Vulnerability Development mailing list archives
Aureate Software
From: sincity_mark () INAME COM (Mark L. Jackson)
Date: Tue, 7 Mar 2000 07:18:58 -0800
Thanks for the response Ernesto, but I disagree with you on some points. Quote from the page you sent: Aureate Media can target users in a variety of ways based on usage habits, software category, etc., but the biggest value is added in user-supplied demographics. My response: PLEASE NOTE: ***USAGE HABITS***, and ***VARIETY OF WAYS****. Their is only one way to collect usage statistics, track the places you go to ala Comet Cursor or Double Click. They talk about this on ALL 4 pages of the " how_we_target_ " pages. Filling in a questionnaire is not usage tracking (as I see it), it also does not require the sending of info to the dev or Aureate media after the original install. Nor does it require a .dll or registry manipulation. Ernesto said: The info it sends back is just a survey you CAN fill in (you have the choice given to do this or not). My Response: If that is true then why when you disable the advert.dll does the program (i.e. CuteFTP) not work anymore. Why is it there in the first place? I have talked to several CuteFTP users and they do not remember seeing anything about collections of data *AFTER* installation. They found out what was going on when they installed ZoneAlarm or went on their networks at work, and were questioned about the outgoing packets. Packets they knew nothing about. That is why I wanted to hear from people who have *seen* the system in use, and who are not beholden to the company that created the software. I do not care what the company line is. Microsoft, DoubleClick, Amazon, Comet Cursor all say they are concerned with our privacy, none have proven it with their actions. Needless to say I am a *lot* wary. Ernesto said: One could do this to any system .dll My response: I know this. That is why I brought it up. This one comes ready made with possibly dangerous internals, installed with a 'trusted program'. Granted installing a TCP/IP stack can be considered dangerous, but then again I know what is going on there. I also chose to install it. Ernesto said: and "how it works" isn't so dramatic, just TCP/IP communication, My response: I am fully aware of the protocol used to communicate. What I am not aware of is how it actually functions. Ernesto said: you don't need to backwards engineer advert.dll to see how it works. My response: People are 'seeing' it work. The problem, as I see it is that you do not know what it is sending, nor to whom it is sending this info or whatever it sends. If I design a .dll (done this) I can watch it work till I am blue in the face. Only problem is I have to know how to make it jump. Don't know how with this little bad boy. So I need to know what is inside. Ernesto says: As Aureate states, they only send ONE time information from your PC to their networks, and this is when you fill in the short survey and agree to participate. My response: I saw this nowhere on the web pages. They say they track usage statistics (check the link you sent, stated on every page. the first paragraph). You can not do this on a one time basis. If they only send on a one time basis then why does the *PROGRAM* have to be installed and registered? That to me is an app that will be used over and over again. Not a one time process. I do not need to have a .dll, and register my app for a one time shot. In conclusion: Maybe this software is trustable, I don't know. Seems to me that if someone had dropped this on your system with out installing it with a known package it would be called a trojan. I really do not see the reason to call this anything else. Like to know what others think.
Current thread:
- ALLADVANTAGE Privacy Concern Derek Reynolds (Mar 05)
- Re: ALLADVANTAGE Privacy Concern Eric Hacker, Cybershaman (Mar 06)
- Windows NTLMv2 dictionary attacks. Eric Hacker, Cybershaman (Mar 06)
- (no subject) Mark L. Jackson (Mar 06)
- (no subject) Ernesto Baschny (Mar 07)
- Aureate Software Mark L. Jackson (Mar 07)
- Re: Aureate Software Brad Griffin (Mar 08)
- Retraction of last post Brad Griffin (Mar 07)
- (no subject) Ernesto Baschny (Mar 07)
- (no subject) John Flux (Mar 07)
- <Possible follow-ups>
- Re: ALLADVANTAGE Privacy Concern Vanna P. Rella (Mar 06)
- Re: ALLADVANTAGE Privacy Concern Christian Hampson (Mar 06)