View Full Version : WhenU privacy report - Part 2

26.10.2005, 22:24
CPG concluded that WhenU has a clear record of consistency in its public commitment to
privacy and has modified its privacy statement only to clarify and enhance that commitment.

From the same April 2002 report from Evolution Softworks, we evaluated the way (at that
time) the SaveNow client application worked in order to test Avi Naiders explanation of the
application with the reports analysis. We found the expected consistency.
Next, we engaged an independent technical laboratory, ProStructure Consulting, of Portland
Oregon, to verify that the behavior of the SaveNow application is consistent between the April 02
report and today. Specifically, the lab investigated WhenUs client software for collection, correlation,
and transmission of personally identifiable information, or PII. Their report concludes that the
SaveNow software consistently supports the privacy protection claims. This conclusion came with a
thorough set of observations of the installation, use, and removal of the software.

The SaveNow software automatically pulls a database of triggering web sites and searches
and the code for the matching ad that should be displayed. Only when a matching website is hit or
the ensuing ad clicked will the Software notify the WhenU servers. In that case it does not send the
entire URL, only the pattern ID that was matched. A randomly generated ID string is created for
each new client which could be used to correlate the ID string to the ads viewed, however this could
not be mapped to an actual person and could not modify the type of ads the user received because
of the way the software works.
We are careful to note that there are instances when a users computer will send a truncated
URL back to the WhenU servers. For example, WhenUs technology incorporates keyword
algorithms (e.g. the word cruise twice in proximity to the word discount) that analyze web page
content to trigger select advertisements. The client-based algorithm is programmed to send a
truncated URL in such cases to allow the algorithm to be checked for validity and completeness and
eliminate false positives. WhenU previously encountered criticism for these types of
communications in the face of their statement about not sending clickstream data.
In the interest of transparency, WhenU updated their privacy statements to incorporate these
specific communications. They emphasized publicly that these truncated URLs involve minimal data
and are stripped of any unique identifiers. The intention is to evaluate and improve the accuracy of
the client-side application, not to track user behavior.
In assessing WhenUs technology and the manner these communications are used, we
determined that they are consistent with the company position that they do not violate user privacy,
cannot be used to assemble unique user profiles and do not constitute transmission of clickstream

Once the software sees that there is a valid connection to the Internet, it fetches an updated
Offers database from the WhenU servers. The Offers database contains a list of web site locations
and search strings, each matched with a unique Pattern ID number. After this, the location code is
determined when the software contacts the WhenU server and provides its IP address and from this
the Country, State and Region codes are set. This information is populated into the Registry and
local databases. One additional file is grabbed, called save.htm, which contains all of the JavaScript
logic that is used for displaying pop-ups. After this initial data is fetched, the client goes into a
pattern of regularly fetching database updates from the WhenU servers.
SaveNow then begins to focus on displaying pop-up ads and handling clicks on those ads.
To accomplish this, the process called Save.exe utilizes Internet Explorer as an embedded
application, making all file access to cookies and IE specific files appear to be coming from Save.exe.
SaveNow does store some data of its own at this point in the registry, including ads that have been
displayed and those which have been clicked on.

A distinguishing characteristic of principled downloadable applications is the ability to easily
uninstall the application. The SaveNow software qualifies as easy-to-remove, though it will not
uninstall without an Internet connection. The Internet connection is required to allow the program to
send an uninstall notification message to the WhenU servers. At that point, all of the Registry data
and files in the program installation directory are wiped clean. The Internet explorer cache and
cookies remain untouched.
We questioned the requirement for an Internet connection at uninstall. That requirement is
something of a dilemma for WhenU. One the one hand, it may be inconvenient for consumers, and
in some cases may prevent a timely uninstall. On the other hand, the information gained promotes
accuracy in the number of active users and so supports WhenUs commitment to transparency. In
the end, we are not recommending changing this practice.

CPG concluded that WhenUs client software architecture accurately and consistently
supports its public commitment to privacy protections.

Our report concludes that WhenU says what its software does and the software accurately
executes against those statements; there is no collection or transmission of personal information,
user profile, or other data that is privacy threatening.
In a world of anxiety about technology being used to invade individual privacy, intrude on
user control over their personal computers, and data collection and profiling of Web behaviors,
WhenU has distinguished itself as a principled player dedicated to transparency and user control of
personal information. We were happily surprised by the strength of commitment and consistency of
implementation we observed in their statements and technical architecture.
We believe the way the WhenU software application resides on a user machine is clever,
innovative and protective of consumer privacy. It makes regular (as often as daily) calls out to
WhenU servers in order to report state and use as well as to request updates based on use. The
servers respond with updated directory information that is the same for all users. Although an
individuals Web-browsing activity may affect which ads get chosen from those available in the
database, all users share the same database content. And in all of this activity, no personal
information is exchanged, no user profile data is compiled and no individual user is identified.
SaveNow is a very powerful tool that was obviously designed with growth, expandability and
upgradeability in mind. This well thought-out software is complemented by an intelligent privacy
policy with which it carefully complies, as this analysis has found.