Gathering User Info -- how much is spyware?

Sivakatirswami katir at hindu.org
Fri Jan 13 06:21:23 EST 2006


I'm finding myself more and more wishing I could get a total picture  
of the platform of the box for any particular user.

For in house, close to home associates I have developed a small  
"system" check stack  with a little script

Small stack opens with lovely image... one button:

Click to Analyze System

on mouseup

   Put "Platform: " & the platform & cr &\
   "Machine: " &  the machine & cr &\
   "System: " & the systemVersion & cr & \
       "Environment: " &  the environment & cr & \
       "Version: " &  the version & cr & \
       "Screen Bit Depth: " &the screenDepth & cr &\
   "Colors: "  &the screenColors & cr &\
   "Screen Rect: " &the screenRect \
       into fld "data"

## Run Revers: please feel free to extend the above
## as far as you possibly can in any direction
## I would like to know what is possible.

show fld "data" with wipe down

   wait 2 seconds
     put fld "data" into tBody
     put empty into fld "data"
     select after fld "data"
     set the typingrate to 50
     type "Preparing Email..."
   hide fld "data" with visual effect dissolve very fast

   put "System Check" into tSubject

   revGoURL ("mailto:user at domain.org?subject=" & tSubject & "&body="  
& tBody)

End mouseup

It works just dandy..

This leads to two questions:

1) how much more information can we gather?  In particular the user's  
RAM and hard drive space, as well as the presence of certain  
applications. If these came back home and you put them into a back  
end data base, you could do some very useful analyses of your user base.

  I believe I can search the archives for scripts that test for some  
of these things, especially the latter (apps available on the box)  
but if anyone has already developed a complete system check, please  
do share it.


Particularly, total, hard drive space, used and available are  
important variables in a scenario where you may be offering the user  
options to download literally gigabytes of data over time.

<aside>There is some attitude floating that "why are you worried,  
it's not your (provider's) problem, if I download stuff to my  
computer, my space issues are my problem...its not the responsibility  
of those offering the files" but I find this a bit callous and  
elitist in the sense that it makes no concession for those who I  
refer to as "super naive" users, who could (and do!) very easily fill  
up and crash their hard drive and have no clue what or how it  
happened. I'm working with enough of these types of late to have more  
respect for the depth of "cluelessness" in a world where "cyber  
machines" are becoming ubiquitous but training to use them is close  
to virtual zero.... the "plug and play" marketing strategy has it's  
downside...Given all the tools we have to help them not shoot  
themselves in the foot, why not help them? A simple "you are running  
out of room, what do you want me to do now?" seems the least we can  
do... but... it assumes we can actually programatically get that  
info.</aside>

2) the second question is broader and possibly should go into a  
different thread:  if one were to deploy an app that might be put to  
use by the 1000's (of public users...people you don't even know) and  
you wanted your app to send info back to "the mother ship" -- at what  
point does the "system check" start to evolve from  "innocent  
hardware-environment profile" to  "spy-ware."

Is there an existing legal definition of the line between these two  
kinds of data gathering operations. I know that MS dOES something  
like this but users had to check some "Help us improve our software"  
thing before it became active.  Adobe displays model dialogs and  
quite openly informs you, without any request for permission first,  
that data from your machine is being sent back to Amma. (I found, and  
still find, this just a bit disconcerting, even for such a trusted  
company)  Of course we all know of Sony's DVD fiasco. But I never  
actually saw what the Sony "spyware" was sending back home that was  
so "bad." Was it the data was so sensitive? or just the mere fact  
that a sniffer was there and no one knew about it?

One might think the criteria obvious and could develop a list of  
"innocuous" nonpersonal info and a list of "sensitive" info, (as  
Adobe obviously has already done) but I'm wondering if there is  
already a formalized standard for this dividing line.

Sivakatirswami
Himalayan Academy Publications
at Kauai's Hindu Monastery
katir at hindu.org

www.HimalayanAcademy.com,
www.HinduismToday.com
www.Gurudeva.org
www.Hindu.org





More information about the use-livecode mailing list