Truth About Computer Security Hysteria
Aureate DLLs TrojanCATEGORY: Myths & urban legends
Various 'alerts' claim Aureate Media (now known as Radiate) gathers personal data on Internet users via covert software. This myth began when someone publicized a private email from Net-Defender president Dale Haag without his knowledge or permission.
"[My] comments have been misconstrued and taken out of context," Haag stressed during an interview. "They were not for public release, nor were they complete. These were initial comments & observations based off a cursory inspection after installing a product [with Aureate's DLLs in it], running the product, de-installing it, making sure everything was removed correctly, and then inspecting the PC to verify that any other components added to the system were properly de-installed as well."
Richard M. Smith, the media's reigning security expert on covert data collection, concurred with Haag about the "misconstrued" email. "You need to use a packet sniffer to know what's really going on," Smith explained. "It tells you what data is going out the wire, and it tells you when. Data that goes out for a voluntary survey is quite a bit different from data that goes out on the sly."
Smith performed his own cursory study of Aureate's product. He decided not to pursue a more detailed analysis based mostly on his findings (and based partly on statements from the company). "The probability here is pretty low that there's any monkey business going on," Smith concluded. "I don't see any 'extra' information going out... [Aureate makes] it clear you can volunteer information if you want; and it's opt-in, which I think is the right approach. In terms of Internet marketing companies, their data privacy policies are well above average."
Haag claims he did not try to stage a media event at Aureate's expense. Nor, he claims, did he try to alert the media about his overall concerns regarding data privacy. (Circumstantial evidence sheds doubt on these claims, but it remains circumstantial at this point.) "I did not initiate contact with any reporters," Haag insisted during an interview.
Interview with Dale Haag (Net-Defender president), 25 Feb 00
Haag offered this unsolicited compliment: "I consented to speak with you only because of your dogged determination to obtain an interview and your assertion that you would remain fair and impartial."
"Aureate has been very open to the issues and concerns that I have," Haag stated, "and I defend them for that. They've been very responsive." Aureate contacted Haag (not the other way around) after his private email spilled into the public arena.
You'll notice Smith said "in terms of Internet marketing companies, [Aureate's] data privacy policies are well above average." Smith only made a comparison here; he did not offer an overall opinion about data privacy. Haag did offer an opinion — he believes Internet users deserve data privacy exactly like they deserve physical privacy.
"[My private email] was not meant to single out Aureate or any other vendor," Haag commented. "This is an industry issue. We just need to take a look at how the industry is doing things [in the field of data privacy]. The industry needs to tune itself more to the users' standpoint than to the industry's standpoint. If we lose the user's trust, we lose our business."
Interview with Jeremy Newton (Aureate VP), 25-26 Feb 00
Last updated: 2000/7/24