Kazaa Users Unwittingly Share Private Files

Discussion in 'privacy problems' started by spy1, Jun 9, 2002.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Tests show more than 60 percent of downloads using popular P-toP app could be files not intended to be shared.
    Scarlet Pruitt, IDG News Service
    Friday, June 07, 2002

    Users of the Kazaa peer-to-peer file sharing network are unwittingly trading private files due to the confusing and somewhat misleading nature of the software's user interface, a new report indicates.

    Kazaa, which boasts millions of users performing more than 85 million downloads a day, is one of the most popular P- to-P applications available. But although users are well aware of its song and movie-swapping capabilities, a significant number of them don't realize that all the files on their computers are potentially up for grabs, according to the report.

    Article here: http://www.pcworld.com/news/article/0,aid,101726,tk,dn060702X,00.asp . Pete
     
  2. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Wow! Actually I shouldn't be surprised as this outfit hasn't proven to be totally on the up and up. WHY can't SOMEBODY develop peer to peer software for the masses that could catch on and resist the temptations to accept the payments for spyware, selling the mailing lists, etc. In short, another SHAWN FANNING? (A "profile in courage" in my book.) It's funny, because it was not that long ago, but I sometimes feel a corny sense of nostalgia about Napster at its prime. Those were the days! Honest now, what percentage of your mp3 collection came from the hey day of Napstermania? Me too - a BIG percentage.

    John
    Luv2BSecure
     
  3. controler

    controler Guest

    I use Kazza and Spybot S&D gets rid of the garbage
    popups just fine on my XP.
    I thought only the folder named shared was open to the public. I always go into options and set the upload to two max with a small bandwith.
    So even if they are getting files, it takes them forever LOL.

    [glow=red,2,300]controler[/glow]
     
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    controler,

    Correct me if I'm wrong, but in case your are stating you are using SS&D to ditch spyware components, we do not condone such a thing in regard to EULA violaton.

    regards,

    paul  
     
  5. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    But neither do we condone spyware.  Right?
     
  6. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    What we strongly suggest is that people ditch spyware-infested apps altogether and replace them with apps that don't spy to start with, Checkout.

    We definitely do not condone hacking a program if it violates the EULA that a user agreed to before installing it. Pete
     
  7. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    No, no, of course we don't condone people breaking unenforceable contractual agreements which they never, ever read and are usually to their detriment.

    Perish the thought.
     
  8. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Call it what you like, Checkout.

    If someone says that you can use such-and-such a program, as long as you don't do such-and-such to it, and you say "Yes, I agree to that" by clicking on the applicable button, then as far as I'm concerned, you've given your word to abide by that agreement - and you have absolutely no right - either legally or morally - to then go back on your word by altering the program's intended function to suit yourself.

    If the concept of giving your word on something and then sticking to it escapes you, I can't help you with that. Pete
     
  9. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    There are interesting points arising, Pete.  Scenario:  you (knowingly) download KaZaA, complete with s/w which you know will attempt connection with some IP address via UDP.  You don't like it, but you clicked 'Agree'.

    Question:  are you then obliged to modify unrelated software, say Look'N'Stop, to allow UDP (even if you know UDP is dangerous) or open a port as a server, which you also know is dangerous?

    Not being awkward here - just pointing out that sometimes EULAs can conflict, if nothing else, than with your own best interests, at worst with each other.
     
  10. controler

    controler Guest

    but but but I didn't know spybot was so good it would get rid of the garbage in Kazza , it was an accident ;)
    I sure hate to stop using it now that it works so much better. It is such a good way to pick all those new nasties floating around too. ***evilo Grin***

    [glow=red,2,300]controler[/glow]
     
  11. Brilliant was killed with Javacool and PepiMK's BD3 killer software.  We all applauded - I mean, unanimously.

    Are we running a double standard here, guys?  Oh yes we are.  Damned hypocritical one, too.

    I have worked as a contract Consultant Systems Programmer for twenty-five years.  When I receive a contract, I read it, and if I don't agree its terms (ie, no notice period on my part but one week on theirs) then I change it, and only when the final contract form is agreeable to both sides, will I sign it.

    Software agreements ("EULA") are typically non-negotiable.  Take it or leave it, suckers - type of thing.

    So, how do I treat these things?  I observe the spirit of the EULA.  I recognise copyright and patent.  I do not respect unfair contract terms which prohibit my use of other licensed software or the right to use the software in the way which best suits my needs.

    I am not a thief.  Neither am I a fool.
     
  12. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Checkout - You said it PERFECTLY. I understand the board "officially" might need to say one thing. BUT, if it is really believed - that's a problem.

    THINK!! Disabling some of Microsoft's stuff using XPAnti-Spy, mentioned here all the time, heck, even programs that "tweak" Windows are technically  a violation of Microsoft's EULA regarding no "modifying of said software during use unless Microsoft offers the option within the interface to modify use."

    THINK!!  What about AdAware? Some of that stuff they rid our systems of came in software we downloaded after checking a box saying we wouldn't modify it!

    Checkout, this is almost bizarre to see the defense of spyware, when half the posts here are about software made to get rid of the crap.

    As far as "keeping our word" that's a stretch, Pete. Since when have any of us downloaded a program we discovered to have spyware in it and haven't all discussed the best program to get RID OF IT?

    I'm confused.

    John
     
  13. controler

    controler Guest

    Wild Tangent is the one that came packed with my nice shinny new HP laptop. Now you know I Do like HP and think Dell is overpriced but I am not about to leave Wild Tangent on my Laptop and I am very sure HP could care less if I remove it.
    Microsoft could care less what you do to your own system as long as you don't call them for support afterwards ;)
     
  14. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Well said, Controler. I am wondering what's happening when all of a sudden there is this outcry about SPYWARE Eula'so_O?
     
  15. snowman

    snowman Guest

          hope no one minds if I respectfully express a few thoughts on this.

          if a person fails to read the contract....who's fault is that.

         is the contract one-sided..un-enforceable..it may well be...however, no one is forcing a person to agree to accept the terms.   its a personal choice.

       Double standard:   how so ?   that which is put on a computer un-knowingly...without consent....is not in the same ballpark with things that have knowingly been placed on a computer.  
       Brillant did not advise users that it was placing garbage on their computers.....Javacool's program removed that which was un-knowingly put on the users computer.......now that users are awear that Brillant does install garbage....an they agree to accept the garbage.....who fault is that?
        Adware:  the same as above applies.....

        most of us here are capable of knocking an attacker into the twilight zone....but we don't.  is it a double standard to block the attackers instead?  or perhaps we should just let the attackers take over our computers....which is what spyware does.
       imo if a person agrees to accept and use spyware then they should pay the piper........for the simple reason that they knowingly choose to do so.....oh yes they did have a choice......
      I have a compaq printer that will flat out dis-connect me from the internet to dial a 1-800 phone number....compaq has failed to address this issue...so I un-installed that part of the software that does the calling.....because I never agreed to it being installed or to it being used.......an my printer now works fine.
      M$ puts tons of garbage into a computer...as I locate it I un-install it....because I never agreed to it to begin with.....
       ok..I may not be expressing this as well as many of you could......the point is......we have the knowledge to reverse software...an we have the knowledge to make informed choices when the info is available......personally I am not going to be the person who tells some 12 year old to install spyware then teach him how to reverse eng it.....
       thank you for allowing me to express this.....that express is my very humble personal opinion...I've no desire to change anyone's else's opinions......in this world we each live with our own personal decisions.

                            respectfully
                            snowman

      P.S    rarely do I read an entire EULA.....my fault....an if later I find the program to be spyware.....I un-install it.
     
  16. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    There is no "outcry about SPYWARE Eula's" going on here, John, I apply this across-the-board. It's about ethics.

    None of the 'double-standard' remarks I've seen here hold any water whatsoever. Let me explain why:

    (a) The strong suggestion to dump spyware/adware-ridden programs is not merely lip-service - it's the only ethical course of action.

    Not only that, it's the only possible way to send an un-ignorable message to the makers of such programs that, no matter how pretty the program, the 'free'ness of it's not going to cost us our personal info - we'll get a program that's spyware/adware 'free' in the first place, instead, thank-you-very-much.

    (b) I applaud people who come out with 'countering' programs for one reason and one reason only: those programs and that spirit are the only defense we've got against being totally rolled-over by the advertisers/data-miners. Those programs are useful, to me, not because they allow people to continue to use whatever programs the scumware is contained in, but because perhaps if enough software providers see that people won't stand for it, they'll change their ways.

    And, when the people who are providing the scumware for the various software programs see what a large proportion of users are doing to defeat their attempts to datamine/advertise, maybe they won't be so quick to spend their money supporting something that has such a small ROI.

    (c) The XP-AntiSpy example doesn't wash at all - sorry. XP-Anti-Spy doesn't do a single thing that a user couldn't do himself through his own Windows settings if he/she wanted to take the time/ make the effort to learn the OS properly. We advocate the program here for people who do not, for whatever reason, want to take that time or make that effort.

    Your own example points out the fallacy of your reasoning there: " no "modifying of said software during use unless Microsoft offers the option within the interface to modify use."

    Guess what? Microsoft does offer many options within the interface to modify use! You can select all kinds of different settings, you can make registry changes, you can start and stop any service you like - all with the interface that MS provides you with!.

    (d) All of the above that I've written applies to programs such as AA - SBS&D, the BDE-killers etc.

    You eliminate the threat, first - then you find an alternative that's clean. If you have to pay for it (GASP!) - so what? Is not good, spyware and adware-free software deserving of making it's creator a profit?

    To me, it's as simple as this - if an individual uses a program such as AA, SBS&D, a BDE-killer to gut the installed scumware, and then keeps using the parent program, they're no better than someone who cracks a trial program of any sort to use it illegally (without purchasing/registering it).

    I'm a black-and-white type of guy here, okay - something's either right or it's not right, and shades of gray are (98% of the time) sheerest BS useful only in attempted justifications of a wrong.

    Absolutely no double-standard going on here on my end, people - I pratice exactly what I preach.

    Have a nice day, everyone. I hope this has helped clarify my position on this. Pete
     
  17. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Pete, let me make a few things clear:

    I respect you enormously.
    Hell, I even like you
    You're a black-and-white guy but this isn't a black-and-white issue
    This thread needs a Devil's Advocate pr we can't promote healthy debate

    (Aside to Paul: How much longer is this YaBB nonsense going to accept Preview as Post? Sigh.)

    Right. In my Devil's Advocate disguise, I have to tell you, Pete, that you are dead wrong on this single point: no amount of boycotting will change scumware writers' minds. We are a minority and they couldn't care less about us - less than %0.01 of users who are aware of security issues. Their targets are the overwhelming %99.99 home and business users who a damn anyway. We aren't going to affect them.

    I emphasise the point that there are fair and unfair aspects of many EULAs. The law expects us, as individuals, to have the plain common sense to be responsible for our own actions - hence, in law, ignorance is no defense. If you're a farmer and you spill mud, you're accountable if another driver slides on it.

    This isn't a black-and-white issue.

    However, I take a point which you may have unintionally seeded - that those of us who know better should observe all the contractual obligations.

    Only, me personally, I'll respect those items which I would normally grant to vendors controlled by Consumer Protection Acts, and screw the other garbage. Software is rarely controlled by Consumer Protection Laws.

    Pete, again, I respect your opinion and integrity. But I would not wish to be labelled as having no integrity simply because I take this opposing position. (BTW, I'm not accusing anyone of labelling me so.)
     
  18. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Pete:

    You are right, the XP-AntiSpy was a poor example. I was totally wrong as all of the things XPAS can do, I could do manually through the Microsoft interface.

    I have to take issue though with this black and white thing. I disagree completely that grey areas are 98% BS. It's one reason I think that politics is important. You look at this side, look at that side, and then democratically make a decision, PRECISELY because many things are not black and white. No, this is not an excuse to inject politics into a post. Forget I wrote that, though it's a perfect example.

    There's been a change around here about this spyware. I detect it and it's clear to me. If I understand you right, I am expected to accept freeware with no strings attached, and if I learn it has scumcode in it, I am supposed to stop using the program as opposed to getting rid of the hidden executables or whatever and use it the way it was presented to me? Is that what you're saying? Is Wilders being threatened with lawsuits or something? The change in attitude toward this stuff is bizarre. I don't think this is being consistent with much of what we have discussed here many times.

    Finally.....can there be no debate? No disagreement without questioning the integrity of another? I don't doubt your ethics for a minute. Not a bit. You are an honorable man - no question about it. But Pete, this really is not a black and white area. Someone who thinks differently than you does not make them unethical. When you wrote, "If the concept of giving your word on something and then sticking to it escapes you, I can't help you with that," I truly think you came very close to accusing Checkout of lacking in ethics and honor. I have read enough from him to know that is just not true. It wasn't an outright accusation, but it came pretty damn close. I DO think that crossed the line in debating this issue. Just being honest with you.

    John
    Luv2BSecure
     
  19. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    John,

    There has been no change; my first statement - roughly the same as Pete has posted - has been our view on this subject up from day one.

    Not at all.

    As stated before in this thread - and various times in the past: nothing has changed in our attitude regarding this subject.

    And for the record: no one is accusing anyone here. In case Checkout should feel offended or accused, I'm fairly sure he's quite able to express so himself.

    Now, let's cool down, gents.

    regards.

    paul
     
  20. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    John,

    Honestly, I didn't read it that way. Pete and I have crossed IMs enough for me to know that he's entirely honourable and not at all accusative. I think I've p!ssed him off a few times, but I'm positive he's been utterly fair.

    I really have to thank you for that comment. Thank you, sincerely. Be aware that I hold you, and practically everyone here, with the same respect. I love being a part of Wilders - it's warm, friendly, and like family, we tolerate each others' indiosyncracities.

    Hey! Successful edit! (g)
     
  21. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    I can.

    I honestly don't believe this has become heated. I just think it's valuable to play Devil's Advocate here and explore all the dimensions. I sincerely hope no-one has been offended by an honest debate.
     
  22. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Well, call me pro-active ;). As long as the thread stays on topic not diverting too much, all's just fine.

    Amen to that. Debating in a mature and adult way certainly avoids any offense.

    regards.

    paul
     
  23. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    Well, that's something people will have to change soon if a recent court ruling is not challenged and becomes a precedent
    http://www.unknownplayer.com/archive/02/06/10/737.php
     
  24. controler

    controler Guest

    Mickey

    I read this article and I think the "Super Computer Technology"
    They are refering to is the Funtion as a Super Node.
    This is unchedcked by default on install and so The user would actualy have to go to options and click on that box to make that funtion work. If Kazza decided to throught that switch without your knowledge, They would be in the wrong no matter what their statement says. Because it is a User Controlable funtion at this time.
     
  25. controler

    controler Guest

    OOPSSS Sorry, I wrote that wrong
    Mush brain again :(

    By default Kazza makes you a Super Node and yo have to check the Do NOT make me a Super Node box to OPT out.

    Give me more coffee !!!!!!!!!!!!!!!!!!!!!!
     
Loading...
Thread Status:
Not open for further replies.