FC: I-Gear blocking software blacklist cracked and available online

[Declan McCullagh <declan () well com>]

> Date: Wed, 1 Mar 2000 15:05:04 -0600
> From: bennett () peacefire org
> Subject: I-Gear list cracked; privacy violations and error rate
>
> One week after our report on the decryption of X-Stop's blocked site list,
> Peacefire has released a program that can decrypt the list of 437,000 sites
> blocked by I-Gear, another "censorware" program now owned by Symantec.  The
> codebreaker program can be downloaded from:
>         http://peacefire.org/censorware/I-Gear/igdecode/
> (This page also has instructions on how to obtain I-Gear's encrypted list
> without having to download and install I-Gear.)
>
> We performed an experiment similar to our X-Stop test: we extracted student
> pages in the ".edu" domain that were blocked in the "Sex/Acts" category,
> looked at the first 50 URL's that were still working, and found that 76% of
> the blocked pages were obviously errors!  This sounds ridiculously high,
> but I saw the blocked pages myself, otherwise I wouldn't believe it.  The
> list of 50 examined sites is at:
>         http://peacefire.org/censorware/I-Gear/igear-blocked-edu.html
>
> We also discovered that when you install I-Gear, it scans in your real name
> and company name from your computer and uploads this information to
> Symantec.  Not the "real name" that you give the program during the
> registration process -- your actual real name that you used to register
> your copy of Windows.  (This is the name that shows up on the "General" tab
> of the System applet in Control Panel.)  Symantec's privacy policy, on the
> other hand, states:
>
> http://www.symantec.com/legal/privacy.html
>         "The choice of how much personally identifiable information
>         you disclose to Symantec is completely at your discretion."
>
> Again, we believe these discoveries will bear on the ongoing debate over
> the Digital Millennium Copyright Act, UCITA (the law strengthening the
> force of draconian "license agreements" that prohibit users from examining
> products by reverse engineering) and the DVD codebreaking court cases.
> Reverse engineering I-Gear and decrypting the list was the *only* way to
> obtain a reliable figure for the error rate of their product, rather than
> just coming up with a list of blocked sites.  Even the discovery that
> I-Gear retrieves and uploads your real name to the manufacturer, was
> discovered through reverse engineering.  If such reverse engineering
> becomes illegal, it will become very difficult for third parties to
> criticize software in general, other than the user interface and other
> aspects that are visible without "looking under the hood".
>
>         -Bennett
>
> bennett () peacefire org     http://www.peacefire.org
> (425) 649 9024

--------------------------------------------------------------------------
POLITECH -- the moderated mailing list of politics and technology
To subscribe: send a message to majordomo () vorlon mit edu with this text:
subscribe politech
More information is at http://www.well.com/~declan/politech/
--------------------------------------------------------------------------