CDR: Re: CueCat tells tales...
Declan McCullagh
declan at well.com
Wed Sep 20 09:27:39 PDT 2000
Peter, this deal was inked by Wired magazine's marketing folks, and I have
precisely zero contact with them. In other words, I have no clue, but can
probably forward you in the right direction. --Declan
At 12:15 9/20/2000 -0400, Peter Trei wrote:
>Well, well well, this is interesting....
>
>Along with my most recent issue of Wired (yes,
>I subscribe) I got a a little box containing
>a 'CueCat'. This is a barcode scanner shaped
>like a stylized kittycat, made by
>Digital Convergence.
>
>See:
>www.digitalconvergence.com,
>www.crq.com, and
>www.cuecat.com
>
>
>The idea is that I hook this up to my computer,
>install Digital Convergence's software, register
>with DC online (through, I note, a completely
>unsecured web form), and then, if I see an
>interesting ad, I can swipe the barcode in the
>ad instead of laboriously typing in a URL (at
>least some of the ads in this issue of Wired
>have only a barcode - no URL).
>
>Well, it turns out that it does a little more
>than just point my browser at an advertiser's
>site. It apparently also sends a per-device
>serial number (bound to my registration,
>including the usual sacrifice of personal data)
>along with the barcode data, back to Digital
>Convergence. This functionality is not spelled
>out on their web page, which talks of taking
>users 'directly' to vendor websites.
>
>DC thus gets to build a profile of my interests,
>bound to the name, address, etc I provided at
>registration.
>
>DC does have a moderately good privacy policy
>stated on their web page, and claims they
>will never voluntarily release per-person
>data to third parties.
>
>[It's a good thing that they say 'voluntarily',
>since the biggest item on their home page is a
>confession that they were successfully hacked
>and all the personal data may already have been
>copied! To their credit, they are up front about
>this.]
>
>A lot of people have been looking at this
>device for purposes not sanctioned by DC.
>I'll leave it to the intelligent reader to
>find pages which tell you how to:
>
>* read the barcodes with your own software,
> which need not bother telling DC what you're
> doing.
>
>* generate your own barcodes - this is the neat
> application, because the CueCat becomes a
> general purpose BC reader.
>
>* disable the serial number with a stroke of an
> Xacto knife.
>
>or
>
>* re-prog the EEPROM with a new serial number.
>
>DC has been sending out Bigfoot letters to some
>of the amateur developers, and appears to think
>that these have actually had a significant
>effect.
>
>-----
>
>A question for Declan: Has Wired supplied DC with
>serial number <-> subscriber binding data?
>
>FWIW, I have decided NOT to install this device.
>
>Peter Trei
More information about the cypherpunks-legacy
mailing list