NET SECURITY
What does it take to send a billion-dollar software company scrambling into high damage-control mode? For Richard M. Smith, all that's required is a laptop, a 56K modem, and a long weekend.
Smith, a 46-year-old former software exec, is the cybersleuth who's uncovered a rash of recent high-profile invasions of privacy. He discovered global unique identifiers, aka GUIDs, in Microsoft Office, and, most recently, uncovered a loophole in email software that enables unsolicited messages to retrieve personal information using anonymous Web cookies. Affected products included Netscape Communicator, Qualcomm Eudora, and Microsoft Outlook. Smith also fingered the author of the Melissa virus.
Plus he's the guy who - with a little help from a crypto-cracking pal in Australia - discovered that first RealJukebox then RealPlayer were using GUIDs to track customers on a daily basis. RealNetworks (which contends that it used the identifier only for aggregate market research) was forced to issue new privacy guidelines and a software patch. It now faces multiple class-action lawsuits.
"It's going to be very easy for consumer electronics to monitor us in ways we can't imagine," says Smith. "I'm hoping that can be nipped in the bud."
Smith, who retired as president of Phar Lap Software last year with plans to take some time off, now finds himself tackling Web issues full-time. He hacks from his home office in Brookline, Massachusetts, and posts privacy updates at www.tiac.net/users/smiths/.
Smith's new top priority: sniffing at portals and search engines that do the online profiling behind targeted Web advertising. "Many of those companies really don't want to talk about what they're doing," Smith says, "and that makes me wonder."
MUST READ
Silent Scream
Spy vs. Spy
Superhuman Hearing
Tracing Paper - with Lasers!
Kozmo's High Hopes
Ask Dr. Bob
Tails of the City
People
Jargon Watch
Beatnik's Remix
Digital Do
eBay's Top Cop
Scoring a Grammy
The Thing Network
Seeing Digital
Raw Data
