Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!uwm.edu!linac!att!news.cs.indiana.edu!nstn.ns.ca!cs.dal.ca!ug.cs.dal.ca!gauthier
From: gauthier@ug.cs.dal.ca (Paul Gauthier)
Newsgroups: comp.sys.ibm.pc.misc
Subject: Re: Prodigy quirk may give Prodigy Corp a view of your pc -WSJ
Message-ID: <1991May2.133936.3595@cs.dal.ca>
Date: 2 May 91 13:39:36 GMT
References: <3145@s5.Morgan.COM>
Sender: news@cs.dal.ca (USENET News)
Distribution: usa
Organization: Math, Stats & CS, Dalhousie University, Halifax, NS, Canada
Lines: 56
Nntp-Posting-Host: ug.cs.dal.ca

In article <3145@s5.Morgan.COM> joec@Morgan.COM (Joe Collins) writes:
>According to todays Wall Street Journal 5/1/91, page b1, the Prodigy
>s/w that resides on a MS/DOS PC "offers Prodigy's headquarters a peek
>into users' own private computer files." Apparently it is an accident,
>caused by a s/w fluke and probably due to some side-effects of MS DOS
>itself. The files STAGE.DAT and CACHE.DAT may inadvertantly also contain
>snippets of a customers own non-prodigy files. According to one of their
>technical staffers, "Its an unfortunate side effect of the way the operating
>system works." He says the side effect is part of the design of the DOS
>operating system.

My guess is this data is data that you have deleted off of your hard drive,
but since MS-DOS doesn't really BLANK out data when it's deleted, just
reallocates the space, when Prodigy's software grabs some disk space for
its files the sectors already contain your old data.

I saw a blurb on a news show where they were trying to claim that Prodigy
was allegidly going to use this private information to produce credit info
which they could then sell. What a load of shit. The manhours involved in
wading through the sector-trash you'd find, figuring out what file-format
it used to be before it was deleted, and reconstructing anything out of
it would be immense. Some people are so goddamn paranoid.

>
>Interesting reading- at a minimum, lets send lots of email to Prodigy,
>alerting them to our concern. 
>
I say leave them alone. I'm sure the bad press they've gotten will get them
to fix this (like initializing the sectors to 0s when they allocate them).
I'm not sure if it still does, but doesn't Prodigy's software have the 
ability to download updates of itself automatically from Prodigy? I'd be
much more worried about that, for 2 reasons:
	a] While Prodigy is downloading new copies of itself you're
		probably still getting billed for online time. Especially
		if it does it in the background; it's using up your
		bandwidth and you're getting billed by the minute.

	b] This seems like a very nifty way for some crafty person to
		sneak in all sorts of fun software onto your system.
		Virus program, programs which are much more effective at
		looking for sensitive personal data, etc, etc.


	
	
	
	
>joec@morgan.com

PG

-- 
============================================================================
Paul Gauthier                                     | gauthier@ug.cs.dal.ca
President, Cerebral Computer Technologies         | tyrant@dalac.bitnet
Phone: (902)462-8217    Fax: (send email first)   | tyrant@ac.dal.ca