The owner of Privacy.net and Network-Tools.com, Russ Smith, has filed a lawsuit against Microsoft, Cisco, Comcast and TRUSTe.

The lawsuit claims that Comcast, Microsoft, and Cisco collected information about Smith’s IP addresses and either put them on a “blacklist” or gave them a poor “Reputation Score.”  Comcast even blocked his communication link with a mail server he operates outside the Comcast network.  The suit claims that in order to collect this information in the first place Comcast, Cisco and Microsoft violated eavesdropping laws.  The suit goes on to claim that Comcast, Microsoft, and Cisco failed to adhere to their privacy policies.  When Smith tried to use the privacy policies of Comcast, Microsoft, and Cisco to correct the spammer accusations the companies balked.  Comcast even told him it didn’t matter what the privacy policy said, he wasn’t getting the information.  He filed complaints with the TRUSTe organization that verifies the privacy policies of Microsoft and Comcast but that did no good.

Previous lawsuits against these “blacklists” have been brought by commercial e-mailers against organizations such as Spamhaus. In this case the accused is not a commercial e-mail, not a spammer, and has no mailing lists of any sort.  The accused has even made presentations at the Federal Trade Commission against spammers and testified at the first “Spam Summit” more than 10 years ago.

For more information see Lawsuit.Privacy.net

NEWS RELEASE – October 2, 2009

 Comcast to Reduce Privacy Protection of Cable Customers

Ocean City, NJ – Millions of Comcast high-speed Internet subscribers will be losing the protection of the TRUSTe privacy policy verification program in a new Comcast privacy policy set to into effect Tuesday.  This is being done as a federal lawsuit against Comcast, TRUSTe, Microsoft and Cisco winds it way through the courts.  The new policy will remove the privacy protection of Internet subscribers from the Comcast.net website policy to the to the Comcast.com policy which is not covered by TRUSTe.

The lawsuit accuses Comcast, Microsoft, and Cisco of eavesdropping on Internet communications and developing IP address “blacklists” that resulted the blocking of e-mail communications.  The suit also alleges that the companies failed to adhere to their posted privacy policies that allow consumers to review the information collected about them so they may correct errors.  The claims include allegations that TRUSTe failed to legitimately adjudicate the complaints filed against Comcast and Microsoft. 

Cisco maintains an “IP Reputation” list at SenderBase.org and Microsoft maintains several lists called “blacklist.zap” via their FrontBridge service.  Many Internet posting indicate Microsoft has been blacklisting many small mail servers such as those operated by law firms that need security and archiving.

Cisco does not participate in the TRUSTe program and claims to have different privacy policies covering their different websites.  The suit also alleges that Cisco’s IronPort service claim of operating a “credit reporting service for email” is false advertising because they do not allow users to review and correct information collected about them.

The Plaintiff in the case is Russ Smith who operates privacy-related web sites such as Privacy.net and PrivacyPolicy.com and had testified at the first Federal Trade Commission “spam summit” in 1999.  According to Smith, both Microsoft and Cisco placed IP addresses used by Smith on “blacklists” and distributed the information to third parties causing his e-mail to be blocked.  Comcast actually blocked communications between his home and a mail server he operates outside the Comcast network to avoid using Comcast’s e-mail services.

Smith, who and has never been involved in “spamming” or commercial e-mailing, was repeatedly of accused of sending spam and using his e-mail for “improper purposes.”  Smith holds a professional security certification (CISSP) and objected to be accused as a “spammer.”  Smith tried to invoke the clauses in the online privacy policies that allowed access to the information collected and allow for corrections it but the Comcast, Cisco, and Microsoft all refused.  According to Smith, Comcast security personnel actually told him they didn’t care what the privacy policy said, he wasn’t getting it.  Comcast went on to tell him that if he paid for a higher level of service, there would not be blocking.  Smith claims this is ridiculous because security issues do not depend on the level of service purchased.  Comcast has now denied Smith access to any of his account information.

Microsoft and Cisco both said they would provide the information but they never did.  Smith filed a police report for eavesdropping after Comcast and Cisco told him they monitored his communications.  Comcast eventually changed their story and tried to blame the SpamHaus.org project. 

According to Smith, the TRUSTe system is useless as it only covers specific web sites, and not a company’s overall privacy practices.  When there is a potential problem companies just change their policies so TRUSTe no longer oversees their practices.  Smith also filed a complaint at the FTC against Microsoft for claiming in official proceedings that the entire company is covered by TRUSTe when the licensing only covers some of their web sites.  The suit also alleges Microsoft is tricking consumers into believing the TRUSTe-endorsed privacy policy covers the blacklists.

Smith has also lodged complaints at the Federal Trade Commission that accuses the agency of advising Internet companies to eavesdrop on Internet communications in the name of security while, at the same time, the FCC is advising companies not to eavesdrop.  According to Smith the FTC is not providing a consistent message.  He says the FTC never suggests the phone companies should listen to phone calls to decide when there is telemarketing fraud so they should not be doing it with Internet providers.  He also says the FTC should coordinate their advice with other agencies such as the FCC.  Smith also testified at the FTC’s do-not-call forum during the development of the National Do-Not-Call Registry. 

Smith says the companies all refuse to settle the matter and are trying to bog the matter down with legal motions.  In response Smith is currently working on an amended complaint that will provide details for all the activities that led up to the suit.  A court-ordered status conference in the lawsuit is scheduled for October 15 in Federal District court in Camden, NJ (Civil Action No. 1:09-cv-04567).  For more information contact SMITH (at) HELP.ORG.

The Internet Protocol Address, or IP address, is an address everyone must have when they connect to the Internet.  It is like the post office, if they didn’t have an address they could not deliver any mail. 

IP addresses are allocated to Internet Service providers around the world.  Users who connect to the Internet, web sites, or any computer connected to the Internet must have an address so they can receive messages. 

Is you IP address private?  The answer can be complicated.  Normally an Internet Service Provider (ISP) like AOL or Comcast has a record of all customers and what IP address was assigned.  If the information is requested by the Police or the courts it is normally available.  It depends on where you live whether this information is private.  Court cases in New Jersey say it is private, in Toronto courts say it is not.  The identity of subscriber can normally be traced back to the subscriber much like a phone number can be traced.

A user can go through a “proxy” to hide their IP address.  A proxy sits between the user and the Internet and makes all the request for the user.  This hides the user’s IP address much like a PO box hides a street address.  A proxy can also be used to circumvent web filters.

See the Privacy.net Analyzer to investigate your IP or Network-Tools.com to run tests on any IP address.

Internet cookies is simply a text file placed by a web site on your computer.  The text file is read every time you visit the web site.  The cookie can be used to keep track of what pages you visites, what you ordered, what ads you saw etc. 

A demonstration of cookies is found at CookieDemo.com.  At that site you can place and change cookies and display custom content.

This is a simple cookie tracking demonstration to show how a user can be tracked across many sites using a cookie.  The advertising banners are downloaded from a central server that sets the “third party” cookie.  “Third party” cookies mean cookies that are not placed by the web site actually being visited.  The cookie from the ad server is read each time a site is visited that runs the ads.   For this demonstration the banner ad is served from “track.privacy.net” and is shown in the upper frame of the page along with the cookie.

News.Privacy.net  |  Sports.Privacy.net  |  Politics.Privacy.net  |  See Your Profile

A company could track users and, if they also owned a search engine and other services where users register, an extensive profile could be developed.  The Google/Doubleclick DART cookie is one example where some of these things take place.  The information can be used to assist consumers to link up advertisers with the needs of the consumer.  The information could also be used against a person, such as part of a civil lawsuit or in a criminal prosecution.

Click to analyze your Internet connection (opens new window).  Note that this page runs tests, such as trying to open popup windows and checking for open ports.  It may trigger some warnings such as from a firewall.  The test does the following:

-Checks for pop-up windows

-Shows the browser “headers” which is the hidden information your web browser sends a web site.

-Checks to see if port 80 and 16771 are open to see if your browser shows images and if you have a firewall blocking traffic on port 16771.

-Checks your web browser version and determines the capabilities from a database.

-Checks for browser plug-ins that re installed.

-Traces your IP address. 

-Determine who owns the domain associated with the IP address of your Internet connection.

-Looks up your the servers that handle mail for the domain associated with the IP address of your Internet connection.

-Determine who manages the IP address of your Internet connection.

-Lists the installed fonts on your computer.