[24482] in bugtraq
PCFriendly DVD Backchannel
daemon@ATHENA.MIT.EDU (Matt Curtin)
Fri Mar 1 04:02:50 2002
From: Matt Curtin <cmcurtin@interhack.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15486.44722.487838.838888@rowlf.interhack.net>
Date: Thu, 28 Feb 2002 17:26:58 -0500
To: <bugtraq@securityfocus.com>
PCFriendly Enables DVD Backchannels
http://web.interhack.com/news/pcfriendly.php
Abstract
Numerous DVD titles from major movie producers between 1996 and 2000
come enabled with ``PCFriendly,'' an application developed by
InterActual Technologies that tracks DVD usage. The system is
designed to identify users persistently, without using an HTTP
cookie, thus bypassing any privacy-enhancing technologies like
cookie management software or browser configurations. The
identifying token is persistent through product registration and
PCFriendly use.
Normal use of popular DVD titles on computers will result in users
being identified verinymously, along with the DVDs that were used on
the machine. Privacy problems for the user are significantly
exacerbated by the DVD titles' links to Web sites, some of which
have nonexistent privacy policies and in at least one case, send the
user's email address to a third party.
This behavior conflicts directly with the PCFriendly posted privacy
policy of December 2000. Further discussion with InterActual showed
that the policy was written to apply to the newer InterActual
Player, released to replace the PCFriendly player, for which no
privacy policy existed.
PCFriendly appears to offer users granular control over which parts
of the backchannel to enable, but the controls are not obvious, and
are all enabled by default. Further, the software has been
deprecated in favor of the newer InterActual Player, which includes
additional features for user control over backchannel behavior.
--
Matt Curtin, Founder Interhack Corporation http://web.interhack.com/
My new book, /Developing Trust: Online Privacy and Security,/ is now
available. See site for details. research | development | consulting
