

    It's pretty simple, really:

    Step one: Take out the four screws on the bottom of the scanner and pull the cover off, leaving the insides exposed.

    Step two: Take off the four screws fastening the board to the plastic case and separate the board from the case.

    Step three: Locate the S93C46 EEPROM on the bottom of the board. It's small, it has eight pins, and it should say "S93C4 6DV03 2704" (it's three lines, spaces indicate the line breaks). That's the chip that stores your serial number-- innocent-looking little bugger, isn't it?

    Step four: Using whatever method you like, cut the connection right underneath the "4" in "2704". That is, if the "U5" on the circuit board is upside-down by the top-left corner of the chip, you want to cut the lower-left pin. I found that a small pair of wire clippers was actually sufficient to sever the connection-- use whatever you feel comfortable with.

    Step five: put the damn thing back together again, and scan something. The serial number should come back as a repeating "BM5U". Congratulations, your :CueCat has been neutered.

    Elapsed time: 10 minutes if you're clumsy like me and lose one of the screws. Less if you're good at this sort of stuff.

    Have fun!
  • Given the CueCat logo's resemblance to an unhappy smilie :(, perhaps they foresaw disappointment regarding privacy.
  • I commit to pursue my CueHawk business plan/dream despite the apparent failure of DC's CueCat. I plan to send out free web cams to Maxim subscribers. My customers would hook them up to their computers and I'd be able to track their every move. I'd know what cereal they eat. Their sleeping patterns. If they have a dog or not. Imagine the possibilities! I could use this customer data to create my own television shows! People loved that Ed TV idea! Yeah!
    Hmmm. I'll need one employee for every CueHawk in operation to better track my customer's needs. And I'll need some sort of feedback device. Got it! A shocker welded to the right hand of each CueHawk user. This way if the CueHawk user doesn't wake up in time to eat their (my) favorite cereal, I can remotely motivate them.
    Ah, DC - I know you wish you came up with this plan, but it's mine. Let this post prove that CueHawk is my idea. And I'll sue you for royalties, I will.
    Galvin the Great United Worker for Better Understanding of Why We Work
  • This is a very interesting discovery. As I understand it, one of the main "problems" with the linux driver (besides the fact that it was viciously stolen from DC:) was that it didn't send the ID, and therefore interfered with the user tracking. That's what DC had their pants in a knot about, right?

    So, for implementing that, someone got a bunch of cease and desist letters and were threatened with lawsuits. Well, what if I tell you which wire to cut to have exactly the same effect? Is that a violation of their "intellectual property"? Is it an evil act of reverse engineering? Probably not; it seems like, once someone gives you a device, you're free to break it if you want. When will the justice system realize it's the same thing with software?

  • Yeah, I suppose so :) It was $1 for the software in jewelcases, and $2 for those with a box :)

    I grabbed one of everything that looked even vaguely interesting . . .
  • Of course they track the users. That's the WHOLE idea here. This is a new form of marketing that is VERY big and is going to get much bigger. There are a number of companies playing in this arena and DC is only one.

    The thing that will seperate the companies is how their privacy policy is done, and if they follow it. But, anyone that is surprised by this must be really naive.
  • Wouldn't this be easier than hacking the hardware? The FTC has been pretty good about holding websites to their privacy policies, so assuming...

    Yeah right, after they have sold the data to Spamlord Wallace and a whole bunch of other similar a**holes... How can you be so naive...

  • > I wonder when Microsoft is going to sue over X's use of the word "Windows."

    I'm not managing to get all the cobwebs out of the way, but it seems to me that in the late 80's, ms made a big deal about "windows" itself *not* being a trademark, but I forget why.

    The Apple II recognized windows on its screen--you poked upper, lower, left, and right boundaries into page 0 (was it addresses 12-15???) to redefine the printing window. Radio Shack also called a portion of their screen (a single character, iirc) used for the speach synthesizer a window.

    There were otheres, too; mMicrosoft *couldn't* have made a claim of orininality in the use of "windows" . . .

    >Isn't this just a return to the old days of copy protection via
    >manual keyword lookup?

    Argh. My copy of master of orion works that way, even *with* the cd in the drive (it was never meant for cd; the cd just has a .bat to start things). Once you're well into a game, it asks you to identify a ship type, and gives you a ppage range. It ends the game after three failures--and my wife threw out the manual with the newspaper.

    Fortunately, you can give a three-fingered salute when it pops up the thrid one, and take up a few turns back . . .

    hawk, who would be seriously annoyed andnever buy another of their games over this if it weren't for the fact that he only paid $2 for it at the dollar store . . .

  • In other words, the id not only helps them trakck you, but also tells them which magazine they sent it from . . .

  • And Radio Shack has your real name, address and phone number on record.. (They have been asking for this information
    sence the 1980s.. to give them credit this data lasts only a month.. they clear out old records they only want data on frequent

    How did Radio Shack get my real name, address and phone numnber? I have 2 CueCats. Picked up one at Pentagon City Mall, Arlington VA during a 2600 meeting. Gave them this handle and a fabricated address.

    The second one I picked up at a Radio Shack in Tennessee. Gave them a different fake name, address, phone.

    Now, please tell me how they now have my real name, address and phone number? This sounds like something out of a Will Smith movie or something!

    Even when the CueCat that they will be sending because I subscribe to Wired arrives, it will be declawed. When I use it on a BSD system, they will still not know who I am, as far as I know anyway.

    So, please share with us how they are getting the real names of people when they do not even ask for ID of any form, nor do they verify if the address or phone number is valid at the time they enter the data.

    Visit DC2600 []
  • If they had used their brains, they would've used ALL the wires to transmit the ID code.
    Can't do that with a serial EEPROM, by definition. And you still could have hacked it with an X-acto knife.

    Digital Convergence actually made two very different mistakes:

    1. They used an external EEPROM, instead of one on the same chip as their microcontroller.
    2. They used a meaningless obfuscation algorithm instead of a block cypher to "protect" the results.
    Had they done something as simple as DES-encrypting the scanned output with a serial number key that couldn't be scanned by watching an external EEPROM's lines with a storage 'scope, their "IP" would be secure today. However, Digital Convergence either cannot find people who know what a security model is, or management doesn't listen to them. Either way, their tough luck. Dumb business model; I hope they go broke.
    Build a man a fire, and he's warm for a day.
  • Everytime I'm at the grocery store watching people gleefully fork over their discount card, I wonder if they have any idea about what they're doing. I stopped using my card and started paying cash - the discount just isn't worth it. From the store's perspective, there is no connection between me and what I buy. Some people may wonder, "What's the big deal?" Well, people need to realize that they're PEOPLE, and not just revenue feeds for the commerce machine. I get the feeling that this new approach to marketing wants to turn our society into a mass of pavlovian droids - we advertise, you salivate, and then give us your money.

  • by 1010011010 ( 53039 ) on Thursday September 21, 2000 @05:16AM (#764631) Homepage
    http://www.digitaldemographi []

    The output of the device looks like this (after processing by the keyboard handler):


    The device sends an ALT-F10 first, which is apparently a signal that a scan follows. The next field is the serial number. The third is the barcode type, and the fourth is the barcode data. Fields are separated by periods.
    Here is what the above scan looks like decoded:

    000000002838610102 UPA 040000029311

    This scan was of a UPC symbol on a bag of M&Ms. The output of the cuecat is scrambled using a modified base64 encoding. My software simply applies the inverse of the encoding. The Windows CRQ software does not itself process the scan data like this. It simply inverts the case of the scan and builds a URL using it. The basic form of the URL is as follows:


    With the [SCANDATA] field broken out, it looks like this:


    Here is an example, using the scan data from the M&Ms (try it): zc3Nxe3B7dXJzcnNx.FhMC.c3dzc3Nzc3F6cHJy. 0 []

    My software perserves the serial number, but does not transmit an activation code; it actually substitutes the letters "ACTIVATIONCODE" where they should go. This is enough to prevent the tracking of scans, I think. In fact, their servers do not even check for the validity of the activation code.

    Their Windows software asks a large number of demographic-defining questions before it actually installs the software. The answers are keyed to your "activation code," without which the Windows software will not work. But because they never do data validation server-side, you can still use their web servers without sending tracking data.

    In a separate issue, their "registration database" was not a database (a plain text file, actually), and was stored at a publically accessible URL; they have since disallowed access to it from the internet: ations.txt

    This is what the data looked like:


    TS=09132000082926&FIRSTNAME=frank&LASTNAME=kasica& 02&GENDER=A&AGE=F&OPTIN=1&UID=zRAzCaynOVkBS3XLZDyi NQ

    TS=09132000082936&FIRSTNAME=claude&LASTNAME=perry& R=A&AGE=H&OPTIN=1&UID=4Hacci4hfCygvJaWOCA7-A

    ... the last field ("UID") is presumably the activation code. This means it is trivial to match the weblogs on their servers with your profile data.

    ---- ----
  • Ok, lets say I opt-out. DC also has this clause on their website (from this page []):

    Information may be changed or updated without notice. Digital:Convergence may also make improvements and/or changes in the products and/or described in this information at any time without notice.

    Which leads me to believe that they can, like Amazon, change the terms at a whim to something more beneficial to them.

    If you trust them to have your best interests in mind, go ahead. They are a company. Their responsibility is to their investors, which generally is to maximize their investment. Preserving your rights is not necessarily part of their buisness plan, and if it is included in there, it can just as easily be removed.

  • Europe also has various data protection laws. Some of these marketing schemes are pretty much illegal in europe. The degrees of strictness vary with Germany being the most paranoid and UK being the most relaxed. But overall the DC idea is illegal outside the US.
  • by hawk ( 1151 ) <> on Thursday September 21, 2000 @06:10AM (#764637) Journal

    you are getting sleepy . . . . you will do as I say . . . you will turn on your computer . . . you will --oh, damn, you idiot, you're using windows, you will reboot . . .

    Now, take out your cuecat . . . scan *all* your cd's [*chrotle*] . . . put it in the fishtank and scan your fish . . .


    \begin{plastic phony voice with excessive plastic surgery and stiff hair}

    We interrupt this program to bring you a special report of idiots, believed to belong to a cult, who committed suicide tonight by putting electric devices in fishtanks. In related news, there is a special on exotic sushi at . . .

  • What you need is the Proxomitron []
    It's a little web-proxy which allows you to place filters on all incoming HTML - so you can remove frames and block banners and counters etc.
    This is a good thing in itself and helps to speed up your web access - but it also allows you to put filters on outgoing HTML too.
    So you can set it to lie about who you are, what you're using and where you came from (no referral information).
    ... and it's free. Well not quite - it's 'ShonenWare'. If you like it, the author asks you to go out and buy a Shonen Knife album (his favourite band) !
  • Something the c|net article does not mention, and I wish more attention would be paid to it, is the use of the CC software to track user viewing habits in addition to barcodes.

    The program sits there and listens to the audio feed of your TV. When it hears the CC sound, it takes you to the website, just like scanning a barcode does.

    Now, take a look at the software - there thing uses user profiles (if you have them set up). Each person who uses the computer is encouraged to have thier own profile. So, when Mom sits down and scans stuff out of Family Circle, or watches LifetimeTV, or scans a bag of Gold Medal Flour - bingo! DC now knows this stuff. Dad watches ESPN, drinks Budweiser, and eats Guy's Potato Chips. Little Billy watches Nick Jr., drinks Hi-C, and enjoys Little Debbie sacky cakes. Now all those ads you see in print or on TV can be even MORE targeted. You simply change part of the CC-TV code to reflect the channel that is broadcasting it and you can watch the audience reaction to putting a commercial right at the highlight of the show - do they turn the channel? Do they just sit there and watch the commercials?

    This is so orwellian in it's nature that I am happier now than ever that I don't run Windows and am not fooled into running CC's software.

    Better yet, let's do this hypothetical situation: Pretend that I am a political candidate for the Silly Party. We put on our national convention. At the start of the broadcast, Joe Commentator comes on and says, "Turn on your Cue Cat software folks! The Silly Party will be sending you to various parts of the Silly Party platform during the presentation tonight."

    Instantly, my minions at Silly Party HQ can start watching the audience reaction of the home viewers. Since I am using a teleprompter to give my lecture to the masses, it can be instantly changed and edited. The minions see me getting too many of the "angry white male" audience tuning away and returning to Monday Night Nitro? Simply insert political rhetoric aimed at them. Whoops! Now the latino population is tuning out! Better say something to keep them listening. And this can go on and on and on for the rest of the convention.

    This just scares the crap out of me.

    Vote Nader []
  • DigitalDemographics [] has info on how DigitalConvergence plans to use the transmitted data.

    Seems pretty simple.

  • I just saw this right before submitting it.

    All I could say to the title at was a big sarcasm-dripping "Nooooooooooooooooooooo!".

    The first thing that the reverse engineering discovered, as even reported at Slashdot, was a unique ID at the start of every scan, same sequence of characters for each scan but different for each cat device.

    And that was about a month ago. Only *now* are people discovering this?

    What's amazing is that the trackign they are doing is really no different from what the industry 'accepts' as standard for banner ads, web bugs, and javascript, with the same amount of control (read: none) the user has on deciding what information to share. Hypocrits.

  • The difference here is that the Neilsons are "anonymized" before being handed over to the networks.

    This software has the capability to specifically state: "Mr. Bush, Mr. Herman Munster (addresslookup="1313 Mockingbird Lane") (partylookup="Republican, registered") was watching your speech at 7:05PM but did not have the audio on when we tweedled the audience at 7:09. As a matter of fact, we discovered that he switched to the Gore broadcast on CBS at 7:14PM. At 7:19, our call center tried his house but got his answering machine, so we've scheduled the door-to-door people to stop by his house on Wednesday evening. According to his scanner report, he has scanned Winston cigarettes (productcategory=POLITICAL, product=WINSTON CARTON), so we'll hit him with Gore's zero-smoking-tolerance plans for national parks. Don't worry, sir, we'll have him voting Republican by Friday."

    It's just information flow, really. Do you want to see it happen this way?


    The Church of the SubGenius [] -- because somebody had to put all that slack in there...

  • I always laugh when I see people paying more just to avoid some little demographics.

    I mean, honestly, what do I care that when I buy some groceries they can link that to Herman Munster at 1313 Mockingbird lane, etc?

    Just apply for many discount cards and pick a random one. When you've used one almost enough to allow them to come up with a shopper-profile, even if for a fake identity, throw it away and make another.
  • by Roblimo ( 357 ) on Thursday September 21, 2000 @05:30AM (#764659) Homepage Journal
    Yes, Dodger, we know everything about you now, including that little pants-wetting episode when you were in kindergarten that you thought everyone forgot but was entered in your *permanent record* and is accessible to anyone who knows the serial number of your Intel PII and has a barcode scanner.

    - Robin
  • This just scares the crap out of me.
    Why? It's just Neilsen ratings on steroids and crack at the same time. People are often concerned about privacy in the wrong ways. Ask yourself if a supposed "privacy breach" diminishes your freedom, or gives someone else undue power over you. If it does either, be pissed off, otherwise, who cares? And if you're really concerned, demand reciprocal loss of privacy. demand that the people collecting that data publish the same data bout themselves. If an insurance company does genetic profiles, demand that the top 100 officers of that company publish the same data about themselves. If the IRs asks a bunch of intrusive questions, demand that IRS officers, auditors, etc. provide the same information. Often, two-way flows of information can remove the damaging effects of one-way flows without reducing the usefulness of the information flow. Preventing information flow is often put forward as The Only Solution when it is in fact neither the only solution or best solution.

    ---- ----
  • Which leads me to believe that they can, like Amazon, change the terms at a whim to something more beneficial to them.

    If they do in fact delete you from the database before you have ever scanned ANYTHING, then they have no data to sell and no way to collect the data. If they don't, you sue them for big bucks, or the FCC fines them for big bucks.

    Just have yourself deleted BEFORE they change their policy. Otherwise, even if you have cut the wire, they may still have some data about you in their database, such as your IP address.

  • ...placing the offending domains on my /etc/hosts file (actually, my E:\WINNT\System32\drivers\etc\hosts file) as That way, all the DoubleClick banner ads are replaced with "Cannot Find Server."
  • by plover ( 150551 ) on Thursday September 21, 2000 @06:44AM (#764674) Homepage Journal
    I think Digital Convergence may soon change the rules.

    For the moment, let's assume D.C. is not totally without clue, and that they are capable of reading the many Slashdot postings, and have been following many of the hacking pages. (No extra jokes about the size of this assumption -- as they say on Wall Street, "past performance is no guarantee of future performance.") They're obviously concerned, if they haven't yet thrown in the hacker towel.

    The question is: What should they do about all of this rogue analysis?

    I see a couple alternatives for them:

    1. Do nothing. By doing nothing, they acknowledge that "unregistered users may use their database." They still capture some demographic info: product scanned & IP address, notably. It won't be tied to a specific user as well as the scanner ID, and it won't give them the name / gender / zipcode stuff they might want, but it's still valuable data as to "how much" is their scanner being used.
    2. Block access to invalid serial numbers. It sounds like their desktop software is already complaining if it receives a "bad" serial number from a modified scanner. Their server could also perform such a check. Their server optionally could lookup the scanner number on a table, making sure that it's in a range of devices actually produced and not something like zero.
    3. Block access to invalid activation codes. Their server could be modified to reject requests from activation codes that are not found on the database. This might have performance implications on their end, as well as denying themselves their free (as in beer) demographics.
    Before D.C. runs off to implement 2 and 3 above, I would like to point out that both of these denial methods will be circumvented by hackers within an hour of being implemented.

    A cursory glance at the serial numbers in a couple of units (as well as data gleaned from the web) shows that the serial number does not seem to incorporate any kind of checksum, so any random number passed by a browser would probably work today. However, their client software could be set up to reject scanner input coming from a modified scanner. Why do this? Mostly to annoy the people who went out and cut the trace to the ID chip. Of course, these people will simply go to Radio Shack and pick up another scanner, costing D.C. more money, but they could. At least they could claim their software won't be party to any hardware hacking.

    The activation code would be the tough one for a hacker to derive. First, they could use something like a doubly-signed MD5 signed activation code. Take the activation code (aaa...a) and sign it with a key they'd be willing to hide in their Windows client software (SSSS). Then, sign the whole aaa...aSSSS with a secretly held key (kkkk) known only to their servers.
    key format: aaaaaaaaaaaaaaaaSSSSkkkk
    The client application can check the value SSSS to see if the activation code being entered was created by D.C. (or forged by someone who disassembled their code.) This would stop the casual AOL user from typing in all zeros for the activation code. The server, however, would be the ultimate arbiter of who gets served, and could be set to only honor requests from Officially Signed activation codes..

    This one actually has an interesting side effect that could be a 'benefit' for D.C. -- if they consistently received an unissued activation code that was signed, but the server signature is not valid, they might use that as evidence that the code is coming from someone who has circumvented their program's activation code, violating the DMCA in the process. "Lookee here Miz Reno, we caught us a hacker!" The truly insidious part of this plot is that they could institute it immediately (as soon as the software is ready.) I am assuming that a company that avoids enough ethics to inform their users of the marketing purposes behind their "free" (as in beer) scanner would already have their software set up to perform automatic "upgrades" to itself. They download new software, generate new doubly signed activation codes, and wait for the flies to be drawn to their website.

    So, the hackers will be reduced to using other peoples' activation codes. Not the end of the world for them, as long as they're not personally being tracked, kind of like using your mom's Grocery Shopper Saver barcoded keytag. Someone will eventually post a couple to the web, the "hackers" will pounce on them, and D.C. will shut them down until the next round is posted.

    The final analysis? Going down the "denial" path means a never ending circle of hacker harrassment that NEVER ADDS A DIME TO D.C.'s BOTTOM LINE. I emphasize that because any countermeasures taken by D.C. can't actually gain them any more revenue or extra users, but only serve to embroil them in expensive lawsuits that some high-school kid will never pay in his lifetime anyway. Allowing the hacked units to continue to use their database gives them MOST of the demographic data they originally intended to collect. (Privacy wonks can still use the anonymizer to get their data if they're really paranoid, but most hackers using dialups are fine letting sites like this see their temporary IP address. It's effectively anonymous enough.)

    I hope D.C. doesn't feel the need to wage war upon its "extra" customers. They already can't "win" it if they choose to fight, but they can certainly "lose" it.


    The Church of the SubGenius [] -- because somebody had to put all that slack in there...

  • by Riplakish ( 213391 ) on Thursday September 21, 2000 @04:41AM (#764677)
    From the CNet article:
    "There is a unique ID within the CueCat so that we can see that some Cats came from Forbes and some came from Wired," said Dave Mathews, vice president of new product development at DigitalConvergence. "(But) individualized serial numbers are not designed to track individual behavior."

    If all you want to track is whether a Cat came from Forbes/Wired/RadioShaft then you don't need a unique ID for each Cat. A simple (Forbes = 1 : Wired = 2 : RS = 3) ID is all that is necessary. All Forbes users would have an ID of 1, etc., and now there are no privacy concerns. I'm sorry, but these guys are inept from top to bottom: business model, data security, and PR. Everyone jump on for this one, because DC probably won't last the year.

  • by spinfire ( 148920 ) <> on Thursday September 21, 2000 @04:42AM (#764678) Homepage
    Sorry for Digital Convergance, but the firsst thing i did after i got a cuecat to play with was cut the wire and disable the ID.

    Also, by using the Free drivers the ID is effectively disabled. I assume that DC was much more pissed about their data collection scheme being circumvented by the Linux software than by their 'Intellectual Property' being stolen.

    Unfortunatly, a lot of companies collect such data (IE, blockbuster card, stop+shop discount card). Whenever you let someone identify you with a number for your own convenience your privacy is at risk.

  • So? Find a crack.

    They're perfectly legal and make life easier.

    I crack *all* my software. Even the annoying stuff like Q3 that has a serial number, well at least I don't have to have the CD in the drive as well.

  • Chuckle.

    You know, writing the software to sort and arrange the data from supermarket cards would be ammusing. Hmmm, I don't like Brand X because they're affiliated with Brand Evil, so a random percentage of their sales will appear to be from Brand Y instead...

    Just do something subtle, pepsi selling less than coke, colgate less than crest, etc.

    If you dislike the store, show the brands that don't sell as being high-sellers. If you don't like one of the companies, show their products as not selling, etc.

    Show weird combos like tampons and porno mags and tequila always selling together.
  • okie, so lets just take an inventory about what corporations track now and poeple accept as normal:

    - grocery store buying habits(shopper cards)
    - web page demographics
    - TV viewing habits(for ratings)
    - email being scanned by the company you work for
    - Web pages filtered at work and soon to come, libraries

    so this is all considered normal and okay by most poeple. CueCat and things like it are just the next step. Poeple in general like being counted, if you give them a good reason to use it, they don't care what ramifications there are. I still use a shoppers card because it supposedly saves me money, I let web sites save cookies on my computer because I like reading the info on the site.

    So if you give poeple a reason to use the CueCat(for example we will only show you comercials and news stories based on what you are interested in) then they wont care how much info they take from them.

    We are fighting a losing battle here. Yes DC approached it stupidly, but this will happen sooner than later because the mass public doesn't care.

    Customization of the world = loss of privacy
  • Great! They can match a serial number to an activation code, to a user? And they're going to sell this information to marketing departments? Wonderful!

    Ok, I'll make a Javascript popup on my page, (by click only, not an auto-popup) that people with similar tastes in music, books, and products can use to register their support of an item.

    Click the button, let the DC webpage load, then kill it. You've just registered one vote for the continued existance of whatever product or service you scanner.

    Best yet, after salting the DC database with these false hits, and recording evidence of it, you simply release this evidence to the public (in a slashdot posting and email to a few tech correspondents) and show that DCs demographics are largely false. Nobody will want to buy demographic information that has been tampered with, its value will drop to zero and DC will have nothing.

    So we just wait for their privacy policy for change, or for them to start taking people to court. When they do, we ruin them. Until then, we use them to promote products we like without having to actually go and buy multiples of our favorite CDs, etc.
  • by John Jorsett ( 171560 ) on Thursday September 21, 2000 @06:55AM (#764686)
    <GRUMPINESS>Who cares what these people are doing with CueCat data? No one I know is inclined in the least to install the CueCat, much less use it to scan magazine bar codes. I think the idea comes from some marketing drone's graduate thesis, and s/he was lucky enough to find a company dumb enough to implement it. The .001% who actually use it deserve to have whatever passes for their personal lives invaded.</GRUMPINESS>
  • opting out opted out of using the 'cat with their web site.

    And the problem with opting out of using the 'cat with their website was what again?????

    If you picked up the scanner for some other purpose besides scanning Radio Shack catalogs or Wired/Forbes magazines, then why not opt out of the database?

    Even if you registered at Radio Shack under some other name, they still would be able to link your IP address (and therefor your ISP) to your particular scanner.

    All I'm saying is that disabling the scanner mechanically isn't a fool proof solution since DC would still have your data. Even if you threw them in SF Bay as was mentioned, they still would have your data (albeit likely falsified) in their database, so why NOT take them up on their offer to delete it?

  • 1) When ever anyone (website, user, or anyone in life, say a business) asks you for any personal information (anything at all!), ask yourself whether this information should be necessary to complete the transcaction, and act accordginly.
    When Radio Shack asks for your name, say 'Sorry, you don't need to know it.'. If they have a problem with that, leave the store immediately.
    Same with any other store. Use discretion of course...

    When a website asks you for anything, even your email address, ask yourself why they need it. If it's to mail you a 'password' to the site, perhaps they do need it. Perhaps not.

    Also, you can set up (though for most this won't help) a mail server in several ways so that you can receive mail on multiple accounts, so you can tell what's what.

    For instance, this morning, I got this. now I KNOW the asshole snagged the address form slashdot...

    Received: from ( [])
    by (8.9.3/8.9.3/Debian/GNU) with ESMTP id BAA31476
    for ; Thu, 21 Sep 2000 01:05:09 -0700
    Received: from (unknown [])
    by (Postfix) with SMTP
    id 3AD17290C4; Thu, 21 Sep 2000 05:22:37 +0200 (CEST)
    Subject: So, How in the heck have you been?
    Date: Thu, 21 Sep 2000 05:22:37 +0200 (CEST)

    So, How in the heck have you been?

    Do you remember holding previous conversations regarding business and
    money making opportunities? I did not send this to you in error!

    You Said:

    If only I could find an easier way to make a higher income!


    If I had more money, I could spend more time with my Family, and less
    time at work and I sure could use more money so I could pay off my
    bills once and for all!


    I would love to get involved in a business in which will generate money
    while I am not at work (like a Gas Pump)!

    Dear Friend,

    There is a possibility that we haven't met, but you were chosen by
    someone to receive this E-Mail. Please, please, print this off and
    read thoroughly. Be sure that you don't miss any of the points
    outlined. Then put it down, and then read it again. I am sending
    you a whole lot of information in which you might not understand
    the first time you read it. If you don't believe this program
    will work for you, send it to 10-20 of your closest friends
    (in which you trust deeply), and ask them what they think?
    This really works! Have faith, don't miss this opportunity,
    get involved also, and it will work for you as it does for us!!!!

    Due to the popularity of this letter on the Internet, A Major Nightly
    News Program recently dedicated an entire show to the investigation of
    program described below to see if it really can make people money.
    The show also investigated whether or not the program was legal. Their
    findings proved that there are absolutely no laws prohibiting the
    participation in the program. This has helped to show people that this
    is a simple, harmless and fun way to make extra money at home. The
    results have been truly remarkable. So many people are participating
    that those involved are doing much better than ever before. Since
    everyone makes more as more people try it out, its been very exciting.

    You will understand only if you get involved!
    ********** THE ENTIRE PLAN IS HERE BELOW **********
    **** Print This Now For Future Reference ****

    $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$
    If you would like to make AT LEAST $50,000 in less than 90 days! If not,

    forward this to someone who would like to make this kind of money.
    It works (like designed) but only for those who follow it to the letter!

    Please read this program THEN READ IT AGAIN!!
    $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$

    require you to come into contact with people or make or take any
    calls. Just follow the instructions, and you will make money. This
    simplified e-mail marketing program works perfectly 100% EVERY TIME!

    E-mail is the sales tool of the future. Take advantage of this virtually

    free method of advertising NOW!!! The longer you wait, the more people
    be doing business using e-mail. Get your piece of this action!!!

    Hello, My name is Johnathon Rourke, I'm from Rhode Island. The enclosed

    information is something I almost let slip through my fingers.
    Fortunately, sometime later I re-read everything and gave some thought
    and study to it. Two years ago, the corporation I worked for the past
    twelve yearsdown-sized and my position was eliminated. After
    job interviews, I decided to open my own business. Over the past year,I
    incurred many unforeseen financial problems. I owed my family, friends
    creditors over$35,000. The economy was taking a toll on my business and
    just could not seem to make ends meet. I had to refinance and borrow
    my home to support my family and struggling business.

    AT THAT MOMENT something significant happened in my life. I am writing
    to share the experience I hopes that this could change your life

    In mid December, I received this program in my e-mail. Six months prior
    receiving this program I had been sending away for information on
    business opportunities. All of the programs I received, in my
    not cost effective. They were either toodifficult for me to comprehend
    the initial investment was too muchfor me to risk to see if they would
    But as I was saying, in December of 1997 I received this program.I
    send for it, or ask for it, they just got my name off a mailing list.


    After reading it several times, to make sure I was reading it correctly.
    couldn't believe my eyes! Here was a MONEY MAKING MACHINE I could start
    immediately without any debt. Like most of you I was still a little
    skeptical and a little worried about the legalaspects of it all. So I
    checked it out with the U.S. Post Office (1-800-725-2161 24-hrs) and
    confirmed that it is indeed legal ! After determining the program was
    I decided WHY NOT!?!??

    Initially I sent out 10,000 e-mails. It cost me about $15 for my time
    on-line. The great thing about e-mail is that I don't need any paper for

    printing to send out the program, and because I also send the product
    (reports) by e-mail, my only expense is my time. In less than one week,I
    starting to receive orders for REPORT #1.

    By January 13, I had received 26 orders for REPORT #1. Your goal is to
    SEND OUT MORE PROGRAMS UNTIL YOU DO. My first step in making $50,000 in
    days was done. By January 30, I had received 196 orders for REPORT #2.

    Well, I had 196 orders for REPORT #2. 96 more than I needed. So I
    sat back and relaxed.

    By March 1, of my e-mailing of 10,000, received $58,000 with more coming
    every day. I paid off ALL my debts and bought a much need new car!
    take your time to read this plan, IT WILL CHANGE YOUR LIFE FOREVER$!!!
    Remember, it won't work if you don't try it. This program does work, But
    must follow it EXACTLY! Especially the rules of not trying to place your

    name in a different place. It won't work and you'll lose out on a lot of

    money! In order for this program to work, you must meet your goal of 20+

    orders for REPORT #1, and 100+ orders for REPORT #2 and you will make
    $50,000 or more in 90 days.


    If you choose not to participate in this program, I am sorry. It really
    is a great opportunity with little cost or risk to you. If you choose
    toparticipate, follow the program and you will be on your way to
    financial security. If you are a fellow business owner and
    are financial trouble like I was, or you want to start your own
    business, consider this a sign. I DID! $$

    Johnathon Rourke

    have read the enclosed program and reports, you should have concluded
    such a program, and one that is legal, cpuld not have been created by an

    amateur. Let me tell you a little about myself. I had a profitable
    for 10 years. Then in 1979 my business began falling off. I was doing
    same things that were previously successful for me, but it wasn't
    Finally, I figured it out. It wasn't me, it was the economy. Inflation
    recession had replaced the stable economy that had been with us since
    I don't have to tell you what happened to the unemployment rate because
    of you know from first hand experience. There were more failures and
    bankruptcies than ever before. The middle class was vanishing. Those who

    knew what they were doing invested wisely and moved up. Those who did
    including those who never had anything to save or invest, were moving
    down into the ranks of the poor. As the saying goes, THE RICH GET RICHER

    ANDTHE POOR GET POORER. The traditional methods of making money will
    allow you to move up or get rich, inflation will see to that You have
    received the rest of your life, with NO RISK and JUST A LITTLE BIT OF
    EFFORT. You can make more money in the next few months than you have
    everimagined.I should also point out that I will not see a penny of this

    money, nor anyone else who has provided a testimonial for this program.
    retired from the program after sending thousands and thousands of
    Follow the program EXACTLY AS INSTRUCTED. Do not change it in any way.
    works exceedingly well as it is now. Remember to e-mail a copyof this
    exciting report to everyone you can think of. One of the people you send

    this to may send out 50,000 and your name will be on everyone of them!
    REMEMBER though, ------ the MORE YOU SEND OUT, the more potential
    you will reach. So my friend, I have given you the ideas, information,
    materials and opportunity to become financially independent.


    BEFORE YOU delete this program from your in box, as I almost did, take a

    little time to read it and REALLY THINK ABOUT IT. Get a pencil and
    figure out what could happen when YOU participate. Figure out the worst
    possible response and no matter how you calculate it, you will still
    make a
    lot of money! You will definitely get back what you invested. Any doubts
    have will vanish when your first orders come in. $$$ IT WORKS!!! $$$

    Jody Jacobs Richmond, VA.


    This method of raising capital REALLY WORKS 100% EVERY TIME. I am sure
    that you could use up to $50,000 or more in the next 90 days. Before you
    BULL, please read this program carefully. This is not a chain letter,but
    perfectly legal money making business. As with all multi-level
    we build our business by recruiting new partners and selling our
    Every state in the USA allows you to recruit new multi-level business
    partners, and we sell and deliver a product for EVERY dollar received.

    involved in personal selling. You do it privately in your own home,
    store or
    office. This is the EASIEST marketing plan anywhere! It is simply order
    filling by e-mail! The product is informational and instructional
    keys to the secrets for everyone on how to open the doors to the magic
    of E-COMMERCE, the information highway, the wave of the future !


    (1) You order the 4 reports listed below ($5 each) They come to you by

    (2) Save a copy of this entire letter and put your name after Report #1
    move the other names down.

    (3) Via the internet, access or any of the other major search

    engines to locate hundreds of bulk e-mail service companies (search for
    email) and have them send 25,000 50,000 emails for you about $49+.

    (4) Orders will come to you by postal mail simply e-mail them the
    Report they ordered. Let me ask you isn't this about as easy as it

    By the way there are over 50 MILLION e-mail address with millions more
    joining the internet each year so don't worry about running out or
    saturation. People are used to seeing and hearing the same
    advertisements every day on radio/TV. How many times have you received
    the same pizza flyers on your door? Then one day you are hungry for
    and order one. Same thing with this letter. I received this letter many
    times then one day I decided it was time to try it.


    Order the four reports shown on the list below (you can't sell them if
    you don't order them). For each report, send $5.00 CASH, the NAME &
    ADDRESS (in case of a problem) to the person whose name appears on the
    CASE OF ANY MAIL PROBLEMS! Within a few days you will receive, by e-mail

    each of the four reports.Save them on your computer so you can send them
    the 1,000's of people who will order them from you.


    a. Look below for the listing of the four reports.
    b. After you've ordered the four reports, delete the name and address
    under REPORT #4. This person has made it through the cycle.
    c. Move the name and address under REPORT #3 down to REPORT #4.
    d. Move the name and address under REPORT #2 down to REPORT #3.
    e. Move the name and address under REPORT #1 down to REPORT #2.
    f. Insert your name/address in the REPORT #1 position. Please make sure

    COPY ALL INFORMATION, every name and address, ACCURATELY!

    STEP #3. Take this entire letter, including the modified list of names,
    and save it to your computer. Make NO changes to these instructions. Now
    are ready to use this entire e-mail to send by e-mail to prospects.

    Report #1 will tell you how to download bulk email software and email
    address so you can send it out to thousands of people while you sleep!
    Remember that 50,000+ new people are joining the internet every month!
    Your cost to participate in this is practically nothing ( surely you can

    afford $20 and initial bulk mailing cost). You obviously already have a
    computer and an Internet connection and e-mail is FREE! There are two
    primary methods of building your downline: METHOD #1: SENDING BULK
    let's say that you decide to start small, just to see how it goes, and
    assume you and all those involved email out only 2,000 programs each.
    also assume that the mailing receives a 0.5% response. The response
    could be
    much better. Also, many people will email out thousands of thousands of
    programs instead of 2,000 (Why stop at 2000?) But continuing with this
    example, you send out only 2,000 programs. With a 0.5% response, that is

    only 10 orders for REPORT #1. Those 10 people respond by sending out
    programs each for a total of 20,000. Out of those 0.5%, 100 people
    and order REPORT #2.Those 100 mail out 2,000 programs each for a total
    200,000. The 0.5% response to that is 1,000 orders for REPORT #3. Those
    1,000 send out 2,000 programs each for a 2,000,000 total. The 0.5%
    to that is 10,000 orders for REPORT #4. That's 10,000 $5 bills for you.
    CASH!!! Your total income in this example is $50 + $500 + $5000 +
    for a total of $55,550!!!

    INSTEAD OF 2,000. Believe me, many people will do just that, and more!

    METHOD #2 PLACING FREE ADS ON THE INTERNET Advertising on the internet
    is very, very inexpensive, and there are HUNDREDS of FREE places to
    advertise. Let's say you decide to start small to see how well it works.

    Assume your goal is to get ONLY 10 people to participate on your first
    level. (Placing a lot of FREE ads on the Internet will EASILY get a
    response). Also assume that everyone else in YOUR ORGANIZATION gets only
    downline members. Look how this small number accumulates to achieve the
    STAGGERING results below:

    1St level your first 10 send you $5........................$50
    2nd level 10 members from those 10 ($5 x 100)............$500
    3rd level 10 members from those 100 ($5 x 1,000)......$5,000
    4th level 10 members from those 1,000 ($5 x 10,000)..$50,000
    $$$$$$ THIS TOTALS
    ------------------------------------------------ 55,5550

    AMAZING ISN'T IT Remember friends, this assumes that the people who
    participate only recruit 10 people each. Think for a moment what would
    happen if they got 20 people to participate! Most people get 100's of
    participants and many will continue to work this program, sending out
    programs WITH YOUR NAME ON THEM for years! THINK ABOUT IT!
    People are going to get emails about this plan from you or somebody else
    many will work this plan the question is Don't you want your name to be
    the emails they will send out?

    *** DON'T MISS OUT !!!***
    ***JUST TRY IT ONCE !!!***
    ***SEE WHAT HAPPENS !!!***
    ***YOU'LL BE AMAZED !!!***

    the e-mail THEY send out with YOUR name and address on it will be prompt

    because they can't advertise until they receive the report!

    Make sure the cash is concealed by wrapping it in two sheets of paper.
    one of those sheets write:

    (a) the number & name of the report you are ordering
    (b) your e-mail address, and
    (c) your name & postal address.

    REPORT #1b The Insider's Guide to Advertising for Free on the Internet

    ST.PAUL, MN 55102

    NOTE: I and every member below are dedicated at helping you with this
    program so it will work for you also. TRY US!

    REPORT #2 The Insider's Guide to Sending Bulk E-Mail on the Internet

    1811 TAMARIND AVE # 206
    LOS ANGELES, CA. 90028

    REPORT #3 The Secrets to Multilevel Marketing on the Internet

    CONOVER, WI 54519

    REPORT #4 How to become a Millionaire utilizing the Power of Multilevel
    Marketing and the Internet

    CONWAY, SC 29527

    *************TIPS FOR SUCCESS***************
    TREAT THIS AS YOUR BUSINESS! Be prompt, professional, and follow the
    directions accurately. Send for the four reports IMMEDIATELY so you
    will have them when the orders start coming in because: When you
    receive a $5 order you MUST send out the requested product/report.
    It is required for this to be a legal business and they need the
    reports to send out their letter (with your name on them).

    patient and persistent with this program- If you follow the
    instructions exactly results WILL FOLLOW. $$$$

    ************ YOUR SUCCESS GUIDELINES ***************

    Follow these guidelines to guarantee your success: If you don't receive
    20 orders for REPORT #1 within two weeks, continue advertising or
    e-mail until you do. Then a couple of weeks later you should receive at
    least 100 orders for REPORT #2. If you don't continue advertising or
    e-mail until you do. Once you have received 100 or more orders for
    #2, YOU CAN RELAX, because the system is already working for you, and
    cash will continue to roll in! THIS IS IMPORTANT TO REMEMBER: Every
    your name is moved down on the list, you are placed in front of a
    report. You can KEEP TRACK of your PROGRESS by watching which report
    are ordering from you. To generate more income, simply send another
    batch of
    e-mails or continue placing ads and start the whole process again! There
    no limit to the income you will generate from this business! Before you
    your decision as to whether or not you participate in this program.
    answer one question:


    1. If the answer is no, then please look at the following facts about
    this super simple MLM program: NO face to face selling, NO meetings, NO
    inventory! NO Telephone calls, NO big cost to start! Nothing to learn,
    No skills needed! (Surely you know how to send email?)

    2. No equipment to buy you already have a computer and internet
    connection so you have everything you need to fill orders!

    3. You are selling a product which does NOT COST ANYTHING TO PRODUCE OR
    SHIP! (Email copies of the reports are FREE!)

    4. All of your customers pay you in CASH! This program will change your
    LIFE FOREEVER!! Look at the potential for you to be able to quit your
    job and live a life of luxury you could only dream about! Imagine
    getting out of debt and buying the car and home of your dreams and
    being able to work a super-high paying leisurely easy business from

    Take your first step toward achieving financial independence. Order
    the reports and follow the program outlined above __ SUCCESS will be
    your reward.

    Thank you for your time and consideration. PLEASE NOT: If you need
    help with starting a business, registering a business name, learning
    now income tax is handled, etc., contact your local office of the
    Small Business Administration (A Federal Agency) 1-800-827-5722
    for free help and answers to questions. Also the Internal Revenue
    Service offers free help via telephone and free seminars about
    business tax requirements. Your earnings are highly dependent on
    your activities and advertising. The information contained on this
    site and in the report constitutes no guarantees stated nor implied.
    In the event that it is determined that this site or report
    constitutes a guarantee of any kind, that guarantee is now void. The
    earnings amounts listed on this site and in the report are estimates
    only. If you have any questions of the legality of this program,
    contact the Office of Associate Director for Marketing Practices,
    Federal Trade Commission, Bureau of Consumer Protection in
    Washington DC.

    Under Bill s.1618 TITLE III passed by the 105th US Congress this
    letter cannot be considered spam as long as the sender includes
    contact information and a method of removal. This is a one time
    e-mail transmission. No request for removal is necessary.

  • by Frederic54 ( 3788 ) on Thursday September 21, 2000 @04:43AM (#764696) Journal
    here's the link []
  • by Daikiki ( 227620 ) <> on Thursday September 21, 2000 @04:44AM (#764697) Homepage Journal
    I have a rather novel way of circumventing this diabolic scheme. It's called a zerox :) Barcodes are surprisingly easy to copy and surprisingly hard to secure. There are even barcode generator plugins available for many popular packages.
  • by Cy Guy ( 56083 ) on Thursday September 21, 2000 @04:44AM (#764698) Homepage Journal
    Per Digital Convergence's Privacy Policy []

    Opt-Out Announcements and Notifications
    For our members' benefit, we offer the ability to opt-out. Just say "No" to any offers we send you. At any time, you may request to be removed from Digital:Convergence's database and we will honor such a request

    Wouldn't this be easier than hacking the hardware? The FTC has been pretty good about holding websites to their privacy policies, so assuming DC provides a way it can be independently verified, this sounds like a simple option.

  • by AFCArchvile ( 221494 ) on Thursday September 21, 2000 @04:44AM (#764699)
    The url of CNet's story( .html? just makes me wonder: Isn't CNet also playing the "demographics" game? They could log where you are by you by your IP, your OS by your browser string, and other things.

    Just goes to show how corruptly curious companies are getting this day in age.

Two percent of zero is almost nothing.