Date: Sat, 06 Feb 93 16:34:47 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V2#015 Computer Privacy Digest Sat, 06 Feb 93 Volume 2 : Issue: 015 Today's Topics: Moderator: Dennis G. Rears Long Articles Op-ed piece on telephone Caller ID (CNID) Detecting Piracy (I and II) Prodigy class action suit (fwd) Prodigy is Stealing your data. NOT. Re: Prodigy class action suit The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- Date: Sat, 6 Feb 93 16:26:22 EST From: Computer Privacy List Moderator Subject: Long Articles In the last digest, I published a rather long article (1000+) lines. I had actually separated it into three articles but by mistake I placed the long article in the digest as opposed to publishing it in three articles as was my intent. I generally like keeping the digest down to between 20,000 to 25,000 bytes long due to some mailers rejecting the mail as to big. The question I have for the readership is how I should handle long messages (>300 lines). These are the options: 1) Do not publish it but announce it and make it available via FTP. 2) Publish it as a single digest. 3) Send it back to the originator and have him/her break it up. I will not publish the responses I get back but will summarize them. Thanks in advance for you opinions. dennis ------------------------------ From: skeeter@skatter.usask.ca Subject: Op-ed piece on telephone Caller ID (CNID) Date: 1 Feb 93 20:36:31 GMT Organization: University of Saskatchewan This is how I think CNID (Calling Number ID) should be handled: 1. Free per-line blocking to those who were paying for unlisted numbers. (But no hike in fee because person expected NO publishing...) 2. Free per-line blocking to those who want unlisted numbers now that CNID is available. 3. Per-call blocking to anyone, for a fee. [Shelters, etc. could be exempted] Reasoning: For 1. there was an implied (and probably expressed) promise of non-publication of the number. The person wanted privacy and it should continue with NO fee increase. The service given previously should be grandfathered. For 2. there could be a fee hick because now a person knows they are paying for per-line blocking as well as non-publishing. (IMHO, charging for UNlisting is a bit odd, but...) For 3. Times change. There was never any promise of anonymity, expressed or implied, by the service provider. CNID has been available for years as ANI to 800, 900, and other similar service subscribers. I should be able to get the same info for a fee. CNID v. DOOR (with window or peephole): I have the PRIVILEDGE of finding out who is at my door if I install a peephole or window. YOU have a right to wear a bag over your head. I have the right to not answer my door. Even if I see who is at my door, (assuming no bag...) I still don't have a name and/or address; I do know what the person looks like. CNID doesn't tell me the name. But it sure narrows it down. CNID is especially handy for second-time callers. SUMMARY: This whole fuss over CNID would not be occurring if CNID had been available from Day 1. It is only a problem because most of us got used to being "anonymous callers". Of course it changes things. Any new service makes things different. Answering machines made it possbile to screen calls. CNID enhances this. The caller does not have to be subjected to your outgoing message first. Just my $1.53 (expressed in 1993 dollars and adjusted for inflation and appreciation). No one else's opinions are expressed or implied. sa -- skeeter@skatter.usask.ca no nifty .sig For every problem there is a solution which is simple, obvious, and wrong" --Albert Einstein ------------------------------ Date: Wed, 3 Feb 1993 14:37:10 -0500 (EST) From: Eugene Levine Subject: Detecting Piracy (I and II) This morning's Boston Globe (2/3/93) carried a story about the local cable company's newest twist on detecting unauthorized use of their programming. They offered a "free" T shirt to people who watched an ad which could -according to the company- only be seen on television sets receiving signals without paying for them. Two hours later, I received the note below (which seems to have been inspired by the same spirit). Gene Levine elevine@world.std.com [Moderator's Note: I stripped off about 50 lines of forwarded mail headers. This was in this morning's risks digest. ._dennis] COMPUTER CHEATS TAKE CADSOFT'S BAIT Employees of IBM, Philips, the German federal interior ministry and the federal office for the protection of the constitution are among those who unwittingly 'turned themselves in' when a German computer software company resorted to an undercover strategy to find out who was using illegal copies of one of its programs. Hundreds of customers accepted Cadsoft's offer of a free demonstration program that, unknown to them, searched their computer hard disks for il- legal copies. Where the search was successful, a message appeared on the monitor screen inviting the customer to print out and return a voucher for a free handbook of the latest version of the program. However, instead of a handbook the users received a letter from the Bavarian-based software com- pany's lawyers. Since the demonstration program was distributed last June about 400 people have returned the voucher, which contained coded information about the type of computer and the version of the illegally copied Cadsoft program being used. Cadsoft is now seeking damages of at least DM6,000 (ECU3,06E2) each from the illegal users. Cadsoft's tactics are justified by manager Rudolf Hofer as a necessary defence against pirate copying. The company had experienced a 30% drop since 1991 in sales of its successful Eagle design program, which retails at DM2,998. In contrast, demand for a DM25 demo version, which Cadsoft offered with the handbook of the full version, had jumped, indicating that people were acquiring the program from other sources. Although Cadsoft devised its plan with the help of lawyers, doubts have been raised about the legal acceptability of this type of computer detective work. In the case of government offices there is concern about data protection and official secrets. The search program may also have had side-effects that caused other files to be damaged or lost. Cadsoft is therefore preparing itself for what could be a long legal battle with some customers. So far it has reached out-of-court agreement with only about a quarter of those who incriminated themselves. ***************************************************************** * Brian Markey Internet: bmarkey@sni-usa.com * * Siemens Nixdorf USENET: ...!uunet!bmarkey@sni-usa.com * * Research & Development Division * * 200 Wheeler Road # 435 TEL: [usa](617)273-0480 X 3438 * * Burlington, MA 01803 FAX: [usa](617)221-0236 * ***************************************************************** - ----- End of forwarded message ----- ------------------------------ From: "J. Philip Miller" Subject: Prodigy class action suit (fwd) Date: Wed, 3 Feb 1993 20:45:42 -0600 (CST) Forwarded message: > > Attached is a text article receivedfrom a local BBS. I apologize if this is > not the way to send such material to a moderated list, and would appreciate > information about how to do this properly (I've only been using the > Internet for two months, and am still in need of nurturing advice on > netiguette. > --Gene Levine > elevine@world.std.com > > [Moderator's Note: I got this a while ago. I had misfiled it. ._dennis ] > > Well I am surprised that the moderator let this be posted at all. This was discussed on the net over a year ago. My recollection of it all was that the problem with the Prodigy software was that it allocated large scratch files without initializing the entire disk area. Thus information which was already on the disk, in the form of "deleted" or "replaced" files was now in the area of the newly allocated disk file. A number of the technically sophisticated folks put monitors on the actual traffic going out from their PC's to Prodigy and there was never any evidence that any of the information was inappropriately being sent. What is probably important for the charter of this group is the reminder that just deleting a file from a disk (or creating a new version of it), does not remove the information which had been in that file from the physical disk. A large number of utilities can read every disk sector, whether it is part of a file or not. Newly allocated files can contain information that had been previously written on the disk. If you have sensitive information on your disk, you need to be very careful. I cannot tell you how often I see folks give me a file on a floppy which they have previously used to store confidential information. It is really upsetting when folks think that just because they do not see anything with their regular DOS commands, then it is not there at all. All of the information above relates to using just the ordinary tools that are there with a few utilities. More sophisticated electronics can recover information which has even been written over by highly sensitive analysis of the magnetic fields. Despite all of this, none of the allegations about Prodigy with respect to their uploading of inappropriate information from a users PC were ever substantiated and there was a lot of data to say they were not doing it (note, the statement was that they WERE NOT doing it, not that they COULD NOT do it). -phil -- J. Philip Miller, Professor, Division of Biostatistics, Box 8067 Washington University Medical School, St. Louis MO 63110 phil@wubios.WUstl.edu - (314) 362-3617 [362-2694(FAX)] ------------------------------ Date: Thu, 4 Feb 1993 03:16:47 -0500 (EST) From: Paul Robinson Subject: Prodigy is Stealing your data. NOT. The 'Prodigy is Stealing Your Data' story is another 'Urban Legend' on the order of the 'FCC Modem Tax', the 'FCC to Ban Religious Broadcasting' and the infamous libelous 'Chairman of Procter and Gamble declared himself a member of a Satanic Cult on a Sunday Phil Donohue show' stories that pop up every so often due to ignorance, misunderstanding, hatred or plain slow communications channels. This incident has been thoroughly researched and found to be untrue. As I haven't heard the story in about 2 years, I'll have to explain what was answered. 1. File data found on disk in STAGE.DAT When MS Dos is requested to open a file, it simply picks, in order, enough clusters to satisfy the request, and hands the user the first block as well as an index in the fat table to the blocks that are used to satisfy that request. Whatever was there when a file was deleted, is still there waiting for someone to 'file surf' and get the contents. MS Dos does not expunge disk space, so if you make a request for a block of 1 million bytes of disk space, the operating system will give you 1,000 blocks of 1K or some combination thereof. This gives you 1,000 places to look at. This practice of 'disk surfing' is so common in mainframe computing circles that some systems automatically simulate reads on blocks in files that have never been written when opened, by returning binary 0. I've done it myself, for non-malicious purposes. I issued a request for a temporary scratch file on a pack and had the analysis program I wrote scan it. (I was practicing with the FORTRAN random file capability.) In one try I got routine, dull data. Another try got me the entire password file for the computer system including priveleged accounts: I logged onto one of the accounts I knew was priveleged to see if the password I had was valid, and it was. (This was before such an act was illegal.) I logged off fast as I did not, for obvious reasons, want to be caught in it. I never used the information otherwise, but I could have. The fact is that programs routinely scatter temporary files all over the place. If the temporary file is where Prodigy grabs a disk, it's going to have that information. 2. Prodigy is sending your data up to them. You don't have an external modem (most likely) or you don't know how to read it. The vast majority of reports indicate that the Receive light is almost constantly on and the transmit light almost never except during the rare times you type something. 3. Your hard disk data is on a floppy disk. MS DOS has buffers to hold data it reads. Directories have to be read off disk. When MSDOS creates a file by opening it, it assigns a buffer to that file. If the file was simply opened and extended, the operating system will probably write the buffer out to disk when it is closed since MS DOS does not know that the buffer is unchanged. A user did a test to check this out. 1. He installed a virus detector that checked for disk activity. The only files that Prodigy was changing were its own files including STAGE.DAT. It was not accessing other files. 2. He created a totally clean install on floppy by shutting the machine off to clear the memory, then installed without ever accessing the hard disk. Prodigy never accessed the hard disk on the floppy install. In short, this is an old, inaccurate rumor spread by mistrust and ignorance. I have no particular love for Prodigy, but bad as the system is in terms of the stunts they have pulled (cancelling accounts for opinions not liked, etc.) and the slothfulness of their system, it doesn't deserve this sort of treatment. Beyond that is the question of why two major companies, Sears and IBM, both of which, (despite recent problems) have generally had impeccable customer service records, would stoop to the worst kind of Felony criminal activity? That doesn't make much sense. --- Paul Robinson -- TDARCOS@MCIMAIL.COM ------------------------------ Reply-To: John Higdon From: John Higdon Date: Wed, 3 Feb 1993 19:21:48 PST Organization: Green Hills and Cows Subject: Re: Prodigy class action suit Eugene Levine writes: > TO: All MSG # 9603, May-8-91 1:56am ^^^^^^^^ This 'stage.dat' garbage is a year and a half old! I thought this had all been put to bed once and for all. My only suggestion is that anyone who is sufficiently parnoid to get lathered by this nonsense should visit the local technology bookstore and buy some books about DOS and how it works. Once he REALLY understands the inner workings of DOS and how it handles and allocates disk space, he will move on to other worries. I snored through this the FIRST time it came around. > The Los Angeles County D.A's Office made known that it is considering > additional charges against Prodigy, a computer information service oper- > ated by Sears Roebuck & Co and IBM. Not even the LA County DA is lame enough to continue to whip this dead horse. Dennis, I'm surprised at you. Was it a slow digest day? [Moderator's Note: No. I've been really busy at work, training for the LA Marathon, and extremely busy at home. I have let things slide lately that I should not have. This and the thread on radar detectors and speed limits are good examples. I stopped published digests just for the sake of publishing digest many moons ago. There will be less digests in the future but there will be a greater signal to noise ratio. ._dennis ] -- John Higdon | P. O. Box 7648 | +1 408 264 4115 | FAX: john@ati.com | San Jose, CA 95150 | 10288 0 700 FOR-A-MOO | +1 408 264 4407 ------------------------------ End of Computer Privacy Digest V2 #015 ******************************