|
Computer Privacy Digest Vol 2 #015
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
Computer Privacy Digest Sat, 06 Feb 93 Volume 2 : Issue: 015
Today's Topics: Moderator: Dennis G. Rears
Long Articles
Op-ed piece on telephone Caller ID (CNID)
Detecting Piracy (I and II)
Prodigy class action suit (fwd)
Prodigy is Stealing your data. NOT.
Re: Prodigy class action suit
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
[email protected] and administrative requests to
[email protected].
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
Date: Sat, 6 Feb 93 16:26:22 EST
From: Computer Privacy List Moderator <[email protected]>
Subject: Long Articles
In the last digest, I published a rather long article (1000+) lines.
I had actually separated it into three articles but by mistake I placed
the long article in the digest as opposed to publishing it in three
articles as was my intent. I generally like keeping the digest down to
between 20,000 to 25,000 bytes long due to some mailers rejecting the
mail as to big.
The question I have for the readership is how I should handle long
messages (>300 lines). These are the options:
1) Do not publish it but announce it and make it available via
FTP.
2) Publish it as a single digest.
3) Send it back to the originator and have him/her break it up.
I will not publish the responses I get back but will summarize them.
Thanks in advance for you opinions.
dennis
------------------------------
From: [email protected]
Subject: Op-ed piece on telephone Caller ID (CNID)
Date: 1 Feb 93 20:36:31 GMT
Organization: University of Saskatchewan
This is how I think CNID (Calling Number ID) should be handled:
1. Free per-line blocking to those who were paying for unlisted numbers.
(But no hike in fee because person expected NO publishing...)
2. Free per-line blocking to those who want unlisted numbers now that
CNID is available.
3. Per-call blocking to anyone, for a fee. [Shelters, etc. could be
exempted]
Reasoning:
For 1. there was an implied (and probably expressed) promise of non-publication
of the number. The person wanted privacy and it should continue with NO
fee increase. The service given previously should be grandfathered.
For 2. there could be a fee hick because now a person knows they are paying
for per-line blocking as well as non-publishing. (IMHO, charging for
UNlisting is a bit odd, but...)
For 3. Times change. There was never any promise of anonymity, expressed
or implied, by the service provider. CNID has been available for years as
ANI to 800, 900, and other similar service subscribers. I should be
able to get the same info for a fee.
CNID v. DOOR (with window or peephole):
I have the PRIVILEDGE of finding out who is at my door if I install a
peephole or window. YOU have a right to wear a bag over your head. I
have the right to not answer my door. Even if I see who is at my door,
(assuming no bag...) I still don't have a name and/or address; I do
know what the person looks like.
CNID doesn't tell me the name. But it sure narrows it down.
CNID is especially handy for second-time callers.
SUMMARY:
This whole fuss over CNID would not be occurring if CNID had been available
from Day 1. It is only a problem because most of us got used to being
"anonymous callers". Of course it changes things. Any new service makes
things different. Answering machines made it possbile to screen calls.
CNID enhances this. The caller does not have to be subjected to your
outgoing message first.
Just my $1.53 (expressed in 1993 dollars and adjusted for inflation
and appreciation). No one else's opinions are expressed or implied.
sa
--
[email protected] no nifty .sig
For every problem there is a solution which is simple, obvious, and wrong"
--Albert Einstein
------------------------------
Date: Wed, 3 Feb 1993 14:37:10 -0500 (EST)
From: Eugene Levine <[email protected]>
Subject: Detecting Piracy (I and II)
This morning's Boston Globe (2/3/93) carried a story about the local
cable company's newest twist on detecting unauthorized use of their
programming. They offered a "free" T shirt to people who watched an
ad which could -according to the company- only be seen on television
sets receiving signals without paying for them.
Two hours later, I received the note below (which seems to have been
inspired by the same spirit).
Gene Levine
[email protected]
[Moderator's Note: I stripped off about 50 lines of forwarded mail
headers. This was in this morning's risks digest. ._dennis]
COMPUTER CHEATS TAKE CADSOFT'S BAIT
Employees of IBM, Philips, the German federal interior ministry and the
federal office for the protection of the constitution are among those who
unwittingly 'turned themselves in' when a German computer software company
resorted to an undercover strategy to find out who was using illegal copies
of one of its programs.
Hundreds of customers accepted Cadsoft's offer of a free demonstration
program that, unknown to them, searched their computer hard disks for il-
legal copies. Where the search was successful, a message appeared on the
monitor screen inviting the customer to print out and return a voucher for a
free handbook of the latest version of the program. However, instead of a
handbook the users received a letter from the Bavarian-based software com-
pany's lawyers.
Since the demonstration program was distributed last June about 400 people
have returned the voucher, which contained coded information about the
type of computer and the version of the illegally copied Cadsoft program
being used. Cadsoft is now seeking damages of at least DM6,000 (ECU3,06E2)
each from the illegal users.
Cadsoft's tactics are justified by manager Rudolf Hofer as a necessary
defence against pirate copying. The company had experienced a 30% drop
since 1991 in sales of its successful Eagle design program, which retails
at DM2,998. In contrast, demand for a DM25 demo version, which Cadsoft
offered with the handbook of the full version, had jumped, indicating that
people were acquiring the program from other sources.
Although Cadsoft devised its plan with the help of lawyers, doubts
have been raised about the legal acceptability of this type of
computer detective work.
In the case of government offices there is concern about data
protection and official secrets. The search program may also have had
side-effects that caused other files to be damaged or lost. Cadsoft
is therefore preparing itself for what could be a long legal battle
with some customers. So far it has reached out-of-court agreement
with only about a quarter of those who incriminated themselves.
*****************************************************************
* Brian Markey Internet: [email protected] *
* Siemens Nixdorf USENET: [email protected] *
* Research & Development Division *
* 200 Wheeler Road # 435 TEL: [usa](617)273-0480 X 3438 *
* Burlington, MA 01803 FAX: [usa](617)221-0236 *
*****************************************************************
- ----- End of forwarded message -----
------------------------------
From: "J. Philip Miller" <[email protected]>
Subject: Prodigy class action suit (fwd)
Date: Wed, 3 Feb 1993 20:45:42 -0600 (CST)
Forwarded message:
>
> Attached is a text article receivedfrom a local BBS. I apologize if this is
> not the way to send such material to a moderated list, and would appreciate
> information about how to do this properly (I've only been using the
> Internet for two months, and am still in need of nurturing advice on
> netiguette.
> --Gene Levine
> [email protected]
>
> [Moderator's Note: I got this a while ago. I had misfiled it. ._dennis ]
>
>
Well I am surprised that the moderator let this be posted at all. This was
discussed on the net over a year ago. My recollection of it all was that the
problem with the Prodigy software was that it allocated large scratch files
without initializing the entire disk area. Thus information which was already
on the disk, in the form of "deleted" or "replaced" files was now in the area
of the newly allocated disk file. A number of the technically sophisticated
folks put monitors on the actual traffic going out from their PC's to Prodigy
and there was never any evidence that any of the information was
inappropriately being sent.
What is probably important for the charter of this group is the reminder that
just deleting a file from a disk (or creating a new version of it), does not
remove the information which had been in that file from the physical disk. A
large number of utilities can read every disk sector, whether it is part of a
file or not. Newly allocated files can contain information that had been
previously written on the disk. If you have sensitive information on your
disk, you need to be very careful.
I cannot tell you how often I see folks give me a file on a floppy which they
have previously used to store confidential information. It is really
upsetting when folks think that just because they do not see anything with
their regular DOS commands, then it is not there at all.
All of the information above relates to using just the ordinary tools that are
there with a few utilities. More sophisticated electronics can recover
information which has even been written over by highly sensitive analysis of
the magnetic fields.
Despite all of this, none of the allegations about Prodigy with respect to
their uploading of inappropriate information from a users PC were ever
substantiated and there was a lot of data to say they were not doing it
(note, the statement was that they WERE NOT doing it, not that they COULD NOT
do it).
-phil
--
J. Philip Miller, Professor, Division of Biostatistics, Box 8067
Washington University Medical School, St. Louis MO 63110
[email protected] - (314) 362-3617 [362-2694(FAX)]
------------------------------
Date: Thu, 4 Feb 1993 03:16:47 -0500 (EST)
From: Paul Robinson <[email protected]>
Subject: Prodigy is Stealing your data. NOT.
The 'Prodigy is Stealing Your Data' story is another 'Urban Legend' on the
order of the 'FCC Modem Tax', the 'FCC to Ban Religious Broadcasting' and
the infamous libelous 'Chairman of Procter and Gamble declared himself a
member of a Satanic Cult on a Sunday Phil Donohue show' stories that
pop up every so often due to ignorance, misunderstanding, hatred or plain
slow communications channels.
This incident has been thoroughly researched and found to be untrue. As I
haven't heard the story in about 2 years, I'll have to explain what
was answered.
1. File data found on disk in STAGE.DAT
When MS Dos is requested to open a file, it simply picks, in order,
enough clusters to satisfy the request, and hands the user the
first block as well as an index in the fat table to the blocks that
are used to satisfy that request. Whatever was there when a file
was deleted, is still there waiting for someone to 'file surf' and
get the contents. MS Dos does not expunge disk space, so if you
make a request for a block of 1 million bytes of disk space, the
operating system will give you 1,000 blocks of 1K or some combination
thereof. This gives you 1,000 places to look at.
This practice of 'disk surfing' is so common in mainframe computing
circles that some systems automatically simulate reads on blocks in
files that have never been written when opened, by returning binary 0.
I've done it myself, for non-malicious purposes. I issued a request
for a temporary scratch file on a pack and had the analysis program I
wrote scan it. (I was practicing with the FORTRAN random file
capability.) In one try I got routine, dull data. Another try got me
the entire password file for the computer system including priveleged
accounts: I logged onto one of the accounts I knew was priveleged to
see if the password I had was valid, and it was. (This was before
such an act was illegal.) I logged off fast as I did not, for obvious
reasons, want to be caught in it. I never used the information
otherwise, but I could have.
The fact is that programs routinely scatter temporary files all over
the place. If the temporary file is where Prodigy grabs a disk, it's
going to have that information.
2. Prodigy is sending your data up to them.
You don't have an external modem (most likely) or you don't know
how to read it. The vast majority of reports indicate that the
Receive light is almost constantly on and the transmit light almost
never except during the rare times you type something.
3. Your hard disk data is on a floppy disk.
MS DOS has buffers to hold data it reads. Directories have to be
read off disk. When MSDOS creates a file by opening it, it assigns
a buffer to that file. If the file was simply opened and extended,
the operating system will probably write the buffer out to disk when
it is closed since MS DOS does not know that the buffer is unchanged.
A user did a test to check this out.
1. He installed a virus detector that checked for disk activity. The
only files that Prodigy was changing were its own files including
STAGE.DAT. It was not accessing other files.
2. He created a totally clean install on floppy by shutting the machine
off to clear the memory, then installed without ever accessing the
hard disk. Prodigy never accessed the hard disk on the floppy install.
In short, this is an old, inaccurate rumor spread by mistrust and ignorance.
I have no particular love for Prodigy, but bad as the system is in terms
of the stunts they have pulled (cancelling accounts for opinions not
liked, etc.) and the slothfulness of their system, it doesn't deserve
this sort of treatment.
Beyond that is the question of why two major companies, Sears and IBM,
both of which, (despite recent problems) have generally had impeccable
customer service records, would stoop to the worst kind of Felony
criminal activity? That doesn't make much sense.
---
Paul Robinson -- [email protected]
------------------------------
Reply-To: John Higdon <[email protected]>
From: John Higdon <john%[email protected]>
Date: Wed, 3 Feb 1993 19:21:48 PST
Organization: Green Hills and Cows
Subject: Re: Prodigy class action suit
Eugene Levine <[email protected]> writes:
> TO: All MSG # 9603, May-8-91 1:56am
^^^^^^^^
This 'stage.dat' garbage is a year and a half old! I thought this had
all been put to bed once and for all. My only suggestion is that anyone
who is sufficiently parnoid to get lathered by this nonsense should
visit the local technology bookstore and buy some books about DOS and
how it works. Once he REALLY understands the inner workings of DOS and
how it handles and allocates disk space, he will move on to other
worries.
I snored through this the FIRST time it came around.
> The Los Angeles County D.A's Office made known that it is considering
> additional charges against Prodigy, a computer information service oper-
> ated by Sears Roebuck & Co and IBM.
Not even the LA County DA is lame enough to continue to whip this dead
horse.
Dennis, I'm surprised at you. Was it a slow digest day?
[Moderator's Note: No. I've been really busy at work, training for
the LA Marathon, and extremely busy at home. I have let things
slide lately that I should not have. This and the thread on radar
detectors and speed limits are good examples.
I stopped published digests just for the sake of publishing digest many
moons ago. There will be less digests in the future but there will be a
greater signal to noise ratio. ._dennis ]
--
John Higdon | P. O. Box 7648 | +1 408 264 4115 | FAX:
[email protected] | San Jose, CA 95150 | 10288 0 700 FOR-A-MOO | +1 408 264 4407
------------------------------
End of Computer Privacy Digest V2 #015
******************************
|
|
