How a simple oversight could lead to problems

So... I'm setting up a friend's new computer. I'm a Comcast customer, he is a Comcast customer, Comcast for the moment at least still offers Norton Security Suite which he is slightly familiar with, so I decide to install that on his new machine and check it out. As it is more convenient for me, I'm setting up his PC at *my* house. So I downloaded NSS via *my* connection. I should have realized the possibility sooner, but it wasn't until I saw a message in the Comcast forum that I realized that I just created a NSS installation on *his* computer that is tied to *my* Comcast account. To make matters worse, I quickly uninstalled/reinstalled NSS on his previous computer just a few months ago and there again downloaded NSS from *my* house and thus *my* Comcast account. So for several months some?... all?... of the information that Symantec collected was probably in some way linkable to *my* Comcast account and thus *me*.

This guy is a good guy, so thankfully I don't have to worry about illegal, etc habits being potentially linked to me (and vice versa). However, he is a) struggling financially to b) cope with a significant health problem and thus I'm sure he has spent plenty of time browsing the web for information related to such matters. I'm only part of the way into the NSS eval, but I did see a GUID getting passed to Symantec during various lookup operations. As a result of my innocent mistake, are there now records out there which if not checked carefully could be incorrectly interpreted to mean that *I* have financial problems and/or a significant health problem? Has he, in some database somewhere, been labeled a "privacy extremist" because I have very pro-privacy views?

 

While yes Symantec products do optionally collect a great deal about their user base (As per their TOS/Privacy policy) It still is very unclear how this could be tied to your account? Could you please link to that post in question as I don't see any evidence of them providing that information.

 

If I had reason to believe that a security tool was pervasively logging all of my internet activity, I'd think twice about using that piece of software in the first place.

 

In http://forums.comcast.com/t5/Security-and-Anti-Virus/bd-p/13 there are some threads related to NSS deactivation and limits on NSS activations. I stumbled across one of those and then the possibility occurred to me and I thought I'd share the above as food for thought.

Based in part on such messages I believe there is a mechanism which allows Symantec/Comcast to keep track of NSS activations per Comcast account and deactivate NSS instances which are no longer associated with a current Comcast account. When I went through the process of downloading NSS from the Comcast page and via my Comcast network connection there was a "handoff" that eventually got me to a Symantec page where I downloaded the download manager (ahem) and received a "PIN". After I acquired the actual installer, transferred that to my friend's computer, installed/configured/tested it, and finally took my friend's computer online I was prompted to activate it with a PIN. Not realizing I might be making a mistake, I used the PIN previously mentioned. I think that was a mistake. I also think it was a mistake to a) have even downloaded the program via my Comcast connection and then installed that exe on my friend's machine because technically speaking the exe itself could contain an account specific identifier, and b) activate the software on my friend's machine in any way while it was connected to my Comcast connection for technically speaking that activation process could have associated the NSS instance with my Comcast account via my IP Address.

As to the question of what really is going on between Symantec/Comcast and within each, that is unknowable to me and nearly all other Comcast users. Maybe there is something ugly going on, maybe not. The point of my post was simply to share the thought of how a simple slip-up like I describe can theoretically result in "faulty data linkage" and depending on the context that could theoretically have some negative implications. I don't know how others feel about privacy issues, but one of the aspects that concerns me is the potential for such "faulty data linkage".