Cookies Are Only The Beginning
We've become acclimatized to the idea of cookies as privacy invasion. We, as a group, have come to understand that each time a website tags us with one of these persistent suckers, we may be allowing them to form an idea of our spending and viewing habits.
Some people, like myself, have taken the step of installing programs like IDcide, which prevent the kinds of cookies most often used by tracking networks like DoubleClick. I kicked back, secure in the knowledge that if I cruise around looking at "www.dccomics.com" I wasn't going to see Batman ads on every webpage and in my mailbox.
Unfortunately, it's not simply a matter of one form of privacy loss any more. A company that is now known as Radiate has taken away yet more of our rapidly receding privacy. They are the creators of an ad system that opens a hidden browser window and, without your knowledge or consent, steadily downloads a stream of ads that it stores for the 'adware' products it supports. This hidden window 'piggybacks' on your connection, which allows it to bypass your firewalls as you enter your password. There are over 400 adware programs that use Radiate (formerly Aureate). They have been blamed with everything from hacking your registry to find your real name to sending the company a list of all programs installed on your computer.
While both of those are not true, this is: When these adware applications are removed, the Radiate components continue on, hidden, stealing your bandwidth. If this was not bad enough, the ad software was created to allow them to update itself at any time. Without your knowledge, they can upload and run any executable. Even worse, with the proper spoofing mechanisms, anyone can do this as long as you have their program installed, and at least 22 million of their packages already have. In the midst of all this, they have the capability to collect very specific information about you. They deny using your IP address or any further information to target you currently, but their Privacy Statement makes no mention of what they may do in the future.
Radiate denies anything beyond basic voluntary information is being served to them.
"We do NOT alter the users' web browser. A component of our ad system is activated when the anonymous user opens their browser. This component is activated to deliver advertisements to a cache on the users' computer. The software applications in our network will pull ads from this cache when they are running. The use of this cache allows us to deliver ads to applications which may not be run while the user is online (such as a game that is played offline), but which the user can still receive for free or at a discounted rate because of the advertising support. Our license agreement specifies this and informs the user that our technology will connect to the Internet ubiquitously in order to transfer advertising information and software updates."
The key to this statement is the word ubiquitously. Meaning that they will connect to their own servers from your computer on a steady, constant basis.They do, however, admit to one charge :
"Advert.dll creates a process anytime your browser is open. This is true. This process delivers advertisements to a cache on the users PC which are displayed while the software is being run. This works in a similar way to how the browser works, with content and images (including ads) being delivered to a cache on the users PC and then are displayed in the browser window."
This meaning that at all times your bandwidth may be reduced and, if claims of crashing are true, your system may be less stable because of their system, by their own admission.
Interestingly enough, there is the goofy "show me the money" statement lodged in the offending code. Radiate somehow thinks the've dodged this obvious flaw with a statement of how text strings work in a dll:
"Advert.dll contains the string "Show me the money! I want to be Mike!" This is true. It's a text string used by the DLL. DLLs contain many text strings which are used by the DLL itself. For example, if a particular program displayed a window which contained the text "Hello World", then the "Hello World" text string would be present inside that DLL."
Network Assoc. - Mcafee denies, specifically, that it is a trojan horse:
"There is no basis to substantiate the claim or accusation and is therefore false."
Few articles mention that just because the most frightening details are false does not mean that aureate isn't being unethical in their backchannel work. The Opt-out website, run by Steve Gibson, does an admirably detailed job of explaining exactly why Aureate/Radiate is still a problem.
"Aureate deserved - and continues to deserve today - the "Spyware" moniker not (apparently) because it is sending sensitive personal data out of the user's computer, but because it deliberately slips into the user's system secretly, uses the user's Internet backchannel without the user's knowledge or permission, takes pains to remain secretly installed (instructing its hosting software to leave it installed upon the host's removal), masks its presence by deliberately suspending its use of the backchannel in the absence of keyboard or mouse activity and fails to disclose any of this to the typical user who is never fully informed about what's going on. When you add to this the fact that the Aureate software has been conclusively found to be directly responsible for significant Windows system and Internet browser crashes, and that it is able to secretly download and cause Windows to execute any arbitrary program into the unsuspecting user's computer, it is indeed difficult to cut these people much slack."
Check out, specifically, the "Code of Backchannel Compliance" chart they've shown.
"As if that weren't sufficient cause for alarm, this Trojan Horse spyware - for that's what it surely must be called - is trivial to "redirect" so that instead of phoning home to one of Aureate's servers, it connects to any other arbitrary server on the Internet. It establishes a connection between that unknown server and your computer, sliding right through whatever corporate or personal firewalls you or your employer may have erected (because it functions as a browser parasite which hijacks your browser's Internet usage permissions). Then it awaits further instructions . . . which we now know at least include "here's an executable file, download and run it please.""
"...any malicious hacker who wishes can trivially duplicate the work I did. And, once done, they don't even need to scan the Internet looking for Aureate Trojans . . . since any redirected Aureate Trojans WILL CALL THEM! and await instructions the next time the unsuspecting user browses the Internet!"
Cheer up! Check out Simtel's policy, as listed on grc.com:
"Effective immediately Simtel Management Policy is that any Adware program that continues to run when applications that use it are not running will be banned from the collections. Authors who submit Adware must state that this will not occur. The Adware servers have no right to use the user's bandwidth to download ads while they are running programs that do not use the ads. In my opinion they are stealing the user's bandwidth when this occurs."
With the news from privacy advocate channels that RealNetworks' subsidiary Netzip has created an aptly named program called Download Demon that sends the name and location of each file you download back to the company, it is obvious that we have allowed inspiration to strike those who wish to profit on our private thoughts. Who knows how many software packages are being used this very moment that intentionally hide some kind of snooping capability? When you find a roach on your floor, you can guarantee a dozen more behind the wall.
Companies like these are making their fortune creating what is essentially malicious code. It's obvious at this point that cookies are merely the naive precursor to a much more invasive version of data mining.
Visit Opt-Out to download the Aureate/Radiate Spykiller.
Visit IDcide to download the Doublclick Network cookie blocker.
Take an active role in the preservation of your own privacy.