[comp.sys.ibm.pc.misc] Prodigy Rip-Off?!?

CTuna@cup.portal.com (Don S Gladden) (04/30/91)

I found this file on a BBS locally, and thought it may be of interest
to a lot of people.  I would like to know more personally about this,
if anyone has information on it.
159/250: Prodigy.....Warning!!!
Name: Yosef, The Computer Rabbi #1 @2628
Date: Tue Mar 12 22:36:34 1991
From: Tech Centre One (Washington) 206-377-4493

RE: Yes Prodigy does e-mail...

    With regard to the postings going around about Prodigy's services and them
using their software for checking "you out"... etc..

    As I had seen some info on this, I decided to check it out.  Upon
examining my "STAGE.DAT" file, I found that it had in it text from some of my
programs on my system, most notably from games.  Prodigy has said that this
can happen due to the "STAGE.DAT" file using "deleted file" space.  Well, the
games that were in this file were ones that were currently in use in my
system, and had no files from them deleted.  THERE IS NO WAY THAT PRODIGY
COULD COME BY THIS HONESTLY!!!
    Due to this fact, I have cancelled my service and am considering taking
further action.  What you do with this information is your business, but I
figure prospective users should be aware of such things when using or looking
to subscribe to the service.


 Sub: IBM Info Center


199/250: Prodigy
Name: Trigger #5 @7653
Date: Sat Mar 16 11:47:52 1991
From: The Dungeon (Upstate New York) 716-656-8573

I would think that the information which Prodigy can retrieve about your
system may have been designed so that they could gain marketing information
about you, so that they can adjust their advertising to suit.  If this is
true, and not a fault from programming, I find this to be criminally
intrusive.  I would hope that the FCC is aware of this, if not, perhaps fellow
bbsers would care to create a letter writing campaign.

                                    Trigger
                               The Dungeon @7653
                            716-656/c:>>>Trigger<<<


 Sub: IBM Info Center



234/250: Something is screwy here....
Name: Eagle #218 @7310
Date: Sun Mar 17 15:41:32 1991
From:^Eldritch Boulevard (Virginia) 703-931-0431

RE: Prodigy.....Warning!!!
BY: Yosef, The Computer Rabbi #1 @2628

so basically speaking Prodigy knows what's on your system, I say we all
carefully examine this and take a few steps furthur.  I swear, maybe we could
get a big law suit going. Hmmmmmmm


                                   E A G L E      
                             This space for rent!!!



 Sub: IBM Info Center



235/250: Prodigy...
Name: Bluestreak #243 @7310
Date: Sun Mar 17 22:11:21 1991
From:^Eldritch Boulevard (Virginia) 703-931-0431

Hmm...  I have Prodigy...  Maybe I should check out that Stage.DAT file...

                                  DDD===pppBLUESTREAKppp===DDD


 Sub: IBM Info Center 65/250: Agreed, Trigger!                                 
                       
Name: Wayne #44 @9995                                                          
 
Date: Wed Mar 20 01:13:52 1991                                                 
 
From: Bovine BBS (North Carolina) 919-493-4498                                 
 
                                                                               
 
RE: Prodigy                                                                    
 
                                                                               
 
It was recently posted that someone had looked at their STAGE.DAT file in      
 
their PRODIGY directory. They were amazed at the info that had been pulled     
 
into this file by Prodigy. I immediately checked my own STAGE.DAT and, sure    
 
enough, there were .DOCS from my MS-WORD directory, files from my QMODEM       
 
directory and several other files that you, normally, would not find in a      
 
directory of Online Computer Services. I have moved my Prodigy program to disk 
 
on the outside chance that I may use it again. I'm really p.o.'d about it and  
 
haven't, yet, decided what I will do. Maybe discuss the matter with several of 
 
my law professors.                                                             
 
                                                                               
 
                                                                               
 
 Sub: IBM Info Center                                                          
 
71/250: regarding the Prodigy fraud investigation...                           
 
Name: James Arthur Strohm #154 @5282                                           
 
Date: Thu Mar 21 16:21:30 1991                                                 
 
From: Klingon Empire (South/Central Texas) 512-459-1088                        
 
                                                                               
 
RE: URGENT! Read this now!                      [RT]                           
 
                                                                               
 
The Electronic Freedom Foundation is, even as we read this, already aware of   
 
those investigations and is pursuing its own independent study.  I'll share    
 
any new information I learn.                                                   
 
                                                                               
 
**> WWIVNet Origin: Klingon Empire BBS >*< 1200-2400bd >*< 512-459-1088        
 
                                                                               
 
                                                                               
 
 Sub: IBM Info Center                                                          
 
116/250: STAGE.DAT                                                             
 
Name: Wayne #44 @9995                                                          
 
Date: Thu Mar 21 22:37:39 1991                                                 
 
From: Bovine BBS (North Carolina) 919-493-4498                                 
 
                                                                               
 
RE: Prodigy...                                                                 
 
                                                                               
 
 RE: Prodigy                                                                   
 
                                                                               
 
      It was recently posted that someone had looked at their                  
 
 STAGE.DAT file in their PRODIGY directory. They were amazed                   
 
 at the info that had been pulled into this file by Prodigy.                   
 
 I immediately checked my own STAGE.DAT and, sure enough,                      
 
 there were .DOCS from my MS-WORD directory, files from my                     
 
 QMODEM directory and several other files that you, normally,                  
 
 would not find in a directory of Online Computer Services.                    
 
      I have moved my Prodigy program to disk on the outside                   
 
 chance that I may use it again. I'm really p.o.'d about it                    
 
 and haven't, yet, decided what I will do. Maybe discuss the                   
 
 matter with several of my law professors.                                     
 
                                                                               
 
                                                                               
 
 Sub: IBM Info Center                                                          
 
171/250: well..                                                                
 
Name: Terminal Terror #83 @2306                                                
 
Date: Sun Mar 24 17:30:56 1991                                                 
 
From: Cheers! (Connecticut) 203-826-6249                                       
 
                                                                               
 
BY: Blakdelvi #279 @2306                                                       
 
RE: prodigy checking personal files???                                         
 
                                                                               
 
...i ripped out my backup copy of prodigy.. sure enough.. STAGE.DAT was there..
 
                                                                               
 
guess what was in it:                                                          
 
                                                                               
 
         part of my telemate dialing directory                                 
 
         some PERSONAL letters I had on my system                              
 
         bits and pieces of almost ever .ASM file on my system                 
 
            (seems they are looking to pirate code eh??)                       
 
         and some EXE files (at least headers) I couldn't                      
 
            Identify..  MZ every couple of K.. geesh                           
 
                                                                               
 
I am now going to contact my lawyer to see if what they are doing is legal (I  
 
know it isn't) and to find out what >I< can do about it... probably not much.. 
 
                                                                               
 
anyways.. if your on prodigy.. GET OFF!!! don't call em again, don't use their 
 
software.. BACK IT UP, and REMOVE IT FROM YOUR HARD DRIVE.                     
 
                                                                               
 
make sure you DO make a backup though.. just in case something ELSE like this  
 
comes up... you can se what else prodigy knows about you..                     
 
                                                                               
 
                                                                               
 
 Sub: IBM Info Center                                                          
 
                                                                               
 

*********************************************************************
The following is a rebuttal to the charges above:
*********************************************************************

The following is my personal response to a file called FRAUD.ZIP which
I found on several local bulletin boards. The text file described the
fact that the PRODIGY STAGE.DAT file contains unrightfully information
about ones system, such as names of files and personal information such
as in check books and other data.


I examined STAGE.DAT and sure enough I did find about 200 Kbytes of
information that's part of my system and which does have no connection
with the PRODIGY software. Here are some examples:

Portions of source code for my C compiler, including junks of
libraries;
Segments of data and code of the C compiler itself;
Personal data from an information manager I use;
Fragments of directories, and so on...

I found out about this a couple of years back when I first looked at
STAGE.DAT - and I did get upset too.


But I do not believe that PRODIGY is messing with my data though it
would be easy for them to do so (and you NEVER would know):

Portion of the PRODIGY package is written in C (Microsoft I believe). C
makes use of memory management via functions called block allocaters
(malloc(), alloc()...) to set aside an available portion of RAM which
the program (PRODIGY software in this case) needs for variables,
data buffering, remote code segments and such.
Memory allocation (using C malloc) just makes sure that RAM is reserved
for whatever need and returns a pointer back to the program (of that
RAM block). What malloc() doesn't do is wipe anything out that is still
left in memory such as garbage from whatever you did run since you
turned on your system.
Here's an example: Let's say you just booted your computer. You run a
word processor and edit a large file. Your document resides somewhere
in memory while you edit it (obviously). Now you exit your editor and
run PRODIGY, which in turn goes ahead and sets up its stuff, such as
allocating memory. Nobody knows at this time what RAM resources are
available at which memory location so it is very possible that free RAM
that did hold your document from the editor before is all of a sudden
inside that memory block (again, the memory does not get 'zapped' or
'cleaned up' by malloc).

PRODIGY saves memory frequently - such as that reserved part of RAM
(this is done for speed reasons - certain repetitive features and data
of the service don't have to be transmitted again - they just get pulled
off your hard disk because they have been saved before). If memory is
written to your disk but if it has not all been filled with PRODIGY
data yet - whatever garbage it holds in that leftover, unused portion
of it will be written to your disk also.


Anyway, I am not working for PRODIGY nor am I completely satisfied with
this growing service yet. Nevertheless I do not believe that it does
snoop around our systems though this thought is very tempting to me
also.

There have been a few unhappy PRODIGY customers which were trying to
make use of its former 'free electronic mail' service for their own
soliciting interests. That's when PRODIGY started changing their
policies on mail and now charges $0.25 per message (after you have used
up the 25 free personal mailings per month). These individuals which
have been hit by this got very upset and started boycotting the
service. It just might be possible that FRAUD.ZIP was partially
originated by these people.

FRAUD.ZIP makes a point which I do not dispute and raises valid
questions. I just wanted to state my view on this issue.


Finally: I think PRODIGY - since it could have the ability to snoop
around in ones system - should provide on request its users with a
written statement as to the fact that it will not gather ANY
information from the users property. - Or they fix their software
so any memory is 'zapped' before it gets used.



I hope you understood my point (I am German and English is a little
difficult for me).



Franz, PRODIGY ID: KCGV38A


 

raymond@math.berkeley.edu (Raymond Chen) (05/01/91)

Interested readers should follow the discussion in comp.risks.

One theory is that the information enters the Prodigy files purely
by accident when the Prodigy software requests disk buffers from DOS
and doesn't bother to zero them out.  So whatever leftover junk was
in the disk buffer makes its way into your Prodigy file.

`Don't attribute to maliciousness what can easily be explained by stupidity.'

ong@d.cs.okstate.edu (ONG ENG TENG) (05/02/91)

From article <1991May1.161749.25807@agate.berkeley.edu>, by raymond@math.berkeley.edu (Raymond Chen):
> Interested readers should follow the discussion in comp.risks.
> 
> One theory is that the information enters the Prodigy files purely
> by accident when the Prodigy software requests disk buffers from DOS
> and doesn't bother to zero them out.  So whatever leftover junk was
> in the disk buffer makes its way into your Prodigy file.
> 
> `Don't attribute to maliciousness what can easily be explained by stupidity.'

First I like to say that I ran a small test and find the
above to be true.  But... 

What if Prodigy knows of this "problem" with DOS and delibrately use
it to upload the "junk" to their main computer for evaluation for
whatever purpose, knowing full well that they could blame it on DOS
if things should go to court.

Can someone with Prodigy and some software savy debug the Prodigy 
software to see if the STAGE.DAT file is somehow uploaded to their
main computer?

CTuna@cup.portal.com (Don S Gladden) (05/02/91)

Interested readers should follow the discussion in comp.risks. *
 *
One theory is that the information enters the Prodigy files purely *
by accident when the Prodigy software requests disk buffers from DOS *
and doesn't bother to zero them out.  So whatever leftover junk was *
in the disk buffer makes its way into your Prodigy file. *
 *
`Don't attribute to maliciousness what can easily be explained by stupidity.' 

(Forgive the strange message indentifiers, I haven't figured out how to add
a prefix character on Portal yet....)

Anyway, even if this is 'accidental', it *still* allows your information to 
be accessed by Prodigy.  The point I make here, is that Prodigy has the 
POSSIBILITY of "stealing" information from you.  Is that legal?  Even if it
is not intentional, now that this discussion is out, will some employee of
Prodigy take advantage of this?  How many people have credit card numbers 
in one or more of their disk files?  I simply do not like the idea of the
*CHANCE* of someone getting information like this. 

Don

jcwasik@PacBell.COM (Joe Wasik) (05/02/91)

In article <1991May1.161749.25807@agate.berkeley.edu> raymond@math.berkeley.edu (Raymond Chen) writes:
>One theory is that the information enters the Prodigy files purely
>by accident when the Prodigy software requests disk buffers from DOS
>and doesn't bother to zero them out.  So whatever leftover junk was
>in the disk buffer makes its way into your Prodigy file.

It's reasonable to accept the above as true.  Has anyone who's been shouting
"thief" even considered why -- if Prodigy wanted to steal information, that it
would leave evidence behind in their own file?  If their software wanted to,
it would have no problem sending the contents of your entire hard disk, both
regular and deleted files, and the contents of your memory, floppy drives, and
ram disk -- all without a trace.  In fact, if it was a really smart thief, it
would revise its own software after-the-fact to remove that part of it that
did the stealing.

Furthermore, as a *former* user of Prodigy,  if they ever did think that by
"knowing" me better they could sell me better... it didn't work.

-- 
Joe Wasik, Pac*Bell, 2600 Camino Ramon, Rm 4E750V, San Ramon, CA (415)823-2422
email: jcwasik@clib.PacBell.COM or [...]!pacbell!clib!jcwasik
Sloganeering (slo-gan-err-ing) v. The act of believing that people can be
	motivated by expressing a phrase. [See "We value..."]

ong@d.cs.okstate.edu (ONG ENG TENG) (05/03/91)

From article <41918@cup.portal.com>, by CTuna@cup.portal.com (Don S Gladden):
> Interested readers should follow the discussion in comp.risks. *
>  *
> One theory is that the information enters the Prodigy files purely *
> by accident when the Prodigy software requests disk buffers from DOS *
> and doesn't bother to zero them out.  So whatever leftover junk was *
> in the disk buffer makes its way into your Prodigy file. *
>  *
> `Don't attribute to maliciousness what can easily be explained by stupidity.' 

Hey people, look what some one else post in misc.consumers:

---------------------------------------------------------------------------
Subject: Beware, Prodigy users

Today's Wall Street Journal reports that Prodigy has the ability to peek 
into usr's private files on PCs. Prodigy's service access software
copies random
pieces of disk files into special files which can be accessed by Pordigy's 
central computers. 

Prodigy acknowledges the situation but insists that it has never looked at the
files and has no intention of doing so. No explanation was given on why the 
the software was programmed to do that.
---------------------------------------------------------------------------

campbell@dev8j.mdcbbs.com (Tim Campbell) (05/07/91)

In article <1991May2.181827.9230@d.cs.okstate.edu>, ong@d.cs.okstate.edu (ONG ENG TENG) writes:
> Hey people, look what some one else post in misc.consumers:
> 
> ---------------------------------------------------------------------------
> Subject: Beware, Prodigy users
> 
> Today's Wall Street Journal reports that Prodigy has the ability to peek 
> into usr's private files on PCs. Prodigy's service access software
> copies random
> pieces of disk files into special files which can be accessed by Pordigy's 
> central computers. 
> 
> Prodigy acknowledges the situation but insists that it has never looked at the
> files and has no intention of doing so. No explanation was given on why the 
> the software was programmed to do that.
> ---------------------------------------------------------------------------

How convenient.  Frankly I just don't care what the excuse is.  It was wrong
to know about it and not disclose it openly.  If they claim ignorance then it
was still wrong of them not to realize the risk.

Back when I had Prodigy, I recall watching the disk light blink along with 
the modem and thinking "gosh - these guys could be doing anything at all to 
my computer and I would never know".  I often thought about hooking a data
scope to the modem to find out exactly what they do that I'm not seeing.

Yes - it's paranoia - it's the same paranoia that causes me to use passwords
on my systems here at work and a lock on my house and my car.  Why should we
be expected to beleive that they're honest?  It's not like they're my best 
friend or anything like that so I should just trust them implicitly.

Not surprisingly, Prodigy has taken their usual apothetic arrogant stance.

	-Tim
-- 
  ---------------------------------------------------------------------------
	  In real life:  Tim Campbell - Electronic Data Systems Corp.
     Usenet:  campbell@dev8.mdcbbs.com   @ McDonnell Douglas M&E - Cypress, CA
       also:  tcampbel@einstein.eds.com  @ EDS - Troy, MI
 CompuServe:  71631,654	 	 (alias  71631.654@compuserve.com)