Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!wuarchive!uunet!panews!rchland.ibm.com!seurer+ From: seurer+@rchland.ibm.com (Bill Seurer) Newsgroups: comp.org.eff.talk Subject: Re: Prodigy charged with invading users' privacy Message-ID: Date: 2 May 91 18:49:21 GMT References: <1991Apr30.185752.4913@mnemosyne.cs.du.edu>, <7236@awdprime.UUCP> Organization: IBM Rochester, Mn Lines: 59 In-Reply-To: <7236@awdprime.UUCP> I have gotten some interesting feedback on the test that I ran. I thought that others might be interested in some of what I received. I got many messages thanking me for running the experiment. Thank you for responding! I got a really good suggestion for improving the test. Immediately after writing the test files out onto the disk and erasing them (step 7) run a small program that fills up all of unused memory with a pattern different than in any of the files to test if Prodigy is writing uninitialized blocks of memory into the STAGE.DAT file. This would also prevent any leftovers from the files I created from being in memory. I got several comments saying that I didn't have anything on my harddisk. Check my experiment more closely. The only thing I removed from it was Prodigy. It still had 15 meg (or 19 meg, something like that) of other data on it. The "cleaning" process I mentioned writes 0's into all unused disk areas. Several comments said that I probably didn't have anything interesting on my harddisk. Well, I can't prove that. I do have financial data run with a Major Financial package, correspondence and other documents from a Major Word Processor, source for programs, several compilers, games, other comm programs, etc. I suspect that this isn't too far from what many other people have. Several other comments mentioned that Prodigy maybe didn't do it the first time I called. Well, at least one of the posts my experiment was in response to claimed that this had happened. I suppose I could make lots of calls and check each time, but I have better things to do with my life thank you. True, I don't use Lotus XYZ and Wordwhatever and I can't prove that only people with specific packages aren't targeted. Nor can I prove that Prodigy doesn't upload all my files the 906th time that I use it. Heck, I can't prove that QMODEM doesn't secretly upload files when I call other BBS's either (and it doesn't have a handy staging file to look in). What I did prove was that Prodigy DID overlay erased files with STAGE.DAT (or picked them up from memory) and DIDN'T put anything from any not-erased files in STAGE.DAT. Using Occam's razor it is reasonable from the data I did collect to assume that STAGE.DAT is simply overlaying erased files or is being partly filled in from uninitialized memory. This is a satisfactory answer for me (and I would have been terribly upset if they had been uploading data from my disk). It obviously isn't good enough for everyone, but I somehow suspect that there would still be doubters even if they had Prodigy's source in hand, monitored their modem's traffic with some sort of tool, and could prevent parts of their disk from being read. P.S. I plan on trying again this weekend sometime and will incorporate the above suggestion. I'll also see what's changed in STAGE.DAT since then. - Bill Seurer Programming Support IBM Rochester, MN Prodigy: CNSX71A Internet: seurer@rchland.vnet.ibm.com