Mac OS X OpinionSpy – same old, same old

Filed Under: Apple, Malware, OS X, Privacy

Mac-centric anti-malware outfit Intego has been warning of a Mac application which the company is calling OpinionSpy. According to Intego, the OpinionSpy application is downloaded as an adjunct to various innocent-sounding Mac freeware, including screen savers offered by a company calling itself 7art.

7art is a hard company to pin down, at least from its website. The "Contact Us" link takes you to a web ticket system, but doesn't provide any company information. There is no hint of where the company is actually based, though the 7art-screensavers domain is registered to an owner at a PO Box in Moscow, Russia.

The 7art privacy statement is bullish – "any personal information that you provide to our website shall stay absolutely safe, private and secure." But it still provides no hard details about the company.

So I tried out one of the 7art screensavers, called Color Therapy Clock ScreenSaver v.2.8. The installer advises me, through a popup dialog, that the screensaver is available for free because it's being bundled with software called PremierOpinion from a third party company, VoiceFive Inc.

The dialog explains that the function of PremierOpinion – indeed, apparently, its value, since it claims that it allows you to "voice [your] opinions" – is to monitor your online activities, including your purchasing behaviour. This suggests, though it does not expressly say, that it will peek at traffic which is sent over HTTPS, not just over HTTP, since online purchasing is supposed to be kept private from end to end, usually through the use of SSL.

This sounds terribly familiar. Very similar, in fact, to a Windows application called MarketScore, released by American company comScore some four or five years ago. You can read about the MarketScore software and the controversy it caused in my paper from the Virus Bulletin 2006 conference: Can strong authentication sort out phishing and fraud?.

As I wrote back in 2006, "comScore is no longer distributing Marketscore, perhaps due to the publicity it received when some American universities decided to block it outright, despite the strongly held tradition of academic freedom on their networks".

VoiceFive Inc, by the way, does include contact details – it is at number 11950 on the delighfully-named Democracy Drive in Reston, Virginia. And guess where comScore is based? Same address. Suite 600, if that matters.

Plus ça change, plus c'est la même chose.

My recommendation, even (or perhaps especially) if you live in the free world?

Don't agree to software which monitors and collects information about your on-line purchasing habits. Especially not in return for a screen saver.

, , , , , , , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog