Vmyths.com

Hoaxes, myths,
urban legends

Columnists


Addictive
Update
Model

False
Authority
Syndrome


About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

Aureate DLLs Trojan

CATEGORY: Myths & urban legends

Various 'alerts' claim Aureate Media (now known as Radiate) gathers personal data on Internet users via covert software. This myth began when someone publicized a private email from Net-Defender president Dale Haag without his knowledge or permission.

"[My] comments have been misconstrued and taken out of context," Haag stressed during an interview. "They were not for public release, nor were they complete. These were initial comments & observations based off a cursory inspection after installing a product [with Aureate's DLLs in it], running the product, de-installing it, making sure everything was removed correctly, and then inspecting the PC to verify that any other components added to the system were properly de-installed as well."

Richard M. Smith, the media's reigning security expert on covert data collection, concurred with Haag about the "misconstrued" email. "You need to use a packet sniffer to know what's really going on," Smith explained. "It tells you what data is going out the wire, and it tells you when. Data that goes out for a voluntary survey is quite a bit different from data that goes out on the sly."

Smith performed his own cursory study of Aureate's product. He decided not to pursue a more detailed analysis based mostly on his findings (and based partly on statements from the company). "The probability here is pretty low that there's any monkey business going on," Smith concluded. "I don't see any 'extra' information going out... [Aureate makes] it clear you can volunteer information if you want; and it's opt-in, which I think is the right approach. In terms of Internet marketing companies, their data privacy policies are well above average."

Haag claims he did not try to stage a media event at Aureate's expense. Nor, he claims, did he try to alert the media about his overall concerns regarding data privacy. (Circumstantial evidence sheds doubt on these claims, but it remains circumstantial at this point.) "I did not initiate contact with any reporters," Haag insisted during an interview.

Interview with Dale Haag (Net-Defender president), 25 Feb 00
Haag made it clear he snubbed most reporters who called about the misconstrued email. "The only interview that I gave prior to you was with a reporter at FederalCourts.com. I did so strictly because of the misinformation and the twisting of the context of the original [private] post," he explained. "The reason I chose FederalCourts.com is because I knew the reporter was fair, honest, and just. I knew that my comments would be quoted verbatim and would not be twisted or misconstrued."

Haag offered this unsolicited compliment: "I consented to speak with you only because of your dogged determination to obtain an interview and your assertion that you would remain fair and impartial."

"Aureate has been very open to the issues and concerns that I have," Haag stated, "and I defend them for that. They've been very responsive." Aureate contacted Haag (not the other way around) after his private email spilled into the public arena.

You'll notice Smith said "in terms of Internet marketing companies, [Aureate's] data privacy policies are well above average." Smith only made a comparison here; he did not offer an overall opinion about data privacy. Haag did offer an opinion — he believes Internet users deserve data privacy exactly like they deserve physical privacy.

"[My private email] was not meant to single out Aureate or any other vendor," Haag commented. "This is an industry issue. We just need to take a look at how the industry is doing things [in the field of data privacy]. The industry needs to tune itself more to the users' standpoint than to the industry's standpoint. If we lose the user's trust, we lose our business."

Interview with Jeremy Newton (Aureate VP), 25-26 Feb 00
Aureate conducts anonymous surveys on a strictly volunteer basis. "What we know about individual users is what they willingly and knowingly tell us," Newton stated for the record. "The data we currently ask for is anonymous data — interests, gender, etc. — which is totally optional" for the user to disclose. Newton repeatedly drove home two other important points:

  1. Aureate does NOT monitor users' browsing activity; and
  2. Aureate does NOT search the Windows registry for personally identifiable data.
Even so, "people write us and want us to delete their information from our database," Newton sighed. "I can't delete their information because I don't know which data belongs to that particular person." Of course, it assumes the user voluntarily submitted an anonymous survey in the first place...

Last updated: 2000/7/24