CDR: Re: CueCat tells tales...

20 Sep 2000


      Peter, this deal was inked by Wired magazine's marketing folks, and I have 
precisely zero contact with them. In other words, I have no clue, but can 
probably forward you in the right direction. --Declan


At 12:15 9/20/2000 -0400, Peter Trei wrote:
...
Well, well well, this is interesting....
Along with my most recent issue of Wired (yes,
I subscribe) I got a a little box containing
a 'CueCat'. This is a barcode scanner shaped
like a stylized kittycat, made by
Digital Convergence.
See:
www.digitalconvergence.com,
www.crq.com, and
www.cuecat.com
The idea is that I hook this up to my computer,
install Digital Convergence's software, register
with DC online (through, I note, a completely
unsecured web form), and then, if I see an
interesting ad, I can swipe the barcode in the
ad instead of laboriously typing in a URL (at
least some of the ads in this issue of Wired
have only a barcode - no URL).
Well, it turns out that it does a little more
than just point my browser at an advertiser's
site. It apparently also sends a per-device
serial number (bound to my registration,
including the usual sacrifice of personal data)
along with the barcode data, back to Digital
Convergence. This functionality is not spelled
out on their web page, which talks of taking
users 'directly' to vendor websites.
DC thus gets to build a profile of my interests,
bound to the name, address, etc I provided at
registration.
DC does have a moderately good privacy policy
stated on their web page, and claims they
will never voluntarily release per-person
data to third parties.
[It's a good thing that they say 'voluntarily',
since the biggest item on their home page is a
confession that they were successfully hacked
and all the personal data may already have been
copied! To their credit, they are up front about
this.]
A lot of people have been looking at this
device for purposes not sanctioned by DC.
I'll leave it to the intelligent reader to
find pages which tell you how to:
* read the barcodes with your own software,
  which need not bother telling DC what you're
  doing.
* generate your own barcodes - this is the neat
  application, because the CueCat becomes a
  general purpose BC reader.
* disable the serial number with a stroke of an
  Xacto knife.
or
* re-prog the EEPROM with a new serial number.
DC has been sending out Bigfoot letters to some
of the amateur developers, and appears to think
that these have actually had a significant
effect.
-----
A question for Declan: Has Wired supplied DC with
serial number <-> subscriber binding data?
FWIW, I have decided NOT to install this device.
Peter Trei

Declan McCullagh

Tim May

R. A. Hettinga

tags

participants (3)