Red Sheriff is expanding operations

A company which has been in the web surfer monitoring business for quite a while is gearing up to expand its operations around the world. Red Sheriff recently began testing new services in New Zealand and has been tracking the surfing habits of over 60,000 kiwi surfers for months, including those using Xtra, the largest ISP in New Zealand. Xtra's web site has been using Red Sheriff's newest system as sort of a "test run" before rolling it out across the world.

Red Sheriff CEO Richard Webb is quoted as saying that "this is the first step to an international roll-out to twenty countries over the next year." Red Sheriff's system measures every individual's activity on the net and claims to be able to track internet users far more accurately than other methods. The statistics will show Web publishers exactly how many people visit the site, what they do while they're on the site, where they go within the site and how long they are there.

Unlike most advertising spyware which uses parasitic software that piggybacks on popular ad-supported programs like KaZaA or Limewire, Red Sheriff is a "service" which uses third party tracking cookies, java applets, and even Macromedia flash to monitor where we go, what we do and how long we do it while we're on the Web. Some old documents from Red Sheriff's web site suggest that this tracking extends beyond the web site which originally loaded the java or flash applets.

Since there is no software installed on the user's computer, programs such as Aluria Spyware Eliminator, Ad-aware, and Spybot are unable to protect users from Red Sheriff's methods of internet usage tracking. That doesn't mean that you are completely helpless if you prefer not to be branded by Red Sheriff and tracked as you graze the internet prairie.

Here is how you can block Red Sheriff from tracking your internet usage.

Proxomitron users, right-click >>here<< and download Bill Webb's filter that blocks the java applet. Save this file to your Proxomitron folder, then start Proxomitron. Click the proxo icon in the system tray and press CTRL + M Select sheriff.cfg and click Open. Then save the filter as your default filter and Proxomitron will filter out Red Sheriff.

If you aren't a user of Proxomitron (and you should check it out if you're not), you can block Red Sheriff with your HOSTS file. There is a list of servers to block at http://www.spywareinfo.com/yabbse/index.php?board=11;action=display;threadid=2239 (no promises on how up-to-date it is).

If you are using Internet Explorer, you can also use IE-SPYADS to have all known Red Sherrif servers (and servers from countless other nasty web sites) put into the restricted security zone (meaning no cookies, flash, java, or javascript can be used).

Permlink | Top

Aluria's Spyware Eliminator
Author: Aluria software
Platform: Windows 9x, ME, NT 4.0, 2K, XP
License: $59.98 $29.99
Download

Every week, I bring you a discount on expensive software that lets you keep your private business private. The commissions let me pay for hosting this bandwidth hog of a web site without bringing in 3rd party advertisers (and their tracking cookies). If there is a program you'd love to have, but the price tag is too much, let us know and we may feature it here.

This week is a little different. Instead of a discount, we've worked out a freebie. Anyone who purchases a copy of Aluria Spyware Eliminator between now and the end of next Tuesday (April 9th) will also get a FREE copy of Aluria's Everlasting Popup Stopper. As a matter of fact, buying any software made by Aluria will entitle SWI visitors to a free pop up stopper as long as you arrive at Aluria's web site using this link.

Aluria's Spyware Eliminator is a very good program. It cleans out computer usage history that someone snooping around on your computer might use to piece together your computing activity. It can detect and remove advertising spyware, porn dialers, and browser hijackers. Unlike most of the free spyware detectors that are so popular, it also detects and removes true surveillance spyware and keyloggers such as Spectorsoft's e-blaster and Spector Pro. Commercial surveillance spyware is expensive stuff, and the developers of free spyware detectors simply can't afford to buy it for testing.

Aluria's developers also receive the mailing list I send out when a new or updated spyware program is discovered and it is always kept up-to-date. When false positives or bugs are reported, they have always updated to fix the problem. This is a program that definitely has my recommendation.

To take advantage of this special offer, simply forward a copy of your receipt or email your order number to support@aluriasoftware.com and request your free copy of Everlasting Popup Stopper.

Purchase Aluria Spyware Eliminator

Permlink | Top

Doesn't it just irritate the pure heck out of you to discover a program installed on your computer that you didn't know was there? In the past, advertising spyware programs would bundle with other programs and install without warning and do their best to remain hidden from view. After sustained public condemnation of this behavior, most of these companies did at least start disclosing the presence of their installers, even if they don't always let you opt out of them.

This is the reason we always tell you "Read the license agreement". I don't care how boring and long-winded it is, read the thing before you install something. You can avoid being surprised by just about all advertising spyware in this way because they will usually disclose that they will be installed along with whatever other program you are installing. Unfortunately, not everyone plays by these rules.

Last month, I noticed a folder named c:\program files\viewpoint media player\. Since the only media players that I thought were installed were Windows Media Player and Winamp, I had no idea what this was. I didn't pay it any attention, until someone mentioned it at the message board. One of my regular members called it spyware, and that got me interested enough to go looking for the people responsible for this thing being on my computer.

I found the company responsible for making it and went looking around for their privacy policy. What I found disturbed me very greatly.

Viewpoint Media Player privacy policy

Viewpoint Consumer Software and Your Privacy
At no time will we collect and store your personal information, nor will we request that you give us permission to do so.

Viewpoint is constantly innovating and implementing new features in The Viewpoint Media Player to provide the best possible user experience. For this reason, this site will continue to evolve as our software evolves. Please visit the site when we issue new versions and releases of Viewpoint to ensure that you have the most current information.

Regardless of how this Privacy Statement evolves with our software, however, Viewpoint will never collect your personally identifiable information without your consent. [and then in the next section....]

The Information That We Collect
To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Because the Viewpoint Media Player can update itself, we may need to update information regarding the plug-in as new software functionality evolves.

Download

If you decide to download the Viewpoint Media Player from the Viewpoint website, Viewpoint will not request your name, email, or system information.

Software Update
The Viewpoint Media Player is designed to check for the availability of software updates to ensure that you have the latest product improvements. When the Viewpoint Media Player checks for the availability of an update, basic information about the product version and installed components are sent anonymously to Viewpoint. This step determines whether new, free software is available for download.

User Interaction
The Viewpoint Media Player will soon be capable of tracking information about the content it displays and how the user interacts with it. When the Viewpoint Media Player displays Viewpoint content, it tracks the URL it is served from, as well as Viewpoint file data tagged by the author in XML. This data can include, but is not limited to: the names of objects and textures displayed, and the names of animations invoked.

What We Do with the Information We Collect
Much of the data sent by the Viewpoint Media Player is temporary data that is required only to enable a feature or service to be performed over the Internet. This data is discarded after its intended use is served. The information that we do store and track, we use in three ways:

+ To gather anonymous, aggregate statistical data to help us better understand the quality of our product and services and how they are used.
+ To provide our clients with information about how visitors to their sites use their content.
+ To provide services to help our clients enhance their products and presentation.

At no point is the CUID connected to a user's name, email address, or other personal contact information, nor will it be used in connection with the data provided to our clients.

After reading that horrible privacy policy, I decided to write to them to find out where this thing had come from, because I had most certainly not installed anything like that.

From: Mike Healan
Sent: Friday, March 14, 2003
To: privacy@Viewpoint.com
Subject: question about distribution

I recently discovered viewpoint media player installed on my computer and I haven't knowingly installed it myself. I'd like to know how and through whom your media player is distributed so that I can figure out what installed the copy I found.

Regards,

Mike Healan
http://www.spywareinfo.com/

---

From: Allen, Larry
To: Mike Healan
Sent: Friday, March 14, 2003
Subject: RE: question about distribution

Mike,

We are distributed with a number of OEMs including, AOL, AOL Instant Messenger, Netscape 7, HP/Compaq, Toshiba, Hitachi, Sony to name a few.

Regards,

Larry Allen

---

From: Mike Healan
To: Allen, Larry
Sent: Friday, March 14, 2003
Subject: Re: question about distribution

Thank you Larry. I now know that it was AOL Instant Messenger which installed your media player.

Are you aware that there is no disclosure at all in the AIM installer for your product? I just downloaded the newest AIM installer and monitored its installation and your product is not mentioned at all.

After reviewing your privacy policy, the fact that your media player installed without disclosure or opt-out, and the fact that removing AIM did not reveal or remove your product, your Viewpoint Media Player now qualifies as a legitimate target of adware/spyware removal programs such as Ad-aware, Spybot, X-Cleaner, etc.

I would like to make you aware that I own the web site in my signature. I will be mentioning the fact that I happened to notice your software installed on my computer in the next issue of my web site's newsletter (there are roughly 200,000 readers of my web site). I strongly urge your company to require that all distribution partners prominently disclose the presence of your software, along with a link to your privacy policy. Otherwise it is possible that your product may find itself in the next update of the programs I mentioned above. You should also consider making it an optional install, although that's not as big an issue as the undisclosed installation.

Regards,

Mike Healan
http://www.spywareinfo.com/

So, is it spyware? That's up for debate. I'll leave you with their privacy policy and the knowledge they do not disclose their installations and let you make up your own mind.

Right now, go to your c:\program files\ folder and look to see if you have a folder named Viewpoint Media Player. If you find it there, do you know where it came from? I'm betting that you don't.

Ticked off about it being there without your knowledge? Perhaps you should let them know it. At the bottom of their privacy policy is some contact information. Be nice. No one actually reads flame email, they just delete it along with the spam.

You can also discuss this in the thread I started at the message board about this.

Permlink | Top

There is a struggle going on in America for control of your computer. On one side, you have some of the largest companies on Earth, the wealthiest lobbying groups in the entertainment industry, and hundreds of corrupt and greedy politicians (many of which are in the employ of the corporations and lobbyists). On the other side, you have tens of millions of consumers who buy computers, software, music, video games, and movies.

If the corporations, Hollywood lobbyists, and corrupt politicians win this struggle, the computers of the future will no longer be awe-inspiring examples of Humanity's technological cleverness. Instead, every computer and electronic device will be merely one more way to generate money at the expense of the consumer. Every computer will be just one more way for an increasingly intrusive government to monitor and control a populace that is growing ever more tolerant of oppressive, unconstitutional laws.

Computers as they currently exist are capable of nearly anything and have virtually unlimited potential for growth. Computers give their owners so much power that attempts to control how software can be used have nearly always failed. The corporations, lobbyists, and governments want to cripple future computers in a way that takes away the technology that has given people so much freedom and power. The corporations want to force you to pay for upgrades to the latest versions of their expensive, bloated software. The lobbyists want to force you to buy music and movies from them at artificial prices, and not from the artists who actually create the content that you want. The politicians want to take away your ability to secure your computer from unwanted access and unwarranted searches.

A while back I mentioned the Anti-TCPA web site. Anti-TCPA is solidly opposed to the so-called "Trusted Computing Platform Alliance". Trusted Computing will supposedly make computers more secure against hackers and viruses. It also makes it easier to implement digital rights management technology. If Trusted Computing becomes a reality, the companies that make the software running on your computer will end up having more control of your computer than you will. It even goes so far as making it possible for governments to delete officially sanctioned materials right off of your hard drive.

Companies such as Microsoft and Adobe would love the ability to control the contents of your computer. Microsoft appears to be steaming full ahead with their plans to create an operating system in which they have more control over it than the actual owner of the computer. The RIAA and the MPAA would also like to have the sort of control. For that matter, so would whichever government applies to you.

In France, it is actually a crime, punishable by thousands of Francs, to insult the president. With this sort of technology, the French government might be able to search for any documents on people's computers which insult the president, fine those storing them, and then delete them. Now imagine that kind of ability being given to a government such as that in China or North Korea. Scared yet?

You might think that you could get around nonsense such as Palladium and TCPA by using linux or Mac. However, the CBDTPA would make it illegal in the United States to circumvent this limiting software or to develop software or hardware which does not include it. By several interpretations, this means that linux and Mac would become illegal if they did not include this sort of technology.

As disturbing as the CBDTPA is, laws which are similar, but even more draconian and blatantly hostile to the citizens effected, have managed to slip under the radar in several US state legislatures. An entry in the personal blog of Professor Edward Felten of Princeton's computer sciences department has been making the rounds of just about every discussion board on the internet for the last week. Professor Felten's personal interpretation of some of these new state laws makes the use of firewalls, NAT routing, VPN, etc illegal and subject to official sanction.

Interpretation of the new laws are varied.

From a post at Slashdot:

It may not be directed at IP geeks--maybe the spirit of the bill is that it's supposed to go after satellite TV pirates and cellular fraud.

The problem though is that once the law is in the books, it's the letter of the law that matters. And right now, the wording of the bill leaves it open to potential abuse.

The law may not target IP geeks, but if some ISP wanted to go after NAT users, they would now have a broken law on their side. As with the DMCA, the road to hell is paved with good intentions.

From two posts at Broadband Reports:

It appears to be making an attempt to protect ISPs from spammers and those who steal bandwidth. I suppose any written law is subject to interpretation, but there's simply no way that encryption, the use of firewalls, etc. will be made illegal unless there is "criminal intent" involved.

----

I think the main point of the bill is to prevent encrypted P2P programs, under the guise of National Security. If the ISP can't follow what you transfer through P2P, and who you send it to, the RIAA and MPAA would not be able to mount a serious case against the ISP's.

If you are a citizen of Michigan, Texas, Massachusetts, South Carolina, Florida, Georgia, Alaska, Tennessee, or Colorado, these laws effect you specifically. The precedent they set effects us all. I strongly suggest everyone send a note to their senators and representatives (both state and federal) about this. The trend can still be stopped, but not if the public remains apathetic towards it.

Links to more information:

http://www.stoppoliceware.org
http://www.aaxnet.com/editor/edit029.html#mspath
http://action.eff.org/action/index.asp?step=2&item=2421
http://anti-dmca.org
http://www.againsttcpa.com
http://www.boycott-riaa.com
http://www.ripburnrespect.com

Permlink | Top

Something I hear constantly from people when I'm discussing privacy and spyware is the phrase "I have nothing to hide". How I counter that depends on who says it and what prompted it. In all cases, it infuriates me when someone says that. It's a cop out. It's lazy. It's ignorant. It's apathetic. More importantly, it's dangerous. You cannot live in a free society and have an attitude like that, because all too soon the society will cease being free.

How do you tend to deal with someone who says something like that to you? Please don't email me, just reply to that thread at the forums.

Permlink | Top

I just can't win. Last issue I had to apologize to you all. Some of you got the newsletter twice the week before, and some of you didn't get it at all. Well, once again I apologize. Last week all of you got the newsletter twice, and I have no idea why that is. If it does it again this week, I may go back to a previous version of the software. I *think* a security patch I installed about a month ago introduced more bugs than it fixed. There are just too darned many people getting this newsletter for it to be going out twice like that.

Starting next week, this newsletter will be sent from a different email address. Every week just about, I ask that if you are replying to this newsletter with the reply button, please don't include the entire 40KB newsletter along with your message. Not one person who has replied to me has done this simple thing, so next week I will change the address to one that does not reach my inbox. If you need to email me, you can of course use the contact form on the web site.

Sorry if this makes it harder to reach me, but I've had to do this out of self defense.

Next week I'll be featuring a fantastic disk imaging program that flat out kicks Drive Image's butt. Normally I have a strict policy of only featuring software at a discounted price only if it related to spyware or privacy. Next week's program is neither, although a good backup of your hard drive is a good thing to have around just in case you get infected with some nasty piece of garbage like Xupiter or Lop.com.

As that discount/feature is as much for you than it is for me, I thought I'd ask your opinion on the matter. Should I reserve it strictly for privacy/spyware/security related software? Or do you think software like download managers, tweaking programs like X-Setup, and backup utilities should also be featured? If you have an opinion one way or the other, let me know.

See ya next week...