A good example of the a lack of accurate privacy advice on an internet
application would be one I came across recently.
A Magazine I purchased (PC Advisor) had a the full licence for a program
called 'IENavigator SE' included on the cover disk. IENavigator is an
Internet Explorer add-on which the magazine write up stated provides privacy
protection by blocking ads, pop up windows and also clearing windows
internet activity, as well as directly translating some foreign languages
into English, and enabling the one click opening of multiple pages. Using IE
on occasions this seemed useful, I suppose many office people checking many
sites regularly will think exactly the same.
Being interested by the article, I loaded the application and registered it.
I was interested at the time to notice, there was no licence or any
restrictions for the application on the Cover CD. The included Readme,
mainly documenting functionality, does state, "IENavigator will clear all
tracks of your online activities." The application splash screen even has a
nice credit to the PC Advisor people.
Having loaded, registered and run the application it was puzzling to note
that on every occasion I browsed a URL a connection was also established
to:-
Date: 18/07/2004 Time: 20:40:34
Connection: subscribe.offliner.com(198.63.208.159): http(80) from
213.104.52.58: 3224, 1176 bytes sent, 1445 bytes received, 25.386 elapsed
time
Which seems to relate to a site in Chicago for offliner.com.
Visiting the site http://ienavigator.com/site/en/ the statements promoting
the privacy aspects of the program were all quite carefully worded.
i.e. "Clear all the Windows-stored traces of your Web surfing"
This made me wonder if there is some market for information about the URL's
people visit, or maybe there was merely some error on behalf of the
programmers which inadvertently breaches the privacy of users.
With the applicable law being that of the UK there seems to be a clear
problem with the Data Protection Act:-
http://www.legislation.hmso.gov.uk/acts/acts1998/19980029.htm
principle one to me, but this could also be a good illustration of principle
seven in some circumstances.
The Computer Misuse Act:-
http://www.legislation.hmso.gov.uk/acts/acts1990/Ukpga_19900018_en_1.htm
section one would probably have some bearing, but I suppose that would
depend on if a URL typed into a computer is information held on that
computer. (A nice one to determine.) I certainly did not in anyway authorise
my URL data to be collected like that.
I hope no office staff anywhere have loaded the product, which has
undoubtedly attractive functionality for those using office machines. I
wonder if the people in Chicago could be interested in what people do on the
internet.
This item will certainly be of interest to ISO's
Ian W
My apologies to list members who did not require all of the legislative
links as I have used the same e-mail to inform the IENavigator support of
proposals relating to improvements of the program, localization, etc.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|