Since mid-December a thread in several Usenet newsgroups has discussed a
privacy flaw affecting users of Quicken for Windows and Microsoft Money for
Windows. The banking service used by Intuit was sending a printout contain-
ing the cleartext Social Security number of its customers to the merchants
Michael Bryan posted the definitive summary
of the problem to comp.society.-
privacy on 12/18. It's stored on the TBTF archive by permission. Initially Intuit was
unresponsive to user complaints about the problem. Bryan's note was picked
up in the Computer Privacy Digest and other mailing lists and newsletters;
I received copies from four different sources on 12/21.
Rarely have I seen a privacy story break and be resolved so quickly. By mid-
day on 12/21 Intuit was promising to stop the practice and to have a fix in
place by 12/22 at the latest. I don't know what caused the rapid change of
heart -- calls from banks and newspapers as Bryan urged, or an internal pro-
cess within Intuit. (One Intuit employee reads the Cypherpunks mailing list,
and one was sent a copy of the Bryan posting.)
For the full history see Bryan's page at <http://www.mc4.com/mayo/quick.html>.
David Murray <sdavidm at iconz dot co dot nz> posted an insightful and well-reasoned
article to Cypherpunks on 12/21. In it he paints the international war
against money laundering as the natural antagonist of the fight for online
privacy rights. I've posted it on the TBTF archive by permission. Those
with alarmist tendencies will be alarmed by this well-documented account of
transgovernmental collusion. But Murray seems to be in no doubt as to the
outcome, and he's smiling.
Now that Java interpreters are in the hands of tens of thousands of users
of Netscape's beta browser (on all platforms but Macintosh and Windows 3.1),
where do you find Java code to download, run, and study? A registry at
<http://www.gamelan.com/> lists, at this writing, 593 Java resources. 286
of these work with the beta version of Java embodied in Netscape 2.0b3 --
the rest adhere to the alpha interface present in Sun's HotJava browser.
For those on platforms with a functioning Java-enabled browser but no native
Java compiler -- SunOS, IRIX, and HP-UX -- check out the Black Star Public
Java Compiler at <http://mars.blackstar.com/>. It presents a form that in-
terfaces with Sun's Java compiler to produce Java byte code for downloading.
The author is Elliote (Rusty) Herold <elliotte at blackstar dot com>.
The US Federal Trade Commission has launched an initiative to investigate
whether the information collected at Web sites should be the subject of
regulation by the FTC. The initiative covers both information deliberately
submitted by a visitor (for example, via a form) and information about what
pages a visitor selected.
This week the FTC set up a mailing list to encourage discussion on the topic.
It's lively. 143 names at this moment. Not often do anarchist cypherpunks
and email direct marketers get to sound off in the same forum. To subscribe,
send email without subject to email@example.com with message: subscribe .
If you'd rather that someone else subscribe and tell you if anything salient
happens, I'll be doing that.
For background on the FTC's thinking read a speech given on 11/1 by Commis-
sioner Christine Varney to the Privacy & American Business Conference in Wash-
ington, <http://www.webcom.com/~lewrose/speech/vprivacy.html>. An excerpt:
> "The FTC has undertaken a major Privacy Initiative to develop, in
> cooperation with industry and consumers, some answers...and to begin
> to incorporate these principles into our consumer protection mission...
> An important goal of the FTC's Privacy Initiative is to avoid cumber-
> some regulation by facilitating the development of a set of voluntary
> principles to govern the use of consumer information in on-line trans-
See also TBTF for 1997-10-20, 1996-10-31, 10-09, 09-08, 08-25, 1995-12-22, 11-29
Philip Stills wrote a self-help business book that he titled "GET A LIFE!"
After he built a Web page to promote it and nobody came, he obtained the
addresses of several thousand likely Usenet readers and sent them unsolic-
ited email suggesting that they buy his book. (The sources I've seen do not
say where Stills got the addresses, but it was most likely from DejaNews at
<http://www.dejanews.com/>, a favorite resource of commercial spammers.) His
Internet service provider, Sonic.net, terminated his account for gross vio-
lations of their published appropriate-use policy. Stills is sueing the ISP
for $5,000 in damages hoping to set a precedent "which will result in zero
tolerance to vulgar intimidation by a few radical, anti-capitalist zealots."
For a full account see <http://gnn.com/gnn/wr/dec8/news/spammer2.html>.
Email spam is evolving rapidly, the pitches increasing in sophistication in
the same way junk mail did a decade ago. Last Sunday I received a spam mes-
sage from <gtmpromo at icsi dot net> with the subject "ADVERTISEMENT -DELETE NOW IF
OFFENDED." The pitch begins:
> Yes it's an UNSOLICITED ADVERTISEMENT in your e-mail. And, yes,
> potential flamist, we know some folks consider it a "no-no". If you're
> one of those folks, and didn't delete this at our first prompting,
> please accept our apologies, and delete it now, and, if you feel you
> must, send us a nasty note telling us how terrible we are. Our e-mail
> and snail mail addresses are listed below.
> Frankly, though, we know of no other economical way to let you know
> about what we think is the neatest T-shirt line to be introduced since
> the sixties...
For previous discussions of the developing trends in Usenet and email spam,
see TBTF for 1995-12-06 and 1995-09-14.
>>From the Internet Patent News Service (1995-12-21):
> For some time, Apple and Microsoft have been discussing Apple's re-
> licensing of Microsoft's Windows, so that Apple can run Microsoft's
> operating system on some of its advanced computers along with its own
> operating system. A small percentage of Apple users like being able to
> run both systems.
> A new story on this morning's CNBC reports that Apple has broken off
> talks with Microsoft because Apple refuses to that notorious clause in
> Microsoft's licensing agreement that exempts Microsoft from patent
> infringement actions on the part of its licensees. Apparently Apple
> doesn't want to give such a free pass to Microsoft.
Finally, raise a glass today to Konrad Zuse, designer and builder of the
first general-purpose digital computer in 1941. Zuse died on Monday 12/18
at the age of 85. In December 1941 Zuse completed a machine that computed
in binary using floating point, had a 64-word memory, and was programmed
by paper tape. The machine, which Zuse later named "Z3," was destroyed in
>>Internet Patent News Service -- mail firstname.lastname@example.org
> with message: help .