Is Eudora snooping on you?
- — 05 September, 2000 16:03
That's the situation we currently find with the Eudora 4.3 e-mail client. And while the company that makes the program, Qualcomm, says no "personal information" is being sent to their servers, data is being sent from the program to a Qualcomm server, and most users probably don't know it.
People who download the popular mail client are probably familiar with the three levels of the program: Sponsored, Paid, and Light. As described by Eudora, Sponsored mode is "free with ads." Paid mode "costs money, [with] no ads," and Light mode is "free, [with] fewer features." So if you don't want to pay for the program, you can see Web-based ads or pick the Light version with no ads at all. End of story, right?
Well, not so fast. Recently a reader sent us an e-mail about an odd behavior he noticed while using Eudora. First, he tried out the full-featured, Sponsored version. Then he tested the free Light version, and found that it had all the features he needed.
When he connected to the Internet, he noticed something strange. The program was contacting a Eudora server, even though he was using the ostensibly ad-free Eudora Light.
"Eudora was clear about its fetching ads in the 'full-featured, free, paid-by-ads' mode, and I have no problem with that," the reader told us. "But the fact that after choosing the limited-feature mode the program continued connecting was totally unexplained and probably goes on undetected by the majority of users."
We sent an e-mail to Qualcomm and immediately received a response from the company's director of marketing for Eudora products, Jeremy James.
"Yes, Eudora 4.3.x in Light mode does touch the server periodically," James wrote. "The program checks to see whether the logo of a cobranding affiliate should appear in the Light and Sponsored modes."
In addition, "Eudora 4.3.x periodically touches the server to see if there is a newer version of Eudora available. This happens in all three modes of Eudora 4.3.x."
Qualcomm currently has a cobranding agreement with 3Com, which bundles Eudora with some of its modems. James said Qualcomm "would not consider a logo in an interface an advertisement. We wouldn't dispute that there's a marketing objective to displaying a logo. But it's not like ads are rotating though [Eudora's interface]."
James strongly emphasised that the Eudora applications do not transmit anything that can identify the user.
A Question of Privacy?
"This isn't unique to Eudora," says Robert Ellis Smith, publisher of the Privacy Journal, a monthly newsletter covering privacy and technology. Smith cites similar behavior from Real Networks' RealPlayer, which checks in the background for software updates. "Currently [Eudora] doesn't disclose personal information. Still, the intrusion of something on your screen [telling you whether an upgrade is available] is an invasion of privacy. It may be an acceptable one, but it is an invasion."
Our Eudora-using reader said it this way: "I don't expect that a mail client has any need to connect to external servers except when it is sending or receiving mail. Today such connections need to be documented and announced."
Qualcomm's James sees it differently: "If you go to the Help menu and select Payment & Registration and click on Find the Latest Version, you will have done manually what Eudora does automatically."
While you can't turn off the logo-serving function in Sponsored or Light mode, you can disable the function that checks for upgrades. And James says the company will update the Eudora privacy statement to let users know that Eudora contacts company Internet servers in all modes.