Creative Labs accused of spying
By CNET News.com Staff Published: June 13, 2001, 12:55 PM PDT Link(active as of 10/22/06): http://news.cnet.com/news/0-1006-200-6268905.html Link(active as of 10/22/06): http://www.kuro5hin.org/?op=displaystory;sid=2001/6/28/235018/395 Irate customers are accusing Creative Labs, the maker of digital-audio players and sound cards, of spying on them. The dispute revolves around a piece of software called newsupd.exe, installed with the software that comes with most Creative products. A number of customers say the software is connecting them to the Internet without their authorization and relaying data secretly back to Creative servers. People also say newsupd.exe installs itself on the sly. Creative admits the feature needs tweaking, but says it is basically there to help consumers. In an age when consumers are increasingly paranoid--often with reason--about where their personal data is being sent without their consent or knowledge, the Creative software has hit a raw nerve. "This isn't some sleazy shareware application downloaded from God-knows-where, but legitimately purchased hardware from a legitimate-looking company, that is installing advertising spyware along with its hardware drivers," wrote one person on Counterexploitation's Web site. "This is a clear betrayal of user trust." Milpitas, Calif.-based Creative makes Nomad portable digital-audio players and Sound Blaster sound cards. The company acknowledges it has received complaints about newsupd.exe but said there is nothing to get excited about because it is only there to alert consumers to software and hardware upgrades. "It shouldn't interfere with anything else going on," said Franco Debonis, Creative's European brand manager for audio products. "If you're not connected to the Internet, it doesn't do anything. It checks periodically to see if the connection is live. And if it is, it initiates server pushes down to the particular user." Nomad Jukebox The idea of automatically checking for upgrades is nothing new, but the difference appears to be that Creative's product designers did not think to alert people about what was happening. The company now admits that this was a mistake and promises that future versions of Creative software will fix the problem. Earlier versions of newsupd.exe, which has been around for about two years, did not include an option for turning the feature off, Debonis said, though this is now much easier to find. "We fed that back to the development team. They didn't think about people who wanted to disable it," Debonis said. Consumers said they are also upset because the first they learn of newsupd.exe's existence is when their antivirus software alerts them that newsupd.exe is trying to access the Internet or when it conflicts with their firewall. Some people assume it is a piece of malicious software, while others report that the mysterious code appeared to be using up disproportionate system resources or causing system crashes. Some followed a disabling procedure to no effect. "I...checked the option to disable the news updater, but the damn thing still tries to access the Internet," wrote one person on a Creative technical support newsgroup. Another troubling aspect of newsupd.exe is that it feeds information back to Creative Labs servers. Creative said the information does not contain any personal data. Debonis said complaints about the feature have only started coming in recently, possibly due to the spread of broadband, always-on Internet access, which gives newsupd.exe more opportunities to activate itself. Creative software doesn't yet notify people of the existence of newsupd.exe, Debonis said, but that functionality is planned for future products.