RealNetworks admits to new spyware bug Privacy from Companies7/26/2000; 3:16:56 PM (Actually, the Register is a little mistaken... it's not a "new" spyware bug... see iRights coverage July 17th, 2000.)'A flaw in RealNetworks RealDownload, Netscape/AOL Smart Download, and NetZip Download Demon, discovered by Gibson Research founder Steve Gibson, appears, at least in the case of RealNetworks, to be the result of ignorance rather than nefarious intentions, according to a FAQ hastily issued by the company.'"We weren't even aware [the flaw] was there," RealNetworks spokesman David Brotherton said in an interview with MSNBC. "We were not using it to log users behaviour in any way. The [unique identifier Gibson discovered] served no function we needed, and it has been eliminated."'Apparently, due to confusing information in Microsoft Windows developers' documentation (another shocker), an ID string the company had intended to be random actually identified users, and without RealNetworks knowledge.'I know this sounds like a little bending of the truth... but in Real's defense, it is plausible. To conduct any network transaction, unique identifiers are necessary. That is why your network interface is uniquely identified with a MAC address, built into the hardware at some point. (Even IP addresses are insufficiently unique; somebody else can claim them easily.) Since Microsoft provides a nice library function to generate a "UID", which is a highly random number (designed to be guarenteed unique to within some obscenely low probability of replication), it's natural that Real would use that function rather then write their own random number generator, which are notoriously tricky to actually get right.However, what the programmer may not have realized is that "UID", the word I carefully left undefined in the previous paragraph, stands for "Unique IDentifier", and while it will be random, if called in the same way produces identical numbers. It is plausible that the programmer(s) who made the decision to use that library function was unaware of that propery. I don't know if Real's excuses are true, just that it's plausible