The Anatomy of File
Download Spyware


by Steve Gibson, Gibson Research Corporation  -  2000/8/03

RealNetworks Position
as of July 31, 2000:

Subject: your e-mail of July 16th
Date: Mon, 31 Jul 2000 15:00:25 -0700
From: < RealNetworks V.P. Government Affairs >
To: < Recipient >

Via E-Mail and U.S. Mail:

Dear Mr. Sullivan:

We are in receipt of your message, sent via e-mail on July 16, 2000
entitled "Netzip Profiling."

We have several responses:

First, we are encouraged that the Connecticut General Assembly is 
taking steps to address issues related to online privacy. If you have 
a copy of the appropriate bill, we'd appreciate having the opportunity 
to review it. Further, you refer to "changes now taking place," but we 
are not clear as to what bill you are refering to or when the changes 
will take effect. Any guidance there would be appreciated.

Second, as to the specific statements and assertions you make 
regarding the Netzip-Download Demon software product (revised and 
renamed "Real Download"), we need to clarify (and correct) the record 
on several counts, as you appear to be under the incorrect impression 
that the product is engaging in "Profiling" behavior:

The RealDownload software application is completely optional and can 
be uninstalled at any time without any effect on functionality of 
other RealNetworks products that the user may have.

RealDownload does not personally associate an individual with any 
download, nor does it track anonymous download behavior of individuals 
over time. Unfortunately, recent reports have incorrectly stated that 
RealNetworks is capable of tracking or somehow "monitoring" 
individuals' downloads. As a preliminary matter, a critical element to 
monitoring product behavior- even anonymously- would be for our 
servers to keep logs of transmissions sent to them by RealDownload. 
However, RealNetworks has never logged such transmissions, a fact that 
has been independently verified by Arthur Andersen consulting.

When RealDownload initiates a download, the URL of the download is 
optionally transmitted to RealNetworks on a transactional, anonymous 
basis. This is completely optional during install and is transmitted 
so that we can return an advertisement into the "info window" that is 
relevant for that type of file. In other words, if a user is 
downloading an MP3 file, he is more likely to be served (anonymously) 
an ad banner relating to music products.

We should also point out (and invite you to confirm) that RealNetworks 
is very clear in disclosing, in plain English, the fact that URLs are 
transmitted during a download in three places: when RealDownload is 
installed, at which time the user is given the choice to opt out of 
this data transmission; in the license agreement prior to use; and in 
the RealNetworks Consumer Software privacy statement on the Web site.

In no way do any of the functions desribed above constitute 
"profiling" of users.

Finally, you might not be aware that the current version of 
RealDownload, available at: http://www.real.com/download/index.html, 
does not contain any GUIDs.

Previous versions of this beta product did include optional 
session-based IDs. These identifiers were strictly anonymous and 
contained no personal information; in fact, RealDownload generated a 
new identifier for each new file download. These identifiers were 
originally included to enable aggregate statistical analysis about 
whether downloads were successful or paused. As part of our ongoing 
beta software development and because we were not utilizing this 
feature in any way, we decided to remove the optional session-based 
IDs from the product.

We want to sincerely convey to the Connecticut General Assembly and 
its policy advisors that we go to great lengths to design our products 
to fully respect consumer privacy and are very committed to ensuring 
that the private information provided to us by our customers remains 
confidential and secure.

Please feel free to visit our RealDownload privacy FAQ at 
http://www.realnetworks.com/company/privacy/download.html or contact 
us at privacy@real.com if you have any further questions.

Sincerely,

< Name Blanked >

< Name Blanked >
V.P. Government Affairs
RealNetworks, Inc.
2601 Elliott Avenue
Seattle, WA 98121, U.S.A.
< Phone Blanked >

To return to the previous page, press your browser's BACK button.

Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2016 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page

Last Edit: Oct 06, 2003 at 14:29 (5,128.92 days ago)Viewed 3 times per day