risks@CSL.SRI.COM (RISKS Forum) (04/30/91)
RISKS-LIST: RISKS-FORUM Digest Monday 29 April 1991 Volume 11 : Issue 56
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
Prodigy and GEnie hate and rumors (George J Marengo, Donald E. Kimberlin,
Alex Cruz, from comp.dcom.telecom via Mark A. Emanuele, Jerry Sweet,
and Geoff Goodfellow)
The RISKS Forum is moderated. Contributions should be relevant, sound, in
good taste, objective, coherent, concise, and nonrepetitious. Diversity is
welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive
"Subject:" line. Others ignored! REQUESTS to RISKS-Request@CSL.SRI.COM. For
vol i issue j, type "FTP CRVAX.SRI.COM<CR>login anonymous<CR>AnyNonNullPW<CR>
CD RISKS:<CR>GET RISKS-i.j<CR>" (where i=1 to 11, j always TWO digits). Vol i
summaries in j=00; "dir risks-*.*<CR>" gives directory; "bye<CR>" logs out.
<CR>=CarriageReturn; FTPs may differ; UNIX prompts for username, password.
If you cannot access "CRVAX.SRI.COM", try Internet address "128.18.10.1".
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.
----------------------------------------------------------------------
Date: Mon, 29 Apr 91 07:31:47 MST
From: the terminal of Geoff Goodfellow <geoff@fernwood.mpk.ca.us>
Subject: Jerry Sweet: [comp.dcom.telecom: Prodigy and GEnie hate and rumors]
------- Forwarded Message
Date: Sun, 28 Apr 91 22:44:01 MST
From: Jerry Sweet <jns@fernwood.mpk.ca.us>
Subject: [comp.dcom.telecom: Prodigy and GEnie hate and rumors]
To: "Jerry's Clipping Service":;@fernwood.mpk.ca.us
3 items:
- Prodigy or Fraudigy ???
- Prodigy Questions
- GEnie Management Acting a la Prodigy Management?
- ------- Forwarded Messages
Date: 26 Apr 91 19:09:50 GMT
From: overlf!emanuele@kb2ear.ampr.org (Mark A. Emanuele)
Subject: Prodigy or Fraudigy ???
I just downloaded this from a local bbs and thought it might be interesting.
### BEGIN BBS FILE ###
218/250: Fraudigy
Name: George J Marengo #199 @6974
From: The Gangs of Vista (Southern California) 619-758-5920
The L. A. County District Attorney is formally investigating PRODIGY
for deceptive trade practices. I have spoken with the investigator assigned
(who called me just this morning, February 22, 1991).
We are free to announce the fact of the investigation. Anyone can file a
complaint. From anywhere.
The address is:
District Attorney's Office
Department of Consumer Protection
Attn: RICH GOLDSTEIN, Investigator
Hall of Records Room 540
320 West Temple Street
Los Angeles, CA 90012
Rich doesn't want phone calls, he wants simple written statements and
copies (no originals) of any relevant documents attached. He will
call the individuals as needed, he doesn't want his phone ringing off
the hook, but you may call him if it is urgent at 1-213-974-3981.
PLEASE READ THIS SECTION EXTRA CAREFULLY. YOU NEED NOT BE IN
CALIFORNIA TO FILE!!
If any of us "locals" want to discuss this, call me at the Office
Numbers: (818) 989-2434; (213) 874-4044. Remember, the next time you pay your
property taxes, this is what you are supposed to be getting ... service. Flat
rate? [laugh] BTW, THE COUNTY IS REPRESENTING THE STATE OF CALIFORNIA. This
ISN'T limited to L. A. County and complaints are welcome from ANYWHERE in the
Country or the world. The idea is investigation of specific Code Sections and
if a Nationwide Pattern is shown, all the better.
LARRY ROSENBERG, ATTY
Prodigy: More of a Prodigy Than We Think?
By: Linda Houser Rohbough
The stigma that haunts child prodigies is that they are difficult to get
along with, mischievous and occasionally, just flat dangerous, using innocence
to trick us. I wonder if that label fits Prodigy, Sears and IBM's
telecommunications network?
Those of you who read my December article know that I was tipped off at
COMDEX to look at a Prodigy file, created when Prodigy is loaded STAGE.DAT. I
was told I would find in that file personal information form my hard disk
unrelated to Prodigy. As you know, I did find copies of the source code to our
product FastTrack, in STAGE.DAT. The fact that they were there at all gave me
the same feeling of violation as the last time my home was broken into by
burglars.
I invited you to look at your own STAGE.DAT file, if you're a Prodigy
user, and see if you found anything suspect. Since then I have had numerous
calls with reports of similar finds, everything from private patient medical
information to classified government information.
The danger is Prodigy is uploading STAGE.DAT and taking a look at your
private business. Why? My guess is marketing research, which is expensive
through legitimate channels, and unwelcomed by you and I. The question now is:
Is it on purpose, or a mistake? One caller theorizes that it is a bug. He
looked at STAGE.DAT with a piece of software he wrote to look at the physical
location of data on the hard disk, and found that his STAGE.DAT file allocated
950,272 bytes of disk space for storage.
Prodigy stored information about the sections viewed frequently and the
data needed to draw those screens in STAGE.DAT. Service would be faster with
information stored on the PC rather then the same information being downloaded
from Prodigy each time.
That's a viable theory because ASCII evidence of those screens shots can
be found in STAGE.DAT, along with AUTOEXEC.BAT and path information. I am led
to belive that the path and system configuration (in RAM) are diddled with and
then restored to previous settings upon exit. So the theory goes, in allocating
that disk space, Prodigy accidently includes data left after an erasure (As you
know, DOS does not wipe clean the space that deleted files took on the hard
disk, but merely marked the space as vacant in the File Allocation Table.)
There are a couple of problems with this theory. One is that it assumes
that the space was all allocated at once, meaning all 950,272 bytes were
absorbed at one time. That simply isn't true. My STAGE.DAT was 250,000+ bytes
after the first time I used Prodigy. The second assumption is that Prodigy
didn't want the personal information; it was getting it accidently in uploading
and downloading to and from STAGE.DAT. The E-mail controversy with Prodigy
throws doubt upon that. The E-mail controversy started because people were
finding mail they sent with comments about Prodigy or the E-mail, especially
negative ones, didn't ever arrive. Now Prodigy is saying they don't actually
read the mail, they just have the computer scan it for key terms, and delete
those messages because they are responsible for what happens on Prodigy.
I received a call from someone from another user group who read our
newsletter and is very involved in telecommunications. He installed and ran
Prodigy on a freshly formatted 3.5 inch 1.44 meg disk. Sure enough, upon
checking STAGE.DAT he discovered personal data from his hard disk that could
not have been left there after an erasure. He had a very difficult time trying
to get someone at Prodigy to talk to about this.
--------------
Excerpt of email on the above subject:
THERE'S A FILE ON THIS BOARD CALLED 'FRAUDIGY.ZIP' THAT I SUGGEST ALL
WHO USE THE PRODIGY SERVICE TAKE ***VERY*** SERIOUSLY. THE FILE
DESCRIBES HOW THE PRODIGY SERVICE SEEMS TO SCAN YOUR HARD DRIVE FOR
PERSONAL INFORMATION, DUMPS IT INTO A FILE IN THE PRODIGY
SUB-DIRECTORY CALLED 'STAGE.DAT' AND WHILE YOU'RE WAITING AND WAITING
FOR THAT NEXT MENU COME UP, THEY'RE UPLOADING YOUR STUFF AND LOOKING
AT IT.
TODAY I WAS IN BABBAGES'S, ECHELON TALKING TO TIM WHEN A
GENTLEMAN WALKED IN, HEARD OUR DISCUSSION, AND PIPED IN THAT HE WAS A
COLUMNIST ON PRODIGY. HE SAID THAT THE INFO FOUND IN 'FRAUDIGY.ZIP'
WAS INDEED TRUE AND THAT IF YOU READ YOUR ON-LINE AGREEMENT CLOSELY,
IT SAYS THAT YOU SIGN ALL RIGHTS TO YOUR COMPUTER AND ITS CONTENTS TO
PRODIGY, IBM & SEARS WHEN YOU AGREE TO THE SERVICE.
I TRIED THE TESTS SUGGESTED IN 'FRAUDIGY.ZIP' WITH A VIRGIN
'PRODIGY' KIT. I DID TWO INSTALLATIONS, ONE TO MY OFT USED HARD DRIVE
PARTITION, AND ONE ONTO A 1.2MB FLOPPY. ON THE FLOPPY VERSION, UPON
INSTALLATION (WITHOUT LOGGING ON), I FOUND THAT THE FILE 'STAGE.DAT'
CONTAINED A LISTING OF EVERY .BAT AND SETUP FILE CONTAINED IN MY 'C:'
DRIVE BOOT DIRECTORY. USING THE HARD DRIVE DIRECTORY OF PRODIGY THAT
WAS SET UP, I PROCEDED TO LOG ON. I LOGGED ON, CONSENTED TO THE
AGREEMENT, AND LOGGED OFF. REMEMBER, THIS WAS A VIRGIN SETUP KIT.
AFTER LOGGING OFF I LOOKED AT 'STAGE.DAT' AND 'CACHE.DAT' FOUND
IN THE PRODIGY SUBDIRECTORY. IN THOSE FILES, I FOUND POINTERS TO
PERSONAL NOTES THAT WERE BURIED THREE SUB-DIRECTORIES DOWN ON MY
DRIVE, AND AT THE END OF 'STAGE.DAT' WAS AN EXACT IMAGE COPY OF MY
PC-DESKTOP APPOINTMENTS CALENDER.
CHECK IT OUT FOR YOURSELF.
### END OF BBS FILE ###
I had my lawyer check his STAGE.DAT file and he found none other than
CONFIDENTIAL CLIENT INFO in it.
Needless to say he is no longer a Prodigy user.
Mark A. Emanuele V.P. Engineering Overleaf, Inc.
218 Summit Ave Fords, NJ 08863 (908) 738-8486
emanuele@overlf.UUCP
[Moderator's Note: Thanks very much for sending along this fascinating
report for the readers of TELECOM Digest. I've always said, and still
believe that the proprietors of any online computer service have the
right to run it any way they want -- even into the ground! -- and
that users are free to stay or leave as they see fit. But it is really
disturbing to think that Prodigy has the nerve to ripoff private stuff
belonging to users, at least without telling them. But as I think
about it, *who* would sign up with that service if they had bothered
to read the service contract carefully and had the points in this
article explained in detail? PAT]
- ------- Message 2
Date: 27 Apr 91 19:53:00 GMT
From: 0004133373@mcimail.com (Donald E. Kimberlin)
Subject: Re: Prodigy Questions
In article (Digest v11, iss303), Arnette P. Baker <ihlpf!kityss@
att.uucp> asks:
> I am looking for information on Prodigy. I am looking into it because
> my parents just bought a PC and are looking for things to do with it
> ...question I have involves e-mail.
Prodigy's interpretaion of what constitutes "mail," particularly e-mail,
has been a particular point of discussion. It seems that from the perspective
of a lot of the public, Prodigy wants to have its cake and eat it too, in that
they CHARGE you for its delivery, and then CENSOR anything they don't like.
Even the Postal Service doesn't look inside your envelope when you mail
something, even though that may be something objectionable. We can. of course,
understand an electronic bulletin board's System Operator reserving the right
to delete items not in keeping with the Sysop's policies.
But Prodigy seems to be trying to go a step further, charging you for more
than a minimal amount of transmission, and heavily censoring what it
transports. This might sound incredible, but the press report I saw at the
peak of public outrage concerned Prodigy censoring a message in which a coin
collector was asking about "Roosevelt dimes." When he asked the Prodigy staff
why they deleted his mail, the unbelievably stupid retort was that "pro{oting
personalities is prohibited." When he pressed about what "personality
promotion" was involved with Roosevelt dimes, the more unbelievably stupid
reason was, "Why, Roosevelt Dimes, the Chicago Bears football player, of
course!" I have NOT made this story up. I wish I could recall the publication
source to prove it.
Incidents like this have caused suficient public outcry that Prodigy is
under investigation, as summed up in the following snippet from <Information
WEEK>, 4/22/91:
"FAR FROM A PRODIGY"
(Network World, April 15, p.4) Prodigy Services Co. is being investigated
for possible criminal or civil violations stemming from its electronic-mail
pricing and bulletin board editing policies. Users are complaining about the
on-line service's recently established 25-cent price tag for every E-mail
message after the first 30 allowed per month; they claim that Prodigy's policy
pf deleting or editing controversial or obscene' (since when are Roosevelt
dimes either controversial OR obscene?) "messages from bulletin boards violates
the First Amendment. (DA Probes BBS Practices at Prodigy, by Barton
Crockett)."
My own opinion is that your parents would be best off to assert one of our
few remaining rights, to just take that Prodigy kit and return it to Sears
before they cancel the famous Sears money-bakc guarantee. There are plenty of
other places to have both bbs recreation and to use "electronic mail" provided
by responsible parties. Even MCIMail has a deal where your e-mail (of moderate
length) costs only 25 cents per message, while it reaches a far wider range,
including real business.
And, oh. Compu$erve's "e-mail" to the outside world is really a port to
MCIMail, so why not just open an MCIMail account and buy it direct, and
cheaper?
All you need to do to help is to get an easy-to-use comms program for
their Sears-bought PS/1 (I recommend BOYAN as a very easy program for beginners
to use, especially if you install it and enter the dialing directory numbers
for them) and introduce them to the world of REAL bbs-ing. In fact, if you get
onto a commercial e-mail service and request it of our Moderator, he can get
the Digest delivered to DOS, MAC or what-have-you there daily!
[Moderator's Note: This is correct. TELECOM Digest can be (and is!) delivered
to almost every commercial email service in the world. Copies go to MCI Mail,
ATT Mail, Telemail/Sprint Mail, Compuserve, Portal, and many others including
the Telebox Mail system in Germany. All you have to do is provide me with a
working path to get there. PAT]
- ------- Message 3
Date: 26 Apr 91 13:56:00 GMT
From: CRUZ_A@ccl2.eng.ohio-state.edu
Subject: GEnie Management Acting a la Prodigy Management?
Dear Telecom Readers:
In the {MacWeek}, April 16th, 1991, Volume 5, Number 14 issue, there
is a story about a user lockout in the GEnie on-line service:
A Toronto couple requested an explanation of the online service's recent
lockout of members who disagreed publicly with GEnie management.
Linda Kaplan, a GEnie member for more than five years, had both her internal
account and her paid account discontinued last month in what she described as a
series of personality conflicts and escalating misunderstandings. She said
that GEnie cancelled accounts not on the basis of rules being broken but just
because someone lost their temper.
Apparently, GEnie officials refused to comment on the matter but said
that they would clarify their policies in the future.
Ms. Kaplan had a paid account but she mainly used a systemwide free account
designed to bring in more users. She said that some account holders were bound
by the secret agreements forbidding them from criticizing GEnie, its sysops or
executives. She added that friends who inquired about her absence from forums
or who questioned management's handling of the incident either in on-line
forums or private electronic mail found themselves drawn into the fray.
When another long time user, Peter Pawlyschyn, contacted management
and inquired about his rights on the service, he found himself
censored and harassed.
Other members have said that they were reduced to read-only status or had their
accounts cancelled after simply mentioning Kaplan's name in postings.
Soooooo, here we go again with the issue of censoring certain
materials in large online systems. Or is it really an issue?
^^^^^^^^^^^^^^^^^^^^^^^^^
Alex Cruz Associate, Center for Advanced Study in Telecommunications
Consultant, American Airlines Decision Technologies
- ------- End of Forwarded Messages
------- End of Forwarded Message
------------------------------
End of RISKS-FORUM Digest 11.56
************************