Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

Smart Download eavesdropping for AOL?

By kmself in News
Fri Jul 07, 2000 at 12:52:32 AM EST
Tags: Freedom (all tags)

The Industry Standard reports that a lawsuit, filed in U.S. District Court for the Southern District of New York by Abbey, Gardy & Squitieri, LLP on behalf of Christopher Specht, alleges that AOL is illegally tracking Web surfers, in violation of the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act.

While this is mentioned at Slashdot, it apparently hit the site as "older stuff", below the fold, and isn't readily visible on the main page. I'm relaying it here as I believe it deserves coverage.

Netscape is using SmartDownload to eavesdrop," says the complaint. "It is using SmartDownload to intercept and to send to defendants information about a communication to which defendants are not a party." AOL has yet to comment on the lawsuit.

Allegations are just that -- unproven statements. I've tended to avoid Smart Download myself mostly because tools like wget work better (it doesn't crash ;-), but I've also wondered just how "smart" the tool was. Perhaps too much for its own -- or my -- good?

From its webpage, Abbey, Gardy, & Squitieri are a law firm specializing in class action cases, generally accepting them on contingency. A recent cases list includes claims against Baker-Hughes, Inc., JDN Realty Corporation, Legato Systems, Inc., Microstrategy Inc., and Peapod, Inc, all of which involve alleged securities violations (most appear to be shareholder/stockholder class action suits).

Does anyone have confirming evidence, say nmap, ntop, or other network scanning tool output, to verify that there is indeed backstream traffic to AOL or another site unrelated to a specific download? Is this a germain legal complaint against AOL?

What sorts of data collection should or should not be allowed, and with what degree of user notification? Are lawsuites the right way to go about securing protections?


Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure


Related Links
o Slashdot
o Industry Standard
o reports
o Abbey, Gardy & Squitieri, LLP
o is mentioned
o Abbey, Gardy, & Squitieri
o generally accepting them on contingency
o recent cases
o Also by kmself

Display: Sort:
Smart Download eavesdropping for AOL? | 28 comments (22 topical, 6 editorial, 0 hidden)
Lawsuits as a safety mechanism? (4.00 / 3) (#2)
by eann on Thu Jul 06, 2000 at 09:38:48 PM EST

I have no difficulty believing that the only things less effective than using lawsuits for privacy protection are congressional legislation and industry self-regulation.

For that matter, it could be argued that those aren't even particularly different from each other.

The big shiny answer that we all already know is, of course, education. With education, users could actually make informed decisions about what software to use, and whether it satisfies their privacy requirements at the time. Naturally, educated consumers would, in general, prefer products that they or trusted third parties had access to the source code, to make sure everything's above board.

Man, this feels like preaching to the choir.

Our scientific power has outrun our spiritual power. We have guided missiles and misguided men. —MLK

$email =~ s/0/o/; # The K5 cabal is out to get you.

Re: Lawsuits as a safety mechanism? (4.00 / 1) (#7)
by PresJPolk on Thu Jul 06, 2000 at 11:03:53 PM EST

That's exactly the idea that anti-lawyer sentiments don't understand: Lawyers are the agents of their clients. Lawyers don't sue for their own sake; no lawsuit could ever be intiated that the plaintiff didn't approve.

A lawyer on the side of a good person will do good things. A lawyer on the side of a corporation will do corporate things.

Don't blame the lawyer; blame the client.

[ Parent ]
Sometimes you need to blame the lawyer and the cli (none / 0) (#14)
by Anonymous Hero on Fri Jul 07, 2000 at 08:35:01 AM EST

Enough said.

A Nony Mouse

[ Parent ]

Re: Lawsuits as a safety mechanism? (none / 0) (#16)
by Rasputin on Fri Jul 07, 2000 at 09:52:36 AM EST

That is not universal. It's amazing how many people can be talked into nuisance lawsuits on contingency. The client doesn't know any better and only sees a big pay-off with almost no risk. If the lawyer doesn't approached the client with the idea, the lawsuit will not happen.
Even if you win the rat race, you're still a rat.
[ Parent ]
Re: Lawsuits as a safety mechanism? (none / 0) (#18)
by PresJPolk on Fri Jul 07, 2000 at 11:54:14 AM EST

Again, that's not the lawyer's fault. It's the fault of the existing system that makes any legal action expensive. If simple matters (like the ridiculous ones) were somehow made cheap and easy to resolve, then a "nuisance ulawsuit" wouldn't actually be a nuisance.

Until that kind of change comes, though, it is the lawyer's job to present all options. If a client has a good chance of getting a windfall, a lawyer would be wrong not to suggest it.

Ultimately the client must decide whether it's better to try to get rich, or to be a good person.

Why do you think so many things get settled OUT of court? The love of money is a powerful force for plenty of people. That kind of motivation doesn't get instilled by a lawyer.

[ Parent ]
Preaching to the choir? (3.60 / 5) (#8)
by Joe Groff on Thu Jul 06, 2000 at 11:17:38 PM EST

It seems silly to me to bring up whatever the latest AOL/Microsoft/Mattel/Evil Company of the Day foible is in techie-oriented forums like this one. Most of us (I'm assuming, feel free to tell me off if I'm wrong) do not use most of the software with these invasions of privacy, because we already know that there are better, more trustworthy tools for the job. The people who really need to hear these stories, the uneducated users who obliviously use Outlook and SmartDownload or whatever other junk gets installed for them, most likely never even hear of these exploitations of their rights. There needs to be a way these stories can be channeled to the masses, so the people whom these issues affect can become informed. I have thought this every single time I see a "Mattel breaks children's right again" or "Is your software watching you?" story on Slashdot, K5 or whatever other geek forum. The ensuing discussions often bring up excellent points, occasionally so eloquent they would get the point across to the most mindless PHB, but they are all wasted on us, who already know better.
How long must I travel on
to be just where you are?

Evangilizing Reason. (3.50 / 2) (#9)
by mcwee on Thu Jul 06, 2000 at 11:32:03 PM EST

I think that the problem of "Preacching to the Choir" is secondary. Because K5 is chock-full of folks who are equipped to understand (and thus hopefully explain to the uninitiated) these sorts of sec. probs, it's important that we keep abreast of them so that we can pass the info down the ladder (or techno-food chain, or whatever.) A very small percentage of these sec. risk revelation stories seem to splash in mainstream media (largely because the vast majority of reporters don't have the background to understand and explain the issue.) Thus, for now, the burden falls to folks like us, intermediaries, to find out about ways in which Joe & Jane Computer User are getting boned and fill him/her in. Sure, we're safe (hell, the day there's an ILOVEYOU-type virus which plagues PINE users is the day I press a .44 to my tonsils), but there are plenty of folks (i.e. Mom and Dad and Sis away at college and our Managers) who need us to help them keep themselves safe.

The PMjA; it's a whole new kind of Truth.
[ Parent ]

Re: Evangilizing Reason. (3.50 / 2) (#12)
by Joe Groff on Fri Jul 07, 2000 at 01:22:33 AM EST

I'm sorry that my original post wasn't more clear, but that was half the point I was trying to make. The discussions which stems from these postings are great, and generate some clear, simple explanations of the problem and how to avoid it. What I was trying to say was that these explanations need to be able to float down the technical ladder from the hackers in K5 to Joe and Jane User, which unfortunately happens rarely at best. We can't very well help Joe and Jane User when they very likely don't even know this site exists.
How long must I travel on
to be just where you are?

[ Parent ]
Re: Evangilizing Reason. (2.00 / 2) (#13)
by scorpion on Fri Jul 07, 2000 at 07:37:35 AM EST

I am one of your "Joe and Jane" users and I found the article very interesting! Yes I may have a bit more knowledge than some , but I am aware of this site (K5) and find these postings useful. Some I can pass on to others who are less kowledgable than me. I was not aware of other types of software for downloads which "may" avoid this potential issue.

[ Parent ]
Sunlight (4.00 / 1) (#11)
by kmself on Fri Jul 07, 2000 at 01:13:54 AM EST

One of the primary motives I had in posting this story was to get some light on it. I'm not committed one way or the other (other than being committed ;-), but I have a slight leaning toward AOL in this instance. The article is very short on technical details, the law firm has a strident bent toward shareholder class action suites, and the plaintiff is an unknown. There are a number of hits at Google matching this name, I've no idea whether they're related to the plaintiff or not.

My submission is really at face value: more data required. Is there any supporting technical evidence for the apparent claims of this case, and can we please get some additional information on it. While I feel personal privacy is a crucial, and much abused, right of individuals online, I don't want the banner stained by inappropriate actions either.

At this point I've contacted Keith Perine, the Standard's reporter, and received a number for AG&S. I've left a message for Mark Gardy there. We'll see what next steps are.

Besides, with Rusty no longer a tenant of the Great Satan of Internet Access's exective suite, we can avoid conflict of interest charges from our last battle with them <g>.

Let's get some light over here.

Karsten M. Self
SCO -- backgrounder on Caldera/SCO vs IBM
Support the EFF!!
There is no K5 cabal.
[ Parent ]

Re: Yes, preaching to the choir. (none / 0) (#15)
by eann on Fri Jul 07, 2000 at 09:19:49 AM EST

When I threw in that trite little expression, I wasn't talking about the article itself. I was talking about my advocacy of the general solution to problems of this sort: education and open source. Around here, that's little more than a statement of what most of us consider obvious.

So I'm gonna stick with kmself on this one. This is a useful article, and hopefully the discussion will actually involve someone checking this out and relaying his results to us, or someone having an insight about how we can use information like that to help educate those around us.

Our scientific power has outrun our spiritual power. We have guided missiles and misguided men. —MLK

$email =~ s/0/o/; # The K5 cabal is out to get you.

[ Parent ]
Potential danger in this lawsuit? (4.00 / 1) (#17)
by Stargazer on Fri Jul 07, 2000 at 10:25:53 AM EST

Something about this whole issue strikes me as very odd. It's one of the few invasions of privacy that is actually having legal action taken against it. However, it's also the most scantly-described snooping issue I've ever seen.

This pairing really throws me off. We have had plenty more such breaches of privacy wherein there was serious technical knowledge about the offense, while no such action was taken. Even J. Random Computerphobe heard about some of them -- the RealJukebox fiasco received a one-page story/editorial in Time. Yet nobody took action on any of these.

Why hasn't anyone tried to sue RealNetworks or Mattel, where the evidence is much more concrete and, as a result, the damage more tangible? Or, if this snooping on the part of AOL is actually taking place, why don't we have more information about it?

I see some serious threats in filing a lawsuit if it is, in fact, so unfounded. If this is the actual case, AOL will (rightfully) win. What results from that is what gives me worry: the most likely result is that AOL (and, on the side, proprietary software vendors in general) will gain users' trust where it may not actually be warranted. It may not stop there, though. Goodness knows what crazy spin AOL's PR people could put on it. If the judge is poor, and overreaches the case, we could end up with a poor legal precedent (remember what Microsoft II said). Granted, it wouldn't be from the Supreme Court, but in this age when technological law is shaping quickly and the courts are playing a major role, every ruling counts. Some of these are unlikely, but I see them as possibilities, and scary ones at best.

Does anyone else find this combination of legal action and unknown allegations so disturbing?

-- Brett Smith

Feedback to the Mothership (3.80 / 4) (#19)
by Metrol on Fri Jul 07, 2000 at 12:13:51 PM EST

As a webmaster with a dial-up connection from home I ran into a couple of oddities concerning Netscape's browser that I haven't seen anyone really discuss before.

One day I was running through a ton of QA'ing of a web site I had on my local hard drive. At the time I wasn't dialed into the Internet since I really had no need to be. The site I was working on was all static HTML, with a wee bit of Perl to pop up some local banners. Again, this is all on my local hard drive, and the site was made up of all relative links. Since I was doing a LOT of clicking around to verify every nook and cranny I was generating a lot of hits.

Everything was looking pretty good... that was until the browser reported an error saying that it couldn't reach a domain. At first I thought it was an absolute link that I hadn't found. I searched all over, couldn't find or even duplicate the problem. About 15-20 minutes later, same error pops up. After doing even more investigating, it turned out that the domain it was trying to reach was one of Netscape's servers!

This was on the Windows version of Netscape 4.x. I never did figure out what was trying to be sent to Netscape, but it seemed to activate after a healthy number of clicks.

The other thing that bothers me is if I bring up Netscape on Linux without having a connection to the Internet. Mind you, my start up page is blank. With no connection, Netscape essentially locks up for a while. Again, no idea why it would need a connection. I don't see this ever happen with the Windows version.

Is it possible that Netscape is doing tracking behind are backs? Based on what little evidence I've got, I wouldn't doubt it for a second.

Re: Feedback to the Mothership (none / 0) (#21)
by h2odragon on Fri Jul 07, 2000 at 03:14:32 PM EST

Netscape locking up on linux sounds like it might be DNS related.

I have not caught netscape making connections it wasn't supposed to, windows or linux, as of yet. I thought I had a couple of times, but they turned out to be legit on further investigation. I haven't made a serious study of the issue, not having time, but I'd love to see the results of such study.

[ Parent ]
Re: Feedback to the Mothership (none / 0) (#24)
by Anonymous Hero on Fri Jul 07, 2000 at 08:41:17 PM EST

I get Netscape lockups if I try to start it up with my ethernet interface up, but not connected to anything. Netscape apparently always tries to connect to home.netscape.com, apparently just to make sure it's still alive. With the ethernet interface up, I guess it has to wait for a DNS timeout or somesuch. With the ethernet interface down, it starts fine and whines about not being able to find its servers, then works fine.

I've also read large numbers of pages offline using Netscape, but haven't encountered any attempts to connect to the net after the initial startup, though.

As a side note, I don't have Netscape mail configured completely. For instance, my return address is not a full e-mail address. At random times when browsing certain websites, I get a message that it can't send e-mail because the return address I've specified is invalid (doesn't contain an @ sign) This is enough to make me paranoid enough to not change my return address. I still don't know what causes these messages.

[ Parent ]
Re: Feedback to the Mothership (none / 0) (#22)
by wb on Fri Jul 07, 2000 at 04:09:11 PM EST

What makes you so sure the browser was trying to connect to Netscape in order to upload information?

Perhaps it was doing some sort of check to check if a new version was available, or it was inadvertently trying to load the Netscape home page. It seems there are plenty of places in the browser you can click which causes this to happen. I'm sick of everyone assuming sinister intentions behind every little quirk of a piece of hardware or software. You know, there are such things as bugs.

[ Parent ]
Re: Feedback to the Mothership (none / 0) (#23)
by Anonymous Hero on Fri Jul 07, 2000 at 05:24:14 PM EST

I don't believe in Sinister, Evil intentions, in the corporate world... But, having been a part of a rather major corporate software company, and seeing how they work, from the inside, I believe that good intentions, and poor forethought, runs rampant.

I have seen products that opened great huge security holes in a network, and even brought them to the company's attention, just to see a laissez faire reaction from management. "We'll fix it in a patch". A patch the customer will have to pay for, of course, because it would be an alien concept to a public corporation like mine to make bugfixes free.

It was this sort of mentality, that caused me to leave the for-profit development world, and do my programming on a nonprofit basis, while working as an admin for a service provider. Too many corporate entities, today, see their clientele in abstract, and do not recognize that their neglectful behavior endangers others.

Posted anonymously, because I don't want to be a witness in some futile lawsuit.

[ Parent ]
Re: Feedback to the Mothership (none / 0) (#26)
by Metrol on Sat Jul 08, 2000 at 10:52:16 AM EST

I honestly don't recall how I came to the conclusion that it was the Netscape domain being called. This was quite a while ago. I do recall that I had the domain name, which similar something.netscape.com. Damn, I wish I could remember how I derived that domain name. Whatever it was, it didn't have any services running on port 80 as I did try to browse to it manually and nothing showed up, even though it had a valid ping.

I can say for certain that I don't know of any version of Netscape that has ever notified me of a new browser version being available, so I doubt it had anything to do with that. I can also say that it was definitely not a call to a browsable web page.

Like I stated, I really don't know what in the heck was going on with it. I didn't have any tools on my NT Workstation to do a packet dump, so I can't say whether it was trying to actually upload something or just work in something to the equivalent of a ping.

My top guess as to what was going on was that Netscape put a little something into play to see how often they're browser was being used. There would be a noticeable data transfer to dump an actual history log to them. Most likely just a wee bit of marketing data being passed across.

The other thing to keep in mind here is that we're talking about Netscape. This is the same company that provided us with a force feed of AOL Instant Messenger on every windows install which then required a registry hack so the damn thing wouldn't start. Though the need for the registry hack has been fixed, these folks still have an install routine which will change the default home page of their chief competing browser, IE. Microsoft may have done a lot of nasty things, but they never altered the operation or settings of Netscape in any way.

We're also talking about AOL here. The same company that the federal government needed to step into so that people could actually unsubscribe from that thing they refer to as a service. The same company that alters the network stack on Windows machines and went about disabling dial up connections that weren't a part of their service.

I'll grant you, what I experienced with that contacting the Netscape business may have just been some oddity or a bug. Thing is, both AOL and Netscape have enough documented and well known offenses as to not trust either. Sure as heck shouldn't be trusting them now that they're one company!

[ Parent ]
Re: Feedback to the Mothership (none / 0) (#25)
by karl_hungus on Sat Jul 08, 2000 at 01:04:46 AM EST

One thing to keep in mind with Netscape (4.7x?) is the quality assurance agent, which attempts to mail GPF details back home so they can pore over them.

OTOH, consider this trip to dictionary.com:

my system:

Windows 98
Netscape Communicator 4.72
MSIE 5.00.2014.0216 40-bit cipher
Norton Antivirus

NPNZDAD.EXE (in windows\system) 2, 0, 0, 12
(N.B.: does not appear in taskbar, system tray, or CTL+ALT+DEL CloseProgram dialog)

excerpted from C:\Program Files\Norton AntiVirus\Activity.log:

allowed.a M The file
tried to write to
C:\My Download Files\tracker.exe.$ P C:\My Download Files\tracker.exe
u Windows S Windows Auto-Protect
V p v a ( t A The action was allowed.a M The file
tried to write to
C:\My Download Files\tracker.exe.$ P C:\My Download Files\tracker.exe
u Windows S Windows Auto-Protect
    V p v a ( t A The action was allowed.a M The file
tried to write to
C:\My Download Files\tracker.exe.$ P C:\My Download Files\tracker.exe
u Windows S Windows Auto-Protect

V p v a ( t a - A The action was not allowed.a M The file
tried to write to
C:\My Download Files\tracker.exe.$ P C:\My Download Files\tracker.exe
u Windows S Windows Auto-Protect z
V p v a ( t c - A The action was not allowed.a M The file
tried to write to
C:\My Download Files\tracker.exe.$ P C:\My Download Files\tracker.exe
u Windows S Windows Auto-Protect

Only 49b made it down; strings tracker.exe yielded only GIF89a

Digging in C:\Windows\Temporary Internet Files\ ...

Excerpted from JavaScript in the cache:

function ahwyaudiobooks() {

<SCRIPT LANGUAGE="JavaScript" SRC="http://ads.admonitor.net/adengine.cgi?F262|1001|1|jscript|C2908|weasel||">

   Then looked for a .js in cache, found this:
document.write("<A HREF=\"http:\/\/ads.admonitor.net\/clicktrack.cgi?F262|1007|1|jscript2|C8017|||_admonitor|1894|9931|http:\/\/click.avenuea.com\/go\/latitude90_onvia926_032900pn_88x31_1\/direct\/01%958625140\" TARGET=\"_admonitor\">");document.write("<IMG SRC=\"http://view.avenuea.com/view/latitude90_onvia926_032900pn_88x31_1/direct/01%958625140\" BORDER=0 HEIGHT=31 WIDTH=88 ALT=\"Onvia.com. Work. Wisely.\"></A>");

WTF? Somebody puts something called tracker.exe on _my_ machine without telling me?

This went thru smartdownload&tm;

[ Parent ]
Re: Feedback to the Mothership (none / 0) (#27)
by Metrol on Sat Jul 08, 2000 at 11:03:03 AM EST

Before I get into replying to the content of your message, I just gotta comment on the string you posted. You really gotta watch putting in a monster string like that without a space in it anywhere. Really goofs up the thread here on kuro5hin.

It seems like there's a mix of apples and oranges here. Netscape doesn't use "Temporary Internet Files" in the Windows directory. That's purely an IE thing. Do you have smartdownload somehow mapped into IE? I don't use it because I found it more of a pain that it was worth.

Additionally, I know about the Feedback Agent, and I can say with a fair degree of certaintity that was not was trying to get out the door. Oh man, now I'm gonna have to waste the rest of the day trying to replicate that problem.

[ Parent ]
Lawsuits pfeh (1.00 / 2) (#20)
by End on Fri Jul 07, 2000 at 02:42:12 PM EST

I cannot think of a more boring, overused topic than lawsuits. I propose we ban all stories having to do with legal/business issues :-P Their impact and relevance are entirely overrated.


Legal protection providing a false sense of securi (none / 0) (#28)
by freakazoid on Mon Jul 10, 2000 at 06:29:42 PM EST

Running code on your computer that nobody has looked at is dangerous. Period. I know I'm preaching to the choir here, but if this is true, why are we still rehashing this very simple and (seemingly) obvious point?

Legal protections regarding what companies can and can't do with their closed code only gives people a false sense of security when they run closed-source software on their machines. We're shooting ourselves in the foot by asking for these sort of protections. After all, companies are going to do whatever they think they can get away with whatever the law says.

So instead of lawsuits and even more legislation, let's focus on educating the community on the dangers of closed source software and the merits of open source software. And if people still insist on running dangerous software, well, IMHO they deserve what they get.

Speaking of which... holy cow, I'm typing this message using closed-source software! Oops. (digging for another browser) but at least it's not running with full access to every aspect of this machine. *ahem*

Smart Download eavesdropping for AOL? | 28 comments (22 topical, 6 editorial, 0 hidden)
Display: Sort:


All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!