Tweet
AN EVALUATION OF WHENU
PRIVACY CLAIMS AND CLIENT
SOFTWARE ARCHITECTURE
Richard Purcell, CEO
CORPORATE PRIVACY GROUP
A division of Three Forts, LLC
October 2004
THE ASSIGNMENT
Corporate Privacy Group (CPG) was asked by WhenU to investigate their statements
concerning consumer information privacy and the non-invasive advertising software they deploy.
The engagement is driven by continuing consumer concerns about invasive software, often
referred to as spyware, that compromise individual control over personal computers, Internet
services, and personal information. Corporate Privacy Group shares these concerns. We were
pleased to investigate the WhenU privacy statements and technologies to test their commitment to
consumer privacy.
The term spyware lacks any precision either in definition or application. It incorporates any
and every software program that a person might find distasteful. It has included programs designed
to collect keystrokes, advertising applications based on individuals Web browsing, cookies applied to
Web page visitors and auto-update programs delivering anti-virus and other security patches.
This year, efforts have been made to clarify the confusion by detailing the specific conditions
that are lacking in spyware applications. Those conditions, at the end of the day, include the lack of
transparency, choice and control. In other words, spyware is characterized as sneaky, prying and
stubborn. WhenU engaged Corporate Privacy Group to evaluate its public commitments to the
principles of transparency, choice and control and to investigate how well their client software
supported those principles.
BACKGROUND & QUALIFICATIONS
CORPORATE PRIVACY GROUP
Corporate Privacy Group is headed by Richard Purcell, an internationally recognized expert in
information privacy and consumer data protection. Mr. Purcell founded Microsofts global enterprise
privacy practice during his 10+ year tenure with that company. As Microsofts first Chief Privacy
Officer, he presided over the initial challenges facing technology companies in providing meaningful
privacy protections in their products and services.
Mr. Purcell developed one of the first enterprise privacy programs for a multi-national US
company. He founded Microsofts privacy program during the late 90s, taking the newly-created
CPO position in January 2000.
Mr. Purcell served on the Federal Trade Commissions Advisory Committee on Online Access
and Security, worked closely with the Worldwide Web Consortium (W3C) on the Platform for Privacy
Preferences (P3P), and contributed to the adoption of P3P in Microsoft Internet Explorer version 6.
In September, 2000, Mr. Purcell joined the Board of Directors for TRUSTe, the leading
organization for Web privacy trustmark seals. Later, Mr. Purcell joined the Board of Directors for the
Intl Association of Privacy Professionals. He also co-founded the Conference Boards Council of Chief
Privacy Officers.
Mr. Purcell left Microsoft in early 2003 in order to establish Corporate Privacy Group and
pursue his ambition as an independent expert for information privacy. He has since worked with
several Fortune 100 companies, developed Privacy Directions training courses, developed his
proprietary model for privacy management called 3PTSM, and spoken on privacy at numerous
gatherings.
PROSTRUCTURE CONSULTING
ProStructure Consulting provide services designing, securing, and monitoring computer
network infrastructures and servers. Founder A. Brandon Psmythe is a seven-year veteran of the
core IT team at Intel Corporation, where he designed the network and data center connectivity that
Intel's Pentium4 chipset was created upon. He also architected a unique and secure VPN solution
that allowed some of Intel's tool provider's to quickly test and diagnose problems with their tools,
without compromising any of the valuable Intellectual Property that these tools were working on.
Irving Popevetsky, CISSP, is Chief Security consultant at ProStructure. He has eight years
experience in IT and is a recognized expert in penetration testing, Web application security, incident
response reporting and UNIX systems engineering.
SUMMARY
In approaching this engagement, both CPG and our technology cohort, ProStructure
Consulting, were skeptical of the outcome. After all, the public debate over spyware and adware has
been heated, contentious, and charged with anger. Going in, we knew that we were addressing
adware, not spyware, technology. Still, we were prepared to investigate every angle of the
companys public statements and the consistency of their technical architectures support for those
statements. Our purpose was to discover any gaps between their statements of privacy protections
and their technical architectures implementation of that policy.
Over the past several years, many companies providing online advertising services have run
into significant privacy issues. The state of the art has focused on the development of very smart
algorithms able to determine best match between what consumers do and what they want. The
idea is that behavior indicates interest, often referred to as behavioral targeting. Online advertising
solutions therefore require collecting, analyzing, and testing millions of consumer records. Vast
consumer profiles have been created based, at least partly, on personal identity and information.
The result has been consumer anxiety over the use and security of this enormous amount of personal
information stored by these large companies acting on behalf of the advertisers themselves.
Not surprisingly, WhenUs model also concentrates on connecting consumer behavior and
desirable advertising outcomes. The very large difference, though, is that their innovative solution,
which is elegantly implemented, places the decision-processing on the individuals computer. They
thereby avoid the vast data collection and consumer profiling fueling consumer anxiety.
We found the WhenU software was thoughtfully designed and well-coded. Consistent with
company statements, it focuses on showing consumers relevant ads without compromising their
privacy.
PRIVACY STATEMENT
CPG pursued several areas to evaluate WhenU and its privacy promises.
MANAGEMENT
On 28 June 2004, I interviewed Mr. Avi Naider, WhenU CEO, by telephone. Avi consistently
demonstrated a clear understanding of the company vision for delivering advertising using privacyprotecting
client-side software. He emphasized the fundamental position that advertising must be
contextually accurate to be effective, a position that is strongly supported by the SaveNow
implementation.
Avi emphasized the implementation strategies that are very important to the operation of the
software:
�� The client installation includes an executable and a directory
�� The directory is constantly updated in small data bursts
�� The client installation sets up several GUIDs (Globally Unique Identifiers) used to
create the server ping for updates, to report the user machine configuration,
and to report user geography, where available
�� The network traffic does not include user personal information or persistent user
GUIDs
�� The directory includes client-side filters used to prevent sending terms that are
not useful or potentially embarrassing (e.g., terms for adult Web sites)
Overall, Avi was articulate, well-informed, and even passionate about the workings and
benefits of WhenU software. Following up, Avi forwarded a privacy evaluation report from April
2002. At that time, the company engaged Evolution Softworks of New York City to verify their
privacy policy and technology. We compared that privacy report to current conditions.
Conclusion
The WhenU privacy statement describes its commitment to privacy in consistent and
meaningful terms and translates that commitment to technical language that is appropriate and
accurate.
PRIVACY STATEMENT
Comparing the privacy assurances from the April 02 report and today shows no material
change between the periods. Those changes made, emphasized below using italics, are
clarifications, not material changes.
Statement Source April 02 Report July 04 Evaluation
(difference highlighted in italics)
License in BearShare
Installer WhenU does NOT assemble personally- Identical statement
identifiable profiles of SaveNow users
and personally identifiable information is
not required in order to use the
SaveNow software
License from Personally identifiable information Your personally identifiable information is
WhenU.com is NOT required in order to use the software not required in order to use the software.
License in
BearShare Installer SaveNow does NOT transmit a full Identical statement
history of URLS visited by the user to the
WhenU.com servers
License from
WhenU.com WhenU.com does NOT transmit URLS As you surf the Internet, your clickstream
visited by the user to WhenU.com or any data (i.e., a log of all sites you visit) is not
third party server transmitted to WhenU or any third party
server
License from WhenU.com does NOT track which ads WhenU.com does not track which ads and
WhenU.com and offers are seen or clicked on by offers you see as an individual user all our
individual machines analysis and tracking of ads is done in the
aggregate
As is the case with most companies, WhenU updates their privacy statement regularly in
order to clarify their practices. We found that these changes have not been the result of technical
changes but are due to their ongoing commitment to transparency. We provide further analysis
below under Personal Information.
PRIVACY CLAIMS AND CLIENT
SOFTWARE ARCHITECTURE
Richard Purcell, CEO
CORPORATE PRIVACY GROUP
A division of Three Forts, LLC
October 2004
THE ASSIGNMENT
Corporate Privacy Group (CPG) was asked by WhenU to investigate their statements
concerning consumer information privacy and the non-invasive advertising software they deploy.
The engagement is driven by continuing consumer concerns about invasive software, often
referred to as spyware, that compromise individual control over personal computers, Internet
services, and personal information. Corporate Privacy Group shares these concerns. We were
pleased to investigate the WhenU privacy statements and technologies to test their commitment to
consumer privacy.
The term spyware lacks any precision either in definition or application. It incorporates any
and every software program that a person might find distasteful. It has included programs designed
to collect keystrokes, advertising applications based on individuals Web browsing, cookies applied to
Web page visitors and auto-update programs delivering anti-virus and other security patches.
This year, efforts have been made to clarify the confusion by detailing the specific conditions
that are lacking in spyware applications. Those conditions, at the end of the day, include the lack of
transparency, choice and control. In other words, spyware is characterized as sneaky, prying and
stubborn. WhenU engaged Corporate Privacy Group to evaluate its public commitments to the
principles of transparency, choice and control and to investigate how well their client software
supported those principles.
BACKGROUND & QUALIFICATIONS
CORPORATE PRIVACY GROUP
Corporate Privacy Group is headed by Richard Purcell, an internationally recognized expert in
information privacy and consumer data protection. Mr. Purcell founded Microsofts global enterprise
privacy practice during his 10+ year tenure with that company. As Microsofts first Chief Privacy
Officer, he presided over the initial challenges facing technology companies in providing meaningful
privacy protections in their products and services.
Mr. Purcell developed one of the first enterprise privacy programs for a multi-national US
company. He founded Microsofts privacy program during the late 90s, taking the newly-created
CPO position in January 2000.
Mr. Purcell served on the Federal Trade Commissions Advisory Committee on Online Access
and Security, worked closely with the Worldwide Web Consortium (W3C) on the Platform for Privacy
Preferences (P3P), and contributed to the adoption of P3P in Microsoft Internet Explorer version 6.
In September, 2000, Mr. Purcell joined the Board of Directors for TRUSTe, the leading
organization for Web privacy trustmark seals. Later, Mr. Purcell joined the Board of Directors for the
Intl Association of Privacy Professionals. He also co-founded the Conference Boards Council of Chief
Privacy Officers.
Mr. Purcell left Microsoft in early 2003 in order to establish Corporate Privacy Group and
pursue his ambition as an independent expert for information privacy. He has since worked with
several Fortune 100 companies, developed Privacy Directions training courses, developed his
proprietary model for privacy management called 3PTSM, and spoken on privacy at numerous
gatherings.
PROSTRUCTURE CONSULTING
ProStructure Consulting provide services designing, securing, and monitoring computer
network infrastructures and servers. Founder A. Brandon Psmythe is a seven-year veteran of the
core IT team at Intel Corporation, where he designed the network and data center connectivity that
Intel's Pentium4 chipset was created upon. He also architected a unique and secure VPN solution
that allowed some of Intel's tool provider's to quickly test and diagnose problems with their tools,
without compromising any of the valuable Intellectual Property that these tools were working on.
Irving Popevetsky, CISSP, is Chief Security consultant at ProStructure. He has eight years
experience in IT and is a recognized expert in penetration testing, Web application security, incident
response reporting and UNIX systems engineering.
SUMMARY
In approaching this engagement, both CPG and our technology cohort, ProStructure
Consulting, were skeptical of the outcome. After all, the public debate over spyware and adware has
been heated, contentious, and charged with anger. Going in, we knew that we were addressing
adware, not spyware, technology. Still, we were prepared to investigate every angle of the
companys public statements and the consistency of their technical architectures support for those
statements. Our purpose was to discover any gaps between their statements of privacy protections
and their technical architectures implementation of that policy.
Over the past several years, many companies providing online advertising services have run
into significant privacy issues. The state of the art has focused on the development of very smart
algorithms able to determine best match between what consumers do and what they want. The
idea is that behavior indicates interest, often referred to as behavioral targeting. Online advertising
solutions therefore require collecting, analyzing, and testing millions of consumer records. Vast
consumer profiles have been created based, at least partly, on personal identity and information.
The result has been consumer anxiety over the use and security of this enormous amount of personal
information stored by these large companies acting on behalf of the advertisers themselves.
Not surprisingly, WhenUs model also concentrates on connecting consumer behavior and
desirable advertising outcomes. The very large difference, though, is that their innovative solution,
which is elegantly implemented, places the decision-processing on the individuals computer. They
thereby avoid the vast data collection and consumer profiling fueling consumer anxiety.
We found the WhenU software was thoughtfully designed and well-coded. Consistent with
company statements, it focuses on showing consumers relevant ads without compromising their
privacy.
PRIVACY STATEMENT
CPG pursued several areas to evaluate WhenU and its privacy promises.
MANAGEMENT
On 28 June 2004, I interviewed Mr. Avi Naider, WhenU CEO, by telephone. Avi consistently
demonstrated a clear understanding of the company vision for delivering advertising using privacyprotecting
client-side software. He emphasized the fundamental position that advertising must be
contextually accurate to be effective, a position that is strongly supported by the SaveNow
implementation.
Avi emphasized the implementation strategies that are very important to the operation of the
software:
�� The client installation includes an executable and a directory
�� The directory is constantly updated in small data bursts
�� The client installation sets up several GUIDs (Globally Unique Identifiers) used to
create the server ping for updates, to report the user machine configuration,
and to report user geography, where available
�� The network traffic does not include user personal information or persistent user
GUIDs
�� The directory includes client-side filters used to prevent sending terms that are
not useful or potentially embarrassing (e.g., terms for adult Web sites)
Overall, Avi was articulate, well-informed, and even passionate about the workings and
benefits of WhenU software. Following up, Avi forwarded a privacy evaluation report from April
2002. At that time, the company engaged Evolution Softworks of New York City to verify their
privacy policy and technology. We compared that privacy report to current conditions.
Conclusion
The WhenU privacy statement describes its commitment to privacy in consistent and
meaningful terms and translates that commitment to technical language that is appropriate and
accurate.
PRIVACY STATEMENT
Comparing the privacy assurances from the April 02 report and today shows no material
change between the periods. Those changes made, emphasized below using italics, are
clarifications, not material changes.
Statement Source April 02 Report July 04 Evaluation
(difference highlighted in italics)
License in BearShare
Installer WhenU does NOT assemble personally- Identical statement
identifiable profiles of SaveNow users
and personally identifiable information is
not required in order to use the
SaveNow software
License from Personally identifiable information Your personally identifiable information is
WhenU.com is NOT required in order to use the software not required in order to use the software.
License in
BearShare Installer SaveNow does NOT transmit a full Identical statement
history of URLS visited by the user to the
WhenU.com servers
License from
WhenU.com WhenU.com does NOT transmit URLS As you surf the Internet, your clickstream
visited by the user to WhenU.com or any data (i.e., a log of all sites you visit) is not
third party server transmitted to WhenU or any third party
server
License from WhenU.com does NOT track which ads WhenU.com does not track which ads and
WhenU.com and offers are seen or clicked on by offers you see as an individual user all our
individual machines analysis and tracking of ads is done in the
aggregate
As is the case with most companies, WhenU updates their privacy statement regularly in
order to clarify their practices. We found that these changes have not been the result of technical
changes but are due to their ongoing commitment to transparency. We provide further analysis
below under Personal Information.