CDR: Re: CueCat tells tales...
Peter, this deal was inked by Wired magazine's marketing folks, and I have precisely zero contact with them. In other words, I have no clue, but can probably forward you in the right direction. --Declan At 12:15 9/20/2000 -0400, Peter Trei wrote:
Well, well well, this is interesting....
Along with my most recent issue of Wired (yes, I subscribe) I got a a little box containing a 'CueCat'. This is a barcode scanner shaped like a stylized kittycat, made by Digital Convergence.
See: www.digitalconvergence.com, www.crq.com, and www.cuecat.com
The idea is that I hook this up to my computer, install Digital Convergence's software, register with DC online (through, I note, a completely unsecured web form), and then, if I see an interesting ad, I can swipe the barcode in the ad instead of laboriously typing in a URL (at least some of the ads in this issue of Wired have only a barcode - no URL).
Well, it turns out that it does a little more than just point my browser at an advertiser's site. It apparently also sends a per-device serial number (bound to my registration, including the usual sacrifice of personal data) along with the barcode data, back to Digital Convergence. This functionality is not spelled out on their web page, which talks of taking users 'directly' to vendor websites.
DC thus gets to build a profile of my interests, bound to the name, address, etc I provided at registration.
DC does have a moderately good privacy policy stated on their web page, and claims they will never voluntarily release per-person data to third parties.
[It's a good thing that they say 'voluntarily', since the biggest item on their home page is a confession that they were successfully hacked and all the personal data may already have been copied! To their credit, they are up front about this.]
A lot of people have been looking at this device for purposes not sanctioned by DC. I'll leave it to the intelligent reader to find pages which tell you how to:
* read the barcodes with your own software, which need not bother telling DC what you're doing.
* generate your own barcodes - this is the neat application, because the CueCat becomes a general purpose BC reader.
* disable the serial number with a stroke of an Xacto knife.
or
* re-prog the EEPROM with a new serial number.
DC has been sending out Bigfoot letters to some of the amateur developers, and appears to think that these have actually had a significant effect.
-----
A question for Declan: Has Wired supplied DC with serial number <-> subscriber binding data?
FWIW, I have decided NOT to install this device.
Peter Trei
At 12:27 PM -0400 9/20/00, Declan McCullagh wrote:
Peter, this deal was inked by Wired magazine's marketing folks, and I have precisely zero contact with them. In other words, I have no clue, but can probably forward you in the right direction. --Declan
I guess this really does mark the transmogrification of "Wired" into a Panopticon-friendly corporatocracy. (Not that I ever expected otherwise of a company driven by glossy ads. The crypto and anarchy stuff is just a hint of danger to increase the sex appeal so more ads can be sold.)
At 12:15 9/20/2000 -0400, Peter Trei wrote:
Well, well well, this is interesting....
Along with my most recent issue of Wired (yes, I subscribe) I got a a little box containing a 'CueCat'. This is a barcode scanner shaped like a stylized kittycat, made by Digital Convergence. ...
Well, it turns out that it does a little more than just point my browser at an advertiser's site. It apparently also sends a per-device serial number (bound to my registration, including the usual sacrifice of personal data) along with the barcode data, back to Digital Convergence.
DC thus gets to build a profile of my interests, bound to the name, address, etc I provided at registration.
Sounds like another chance for "mixes" at physical meetings. Put your Cue Cat in a bowl with a bunch of others. Of course, folks may not want more physical spam arriving in their mailboxes. Or provide false addresses. Perhaps the addresses of Cue Cat or Wired staff?
DC does have a moderately good privacy policy stated on their web page, and claims they will never voluntarily release per-person data to third parties.
Being able to fake sincerity is essential to operating in the modern Internet business environment. Platitudes about customer privacy are necessary. Remember eToys. BTW, I just flipped through a copy of "Wired" in one of our bookstores. First time I've done so in a couple of years. Still dominated by ads, and blurbs on "cool stuff" that doesn't look very interesting to me. When "Wired" came out, it was heavily criticized for its "ransom note" style, and its clutter and visual confusion. Interestingly, now the very news stands themselves have become exemplars of this visual confusion: go into any "Borders" or "Barnes and Noble" and see literally 1500 magazines crowding the shelves. A dozen magazines on skateboarding, several dozen on "style".... magazines for women, for persons of peircing, for transgendered pizza deliverypersons, for any conceivable group. The whole news stand looks like a ransom note. --Tim May -- ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.
At 10:01 AM -0700 on 9/20/00, Tim May wrote:
The whole news stand looks like a ransom note.
--Tim May
Definitely one for my .sig file... Cheers, RAH -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "The whole news stand looks like a ransom note." --Tim May
participants (3)
-
Declan McCullagh
-
R. A. Hettinga
-
Tim May