Malwares Software that hiddendly corrupts, checks or modifies your data
Malwares
Version May 2000
RealNetworks Returns: The "Spy" in "Download Demon"
by Lauren WeinsteinOriginally @ http://www.pfir.org
(see also http://www.vortex.com) ~ published @ searchlores in May 2000
"But take care when you find your appz,
or you'll not gain your just rewardz,
your quest will all have been in vain,
and you will have to start again"
Ancient websearchers' rhime
Subject: RealNetworks Returns: The "Spy" in "Download Demon"
Greetings. You'd think they'd have learned by now. After their public
relations snafus with the Globally Unique Identifier in their RealPlayer
product, and concerns over information being transmitted to Real by their
RealJukebox package, one would have hoped that they'd figured out how folks
feel about their activities being monitored, even when the monitoring is
theoretically anonymous. After all, RealNetworks, Inc.
(http://www.real.com) takes pains to mention that they're a member of the
Online Privacy Alliance, whose stated aim is to "... create an environment
of trust and foster the protection of individuals' privacy online."
But it's hard not to mutter some choice expletives under your breath upon
learning the details of RealNetwork's latest heavily-promoted goodie from
their Netzip, Inc. (http://www.netzip.com) subsidiary--the "Download Demon"
package. Actually, Real should win the "honesty in product naming" award for
this one--"demon" seems to be a particularly apt description.
You may already have stumbled across this little surprise on your system.
I found it apparently bundled in with other downloads I had made from
RealNetworks. The Download Demon attempts to automate various file
downloading functions, to permit downloads to be interrupted and later
resumed, plus other related functionality. It attracted my attention since
it had silently linked itself into my Web browsers to take over all
downloading operations--*without* my having taken any specific actions to
install or enable it--and my system was hanging in the course of various
downloads! I removed it with some difficulty. Only later did I discover
the much less obvious "feature" of the Download Demon--for all files you
download, from *any* sites, the Demon sends details (e.g. file names and
URLs) to RealNetworks/Netzip! Surprise!
I'll give them some credit--at least this is all spelled out in their
privacy policy (http://www.netzip.com/about/privacy.html). Of course, this
assumes that you thought to even bother reading a privacy policy for a
"simple" downloading package, or had the time to plow through the entire
lengthy document (which of course is subject to change at any time).
A handy attorney to help you analyze the policy might also be useful.
Real makes the usual "you can trust us" sorts of boilerplate statements.
They say that they don't store your Internet IP addresses in tandem with the
data that they record about what you download. They claim that it's all
"anonymous" and that they don't link in personally identifiable
information. The stated purpose for the flow of information about your
detailed downloading activities is to target the ads in the "free" version
of the Download Demon software, and for (here it comes) "aggregate,
anonymous statistical analysis" purposes. There is no suggestion that this
data flow ceases if a user upgrades the product by paying for registration
(to turn off the ads).
This whole area of commercial monitoring of Internet user activity in various
ways, both in "free" and non-free software, is a gigantic growth industry,
largely fueled by the absence of even basic legislation to provide consumers
with specific rights in this regard. Such software packages may entangle
themselves into users' systems in manners that are difficult to notice,
understand, control, or remove. The ongoing controversy over the technology
used by Radiate, Inc.--formerly Aureate Media (http://www.radiate.com) to
track various aspects of users' behavior in many popular "freeware" software
packages is a case in point.
The "trust us, it's anonymous, you have nothing to be concerned about"
philosophy expounded in so many complex commercial privacy policies might
satisfy Alfred E. Neuman ("What, me worry?") of "Mad Magazine" fame, but
seems increasingly inadequate for the rest of us.
As far as the "Download Demon" is concerned, if you feel that it's
RealNetwork's business to know the details of your file downloads from
whatever sites you visit, by all means continue to use it. If not, you may
want to consider trying to remove it (in the MS Windows case, via the Windows
Add/Remove Programs controls), and take care that it isn't automatically
installed again in the course of some other software installations. You
might also wish to consider dropping a note to privacy@netzip.com letting
them know how you feel about these issues, pro or con.
To many firms, the Web has become the vehicle for all manner of invasive
systems and policies which few of us would tolerate in the routine,
"non-computer" aspects of our lives. It's up to you to decide whether or
not you wish to passively play along with the salacious circus of
software spies.
--Lauren--
Lauren Weinstein
lauren@pfir.org or lauren@vortex.com