Interesting People mailing list archives
IP: More potential spyware...
From: David Farber <dfarber () earthlink net>
Date: Fri, 28 Jun 2002 13:02:08 -0400
-----Original Message----- From: Art Wolinsky <awolinsky () oii org> Date: Fri, 28 Jun 2002 11:47:37 To: dave () farber net Subject: More potential spyware... For IP if approriate... Ever since my experience with Comcast and BroadJump Client and Comcast Support software, I've been reading the licensing agreements of software I install, which is about as much fun as having root canal without Novocain. Today I came across an agreement that might be of interest to anyone who is using Trellix Web Express. Trellix Web Express is a piece of free software that is supplied by some large ISPs their customers who want to build web pages without knowing html. It's not a bad piece of software for the technically challenged, EXCEPT that the price of the "free" software is the installation of spyware. I wanted to evaluate the software for a friend who was considering using it. As I installed it, the first thing I noticed is that it immediately went out to the Internet, somehow bypassing detection by ZoneAlarm. Hmmm... Red flag #1. At the licensing agreement, but I read nothing that raised any more red flags. Maybe I was just being paranoid. I accepted the agreement and the installation continued. It then stopped at a screen requesting personal information (Name, email, age). On the screen was a button for their privacy statement. I clicked on it and was taken to http://www.trellix.com/company/privacy.asp where were an abundance of red flags waving. The opening paragraph began, "As part of helping you build and maintain a great Web site, Trellix Web Express software collects basic usage information and communicates that information to Trellix Corporation. The main use of that information is in general statistical analysis. We do not require that you give us any personal information at all to use the product, however use of our products is governed by the policies put in place by the partners that offer them." I just love the phrase, "however use of our products is governed by the policies put in place by the partners that offer them." English translation... Our software collects information about you that we don't abuse, but that may not be the case of the people who gave it to you. I'll score one small point for Trellix, because the installation software lets you continue even if you don't enter any information in the support registration screen, however the information is still linked to your IP, hence the very small point. After installing the software, I fired it up and was give a number of options including a 20 minute tutorial. I clicked on the tutorial and was told that in order to use it I would have to download and install Trellix Support Software. After the nightmares caused by Comcast Support Software, I opted to live without the tutorial and recommended that my friend live without Trellix Web Express. I don't suggest that Trellix is undertaking any dubious practices, but the software certainly seems capable of lending itself to abuse by third parties who provide their software. This seemingly growing trend of the installation of monitoring software that piggybacks on other software is something that concerns me. With with every installation security is compromised. I don't know what else I can do except to continue to read those entertaining licensing agreements, privacy policies, and remember that there ain't no such thing as a free lunch. ****************************************************************** Art Wolinsky OII Technology Director Big6 Associate http://oii.org http://www.big6.com awolinsky () oii org Web-and-Flow Team (609) 597-9481 ext 337 http://www.web-and-flow.com ****************************************************************** I am perfectly capable of learning from my mistakes. I will surely learn a great deal today. ****************************************************************** For archives see: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- IP: More potential spyware... David Farber (Jun 28)