Subject: Steve Gibson's July/2000 News from GRC.COM ...

_________________________________________________________________

          The File Download Utilities from Real Networks,
             Netscape/AOL, and NetZip *CAN* Spy on Us!
_________________________________________________________________


Before I tell you about this latest threat to our privacy ...

  I have created two resources for you to use for follow up:

  1. A comprehensive new page on my web site which discusses this
     threat at greater length and shows the detailed contents of
     "spyware packets" as it was leaving a test machine of mine:

  <a href= "http://grc.com/downloaders.htm" >File Downloaders</a>

  2. A very active PUBLIC DISCUSSION FORUM which you are invited
     to use for asking questions and getting more information.
     Any standard Internet newsreader -- like those included in
     Internet Explorer and Netscape Navigator -- can be used to
     participate in the free discussion forums at grc.com. Just
     click the link below to launch your reader and begin
     participating ...

  <a href= "news://grc.com/newsletter" >The Newsletter Forum</a>

     Or, if that doesn't work, you can access the forum through
     our web-based interface (though it is much less cool.)

  <a href= "http://grc.com/newsletter.htm" >Web Discussion</a>


The SERIOUS New Spyware Threat ...

  NetZip's "Download Demon" was licensed by Real Networks and
  renamed "Real Download". Netscape/AOL also licensed it and
  call it "Netscape Smart Download."

  By watching the "packet traffic" flowing out of one of my
  machines while downloading a file through the Internet, I
  verified the rumors which you may have heard regarding these
  programs: In their default configuration ALL of these programs
  send back a report of EVERY FILE DOWNLOADED from ANYWHERE on
  the Internet (even places that might not be anyone's business)
  and, except for Real Download which was modified after a week-
  long battle with me, these programs tag your computer with a
  unique ID which accompanies every report.

     This information could allow them to compile and create
     a detailed "profile" about who you are based upon the
     web sites you visit and the files you have downloaded.

  Perhaps you don't mind being watched and tracked as you move
  around the Internet ... and having every file you download
  reported. But the idea of this being done WITHOUT YOUR
  KNOWLEDGE, seems quite invasive to me. And even if you
  carefully read the program's license you might not be aware
  that this is going on or that "you agreed to it" when you
  accepted their terms!

  More than 14 Million people are already using the original
  NetZip Download Demon. NetZip knows the exact number, since
  every copy of their program "phones home" to report on what
  their users are doing! And I'm sure people are downloading Real
  Network's ReadDownload and Netscape's SmartDownload like crazy.

  A Class Action lawsuit was recently filed against Netscape/AOL
  because of this privacy invasion, so perhaps the PC industry
  will begin to receive the message that this sort of secret
  spying and profiling is not okay with the rest of us, even if
  it is buried within a lengthy license agreement. You decide.

  Our web page has the FULL STORY, with plenty of background:

  <a href= "http://grc.com/downloaders.htm" >File Downloaders</a>

  And if you have questions or comments, please see ...

  <a href= "news://grc.com/newsletter" >The Newsletter Forum</a>

  ... or ...

  <a href= "http://grc.com/newsletter.htm" >Web Discussion</a>

_________________________________________________________________

Thank you for your time. I hope this has been useful to you.

Steve Gibson.         <a href= "http://grc.com/" >GRC Website</a>