Re: New Spyware

From: OneLouder (edayaxwellmay@exoboxway.omcay)
Date: 02/10/02 

From: OneLouder <edayaxwellmay@exoboxway.omcay>
Date: Sun, 10 Feb 2002 08:33:25 GMT

in article a44kg7$po0$3@bob.news.rcn.net, sponge at mtubi@python.net wrote
on 2/9/02 9:02 PM:

> First of all, you are quoting things from two different people. Get
> it straight before replying. Now, I will reply below.

Really? Sorry about that. Which ones weren't yours? I can't tell anymore.

>
> On Sat, 09 Feb 2002 06:37:41 GMT, "OneLouder"
> <edayaxwellmay@exoboxway.omcay> wrote:
>
>> Jesus Christ, you really are a piece of work.
>>
>> Let's count some of the many ways you've been wrong.
>>
>> 1) "However, it is also apparently embedded into many wireless devices,and
>> it's an open question as to whether they ask cell phone users their
>> permission to be advertised to."
>>
>> WRONG - Infogate does not embed software in cellphones. It's not an open
>> question. Users explicitly configure everything.
>>
>> 2) "It is apparently a large company that has been putting out software and
>> wireless targeted marketing for quite some time."
>>
>> WRONG - Infogate has fewer than 30 people, and has been offering support for
>> wireless delivery of alerts for about 9 months. It has never delivered an
>> ad to a wireless user. The company has been around longer (part of us used
>> to be Pointcast), but I would hope that being in business for a while in
>> this economic climate says that something is being done right, not a basis
>> for suspicion.
>>
>> 3) "Of course, targeted marketing also requires fairly detailed information
>> on each specific
>> user, in order to do the same thing: provide customized information
>> delivery, in the form of ads"
>>
>> WRONG - Infogate does not deliver ads based on personalization, but based on
>> the content they're viewing - just like virtually every commercial web site.
>> When somebody uses the product to look at their stock portfolio, we show
>> banner ads relating to finance. Duh. You later say: "If Infogate does not
>> do this, then it wouldn't even qualify as adware". So we're not adware by
>> your own admission. All the rest of your diatribe is pure unadulterated
>> speculation on your part.
>
> Gee, if so, then your company is way behind what the bottom-feeders
> are claiming!

Probably. At least you're holding out the possibility that I'm right.

> In fact, you're site touts it's lovely-sounding "Infograbber
> techonology". What is this? If it's simply matching ads to what a user
> is looking at, as does "just like virtually every commercial web
> site", then either your marketing practice is overhyped and dubious at
> best, or your company does engage in utilizing more detailed
> information. Which is it?

Hmmm.. you've never mentioned Infograbber before, but coincidentally I wrote
that part myself, under contract. You're completely wrong about what it
does. Again.

When you download the Infogate product, you are offered a chance to
personalize it with your information, such as stock portfolios, which are
unfortunately quite tedious to enter. Users complained. Some people have
already personalized their portfolios on other services, such as Yahoo or
MSN. They are offered a chance, at their sole discretion, to have the
Infogate service copy the information from that other service into ours. It
does this by asking the user to supply their username and password for the
other service, and then copying the data. The username/password combination
is then forgotten by the server that does this.

This is completely disclosed when the user is presented with the option.

I know, I know, "You could be lying", "I don't know how you can do that, so
you're evil" blah blah woof woof.

It's very clever software. And that fact that it works means you should not
be wasting your time with Infogate and instead be taking a really, really
hard look at Passport.

Of course, put Microsoft on your list, and lawyers will come raining out of
the sky.

> As to the Adware/Spyware/Nowhere question, I was weighing points that
> may point us in a particular conclusion. (By the way, I doubt we are
> the only two people who are reading this discussion, so clarification
> to the group is in order.)
> The fact is, your software and service could easily be spyware: you
> require some level of registration, you require a client (and allow
> use of other personal services like cell phones, etc.) and you site
> heavily hypes itself with language such as "Extreme Targeting" and
> "Find-Me-Follow-Me technology."

I really should congratulate the marketing guys on your obsession with this
stuff. I've never seen marketing bull*** invoke such a strong reaction. I
particularly like how you put more credence in the marketing drivel over the
information provided to you by someone who's clearly a technical person.
Keep in mind that I'm a contractor, too - not an employee, despite my use of
the term "we" when referring to Infogate.

> You and your privacy policy claim that
> your take measures to protect people's privacy. So this is where we're
> at: your company has every tool, technique, and promotional technique
> typical of spyware manufactuerers (which is why I initially considered
> it such), but we are supposed to take your word that you don't use
> this information or these tools against us, despite the fact that you
> operate in an industry renowned for stealing people's privacy
> information for profit, and using the most underhanded techniques
> available for doing so. Re-read the end of my last post.
> I'm trying to give your company the benefit of the doubt, but it's
> really hard to, in the face of all this evidence to the contrary. And,
> ad hominem attacks make that even more difficult.

You have NO evidence - you can't have because I know for a fact there isn't
any to have. Show me a dump of a packet. Show me a violation of privacy
policy. Show me personally targeted ads. Show me a wireless message
containing an ad.

You can't.

As to ad hominem attacks, I have not called you names, called you a liar or
anything like that. The "anonymous", "vigilante" and "blacklister" labels
are entirely accurate, even if not pretty - look them up. "Dude" and
"bucko" might be offensive to you, if so I apologize. I've pointed out
(admittedly with flowery language) that you're wrong. That's it.

>
>> 4) (Regarding "underhanded affiliates") "That's putting words in my mouth
>> that I've never said nor hinted upon".
>>
>> WRONG - your words: "...because Infogate should be more responsible than to
>> affiliate itself with underhanded partners" That's at least a hint.
>> Besides, who elected you to make that determination? Later you say: "In
>> other words, even if Infogate is on the up-and-up, if it's affiliates are
>> less-than-honest about how it's used, it can still be fairly categorized as
>> spyware." This is classic "guilt-by-association", with the extra rub that
>> there's not even any association.
>
> A lie. Here is the exact quotation from my previous post. I even
> EXPLICITLY STATED THAT I WAS NOT ACCUSING INFOGATE OF THE SITUATION I
> WAS DESCRIBING. It could not be any more clear than this.
>
> " AS LONG AS [emphasis added] Infogate is purely opt-in, it isn't
> much of a problem. But, IF Infogate does what it claims to do on
> it's website either WITHOUT user's explicit permission, or IF
> their affiliates or partners use Infogate without explicitly
> telling the user and giving them the chance to opt-out, then it
> IS spyware, because Infogate should be more responsible than to
> affiliate itself with underhanded partners. I am not accusing
> Infogate of this, only stating the case. In other words, even if
> Infogate is on the up-and-up, if it's affiliates are less-
> than-honest about how it's used, it can still be fairly
> categorized as spyware.
>
> Oh, and there is association. It's right on your own website, which
> hawks it's "effective" EXTENDED TARGETING" marketing!***

I'm telling you what the product actually does. Isn't that what you care
about? Or am I wasting my time?

Have you identified any of our affiliates?

As to the quote, yes, you used a hypothetical. Let me do the same so you
can see why it's still offensive.

"If Sponge fucked dogs, what kinds of dogs would he fuck? I'm thinking
mainly spaniels or terriers. Somthing small that wouldn't put up a fight.
Not that I'm actually accusing him of fucking dogs. He does have a penis
though, so he could and he really should be responsible what he does with it
in the dog department. He could just slip it right in that dog - IF he
fucked dogs."

Don't be offended - it's only a hypothetical. I'm not accusing you of
anything. But you've given me no evidence to the contrary.

>> 5) "Unfortunately, Infogate's chosen method of business -- "targeted
>> marketing" and direct advertising -- gives one every right in the world to
>> be suspicious."
>>
>> WRONG - Our business is information delivery. We just use banner ads, like
>> virtually every commercial website, to help defray our costs. We do know
>> some things about our users in aggregate - for instance most of them use our
>> product to track stocks, and we expose that overall demographic to potential
>> advertisers. Anyone interested in appealing to those people consider us a
>> better place to advertise than, say, "amateurnetcops.com". That's the
>> extent of targeting. TV works the same way - you don't see many tampon ads
>> on ESPN, and you see few WWF ads on Lifetime.
>
> This is what I intend to ascertain. Using non-personal, aggregate
> information is fine. But there are a lot of thing on your site that
> could and would easily lead one to believe is more specific than this.

...if you're going to some effort to interpret it that way.

>> 6) "Or, how Transponder -- the trojan that looks for keywords in ever form
>> you fill out online -- swears that they protect your privacy... Or, how
>> eToys tried to turn around and sell it's customer list when it filed for
>> bankruptcy... Or how Comet Cursor claims to respect your privacy but resorts
>> to infecting your machine in order to get you to use it, using methods
>> traditionally used strictly by viruses and worms? I can easily give a dozen
>> more examples."
>>
>> Bully for you. So, any company that has the potential of going out of
>> business, and has customer information, should be blacklisted? So why us
>> and not your bank? Your list should pre-emptively contain *everybody*!!!
>> Not that it has anything to do with Infogate, but do you have factual reason
>> to believe that Transponder or Comet have violated their privacy polices, or
>> are you just paranoid that they MIGHT?
>
> Companies which have the potential to violate your privacy in such as
> way, yes, do deserve to be blacklisted. Whether details of people's
> lives and financial status are sold when the company is in business or
> when the company is out of business makes no difference; that private
> information has still been released to others, in spite of the
> promises made by the company, and the trust emplaced in the company
> has been broken.

Yes, of course we have that ability. So does the person who wrote the
newsreader you have. Any software installed on your computer has that
ability. Add them all to your list.
 
>> 7) (Regarding session/affiliate ID in URL) "It's actually not that big of a
>> deal, but small things like this reveal a lot about the mindset of the those
>> behind them."
>>
>> WRONG - Well, I dispelled this myth in a earlier posting. Examine your own
>> mindset, dude - you're the one you sees goblins where there aren't any.
>
> Yes, it does, that they have zero respect for people's privacy and
> security. Why use a measure that is can (and, in most cases, is
> specifically designed) to defeat some common security measures, like
> cookie blocking. Also, you claimed that Infogate uses keeps track of
> where the user was referred from by the "camp" item in the URL. Why
> not simply use referrer URLs (just as, as you like to point out, 'most
> commercial websites do'. But, ah! Blocking referrer URLs is another
> common security-protection feature, provided in most web-filtering
> agents and even some browsers like Netscape.

It's embarassing - our tracking is in fact very primitive - we have Perl
scripts that scrape Apache logs. In some cases the affiliates add the tag,
not us - and this is the easiest way to make it work. As I've demonstrated,
everything in it is harmless, as you've agreed.

When I described how the "id" tag worked, I assume, since you're so elite,
that you noticed that it's a very, very poor unique identifier. After all,
it uses the low order bytes of the client IP - but if you're behind a
firewall, using NAT, then all of the clients look the same to us, so we mix
in some time information, totally buggering up any chance of recovery of IP.
This is because we actually don't care about individual users in this
situation (only for personalized content), but the general trend of use - is
it going up or down? At what rate?

How much information do you think we can cram in ten decimal digits?

> Dude? I like that sig line someone has about self-righteous
> sixteen-year-olds...

I'm 43, I've been in this business for well over 20 years. And you?

>> 8) "There comes a point when you learn that what a company claims if
>> virtually worthless unless they can provide proof otherwise."
>>
>> You know, I don't think any proof will work for you - you keep setting up
>> new strawmen. I tell you things, the website tells you things, and you
>> arbitrarily question them with NO evidence to the contrary except your
>> fabrications. Must be tough to be so right all the time, with a sense of
>> justice beyond that of accepted Western legal traditions. The burden must
>> weigh heavy.
>
> Perhaps it's the fact that the choice of words used by your company,
> the aggressive nature of the way it promotes it's products and
> services there, and the ethically-questionable use of URLs, tend to
> refute your claims and those of your company. Combined with the fact
> that your company's registration requirement and it's use of client
> software is typical of spyware companies, it's even harder to believe
> otherwise.

Aggressive promotion? Ever seen an Infogate ad? Where?

Client software is inherently a problem? All client software is guilty
until proven innocent? What about Flash? or QuickTime? or WinAmp? or
Gnutella? Are they on your list? They could do everything we could.

> In other words, if it walks like a duck, and quacks like a duck, it's
> a duck. Which is really the point of thise whole debate, anyway. And
> the only evidence to the contrary is a handful of claims by a
> never-before-seen poster to a newsgroup. Hmm, which are we to
> believe...?

A classic ad authoritatum fallacy. My newness has no bearing on the merits
of the spyware issue. I am newly posting to this group solely because I have
had no issue before this. You had not added us to your blacklist before.
Now you have, I brought it up. Your timing, not mine.

> I am trying hard to treat your company with fairness. I am still
> researching the issue, but your defensiveness and the quickness with
> which you have become hostile only damage your case further.

My hostility is a result of my frustration with your inability to see the
viewpoint I have. You have a rather odd sense of justice. I have a feeling
you would feel much differently if you found yourself falsely accused of
something you didn't do. Or maybe you wouldn't. I dunno. You're kinda
weird that way.

>
>> 9) "But what's left unanswered is whether or not other parties can or do.
>> Infogate pitches its ability to deliver customized, personalized information
>> to wireless devices. How exactly is this done?"
>>
>> I've told you at least twice *exactly* how this is done. Through SMS
>> gateways. Everything related to it is opt-in. Jesus. Buy a vowel.
>
> Yeah, SMS really means a lot! What is SMS????? Your codewords mean
> nothing. You only answered part of my question. Your service talks to
> the client. Fine. Your service can send an email to q user who
> requests your service, fine. ***How does it talk to a cell
> phone??????????????*** (Oh, and again, let me repeat that I am not
> well-versed in web-cell technology, so it would be nice if you told
> me. You don't have to divulge any company secrets, just explain
> basically how data from Infogate makes it's way into a cell phone.
> Other than email or using a custom Infogate client, I cannot figure
> out how this would work.

I guess the other thing that bothers me is your tendency to automatically
damn anything you don't understand. As you discovered below, about ten
keystrokes would have given you an answer. In retrospect, I should have
taken you through the baby steps myself earlier.

>> 10) "The web-based version of Infogate uses a piece of installed software,
>> in the form of a toolbar,
>> from what I've seen."
>>
>> WRONG - the website does not require the toolbar. It's simply a website.
>> The toolbar is a more convenient way to view the content, that's all. We
>> prefer you use it, because that's what make us different from other
>> informational websites, and we can offer other services like the alerts. I
>> think I'm beginning to get the picture: it seems any installed downloadable
>> software that connects to the web is spyware. Gotcha. Jesus.
>
> The website seems to be mainly a promotional tool for your company,
> just as most are. I am not overly concerned about the website.
> And, if the downloadable software exhibits certain properties or the
> service readily has the capability to associate personal identity
> (such as registration info) with data collected by the program, yes,
> it's spyware! Please, learn what the group is about before posting!

I have repeatedly assured you that it doesn't.

Frankly, given the hate mail I've gotten on this thread, the definition of
spyware around here is interesting, and, I would hazard, at odds with the
bulk of the Internet community - believe it or not, you guys aren't the
arbiters of reality.

Classicly defined, spyware is software that *surreptitiously* collects
information about a user. That information is typically used to report user
activity to a server for creation of demographic profiles, perform actions
on the client (such as popups) bases on, for instance, where a browser is
pointing. It sometimes uses sneaky ways of being installed, like trojaning
on an innocuous product, or claiming to be something other than what it is.

The key word here is surreptitiously. Infogate does not use unusual tactics
to be installed, unlike the others on your list. As far as I know. the only
way to get the product is to download it directly from the website, though
you might be able to find it on some other download sites. All of the
customization is explicitly done by the user, with the exception of
branding, which happens indirectly and is still obvious to the user through
a logo.

The alerting mechanism, including the infamous SMS boogeyman, is explicitly
controlled by the user. If a user wants a message delivered to the phone,
they supply the phone number and select the carrier from a popup menu - the
minimum information required to send an SMS message through a gateway. The
only thing Infogate sends to these devices are alerts, no ads. Again
totally explicit.

You've already explored the cookies. By now, you should have discovered
that there's very little information content there.
 
>> 11) "But do providers like AT&T and Sprint offer or recommend Infogate? Can
>> they harvest the information collected by or passing through Infogate for
>> their own use?"
>>
>> As I said before, Infogate has no relationship with carriers. As to whether
>> the carriers can/do monitor SMS traffic, I suggest you ask them. Oh right!
>> Sorry, I meant just add them to your spyware list.
>
> I asked if you were careful and RESPONSIBLE as to who you elect to do
> business with. I guess we have our answer. No.

OK, fine, we're responsible when choosing partners. Like you'd believe me
anyway.

If you're holding us responsible for the actions of people (in this case
carriers) with whom have have no business relationship, then that's pretty
twisted.

By the way, to my knowledge, carriers do not monitor the content of SMS
traffic. It was trick question.

>
>> 12) (regarding software embedded in the phone) "It's based on references on
>> Infogate's webpage concerning it's ability to work with "wireless devices""
>>
>> WRONG - Nowhere in the release you cite does it say anything about software
>> embedded in the phone. "Work WITH wireless devices" does not imply "works
>> IN wireless devices". You made it up, then manufactured a plethora of
>> subsequent "problems" with it.
>
> Instead of giving me and the group a straight answer, you tip-toe
> around it by throwing out lovely-sounding, meaningless phrases like
> "SMS." Your company's evasiveness only hurts it's (so far) feeble
> attempts to clarify the issue.

Sorry, even my mom knows what SMS is. Not because of me, and not because
she's tech literate, but because she has a digital phone.

> Why do you assume I know what SMS is? You could also say in an
> advertisement "Usenet works WITH my news reader." But the fact is that
> I NEED my newsreader or some other kind of client in order to READ
> NEWSGROUPS! In the absence of a real explanation, what the am I
> supposed to think?
> If you had simply explained how information gets from WEBSITE to CELL
> PHONE without elusive catch-phrases, this point would have been
> settled.

SMS has been around for a very long time by Internet standards of time -
it's quite a bit more popular in Europe, as digital phones are far more
common, in particular with younger people. I guess I'm a little shocked
that someone who appears to be able to work a TCP packet sniffer has never
heard of SMS messaging. My mistake.

> And, of course, I've also asked questions and pointed out possible
> weakness and asked how they're addressed. Beyond touching on using
> encryption for some things, you have not answered this. Apparently you
> don't have an answer for these weaknesses in your system. If you knew
> anything about Internet Security, or security in general, a huge part
> of it is analyzing weaknesses and potential faults, because that's
> where attacks and exploits will come from. Security is a major part of
> what this group is about.

Yes, I know quite a bit about security. As far as I can tell, you haven't
pointed out any weaknesses in our security, let alone how to address them.

More to the point, the security issue has nothing to do with the spyware
issue. Or does your list now also contain companies who haven't disclosed
their security procedures to you?
 
>
>> 13) "So A relies on B. But, isn't it reasonable to say that B also relies on
>> A"
>>
>> Take a class in formal logic. "Socrates relies on air, therefore air relies
>> on Socrates". Hmmmm.
>
> Do you even know what industry you are in? Re-read my post. You are
> in a position to collect detailed information on individuals. In fact,
> your service needs to know what the user is interested in in order to
> deliver it's service. At the same time, you also offer "Infograbber
> Technology" as a part of your "Extended Targeting" service
> advertisements. Well, that's how the rest of the industry works. An
> irrelevant metaphor does not change this.

Guilt by association. Again.

As to the metaphor - I simply replaced A and B in your logic with something
else that showed that it didn't follow. Let's put in the original words:

"Targeted marketing relies on personal information (debatable, but let's go
on), therefore personal information relies on targeted marketing."

Sorry, still makes no sense.

> (Oh, by the way, If Socrates doesn't exhale carbon dioxide, how are
> plants going to produce oxygen to make more air... Sorry, but I
> couldn't resist throwing a monkey wrench into your little game! ;-) )

You ARE the clever one!

>> 14) "You said that there's no client running on the cell phone, so how else
>> would Infogate deliver its information? I am not up-to-speed on web-cell
>> technology, so that would be a worthwhile clarification"
>>
>> Ain't THAT the fucking truth. You apparently don't have a clue about mobile
>> devices so you make *** up. And we get blacklisted because of it.
>
> You've been evasive about this from the beginning. And you refuse to
> educate me or anyone else, instead preferring some pat answers and ad
> hominem attacks.

But, I'm not your teacher. I'm your victim.

> Your defensiveness indicates that I've getting pretty
> warm.

Yes, that's right, in your world anyone who defends themselves vigorously
must have something to hide. The classic cry of the witchburner.

Curiously, this is same argument used by those advocating monitoring of the
web by the government - if you're so concerned about privacy, you must have
something to hide. How do you feel about that?

>> Get a pencil and write down this special sooper-sekrit URL that contains
>> information that only the special wireless spyware companies have access to:
>> http://www.google.com. Type the magic phrase "SMS" and behold! The magic
>> cablistic truth will be revealed! Shhhhh! Don't tell anyone.
>
> Ok, I did. Found a decent site called www.text.it. So, it's a cell
> standard to transmit text messages. Why didn't you say that upfront?
> We're on an INTERNET newsgroup, and, as you might have seen, many of
> us are very familiar with Internet technology. That doesn't mean we're
> also familiar with cell phone technology.

Again, my mistake - I thought I was dealing with people who were more
tech-savvy than your average USENET denizen.

>> 15) "To some degree, as long as Infogate is engaged in "targeted", direct
>> marketing, it will be judged by the company it keeps.[*snip*] Perhaps
>> Infogates' best strategy would be to distance itself from the sleaze
>> infesting the industry."
>>
>> What the *** are you talking about? You're the only one making the
>> associations. Exactly what do you suggest we do to calm down paranoiacs
>> such as yourself? We don't do any business with any of these people, we
>> don't do any of the things they do. There is no club we can resign from.
>> What more do you fucking want? We documented our policies and you don't
>> believe them. Do we need a special "Sponge Official Junior Kop Klub Seal of
>> Approval" so we can continue to do business?
>
> Your industry is the one fucking itself. With it's sleazy tactics,
> buying and selling of all sorts of information, literally stealing it
> off computers and out of web connections. Some members of your
> industry even resort of literally INFECTING systems who just happen to
> be browsing websites.

They are in my industry only to the degree they are in the software
industry. We make software. It can be downloaded over the Internet. It
gets information from a server. The service needs to know some things about
you in order to supply just the information you want. We use banner ads to
defray the costs. Those banner ads are intended to be appropriate for the
viewer, done in our case very crudely by relating the ads to content.

Pretty simple.

Oh, and we turn over all your personal information to Cthulu.

> And, most say to your face that they "respect
> your privacy" all while fucking you. Gee, what do you expect?
> And, on top of that, your own company hawks its products and services
> with an aggressiveness and a keen choice of words that would make the
> dead scared shitless. "Find-Me-Follow-Me technology"? "Extended
> Targeting"? " Infograbber technology"? Yeah, that's a real fucking
> good way to reassure people! You folks are brilliant!

Yes, we use silly names for features. That's what marketing people do.
Most people don't seem to be able to handle huge long explanations about how
technical stuff works in excruciating detail. Hell, I hear rumors that even
some Internet professionals don't even know how common stuff works.

>> *** it. Enough of this. I could go on for hours disputing your unwarranted
>> allegations, suspicions, and insinuations.
>>
>> In the late 1950's various self-appointed people would compile lists of
>> alleged Communists and make anonymous phone calls to employers and potential
>> employers, or supply lists to "warn" them. Typically, people ended up on
>> these lists based on the flimsiest pretexts - alleged "associations" with
>> other people on the list, the vast majority of them equally innocent. It
>> was devilishly difficult to get off these lists, even if you somehow found
>> out you were on one - claims of innocence got you even more attention, for
>> daring to defy the righteous blacklisters. Only troublemakers with
>> something to hide question blacklisters. Maybe you'd get promises of "we'll
>> look into it", but the lists continued to grow. The anonymity protected the
>> blacklister, and there was no accountability. Eventually it got to the point
>> that Sen. Joseph McCarthy called then 10-year-old Shirley Temple to testify
>> to the House Un-Amercican Activities Committee (HUAC) about Communist
>> influences in Hollywood, and even accused the US Army of being a Communist
>> organization. The whole thing began to unravel not too long after that.
>
> Nice non-sequitur. Well, if you really want to play that game, the
> direct marketing/targeted advertising industry has an extensive
> history of underhanded, unethical, abusive, reckless, malicious,
> possibly criminal behavior. So, following your irrelevant off-base
> argument, perhaps we should not generalize that child molesters are
> underhanded, unethical, abusive, reckless, malicious, and even
> criminal because, maybe, somehwere, there are some "good ones" among
> the 99% are bad...? That's really what you're arguing.

No, I'm not saying that at all - I'm saying that if you call somebody a
child molester and add them to a list, you'd better be damn sure they're a
child molester before you ruin their life. You can't have a "probationary"
child molester list, an "Oops, after checking, we decided, well, he's not a
child molester after all. Sorry about that!" list.

We're getting perilously close to Godwin's law here - you already gone from
target marketer to child molester. Only a few more steps to Nazi. Maybe
next post, eh?

>
>> Look in the mirror, bucko. However you started, and whatever your intent,
>> you've become an anonymous vigilante blacklister, who shoots first, and
>> _maybe_ asks questions later. You seem to be intent on keeping the Infogate
>> product on one of your lists. If I hadn't spotted it, there's little doubt
>> we'd still be on the spyware list - and in fact we're probably still on some
>> blacklist of some of your "customers" who haven't updated or aren't
>> following this discussion. Look at this thread - there's no presumption of
>> innocence, and you call into question virtually everything you read. You
>
> If it looks like a snake and slithers like a snake, it's a snake!

Well, there *are* legless lizards that look and act exactly like snakes, but
aren't. Most snakes (those that *are* snakes) are not poisonous. They
really get a bum rap from ignorant people. Not that I know of any.

> That's what this whole thing boils down to. I've been exceedingly
> open-minded, trying to give you guys the benefit of the doubt and
> asking you to clarify some things for me. And, instead of clarifying
> them, you simply attack like a schemer caught in a lie.
> Learn something about life: sometimes you have to call 'em as you see
> 'em.
>

Uh...when did we get the benefit of the doubt? If we did, I sure missed it.
You added us to the list before checking anything first. And I still think
I'm correct that we'd still be on that list if I hadn't said anything.
We're still on some damn list pending the results of your "research". True?

Yes, I'm angry. Very angry. And I have not lied to you in anything I've
said. Not that you can possibly believe me.

> To some extent, what you say is true; there's no presumption of
> innocence, because your industry has backstabbed consumers and the
> public every step of the way. Do you really think you're the "victim"
> when your industry is the one preying on innocent people, taking
> advantage of them? And your own company has the means, uses most of
> the same methods, and has all the tools available to do what the rest
> of the bottom-feeders are doing. On top of everything else, your
> company's lovely choice of words fuel suspicion like pouring gas on a
> fire. Hmm, and we are supposed to BELIEVE you, when you provide sparse
> information and absolutely no way of verifying it?
> Oh course, chiciness

I assume you mean "cheekiness"?

> and gall seems to be the M.O. of your industry.
> After all, your industry thinks it has the "right" to steal data right
> off people's computers, to infect their browsers, to spam kids with
> porn ads...need I go on?

Where is this going....? We did that?

> And I haven't even asked you for verification.

Why not? I'm here. Ask me specific questions about actual things, not
stuff you made up, and I'll answer.

> I'm going it alone,
> verifying some things based on packet sniffing, and perhaps signing up
> under a pen name and a different email address so as to see if you
> really are misusing personal information.

I already know what you'll find. I suspect, by now, you do too.

> Yeah, you could settle all
> this if I could actually see what's going on inside your servers and
> find out whether or not your programs and your service back-associates
> information with a person's name or other personally-identfiable
> information. Care to allow me access to them? Didn't think so.

You're completely out of your mind if I'd expose the core of the business to
some anonymous blacklister over the Internet. Continue your "research".
I'll validate anything you discover.

>
>> create "facts" that have no basis, you create fictions about things you
>> admit you're ignorant about. You've never contacted the company to simply
>> ask, and your methods of "research" are not documented but seem to involve
>> simple packetsniffing and registry sleuthing. There is no standard of
>> proof, there is no notification, there is no appeal. We're guilty until
>> proven innocent, and probably even then.
>
> WRONG! Evidence is a big part of my business, internet security. It
> involves a little bit more than packet sniffing and procedure
> intercepts, but the fact is, your company exhibits EVERY SIGN of being
> a spyware company, and appears to USE TECHNIQUES typical of them. And
> boasts about its services. Then, you come along out of nowhere to
> provide a handful of limpwristed explanations. Some are reassuring,
> some are completely elusive.

Suspicion is not evidence. Sorry.

Besides, I'm not "out of nowhere" I've clearly identified myself. I'm not
anonymous.

So, hmmm..."limpwristed". Wonder what you're implying now?

> And, I haven't even asked you for any kind of verification! That's
> what the network stuff is for, but that's limited. Basically, I'm to
> take the word of an anonymous poster who shows up in the newsgroup one
> day that every shred of evidence that I see, all of which paints a
> picture of a typical spyware company, is somehow wrong. Sorry, bub, I
> believe the evidence I see, the evidence on your own website, not you.

What evidence? You haven't shown any except your interpretations of
marketing drivel. Please, for God's sake, show me some!

I'm not anonymnous. As any idiot can figure out simple from headers and
other stuff I've posted, my name is Duane Maxwell, among other things I'm a
contractor for Infogate, my posting address points to the domain
"exobox.com", but I'm posting from a RoadRunner account in San Diego. With
your 1337 haXor skillz, this should not have presented much of a difficulty
to figure out.
 
>> Go ahead, try and honestly tell me I'm wrong about anything in that last
>> paragraph.
>>
>> Unlike you, I've disclosed my identity, and have given out contact info in
>> the form of a valid email address. Any idiot can look up the phone number
>> of the company and talk to someone directly. I've taken the time to supply
>
> Talk to the company...so I can be lied to? What are you going to say,
> "Oh, yeah, doesn't listen to that privacy policy...we really do
> collect your personal information. We just say that privacy stuff so
> you'll use our service."
> Again, remember Amazon.com, Comet Cursor, RealNetworks, and
> others...?
>

You didn't even lift a finger to try. You just assumed.

Have you actually called ANY company to ask about their stuff? Oh darn -
there's that pesky Caller ID - they might catch you!!!
 
>> information that rebuts virtually every rational allegation you've made to
>> the point of absurdity. I'm standing in the light, and I've taken the
>> gamble that I might be harassed by people who think I shouldn't defy your
>> righteous judgement.
>
> Hypocrisy. If you're so honest, if you're so unafraid of the
> nefarious tricks of your own industry, then why do you munge your
> email address?

I munge my name to prevent spam, as you well know. But I did make it
available at least for human use, so I'm only hiding from bots. Unlike you.
So I think I hold the moral high ground there.

> You stand as the representative a business. You're point being? I
> would be more willing to use my real email and possibly my name if I
> didn't have to worry about the bottom-feeders and the spammers. like
> the ones infesting your industry. Oh, and by the way, spam is
> generally considered part of the direct marketing industry, if by some
> to be an unwelcome part of it. However, I see EVEN YOU are concerned
> enough as to Mask-ay your Email-ay. Hmmm...

Already answered, even though unrelated to whether or not Infogate is
spyware. In fact, after this post, I'll unmunge my email address - would
that make you happy?

In the meantime: it's Pig Latin. If you're having trouble, ask a
five-year-old.

>> Let me help you prepare your rationalizations, since a long documented
>> history of blacklisters who have have the light turned on them. This is
>> what they inevitably say:
>
> (sarcasm mode: on)
> No, I'm just asking people to add five zillion rules to their
> firewalls for shits and giggles. I just spent hundreds of hours
> researching this because securing servers and stopping
> Denial-ofService attacks isn't a high priority...brilliant, my friend,
> real smart. (sarcasm mode: off)

If you're going to take on the mantle of authority, you have a
responsibility to be accurate, don't you think?

>> 1) Well, the list is only a suggestion, you know, for guidance; people don't
>> have to use it.
>
> Yes. I'm not planning on secretly installing it in the browsers of
> anybody who happens to visit my webpage. That's the trademark of
> spyware makers and direct marketers.

We don't either. I guess we're not spyware.

>> 2) Well, it's for the greater good of the children/country/Internet.
>
> To some degree. Some people don't know they're being exploited.
> That's why we have consumer protection laws. That's why we have a
> Constitution - to protect people from harm and exploitation. From the
> likes of the targeted-marketing industry.

Yes, that's why we have laws, and people given authority to enforce them,
and the checks and balances to see they're not abused.

Not self-appointed vigilantes.

>> 3) *Somebody* has to do *something*, and I elect myself.
>
> Who else is going to do it? Some puppets elected by the DMA?
> Security is my job, one I've been doing for a number of years.
> Grabbing people's information without their knowledge or permission,
> whether individually or in aggregate, is yours. Obviously, you're
> trying to protect your interests as I am trying to protect mine.
> Then again, I suppose your industry would prefer we all lie around
> like spineless jellyfish, ready to be gobbled up by your predators...

We're not members of the DMA. We don't grab people's information without
their knowledge. They explicitly provide it to us. We're people, not
jellyfish. Or snakes. Or lizards. Or ducks.

>> 4) If a few innocents get caught up in the net, well, that's the price we
>> have to pay to rid ourselves of the evil people.
>
> Clean up your industry. Then we'll talk. Your industry has the
> ability to do a great amount of harm by gathering information on
> people against their will and/or without their knowledge. And, I've
> tried to give you the benefit of the doubt, but the evidence is
> overwhelming and your attacks highly counterproductive.

We have no control over the behavior of other companies. Why do you think
we do? Tell me, should we crash planes into them?

Oh wait, I think I'm getting the drift - you'd like to see legislation
passed to prevent spyware. OK, I'm for that, count me in. I assume you've
made your views known to lawmakers? Let me guess: "companies own the
government" blah blah....
 
>> Every one of these statements was made recently in defense of censorware. If
>> you find yourself thinking any of these, then you'd be kin to Joe McCarthy,
>> Roy Cohn and Samuel Parris. Watch the Twilight Zone episode called "Four
>> O'Clock" - you might pick up some helpful tips. Hint: buy some small
>> furniture.
>
> Once again, you're non-sequitur shows that you continue to evade the
> true issues here.

It's hardly a non-sequiter. Censorware also uses blacklists, and the
companies that created them used standards not unlike your own to block
innocent sites. Sites hosting negative reviews have been blocked, as well
as civil rights organizations, government sites for cities with significant
homosexual populations, women's health sites, etc. Also anyone who
disagreed with them, which is one reason I think we will never get off your
lists.

> But, again, I'll play your little game for a moment:
> I see where this is going: you're going to hide behind the First
> Amendment -- the same way child molesters, kiddie porno makers, folks
> who publish bomb-making instructions, spammers, and so on, do?

I have not invoked the First Amendment, but I'm glad to find out you're
American. It means I shouldn't have to explain presumption of innocence,
due process, burden of proof, etc. Or maybe I do.

> You've
> done such a lovely job, what with child molesters being able to get
> three squares a day and a roof over their heads while guys who fought
> to protect our country get the priviledge of sleeping under a
> newspaper on a bench...

So, now I'm to understand that you don't believe in the First Amendment?
Are you serious? Anyone else on this group feel this way? Does this guy
speak for you too?

OK, you caught me - I'm the guy responsible for child molesters, kiddie porn
and homeless veterans. So shoot me - or maybe you don't like the Second
Amendment either.

> It's also nice that your friends, the spammers, (who are also
> considered direct-marketers), feel it's their First Amendment right to
> send kiddie porn emails to your 9-year-old, or how they post their
> lovely ads for fake credentials, and then hide behind the First
> Amendment as well.

I did all that last week alone, before breakfast. HA HA HA! Fear me!!

Forgive me, I thought I was dealing with the typical anticorporate hippy
libertarian type sticking it to the Man, like many activists on the
Internet. Instead, I find a right-wing conservative who apparently thinks
the Bill of Rights of the Constitution of the United States needs revising
because it's too liberal.

Let's review, shall we:

"Congress shall make no law respecting an establishment of religion, or
prohibiting the free exercise thereof; or abridging the freedom of speech,
or of the press; or the right of the people peaceably to assemble, and to
petition the Government for a redress of grievances.

So, tell me how you'd change this. Be specific now. Add in all the child
molester, snake, duck, and homeless veteran stuff.

> By your logic, it would be so wrong for us to
> "censor" their right to sell fake IDs to every kook, nut and terrorist
> out there, wouldn't it?

Censorship is a very slippery slope. You're clearly pretty far down it.

Besides, this is a strawman. I never used this logic - you just said that
you think I'm going to. Psychic, too! Wow!

So let's enumerate them all the people I'm aiding, because I'm losing track:
Child molesters, nuts, kooks, terrorists, kiddie porn-makers, fake-id
makers, bomb-instruction-makers, snakes, and ducks. Who I'm hurting:
9-year olds, and homeless veterans with newspapers. I really should get paid
more.

> But, enough with your game. I don't recall even the First Amendment
> permitting one the right to steal or to vandalize people's property,
> as your industry so generously does. Your industry is so irresponsible
> and reckless, it invites controls.

So, out of curiousity, how do you feel about Napster, Gnutella, and other
services that enable illegal trading of copyrighted material? Or is that
not stealing. Which bits are stealing and which aren't? Got any pirate
software or music on your computers? You can be honest, you're still
anonymous.

Since I'm public, I'll plead the Fifth Amendment, - if that's OK with you,
of course.

By the way, I'd accept controls from a recognized authority. You know, like
a government, not a bunch of anonynmous guys wearing virtual white sheets.

> (oh, hey, I could also say it's my "First Amendment right" to call
> your crap spyware, and that you are simply trying to censor me...)
> Touche.

I'm not censoring you at all, though the First Amendment is just a
restriction on Government, not citizens. I'm simply asking you to take
responsibility for your inaccurate speech. Frankly, if you want to call it
crapware or spyware, that's your opinion. I am challenging your assessment,
as is my right. If I can convince you, that's great. If I can't, then,
well, that's life. I'm sure we'll get over it, and make our case to
customers. Should it materially affect our business, then I suppose we'd
have to consider our right to "...petition the Government for a redress of
grievances".

Sponge, I think you're really probably a well-meaning guy. I really do.
But you've fallen into a trap that many passionate well-meaning people get
caught in - taking the law into their own hands out of frustration. I
already know I'm not the guy who's going to convince you of that. I think,
one day, if you make more mistakes, that guy might turn out to be a really
nasty lawyer for some company less patient than ours.

>> So here's the REAL test, sponge - I've pretty thoroughly demonstrated that
>> you have no real (ie non-imaginary) basis to keep the Infogate product on
>> *any* of your lists - spyware, adware, whatever. So - are you going to do
>> the right thing, or are you going to carry on the hoary tradition of the
>> blacklister and keep us on despite the truth?
>
> Actually, I already downgraded Infogate to Adware, which it is by any
> definition anyway, since it does nag you with ads. Adware is not a
> condemning definition, because it causes no real harm, other than the
> annoyance of ads and maybe a loss of a tiny bitty fraction of
> bandwidth. And, by your own admission, it serves ads based on what you
> are looking at.

Infogate does not serve its own ads - the IPs and machine names you provided
in your list are for the website and information delivery for Infogate
toolbar, not the ads. So you blocked the meat of the system, not the fat.
Jus a little bit of packet sniffing would reveal that.

So, can I see this "adware" list? Just curious who's on it besides us.
Unless that's secret blacklister stuff. It pretty much has to have every
commercial website and downloadable software.

> But I'll check it out. If I find the client sending
> back a unique identifier which could be used to back-associate user
> data against registration data, then I may put it back on the full
> spyware list, unless you can show that you don't associate any GUID
> with registration information.

Obviously we have a name/password pair to uniquely identify the user in
order to supply his browser and toolbar with his/her custom information
settings. When they register, the "id" tag is stored so that we can measure
conversion rates (hits/registrations) by affiliate source, for accounting
purposes. There is a session ID that's created that follows the user around
the site, like everyone else. No spyware so far, right? We don't do
anything that tracks the user when they leave the site. OK so far? Banner
ads are shown in the toolbar application and the website. Those ads are
based on the type of content being viewed. Alerts can be configured to be
sent to other devices. If the users don't wear aluminum hats, we record
their bowel movements, magically record their DNA in 10 digits, and it all
to child molesters.

> More than any other reason, the reason why I am doing that is that I
> hope I haven't been hasty and that Infogate is the shining star of an
> industry pervaded by bottom-feeders. We'll see if you live up to your
> claims.

OK, I'll bite - and what will you do when you find that out, to undo the
damage you may have caused the company by maligning the service in the first
place? Hell, even the tabloids occasionally print retractions. Will you?

 
>> I think I already know the answer. Surprise me.
>
> Your turn to surprise me. Let me find out you're not gathering
> personal information, or that you're preventing the association of
> registration information with data collected. Let me peek inside your
> servers. If you don't want me logging in remote, accept my offer and
> if I'm ever out in San Diego I'll take you up on it.
> Let's see you back up your claims.

OK, sounds like a deal. Next time you're in San Diego, stop by. I'll
answer your questions. I'll use small words, and no catchphrases. What
happens after that?

> Oh, by the way, if your product is not spyware, why are you
> monitoring a spyware group?

I didn't realize you had to make spyware to visit your group. Stupid me.

I was doing a search for "Infogate" on Google to see how people were
discussing it - do they like it, what features they use, any complaints,
problems they might not call in or email tech support about. Basic
research. I saw your post. I tried to send you an email directly for
clarification, but it bounced. I was then forced to do this in a public
forum.

I don't regularly hang out here, but it's an open newsgroup, so I can be
here if I like. At least until you take care of that pesky First
Amendment.

>
>> -- Duane
>>
>> P.S. Have a nice day.
>
> Toodles. Kiss the wife for me.

I'm not married, but I'll kick a homeless veteran for you.

How 'bout those Patriots, eh?

-- Duane