Malwares
Software that hiddendly corrupts, checks or modifies your data
         Petit image    Malwares
Version May 2000

RealNetworks Returns: The "Spy" in "Download Demon"
by Lauren Weinstein
Originally @ http://www.pfir.org (see also http://www.vortex.com) ~ published @ searchlores in May 2000

           "But take care when you find your appz, 
            or you'll not gain your just rewardz, 
            your quest will all have been in vain, 
            and you will have to start again"





Ancient websearchers' rhime

Subject: RealNetworks Returns: The "Spy" in "Download Demon"

Greetings. You'd think they'd have learned by now. After their public relations snafus with the Globally Unique Identifier in their RealPlayer product, and concerns over information being transmitted to Real by their RealJukebox package, one would have hoped that they'd figured out how folks feel about their activities being monitored, even when the monitoring is theoretically anonymous. After all, RealNetworks, Inc. (http://www.real.com) takes pains to mention that they're a member of the Online Privacy Alliance, whose stated aim is to "... create an environment of trust and foster the protection of individuals' privacy online."

But it's hard not to mutter some choice expletives under your breath upon learning the details of RealNetwork's latest heavily-promoted goodie from their Netzip, Inc. (http://www.netzip.com) subsidiary--the "Download Demon" package. Actually, Real should win the "honesty in product naming" award for this one--"demon" seems to be a particularly apt description.

You may already have stumbled across this little surprise on your system. I found it apparently bundled in with other downloads I had made from RealNetworks. The Download Demon attempts to automate various file downloading functions, to permit downloads to be interrupted and later resumed, plus other related functionality. It attracted my attention since it had silently linked itself into my Web browsers to take over all downloading operations--*without* my having taken any specific actions to install or enable it--and my system was hanging in the course of various downloads! I removed it with some difficulty. Only later did I discover the much less obvious "feature" of the Download Demon--for all files you download, from *any* sites, the Demon sends details (e.g. file names and URLs) to RealNetworks/Netzip! Surprise!

I'll give them some credit--at least this is all spelled out in their privacy policy (http://www.netzip.com/about/privacy.html). Of course, this assumes that you thought to even bother reading a privacy policy for a "simple" downloading package, or had the time to plow through the entire lengthy document (which of course is subject to change at any time). A handy attorney to help you analyze the policy might also be useful.

Real makes the usual "you can trust us" sorts of boilerplate statements. They say that they don't store your Internet IP addresses in tandem with the data that they record about what you download. They claim that it's all "anonymous" and that they don't link in personally identifiable information. The stated purpose for the flow of information about your detailed downloading activities is to target the ads in the "free" version of the Download Demon software, and for (here it comes) "aggregate, anonymous statistical analysis" purposes. There is no suggestion that this data flow ceases if a user upgrades the product by paying for registration (to turn off the ads).

This whole area of commercial monitoring of Internet user activity in various ways, both in "free" and non-free software, is a gigantic growth industry, largely fueled by the absence of even basic legislation to provide consumers with specific rights in this regard. Such software packages may entangle themselves into users' systems in manners that are difficult to notice, understand, control, or remove. The ongoing controversy over the technology used by Radiate, Inc.--formerly Aureate Media (http://www.radiate.com) to track various aspects of users' behavior in many popular "freeware" software packages is a case in point.

The "trust us, it's anonymous, you have nothing to be concerned about" philosophy expounded in so many complex commercial privacy policies might satisfy Alfred E. Neuman ("What, me worry?") of "Mad Magazine" fame, but seems increasingly inadequate for the rest of us.

As far as the "Download Demon" is concerned, if you feel that it's RealNetwork's business to know the details of your file downloads from whatever sites you visit, by all means continue to use it. If not, you may want to consider trying to remove it (in the MS Windows case, via the Windows Add/Remove Programs controls), and take care that it isn't automatically installed again in the course of some other software installations. You might also wish to consider dropping a note to privacy@netzip.com letting them know how you feel about these issues, pro or con.

To many firms, the Web has become the vehicle for all manner of invasive systems and policies which few of us would tolerate in the routine, "non-computer" aspects of our lives. It's up to you to decide whether or not you wish to passively play along with the salacious circus of software spies.

--Lauren--
Lauren Weinstein
lauren@pfir.org or lauren@vortex.com

antiadv

(c) 2000: [fravia+], all rights reserved