1. How do our North American cities' public libraries protect circulation
         records with regard to the software companies access to these records?

      2. How do our North American cities' public libraries protect other library
         records from software companies access to these records?...


 Date: Thu, 13 Mar 2003 technology and culture, from the trenches

   Software Vendors Say to Public: "You Have No Rights." (Internet)
   By Dragomire
   Wed Mar 12th, 2003 at 06:04:52 PM EST

   Spyware. Adware. Back doors. We all know about them. We most likely all hate them. Many popular 'free' programs come
   with spyware and/or adware that must be installed for the programs to work.

   These extra programs report back to the parent company users' web surfing preferences, what music/movie/other
   entertainment files might be on their hard drive, as well as any other information they are programmed to retrieve
   (email addresses, messenger clients, etc).

   A bigger problem, however, might come in the form of back doors to popular programs, which may give software vendors
   complete access, and in some cases complete control, to an end user's system.



   Spyware is loosely defined as any program that monitors a user's activities on a computer, that then sends that
   information to a company so that they may then re-use, or re-sell, that information to try and advertise to the user
   (usually through spam email).

   Spyware is almost universally reviled. Many people consider it an invasion of privacy, and I agree with them. To me what
   is on my computer, and to what degree I use my computer for my own uses, is no one else's business.

   Many popular P2P programs, such as Kazaa, contain spyware, unbeknownst to many naive users. Many 'download accelerator'
   programs contain spyware as well. Even Microsoft's Windows Media Player contains spyware within it.

   Unfortunately, installing the programs that contain the spyware installs the spyware itself. And, by agreeing to the
   licensing terms within these programs, many people have agreed to let the spyware programs be installed. Even
   uninstalling the offending program that a user originally downloaded often does not remove the spyware from the user's


   Adware is a form of spyware that afflicts the user with enormous amounts of pop-up and pop-under ads while the user
   surfs the web, or uses the program that contains it. These ads become tailored to the types of web sites that the user
   visits/uses of the program originally downloaded.

   For example: if a user likes to visit porn sites, they will get ads for penis enlargement, or viagra-type sexual
   enhancers, or even porn sites themselves. If a user likes to visit computer hardware pages, they will get ads for
   computer upgrades and monitors. Etc.

   Like normal spyware, many users do not realize that the 'free' program they have downloaded contains the adware. And,
   like normal spyware, the clickable license that the user agrees to states they agree to have this software installed.
   Again, uninstalling the program that contained the adware often does not remove the adware itself.

   Kazaa is a program that actually uses normal spyware, as well as adware. The ads become tailored to the type of files
   the user downloads the most, as well as the types of web sites the user visits. Even web pages that don't have
   pop-up/pop-under ads will begin having them for users with Kazaa installed.

   Many vendors defend the use of spyware and adware as a source of potential revenue. Some also say that in order to
   release the programs for free, they must allow the makers of the spy/adware to add these programs to their software;
   since the makers of the spy/adware programs often help to cover costs by contributing (sometimes large) sums of money to
   the development of the programs.

   Back Doors

   While spyware and adware are bad enough, there is actually a worse problem to worry about. Back doors left in programs
   that allow the software vendor complete access, if not complete control of a user's computer.

   Microsoft is at the forefront of this movement.

   When a user installs Windows XP on their system, upgrades their Windows 2000 to Service Pack 3, or even just upgrades
   their Windows Media Player to version 9, they all agree-- through a clickable license-- to let Microsoft have
   unrestricted access to their computer's hard drive. This isn't just for seeing what is on the drives, either; Microsoft
   has every right to change the user's hard drive contents as it sees fit, and with no liability to themselves for any
   damages this may cause to an end user's computer.

   Part of the license agreement reads, emphasis mine: "You acknowledge and agree that Microsoft may automatically check
   the version of the Product and/or its components that you are utilizing and may provide upgrades or fixes to the Product
   that will be automatically downloaded to your Workstation Computer." Source.

   Many businesses are refusing to upgrade to Service Pack 3 precisely for this reason. Businesses, however, are really the
   only users that read software licenses, especially clickable ones. They fear that Microsoft may use this ability to harm
   their business in some way, especially if they put forth a possibly competing product to one Microsoft makes (such as
   web browsers, email clients, user authentication software, media players, etc.)

   Some businesses are actively looking for alternative networking solutions to Microsoft's products. They do not want
   Microsoft to have access to their networks, and as a result, their IP, customer database, and financial records. Others
   are just going to stay at Service Pack 2, even though SP3 fixes many possible security threats in Windows 2000.

   General consumer end users, however, normally don't read these clickable licenses. It is the general consumer end user
   who is at most risk from Microsoft, and any other company that decides to add such a term to their license (as well as a
   back door into their programs).

   Clickable Licenses

   At this point, we've all seen them. Generally from downloads of updates from Microsoft, but also upon the instillation
   of many types of software from office suites to games.

   Most of the consumers, however, don't read them. They simply click the "I Agree", or whatever term is used for the
   license in question (varies from publisher to publisher). However, this is why consumers stand to lose the most freedom
   and personal privacy.

   So far, clickable licenses have held up in court as valid. No signature is required, but the licenses stand as long as
   you click the appropriate agreeing choice. Most software with such licenses will not install itself if the licenses are

   Even console games have similar licenses, but they are printed in the back of the instruction manual. These are
   considered binding as soon as you open the package.

   Because most consumers don't read the licenses they are legally agreeing to, software vendors can put many things within
   these licenses that the consumer would most likely object to if they had read them. Back doors in programs (Windows XP,
   Windows 2000 SP3, Windows Media Player 9 for all versions of Windows), spyware (Kazaa, download accelerators, etc.), and
   adware (Kazaa, download accelerators, etc.) would normally not be agreed upon should these licenses be read.

   Of course, being as the licenses are often written in legal terms, they may be somewhat hard for the average user to
   understand, even if they did read them.

   Microsoft has stated that these wordings are purely to comply with future DRM agreements and to protect the IP of
   whoever owns it. The possibilities, however, are far more onerous.

   Digital Rights Management

   DRM is the new buzzword around corporate headquarters around the world. With the popularity of file sharing not
   dwindling down, content owners are ever increasing their desire to strictly control their property. And end user be
   damned if necessary.

   The Recording Industry Association of America, or the RIAA for short, recently tried to get a proposal passed that would
   allow them to do almost anything short of sending computer viruses to users computers, to try and stop the use of file
   sharing programs. The proposal asked for the right to send Denial of Service attacks against file sharing networks
   (DoS); posting false MP3 files with no sound, or corrupted data, with the hopes that people would end up downloading
   them instead of the real MP3s of the songs; or even programs that would allow the RIAA access to people's computers to
   erase the traded MP3s.

   Microsoft has been another leader in arguing that DRM protocols must be put in place in order to allow copyright holders
   the ability to control who uses their copyrighted content, where, and when.

   The Windows Media Player has, since version 7, stored a file that it periodically sends to Microsoft's servers informing
   Microsoft of what DVDs, and CDs an end user uses with the program. It also uses an early form of DRM protocols which
   disable the use of WMA files ripped with the player to work on another computer (files may be re-burned onto CD for use
   in audio CD players, however).

   With the release of Windows XP, Microsoft went a few steps further.

   Using the new Product Activation feature in Windows XP, Microsoft has the ability to deny users the right to even boot
   up their own computer. Should you make a certain amount of hardware changes to your computer (for the purpose of
   upgrades, for example), then Windows XP will simply not boot up. Instead, you must contact Microsoft and get a new
   product activation code to allow the software to work. The stated reason for this is to keep users bound to the 1
   machine per license Microsoft strongly enforces; if you make too many hardware changes, Windows XP assumes you have
   tried to put it on a second computer without buying a new license.

   If you are connected to the Internet while using Windows XP, the OS tries to contact Microsoft's servers whenever you
   open a file or program. The purpose of this is to allow Microsoft to see what files or programs you are opening. It
   doesn't send a copy of the file, but it informs Microsoft of the file name and extension (.exe, .jpg, .mov, .mp3, etc.).

   Adding this to their back door, and Microsoft now has the ability to enforce DRM upon consumers. Whether the consumer
   wants it or not.

   Using their proprietary DRM protocol, Palladium, Microsoft hopes to entrench all users in the use of DRM signed media.
   This has content holders overjoyed, while privacy and fair use rights, and other civil rights activists outraged.

   Part of the problem comes from the potential for Palladium to be used to further Microsoft's own agenda. Through the use
   of Palladium, it has been theorized that Microsoft could lock users out of their own created content. And Microsoft
   wouldn't be the only ones doing so.

   Possible harmful uses for Palladium include:

     Locking of all office suite documents so that only a Microsoft made office suite program will open them.

     Allowing remote deletion of files deemed 'inappropriate' by corporations and/or the government.

     Censorship of the public through remote deleting of files criticizing the government, Microsoft, or any other company
   that wishes to do so.

     Locking out of third party programs so that only Microsoft, or their partners' versions will work.

     Disabling of firewalls and other network protection resources to allow Microsoft, its partners, or the government
   access to the computer in order to check for Palladium compliance and to check for offensive files/material.

     And many others.

   Some people have theorized that Palladium may be one reason the Bush Administration Department of Justice backed off of
   the anti-trust case. It is, according to the theory, entirely possible that Microsoft has given the federal government
   the full use of the features of Palladium in order for Department of Homeland Security to effectively work.

   In other words, the theory is that Microsoft has basically sold the federal government the ability to spy on its
   citizenry whenever it wishes, and in a way they might not have easily been able to do before.

   Other countries have also theorized this, hence the apparent large undertaking by many foreign governments to remove all
   versions of Windows from their official computers and networks. These governments include Peru, China, Germany, and
   France. They figure that if the US government can use Windows to spy on its own citizens, then surely the US government
   could do the same to them? They also aren't exactly excited at the prospect of Microsoft also having free access to
   their governments' official computers.

   Microsoft's next operating system, currently code named Longhorn, will be a fully Palladium compliant OS. In order to
   utilize this OS, businesses and consumers must purchase Palladium compliant motherboards, which contain an extra chip to
   utilize Palladium, currently called "Fritz".

   Microsoft is also heavily lobbying for a bill called the UCITA (The Uniform Computer Information Transactions Act),
   which would make software licenses binding, even if the end user is not allowed to see them. The UCITA could then be
   used to allow program vendors to insert clauses in the license making it a violation of the license to even criticize
   the program or company in print or in public; allow vendors to change the terms of the license and make it retroactively
   take effect; or install backdoors into programs that would allow the vendor to be able to seize control of the end users
   computer whenever they wish. See links at the bottom of this article for more information on the UCITA.

   It should be noted, however, that many groups oppose the UCITA, including the American Bar Association, The American
   Library Association, and the Computer Professionals for Social Responsibility. The bill has also failed to pass in many
   states; only Virginia and Maryland have passed versions of it. 26 State Attourney Generals also oppose the bill.

   Possible Solutions

     Install a firewall, and not the one found in Windows XP, on your computer or network. Zone Alarm offers free simple
   firewalls to use, as well as more robust ones for purchase, as do other vendors. A Google search will find you more

   A firewall can be configured to alert you every time something tries to transmit data from your computer or network to
   something on the Internet. This can be used to block spyware, adware, and Windows XP's attempts to contact Microsoft.
   You may also set a firewall to ask your permission when something does want to transmit to an outside source. Deny this
   permission if you do not know what the program is, or do not want it to send the information even if you do know what it

     Run an older version of Windows (95, 98, Me, 2000 up to SP2), do not download any security patches, and do not upgrade
   to Windows Media Player 9.

   If you do not upgrade your OS, download any security patches for the OS, nor install WMP9, then the new EULA found with
   these upgrades is not in effect for you.

     Change computer's operating system.

   Switch to Apple Computer's Macintosh platform. As far as is known, Apple does currently not have these licensing terms
   in effect, nor has any plans to add them.

   Switch to a Sun Microsostems solution.

   Switch to an open source operating system. Linux, FreeBSD (and other BSD variants) and other open source operating
   systems do not have such infringing licenses upon them. Their source code is freely available, and able to be checked at
   will, as well as free to be modified to suit end users needs (provided the user has adequate knowledge to do so). These
   operating systems, however, do not carry a warranty. If switching, try and find a distribution house that will offer
   technical support for free or a small fee if problems arise.

   Switch business servers over to Macintosh, UNIX, or an open source operating system for the same reasons listed above.

     Contact your representatives.

   Contact your representatives, and demand, in a tact manner, that they oppose any action taken by a company to infringe
   upon your rights to privacy, and free speech. Inform them that should they not do so, that you will organize voter
   rallies to support a candidate that will support your rights.

   Politicians want votes. If enough people are informed that representative X is supporting corporate or government
   agendas to limit voter's rights, then that representative will not become re-elected.

   More links on the subject of backdoors in programs:

   The Register

   The Register (Multiple links within)



   Google can also find many more articles.

   More info on the UCITA:

   InfoWorld (Multiple links within)

   Affect Americans for Fair Electronic Commerce Transations

   ALA The American Library Association

   CPSR Computer Professionals for Social Responsibility

   Google Links to multiple references of the UTICA and articles about it.

   Related Links

   o Kazaa
   o Microsoft
   o license
   o Source.
   o Recording Industry Association of America
   o Palladium
   o privacy
   o activists
   o Zone Alarm
   o Apple Computer
   o Sun Microsostems
   o The Register
   o InfoWorld
   o Affect
   o ALA
   o CPSR
   o Google
   o More on Freedom
   o Also by Dragomire

             View: [Mixed (default)] Display: [Threaded........] Sort: [Ignore Ratings.......] [Newest First] Set

   Software Vendors Say to Public: "You Have No Rights." | 151 comments (120 topical, 31 editorial, 0 hidden)

   Put this in the fiction section (3.00 / 2) (#124)
   by interjay on Wed Mar 12th, 2003 at 09:46:40 PM EST
   This article is filled with so much false or misleading information that I hardly know where to start. Some examples:
   1. You say Microsoft grants itself unlimited access to the user's harddrive. However, your quote from the license
   agreement only says MS can check and update the version of Windows and its components, not other software.
   2. Windows Media Player sends information about the CDs you play in order to receive the names of the artist, album, and
   the tracks. The same is done by most major media players. If you think this compromises your privacy, you can turn it
   off in WMP's privacy settings (which are automatically displayed on installation).
   3. Your claim that Windows XP sends information about any file or program that is opened is completely unfounded.
   4. It's true that Palladium can be used for DRM and copy protection. However, I don't see how it has anything to do with
   remote deletion of files or disabling firewalls.
   There is some valid information mixed in between the falsities. Unfortunately, articles such as this can only hurt the
   credibility of more truthful anti-spyware arguments.

     * Actually no by salsaman, 03/12/2003 11:22:33 PM EST (5.00 / 3)

     * Prove MS is called when you open a file or program by bsimon, 03/13/2003 05:13:23 AM EST (5.00 / 1)

     * OK, I admit point 3 may be an exaggeration by salsaman, 03/13/2003 07:07:44 AM EST (none / 0)


List archives at
Contact [log in to unmask] for assistance