-----Original Message-----
From: John Lee <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>; [EMAIL PROTECTED] <[EMAIL PROTECTED]>; [EMAIL PROTECTED] <[EMAIL PROTECTED]>; basham <[EMAIL PROTECTED]> Cc: Vikki <[EMAIL PROTECTED]>; Lil' Joe <[EMAIL PROTECTED]> Date: Tuesday, 14 December 1999 20:16 Subject: SNET: Fw: [theseries] Earthlink knows everything about you!! ----- Original Message -----
From: Geneviere
Sent: Monday, December 13, 1999 11:27 PM
Subject: [theseries] Earthlink knows everything about
you!! Attention
all, bullshit alert ahead, attention: Bullshit
alert!!
I used to work at
Earthlink myself, and it is one of the most unscrupulous bunch of data greedy
people around. As soon as these Internet Service Providers get in contact with
the DoD it's over with all the good intentions. The DoD singles out potentially
powerful ISP that have promising futures and in the shortest possible time annex
them into the ever growing Echelon network. No one who ever leaves that
company is ever re-hired and all contact is permanently severed! No matter
whether one was terminated or left voluntarily.
Half of the
content of the following article is truth, the other half entertaing but
nevertheless fully extracted from an imaginitive writer's thumb. Especially that
last line "If I could get in contact with them,
I’d love to work this out with
them..."
Just in case you
wonder:
Earthlink's address is: 3100 New York Drive, Pasadena, CA
91107-1501
Phone: (626) 245-2400.
But since you are
an ex-employee chances are slim indeed that they will acknowledge your
existence........
In any case,
people, if you have Total Access on your system, it is high time to get it off
there. As you can see, no matter how you try your best to remain incognito, they
will get to you anyway. Anyone with Total Access, send me an email and I will
show you how to use Earthlink without them having access to your details.
Now read the
horror story..... ALERT.... Non-BIBLE QUOTE follows
Jennifer
EARTHLINK PLEDGES TO FIX BUG EXPOSING NAMES, PASSWORDS
After a Privacy Times investigation uncovered a potential “privacy
bug” in one of the nation’s largest
Internet
access providers, the company has pledged to solve the problem, according to a spokesman.
“We’re one of the more privacy-friendly ISPs,” said Kurt Rahn,
senior public relations manager with the
Los
Angeles-based Earthlink Corporation. “We’ve never wanted to sell members’ personal information or to make money with pop-up ads. Whatever we do, we do with members’ privacy in mind,” Rahn added.
Earlier this month, a former Earthlink employee contacted Privacy Times with
concerns that a software
bug
caused by an incomplete software installation was placing the user’s unencrypted username and password in the computer’s registry file. After leaving the company a year ago, the source unsuccessfully tried to bring the flaw to the company’s attention. Contacted by Privacy Times, Rahn said Earthlink will fix the problem. “Just as soon as we hear from your source, we’ll fix it,” he said.
Rahn also pledged that Earthlink would end a more vexing privacy problem:
storing the user’s
unencrypted
name, address, phone number and a ComputerID in a PC’s Windows registry file without the user’s knowledge or consent. Rahn said with the release of its updated software package in the next two weeks, this practice will end.
Launched in 1994, Earthlink today is one of the largest ISPs in the nation. When
the acquisition of its
closest
rival, Mindspring, is finalized early next year, Earthlink will have more than 3 million customers, Rahn said.
The problem was first noticed over a year ago by an Earthlink employee fielding
tech support questions
from
users. A few customers were complaining that after users loaded the software, Earthlink would send customer’s personal information, including name, address, and phone number, back to the desktop computer, storing it in a file inside the “Total Access” software package. In cases where they failed to completely install Earthlink’s software completely, their unencrypted user name and password mysteriously wound up in a software file.
Even more troubling, this former employee told Privacy Times, the ComputerID
number--a unique
serial
number assigned to individual computers--wound up in the registry file, too. So did entry fields for credit card numbers.
With Total Access often stored on public computers in offices, schools and
Internet coffee shops,
passwords
could be grabbed by third parties. More significant is the amount of information Earthlink could glean from users. With access to the ComputerID number, the Internet service provider could learn the user’s complete setup, including the hardware and software running on the computer, or record the number of computers a person uses to connect to the service.
“Someone might say ‘I just want to provide Internet access to this
computer. I don’t want to put any of
my
personal information on it. I just want to sign up and have the password stored there, encrypted by Windows,’” the source said. “The problem is that they don’t know that their home address, phone number and other information is being sent back to the computer. And that’s completely unnecessary.”
The source added that loading this information into the registry file was no
accident.
“The information that’s being stored there is intentionally being
stored,” said our source. “When you want
to
add something to the registry, it has to create a registry file, which is then imported into the registry. When I looked at the example files that I got, I noticed this is being done intentionally, every single step of it.”
Earthlink initiates the process, not the user, the source said. “If you
just retrieve an account using your
name
and password, it sends all this information over from their registration server, and that gets stored on the computer. And there’s no notice this is happening.”
Moreover, there is no discernible reason for Earthlink to need the ComputerID.
“I don’t see any feasible
reason
they would install an ID” except to be able to glean the computer’s specification. “I asked them about this, and I didn’t do it in accusatory tones. 'What’s the computer ID for? What’s it used for? Why does this other information get transferred?’ There was no response.” After leaving the company, the source called customer service, asking if it was possible to avoid the data being downloaded to the PC. The answer? No.
Source added that customer service representatives are not instructed to tell
users that if an installation
fails,
they should delete the remaining software to avoid the exposed software. “That’s just not a standard part of resolving the problem,” source said. The privacy bug problem has persisted through the past two releases of “Total Access.”
Above all, the source wants to help Earthlink solve the problem. “If I
could get in contact with them, I’d love
to
work this out with them, or at least give them the necessary information,” the source said.
Ted Leventhal
Source of this article: http://www.privacytimes.com/
www.egroups.com - Simplifying group communications |