Newspro spyware activities finally identified. Read if you want to know the sordid details (with proof)......
NudeEmperor
all I got were two further spoofed posts in my name. Ok, I gave him a
chance and to no avail so here are the details of his new spyware
rouse. Incidently, I will continue to reply to this thread using
NudeEmperor as 'nick' but I have little doubt (if previous form is
anything to go by) that he will spoof further messages in my name.
Ignore them.
If you're not interested in the 'detailed' details then read no
further than this paragraph and the next. Basically Newspro v3.13 has
given up contacting www.usenetopia.com to check if the serial number
it was registered with is still valid (as it did in previous
versions). Too many people were getting round that by using a
firewall. Mr. Birj has now decided to use Usenet itself. On a random
basis it will now issue an XPAT command to search for a string
("Jz7nvv0pehu") in the 'from' address of a poster (author) in the
group "alt.binaries.e-book". Alex Birj makes periodic postings to that
group using a 'from' address which corresponds to the said search
string. When Newspro finds any posts conforming to its search criteria
it will read them and establish any known invalid serial numbers from
the message contents. If you are running a version of Newspro with one
of those serial numbers then Newspro will de-register itself after a
further random period of time. Although as yet I can't prove it (see
below for details) I also think that at that point it will post a copy
of your reg.dat file to another newsgroup containing details of your
user names and passwords to your news servers. I must re-iterate that
I have no specific proof of this last point (as yet!).
If you, like me(???), are not running Newspro with an invalid serial
number then you might think you have nothing to worry about. Sure. But
the XPAT (search for a string) command is inefficient. Depending on
the server you are using it CAN take 10 minutes or more for an XPAT
command to complete. All that time you could be downloading the
message bodies you are really interested in. I have no problem with
Alex Birj using these (or any other) means to protect his software;
software which he has spent time and money developing. For me its a
bit of a game after that. What I fundamentally object to (and the
reason I am posting to THIS group) is the fact that he doesn't make
this clear. He obviously feels that he is quite entitled to publish
software which operates clandestinely behind its users backs and uses
up bandwidth and time that they have paid for.
For those who are interested, the rest is further (long) rambling
about the specific technical details of Newspro's spyware activities
and a few details that I have yet to clear up Continue reading beyond
this point at the risk of boredom.
As posted earlier, I had some trouble finding software capable of
dumping all traffic between Newspro and the net to a file AND at the
same time isolating suspicious activity. It was easy to do the former
but the latter involved sifting through gigabytes of data (even I
don't have the time for that). I finally had to write a program which
read those files and mapped all message ids requested by Newspro back
to the newsgroup(s) to which they were posted. Only then I could
confirm whether or not those newsgroups were legitimate i.e they were
posted to newsgroups that I had specifically requested Newspro to
read.
The problem is that the ARTICLE command in NNTP is global i.e. it can
be issued without telling the server explicitly which newsgroup the
message is in. All you need to know is the message id. Alex could
easily (and frankly I don't know why he didn't) post a message on
Usenet to any group he chose and generate a message id himself. He
could then have Newspro issue an ARTICLE command requesting that
specific message ID. The possibilities are endless but without too
much difficulty he could have Newspro generate a message id search
string based on the current date and then post his own messages
accordingly. It would be unnecessary to make a specific reference to a
specific newsgroup. This is the reason I felt it necessary to map
message ids back to the associated newsgroups.
As it happened this turned out to be overkill on my part. Instead Alex
has chosen to pick a predetermined newsgroup ("alt.binaries.e-book)
and post his own messages (a little off topic I think!) to that using
an author name of "Jz7nv...@newsguy.com". Newspro at random
intervals engages the server in the following dialogue to find those
messages (transcribed directly from my logs):
<Newspro> GROUP alt.binaries.e-book
<Server> 211 xxxx yyyyy zzzzz alt.binaries.e-book selected (where x,
y and z represent article counts)
<Newspro> XPAT From 0- *Jz7nvv0pehu@* (XPAT searches the 'from'
field for the supplied search string)
<Server> 221 From fields follow
.......................
......................
......................
The server then supplies the message ids of the found messages and
Newspro presumably issues the ARTICLE <message id> (or BODY) command
to download the contents.
I say 'presumably' because unfortunately, in my case, the server that
Newspro chose to read didn't have the articles, so it responded with a
period (".") to indicate that no messages were found. Luckily I had
saved all messages from alt.binaries.e-book from the past couple of
weeks (in a separate file) so I was able to find seven messages posted
to alt.binaries.e-book with the relevant string in the 'from' field.
The following is an example of one:
>From: Jay Luddle <Jz7nv...@newsguy.com>
>Newsgroups: alt.binaries.e-book
>Subject: Lester Del Rey - Psalm UC_txt.zip
>Date: Wed, 23 Jan 2002 22:07:11 +0000 (UTC)
>Organization: ZYujrnWzh7khF8Pc+Ubn7g
>Lines: 17
>Message-ID: <a2nc6f$n2g$1...@geraldo.cc.utexas.edu>
>NNTP-Posting-Host: linux63.ma.utexas.edu
>X-Trace: geraldo.cc.utexas.edu 1011823631 23632 146.6.139.29 (23 Jan 2002 22:07:11 GMT)
>X-Complaints-To: ab...@utexas.edu
>NNTP-Posting-Date: Wed, 23 Jan 2002 22:07:11 +0000 (UTC)
>Path: my.newsgroups.com!propagator-la!news-in-la.newsfeeds.com!newsfeed.direct.ca!look.ca!cyclone.bc.net!arclight.uoregon.edu!newsfeed.cs.utexas.edu!geraldo.cc.utexas.edu!not-for-mail
>Xref: 127.0.0.1 alt.binaries.e-book:135023
>begin 644 Lester Del Rey - Psalm UC_txt.zip
And what followed was a short zipped UUENCODED text file purporting to
be a valid on-topic post to alt.binaries.e-book. Yes! It's been
exactly two days since Alex accused ME of making off topic posts to
THIS group!
The message id's of the other six messages were:
<a2nbos$mmk$1...@geraldo.cc.utexas.edu>
<a2nc6f$n2e$1...@geraldo.cc.utexas.edu>
<a2nc6f$n2f$1...@geraldo.cc.utexas.edu>
<a2nc6f$n2h$1...@geraldo.cc.utexas.edu>
<a2nc6g$n2g$2...@geraldo.cc.utexas.edu>
<a2nc6g$n2e$2...@geraldo.cc.utexas.edu>
All messages were dated 23/01/2002
If anyone would like the full messages please supply an email address
in this thread and I'll forward them.
Ok, now, I'm still a little puzzled for the following reasons:
Where is the serial number? And why did he need to post seven messages
on the one day?
In all cases the attached binary appears' to be a legitimate zipped
text file. My technical knowledge doesn't cover this but is it
possible to 'hide' some superfluous code at the end of an attached
UUENCODED zip file? My feeling is that this is unlikely. There are
therefore two possibilities:
1) Newspro generates the search string from the serial number supplied
to the program. So it is the very EXISTENCE of a message with that
search string that indicates to Newspro that it is running with an
invalid serial number. In that case it would be unnecessary to issue
an ARTICLE or BODY command to download the article. I think this is
the most likely case.
or
2) Less likely but possible; the invalid serial number is encoded in
the 'Organization:' field in the header. In all cases the
'Organization:' field contained "ZYujrnWzh7khF8Pc+Ubn7g". Why?
It probably doesn't matter either way but if anyone has any thoughts
I'd appreciate them.
The BIG issue for me though is that I have good reason to believe that
Newspro also POSTS to Usenet. When I ran a previous version (3.11 I
think) of Newspro a few weeks ago and it de-registered itself some
strange things happened. Within hours Alex posted another of his
profound 'fables'. Have a look at:
(because of line wrapping you will have to copy the lines separately)
It's posted with another spoofed email address; an address which only
Alex knows to be mine (because I communicated with him using it and
used it only for the purposes of communicating with him). So I'm 100%
sure he posted it. It has an interesting homosexual angle don't you
think? The general thrust of the contents was that he had 'caught' me
moving up to a new version of Newspro and that he knew that I was
running a pirate version of Newspro. How did he know?
Unfortunately I can't prove this because during my monitoring, Newspro
didn't find the messages it was looking for and therefore didn't
continue to deregister. My strong suspicion is that if Newspro finds
that it is running with an invalid serial number (and before it
deregisters itself) it posts a message to another (or the same)
newsgroup with all the details of the reg.dat file in the user's
'data' folder.
Now if the above is true it means that Alex potentially has the
newsserver user names and passwords of everyone using a pirate version
of Newspro. An interesting thought especially when you consider that
most News Server companies have a member login area containing names
and addresses!!!
I'll leave this message here for a few days and to see if there is any
CONSTRUCTIVE (!) feedback. Then I'll toddle off to the the crack
groups and leave you guys alone (for the moment).
Nude Emperor
NudeEmperor
in spyware activity then you need to get a firewall which can tunnel
down to the NNTP level.
The only one I know is the LATEST version of Norton Internet Security
2002 Pro (it has to be the 'pro version'), which has a new facility
called "Norton Productivity Control". This allows you to specify
exactly which newsgroups can be used. Specify a block on
"alt.binaries.e-book".
This will only work for the current version of Newspro. If Alex
decides (as he inevitably will) to make future versions of Newspro
slightly more sophisticated (by issuing the ARTICLE command with a
specific message id) then even this won't work because he won't need
to issue a GROUP command. Unfortunately, Norton is not sensitive
enough to detect this. In this event you will have no choice but to
use a cracked version of Newspro, which will inevitably appear some
time afterwards.
Does anyone know of any other software that might do this?
NudeEmperor
Alex Birj
>newsserver user names and passwords of everyone using a pirate version
For quite a long time there is a short 'User privacy' topic on the newspro
homepage. Even the serial number is considered as a part of the user identity,
so it cannot be compromised by the program along with other data in any case,
besides it would be foolish to transmit it openly. All antipiracy measures (I
believe it is legitimate to have something on this front as long as the program
is shareware) are implemented within the constraints of the policy below and
they don't take discernable time or bandwidth or involve disturbing spam posts.
But what is not covered with the policy might be implemented, like checking
once a month for existance of a cryptotext field in a relevant Usenet post
since that neither compromises user privacy exactly like transmission over
secure connection doesn't compromise credit card details nor results in spam
posts, it would be just an antipiracy measure solely to fight fraudulent orders
obtained with stolen credit card numbers that are so widespread. Or if the
check for updates option is set - the page with the latest version number that
is read by the program may also contain entries for fraudulent orders, since
nothing is transmitted and the check is implemented in the program itself it
also won't compromise user privacy.
http://www.usenetpro.com/privacy.htm
"User privacy
Original releases downloaded from the newspro home page contain nothing that
may compromise user privacy.
Connecting to the newspro website can be switched off by disabling the
'check for updates' and 'upload stack trace' options in properties->general.
Logs on the website are disabled (verifiable by the absence of
http://www.usenetopia.com/stats - see www.hypermart.com which hosts the site),
the check for updates option just reads http://www.usenetopia.com/version_r.htm
and the upload stack trace option just uploads addresses of function calls
after a crash with writing the exact copy to errorlog.txt - all can be easily
verifiable with technical means (so it might be considered to leave them
checked - to be up to date and to help boosting the program reliability).
Thus all feedback available to us is completely under the user control.
If any other questions arise here they can be asked on the newspro forum."
Alex Birj
exposure - it won't be used even if it will result in use of pirated versions,
it is how far I can go. From other side frankly I don't have time for these
issues, so they are rather abandoned now.
I consider the issue closed.
those who know me have no need of my name
[re-arranged slightly]
>here are the details of his new spyware rouse.
>Basically Newspro v3.13 has given up contacting www.usenetopia.com to
>check if the serial number it was registered with is still valid (as
>it did in previous versions). Too many people were getting round that
>by using a firewall.
this doesn't sound like it's spying on your habits, much less reporting
them to anyone.
>On a random basis it will now issue an XPAT command to search for a
>string ("Jz7nvv0pehu") in the 'from' address of a poster (author) in
>the group "alt.binaries.e-book". Alex Birj makes periodic postings to
>that group using a 'from' address which corresponds to the said search
>string. When Newspro finds any posts conforming to its search
>criteria it will read them and establish any known invalid serial
>numbers from the message contents. If you are running a version of
>Newspro with one of those serial numbers then Newspro will de-register
>itself after a further random period of time.
ditto, no spyware activity seems to be taking place.
>The BIG issue for me though is that I have good reason to believe that
>Newspro also POSTS to Usenet.
since you've already written a program to monitor the nntp traffic it
surely cannot be that difficult to check for the "post" command that
would have been required.
nothing within the referenced thread directly supports your claim that
newspro is spyware. one might infer that if newspro connects to the
server even after it's been disabled that either the program has a bug
or that the author is lying, from which some may then stretch (the
later) to include the remainder of the privacy statement, i.e., that
newspro is, in fact, spyware. fortunately personal http proxies are a
dime a dozen, such that proof of this contention should be simple to
obtain, yet nobody has made such a claim, which makes me hold the
stretched inference at arms length (i.e., ignore it).
since the potential for posting was your main point, and is the only one
that could substantiate a claim that newspro is spyware, i've responded
to it at the outset. i do have some other remarks, but as they don't
pertain to your main point, and since that point wasn't presented at the
outset, i've moved them below.
>the XPAT (search for a string) command is inefficient. Depending on
>the server you are using it CAN take 10 minutes or more for an XPAT
>command to complete.
what makes you think this is an inefficient command? typically it is
quite efficient, though less so than "article mid" or "group x". the
real question is whether doing so, on an infrequent though regular
basis, is something that would impact a user's service. i don't believe
so, given the purpose for which newspro exists there will be quite a lot
of traffic in general, making the impact of such checks barely
noticable. perhaps he should state outright that the program will do
this -- i think he should. in any case it's not spying, as the only
entity that can "see" you doing those commands is your nntp service
provider, and they can already see all the others so could profile you
with much greater ease.
>As posted earlier, I had some trouble finding software capable of
>dumping all traffic between Newspro and the net to a file AND at the
>same time isolating suspicious activity.
really? perhaps you are ignoring me -- hmm, that might be for the best.
>Newspro at random intervals engages the server in the following
>dialogue to find those messages (transcribed directly from my logs):
i don't see any timestamps in your logs, which might support your claim
that egregious load (time or i/o) is placed on a user's system or their
internet service.
>http://groups.google.com/groups?q=fish+insubject:newspro&hl=en&selm=a0hs3t01j4l%40enews1.newsguy.com&rnum=1
>
>(because of line wrapping you will have to copy the lines separately)
some will have to do that because you didn't quote or trim the link,
i.e., place it with <>'s, and remove all the unnecessary bits. a q is
unnecessary when an selm is present, and can be changed to threadm to
select the entire thread instead of the single article; which i believe
would be useful in this case. further, specifying an hl and rnum is
silly.
<http://groups.google.com/groups?threadm=a0hs3t01j4l%40enews1.newsguy.com>
--
okay, have a sig then
NudeEmperor
Am.....er.....sorry Alex, I opened the issue and am....er......if you
don't mind I'll decide when I want to close it. Had I not 'opened' the
issue very few people would be aware that their copy of Newspro was
reading from alt.binaries.e-book. Perhaps if you were to be more open
(pun cringe) about your spyware tactics then I wouldn't have to 'open'
anything.
So we effectively have an admission that I was right about the message
retrieval from alt.binaries.e-book. That's now out in the open (ooops,
again!) and people are at liberty to act accordingly.
I now have to eat a little 'humble pie'. My suspicion to the effect
that Newspro also clandestinely posts to newsgroups is, I now feel,
unfounded. Nonetheless I made it clear in my original post that it was
only a suspicion and it was just as well I aired it (qualified as
such) rather than keep it to myself.
For someone who "doesn't have time for these issues" it's nothing
short of amazing that you find time to code all this stuff.
Anyway......ok.......I agree...............issue closed (until next
time).
NudeEmperor
NudeEmperor
<alexand...@tx.technion.ac.il> wrote:
> If any other questions arise here they can be asked on the newspro forum."
Ok, so what are the chances that my post would exist for anything more
than 5 minutes on your web forum before being censored (aka deleted)?
I'd say small. No, I'll stay here thank you very much
NudeEmperor
NudeEmperor
my name <not-a-rea...@usa.net> wrote:
><sqhr5u0vd0i9bp0oe...@4ax.com> divulged:
>[re-arranged slightly]
>
>>here are the details of his new spyware rouse.
>
>>Basically Newspro v3.13 has given up contacting www.usenetopia.com to
>>check if the serial number it was registered with is still valid (as
>>it did in previous versions). Too many people were getting round that
>>by using a firewall.
>
>this doesn't sound like it's spying on your habits, much less reporting
>them to anyone.
>
Did I say it was spying? No, I did not. What I did say is that it is
'spyware'. Can you see the last four letters in that word? No? Well
try again. You see, those of us with even a limited grasp of the
Queen's English can manage to differentiate between a word and the
same word with some letters added at the end. Let's try an easier
example to give you the hang of things: 'sex' and 'sextuplets'. Now,
look both up in a dictionary (no need for the 11th volume of the OED
here) and you may be surprised to find that the latter in no way
alludes to paedophilic or incestuous activity between newborn
children. It's fasinating isn't it? Now that you've quite grasped that
you may be persuaded to toddle off to
where you'll find the following definition of 'spyware':
"Spyware is ANY SOFTWARE which employs a user's Internet connection in
the background (the so-called "backchannel") without their knowledge
or explicit permission."
Newspro does exactly that and therefore its activity conforms to that
definition. At the end of the day it matters little which word we use.
Lets coin one right here and now: "fdsfdsfs" (ok perhaps we need a few
vowels; no matter). I find fdsfdsfs objectionable in all its forms.
>>On a random basis it will now issue an XPAT command to search for a
>>string ("Jz7nvv0pehu") in the 'from' address of a poster (author) in
>>the group "alt.binaries.e-book". Alex Birj makes periodic postings to
>>that group using a 'from' address which corresponds to the said search
>>string. When Newspro finds any posts conforming to its search
>>criteria it will read them and establish any known invalid serial
>>numbers from the message contents. If you are running a version of
>>Newspro with one of those serial numbers then Newspro will de-register
>>itself after a further random period of time.
>
>ditto, no spyware activity seems to be taking place.
>
See above
>>The BIG issue for me though is that I have good reason to believe that
>>Newspro also POSTS to Usenet.
>
>since you've already written a program to monitor the nntp traffic it
>surely cannot be that difficult to check for the "post" command that
>would have been required.
Now another little piece of advice when replying to a post on Usenet
is to be very careful to read the actual post before blowing your
mouth off. Unfortunately for you in this case, an additional
requirement is that one should also think about the issue.
As I explained, Newspro only reads from alt.binaries.e-book at random
wide-spaced intervals. On the one occasion that I 'caught' it doing
'the naughtys' the messages searched for in the XPAT command had
expired from my server. It is only at that point that it finds out
that it is running with an invalid serial number and only at that
point that it might have conceivably issued the POST command.
>nothing within the referenced thread directly supports your claim that
>newspro is spyware. one might infer that if newspro connects to the
>server even after it's been disabled that either the program has a bug
>or that the author is lying, from which some may then stretch (the
>later) to include the remainder of the privacy statement, i.e., that
>newspro is, in fact, spyware. fortunately personal http proxies are a
>dime a dozen, such that proof of this contention should be simple to
>obtain, yet nobody has made such a claim, which makes me hold the
>stretched inference at arms length (i.e., ignore it).
It sounds to me that a lot of things are a dime a dozen! More waffle
addressed above.
>
>since the potential for posting was your main point, and is the only one
>that could substantiate a claim that newspro is spyware, i've responded
>to it at the outset. i do have some other remarks, but as they don't
>pertain to your main point, and since that point wasn't presented at the
>outset, i've moved them below.
The potential for posting was NOT my main point. My main point is that
Newspro is spyware. (That was a full stop; otherwise known as a
period) The potential for posting was a "BIG issue" (to quote
myself). In any event it is now a non-issue, a dead issue, a veritable
parrot even.
>>the XPAT (search for a string) command is inefficient. Depending on
>>the server you are using it CAN take 10 minutes or more for an XPAT
>>command to complete.
>
>what makes you think this is an inefficient command? typically it is
>quite efficient, though less so than "article mid" or "group x". the
>real question is whether doing so, on an infrequent though regular
>basis, is something that would impact a user's service.
That is NOT the real question. The real question concerns the
principle that some people may be uncomfortable with running a program
that employs a user's Internet connection in the background without
their knowledge or explicit permission.
Understanding of the concept of a 'principle' is in my experience
beyond the intellectual capacity of more than 80% of the population.
(I'm not joking). Unfortunately and depressingly, I can't do anything
about that.
> perhaps he should state outright that the program will do
>this -- i think he should.
Good God! We agree on something! You see, there's always hope, even
with gross darkness covering the earth and its people.
>>As posted earlier, I had some trouble finding software capable of
>>dumping all traffic between Newspro and the net to a file AND at the
>>same time isolating suspicious activity.
>
>really? perhaps you are ignoring me -- hmm, that might be for the best.
Did you see the 'AND' in the sentence? We call it a conjunction in the
Queen's English. I capitalised it for you (and others) to make the
point easier to grasp. You suggested:
"why don't you use a proxy (e.g., hamster or newsplex) to find out. if
newspro is posting or reading a group you'll see it in it's logs"
Your suggestion was acted upon (thank you) but Portunnel proved to be
more effective in conjunction (another example of its use) with my
program. Hamster provides no facility to map requested message ids
back to the relevant group to which they were posted and has the added
restriction that it presents only one server to Newspro.
>>Newspro at random intervals engages the server in the following
>>dialogue to find those messages (transcribed directly from my logs):
>
>i don't see any timestamps in your logs, which might support your claim
>that egregious load (time or i/o) is placed on a user's system or their
>internet service.
Wow! "egregious" no less! From a man (woman?) who can't cope with
conjunctions of sextuplets that's some word! Whether unreasonable (a
little more appropriate a word in this context with the added
advantage of being a tad less demanding on those who labour under the
yoke of the vernacular) loads are placed on a users system, or not, is
a moot point. For some, a millisecond is an unreasonable load; for
others it may not be considered particularly egregious (ooops!). The
fact that ANY load is placed forms part of my objection; not the
extent of it. Understanding that involves grappling with the concept
of 'principle' though. But remember that 'principle' differs markedly
from 'principal' which is a whole other can of worms that we can get
into in a future session (Ugh!).
>>http://groups.google.com/groups?q=fish+insubject:newspro&hl=en&selm=a0hs3t01j4l%40enews1.newsguy.com&rnum=1
>>
>>(because of line wrapping you will have to copy the lines separately)
>
>some will have to do that because you didn't quote or trim the link,
>i.e., place it with <>'s, and remove all the unnecessary bits. a q is
>unnecessary when an selm is present, and can be changed to threadm to
>select the entire thread instead of the single article; which i believe
>would be useful in this case. further, specifying an hl and rnum is
>silly.
>
><http://groups.google.com/groups?threadm=a0hs3t01j4l%40enews1.newsguy.com>
Fasinating. Just fasinating.
I'd be especially interested to have your opinion when you do me the
small justice of actually reading my original post.
(Ouch!) Should I send this...aw.... shucks....lets go for
it................
:-)
Nude Emperor
Koan G
news:s36u5uouoh3mp12vh...@4ax.com:
> Understanding of the concept of a 'principle' is in my
> experience beyond the intellectual capacity of more than 80% of
> the population. (I'm not joking). Unfortunately and
> depressingly, I can't do anything about that.
One man's meat is another man's poison - one man's principle is
another man's license to crack.
Personally, I have no issue with anything Mr. Birj does in his
software; I've never used it, and probably never will. But it does
strike me as vaguely hypocritical to spout off about someone's
supposed lack of principles while you engage in theft.
No, actually, let me rephrase that; it strikes me as EXTREMELY
hypocritical.
Don't worry, I'm not expecting a sudden "light on the road to
Damascus" on your part. As a wise man once said, "Unfortunately and
depressingly, I can't do anything about that".
Cheers,
--
"a mystery or puzzle with no logical solution"
http://info.astrian.net/jargon/terms/k/koan.html
Use Reply-To address or replace deadspam with hotmail
mailto:u...@ftc.gov (Where does your spambot want to go today?)
NudeEmperor
>One man's meat is another man's poison - one man's principle is
>another man's license to crack.
>Personally, I have no issue with anything Mr. Birj does in his
>software; I've never used it, and probably never will.
A valid personal view
>strike me as vaguely hypocritical to spout off about someone's
>supposed lack of principles while you engage in theft.
Now, this is where I always get puzzled when it comes to other
peoples' logic. I make a perfectly valid contribution to the store of
knowledge on the subject of newsreading software. I'm prepared to
accept that some people might not find it interesting or even agree
with me about spyware but that's life. But why should it materially
affect my point if I habitually engage in mugging little old ladies as
they cross the street? My point stands independently of that. Surely?
You're presumably one of those people who also subscribe to the notion
that people in glasshouses shouldn't throw stones? I've never
understood that one either. I'm obviously 'abnormal'. Gee! Shucks!
>No, actually, let me rephrase that; it strikes me as EXTREMELY
>hypocritical.
Ok, I'll make a hypothetical (and, indeed hypocritical!) admission
(just for the sake of argument): I'M A HYPOCRITE. Ahhh! That's better!
But, now hold on a moment. Where has that got us? Is my point any less
valuable? Is yours any more valuable? No. So why is my hypocrisy
relevant? All this of course assumes that the sole purpose of your
post wasn't to indulge in cheap insult.
>Don't worry, I'm not expecting a sudden "light on the road to
>Damascus" on your part. As a wise man once said, "Unfortunately and
>depressingly, I can't do anything about that".
Francis Bacon (the writer not the artist!) once said "Read not to
contradict and confute; nor to believe and take for granted; nor to
find talk and discourse; but to weigh and consider." You'll find the
entire text at http://www.bartleby.com/3/1/50.html It could, just
possibly, be enlightening for you (if not quite life changing).
Regards
NudeEmperor
PS: All I've had on here since getting this bee in my bonnet is a
mixture of abuse and disagreement. Can some of you lurkers out there
who appreciate my post on Newspro hit the post button for a change and
give me some faith in the vague possibility that I'm not fighting this
battle alone?
Koan G
news:ioqv5ug8trs1k80lo...@4ax.com:
> But, now hold on a moment. Where has that got us? Is my point
> any less valuable?
I don't deny that your forensic investigations of this piece of
software have turned up information that will undoubtedly be of
interest to those who use that software in otherwise blind ignorance.
I wasn't commenting on that at all. Personally, I find your posts
instructive and entertaining (although, personally, I can't help but
think there are bigger fish out there you could take on).
What I was commenting on was you bringing "principles" into the
issue. And highlighting that, to some people, myself included, some
of the actions you espouse could be classed as lacking in principles.
Specifically, theft.
Yes, I can read; and yes, I have read Francis Bacon. And yes, I agree
that you are performing a worthwhile service in uncovering
programming practices that are not revealed to the paying customer
(as for the non-paying customer, well, they get what they paid for!)
But when you started denouncing someone else's principles while
espousing software theft, then I'm afraid I felt compelled to pipe up
and say "The Emperor is, indeed, naked!"
those who know me have no need of my name
>On Mon, 04 Feb 2002 22:29:41 -0000, those who know me have no need of
>my name <not-a-rea...@usa.net> wrote:
>><sqhr5u0vd0i9bp0oe...@4ax.com> divulged:
>>[re-arranged slightly]
>>>here are the details of his new spyware rouse.
>>
>>>Basically Newspro v3.13 has given up contacting www.usenetopia.com to
>>>check if the serial number it was registered with is still valid (as
>>>it did in previous versions). Too many people were getting round that
>>>by using a firewall.
>>
>>this doesn't sound like it's spying on your habits, much less reporting
>>them to anyone.
>
>Did I say it was spying? No, I did not. What I did say is that it is
>'spyware'.
>
>where you'll find the following definition of 'spyware':
this isn't the commonly accepted definition. which doesn't surprise me
given the source you are quoting. now that i know where you are coming
from your complaint makes more sense.
>Newspro does exactly that and therefore its activity conforms to that
>definition.
i see. so, you say you support the author's ownership of his software,
but when he makes use of a tiny fraction of the bandwidth that must
already be in-use (else you wouldn't bother with his product) your
support is ended -- correct? what would you support him doing instead?
distribute the software and hope people will pay, even in the presence
of widespread abuse of that process?
>As I explained, Newspro only reads from alt.binaries.e-book at random
>wide-spaced intervals. On the one occasion that I 'caught' it doing
>'the naughtys' the messages searched for in the XPAT command had
>expired from my server. It is only at that point that it finds out
>that it is running with an invalid serial number and only at that
>point that it might have conceivably issued the POST command.
and which a custom program (you wrote it, right?) would have been able
to trap with great ease. especially once it had been changed based on
the added information (of newspro's behavior) so that capturing all the
traffic was no longer necessary, only the "post" command.
>>>the XPAT (search for a string) command is inefficient. Depending on
>>>the server you are using it CAN take 10 minutes or more for an XPAT
>>>command to complete.
>>
>>what makes you think this is an inefficient command? typically it is
>>quite efficient, though less so than "article mid" or "group x". the
>>real question is whether doing so, on an infrequent though regular
>>basis, is something that would impact a user's service.
>
>That is NOT the real question.
what matter? you made it a point in the article i quoted. if you now
believe it's a non-issue that's fine. if it remains an issue then the
basis for your claim remains central to comprehension of your point.
>>>As posted earlier, I had some trouble finding software capable of
>>>dumping all traffic between Newspro and the net to a file AND at the
>>>same time isolating suspicious activity.
>>
>>really? perhaps you are ignoring me -- hmm, that might be for the best.
>
>Did you see the 'AND' in the sentence? We call it a conjunction in the
>Queen's English.
i see, you can't conceive of using more than one tool to accomplish your
purpose. sad. quite sad. perhaps the queen is available for tutoring.
>loads are placed on a users system, or not, is a moot point.
it wasn't moot in your original post; you complained of it. i asked how
you reached the conclusion that such a load was in fact being inflicted.
>I'd be especially interested to have your opinion when you do me the
>small justice of actually reading my original post.
i doubt it. if i called into question anything that you did you would
just make a attack in response, sinking to my (ab)use of english if
nothing else were available, rather than explaining your point had i
missed it.
Amanda Jenkins
> <sqhr5u0vd0i9bp0oe...@4ax.com> divulged:
> [re-arranged slightly]
>
> >here are the details of his new spyware rouse.
>
> >Basically Newspro v3.13 has given up contacting www.usenetopia.com to
> >check if the serial number it was registered with is still valid (as
> >it did in previous versions). Too many people were getting round that
> >by using a firewall.
>
> this doesn't sound like it's spying on your habits, much less reporting
> them to anyone.
>
But if Alex birg found out, then of course it is.
> >On a random basis it will now issue an XPAT command to search for a
> >string ("Jz7nvv0pehu") in the 'from' address of a poster (author) in
> >the group "alt.binaries.e-book". Alex Birj makes periodic postings to
> >that group using a 'from' address which corresponds to the said search
> >string. When Newspro finds any posts conforming to its search
> >criteria it will read them and establish any known invalid serial
> >numbers from the message contents. If you are running a version of
> >Newspro with one of those serial numbers then Newspro will de-register
> >itself after a further random period of time.
>
> ditto, no spyware activity seems to be taking place.
>
sure it is. spyware is spyware. DOH !
> >The BIG issue for me though is that I have good reason to believe that
> >Newspro also POSTS to Usenet.
>
> since you've already written a program to monitor the nntp traffic it
> surely cannot be that difficult to check for the "post" command that
> would have been required.
>
>
>http://groups.google.com/groups?q=fish+insubject:newspro&hl=en&selm=a0hs3t0
1j4l%40enews1.newsguy.com&rnum=1
>
> nothing within the referenced thread directly supports your claim that
> newspro is spyware. one might infer that if newspro connects to the
> server even after it's been disabled that either the program has a bug
> or that the author is lying, from which some may then stretch (the
> later) to include the remainder of the privacy statement, i.e., that
> newspro is, in fact, spyware. fortunately personal http proxies are a
> dime a dozen, such that proof of this contention should be simple to
> obtain, yet nobody has made such a claim, which makes me hold the
> stretched inference at arms length (i.e., ignore it).
>
> since the potential for posting was your main point, and is the only one
> that could substantiate a claim that newspro is spyware, i've responded
> to it at the outset. i do have some other remarks, but as they don't
> pertain to your main point, and since that point wasn't presented at the
> outset, i've moved them below.
>
You idiot ! Spyware is spyware. If the program wastes time checking for
serials in whatever method, it's still spyware !
> >the XPAT (search for a string) command is inefficient. Depending on
> >the server you are using it CAN take 10 minutes or more for an XPAT
> >command to complete.
>
> what makes you think this is an inefficient command? typically it is
> quite efficient, though less so than "article mid" or "group x". the
> real question is whether doing so, on an infrequent though regular
> basis, is something that would impact a user's service. i don't believe
> so, given the purpose for which newspro exists there will be quite a lot
> of traffic in general, making the impact of such checks barely
> noticable. perhaps he should state outright that the program will do
> this -- i think he should. in any case it's not spying, as the only
> entity that can "see" you doing those commands is your nntp service
> provider, and they can already see all the others so could profile you
> with much greater ease.
>
> >As posted earlier, I had some trouble finding software capable of
> >dumping all traffic between Newspro and the net to a file AND at the
> >same time isolating suspicious activity.
>
> really? perhaps you are ignoring me -- hmm, that might be for the best.
>
And you are igoring the real meaning of spyware, sir !
> >Newspro at random intervals engages the server in the following
> >dialogue to find those messages (transcribed directly from my logs):
>
> i don't see any timestamps in your logs, which might support your claim
> that egregious load (time or i/o) is placed on a user's system or their
> internet service.
>
You're probably blind ! LOL !!!
Amanda Jenkins
"Koan G" <koa...@deadspam.com> wrote in message
news:Xns91AC7752...@130.133.1.4...
> NudeEmperor <NudeE...@nospam.com> wrote in
> news:s36u5uouoh3mp12vh...@4ax.com:
>
> > Understanding of the concept of a 'principle' is in my
> > experience beyond the intellectual capacity of more than 80% of
> > the population. (I'm not joking). Unfortunately and
> > depressingly, I can't do anything about that.
>
> One man's meat is another man's poison - one man's principle is
> another man's license to crack.
>
> Personally, I have no issue with anything Mr. Birj does in his
> software; I've never used it, and probably never will. But it does
> strike me as vaguely hypocritical to spout off about someone's
> supposed lack of principles while you engage in theft.
>
> No, actually, let me rephrase that; it strikes me as EXTREMELY
> hypocritical.
>
> Don't worry, I'm not expecting a sudden "light on the road to
> Damascus" on your part. As a wise man once said, "Unfortunately and
> depressingly, I can't do anything about that".
ANOTHER ALEX BIRJ BUTT-LICKER !!! LOL !!!
Amanda Jenkins
I'll be one of those who support you and stand for freedom !
"NudeEmperor" <NudeE...@nospam.com> wrote in message
news:sqhr5u0vd0i9bp0oe...@4ax.com...
Koan G
$EWl.1...@news2.randori.com:
> ANOTHER ALEX BIRJ BUTT-LICKER !!! LOL !!!
Absolutely! Can't beat that hot beefy Bovril taste!
Fucktard.
NudeEmperor
<aman...@gofast.com> wrote:
>Good job. Don't let these Alex Birj lovers piss you off.
>I'll be one of those who support you and stand for freedom !
I won't. It's really great to see that I'm in good company(?) ;-)
NudeEmperor
>ANOTHER ALEX BIRJ BUTT-LICKER !!! LOL !!!
>
Hark! Hear! The Cavalry bugles beckon from yonder hill, sire!!!
NudeEmperor
my name <not-a-rea...@usa.net> wrote:
>this isn't the commonly accepted definition. which doesn't surprise me
>given the source you are quoting. now that i know where you are coming
>from your complaint makes more sense.
I'm not terribly au fait with that which is commonly accepted. Perhaps
you'll be good enough to propose an alternative definition from the
common man's perspective. Please remember that when you do you'll have
to make a choice between that which is common and that which is
elegant. Elegance always wins these battles in the long run I'm afraid
:-)
>>Newspro does exactly that and therefore its activity conforms to that
>>definition.
>
>i see. so, you say you support the author's ownership of his software,
>but when he makes use of a tiny fraction of the bandwidth that must
>already be in-use (else you wouldn't bother with his product) your
>support is ended -- correct? what would you support him doing instead?
>distribute the software and hope people will pay, even in the presence
>of widespread abuse of that process?
Am......er......pretty much exactly! Or else suffer the slings and
arrows of outrageous publicity. It's like a rock and a hard place in
this jungle.
>>As I explained, Newspro only reads from alt.binaries.e-book at random
>>wide-spaced intervals. On the one occasion that I 'caught' it doing
>>'the naughtys' the messages searched for in the XPAT command had
>>expired from my server. It is only at that point that it finds out
>>that it is running with an invalid serial number and only at that
>>point that it might have conceivably issued the POST command.
>
>and which a custom program (you wrote it, right?) would have been able
>to trap with great ease. especially once it had been changed based on
>the added information (of newspro's behavior) so that capturing all the
>traffic was no longer necessary, only the "post" command.
No, I'm not expecting a great amount of respect for my programming
efforts in Word Basic.! All it did was to read the input log files,
pick up every line starting with the string "Message ID:", and output
the message id to another file. Then ANOTHER(!!!) Word Basic program
read the output file and searched the output logs (with multiple
sequential reads!!!) for the message id and output the name of the
group accessed to another file. I then sorted that file in Excel (!)
and eyeballed the result for group names that I hadn't specified. The
thing took ages to run but I can e-mail you the source for a small
fee. Would $35 be ok? Don't try to pirate it though or I'll be sending
a copy of your inside leg measurements to the IRS.
After all that effort I found that I needn't have bothered because
when Newspro started to be bad it behaved like the proverbial little
girl who had a little curl, right down the middle of her forehead.
I know! I know! I' m not going to list this particular programming
achievement on my job applications to Bell Laboratories and McDonalds.
You've found me out! I thought I could get away with leaving the
impression that I'd grappled with the Einsteinian esoterics of
compiled Cobol. Shucks! How did you guess? I'm intrigued! I've always
been a sucker for people with uncanny perceptive abilities and the
tendancy to think in ones and zeros. I wear a mauve/green anorack with
a tassled off-'aqua' hat. You?
>>That is NOT the real question.
>
>what matter? you made it a point in the article i quoted. if you now
>believe it's a non-issue that's fine. if it remains an issue then the
>basis for your claim remains central to comprehension of your point.
Eh? I made the point in the article that I had a SUSPICION. I
qualified it as such. Alex has specifically denied it in a previous
post on this thread. (you should really read this thread before you
post) I personally believe him. I then ate humble pie on that one.
That's the end of the matter unless someone doesn't believe him; in
which case they are at liberty to take up at the point at which I left
off. But as Alex suggested, the matter as far as I'm concerned is now
closed. People know the situation and that's what I wanted to achieve.
>i see, you can't conceive of using more than one tool to accomplish your
>purpose. sad. quite sad. perhaps the queen is available for tutoring.
You know the 80% I refered to in the last post? I'm in the bottom 20!
I'm quite saddened about the whole thing too. A frontal lobotomy in
'96 had no effect whatsoever apart the unfortunate side effect of
making me slightly cross-eyed. Can you tell me something? Is
institutional care in Rhode Island any better? The food here in this
Victorian pile is particularly awful.
>it wasn't moot in your original post; you complained of it. i asked how
>you reached the conclusion that such a load was in fact being inflicted.
Oh! Gawd! I said it was possible that an XPAT command COULD take a
long time (did you see that word?). I stand by that statement.
>>I'd be especially interested to have your opinion when you do me the
>>small justice of actually reading my original post.
>
>i doubt it. if i called into question anything that you did you would
>just make a attack in response, sinking to my (ab)use of english if
>nothing else were available, rather than explaining your point had i
>missed it.
Jesus and Allah! Cocaine and Baked Beans! I have answered every
point you made in detail. I'm really sorry if I insulted you in any
way but your original post came across as dismissive, aggressive and
and simmered for a couple of hours over a low heat on a bed of
arrogance. I reacted in my own little way by adding what, from my sad
perspective, I consider to be a little light humour. Lighten up!
Regards
NudeEmperor
NudeEmperor
>NudeEmperor <NudeE...@nospam.com> wrote in
>news:ioqv5ug8trs1k80lo...@4ax.com:
>
>> But, now hold on a moment. Where has that got us? Is my point
>> any less valuable?
>
>I don't deny that your forensic investigations of this piece of
>software have turned up information that will undoubtedly be of
>interest to those who use that software in otherwise blind ignorance.
>I wasn't commenting on that at all. Personally, I find your posts
>instructive and entertaining (although, personally, I can't help but
>think there are bigger fish out there you could take on).
>
>What I was commenting on was you bringing "principles" into the
>issue. And highlighting that, to some people, myself included, some
>of the actions you espouse could be classed as lacking in principles.
>Specifically, theft.
>
>Yes, I can read; and yes, I have read Francis Bacon. And yes, I agree
>that you are performing a worthwhile service in uncovering
>programming practices that are not revealed to the paying customer
>(as for the non-paying customer, well, they get what they paid for!)
>But when you started denouncing someone else's principles while
>espousing software theft, then I'm afraid I felt compelled to pipe up
>and say "The Emperor is, indeed, naked!"
>
>Cheers,
Yeah you're right. I have to grapple with this issue in a lengthy post
but is here the best place? I'll put something together and post it in
the next couple of days. Even if you've forgotton the thread by that
time it'll get archived in Google and I can use it in the future.
NudeEmperor
NudeEmperor
Newspro (along with an appropriate firewall) is by far the best
program available for downloading binaries (especially if your news
provider has multiple servers). I have tried ALL the others. I'm
puzzled as to why XNEWS is so popular on here. Now I AM begining to
sound like a troll but there you go.
The best combination I think is Forte Agent for ordinary posting and
browsing and Newspro for everything else.
NudeEmperor
Sylvan Butler
> I wasn't commenting on that at all. Personally, I find your posts
> instructive and entertaining (although, personally, I can't help but
> think there are bigger fish out there you could take on).
> But when you started denouncing someone else's principles while
> espousing software theft, then I'm afraid I felt compelled to pipe up
> and say "The Emperor is, indeed, naked!"
Now that is a post I can agree to.
I have no intention to ever use newspro, but I always like to see
software exposed when it does _anything_ not directed by the user.
I don't believe this recent newspro behavior would classify it as
"spyware", because "spyware" means software that is spying on the
user. However it most definitely is behaving in a suspect fashion,
and such behavior should be publicized, rooted out, and killed.
sdb
--
| Sylvan Butler | Not speaking for Hewlett-Packard | sbutler-boi.hp.com |
| Watch out for my e-mail address. Thank UCE. #### change ^ to @ #### |
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. --Benjamin Franklin, 1759
Fight terrorism, arm the population!
Koan G
news:75316uk12n2o09p41...@4ax.com:
> Yeah you're right. I have to grapple with this issue in a
> lengthy post but is here the best place? I'll put something
> together and post it in the next couple of days.
Don't bust a gut on my account! Seriously. I was expressing my
opinion (which I'm entitled to have, and with which no-one else has
to agree; nor do I expect them to). If you write an extensive
treatise, sure, I'll read it; but I'm not going to spend hours
commenting on it, because, to be blunt, that doesn't pay my bills, or
light my candle. So it's your choice; I'm just letting you know not
to expect an exhaustive correspondence with me on the subject of
principles.
> Even if you've
> forgotton the thread by that time it'll get archived in Google
> and I can use it in the future.
Photographic memory, me; I forget very little. Do what you want; just
don't feel that you have to try and score points off me. I'm just an
insignificant dumb-ass; apply your undoubted talents in a more
rewarding direction.
NudeEmperor
<Znospam+...@hpb13799Z.Zboi.hpZ.com.invalid> wrote:
>I don't believe this recent newspro behavior would classify it as
>"spyware", because "spyware" means software that is spying on the
>user.
Does anyone read this thread before they post?
OK, lets's tackle this a little more seriously than on the last
occasion.
The usual definition is at:
Now before we get into a long, boring and fruitless debate on
semantics lets accept that there are TWO kinds of related activity
that a program can indulge in that most people accept is of dubious
justification:
1) Software which employs a user's Internet connection in the
background without their knowledge or explicit permission to SEND
data.
and
2) Software which employs a user's Internet connection in the
background without their knowledge or explicit permission to RECEIVE
data.
Can you please provide me with a term to cover 2) above? And if you do
then you'll have to provide me with a term to cover a piece of
software which does both. We may then need a further generic term to
describe a piece of software that does either. That's three new words
you need to coin and get accepted. The alternative is to simply
qualify the word 'spyware' where needed.
'Spyware' has a headstart. And as this activity gets more commonplace
there isn't a hope in hells chance that a new word (or words) will
take over. Lets accept it and get on with the business of fighting the
thing.
NudeEmperor
NudeEmperor
> I'm just an insignificant dumb-ass
Aw! Gee! Steady guy! Now you must know you're not. We're all just
spokes in the big wheel of life you know. I'm stuck here in this room
behind a locked door with 6" foam wallpaper, a chemical toilet and a
box of 2-ply Kleenex but does that get me down? No. Some guys get
3-ply but I'm not proud. Since the chainsaw incident I haven't hurt
anyone but they still won't let me out. Yet I still keep my head high
and look forward to the little pleasures in life; like a stained photo
of George Bush in a tight polo shirt and speedos that I keep in a
crack in the floor.
And as that famous lyrical masterpiece of Christian philisosophy goes:
All God's children have a place in the choir
Some sing low and some sing higher
Some sing out loud on the telephone wire <------ (what?)
Some just clap their hands
See....that's better.
NudeEmperor
Koan G
news:b6e26u44gav1nqmsl...@4ax.com:
<Great Post Snipped>
Man, you are in the lead for my personal "Post of the Year". That was
a belter!
Alex Birj
I found on the site also the perfect solution to the problem
(http://grc.com/oo/program.htm):
"Thanks to your support, an incredible 2,553,934 copies of OptOut were
downloaded during OptOut's one-year life...."
"In Summary: All copies of our OptOpt program have now expired and OptOut is
not being renewed.
I am working on a very different and even more important new program..."
Although http://grc.com/mailings/4.txt :
"Subject: Steve Gibson's March/2000 Brief Monthly Update ...
Announcing my NEW freeware: " OptOut "
"
I didn't find his definition of freeware - XNews users, relax :)
His definition:
"Spyware is ANY SOFTWARE which employs a user's Internet connection in the
background (the so-called "backchannel") without their knowledge or explicit
permission."
The question is where is a backchannel?
"ANY SOFTWARE communicating across the Internet absent these elements is guilty
of information theft and is properly and rightfully termed: Spyware."
Where is information theft?
Chip Verde
> The alternative is to simply qualify the word 'spyware' where needed.
The alternative is to not use a word that does not apply.
When programs first starting sending out personal info without the user's
knowledge, there was no term for it. People didn't call it by an existing
term and then qualify it. They described it until someone came up with a
word.
A term for a program that receives data in the background without the
user's knowledge? Adware does it, but the user should know that's coming
(if not when).
Updateware? In this case: Registrationware?
Who knows. Whatever it is, it isn't spyware.
--
Chip
Sylvan Butler
> On 5 Feb 2002 11:00:15 -0700, Sylvan Butler
><Znospam+...@hpb13799Z.Zboi.hpZ.com.invalid> wrote:
>>I don't believe this recent newspro behavior would classify it as
>>"spyware", because "spyware" means software that is spying on the
>>user.
>
> Does anyone read this thread before they post?
Yup. Don't you? If you read what I wrote, you would see that "I
don't believe..."
Is that not clear enough?
> The usual definition is at:
>
> http://grc.com/optout.htm
Gibson does a lot of things I disagree with.
> 1) Software which employs a user's Internet connection in the
> background without their knowledge or explicit permission to SEND
> data.
>
> and
>
> 2) Software which employs a user's Internet connection in the
> background without their knowledge or explicit permission to RECEIVE
> data.
Sure.
> Can you please provide me with a term to cover 2) above? And if you do
No.
> you need to coin and get accepted. The alternative is to simply
> qualify the word 'spyware' where needed.
No.
Unless it is disclosing information about me, it isn't spying. And
if it isn't spying, I don't believe it is spyware.
Period.
NudeEmperor
I'm laying down my weapons on this one. I will continue to refer to
any program which employs a user's Internet connection in the
background, without their knowledge or explicit permission, to recieve
data, as 'spyware'. You can do as you please.
What annoys me mostly about this debate over semantics is that it
brings with it a suggestive undertone. A kind of feeling that if we
can prove that Newspro isn't spyware then we have in some way
diminished the unacceptability of its behaviour.
There's a word for that.................bollox!
NudeEmperor
Sylvan Butler
> http://grc.com/optout.htm
No, that is Gibson's definition. Others are more common, eg:
http://whatis.techtarget.com/definitionsSearchResults/1,289878,sid9,00.html?query=spyware
''In general, spyware is any technology that aids in gathering
information about a person or organization without their
knowledge. On the Internet, spyware is programming that is put
in someone's computer to secretly gather information about the
user and relay it to advertisers or other interested parties.''
http://www.spychecker.com/spyware.html
''...tracking software on your system, which is continuously
"calling home", using your Internet connection and reports
statistical data...''
http://www.zdnet.com/products/stories/reviews/0,4161,2612053,00.html
''...hidden software program transmits user information via the
Internet...''
NudeEmperor
<alexand...@tx.technion.ac.il> wrote:
>The question is where is a backchannel?
>
>"ANY SOFTWARE communicating across the Internet absent these elements is guilty
>of information theft and is properly and rightfully termed: Spyware."
>
>Where is information theft?
Alex I have no idea what you're getting at apart from making an
attempt to muddy the waters.
Forget the definitions. The bottom line is that your program, Newspro,
'employs a user's Internet connection in the background without their
knowledge or explicit permission'.
Even if you pour the contents of an an entire sewer into this debate,
Newspro will continue to 'employ a user's Internet connection in the
background without their knowledge or explicit permission'
Until you declare this fact on Newspro's 'documentation', help files
and website, Newspro will continue to 'employ a user's Internet
connection in the background without their knowledge or explicit
permission'.
Your 'Privacy Policy' statement is simply a statement which attempts
to legitimise 'the employment of a user's Internet connection in the
background without their knowledge or explicit permission'.
There's no law against software which 'employs a user's Internet
connection in the background without their knowledge or explicit
permission' but there is publicity.
NudeEmperor
Chip Verde
> I'm laying down my weapons on this one. I will continue to refer to
> any program which employs a user's Internet connection in the
> background, without their knowledge or explicit permission, to recieve
> data, as 'spyware'. You can do as you please.
I will put wheels on my dog and call him a wagon. Doesn't make him one.
> What annoys me mostly about this debate over semantics is that it
> brings with it a suggestive undertone. A kind of feeling that if we
> can prove that Newspro isn't spyware
TINW. If you're going to use the term and come across as knowing what
you're talking about, you have to prove that Newspro is spyware. You have
failed to do so.
> then we have in some way
> diminished the unacceptability of its behaviour.
A program that sends out your personal information is in a whole different
league than one that checks to see if you're running a legal copy.
Attempting to put the two in the same category is quite a stretch.
--
Chip
Chip Verde
> Alex I have no idea what you're getting at apart from making an
> attempt to muddy the waters.
You really need to get your terms straight. Alex is doing nothing of the
sort. Your use of the term 'spyware' for something that is not is a
muddying of the waters.
His statement that no user data is transmitted is clarification.
It is truly amusing to watch someone who talks about his efforts to steal
software attempt to take the high ground.
--
Chip
Sylvan Butler
> Sylvan Butler <Znospam+...@hpb13799Z.Zboi.hpZ.com.invalid>
> wrote:
>>
>> No, that is Gibson's definition. Others are more common, eg:
>>
>> http://whatis.techtarget.com/definitionsSearchResults/1,289878,sid9
>> ,00.html?query=spyware
>>
>
> spyware keeps the user's ID anonymous while it reports back useful info
> to the owner of the program
>
> But it is still spyware.
That's correct. None of the definitions I've seen _require_
"personal" information like user-IDs for the software to be
considerd as spyware. Any information about the user is sufficient.
Even something so simple as "someone is using your software with IP
address xx.yy.zz.ww" I would consider too much information.
Sylvan Butler
> As far as I am concerned any software which wastes my machine/dialup
> resources is not welcome.
Exactly.
If it does anything not directly what I told it to do, it is bad.
Sylvan Butler
> There's no law against software which 'employs a user's Internet
> connection in the background without their knowledge or explicit
> permission' but there is publicity.
and the more publicity, the better.
Sylvan Butler
> from any software. However, MS has been doing it (secretly
> communicating) and getting away with it. IOW there have been no
> reprocussions so far for doing this.
Do you know something new? Or just what has already been
publicized? If you have something new...
So publicize it in appropriate places, with specific details.
NudeEmperor
>NudeEmperor <NudeE...@nospam.com> wrote in
>news:sqhr5u0vd0i9bp0oe...@4ax.com:
>I have a question.
>
> MS has been doing it (secretly communicating) and
> getting away with it. IOW there have been no
>reprocussions so far for doing this.
I read the 'press' but I'm not aware of any proven case of Microsoft
'secretly communicating' in any spyware sense. If they did then the
adverse publicity would be such that they'd lose far more than they'd
gain. In fact, recently they've introduced 'product activation' on
Windows XP to some adverse publicity but at least it is totally out in
the open and I'm sure that's just the thin end of the wedge when it
comes to their plans for the future.
I don't like Microsoft's 'product activation' but my like or dislike
is irrelevant. The face of the whole software industry is about to
change completely over the next five years. Most software in five (or
ten?) years time will be run on servers (ASP's) over the Internet.The
days when you could run Word for Windows locally are numbered. It's
already happening in the games market. A smaller market for locally
run applications will be covered primarily by open source (a very
under-rated concept) operating systems, open source applications and
freeware 'taster' versions of more sophisticated ASP based
applications. But generally , there will be no money in selling
locally-run software because of the ease of copying and the higher
quality of support available through ASP's. The majority of serious
applications will be client/server based. Piracy's days are numbered;
and that's a very good thing. Local legal systems in forward looking
democracies will start to liberalise their laws on intellectual
copyright (including that of the music and film variety, whose
industries will also be turned on their heads). The basis of wealth
distribution will alter significantly towards those who can balance
functionality more closely with quality and support.
The sooner all this happens, the better.
>So, what is your ultimate goal? Will you say? What it is you
>hope to achieve, accomplish?
Newspro is one of the first applications to do what lots of
applications will start doing in the interim (the next couple of
years). As bandwidth availability increases the pressure on software
companies to react to piracy will increase and so will the deployment
of spyware tactics. The quicker we get through this interim stage the
better for everyone. I have no doubt that people like me who haven't
one piece of software on their PC's that they've actually paid for
will be reliving stories of the nature of the good old days with their
children rather than with their grandchildren. But the whole thing
needs to be speeded up even further.
Newspro is a great application for now; and one of the best binary
news readers available, but it is doomed in the long term. The future
of Usenet (if Usenet has a future) is with server based readers. Every
penny spent on locally run software is a penny less invested in the
inevitable server based stuff.
90% of the guys on here who waffle on about 'theft' are being somewhat
coy. They're in a group covering news reading software and it's
pretty plain to anyone that if you're interested in text based
newsgroups then Forte Agent has the market stitched up. So why the
interest in this newsgroup and all the other applications? Because ,
of course, most of these guys here have a very serious interest in
downloading binaries. Now, unless your interest is in
alt.holidays.amature-videos there are very few binary groups that host
anything other than pirated mp3's, porn, films and software. But it is
in the nature of Homo sapiens to err on the side of hypocrisy.
Therefore, to answer your question,
1) Firstly I 'd like to contribute to speeding up the above process.
The more piracy that goes on the greater the incentive to move towards
the ASP model. The day of the end of Hollywood's monopoly, the
millionaire talentless pop star and the lack of recourse when Word for
Windows crashes for the seventeenth time in an hour, is a day to be
relished. Of course in the meantime there are advantages to be gained
in the exercise; I see films before they're released, hear CD's I've
never paid for and have access to all the latest software.
2) Secondly, I hate the idea of any methods employed to slow down the
process. Spyware is one of them. When people know that a piece of
software is spyware they will use something else. That forces the
issue and the only eventual recourse for revenue protection is the ASP
model.
3) Thirdly, (and probably most importantly) its technically
interesting and great fun. I get endless amusement out of the human
tendency towards hypocrisy and its potential to get deliciously
contorted. It's particularly sweet kind of amusement when I'm accused
of theft AND hypocrisy by the guys in this newsgroup! The irony of
openly admitting to piracy myself but getting accused of hypocrisy in
squirming debate by those who keep their own activities to themselves
gives me a cheap kick. The idea that a guy like Alex produces software
which is used primarily by 'thieves' like myself but is then forced to
protect his own software from the very thieves he markets it to, has a
quaint deliciousness all of its own that appeals to my twisted
sensibilities!
But that guy 'Koan G' was right further up the thread; good old Alex
doesn't really deserve it. Yesterday morning was a significant day for
me. For the first time in my life I tempered my sore conscience (only
a little mind you), dusted off the little used credit card and
registered a piece of software. Yup! You've guessed it! I paid $35
(that's a week of sewing mail bags for me) for Newspro; warts and all!
I mean, the guy is just TOO nice....TOO nice.. Even a cold bastard
like me started to have difficulty sleeping!
So, ok, now that presumably changes everything. I'm not a thief
anymore! I'm a swan dying of lead poisioning. It feels SO good! Time
for a new thread...................anyone?
NudeEmperor
Alex Birj
09/24/2001 12:22:12 PM 681970 NewsPro bl...@blag.com Balva Rande 1 Refund
Refund - 2001-09-29 20:56:42 - fraudulent order, stolen credit card
10/31/2001 12:00:00 AM 700804 NewsPro ar...@arsed.com David Brickell 1
Chargeback Chargeback - 2001-11-29 14:09:56
11/07/2001 03:31:54 PM 735350 NewsPro i...@ruined.net Michael Adam 1 Refund
Refund - 2001-11-15 09:50:57 - fraud order; stolen credit card
12/31/2001 12:00:00 AM 799456 NewsPro big...@bigsecret.com Lonnie S. Porter
1 Chargeback Chargeback - 2002-01-02 21:45:50
01/15/2002 02:50:51 AM 834006 NewsPro bem...@bemused.com Honest Visions 1
Refund Refund - 2002-01-15 09:02:35 - ordip is japan and free email
01/16/2002 08:48:13 PM 836828 NewsPro dot...@dotters.com David Graham 1
Refund Refund - 2002-01-17 21:14:58 - Refund
The encryption technique employed (only in registered versions) is identical
to one used in secure (https) connections with high 128 bit cipher strength
(when e.g. you submit your credit card details - see about box in IE for the
cipher strength), but newspro is the client and the server in same time, no
third party is involved, a random newsserver is used like a router in the
secure communication (and any communication usually goes through a number of
routers), you can guess it is completely private and secure.
I have no problem with a registered user contacting me and asking a version
that doesn't do it (I think maybe to limit NudeEmperor to such a version if he
so much opposes that), it is no problem at all to maintain such a version, just
comment out a single line in code.
What NudeEmperor effectively does he divert users who don't have clear
understanding, it is not a problem with me, unless there is a proof that the
program does something that may violate privacy of any newspro users.
If a number of registered users are opposed to this or similar method - I
can remove it, just possibilities for handling fraudulent orders will be
diminished. From technical point of view it is very innocuous method since
nothing is compromised.
solo <so...@yahoo.com> wrote:
>Spenser said, "It's from another one of those guys named Sylvan
>Butler from that N.S.R newsgroup you like so much":
>
>> On Wed, 06 Feb 2002 19:13:50 +0000, NudeEmperor
>> <NudeE...@nospam.com> wrote:
>
>>> There's no law against software which 'employs a user's
>>> Internet connection in the background without their knowledge
>>> or explicit permission' but there is publicity.
>
>> and the more publicity, the better.
>
>Unfortunately for Alex, it's BAD publicity. I was thinking of
>checking out Newspro in my constant search for the best newsreader
>(of which Xnews is the current titleholder) and after reading
>about it's 'covert' communications with little regard for the
>user's concerns and Alex's pathetic and belligerent defense, I
>won't even bother now.
>
>Just like I won't bother with XP until I hear otherwise, but
>because MicroSquish does it doesn't mean Alex can implement some
>nefarious plan to spy on his customers. I don't care about his
>struggle with those big bad crackers and warez dudz. As a customer
>I find those kind of distrustful activities to be distastful and
>distracting. It's like... oh wow, I almost started a rant...
>
>Alex, please tell us here in n.s.r when your software behaves more
>respectfully towards your customers and maybe I'll think about
>shelling out the $40 or so if it's good enough. NudeEmperor will
>keep you honest.
>
>
>--
>Solo
Alex Birj
to boast in public about it, it is an elementary thing to understand this is
not an argument that should be used.
All your theories sound so senseless on the brink of delirium it looks like
a deep rooted personal revenge (I dearly hope so), maybe because you had to
spend months in trying to achieve what for a cracker with a disassembler would
take several hours to fix. I'm sorry about your inconvenience, I have nothing
to do with it. I don't know much about you so I cannot blindly judge your
actions.
Order number 02042002-33168-1097 has been refunded in the amount of $35.00.
ORDER INFORMATION
-----------------
Tracking ID : 864238
Product : NewsPro
Product ID : 33168
Qty : 1
Order Name : Mr Martin ...
Order Email : m...@orange.net
Order Date : 2002-02-07 05:30:03
Refund Reason: 2002-02-07 05:12:00 - Vendor Request
Order Total : $35.00
If you have any questions please contact sa...@regsoft.com .
Sincerely,
The RegSoft Team
RegSoft.com, Inc. - Shareware Sales and Registration Service
PMB 201
10820 Abbotts Bridge Rd
Suite 220
Duluth, GA 30097
Alex Birj
NudeEmperor
<alexand...@tx.technion.ac.il> wrote:
> Who needs your money anyway,
D'ya know? I've always wondered about that myself.
> even if you registered it is not a good idea
>to boast in public about it, it is an elementary thing to understand this is
>not an argument that should be used.
You're probably right. But I was SO proud of myself. The feeling was
SO good that I was almost tempted to pay for XP and the Betty Ford
tapes as well. Of course when I came down off the stuff, reality
dawned.
> All your theories sound so senseless on the brink of delirium
You don't know how close to the truth you are. <sniff>. I have to
submit to an hour-long session from Big 'Dong' O'Reilly up the hall
but he gives me half a gram a week. It helps with the involentary
twitching.
> it looks like
>a deep rooted personal revenge (I dearly hope so), maybe because you had to
>spend months in trying to achieve what for a cracker with a disassembler would
>take several hours to fix.
Oh! Alex! Alex! Cruel! Cruel! I bet you pulled the wings off little
flies when you were a kid too!
> I'm sorry about your inconvenience, I have nothing
>to do with it. I don't know much about you so I cannot blindly judge your
>actions.
No...no....go on, your're doing pretty well..............
>
>Order number 02042002-33168-1097 has been refunded in the amount of $35.00.
>
>ORDER INFORMATION
>-----------------
>Tracking ID : 864238
>
>Product : NewsPro
>Product ID : 33168
>Qty : 1
>Order Name : Mr Martin ...
>Order Email : m...@orange.net
>Order Date : 2002-02-07 05:30:03
>
>Refund Reason: 2002-02-07 05:12:00 - Vendor Request
>
>Order Total : $35.00
>
>If you have any questions please contact sa...@regsoft.com .
Now, was that REALLY necessary? You and Big 'Dong' O'Reilly have a lot
in common you know; AND you both know how to bring tears to a guy's
eyes.
NudeEmperor
NudeEmperor
<alexand...@tx.technion.ac.il> wrote:
>If a number of registered users are opposed to this or similar method - I
>can remove it
Yeah, but there's a teeensy weeensy little problem about this that you
may have overlooked. How were these users ever to know about it unless
someone dragged you out, kicking and screaming, to admit it?
> From technical point of view it is very innocuous method since
>nothing is compromised.
Oh! No! Of course not! You know, that's just what Big 'Dong' O'Reilly
up the hall says to me during our little sessions (see later post).
NudeEmperor
Alex Birj
>may have overlooked. How were these users ever to know about it unless
>someone dragged you out, kicking and screaming, to admit it?
>
You didn't prove that something is done contradicting the user privacy
statement on the newspro homepage, it was a good try but you didn't find any
evidence against it.
Damian
news:a3vc4r$ru2$1...@geraldo.cc.utexas.edu:
> privacy statement on the newspro homepage, it was a good try but you
> didn't find any evidence against it.
Your privacy policy states, "Thus all feedback available to us is
completely under the user control." Did you not just admit a few
messages back that your program surreptitously posts messages to
newsgroups? That sounds like feedback outside the user's control to me.
--
-Damian
Damian
news:Xns91AED0CF0FE...@216.65.3.131:
> Hey, why don't you guys take this crap to email and quit polluting
> this newsgroup?
A) That was my first post on the topic.
B) This is news.software.readers, an appropriate venue for discussing
the behavior of a news reader.
C) You're using Xnews, so here's a tip: Article-Add to Score File-Kill
Entire Thread.
D) Bite me.
--
-Damian
Alex Birj
to reach a conclusion about all that.
Blinky the Shark
> Damian <8nzs...@sneakemail.com> wrote in
> news:Xns91AEDA5BC956A8n...@64.154.60.171:
>
>> Your privacy policy states,
>
> Hey, why don't you guys take this crap to email and quit
> polluting this newsgroup?
Sounds relevant to a newsreaders group, to me. Try filtering?
--
Blinky
Alex Birj
>completely under the user control." Did you not just admit a few
>messages back that your program surreptitously posts messages to
>newsgroups? That sounds like feedback outside the user's control to me.
>
Yes, it is still true. The program doesn't post any messages, nothing appear
in newsgroups, it is a search command that is issued maybe once a two weeks
only once, takes maybe a second and maybe 150 bytes of traffic, the right
question is why the command doesn't violate user privacy that is also stated in
the privacy page.
I'll try to explain the latter.
There is such notion as symmetric cipher, it is used to encrypt messages
that go through secure connections or virtual private networks, the https
protocol that is used e.g. for securely submitting credit card details consists
of two parts - two sides negotiate to get the same symmetric cipher key on both
sides (with more slow asymmetric algorithm to secure the key sharing), once
they have the key they can securely negotiate. E.g. you can find a strength of
the symmetric cipher in the about box of IE (so the value is important, it is
also very important you'll see there 128 bit since this strength is
unbreakable, so given a ciphertext there is no chance to restore the key or
even decrypt the ciphertext) - unrelated to newspro which always has the
high-strength cipher .
NewsPro registration key contains a symmetric cipher key, so it encrypts
the phrase 'OFreude' and maybe once in two weeks checks within an existing
connection to a newsserver whether there is a message that in the 'from' field
contains the encrypted phrase. If it does - it reads the 'organization' field
that contains another encrypted phrase 'MeineSeelewartet'. It decrypts the
phrase with the key and compares the result with the original text that should
be there ('MeineSeelewartet'), to avoid forged messages if someone intercepted
the first ciphertext. So it checks for one ciphertext and gets another
ciphertext, like a kind of secure communication, but since newspro is which is
asking and which is receiving - there is no need in the symmetric key exchange,
so it is really simple.
So by posting a message (like alert) that contains the ciphertexts (since I
have the serials from fraudulent orders) I could take measures against them.
Clearly user privacy wasn't violated in the process.
Murray Peterson
> [snip]
> E.g. you can find a strength of
> the symmetric cipher in the about box of IE (so the value is
> important, it is also very important you'll see there 128 bit since
> this strength is unbreakable, so given a ciphertext there is no chance
> to restore the key or even decrypt the ciphertext)
> [snip]
You had better read up on your encryption theory a bit more. 128 bit
encryption is "strong", but nowhere close to "unbreakable".
--
Murray Peterson
Email: murray_...@shaw.ca (remove underscore)
URL: http://members.shaw.ca/murraypeterson/
Alex Birj
the message) and the key is published in newsgroups, there is nothing to break.
:)
If you break 128 bit encryption - you will bring down all secure communications
and VPN - just about everything, it is in the same row with breaking RSA, your
assertion is incorrect.
The current state is here:
http://www.rsasecurity.com/rsalabs/challenges/secretkey/index.html
In short in 265 days 56 bit key was broken, as to a weakened algorithm with 64
bit key:
Contest identifier: RC5-32/12/8
Cipher: RC5-32/12/8 (RC5 with 32-bit wordsize, 12 rounds, and 8*8=64-bit key)
Start of contest: 28 January 1997, 9 am PST
State of contest: ongoing
IV: 79 ce d5 d5 50 75 ea fc
Hexadecimal ciphertext:
The standard algorithm contains 16 rounds, not 12 and also they gave some more
info (like 3 blocks of known text, read, it is all there, also
http://www.rsasecurity.com/rsalabs/challenges/secretkey/secret-key.html
Alex Birj
text+cyphertext is far more difficult than their challenge.
Alex Birj
interested in revenge I wish someone like him won't be on your tail :)
Murray Peterson
> If you break 128 bit encryption - you will bring down all secure
> communications and VPN - just about everything, it is in the same row
> with breaking RSA, your assertion is incorrect.
>
I guess I will have to repeat myself. There is a major difference between
"unbreakable", and "very difficult to break". All public key algorithms
are breakable, with the longer key lengths obviously being much more
difficult. However, even if it takes 10^20 years to break the encryption,
it is still breakable (just not in human time frames).
John De Hoog
> However, even if it takes 10^20 years to break the encryption,
> it is still breakable (just not in human time frames).
>
Give it a rest, Murray. You are just arguing for the sake of arguing.
--
John De Hoog, Tokyo
http://dehoog.org
Murray Peterson
news:Xns91AFCD7C0373...@130.133.1.4:
> Murray Peterson <m...@home.com.invalid> wrote ...
>
>> However, even if it takes 10^20 years to break the encryption,
>> it is still breakable (just not in human time frames).
>>
>
> Give it a rest, Murray. You are just arguing for the sake of arguing.
>
And your point is?
John De Hoog
>> Murray Peterson <m...@home.com.invalid> wrote ...
>>
>>> However, even if it takes 10^20 years to break the encryption,
>>> it is still breakable (just not in human time frames).
>>>
>>
>> Give it a rest, Murray. You are just arguing for the sake of arguing.
>>
>
> And your point is?
>
That you are arguing for no useful purpose. And yours?
NudeEmperor
<alexand...@tx.technion.ac.il> wrote:
>But really it is a stupid question here, the jerk who started it just
>interested in revenge I wish someone like him won't be on your tail :)
The "jerk who started it" jerked you out of your hole to address some
pretty interesting questions that you wouldn't have addressed
otherwise.
Now, cut the playground insults and we'll all be a tad better off.
NudeEmperor.
Alex Birj
creates even worse lies) forcing me to reply and considerable amount of time
was lost, thanks to you the next release was delayed and several planned
features were postponed, so it affected many people.
Software protection schemes are secret, I don't have any intention to make
your life easier and every time you come out with something you won't be able
to prove anything.
You used the 30-day limit shareware program at least since July spreading
libel in the same time (don't pretend to be naive saying you 'found' it
somewhere, it looks really stupid).
If you have another word to define this kind of behaviour, go ahead and
name it.
Alex Birj
Alex Birj
understand, you want me to send it to you via private email or publish it here
so your comments will make some sense?
Solo <solo...@yahoo.com> wrote:
>Spenser said, "It's written by Alex Birj, for some newsgroup called
>news.software.readers dated 07 Feb 2002." Hawk said, "No Donuts?"
>Spenser said, "Sorry. Here's what it says:"
>
>> Order number 02042002-33168-1097 has been refunded in the amount
>> of $35.00.
>>
>> ORDER INFORMATION
>
> <snipped>
>
>I think you went over the line Alex on showing personal order data in a
>public forum. That should have been sent via private email.
>
>Now I definitely won't try your damn program if my privacy isn't
>protected liked NE's wasn't.
>
Alex Birj
the program, I like to work on it, so I'm working, I won't like - I won't work,
I don't care about your damn money, just moronic customer psychology, I'm a
programmer, not a salesman and you telling me stories like you are complaining
in a supermarket.
Chip Verde
> Don't do the equivolent of a strip search to catch minor thieves.
His and your charming interpersonal skills aside, that's ridiculous.
Nothing of this nature has been proven. The current version of his
program, as far as we know, does not send out any information. It pulls
in information and checks things internally.
claiming it over and over (not directed at you alone) does not make it so.
--
Chip
NudeEmperor
<alexand...@tx.technion.ac.il> wrote:
> What I mean - to achieve better publicity you mixed facts with lies (that
>creates even worse lies) forcing me to reply and considerable amount of time
>was lost, thanks to you the next release was delayed and several planned
>features were postponed, so it affected many people.
You have repeatedly accused me of telling lies over the past few
months. Despite repeated requests you've never been specific. Now stop
generalising and give me ONE example of a lie I have told or else PUT
UP AND SHUT UP!!! You on the other hand have been EXTREMELY economical
with the truth at every step of the way until it's been dragged out of
you. This thread is testimony to that.
> thanks to you the next release was delayed and several planned
>features were postponed, so it affected many people.
There was no need for that. If you spent a little less time throwing
cheap insults and a little more just admitting that Newspro employs a
user's Internet connection in the background without their knowledge
or explicit permission, then you'd have all the time you needed.
> Software protection schemes are secret, I don't have any intention to make
>your life easier and every time you come out with something you won't be able
>to prove anything.
Alex, I HAVE PROVED that Newspro is spyware, in that it employs a
user's Internet connection in the background without their knowledge
or explicit permission. Everybody accepts that and I have given anyone
interested enough (or who doubts it), the information necessary to
prove it for themselves. I think that qualifies as 'something' don't
you???!!!
And that wasn't the first time. A few weeks ago I proved (yes, with
proof) that it was contacting a web site in the background without
their knowledge or explicit permission. You presumably consider that a
lie too?
And you can rest assured that in the future I will continue to
publicise (as always, with proof) any further clandestine tactics that
Newspro employs.
> You used the 30-day limit shareware program at least since July spreading
>libel in the same time (don't pretend to be naive saying you 'found' it
>somewhere, it looks really stupid).
Eh? The teensy weensy little problem for you here is that in order for
something to be libelous it needs to be untrue. See above.
For instance, you have called me a 'jerk' in your last post. You have
no proof that I masturbate (apart from my admission that I'm the owner
of a nearly empty box of 2-ply Kleenex and a photo of George Bush in
floral speedos). I could have a heavy cold? Perhaps my weeping
groinial eczema is acting up again? You don't know. Now, THAT is
libelous. And anyway, even if I've rendered myself veritably
cross-eyed though years of frenzied genital abuse, how does that
affect my point?
But you seem to have a little problem with the definition of the word
'lie'. In your mind a lie is defined as a fact that you don't like.
> If you have another word to define this kind of behaviour, go ahead and
>name it.
Am......er.....will a phrase suffice? "Publicising the fact that a
particular piece of software is spyware" i.e. it employs a user's
Internet connection in the background without their knowledge or
explicit permission
NudeEmperor
NudeEmperor
<alexand...@tx.technion.ac.il> wrote:
>If you have nothing better - just eat it.
Ouch!
Koan G
news:6g186u42tnn0kblvu...@4ax.com:
> And anyway, even if I've rendered myself veritably
> cross-eyed though years of frenzied genital abuse, how does that
> affect my point?
Well, it might have worn it down a bit! ;-)
(Well done on the short-lived foray into the realm of paying for
software, BTW; AFAIC, you've quite regained the moral high ground.)
Cheers,
--
"a mystery or puzzle with no logical solution"
http://info.astrian.net/jargon/terms/k/koan.html
Use Reply-To address or replace deadspam with hotmail
mailto:u...@ftc.gov (Where does your spambot want to go today?)
Alex Birj
change that, so better it to be good. The purpose is to make difference between
registered and unregistered users, at least out of respect to the former. So
I'm rather oriented to former customers than perspective ones.
I don't worry and I issued the refund myself (read the message preceeding
the refund and the reason should be clear), but I cannot accept libel (like the
crying subject of the posts in the thread), the only reason why I intervened.
Solo <solo...@yahoo.com> wrote:
>Spenser said, "It's written by Alex Birj, for some newsgroup called
>news.software.readers dated 08 Feb 2002." Hawk said, "No Donuts?"
>Spenser said, "Sorry. Here's what it says:"
>
>> Are you blind or just stupid? Where do you see personal data? I
>> don't understand, you want me to send it to you via private email
>> or publish it here so your comments will make some sense?
>
>With PR abilities and a sweet temperment like yours, you should do well
>in business.
>
>Maybe if you had some *and* made a good program, you wouldn't have to
>have to be worried about every Tom, Dick & Harry who stiffed you on
>registration. Some small theft losses are inevitable in the business
>world. Get f*cking use to it. Don't do the equivolent of a strip search
>to catch minor thieves.
>
>
>
>--
>Solo
NudeEmperor
<alexand...@tx.technion.ac.il> wrote:
>You didn't prove that something is done contradicting the user privacy
>statement on the newspro homepage, it was a good try but you didn't find any
>evidence against it.
I didn't prove that nor did I set out to prove that.
I proved that Newspro employs a user's Internet connection in the
background without their knowledge or explicit permission.
The so-called 'Privacy Statement' makes no EXPLICIT reference to the
fact that messages are read by Newspro from alt.binaries-e-book and,
until it does so explicitly, until your Help file does so explicitly,
until your documentation does so explicitly, then Newspro will
continue to 'employ a user's Internet connection in the background
without their knowledge or explicit permission' (a.k.a. SPYWARE).
Don't worry though. As long as you continue to try to fool your users
with vague so-called Privacy Policies, I'll make them aware of the
truth, explicitly.
NudeEmperor
Alex Birj
Alex Birj
and use a stolen key like during the last six months, well, thief and oracle in
one incarnation.
Alex Birj
everything what is connected to all the story. Forget about newspro since
apparently that went very wrong, at least give it a long time to calm down. Out
of respect to yourself, you don't have several lives, there is a lot of things
to do. My conscience is clear, I never had a thought about spying on users, the
thought itself is disgusting. I perfected the code so technically it wouldn't
possible. So I won't change anything in favor to public opinion unless a
potential for leaking information will be proven, I'm sure there is no such a
problem. I don't care, but I don't understand you. If I were you I would move
the focus of your activities to something more useful, just think on what you
are wasting your time, on whom you are really working. You can play on public
opinion if it makes you happy, if you cannot find something more worthy to do.
I don't care about negative impact and I don't want any gains from publicity
you are creating.
Sylvan Butler
> I don't know where you are but where I am from there are laws about the
> protection of personal data.
Your point? There was no personal data.
sdb
--
| Sylvan Butler | Not speaking for Hewlett-Packard | sbutler-boi.hp.com |
| Watch out for my e-mail address. Thank UCE. #### change ^ to @ #### |
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. --Benjamin Franklin, 1759
Fight terrorism, arm the population!
Blinky the Shark
news:Xns91AF36DFA2C...@216.65.3.131:
> Blinky the Shark <no....@box.invalid> wrote in
> news:Xns91AEC3DD85...@209.155.56.91:
>
>> Sounds relevant to a newsreaders group, to me. Try filtering?
>
> I was talking about the whole Newspro pissing contest thread.
> Besides, this is an Xnews newsgroup. :)
Pissing, perhaps, but still not offtopic pissing, I think. But as
for the Xnews group, I certainly agree. :)
--
Blinky
Blinky the Shark
news:Xns91AF95F...@149.174.44.1:
>>
>> ORDER INFORMATION
>> -----------------
>> Tracking ID : 864238
>>
>> Product : NewsPro
>> Product ID : 33168
>> Qty : 1
>> Order Name : Mr Martin ...
>> Order Email : m...@orange.net
>> Order Date : 2002-02-07 05:30:03
>>
>> Refund Reason: 2002-02-07 05:12:00 - Vendor Request
>>
>> Order Total : $35.00
>>
>> If you have any questions please contact sa...@regsoft.com .
>>
>> Sincerely,
>> The RegSoft Team
>>
>> RegSoft.com, Inc. - Shareware Sales and Registration Service
>> PMB 201
>> 10820 Abbotts Bridge Rd
>> Suite 220
>> Duluth, GA 30097
>
> I don't know where you are but where I am from there are laws
> about the protection of personal data.
Probably why he didn't show the person's full name or address,
wouldn't you say?
--
Blinky
~~~i LeoNid ~~
<Znospam+...@hpb13799Z.Zboi.hpZ.com.invalid> planted &I saw in
news.software.readers:
> On 6 Feb 2002 22:56:58 GMT, Blanky <blacb...@lin.com> wrote:
>> As far as I am concerned any software which wastes my machine/dialup
>> resources is not welcome.
>
> Exactly.
>
> If it does anything not directly what I told it to do, it is bad.
>
True. But for that you should know HOW they do it. (Whether developers reveal
it or not;) Coz, they might say - that id-on is needed for
proper functioning..
So the question here is, how to know HOW they are doing thing, not just WHAT
(or for which aim;) they are doing ;)
> sdb
--
LeoN to e-mail: cut "auto_no." if present.
(.ą.) ` to think - is to speak quietly, to speak - is to think aloud`
\~/
My posted articles archive: http://nux.21yo.net/doc00.htm
.
NudeEmperor
>Well, it might have worn it down a bit! ;-)
>
>(Well done on the short-lived foray into the realm of paying for
>software, BTW; AFAIC, you've quite regained the moral high ground.)
>
>Cheers,
Hey! Welcome back guy! We all thought we'd lost you back there! The
others wanted to leave you to the jackels but I wouldn't hear of it.
The nights have grown colder now; and the days somewhat less
forgiving, but our little group will not be worn. I'm sure some
Churchillian profundity might be appropriate here but I lost my
quotations book in battle on Mount Birj. I came back down with nothing
but a few tablets of stone to show for my efforts.
No matter. The main thing is you're back with us again.Have a wee dram
and warm yourself by the fire! We have another long day in front of us
tomorrow. Know any good insults?
NudeEmperor
Blinky the Shark
news:Xns91B0A9B...@130.133.1.4:
> Blinky the Shark <no....@box.invalid> wrote:
>>
>> Probably why he didn't show the person's full name or address,
>> wouldn't you say?
>
> Yes, he held back but he still revealed personal data. Personal
> data need not be confined to a full name or address.
What personal data? A first name. A domain.
--
Blinky
Blinky the Shark
> Blinky the Shark <no....@box.invalid> wrote:
>>
>> Probably why he didn't show the person's full name or address,
>> wouldn't you say?
>
> Yes, he held back but he still revealed personal data. Personal
> data need not be confined to a full name or address.
My bad. I just replied without giving your *second* sentence it's
due. Sorry about that. Here's its due:
Sam
There. Did I just reveal enough personal data to be problematic? I
don't *think* so. I certainly, and honestly, didn't mean to. And I
believe that's the equivalent of what he (the snipped spyware
author) revealed.
--
Blinky
Alex Birj
employee, enjoy Usenet, don't forget about the (damn but steady?) job :)
So maybe I was right from the beginning, already started to doubt it.
Local Government Information Systems (LOGIS) is a consortium of Minnesota local
government units. The purpose of LOGIS is to provide a full range of locally
supported, highly reliable management information systems, data processing
services, and related support services.
Mike Garris Executive Director
Keith Anderson GIS Analyst
Heather Campson Receptionist/Clerk
Ryan Ekegren GIS Technician
George Gombos Accountant
Sharon Lange Senior Secretary
Shawn Strong GIS Technician
Ben Verbick GIS Coordinator
Chris Norton Manager of Application Support and Administration
Lorraine Boehm Support Analyst
Sandy Hamel Support Analyst
Nancy Hilary Support Analyst
Renee Hosch Senior Support Analyst
Nate Olson Support Analyst
Bryan Rhody Support Analyst
Rich Sonenblum Application Support Supervisor
Dave Schleicher Senior Support Analyst
Mark Tande Support Analyst
Jane Watje Training Specialist
Kevin Pikkaraine Manager of Network Services and Operations
Dan Cook Network Specialist
Tom Curtis Network Specialist
Kien Ly Operator
Ed Matthews Operator
Ron Pikkaraine Network Specialist (Contractor)
Chris Polston Client Server Specialist
Janelle Rients Network Administrator
Glenn Thier Network Specialist
Norb Vossen Network Wellness
Ray Jozwiak Manager of Application Support and Technology
Tom Flynn Programmer/Analyst
Cheryl Joens Support Analyst
Paul Norton Support Analyst
Lonnie Rolf Programmer Analyst
Maria Rucke Support Analyst
Liz Saari Support Analyst
Solo <solo...@yahoo.com> wrote:
>Spenser said, "It's written by Alex Birj, for some newsgroup called
>news.software.readers dated 08 Feb 2002."
>
>> get a name first, coward :)
>
>I have one idiot. WTF do you think my sig says? If you think I'm going
>to provide any more info than that to an obviously unstable jerk-off
>like you, then you're crazier than you look.
>
>BTW, your so-called website looks like shit. How are you going to sell
>your pissant product with a site like that?
>
>--
>Solo
Alex Birj
laugh.
I should admit I completely failed in my objective to persuade NudeEmperor to
buy ten copies of WinXP, but somehow I feel relief about that - it is not the
time yet.
I'm sorry about all irrelevant staff posted in the thread, apparently nothing
was achieved, apart from the release that I managed to complete in the
meantime.
solo
news:a446ne$pq8$1...@geraldo.cc.utexas.edu:
> Maybe one of them, one doesn't expect something better from a
> goverment employee, enjoy Usenet, don't forget about the (damn but
> steady?) job :)
>
> So maybe I was right from the beginning, already started to doubt
> it.
Wrong, but all this shows you are a vengeful nut who can't drop
anything. First you get caught in a spyware expose, then you try to
flame and get back at anyone who tries to criticize you. Get some
therapy jerk.
BTW, what are you doing with the The University of Texas at Austin;
Austin, Texas? Are you developing your pissy software on University
computers?
Wolfgang Schelongowski
NudeEmperor <NudeE...@nospam.com> writes:
[definition of spyware]
>Now before we get into a long, boring and fruitless debate on
>semantics lets accept that there are TWO kinds of related activity
IOW you want everybody to accept your definitions.
>that a program can indulge in that most people accept is of dubious
>justification:
>1) Software which employs a user's Internet connection in the
>background without their knowledge or explicit permission to SEND
>data.
That's spying.
>and
>2) Software which employs a user's Internet connection in the
>background without their knowledge or explicit permission to RECEIVE
>data.
That's *not* spying. The analogon would be "waking" an agent who's been
a sleeper in enemy country.
>Can you please provide me with a term to cover 2) above?
Trojan would be correct but maybe not specific enough. Agentware?
Sleeperware? Stealthware?
>And if you do
>then you'll have to provide me with a term to cover a piece of
>software which does both. We may then need a further generic term to
>describe a piece of software that does either. That's three new words
>you need to coin and get accepted.
Why? If you'd give everything a special name you're into a never ending
recursion.
>The alternative is to simply
>qualify the word 'spyware' where needed.
It is misleading because 2) does not spy.
--
"Some people are heroes. And some people jot down notes."
-- Terry Pratchett, The Truth
Alex Birj
I hope the next time when I'm in the middle of work on a release nothing like
that will pop up.
>BTW, what are you doing with the The University of Texas at Austin;
>Austin, Texas? Are you developing your pissy software on University
>computers?
No, it is how I'm killing my time on death row.
Frank Slootweg
> Shareware concept presumes software protection,
May be in your universe, but not in the real one. Most shareware was,
and probably still is, *not* protected. What you describe is licensed
commercial software. Having 'free' trial versions does not change that.
(Not that there is *no* shareware which uses protection, but saying that
shareware *presumes* protection is stretching things too much.)
[We now get ready for the next definition-fight: What shareware is and
is not.]
solo
Recently I became involved in this thread and indulged in some
childish name-calling against Alex Birj. I fully regret the
escalation and I want to apologize to Alex and state that I have
nothing against him or his fine program. I have no experience with
his program and I should have kept my mouth shut until I knew more
about it.
That does not in any way absolve myself for getting into flame
wars, which too often I have a tendency to do. Sometimes when I am
tired or stressed, my dark side will come out. I sincerely regret
it.
I am in no way associated with any of the other participants in
this thread, and I should have checked out the background of the
dispute before jumping in and slinging insults.
I also want to affirm that all the ill-conceived opinions were my
own, and were not condoned by any other organization, including
the one I posted through. I use Logis as an ISP, not as an
employee, of which I am not, and they should not be held
accountable for my stupid and idiotic words.
Any reactions and comments can be addressed through my private
email address at solo...@yahoo.com. Please don't aggravate
Alex's feelings further by commenting in this thread.
Thank you for reading this and I promise to be good from now on
:-).
--
Solo
Dufus Systems
I wrote Newsbin so, I feel for you but, goddamn if you just kept quiet this
whole thing'd just blow over. You're digging your own grave here. Stop,
trying to justify what you do. How long have you been on usenet? Nothing
ever gets solved here. If it wasn't for all the porn, I wouldn't bother with
it.
"If it runs, they can crack it" are the words I live by. At best, you can
delay them. For that reason, I won't put anything into the program that
might piss off the paying customers.
Quade
www.newsbin.com
Alex Birj
concerning cryptographic topics in public.
Incidentally I studied the topic of software protection and attitude of authors
to distribution of pirated versions, also in your case (but I don't study other
programs with the purpose to adopt features, it is my major drawback actually,
I'm afraid to take something that doesn't belong to me).
Look, you and me have different approaches to customers we want and development
strategy.
First your program was cracked in such a way that everyone could download
working version for months from your site, actually it shouldn't affect the
number of registrations like you are complaining (if it is the case it is a bad
sign as to the quality or feature set of your software), since I studied the
matter too, I found no difference, at least I believe it is the case since in
the end we are talking about human nature here and our aspiration is it will
prove to be favorable to us if we deserve it. So you were encouraging that,
don't be ashamed to acknowledge that.
The problem is to be frank and sincere, if you are declaring 'I succumb to
hackers/crackers' (and I hear it from an American) - call the program
'donationware' like XNews and not 'shareware'. If you call it shareware - take
protection issues seriously, it is a part of the deal then. Take time to study
cryptographic algorithms, encrypting an executable for registered users is not
a difficult thing to do which provides minimal difference and gives you time
until the next successful fraudulent order and one will never download a
registered version from your site except for a short time while you are unaware
of the fraudulent order - it also saves traffic.
If they cracked it - they won, they won in your case and not in mine, it is all
(at least up to now and it is a process, not a static state), you just stated a
fact about your program, nothing more, nothing to do with digging graves, I
have different associations, in Israel they like to use an expression like 'be
a man', something from that sphere, nothing about money here at all. But you
don't care about the protection or even the program itself (if it wasn't for
all the porn...) then something else comes first, what is it?
I may allow relaxations toward past pirated versions since I'm kind in my ways
but I will never put equality sign between registered and pirated users out of
the sheer respect to the former even if I lose money on that, money comes
second here, as to graves, sooner or later... At the same time I don't hate
pirated users or even the cracker that may finally succeed like you said, just
say sometimes such users may deserve disrespect but sometimes not - depending
on their circumstances and if crackers do it for love - what can I do?
I think you are on the right track after finally you gave up on collecting
upgrade fees (what moved you really?), exchanging love (even love to a program)
for money in such a way was not a decent thing to do for projects of that scale
- and since you are not living in a banana republic you always have the safety
net called " job"; if you want to revive a dead thread I allow myself to revive
some past details of your affection to your registered users, they weren't
pissed then I guess since it was not in the program code - just in the author's
moral code. I'm proud to have clean memories regarding all concerning newspro
registered users.
I also would advise to change newsbin trial period from 10 days to more, since
you force customers to use pirated versions. Programmers know that some bugs
might be very nasty and take months to find and fix so given your refund policy
"Since we allow 10 days of full functionality for you to determine if NewsBin
fits your needs, we do not offer refunds after purchase. We will do everything
possible to fix any bugs that you encounter after your 10 day trial if it is
keeping you from using NewsBin to your continued satisfaction" - you encourage
using pirated versions. Even with 30-day trial period I always gave a
possibility to extend the trial if one asks me for that.
Alex Birj
didn't notice that, at least we observe overall positive tendency here, it was
the point.
"NewsBin Professional has a one time registration fee of $35.00 for users
registering version 3.0 or above. All upgrades above 3.0 (yes, that means
4.0+) will be free to registered users. If you registered an earlier version,
contact us about receiving a special upgrade price at sa...@newsbin.com."
Alex Birj <alexand...@tx.technion.ac.il> wrote:
>
>I think you are on the right track after finally you gave up on collecting
>upgrade fees etc.
Alex Birj
I think Usenet need simple mechanism to support verifyable cancels that will
force servers to cancel messages, I have a simple solution (should be supported
on the server side) that will be achieved by adding a short header field using
symmetric cipher. Currently many servers don't support cancels because of
possible forged cancels.
The scheme is the following:
for every posted message a random symmetric key is generated and kept by
newsreader or written to a file.
random text is generated and encrypted with the key
length of the text=length of the key=symmetric cipher block length
then cancel id is generated from the base64th ciphertext+text (concatenation)
Cancel-ID: Base64(concatenation(ciphertext,text)) [Algorithm]
Default symmetric cipher algorithm may be RC5, but it would be possible to add
other algorithm by defining its name explicitly.
When we want to cancel the message we should add the header:
Cancel-Key: Base64(key) [Algorithm]
the server will decrypt the ciphertext with the key and compare with the text
if they coincide the cancel is approved.
also message-id is compared.
Currently it is quite safe to use 64bit key, the weakened RC5 challenge stands
since 1997 unsolved ($10000 reward), it is also possible to use 128bit keys
that are currently used for high-grade secure connections.
with 64 bit key 8+8=16 bytes will be encoded to 22 bytes base-64, for 128bit
key - 44 bytes.
Alex
Alex Birj
Now some considerations about cancelling Usenet messages:
Alex Birj
apparently sparked the reaction and I wasn't in mood to take it properly (i.e.
not to answer) - but some servers will ignore the cancel.
I also submitted proposal for verifyable cancelling of usenet messages,
unfortunately I appended it to the reply to a wrong message in the thread, so I
cancelled them too and resend it as a separate message, it is not quite normal
one cannot cancel his own messages in a reliable way.
Alex