[I agreed to delete Anonymous' name before posting, but it is fair to point 
out that Anonymous works for a company that is in some areas a competitor 
to ZKS. I offered ZKS the opportunity to reply; their response follows. My 
own thoughts: If ZKS wants to display tailored ads, it makes sense that 
Freedom clients will communicate with the mother ship on a more-or-less 
regular basis. This is what Eudora and Opera do, and what Freedom 3.0 
apparently does (I haven't used it). The question is whether users are 
aware of the potential privacy risks. --Declan]

********

Date: Thu, 18 Oct 2001 00:25:32 -0700
From: Anonymous
To: [EMAIL PROTECTED]
Subject: Zero Knowledge Tracks Users with Freedom 3.0...

Declan,

Thought you'd be interested in this.

While playing with Zero Knowledge Systems' new
Freedom 3.0 privacy product, I noticed that it actually
notifies Zero Knowledge whenever you start
it up.  It sends a bunch of HTTP requests
(through the M$ IE subsystem, no less) to ZKS.

Here's a sample header:
GET 
http://www.zeroknowledge.com/client/3/redirect.asp?pid=2029&prn=0&ver=3.0.0&lang=en&event=1&url=1
 
User-Agent: Mozilla/4.0

Plus all the standard HTTP stuff -- IP address, date/time, etc.

This would also include any cookies set from
zeroknowledge.com, (which ZKS sets every time you go there),
but I filter cookies through the MEconomy system, so
I had none from them.

What's "pid" (I checked -- unrelated to my Win 2K process ID)?
What's prn?
What's "event"?
Why is s it being sent back to zeroknowledge EVERY time I start up Freedom?

Guess even the privacy good guys want to track you.

********

From: Dov Smith <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: Reply from Zero-Knowledge
Date: Thu, 18 Oct 2001 18:17:31 -0400

Hey Declan,

I want to start by saying that Zero-Knowledge absolutely does not track or
profile the users of its Freedom Privacy & Security Tools 3.0 software.

Our software loads updates (e.g. Ad Manager files and e-wallet scripts) as
well as privacy-related content via HTTP. This was the case with previous
versions of the software and is still true today, although today it may
appear more prominent since we have designed Freedom 3.0 with a new user
interface and are carrying more privacy content.

This HTTP activity is covered by our privacy policies.

As for cookies, Zero-Knowledge has always used cookies on its websites, for
the purposes of store-, affiliate- and state-management. These practices are
also reflected in our privacy policies.

Declan, if you still think this is worth forwarding on, I'd appreciate your
at least changing the subject header you sent me. The implication that
delivering web content means tracking users, is mistaken.

Best regards,

Dov

__________________________________________

  Dov Smith
  PR Director, Zero-Knowledge Systems
  514.350.7553 / [EMAIL PROTECTED]

  Join us at Privacy By Design 2001
  Dec. 3-5, 2001 in Montreal
  www.zeroknowledge.com/privacybydesign2001
__________________________________________

********

Date: Thu, 18 Oct 2001 15:35:37 -0700
From: Anonymous
To: Declan McCullagh <[EMAIL PROTECTED]>
Subject: Re: Fwd: Reply from Zero-Knowledge

My comments integrated below:

 > >I want to start by saying that Zero-Knowledge absolutely does not track or
 > >profile the users of its Freedom Privacy & Security Tools 3.0 software.

        Whenever I turn on Freedom, which, by default, happens when I boot,
it sends a message to ZKS.  EVERY time.  How, again, is this not "tracking"
of my usage behaviour?  How is ZKS knowing every time I boot up that I've
got Freedom 3.0 installed not something they can build a profile about?

 > >Our software loads updates (e.g. Ad Manager files and e-wallet scripts) as
 > >well as privacy-related content via HTTP. This was the case with previous
 > >versions of the software and is still true today, although today it may
 > >appear more prominent since we have designed Freedom 3.0 with a new user
 > >interface and are carrying more privacy content.

        I can't comment on Freedom 2.0, but this doesn't change any of
my comments.

 > >This HTTP activity is covered by our privacy policies.

        I don't doubt it.

 > >As for cookies, Zero-Knowledge has always used cookies on its websites, for
 > >the purposes of store-, affiliate- and state-management. These 
practices are
 > >also reflected in our privacy policies.

        And EVERY time I turn on my Freedom client (usually at startup) it
sends a request, info I don't have a clue about (And those cookies, when
the domain in zeroknowledge.com and when I use IE as my browser, are sent
back to ZKS whenever they're in my IE cache and I open ZKS.


        And, of course, there's the fact that Freedom notifies everyone
between my computer and zeroknowledge.com that I'm using freedom.  Which,
of course, is covered by the Pen trace and trap warrants, and is collected
by carnivore.  Now I'm telling my ISP and the world what my IP is, what
my platform is, and that I use Freedom.

        How, again, is this not tracking me?

                Things to consider.

-- 
"They that give up essential liberty
to obtain a little temporary safety
deserve neither liberty nor safety."
    - Benjamin Franklin, 1759.

********




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
Declan McCullagh's photographs are at http://www.mccullagh.org/
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------

Reply via email to