1995-09-17 - Re: AOL monitoring

Header Data

From: Ray Arachelian <sunder@amanda.dorsai.org>
To: “Vladimir Z. Nuri” <vznuri@netcom.com>
Message Hash: dd1cbaf2929190c08f75766309f964da4a741a714cdb79eea46815226f121a73
Message ID: <Pine.SUN.3.91.950917113021.11534E@amanda.dorsai.org>
Reply To: <199509162055.NAA22204@netcom3.netcom.com>
UTC Datetime: 1995-09-17 15:45:57 UTC
Raw Date: Sun, 17 Sep 95 08:45:57 PDT

Raw message

From: Ray Arachelian <sunder@amanda.dorsai.org>
Date: Sun, 17 Sep 95 08:45:57 PDT
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: AOL monitoring
In-Reply-To: <199509162055.NAA22204@netcom3.netcom.com>
Message-ID: <Pine.SUN.3.91.950917113021.11534E@amanda.dorsai.org>
MIME-Version: 1.0
Content-Type: text/plain


This sounds fishy to me.  Why would AOL need to download the databases of 
files you've downloaded to your hard drive?  I'm 99.9999% sure that they 
would keep their own logs about just what you do online.  They wouldn't 
have to steal a copy of the log from your hard drive to find this out...

A further hint as to why this won't work:  the client software doesn't 
keep track of which messages you've read in a discussion area, AOL's 
server's do.  How do I know this?  Because I use AOL on a Mac from home, 
and from Windows at work.  Completely separate installations, yet AOL 
remembers which messages are New or rather unread to me regardless of 
which of the clients I use.  So if they keep that info on their side, 
they sure as hell wouldn't keep the logs of the files you've downloaded 
on yours.  Making the download database read only is a silly measure, not 
likely to do anything for you.

If you want to protect what is on your system, it's easy.  Encrypt your 
whole hard drive except for about 20Mb or so, and don't mount the 
encrypted portion when going on AOL.  Leave a copy of Windows with 
nothing but AOL in it outside, and use that copy.  If their software 
tries to access another drive, they don't get a clue as to what you have 
or don't -- other than DOS and Windows and their client. :-)

There are probably a dozen more ways of doing this.... i.e. booting of a 
SyQuest or M.O. cartdrige, using another computer to download files, 
using another PC which has nothing on it, using these in combination with 
using another account - not just another screen name, etc.

Bad thing is that this will mean a lot of extra work on your part...  But 
from the sounds of this, the precautions offered here are just another 
net.legend in the making...

If I were AOL, I would have written their side of the software to track 
the files, not the client side.  Further, if I wanted to (I'm not AOL, 
nor do I want to do the following, nor do I have any knowledge of how 
AOL's clients were written...) if I wanted to check out your hard 
drive, I would include directory searching routines in the client, as 
well as a way to transfer info back on any file or the file itself to 
AOL.  However this would be obvious to any smart user as they would see 
their external modem's XMIT LED light up like christmas in a very 
suspicious way.

There is no way to know if such code exists in the AOL client, however, 
if there is, as unlikely as the possibily is, you still can hide your 
files from such possible privacy invasion techniques.

==========================================================================
 + ^ + |  Ray Arachelian | Amerika: The land of the Freeh. |   _ |>
  \|/  |sunder@dorsai.org| Where day by day, yet another   |   \ |
<--+-->|                 | Constitutional right vanishes.  |    \|
  /|\  |    Just Say     |                                 |    <|\
 + v + | "No" to the NSA!| Jail the censor, not the author!|    <| n
==========================================================================






Thread