FC: More on Microsoft products tracking users

[Declan McCullagh <declan () well com>]

************

> From: "D Whitehorn-Umphres" <dawumail () progarts com>
> To: <declan () well com>, <rms () privacyfoundation org>
> Subject: RE: Microsoft Word and Excel track users, invade privacy
> Date: Thu, 31 Aug 2000 16:01:28 -0600
> X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
> Importance: Normal
>
> Great. And then *their* demo violates your privacy by posting your
> hostname/IP address, along with a list of the previous nine visitors, to the
> demo page site.
>
> -D Whitehorn-Umphres


************

> From: "Richard M. Smith" <rms () privacyfoundation org>
> To: "D Whitehorn-Umphres" <dawumail () progarts com>, <declan () well com>
> Cc: "Richard M. Smith" <rms () privacyfoundation org>
> Subject: RE: Microsoft Word and Excel track users, invade privacy
> Date: Thu, 31 Aug 2000 18:10:14 -0400
> X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
> Importance: Normal
>
> We are now fixing the demo to remove this issue.
> Thanks.
>
> Richard


************

From: "Jonathan Zuck" <jzuck () actonline org>
> To: <declan () well com>
> Subject: RE: Microsoft Word and Excel track users, invade privacy
> Date: Wed, 30 Aug 2000 14:47:41 -0400
> X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
> Importance: Normal
>
> Of course the other side of this is that people might actually want to place
> an IMG tag in a document for legitimate reasons and there's no way for the
> software to distinquish them.

************

> Date: Thu, 31 Aug 2000 10:49:29 -0400
> From: "H. Morrow Long" <morrow.long () yale edu>
> Organization: Yale Univ. ITS Information Security
> X-Mailer: Mozilla 4.75 [en] (WinNT; U)
> X-Accept-Language: en
> To: eoghan.casey () yale edu
> CC: information.security () yale edu, aimee.kanzler () yale edu, declan () well com,
>         rms () privacyfoundation org, daniel.updegrove () yale edu
> Subject: Re: [Fwd: FC: Microsoft Word and Excel track users, invade 
> privacy](fwd)
>
> > Declan McCullagh wrote:
> > > [This is a good reason not to use Microsoft Word or other snoopable
> > > software. I wonder if there's a way to turn this off (short of
> > > unplugging your network connection), or if not, whether Microsoft will
> > > release a fix for those of us who aren't thrilled about this feature. 
> --Declan]
>
>
> Declan -- One way to block applications (esp. some of the new 'spyware' 
> software --
>           freeware or shareware which may report information back to various
>           marketing research firms) from opening up network connections 
> back across
>           the Internet is to run a personal firewall product which can 
> block outgoing
>           network connections opened by applications.
>
>           ZoneLabs ZoneAlarm personal PC firewall is one such product and 
> has been
>           free for personal use ( www.zonelabs.com ).  I have nothing to 
> do with the
>           product other than having evaluated it.
>
>           I tested out the demo MS Word doc with 'webbugs' and ZoneAlarms 
> did indeed
>           'trap' the outgoing connections to the web, temporarily blocked 
> them and
>           popped up a dialog box asking me if I wanted to allow MS Word 
> to open a
>           connection to the Internet.  I clicked on no.  ZoneAlarm then 
> asked if I
>           would allow MS Word to open up a connection on the local 
> intranet network
>           (e.g. to do a DNS lookup against a local server).  I said 
> no.  It worked.
>
>           There are probably other personal PC firewall products which 
> can block
>           (conditionally or unconditionally) network connections from 
> being opened
>           by local applications to Internet sites.  However most of these 
> products
>           generally concentrate on blocking incoming network connections 
> & packets.
>           Some privacy minded individuals would likely be interested in a 
> survey of
>           such products (in addition to products such as 
> privacy-protecting local PC
>           web browser proxies, etc).
>
> - H. Morrow Long
>   University Information Security Officer
>   Yale University, ITS, Dir. InfoSec Office

**************

> From: "Jay Holovacs" <holovacs () idt net>
> To: <declan () well com>, <politech () politechbot com>
> Cc: <rms () privacyfoundation org>
> Subject: Re: Microsoft Word and Excel track users, invade privacy
> Date: Wed, 30 Aug 2000 15:00:48 -0400
> X-Mailer: Microsoft Outlook Express 5.00.2615.200
>
> This calling back, and text source traceablility aspect was a 'feature' of
> Ted Nelson's Xanadu.
>
> It's a good idea to pass stuff thru a pure ASCII file before pasting or
> redistributing.
>
> jay

************

> From: terry.s () juno com
> To: declan () well com
> Cc: rms () privacyfoundation org
> Date: Wed, 30 Aug 2000 17:49:41 -0400
> Subject: Re: FC: Microsoft Word and Excel track users, invade privacy
> X-Mailer: Juno 4.0.11
>
> Hi Declan!
>
> On Wed, 30 Aug 2000 14:47:01 -0400 Declan McCullagh <declan () well com>
> writes:
> > [This is a good reason not to use Microsoft Word or other snoopable
> > software. I wonder if there's a way to turn this off (short of
> > unplugging your network connection), or if not, whether Microsoft
> > will release a fix for those of us who aren't thrilled about this
> > feature. --Declan]
>
> Yes, sort of, subject to annoyance.
>
> McAfee Guard Dog, a program I dislike because of poor hook modules that
> conflict with HP & Lexmark printer drivers and some other software, did
> very well catching outbound connection attempts by Word or Excel, and
> prompting to manually allow or block a net connect.
>
> Pre-Norton AtGuard 3.22 caught the connect attempts, but didn't do as
> well catching outbound links before they polled for the embedded images.
>
>
> I've got the ZoneAlarm, Conseal, and McAfee firewalls on other machines
> not yet tested, and Black Ice on an associate's machine.  ZoneAlarm I'd
> guess would catch this well, based on its focus of trapping unauthorized
> outbound data.  Guard Dog's alert messages (unlike protocol/rule based
> firewall user interfaces) are almost simple enough for office worker
> types to manage, if they had a clue about the larger issues.
>
> I sometimes see Windows Explorer being blocked from a supposed net
> connect attempt during Win98 bootups.  It might be interesting to do some
> sniffing to see if it's trying to send unauthorized data for real, or if
> it just has typical uSoft design flaws such that it can false trigger a
> firewall.
>
> As Richard's alert stated, it's not practical to block Office modules
> from being able to link to URLs to gather embedded images.  It seems that
> a firewall with outbound data blocking which defaults to no connects by
> Office (or most other) applications, but allows per-attempt manual enable
> when attempted, is about the only real way to control this.  Of course
> that assumes informed users, and a default that files from untrusted
> sources shouldn't be allowed to open external links.
>
>
> Terry


************

> X-Sender: jda-ir () pop njcc com
> X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58
> Date: Wed, 30 Aug 2000 22:30:06 -0700
> To: declan () well com
> From: "J.D. Abolins" <jda-ir () njcc com>
> Subject: Re: FC: Microsoft Word and Excel track users, invade privacy
> Cc: rms () privacyfoundation org
>
> Declan and Mr. Smith,
>
> FWIW: In testing the Web bugged Office docs via a paid Anonymizer account, 
> I found that the documents were able to see my real IP address. Didn't 
> surprise me because I know that one trick to blowing Anonymizer and 
> similar services' cover is to get something on the user's system that does 
> direct communications with the site. Apparently, that's another extension 
> of the risks presented by Web bugged Office documents.
>
> Scenario: Somebody is using an anon remailer or other identity hiding 
> resource. The investigator wanting to know who this anon ID is puts out a 
> Web bugged document so that it goes back to the anon user. The bug phones 
> home and the anon cover is blown. Possible to make links to other 
> activities from that anon ID. If these methods were around a few years 
> ago, perhaps the CoS incursion on anon.penet.fi would have taken this 
> route instead using manipulations to get the Finnish police to do the 
> dirty work.
>
> J.D. Abolins




-------------------------------------------------------------------------
POLITECH -- the moderated mailing list of politics and technology
You may redistribute this message freely if it remains intact.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------