FITUG e.V.
Förderverein Informationstechnik und Gesellschaft
FITUG e.V.Förderverein Informationstechnik und Gesellschaft |
|
------- Forwarded message follows ------- Date sent: Fri, 19 Oct 2001 01:41:09 -0700 To: politech@politechbot.com From: Declan McCullagh <declan@well.com> Subject: FC: What info does Zero Knowledge collect on users of Freedom 3.0? Send reply to: declan@well.com
[I agreed to delete Anonymous' name before posting, but it is fair to point out that Anonymous works for a company that is in some areas a competitor to ZKS. I offered ZKS the opportunity to reply; their response follows. My own thoughts: If ZKS wants to display tailored ads, it makes sense that Freedom clients will communicate with the mother ship on a more-or-less regular basis. This is what Eudora and Opera do, and what Freedom 3.0 apparently does (I haven't used it). The question is whether users are aware of the potential privacy risks. --Declan]
********
Date: Thu, 18 Oct 2001 00:25:32 -0700 From: Anonymous To: declan@well.com Subject: Zero Knowledge Tracks Users with Freedom 3.0...
Declan,
Thought you'd be interested in this.
While playing with Zero Knowledge Systems' new Freedom 3.0 privacy product, I noticed that it actually notifies Zero Knowledge whenever you start it up. It sends a bunch of HTTP requests (through the M$ IE subsystem, no less) to ZKS.
Here's a sample header: GET http://www.zeroknowledge.com/client/3/redirect.asp?pid=2029&prn=0&ver= 3.0.0&lang=en&event=1&url=1 User-Agent: Mozilla/4.0
Plus all the standard HTTP stuff -- IP address, date/time, etc.
This would also include any cookies set from zeroknowledge.com, (which ZKS sets every time you go there), but I filter cookies through the MEconomy system, so I had none from them.
What's "pid" (I checked -- unrelated to my Win 2K process ID)? What's prn? What's "event"? Why is s it being sent back to zeroknowledge EVERY time I start up Freedom?
Guess even the privacy good guys want to track you.
********
From: Dov Smith <dov@zeroknowledge.com> To: "'declan@well.com'" <declan@well.com> Subject: Reply from Zero-Knowledge Date: Thu, 18 Oct 2001 18:17:31 -0400
Hey Declan,
I want to start by saying that Zero-Knowledge absolutely does not track or profile the users of its Freedom Privacy & Security Tools 3.0 software.
Our software loads updates (e.g. Ad Manager files and e-wallet scripts) as well as privacy-related content via HTTP. This was the case with previous versions of the software and is still true today, although today it may appear more prominent since we have designed Freedom 3.0 with a new user interface and are carrying more privacy content.
This HTTP activity is covered by our privacy policies.
As for cookies, Zero-Knowledge has always used cookies on its websites, for the purposes of store-, affiliate- and state-management. These practices are also reflected in our privacy policies.
Declan, if you still think this is worth forwarding on, I'd appreciate your at least changing the subject header you sent me. The implication that delivering web content means tracking users, is mistaken.
Best regards,
Dov
__________________________________________
Dov Smith PR Director, Zero-Knowledge Systems 514.350.7553 / dov@zeroknowledge.com
Join us at Privacy By Design 2001 Dec. 3-5, 2001 in Montreal www.zeroknowledge.com/privacybydesign2001 __________________________________________
********
Date: Thu, 18 Oct 2001 15:35:37 -0700 From: Anonymous To: Declan McCullagh <declan@well.com> Subject: Re: Fwd: Reply from Zero-Knowledge
My comments integrated below:
> >I want to start by saying that Zero-Knowledge absolutely does not track or > >profile the users of its Freedom Privacy & Security Tools 3.0 software.
Whenever I turn on Freedom, which, by default, happens when I boot, it sends a message to ZKS. EVERY time. How, again, is this not "tracking" of my usage behaviour? How is ZKS knowing every time I boot up that I've got Freedom 3.0 installed not something they can build a profile about?
> >Our software loads updates (e.g. Ad Manager files and e-wallet scripts) as > >well as privacy-related content via HTTP. This was the case with previous > >versions of the software and is still true today, although today it may > >appear more prominent since we have designed Freedom 3.0 with a new user > >interface and are carrying more privacy content.
I can't comment on Freedom 2.0, but this doesn't change any of my comments.
> >This HTTP activity is covered by our privacy policies.
I don't doubt it.
> >As for cookies, Zero-Knowledge has always used cookies on its websites, for > >the purposes of store-, affiliate- and state-management. These practices are > >also reflected in our privacy policies.
And EVERY time I turn on my Freedom client (usually at startup) it sends a request, info I don't have a clue about (And those cookies, when the domain in zeroknowledge.com and when I use IE as my browser, are sent back to ZKS whenever they're in my IE cache and I open ZKS.
And, of course, there's the fact that Freedom notifies everyone between my computer and zeroknowledge.com that I'm using freedom. Which, of course, is covered by the Pen trace and trap warrants, and is collected by carnivore. Now I'm telling my ISP and the world what my IP is, what my platform is, and that I use Freedom.
How, again, is this not tracking me?
Things to consider.