Data hijacking
You can be sure that most privacy-violating vendors are doing what they can to keep their activities secret. After all, getting caught lifting information from customers' PCs makes for bad publicity and mistrust. Indeed, conventional social wisdom declares that the fear and consequences of getting caught--not principle--is what keeps most people honest. The same thinking applies to software vendors. "It's the kiss of death for the vendor if the public finds out the company was collecting unauthorised information," says Michael Levy, Ph.D., vice president of research and development at NewHeights Software and professor of computer science at the University of Victoria, British Columbia.
Levy lays part of the blame on the digital devices evolution, saying, "PCs were designed well before the connectivity revolution. The reality is that the architects of the hardware and operating systems never considered the fact that everybody's PC will someday be connected to everyone else's."
Though the financial incentives for collecting information may be significant, they might not outweigh the risks. Software vendors who don't fully disclose their intentions face the threat of costly litigation. For example, class-action lawsuits against media-delivery company RealNetworks charge the company with secretly collecting data about users' Internet browsing habits and music preferences.
The sweeping suits charge that the company violated the federal Computer Fraud and Abuse Act, state privacy laws, and consumer protection statutes. The company is also accused of trespassing, invasion of privacy, and unfair competition. Such charges may cost RealNetworks millions of dollars if the plaintiffs are successful. RealNetworks denies the charges, saying that it notified users in the license agreement that it was collecting the information.
Trust me, I'm here to help
Full disclosure and greater user control over the process will eventually result from a combination of economic incentives, FTC enforcement, and the efforts of privacy groups such as TrustE and EPIC. Congressional legislation, such as Senate bill S.R. 3180 (the Spyware Control and Privacy Protection Act), will further help to raise user awareness and lift the concealing veil.
Until then, network administrators have few remedies at their disposal. The most obvious option is to disable the update agents, a process that's sometimes difficult because the code is usually an integral--and concealed--component of the primary application. Another option, touching on costly paranoia, uses a network sniffer to catch data packets entering and leaving the network. One alternative, available to shops with hardware firewalls in place, is to configure rules to trap outbound traffic to specific Web sites. This tactic assumes that administrators know that update agents are running and have the target site's IP address.
Finally, Geiger advises, you have recourse to the one strategy that usually succeeds: "Do business with vendors that have earned your trust, and take them at their word."
Great, now how about telling us what we can do to block the invaders out of our PC's??
It seems to me that you are full on about warning us in a sensational manner then leaving us hanging!!