Verizon Spyware Issue
updated 6/2/2004
This is a VERY large web page. Click here to download a zip file of this page.
This web page provides documentation of my encounter with the Verizon "Welcome CD ROM", how it installed unwanted programs on my computer, and my attempt to communicate with Verizon on the matter.
Contained in this page are the following links. Click on the item listed below to go directly to that item.
Jay O'Brien
My explanatory notes concerning the material in this web page are in this font and color.
References
My email to Verizon on March 7, 2004, which restated all previous correspondence and includes technical details on the unwanted software.
Links to other reports of this spyware, included in my March 7 email to Verizon (updated as new links become known)
Non-responsive reply from Verizon Executive office on March 8, 2004, that deleted most of my correspondence.
Non-responsive reply from VZW Mobile Web on March 8, 2004, that deleted most of my correspondence.
My response to both March 8, 2004 replies from Verizon.
Replys from Verizon to my March 8 email
Followup reply from Verizon commits March 11 response
Article in Rio Linda Elverta News, March 11, 2004
Verizon missed their March 11 commitment; my email to them also identiifies ftc spyware workshop
My unanswered email sent to the James Tower company on March 6, 2004
My email sent to the President and CEO of Verizon Wireless on March 14, 2004
My follow-up email to Verizon management email addresses on March 17, 2004
Article published March 21,2004 in the Miami Herald, from The Record, Hackensack, N.J.
Another follow-up email to Verizon, sent on March 25, 2004
Automated responses to my follow-up March 25 email
"Real" responses to my March 25 email. Ron at Verizon is out of the office.
Ron at Verizon is back in the office. He expects to have information for me by March 31, 2004.
My follow-up email sent to the James Tower company on March 28, 2004
Ron at Verizon, on March 31, says "written response shortly."
My response, after more than 24 hours, asking when "shortly" will occur.
April 1 Email message from Verizon Vice President Marvin Davis
My response to Verizon Vice President Davis, sent April 2.
My comments to the FTC for its Spyware Workshop. Published by FTC April 2, 2004
Verizon still distributing spyware as of March 20, 2002
My follow-up message to Verizon Vice President Davis, as I received no response from him.
April 13 Email message from Verizon Vice President Marvin Davis, committments made.
My April 14 reply to VP Davis, in anticipation of information from IT department and new CDs.
My April 19 message to VP Davis, informing him that recent CD-ROMs still have traces of spyware
April 19 message from Verizon Executive Relations department, he is sending me new CDs.
My response to Verizon Executive Relations Department, awaiting the new CDs.
Phone call April 21 from Mr. Jody Citizen from Verizon - New CDs not available!
Verizon Wireless approval of my recap of April 21 phone call
My thanks to Verizon for the approved version of the phone call recap.
Article in Rio Linda Elverta News, May 6, 2004
Follow-up email to Mr. Jody Citizen, May 9, 2004
Verizon distributing spyware on new LG VX6000 phones
No response from Verizon, again
This is my email that restated all correspondence and provides technical details
-------- Original Message --------
Subject: Re: Spyware problem resolution: run around (KMM11970158V68397L0KM)
Date: Sun, 07 Mar 2004 17:29:57 -0800
From: Jay O'Brien <jayobrien@att.net>
To: VZW Customer Care SW2 <vzwkanacsCustCareSW2@gl.verizonwireless.com>
CC: VZW - Executive Office CA/NV <vzwkanacsexecofficeCANV@gl.verizonwireless.com>
Re:KMM11970158V68397L0KM
Dear Verizon,
I have placed the correspondence to date in this thread in date order, with the initial message at the beginning. My reply is below the previous correspondence. Following my reply are my contemporary notes on this issue.
Jay O'Brien
-------- Original Message --------
Subject: Spyware problem resolution: run around
Date: Fri, 05 Mar 2004 13:25:04 -0800
From: Jay O'Brien <jayobrien@att.net>
To: VZW - Executive Office CA/NV <execoffice.ca.nv@verizonwireless.com>
The CD you provided me with a new telephone installed spyware on my computer. The program is identified, in the program source code, as Verizon software. Your program is attempting to send my personal information to a James Tower company; I was not offered the opportunity to agree or decline.
I have sent webmail on this issue to you and it has not elicited a response.
I have called your customer service number who passed me off to LG, the manufacturer of the telephone. LG says the CD is supplied to them by Verizon and that I must deal with Verizon. A run-around, not a response to my complaint.
Please advise if the address to which I am sending this email is still a valid email address and if you will follow up if I send more supporting information.
Your boast that my problem is your problem seems to not hold water. Verizon is not responsive to this customer.
Jay O'Brien
-------- Original Message --------
Subject: www.verizonwireless.com: Your E-mail Was Received (KMM11954823V21943L0KM)
Date: Fri, 05 Mar 2004 16:25:48 -0500
From: VZW - Executive Office CA/NV <vzwkanacsexecofficeCANV@gl.verizonwireless.com>
Reply-To: VZW - Executive Office CA/NV <vzwkanacsexecofficeCANV@gl.verizonwireless.com>
To: Jay O'Brien <jayobrien@att.net>
Thank you for contacting our President. Your comments have been received and will be forwarded to our Executive Offices. You will be contacted within two business days.
-------- Original Message --------
Subject: Re: Spyware problem resolution: run around (KMM11970158V68397L0KM)
Date: Sun, 07 Mar 2004 09:18:48 -0500
From: VZW Customer Care SW2 <vzwkanacsCustCareSW2@gl.verizonwireless.com>
Reply-To: VZW Customer Care SW2 <vzwkanacsCustCareSW2@gl.verizonwireless.com>
To: Jay O'Brien <jayobrien@att.net>
Dear Jay O'Brien,
Thank you for contacting Verizon Wireless through our website.
We apologize for any inconvenience that you have experienced with the instructional CD, and we are happy to assist you. We apologize for any difficulties you have experienced with obtaining an answer to your concerns.
Verizon Wireless has launched an initiative designed to simplify your experience with their new device and service. Part of this initiative is an interactive "Welcome CD ROM" with audio and video that is included with many new wireless devices. The interactive CD ROM contains a device-specific interactive manual, benefits and advantages of Verizon Wireless service, and a link to our www.verizonwireless.com website.
To gauge the effectiveness of this CD ROM, the CD usage activity will be monitored while online to allow Verizon Wireless to collect anonymous information about usage. We do not track your personal information or activities on Websites outside of the CD or on our www.verizonwireless.com website. We aggregate this information and use it to evaluate and improve our communications. For more details, review our Privacy Statement at our www.verizonwireless.com website.
Some customers have noticed a file that is installed on their computer after viewing the CD ROM. This file will appear if the computer is not connected to the Internet when the CD ROM is viewed. The file is "noptify.exe" and is installed in a temporary folder on the user's hard drive. This occurs only on PCs and not Macs.
Following is additional information on the noptify.exe file:
· The file only installs if the viewer opens the disk when their computer is off line.
· No information about the viewer, their equipment, and/or software is collected.
· The file implements an incremental counter so Verizon Wireless can collect data on where customers are going for information on the CD.
· No information is collected or stored so nothing can be sold and shared. Once it reports the CD has been viewed off line, it deletes itself.
· The file lasts about 20 reboots, then it deletes itself unless it has already done so.
· If a customer has a firewall in place, it is likely they will see the program trying to contact the web via port 80. It is not uncommon for a firewall to see this type of thing.
Customers may manually delete the noptify.exe file the same way they would delete any file on their PC. Instructions to delete the file are as follows:
1. Locate it on your computer. (use "Search" function &/or Windows Explorer)
2. Highlight the file.
3. Press the delete key.
If a message appears that says "Access denied source file maybe in use," then:
1. Go into task manager (ctrl-alt-del) and click on the "processes" tab.
2. Select/highlight the "noptify.exe" file.
3. Click "End Task/Process."
4. Delete the file as noted above.
If the information above does not address your specific issue, please contact technical support for your computer manufacturer.
As part of our Worry Free Guarantee you will enjoy the largest, most reliable nationwide wireless network. Please write to us again through www.VerizonWireless.com if you have any further questions.
Sincerely,
Ron
Verizon Wireless
Customer Service
"We never stop working for you!"
The above response is subject to the terms of your Service Agreement and calling plan, which apply to all lines on your account. Please read those materials for full details. Our liability is limited. In the event of a conflict between this response and the terms of your Service Agreement and calling plan, the terms of your Service Agreement and calling plan will govern. Verizon Wireless's calling plans, rate areas, rates, agreement provisions, business practices, procedures and policies are subject to change as specified in the Service Agreement.
-------- Reply Message --------
Subject: Spyware problem resolution: run around
Date: March 7, 2004
From: Jay O'Brien <jayobrien@att.net>
To: VZW Customer Care SW2 <vzwkanacsCustCareSW2@gl.verizonwireless.com>
Cc: VZW - Executive Office CA/NV <vzwkanacsexecofficeCANV@gl.verizonwireless.com>
This is in response to your email to me sent March 7, 2004, at
9:18 AM EST.
Your message does not track with my understanding of the issue. Your email starts with the statement "Thank you for contacting Verizon Wireless through our website" even though my initial correspondence clearly identifies that you did not respond to my submission of correspondence through your website; instead, you are responding to email I sent to a direct email address I was given for your President some years ago.
The technical and privacy details you provided also do not track with what I have learned about your spyware program called "noptify.exe". I will respond to your assertions one at a time.
1. You state "CD usage activity will be monitored while online to allow Verizon Wireless to collect anonymous information about usage." You later state "Once it reports the CD has been viewed off line, it deletes itself." These two statements differ with each other; is it collecting information on line or off line? Further, the information is NOT anonymous, as the domain name and no doubt the originating IP address are collected, at the least.
2. You state "We do not track your personal information or activities on Websites outside of the CD or on our www.verizonwireless.com website. We aggregate this information and use it to evaluate and improve our communications. For more details, review our Privacy Statement at our www.verizonwireless.com website." Your privacy statement does not discuss the use of "noptify.exe" and nowhere do you explain that the information is collected by a third party, the James Tower company.
3. You state "Some customers have noticed a file that is installed on their computer after viewing the CD ROM. This file will appear if the computer is not connected to the Internet when the CD ROM is viewed." I disagree with your statement. In the case of both of my computers that were infected by your CD ROM, they were connected to the internet at the time the CD was inserted and run.
4. You state "The file is 'noptify.exe' and is installed in a temporary folder on the user's hard drive." I disagree. The file is installed in three places, not one. Without full technical details on the operation of the prefetch files, it is impossible to state that the prefetch files will not rewrite the exe file if it is deleted. The actual file locations and names are included below in my notes.
5. With reference to your noptify.exe file, you state "The file only installs if the viewer opens the disk when their computer is off line." I disagree, as in the cases of both of my infected computers, the computer was on line when I performed the action you call "the viewer opens the disk".
6. With reference to your noptify.exe file, you state "No information about the viewer, their equipment, and/or software is collected." I disagree, as the software that is run to create the message that is sent to James Tower Co. is running on the viewer's computer. Perhaps the only information collected may be that the noptify.exe program is running, but that disagrees with your statement that no information about software is collected. The noptify.exe program IS "software".
7. With reference to your noptify.exe file, you state "The file implements an incremental counter so Verizon Wireless can collect data on where customers are going for information on the CD", I disagree, as I understand your statement to say that information is collected also when accessing your web site.
8. With reference to your noptify.exe file, you state "No information is collected or stored so nothing can be sold and shared". I disagree, as your email to me admits that information is collected, even if the only information collected is what program is installed and running on a customer's computer. That is an unwanted, unauthorized invasion of my privacy.
9. With reference to your noptify.exe file, you state "Once it reports the CD has been viewed off line, it deletes itself." I disagree, as the program continues to run here.
10. With reference to your noptify.exe file, you state "The file lasts about 20 reboots, then it deletes itself unless it has already done so."I disagree. The program runs each time the computer reboots, and for 20 minutes attempts to contact James Tower Co. It makes four outgoing requests every minute, and after a total of 81 attempts, it removes itself from memory, to be placed in memory again the next time the computer is rebooted by virtue of a "run once" registry entry you placed in the computer.
11. With reference to your noptify.exe file, you state "If a customer has a firewall in place, it is likely they will see the program trying to contact the web via port 80." I disagree. The program first attempts to do a DNS lookup, using port 53 on a DNS server.
12. With reference to your noptify.exe file, you state "It is not uncommon for a firewall to see this type of thing." I disagree. If the computer owner determines what is installed on his computer, then the firewall action will not be a surprise. If the computer owner is in control of his computer, and controls what is installed on his computer, it is "uncommon for a firewall to see this type of thing" and is an alarming action, as it was for me.
13. You provide instructions on how to delete your noptify.exe spyware program. Your instructions are not complete as following them will only result in the deletion of one of the three files. The prefetch instances will not be removed by following your instructions. Your instructions completely ignore the four registry entries that should also be removed.
14. You state "If the information above does not address your specific issue, please contact technical support for your computer manufacturer." I have and I did. I built the computers, thus I am the "computer manufacturer". As the computer manufacturer, I disagree with your advice that I should be contacted to remove your spyware from a computer that I built. This is Verizon's problem, not the computer manufacturer's problem.
15. You state "As part of our Worry Free Guarantee you will enjoy the largest, most reliable nationwide wireless network. Please write to us again through www.VerizonWireless.com if you have any further questions." This statement is incorrect, as explained previously. Writing to you "again" is NOT through www.VerizonWireless.com, but via email as copied above. You did not respond to my original attempt to contact you via the web mail application.
That concludes my responses to your assertions. Now I will ask some questions for you to answer.
A. Your privacy statement explains your compliance with the TRUSTe privacy program; Has TRUSTe has been informed of your use of your noptify.exe program that reports data to James Tower Co. without the permission or notification of the person that provides the data so collected?
B. You installed a program on my computer without my knowledge or permission. You attempted to use that program to collect information about me or about my use of my computer or the software, including your CD ROM, that was running on my computer. That is an unwanted, unauthorized invasion of my privacy. I object. Please respond.
C. Your spyware will not work and collect data for you if the user is running a properly installed and configured firewall. Should it then be concluded that Verizon wishes its customers to NOT run a firewall so that Verizon can collect data? Do you realize that the data that James Tower Co. collects for you is ONLY from customers who do not run a properly configured firewall? Doesn't that skew the demographics collected by Tower for you? Are you aware that you are not getting ANY information from people who know how to administer their computers? Is it your intent to exclude all such knowledgeable customers?
D. You have violated my privacy, infected my computers, and then tried to justify your actions with misstatements of facts. Wouldn't it have been better, when I inserted the CD, if it came up and asked for my permission to install data gathering software on my computer, giving me the opportunity to say yes or no? Or would that taint the information collected if the originator is informed that you are collecting data?
E. Your removal instructions do not address the four registry entries made by your installation process; your removal instructions leave those run once (on each boot) and software registry entries intact. Why did you not address this issue with your removal instructions?
F. When I spoke to your representative on the telephone about this on March 4th, I was told that the CDs come from the Manufacturer of the handsets, LG, and I was given the runaround and passed off to LG for them to handle my complaint. It wasn't Verizon's responsibility, but LG's, they said. Why was I sent to LG for an answer they could not provide? Specific details are below in my notes.
G. Your response to me, in yet another runaround, says to contact the "computer manufacturer". Exactly what action do you expect from the manufacturer of the computer?
My contemporary notes on this issue are below so as to make this document complete and so that I am disclosing to you what I know about this issue; similar to my contention that you should have disclosed to me what you installed on my computer without my permission, violating my privacy.
I believe that all of your customers and potential customers should be made aware of what I find to be an egregious violation of my personal privacy by Verizon. Your action, in my opinion, to install spyware, is an inappropriate action to be imposed on your customers.
I await your response.
Jay O'Brien
Rio Linda, CA
My Notes:
=========
I bought a new wireless phone from Verizon. With it was a "Welcome" CD ROM. The CD is marked: "Verizon Wireless", "Welcome CD - ROM", "Getting to know your new phone & service", "To get the most out of this CD, make sure your computer is on line." "LG VX4400", CD4400VW", "Made with macromedia". There is a good reason to be on line. The Verizon CD installed spyware on my computer.
Running the welcome CD caused the process "Noptify.exe" to be installed on my computer.
Noptify.exe attempts to call out every minute, attempting to send data to http://tracker.zgate.com each time the computer is started. It makes four callout attempts each minute. When the total number of attempts reaches 81, the program shuts down, removing itself from memory. That takes 20 minutes. The spyware program runs every time the computer is started, even if the Verizon CD is not inserted into the computer.
Others have documented this intrusion, and a Google search for Noptify.exe will find such documentation. Apparently Verizon has contracted with a James Tower Company in Minnesota to track the computer usage of people who have run the CD.
The "quick reference guide" provided with the phone is marked on the back cover "P/N:MMBB0107801(1.0)". On the inside front cover, opposite page 1, it says "Don't forget to give the enclosed CD a whirl to see all the great things your new device and service can do. You'll also get a glimpse of all that Verizon Wireless has to offer." It doesn't mention that Verizon will install unwanted software on the computer that is used to read the CD.
2/29/04:
========
My first attempt to get an answer from Verizon was on Sunday, February 29. At the Verizon web site, under "Contact Us", I sent the following, also sending the last four digits of my Social Security number. I object to this unwarranted invasion of my privacy by Verizon.
* Indicates required fields.
First Name* Jay
Last Name* O'Brien
Email Address * jayobrien@att.net
Daytime Phone Number (was included on the web, deleted here for privacy)
Mobile Phone Number* (was included on the web, deleted here for privacy)
Last 4 digits of your Social Security Number or Account Password*
(was included on the web, deleted here for privacy)
Subject* Select the subject that best matches yours:
"I want to provide feedback on a product, service or person"
Related to your subject*
Select the subject that best relates to yours:
"I have an unresolved issue concerning a person, service or product"
Your question or comment
"I ran the CD that came with my new Verizon phone and it installed spyware on my computers. The spyware program, Noptify.exe, from Verizon Wireless, is attempting to send information about me to jamestower.com, apparently a marketing services company that prepared the CD for Verizon. I object. I was not allowed to provide permission for this intrusion into my privacy and I was not notified by your program of its operation.
Please explain and please provide full and detailed instructions for the removal of your program from my computers.
Jay O'Brien"
3/4/04:
=======
Received welcoming call from Verizon. I asked why I hadn't received an answer to the webmail I sent 2/29. He asked me to call 800-922-0204.
Called 800-922-0204. Jenifer, at 7:25PM, asked her Verizon manager and was told the CDs come from the Manufacturer of the handsets, LG, and that my question should be referred to LG. She called LG and added Glenda who put me through to her supervisor's voicemail. Her supervisor is Rhonda Shutt in Huntsville, Alabama. Phone 800 793-8896. I was told Shutt would call me 3/5/04.
3/5/04:
======
As I did not receive a call from LG, I called LG at 800 793-8896. Ms. Shutt was off today. I was transferred to Jason (I asked for his last name and his response was that he was the only Jason there). Jason says that LG has nothing to do with the CDs. Verizon supplies the CDs to LG, and LG puts them into the boxes. Jason was not aware of the spyware on the CD. Jason says I will have to deal with Verizon. He wished me good luck.
///// TECHNICAL NOTES ///////////////////////////////////////////////
Details following were confirmed on two different computers running Windows XP Professional:
Windows Task Manager reports Noptify.exe running, using 4,660K of memory.
Found in C:\Documents and Settings\<user>\Local Settings\Temp:
-------------------------------------------------------------------------
Noptify.exe
Properties are:
File Version 2.0.0.1
Description: Noptify MFC Application
Copyright: Copyright (C) 2002
Comments: Verizon Wireless
Found in C:\WINDOWS\Prefetch:
--------------------------------------
NOPTIFYINSTALL.EXE-2A6464DE.pf
NOPTIFY.EXE-0624C7DD.pf
Keys found in registry :
-------------------------------
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"VNoptify"="C:\\DOCUME~1\\<user>\\LOCALS~1\\Temp\\Noptify.exe http://tracker.zgate.com/cdtracker.cfm?strCDID=8343211E-BED3-4307-881A-3222EB8FB982&strViewType=off"
[HKEY_USERS\S-1-5-21-842925246-706699826-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"VNoptify"="C:\\DOCUME~1\\<user>\\LOCALS~1\\Temp\\Noptify.exe http://tracker.zgate.com/cdtracker.cfm?strCDID=8343211E-BED3-4307-881A-3222EB8FB982&strViewType=off"
[HKEY_CURRENT_USER\Software\VNoptify]
"VCDPreviouslyLoaded8343211E-BED3-4307-881A-3222EB8FB982"="1"
"Attempt8343211E-BED3-4307-881A-3222EB8FB982"="2" < Note: this value increments with each computer reboot.
[HKEY_USERS\S-1-5-21-842925246-706699826-1801674531-1003\Software\VNoptify]
"VCDPreviouslyLoaded8343211E-BED3-4307-881A-3222EB8FB982"="1"
"Attempt8343211E-BED3-4307-881A-3222EB8FB982"="2" < Note: this value increments with each computer reboot.
Details on the recipient of the data collected by the spyware:
--------------------------------------------------------------------------------
whois -h whois.networksolutions.com zgate.com
Registrant:
Taylor Corporation (ZGATE-DOM)
1725 Roe Crest Drive
North Mankato, MN 56002
US
Domain Name: ZGATE.COM
Administrative Contact:
Taylor Corporation (TXHXFRXTUO) domainadmin@zgate.com
1725 Roe Crest Drive
North Mankato, MN 56002
US
507-625-2828
Technical Contact:
Tech, Domain (TD108-ORG) domaintech@ZGATE.COM
Tech, Domain
1730 JAMES DR
NORTH MANKATO, MN 56003-1804
US
507-386-1845 fax: 507-386-1891
Record expires on 30-Mar-2008.
Record created on 29-Mar-1996.
Database last updated on 29-Feb-2004 15:41:13 EST.
Domain servers in listed order:
DNS1.TCMSP.NET 198.12.16.5
DNS2.TCMKT.NET 198.12.17.5
traceroute tracker.zgate.com
tracker.zgate.com resolves to 198.12.18.57
/snip/
13 198.12.18.57 63.940 ms tracker.jamestower.com
Information on James Tower Co.:
---------------------------------------------
http://jamestower.com -- Select Products then select CD Tracking:
"Tracking Technology allows you to generate comprehensive reports on the:
-Number of times your CD-ROM was viewed
-Sections of the CD-ROM that were of the most interest
-Frequency of a single CD-ROM being viewed
-Specific hyperlinks that viewers visited directly from the CD-ROM
-Emails or visits to your Web site that resulted from viewing the CD-ROM"
http://jamestower.com -- Select Contact:
James Tower
1985 Lookout Drive
North Mankato, MN 56003
Phone: 866.219.0263 Fax: 507.386.1891
Email: contact@jamestower.com
Links to other reports of this issue:
-----------------------------------------------
http://www.computing.net/security/wwwboard/forum/6702.html
Computing.Net - Verizon is hiding noptify.exe
http://www.advogato.org/person/forrest/diary.html?start=68
Diary for forrest
http://www.livejournal.com/users/fc4est/3423.html?mode=reply
Post Comment
http://www.spywareguide.com/product_show.php?id=655
Noptify
http://miataru.computing.net/security/wwwboard/forum/6468.html
Computing.Net - noptify.exe & Verizon
http://board.shodown.net/viewtopic.php?t=1553&view=previous
The Shodown Forum > View topic - verizon phone cd = spyware [noptify.exe]
http://www.infoworld.com/article/03/08/22/33OPcringely_1.html?security
InfoWorld: Did MS Blaster crash the power grid?: August 22, 2003: By Robert X. Cringely®: Security
http://www.2-spyware.com/parasite-noptify.html
Remove Noptify. Delete Adware Noptify from system
http://miataru.computing.net/security/wwwboard/forum/6468.html
Computing.Net - noptify.exe & Verizon
http://talk.assmotax.org/viewtopic.php?topic=2121&forum=32&9
Bloomington Alternative/AMCT Forums - View Topic
http://pdaphonehome.com/forums/showthread.php?threadid=26800
pdaPhoneHome.com - Spyware Warning for VZW 7135 users
http://www.lavasoftsupport.com/index.php?showtopic=14974&hl=noptify
Noptify.exe, Verizon - spyware
http://groups.google.com/groups?q=verizon+spyware+noptify&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=gtIHb.502308%24275.1413251%40attbi_s53&rnum=1
You have an unwelcome guest. noptify.exe
http://www.computerproblems.com/questions/question.cfm?id=9663
noptify.exe is spyware
http://www.spyany.com/program/article_spw_rm_noptify.html
Remove Noptify - Adware Spyware Removal Instructions
http://www.regblock.com/product_show.php?id=655
No warning is given to customers
And to top it all off, Verizon offers a security service!
---------------------------------------------------------
http://www.nwfusion.com/edge/news/2003/1016vzsec.html
/end/
This March 8 email from Verizon executive office opted to not quote my questions "as it exceeds the maximum capacity of this email system."
-------- Original Message --------
Subject: Re: Re: Spyware problem resolution: run around (KMM11980170V54977L0KM)
Date: Mon, 08 Mar 2004 10:14:30 -0500
From: VZW - Executive Office CA/NV <vzwkanacsexecofficeCANV@gl.verizonwireless.com>
Reply-To: VZW - Executive Office CA/NV <vzwkanacsexecofficeCANV@gl.verizonwireless.com>
To: Jay O'Brien <jayobrien@att.net>
Dear Jay O'Brien,
Thank you for contacting Verizon Wireless.
I apologize for any confusion with the wording of the header in the previous response. The email address you are using to contact us delivers the email to the Internet Response Team. There is not an email address for the Executive Office of Verizon Wireless, however there is a physical address.
Verizon Wireless
West Area Headquarters
15505 Sand Canyon Ave
Irvine, CA 92618
I have forwarded your concerns regarding the Welcome CD to members of our Marketing Team. As the only contact information you have provided is your email address, you will be contacted via that email address when a response to your concerns is available.
The majority of the response thread to this email has been removed, as it exceeds the maximum capacity of this email system.
As part of our Worry Free Guarantee you will enjoy the largest, most reliable nationwide wireless network. Please write to us again if you have any further questions.
Sincerely,
Ron
Verizon Wireless
Customer Service
"We never stop working for you!"
The above response is subject to the terms of your Service Agreement and calling plan, which apply to all lines on your account. Please read those materials for full details. Our liability is limited. In the event of a conflict between this response and the terms of your Service Agreement and calling plan, the terms of your Service Agreement and calling plan will govern. Verizon Wireless's calling plans, rate areas, rates, agreement provisions, business practices, procedures and policies are subject to change as specified in the Service Agreement.
Original Message Follows:
------------------------
Re:KMM11970158V68397L0KM
Dear Verizon,
I have placed the correspondence to date in this thread in date order, with the initial message at the beginning. My reply is below the previous correspondence. Following my reply are my contemporary notes on this issue.
Jay O'Brien
I have snipped the text of messages below that were included with this Verizon message that were part of my March 7 email to verizon. I will leave in the headers for reference.
-------- Original Message --------
Subject: Spyware problem resolution: run around
Date: Fri, 05 Mar 2004 13:25:04 -0800
From: Jay O'Brien <jayobrien@att.net>
To: VZW - Executive Office CA/NV
<execoffice.ca.nv@verizonwireless.com>
[text snipped here - Scroll up to review this message]
-------- Original Message --------
Subject: www.verizonwireless.com: Your E-mail Was Received (KMM11954823V21943L0KM)
Date: Fri, 05 Mar 2004 16:25:48 -0500
From: VZW - Executive Office CA/NV <vzwkanacsexecofficeCANV@gl.verizonwireless.com>
Reply-To: VZW - Executive Office CA/NV <vzwkanacsexecofficeCANV@gl.verizonwireless.com>
To: Jay O'Brien <jayobrien@att.net>
[text snipped here - Scroll up to review this message]
-------- Original Message --------
Subject: Re: Spyware problem resolution: run around (KMM11970158V68397L0KM)
Date: Sun, 07 Mar 2004 09:18:48 -0500
From: VZW Customer Care SW2 <vzwkanacsCustCareSW2@gl.verizonwireless.com>
Reply-To: VZW Customer Care SW2 <vzwkanacsCustCareSW2@gl.verizonwireless.com>
To: Jay O'Brien <jayobrien@att.net>
[text snipped here - Scroll up to review this message]
This March 8 email from VZW Mobile Web opted to not quote my questions
-------- Original Message --------
Subject: Re: Re: Re: Spyware problem resolution: run around (KMM11982530V62759L0KM)
Date: Mon, 08 Mar 2004 11:23:38 -0500
From: VZW - Mobile Web <vzwkanacsMobileWeb@gl.verizonwireless.com>
Reply-To: VZW - Mobile Web <vzwkanacsMobileWeb@gl.verizonwireless.com>
To: Jay O'Brien <jayobrien@att.net>
Hello Jay,
Thank you for contacting the Verizon Wireless website. We are sorry to learn that you are having difficulty with the software from the CD.
Contained within this e-mail is information on how to remove this program from your computer. Listed below is information on why this software is contained on the CD.
Verizon Wireless is launching an initiative designed to simplify our customers' experience with their new device and service. Part of this initiative is an interactive Welcome CD ROM with audio and video that is included with many new wireless devices. The interactive CD ROM contains a device-specific interactive manual, benefits and advantages of Verizon Wireless service, and a link to www.verizonwireless.com.
To gauge the effectiveness of this CD ROM, the CD usage activity will be monitored while online to allow Verizon Wireless to collect anonymous information about usage. We do not track your personal information or activities on Websites outside of the CD or on www.verizonwireless.com. We aggregate this information and use it to evaluate and improve our communications. For more details, review our Privacy Statement at www.verizonwireless.com.
Some customers have noticed a file that is installed on their computer after viewing the CD ROM. This file will appear if the computer is not connected to the Internet when the CD ROM is viewed. The file is "noptify.exe" and is installed in a temp folder on the user's hard drive. This occurs only on PCs and not Macintosh machines.
Additional Information on the noptify.exe file:
· The file only installs if the viewer opens the disk when their computer is off line.
· No information about the viewer, their equipment, and/or software is collected.
· The file implements an incremental counter so Verizon Wireless can collect data on where customers are going for information on the CD.
· No information is collected or stored so nothing can be sold and shared. Once it reports the CD has been viewed off line, it deletes itself.
· The file lasts about 20 reboots, then it deletes itself unless it has already done so.
· If a customer has a firewall in place, it is likely they will see the program trying to contact the web via port 80. It is not uncommon for a firewall to see this type of thing.
Customers may manually delete the noptify.exe file the same way they would delete any file on their PC. Instructions to delete the file are as follows:
1. Locate it on your computer. (use "Search" function &/or Windows Explorer)
2. Highlight the file.
3. Press the delete key.
If a message appears that says "Access denied source file maybe in use," then:
1. Go into task manager (ctrl-alt-del) and click on the processes tab.
2. Select/highlight the "noptify.exe" file.
3. Click End Task/Process.
4. Delete the file as noted above.
If you have further questions or concerns, please contact us anytime through e-mail using the address of wirelessdata@verizonwireless.com. We appreciate your business and thank you for choosing Verizon Wireless.
Sincerely,
Erik
Verizon Wireless
Wireless Data Technical Support
"We never stop working for you!"
The above response is subject to the terms of your Service Agreement and calling plan, which apply to all lines on your account. Please read those materials for full details. Our liability is limited. In the event of a conflict between this response and the terms of your Service Agreement and calling plan, the terms of your Service Agreement and calling plan will govern. Verizon Wireless's calling plans, rate areas, rates, agreement provisions, business practices, procedures and policies are subject to change as specified in the Service Agreement.
Original Message Follows:
------------------------
Original Message Follows:
------------------------
Re:KMM11970158V68397L0KM
Dear Verizon,
I have placed the correspondence to date in this thread in date order, with the initial message at the beginning. My reply is below the previous correspondence. Following my reply are my contemporary notes on this issue.
Jay O'Brien
-------- Original Message --------
Subject: Spyware problem resolution: run around
Date: Fri, 05 Mar 2004 13:25:04 -0800
From: Jay O'Brien <jayobrien@att.net>
To: VZW - Executive Office CA/NV <execoffice.ca.nv@verizonwireless.com>
[text snipped here - Scroll up to review this message]
My response to both March 8 emails from Verizon
-------- Original Message --------
Subject: Re: Spyware problem resolution: run around (KMM11980170V54977L0KM) (KMM11982530V62759L0KM)
Date: Mon, 08 Mar 2004 13:42:43 -0800
From: Jay O'Brien <jayobrien@att.net>
To: VZW - Executive Office CA/NV <vzwkanacsexecofficeCANV@gl.verizonwireless.com>
VZW - Mobile Web <vzwkanacsMobileWeb@gl.verizonwireless.com>
To: VZW - Executive Office CA/NV (KMM11980170V54977L0KM) (Ron)
VZW - Mobile Web (KMM11982530V62759L0KM) (Erik)
I received two replies from Verizon today to the correspondence I sent to you on March 7, 2004. I note that another case number has been established, so I have included both of them in this message. In both cases you left out all of my questions when you copied my message back to me in your replies. Complete copies of your replies are included with this message for your reference.
Neither of your replies are responsive to my questions or to my concerns. Your replies merely repeated what was initially sent to me, the same information that prompted my first responses and the questions you have not answered.
I have placed this entire communications thread on the web for reference, as in your replies to me you have opted to delete the information I sent to you. It is important to me that anyone reading about this issue be fully informed.
Please refer to http://www.obri.net/verizon/ .
Will there be another reply to my correspondence that actually responds to my questions, or are the two messages I have received your official response to me? If there will be another reply, will it meet your two business day commitment made to me by the Verizon Executive office?
A prompt response is expected. Thank you.
Jay O'Brien
Replies from Verizon on March 8: Note there are two automatic responses, one for each case number. Following them is a third response, with a different case number. Note also that Mobile Web asserts an 8 hour response maximum, while the Executive Office can take up to two business days. The "real reply", however, taking 21 minutes, beat both commitments.
-------- Original Message --------
Subject: www.verizonwireless.com: Your E-mail was Received (KMM11989837V82275L0KM)
Date: Mon, 08 Mar 2004 16:44:53 -0500
From: VZW - Mobile Web <vzwkanacsMobileWeb@gl.verizonwireless.com>
Reply-To: VZW - Mobile Web <vzwkanacsMobileWeb@gl.verizonwireless.com>
To: Jay O'Brien <jayobrien@att.net>
Thank you for contacting Verizon Wireless and using our online customer service to address your needs. We welcome the opportunity to assist you. We have received your correspondence and will respond to your inquiry within 8 hours.
If you have additional questions or comments, please contact us at http://www.verizonwireless.com
Verizon Wireless Customer Service
-------- Original Message --------
Subject: www.verizonwireless.com: Your E-mail Was Received (KMM11989824V82251L0KM)
Date: Mon, 08 Mar 2004 16:44:55 -0500
From: VZW - Executive Office CA/NV <vzwkanacsexecofficeCANV@gl.verizonwireless.com>
Reply-To: VZW - Executive Office CA/NV <vzwkanacsexecofficeCANV@gl.verizonwireless.com>
To: Jay O'Brien <jayobrien@att.net>
Thank you for contacting our President. Your comments have been received and will be forwarded to our Executive Offices. You will be contacted within two business days.
-------- Original Message --------
Subject: Re: Re: Spyware problem resolution: run around (KMM11989993V82671L0KM)
Date: Mon, 08 Mar 2004 17:05:53 -0500
From: VZW - Executive Office CA/NV <vzwkanacsexecofficeCANV@gl.verizonwireless.com>
Reply-To: VZW - Executive Office CA/NV <vzwkanacsexecofficeCANV@gl.verizonwireless.com>
To: Jay O'Brien <jayobrien@att.net>
Dear Jay O'Brien,
Thank you for contacting Verizon Wireless.
I have received the two responses you sent to us.
Again, I apologize for any confusion with the responses. As stated in a previous response, the majority of the email thread has been removed from these responses, as it exceeds the maximum capacity of this email system.
A response to your questions and concerns is currently being researched. You will be contacted when the research is completed. Your patience in this matter is appreciated.
As part of our Worry Free Guarantee you will enjoy the largest, most reliable nationwide wireless network. Please write to us again through www.VerizonWireless.com if you have any further questions.
Sincerely,
Ron
Verizon Wireless
Customer Service
"We never stop working for you!"
The above response is subject to the terms of your Service Agreement and calling plan, which apply to all lines on your account. Please read those materials for full details. Our liability is limited. In the event of a conflict between this response and the terms of your Service Agreement and calling plan, the terms of your Service Agreement and calling plan will govern. Verizon Wireless's calling plans, rate areas, rates, agreement provisions, business practices, procedures and policies are subject to change as specified in the Service Agreement.
Reply from Verizon on March 10: This one commits a response by EOB March 11, 2004.
-------- Original Message --------
Subject: Re: Spyware problem resolution: run around (KMM12028364V55025L0KM)
Date: Wed, 10 Mar 2004 16:48:52 -0500
From: VZW Customer Care SW <vzwkanacsCustCareSW@gl.verizonwireless.com>
Reply-To: VZW Customer Care SW <vzwkanacsCustCareSW@gl.verizonwireless.com>
To: Jay O'Brien <jayobrien@att.net>
Dear Jay O'Brien,
I just wanted to contact you to let you know we are continuing to work on responses to your concerns with the Welcome CD. A response should be available by end of business on March 11, 2004.
As part of our Worry Free Guarantee you will enjoy the largest, most reliable nationwide wireless network. Please write to us again through www.VerizonWireless.com if you have any further questions.
Sincerely,
Ron
Verizon Wireless
Customer Service
"We never stop working for you!"
The above response is subject to the terms of your Service Agreement and calling plan, which apply to all lines on your account. Please read those materials for full details. Our liability is limited. In the event of a conflict between this response and the terms of your Service Agreement and calling plan, the terms of your Service Agreement and calling plan will govern. Verizon Wireless's calling plans, rate areas, rates, agreement provisions, business practices, procedures and policies are subject to change as specified in the Service Agreement.
(Note: Verizon did not meet their committment to provide a response "by end of business on March 11, 2004". I wrote a follow-up email on March 13 (see below).
I wrote this article, published in the Rio Linda Elverta News on March 11, 2004:
Verizon Spyware on your computer?
Welcome CD-ROM is culprit
by Jay O'Brien
With the recently enacted number portability FCC rule, my wife and I decided to combine our cellphones with one company. We decided on Verizon, as it has superior coverage in the areas we frequent.
We decided to get two new identical phone instruments so we could share one hands-free setup in our car. So far, we are quite happy with the new phones and Verizon's service. However, there's a catch.
With the new cellphones came a "Welcome CD-ROM". We ran the CD on our computers and found that it was about equivalent to the instruction book, and perhaps a bit more user friendly.
After removing the CD-ROMS, our computers started trying to call out on the internet! Fortunately, we run a firewall, and the attempts were blocked. The CD-ROM installed a spyware program, called Noptify.exe. Noptify tries to connect with a James Tower Company, in Minnesota.
James Tower, according to their web site, sells tracking technology that generates reports on the use of the CD-ROM, hyperlinks (on the internet) visited from the CD-ROM, and emails or visits to a web site that resulted from viewing the CD-ROM. It is collecting information on what actions are taken by a computer user.
Noptify is a "stealth" program. Unlike software that the user deliberately installs, there is no "uninstall" selection for the user to remove the program. Rather, the user is not even notified that it has been installed, much less how to uninstall it. Unless the user has a firewall, noptify just does its job of contacting James Tower in the background, with the user unaware. With a firewall, noptify tries to contact James Tower 81 times over a 20 minute period, then it removes itself until the next time the computer is rebooted.
I must wonder if Verizon realizes that the information it collects with its spyware program is only from computer users who have not installed and properly configured a firewall. Does Verizon not wish to gather information from people who know how to administer their computers? Whatever information Verizon captures with this spyware is skewed as a result of it not collecting data from everyone who uses their CD-ROM.
I queried Verizon via their web site and received no answer. I called Verizon on the phone, and was told that the CDs (even though they clearly say they are Verizon CDs) are furnished by the cellphone manufacturer, not Verizon, and that I would have to take my problem up with the manufacturer, not Verizon. I talked to the manufacturer, who informed me that Verizon furnishes the CDs; the manufacturer just puts them in the boxes. What a run-around.
I then emailed the Verizon President, using an old email address from several years ago. An email address not now available on the Verizon web site. I got a response, and Verizon admitted responsibility for the program. Verizon claims the program will remove itself after 20 reboots; I haven't checked this, but with the newfound reliability of Windows XP, that could take a year or more. And this all from running the Verizon welcome CD-ROM one time and then removing it immediately.
Verizon ultimately provided instructions to me on how to remove their Noptify spyware from my computer. Unfortunately their instructions are not complete, and their responses to my queries are vague and misleading. Following Verizon's removal instructions only removes a portion of what the CD-ROM installed when it was inserted into the computer.
In Windows there is a "registry" that tells the computer about installed software. Verizon's removal instructions don't remove the four registry entries that refer to Noptify. And Verizon's removal instructions remove only one of the three copies of Noptify their CD-ROM installs.
My communication with Verizon continues. Visit http://obri.net/verizon for more information and to see my attempts to communicate with Verizon.
In the meantime, if you get a Verizon "Welcome" CD-ROM, don't run it in your Windows computer!
Verizon missed their commitment; this is my reminder message to them. No response as of 3/17/04.
-------- Original Message --------
Subject: Re: Spyware problem resolution: run around (KMM12028364V55025L0KM)
Date: Sat, 13 Mar 2004 14:42:16 -0800
From: Jay O'Brien <jayobrien@att.net>
To: VZW Customer Care SW <vzwkanacsCustCareSW@gl.verizonwireless.com>
Ron,
I have received no response as committed by you to "be available by end of business on March 11, 2004". Was it sent to me?
Is Verizon aware of the ftc workshop on spyware scheduled for April 19, 2004? The ftc says it will "...explore the issues associated with the distribution and effects of software that aids in gathering information about a person or organization without their knowledge and which may send such information to another entity without the consumer's consent..." For details, see: http://www.ftc.gov/bcp/workshops/spyware/index.htm.
I note that the installation of spyware via demonstration CDs, in the manner of the Verizon CDs, has apparently not yet been identified to the ftc.
Jay O'Brien
My email to the James Tower company. No answer as of 3/17/04.
-------- Original Message --------
Subject: My computer is trying to call you. Why?
Date: Sat, 06 Mar 2004 12:22:12 -0800
From: Jay O'Brien <jayobrien@att.net>
To: contact@jamestower.com
A program called Noptify.exe has been installed on my PC without my consent. Every time I start the computer it attempts to send information to your 198.12.18.57 IP. It does this for 20 minutes and then it removes itself from memory.
What is this program, why is it on my computer, exactly what information is it supposed to send you, and how may I remove it?
Jay O'Brien
This is a link to the James Tower Co: http://jamestower.com/
I sent a follow-up message on March 28. Click here to jump ahead to that message.
I was told that Mr. Dennis Strigl was the President of Verizon, and that he would certainly respond. I sent this messageto him.
-------- Original Message --------
Subject: Potential bad press
Date: Sun, 14 Mar 2004 15:52:41 -0800
From: Jay O'Brien <jayobrien@att.net>
To: Dennis.Strigl@verizonwireless.com
Mr. Strigl,
You have been referred to me as a possible contact. Are you aware that Verizon is surreptitiously installing spyware on customers computers and tracking their activities?
Please review the article I wrote in our local newspaper, and please take the time to follow the link in that article to my web page with the supporting details.
Please visit http://rlenews.com/04/040311.html#verizon
I hope that you will get involved. I suspect that management has no idea what is going on with this issue. It has the potential to cast Verizon in a very bad light, and Verizon has an opportunity to take responsibility for the bad practice, and clean up its act before it hits the mainstream press.
Thank you,
Jay O'Brien
Rio Linda, CA
I determined that Mr. Strigl is, in fact, the President and CEO of Verizon Wireless. Click here for his official profile. Based on what I read about him, I'm convinced that once he is given and understands this information, he won't stand for the spyware. It just doesn't fit with what he says. Check the link from his profile to his executive speeches.
I obtained additional email addresses for the President and a Legal Department VP. I forwarded my March 14 message originally sent to President Strigl to these newfound email addresses. This is the email that served as a letter of transmittal.
-------- Original Message --------
Subject: Followup: Potential bad press
Date: Wed, 17 Mar 2004 19:48:15 -0800
From: Jay O'Brien <jayobrien@att.net>
To: Dennis Strigl <Strigde@HQ.verizonwireless.com>,
Mark Tulley <Tullesma@HQ.verizonwireless.com>
I sent an email March 14th to Dennis.Strigl@verizonwireless.com and I have not received any acknowledgment. This is a follow-up email. A copy of that email accompanies this message.
Today I was provided the two email addresses to which I am sending this follow-up email. I believe these addresses to be valid, but I cannot be sure of that fact.
I suggest that someone in Verizon upper management needs to become involved in this issue.
I would appreciate the courtesy of a reply.
Jay O'Brien
Verizon Wireless Subscriber
This article includes a quote from an interview the author did with me. He found this web page and followed up on it.
Verizon Wireless Spyware Attracts Criticism
By Brian Kladko, The Record, Hackensack, N.J. Knight Ridder/Tribune Business News
Mar. 21 - Verizon Wireless has quietly slipped a spyware program onto untold numbers of home computers.
The program, called noptify.exe, was part of an instructional CD-ROM packaged with Verizon mobile phones that hit stores last summer. The program monitors how customers were using the CD -- how often they viewed it and what sections they viewed -- and sent that information to a company working with Verizon.
Although the program didn't monitor anything else about the customer's computer use, it has sparked outrage from some who discovered it. Several people have complained through online forums.
"It offends me because they installed it on my computer without asking me or telling me," said Jay O'Brien, a California retiree who bought a phone last month. "I mean, the information they're trying to get, I don't mind. But I want to know that they're getting it."
The program would direct the computer to call out to the Internet, without any prompting from the user. If the user cut off the transmission, the program would try again a few minutes later.
"Spyware. From Verizon. Why would an otherwise reputable company take a sleazy 'because we can get away with it' attitude to compromising their users' privacy?" wrote Forrest Cahoon, a Minneapolis artist, on his Web log.
Bedminster-based Verizon Wireless began phasing out the program in the fall after receiving one complaint, said Brenda Raney, a company spokeswoman. It is being replaced with a CD that transmits information only when the customer is using it while online, she said. The new CD also contains a notice -- displayed when the CD is loaded -- that alerts customers to what is going on.
Raney said the company wasn't collecting personal information about customers or their computer use; it was only evaluating the effectiveness of the CD. But company officials realized some customers might think otherwise.
"We did not want our customers to assume that we were tracking private information or personal information," she said. "Privacy is important to us."
Raney would not say how many phones had been shipped with the original CD or how many might still be on shelves.
-----
To see more of The Record, or to subscribe to the newspaper, go to http://www.NorthJersey.com.
© 2004, The Record, Hackensack, N.J. Distributed by Knight Ridder/Tribune Business News. VZ, VODClick here for a direct link to the article as printed in the Miami Herald:
Click here for a direct link to the original article
Verizon continued to miss their commitment; this is another reminder message to them.
-------- Original Message --------
Subject: Re: Spyware problem resolution: run around (KMM12028364V55025L0KM)
Date: Thu, 25 Mar 2004 21:39:51 -0800
From: Jay O'Brien <jayobrien@att.net>
To: VZW Customer Care SW <vzwkanacsCustCareSW@gl.verizonwireless.com>
CC: VZW - Executive Office CA/NV <vzwkanacsexecofficeCANV@gl.verizonwireless.com>
Dear Verizon,
You committed a response "by end of business on March 11, 2004" and did not meet that committment. I sent a follow up email to you on March 13, 2004, and you have not replied to that email. The previous emails to which I refer are included with this message.
Does your lack of response mean that I am now being ignored by Verizon?
Jay O'Brien
I received two automated responses to the March 25 reminder in less than three minutes. Note the first Verizon response says they will respond within 8 hours, and the second response says within two business days. The first response was after 10 hours, not 8 as committed.
-------- Original Message --------
Subject: www.verizonwireless.com: Your E-mail was Received (KMM12272077V79648L0KM)
Date: Fri, 26 Mar 2004 00:40:54 -0500
From: VZW Customer Care SW <vzwkanacsCustCareSW@gl.verizonwireless.com>
Reply-To: VZW Customer Care SW <vzwkanacsCustCareSW@gl.verizonwireless.com>
To: Jay O'Brien <jayobrien@att.net>
Thank you for contacting Verizon Wireless and using our online customer service to address your needs. We welcome the opportunity to assist you. We have received your correspondence and will respond to your inquiry within 8 hours.
If you have additional questions or comments, please contact us at http://www.verizonwireless.com
Verizon Wireless Customer Service
Get the answers you need quickly online or by phone. Visit the "How To" page under the "Support" tab to view FAQs, equipment guides or animated demos on our products and services or login to My Account to handle account transactions like pay bill or change features. Next time you need to know your current balance or the last payment received and you can't go online, simply dial #BAL plus send from your wireless phone. You'll hear your current balance and will receive a free TXT Message with the same info! For more information on self-serve options, visit verizonwireless.com/selfserve
-------- Original Message --------
Subject: www.verizonwireless.com: Your E-mail Was Received (KMM12272080V79713L0KM)
Date: Fri, 26 Mar 2004 00:42:05 -0500
From: VZW - Executive Office CA/NV <vzwkanacsexecofficeCANV@gl.verizonwireless.com>
Reply-To: VZW - Executive Office CA/NV <vzwkanacsexecofficeCANV@gl.verizonwireless.com>
To: Jay O'Brien <jayobrien@att.net>
Thank you for contacting our President. Your comments have been received and will be forwarded to our Executive Offices. You will be contacted within two business days.
Hours later, I received two "real" responses. Note the first thanks me for using the Verizon website, which is incorrect; I used email, not the website.
Apparently Ron is out of the office until either Sunday or Monday, depending on which of these responses you read. It appears that if he returns on Sunday, he will contact me then; but if he returns on Monday, he will contact me within 48 hours of his return.
-------- Original Message --------
Subject: Re: Re: Spyware problem resolution: run around (KMM12274594V11029L0KM)
Date: Fri, 26 Mar 2004 10:38:10 -0500
From: VZW Customer Care SW <vzwkanacsCustCareSW@gl.verizonwireless.com>
Reply-To: VZW Customer Care SW <vzwkanacsCustCareSW@gl.verizonwireless.com>
To: Jay O'Brien <jayobrien@att.net>
Dear Jay O'Brien,
Thank you for contacting Verizon Wireless through our website.
I am sorry for the delay in responding to you. Ron is not in the office until Sunday the 28th, I have asked him to contact you then.
Providing excellent customer service is a priority at Verizon Wireless. We would like to extend an invitation for you to participate in a short online survey regarding your recent experience with Verizon Wireless Customer Service via e-mail. This information will be used to determine the level of service you received when you e-mailed the Verizon Wireless Customer Service Center and not for
any other purposes. To access the survey, please click on the link provided:
http://survey2.greenfieldonline.com/wi/p16055959/i.asp?MPHONE=5555551212&AREA=W&CENTER=1
Thank you in advance for your participation - we appreciate your business with Verizon Wireless.
As part of our Worry Free Guarantee you will enjoy the largest, most reliable nationwide wireless network. Please write to us again through www.VerizonWireless.com if you have any further questions.
Sincerely,
Lee
Verizon Wireless
Customer Service
"We never stop working for you!"
-------- Original Message --------
Subject: Re: Spyware problem resolution: run around (KMM12278058V22167L0KM)
Date: Fri, 26 Mar 2004 12:37:48 -0500
From: VZW Customer Care SW <vzwkanacsCustCareSW@gl.verizonwireless.com>
Reply-To: VZW Customer Care SW <vzwkanacsCustCareSW@gl.verizonwireless.com>
To: Jay O'Brien <jayobrien@att.net>
Dear Jay O'Brien,
Thank you for contacting Verizon Wireless through our website.
We apologize for the inconvenience this issue has caused. It appears from your previous correspondence that this issue is being handled by our Internet Response Representative Ron. Unfortunately, Ron is not in the office today. Your e-mail has been forwarded to Ron for review. He will return to the office on Monday and should contact you within 48 hours of his return in regards to your inquiry.
As part of our Worry Free Guarantee you will enjoy the largest, most reliable nationwide wireless network. Please write to us again through www.VerizonWireless.com if you have any further questions.
Sincerely,
Collette
Verizon Wireless
Customer Service
"We never stop working for you!"
Ron answered me on Sunday. He says he expects information for me by March 31, 2004. The information is to come to him from Verizon corporate and legal offices. As he says, "We never stop working for you!"
-------- Original Message --------
Subject: Re: Spyware problem resolution: run around (KMM12301751V97084L0KM)
Date: Sun, 28 Mar 2004 13:11:37 -0500
From: VZW Customer Care SW <vzwkanacsCustCareSW@gl.verizonwireless.com>
Reply-To: VZW Customer Care SW <vzwkanacsCustCareSW@gl.verizonwireless.com>
To: Jay O'Brien <jayobrien@att.net>
Dear Jay O'Brien,
Thank you for contacting Verizon Wireless through our website.
I sincerely apologize for the delay in responding to you. I was not aware you had not yet been contacted by Verizon Wireless regarding your concerns. This case is being handled by individuals in our corporate and legal offices. I will attempt to obtain information related to this case, and will provide you with the information.
I would expect to have information by Wednesday, March 31, 2004, however this is contingent upon my receiving the information from the above mentioned departments, and the actual timeframe may vary from the above description.
As part of our Worry Free Guarantee you will enjoy the largest, most reliable nationwide wireless network. Please write to us again through www.VerizonWireless.com if you have any further questions.
Sincerely,
Ron
Verizon Wireless
Customer Service
"We never stop working for you!"
As nothing heard from James Tower company, I sent this follow-up message.
-------- Original Message --------
Subject: Followup: My computer is trying to call you. Why?]
Date: Sun, 28 Mar 2004 23:18:58 -0800
From: Jay O'Brien <jayobrien@att.net>
To: contact@jamestower.com
I emailed a question to you on March 6, 2004. I am including that email with this message.
I have not received a response from you. Are you truly a legitimate company, or are you a spyware purveyor? It seems that if you were a legitimate company that you would have answered my email by now.
Your response is requested.
Jay O'Brien
-------- Original Message --------
Subject: My computer is trying to call you. Why?
Date: Sat, 06 Mar 2004 12:22:12 -0800
From: Jay O'Brien <jayobrien@att.net>
To: contact@jamestower.com
A program called Noptify.exe has been installed on my PC without my consent. Every time I start the computer it attempts to send information to your 198.12.18.57 IP. It does this for 20 minutes and then it removes itself from memory.
What is this program, why is it on my computer, exactly what information is it supposed to send you, and how may I remove it?
Jay O'Brien
Ron's contact on March 31, as promised. As he says, "We never stop working for you!"
-------- Original Message --------
Subject: Re: Spyware problem resolution: run around (KMM12355818V54686L0KM)
Date: Wed, 31 Mar 2004 12:41:35 -0500
From: VZW Customer Care SW <vzwkanacsCustCareSW@gl.verizonwireless.com>
Reply-To: VZW Customer Care SW <vzwkanacsCustCareSW@gl.verizonwireless.com>
To: Jay O'Brien <jayobrien@att.net>
Dear Jay O'Brien,
Thank you for contacting Verizon Wireless.
As promised, I am contacting you with information regarding your concerns.
I have been informed you will be receiving a written response shortly.
This is the only information I have been provided with.
As part of our Worry Free Guarantee you will enjoy the largest, most reliable nationwide wireless network. Please write to us again through www.VerizonWireless.com if you have any further questions.
Sincerely,
Ron
Verizon Wireless
Customer Service
"We never stop working for you!"
Nothing heard for over 24 hours. My reply, asking when "shortly" will occur.
-------- Original Message --------
Subject: Re: Spyware problem resolution: run around (KMM12355818V54686L0KM)
Date: Thu, 01 Apr 2004 13:46:14 -0800
From: Jay O'Brien <jayobrien@att.net>
To: VZW Customer Care SW <vzwkanacsCustCareSW@gl.verizonwireless.com>
Ron,
Thank you for the commitment that I "will be receiving a written response shortly". It has now been well over 24 hours since you made that commitment for Verizon Wireless.
For the record, I provide the following information:
March 8: You responded to my correspondence: "I have forwarded your concerns regarding the Welcome CD to members of our Marketing Team ...you will be contacted ... when a response to your concerns is available." I also received a contemporary reply from Verizon Wireless Data Technical Support.
March 8: I responded "Neither of your replies are responsive to my questions or to my concerns."
March 8: You replied "A response to your questions and concerns is currently being researched. You will be contacted when the research is completed."
March 10: You advised "I just wanted to contact you to let you know we are continuing to work on responses to your concerns with the Welcome CD. A response should be available by end of business on March 11, 2004."
March 13: I sent email to you "I have received no response as committed by you to 'be available by end of business on March 11, 2004'".
March 25: I sent email to you "You committed a response "by end of business on March 11, 2004" and did not meet that commitment. I sent a follow up email to you on March 13, 2004, and you have not replied to that email."
March 28: You responded "This case is being handled by individuals in our corporate and legal offices. ... I would expect to have information by Wednesday, March 31, 2004..."
March 31: You advised: "I have been informed you will be receiving a written response shortly. This is the only information I have been provided with."
Ron, when will "shortly" occur? I anxiously await the written response you promised I would receive "shortly" from Verizon Wireless.
Jay O'Brien
Verizon Wireless customer
This message was received from Verizon's Vice President, Marvin Davis.
-------- Original Message --------
Subject: your question
Date: Thu, 1 Apr 2004 19:52:38 -0500
From: Marvin.Davis@VerizonWireless.com
To: jayobrien@att.net
Dear Mr. O'Brien:
Your letter to Denny Strigl was forwarded to me for response, as I am responsible for the CD Rom user manual project. As you are aware, the CD Roms were introduced last year to help customers navigate instructions associated with their new wireless service. Initially, the CD Rom created a file on customers' computers, so that when the customer went on line it "pushed" information to a Verizon Wireless vendor for tracking. The goal was to make sure the CD Rom was effective and to get a sense of where customers went on the CD for information. No personally identifiable information was gathered from any of our customers.
Within months of the introduction of the CD Rom, we decided that the process, which also caused some customers' security software to send out alerts, might cause customers unnecessary concern and inconvenience. We modified the CD to eliminate that aspect of the process in September 2003, and also provided instructions on how to delete the software to any customer who asked. Be aware that since we had very few customer complaints, the decision to modify the CD was solely based on internal discussions with employees who were concerned that the tracking process may be problematic for customers.
Even though the information was never sold or in any way used to compromise customers' privacy, we did not want customer perception to put us in a position of defending what we thought was a good way to improve our service. We did not track anything other than the usage of the CD and the software was designed to "self-destruct" after 20 start-ups. Our vendor, just like all third party vendors we hire to work with confidential information, was charged with adherence to the standards set forth in the Verizon Wireless privacy policy.
We feel that we have done everything possible to alleviate customers' concerns with this issue and at no time compromised our commitment to customers regarding privacy. It is unfortunate that you received one of the older CDs when you purchased your phone in February and we are researching how that happened to make sure other customers don't experience the same concerns that you have outlined in your previous communications.
I know that others have provided in-depth explanations regarding our intentions and our actions in previous correspondence, so I won't reiterate what has already been stated. Your continued correspondence, while well intentioned, will not elicit different responses since the CD Rom has been changed and the practice discontinued.
We apologize for the inconvenience and thank you for taking the time to write Verizon Wireless.
Regards,
Marvin Davis
Vice President, Advertising
Verizon Wireless
My response to Verizon's Vice President Marvin Davis.
-------- Original Message --------
Subject: CD Rom user manual tracking software
Date: Fri, 02 Apr 2004 10:46:50 -0800
From: Jay O'Brien <jayobrien@att.net>
To: Marvin.Davis@VerizonWireless.com
To: Marvin Davis
Vice President, Advertising
Verizon Wireless
Dear Mr. Davis,
Thank you for your message of April 1, 2004. I am pleased to learn that you have discontinued your practice of tracking customer use of the "Welcome" CD-ROM, or as you call it in your message, the "CD Rom user manual".
It is indeed unfortunate, however, that your employees didn't know that fact and instead tried to pass the issue off on the handset manufacturer and then tried to justify your practice with an official email. Your April 1 message to me concludes "Your continued correspondence, while well intentioned, will not elicit different responses since the CD Rom has been changed and the practice discontinued." Mr. Davis, I cannot accept your decision, as my CD-ROMs have not been changed, and as your practice was not discontinued for this customer. Even if the tracking software is completely excised from my computers, it will be reinstalled each time I use your CD Rom user manual.
I am aware that others have been told by Verizon employees that the CD-ROMs had been changed last year, removing the tracking software. However, as I purchased two phones on February 27, 2004, and they both came with CD-ROMs that installed the tracking software on two computers here, I discounted that third-hand information.
The files on the CD-ROMs have dates on them as late as June 4, 2003, thus I conclude the CD-ROMs were produced on that date or later. The User guide that came with my LG VX4400B phones carries a date of 2003.10.9 on page 126, so I conclude the phone was packaged on that date or later. You say that you modified the CD in September 2003. However, the CD-ROMs in the production process were apparently not replaced, as mine, packaged after October 9, came with a June 4 (or later) CD-ROM.
You state the software will "self-destruct" after 20 start-ups. That is not true, at least not on the XP Pro computer I used to test your statement. After 22 start-ups, each time waiting for your software to attempt to call out, it is still going strong. The registry entries you added to my computer to tally callout attempts now read 22; apparently the registry values have no effect on the program, or it requires more than 22 start-ups. It appears to me that noptify.exe will continue forever if left undisturbed.
Each time the computer is started, your program makes four attempts every minute to contact the James Tower Company. After 20 minutes, it stops until the next time the computer is started. During those 20 minutes, I dare not use the computer to capture digital video, as each minute the attempts to call James Tower can affect the video. I suggest that the 20 start-ups you mention are really the 20 attempts after each start-up to call out at one minute intervals. Perhaps the software provider did not understand your instructions for "self-destruct".
Even if the software does "self-destruct", every time a Verizon customer refers to your CD Rom user manual, the tracking software will be reinstalled. Then the computer will attempt callouts every minute for the first 20 minutes after each startup, with potential deleterious effect on other computer use.
You say Verizon "provided instructions on how to delete the software to any customer who asked". It really isn't that easy. I asked customer service, on the telephone, for exactly those instructions, and I was referred to the phone manufacturer, who merely inserts the CDs you provide in the boxes. I asked for exactly those instructions via web mail and did not receive any answer at all. I asked for exactly those instructions via email to your executive office; I was given removal information that is incomplete. The removal instruction is incomplete because your CD placed three variations of the tracking program on my computers; following your removal instruction only removes one of them.
In addition to the program files, running your CD-ROM causes four entries to be added to the computer registry. Two of these registry entries remain after following your removal instructions, along with two of the files installed by your CD-ROM. I want complete removal instructions that do not leave any artifacts, benign or otherwise. I did not know that you installed the spyware, I did not agree to the installation of the spyware, and now that I know that files and registry entries are there, I want your instructions on exactly how to remove them from my computer.
Full details on the files and entries may be found on my web page about this subject. Please visit http://obri.net/verizon/#040328 and scroll down to "TECHNICAL NOTES".
Mr. Davis, I expect more than "We apologize for the inconvenience". After all, Verizon repeats "We never stop working for you!" I ask you, while not stopping working for me, to take two actions for me.
One, please direct your engineering people to instruct me, and thus any others who also may have your unwanted files and entries on their computers, exactly how to completely remove everything you installed without our permission or knowledge.
Two, please mail me two new Welcome CD-ROMs for my phones that will not install spyware on my computers. I would like to use your CD Rom user manual, but every time I insert the CD-ROMs I now have into a computer they install your spyware.
As a good-faith effort to your customers, I suggest that Verizon should provide replacement CD-ROMs to every customer who was provided a spyware laden version. At the very least Verizon should warn its customers to not use the infected CD Rom user manuals.
Thank you,
Jay O'Brien
PO Box 700
Rio Linda, CA 95673
The Federal Trade Commission (FTC) posted my comment to their web site on April 2, 2004. It is comment number 40 on the FTC public comment web page, http://www.ftc.gov/os/comments/spyware/index.html. Click here for the FTC Spyware workshop notice
(Public Comment 40- FTC Spyware Workshop)
From: Jay O'Brien
Posted At: Saturday, March 20, 2004 3:02 AM
Posted To: spywareworkshop2004
Conversation: Spyware Workshop - Comment, P044509
Subject: Spyware Workshop - Comment, P044509
I note that one source of spyware does not seem to be identified in the information available about the upcoming workshop.
I suggest that the workshop also take into consideration the distribution of CD-ROMs that are described as "Welcome" or instructional CD-ROMs. For instance, one purveyor of cell phone service, Verizon, provides CD-ROMs with new cell phones and instructs the new customers to run the CD-ROMs in their personal computers and use the programs on the CD-ROM to learn about their new cell phones. What the customers are not told is that spyware is installed on their computers without their knowledge and that information is transmitted over the internet when the customer performs operations on his/her computer.
Please refer to this article in the Rio Linda Elverta News, March 11, 2004 for details. A link is provided in that article to further backup information.
http://rlenews.com/04/040311.html
Jay O'Brien
California
Verizon is still distributing spyware as of March 20th, and with a different phone than mine!
-------- Original Message --------
Subject: REF: Noptify Spyware still on CDs with new LG phones!
Date: Sun, 4 Apr 2004 20:40:06 -0400
From: Gary Hinkson
To: jayobrien@att.net
CC: Marvin.Davis@VerizonWireless.com
TO: Jay O'Brien
I bought two (2) phones from Verizon Wireless on March 20th . Two LG model VX3100, s/n ESN 03900186637, and s/n ESN03900085743. The CD-ROM still has the spyware. Norton Internet Security alerted me of “Noptify MFC Application....” the next time I booted my PC. I would not have been aware of its existence if I was not running Nortons Security.
I'd like to know how to eradicate all traces of this intrusive software from my system.
Thanks for not giving up!
Regards,
G. Hinkson
Midlothian, VA
No response received from the Verizon Vice President after a week. I sent this follow-up message.
-------- Original Message --------
Subject: Followup message: CD Rom user manual tracking software
Date: Fri, 09 Apr 2004 15:50:49 -0700
From: Jay O'Brien <jayobrien@att.net>
To: Marvin.Davis@VerizonWireless.com
Mr. Davis,
I sent a message to you a week ago, on April 2, 2004. I have not received a response from you.
A copy of that message is included. Did you receive my April 2 message?
Jay O'Brien
Click here to review the April 2, 2004 message I sent to Mr. Davis.
Response from Verizon Vice President , Advertising
-------- Original Message --------
Subject: RE: Followup message: CD Rom user manual tracking software
Date: Tue, 13 Apr 2004 17:46:42 -0400
From: Marvin.Davis@VerizonWireless.com
To: jayobrien@att.net
Mr. O'Brien,
Thank you for your e-mail. I did receive the first one last week. I apologize for not responding sooner, but I was traveling last week and am just now catching-up on my in-box. As you may imagine, I receive hundreds of e-mails per week.
In your note below, there are several specific technical assessments that are probably better addressed by our IT department. I have forwarded your e-mail to them so that you can receive a more complete response. I'll let you know when you can expect to receive it.
As I stated before, our intention and actions are to alleviate any customer concerns on privacy. Those actions have been outlined to you in previous correspondences so I will not restate them. That said, per your questions, we will confirm that this action plan is complete.
It's unfortunate that you view these responses as "sorry for the inconvenience." That point-of-view would suggest that no action is being taken. I assure you we are continuously working to address this.
As for your request for two new Welcome CDs, I will make sure you receive them this month.
Thanks again for taking the time to write Verizon Wireless.
Marvin Davis
I am looking forward to what Mr. Davis has promised.
-------- Original Message --------
Subject: Re: CD Rom user manual tracking software
Date: Wed, 14 Apr 2004 00:20:34 -0700
From: Jay O'Brien <jayobrien@att.net>
To: Marvin.Davis@VerizonWireless.com
Mr. Davis,
I look forward with anticipation to a more complete response from your IT department. Thank you for forwarding my e-mail to them.
I have received queries from other Verizon customers wishing to remove all traces of the tracking software; the most recent query I received is from a Verizon customer who purchased a new Motorola 730 phone on April 8th; the CD with that phone also installed the spyware. I plan to share the removal instructions I receive from your IT department with others via my website.
I also look forward to receiving the new CDs. My wife and I would like to be able to use them as CD Rom user manuals without the fear of reinstallation of the spyware.
I appreciate your followup on this matter.
Jay O'Brien
My message to VP Davis telling him about recent CD-ROMs
-------- Original Message --------
Subject: Spyware residue present on new Verizon Welcome CD-ROM
Date: Mon, 19 Apr 2004 14:24:02 -0700
From: Jay O'Brien <jayobrien@att.net>
To: Marvin.Davis@VerizonWireless.com
To: Marvin Davis
Vice President, Advertising
Verizon Wireless
Mr. Davis,
I am sure that you have been informed that Verizon eliminated the tracking software on CD-ROMs in September 2003. It appears that Verizon may have removed the spyware programs from the CD-ROMs, but perhaps did not correct the other software on the CD-ROM that was written to interface with the removed spyware. It appears to me that Verizon did an incomplete job of removing all traces of the Verizon spyware from the CD-ROMs.
Based on an article I wrote in March in the Rio Linda News, http://rlenews.com/04/040311.html#verizon I was asked to check out a Welcome CD-ROM that my neighbors obtained when they bought new Verizon Wireless phones in March. They bought Motorola C343 phones.
I found that the Verizon spyware program and the program that installs it were not present on the C343 CD-ROM. This agrees with your statement that the tracking software was eliminated. However, when the CD-ROM was run in my test computer, two registry entries were added to my computer by the CD-ROM that would apparently facilitate the operation of a Verizon spyware program if it were present.
The registry entries added to my computer are as follows:
[HKEY_CURRENT_USER\Software\VNoptify]
"VCDPreviouslyLoadedF208CA93-10B6-4652-A393-27714423EF55"="1"
[HKEY_USERS\S-1-5-21-842925246-706699826-1801674531-1003\Software\VNoptify]
"VCDPreviouslyLoadedF208CA93-10B6-4652-A393-27714423EF55"="1"
My guess is that the spyware programs themselves were removed from the CD-ROM, as you said. However, it appears to me that the other programs on the CD-ROM, originally configured to support the spyware program, have not been rewritten, thus the registry entries are placed on the client computer even though the spyware program itself was not installed. To me, this is an unwanted and unwelcome intrusion, even if the spyware program that would utilize the registry entries is never installed or executed.
In my opinion, complete instructions to completely remove all of the Verizon software and all references to Verizon software that was installed on my computer without my knowledge or permission must be provided to me and to all who may have been recipients of the infected Verizon CD-ROMs.
There is a FTC workshop in progress today in Washington, DC that should examine all nuances of this issue. I trust Verizon is represented to present your position on spyware. My comment, filed with the FTC for that workshop, is comment number 40.
http://www.ftc.gov/bcp/workshops/spyware/index.htm FTC Spyware Workshop
Jay O'Brien
I received this message from Mr. Jody Citizen of the West Area Executive Relations Department for Verizon Wireless. He says he is sending me new CD-ROM Manuals.
-------- Original Message --------
Subject: CD-ROM Handset Manuals
Date: Mon, 19 Apr 2004 17:19:18 -0700
From: Jody.Citizen@VerizonWireless.com
To: jayobrien@att.net
Dear Mr. O'Brien:
My name is Jody Citizen, and I
work in the West Area Executive Relations Department for Verizon
Wireless. I will be your point of contact regarding this issue
going forward, and I look forward to speaking to you in the next few
days. I will be shipping two new CD-Rom Manuals for your LG
VX4400B's, which you should receive Wednesday, April 21, 2004, and I
would also like to set a time at your convenience in which to speak
with you after you receive them to assist in removing any unwanted
traces of your previous CD-Rom Manuals. If you could please
contact me at either my contact number or email address below with a
good time for us to speak in the next few days, specifically Wednesday
or Thursday of this week, that would be greatly appreciated.
Sincerely,
Jody Citizen
Verizon Wireless
West Area Executive Relations
(866) 673-9561
jody.citizen@verizonwireless.com
-------- Original Message --------
Subject: Re: CD-ROM Handset Manuals
Date: Mon, 19 Apr 2004 18:29:57 -0700
From: Jay O'Brien <jayobrien@att.net>
To: Jody.Citizen@VerizonWireless.com
Dear Jody,
I will let you know as soon as I receive the new CD-Rom Manuals.
Thank you for your email; I look forward to resolving this issue.
Jay O'Brien
Mr. Citizen called me on the telephone April 21. I documented our telephone call, intending to post that documentation on my web site. I sent my recap to him for his review before I posted it on line. He made one small revision, concerning my understanding of Verizon's planned future action. The recap of our call, as approved by Verizon Wireless, follows below.
-------- Original Message --------
Subject: RE: Phone call today
Date: Fri, 23 Apr 2004 11:29:25 -0700
From: Jody.Citizen@VerizonWireless.com
To: jayobrien@att.net
Jay,
Here is a revised version of your recap, as approved by Verizon Wireless, please feel free to post on your website. I appreciate your patience in waiting for my response.
Jody Citizen
Verizon Wireless
West Area Executive Relations
(866) 673-9561
jody.citizen@verizonwireless.com
-----Original Message-----
From: Jay O'Brien [mailto:jayobrien@att.net]
Sent: Wednesday, April 21, 2004 2:05 PM
To: Jody.Citizen@VerizonWireless.com
Subject: Phone call today
Jody,
Does my recap of our conversation track with what you recall was said?
Jay O'Brien
===============
To: Anyone concerned about the Verizon CD-ROM Noptify tracking program:
I received a telephone call April 21, 2004, from Mr. Jody Citizen of Verizon Wireless.
Mr. Citizen said that he was calling from Denny Strigl's office in Irvine, California (Strigl is President and CEO of Verizon Wireless). Citizen said that Mr. Strigl has requested that he, Citizen, get involved in the situation "with the noptify file that's coming up from the CD-ROM for the 4400B". Citizen is to be the focal point for the issue. He says they are hoping to keep me as a happy customer and get this out of my hair.
Citizen said they combed their warehouses and have been unable to find a CD-ROM for my LG VX4400B that does not have the tracking software. None are available. Therefore, he can't send me a clean CD-ROM for my phone. He offered to replace my phones with others that would have a CD-ROM without the tracking programs, so I could have CD-ROMs that do not install noptify on my computer. I declined his offer to change phones, as the LG VX4400B's fit my needs well.
He agreed that the CD-ROM I have tested for the Motorola C343 phone does install registry entries that point to Noptify, even though Noptify itself is not present on the current C343 CD-ROM.
Citizen said Verizon originally felt that because Noptify, the tracking program, only counts the use of the CD-ROM, it would be a harmless situation; Verizon merely wanted to measure the effectivness of the CD-ROM. "It was a misguided decision", he said. "We felt it would be harmless, unfortunately we were wrong."
He said that Verizon is reviewing what to do to make sure that all customers who could be impacted are made aware of the tracking software that was installed on their computers, of the harmlessness of that software, and what Verizon's intentions were in installing that software on customer's computers. He said Verizon intends to inform customers that Verizon is not going forward with such tracking. They haven't decided yet how they will inform the customers; he suggested that it could be a bill insert or a bill message, but the decision of how to notify the customers has not been made at this time.
I suggested to him that Verizon post a web page fully disclosing the tracking software installation, including the statement he made to me that they made a wrong decision, information on exactly how to remove the tracking program from customer computers, and what Verizon is doing now to correct the issue. He accepted my suggestion, but did not make any committment.
Jody Citizen certainly came across to me as a knowledgeable, concerned representative of Verizon Wireless. He assured me that they have received the message and will take appropriate steps to correct the problem.
But for the time being, if you buy a LG VX4400B, don't run the CD-ROM in your computer!
Jay O'Brien
My response to Jody Citizen, acknowledging receipt of the approved version of my recap of our telephone call.
-------- Original Message --------
Subject: RE: Phone call
Date: Fri, 23 Apr 2004 13:13:38 -0700
From: Jay O'Brien <jayobrien@att.net>
To: Jody.Citizen@VerizonWireless.com
Jody,
Thank you very much. I am very pleased that you are involved in this issue, and I am confident, now that it has your attention, that it will be resolved to the satisfaction of your customers who are affected by the tracking software.
Please keep me informed of Verizon's actions on this issue.
I've posted the revised version on my website.
Regards,
Jay
I wrote this article, published in the Rio Linda Elverta News on May 6, 2004:
Verizon Cellular Customer?
Spyware and billing issues
by Jay O'Brien
Spyware
My wife and I obtained new cellphones from Verizon. We were given CD-ROMs to run in our computers to help us learn about our new phones. Our "firewall" notified us that there was "spyware" on the CD-ROMs. It installed itself in our computers without our knowledge or permission.
The spyware program is called "Noptify.exe". It attempts to call out on the internet and track our use of the CD-ROM by reporting it to an intermediary, the James Tower Company in Minnesota.
I complained to Verizon, and after they gave me the royal runaround, including referring me incorrectly to the cellphone manufacturer, the Verizon Vice President responsible for the CD-ROM user manuals told me that Verizon had stopped their use of the tracking software in September. He said it was unfortunate that I "received one of the older CDs" and he said would send me new CD-ROMs "this month" that did not contain the spyware.
I then was called by a representative of the Verizon President, who admitted they couldn't find any CD-ROMs for my phone that didn't have the spyware! He offered to change out my phones so we could have a CD-ROM without the spyware (I declined, as the phones are great). Commenting about Verizon's use of the Noptify program, "It was a misguided decision", he said. "We felt it would be harmless, unfortunately we were wrong." He says that Verizon will notify those customers who may have the infected CD-ROMS.
If you have a Verizon CD-ROM, don't run it in your computer. Even Verizon isn't able to tell you how to remove all traces of the tracking program once it is installed, and some CD-ROMs for different model phones install part of the program on your computer but don't report your activity to the James Tower Company.
For full details, visit http://obri.net/verizon.
Billing details
You may wish to review a note that was on your Verizon Wireless February and March statements on a back page of your bill. It says that the new "streamlined" bill will not include details of your calls in the future. That means you will not see the individual calls on your bill as you have in the past.
If you call 1-800-894-3504 by June 30, you can keep the call details if you wish, at no charge. You are "grandfathered". Otherwise, after June 30, if you want the call details mailed to you again, it will cost $1.99 per month per Verizon subscriber number.
I called to retain the detailed billing. Later, I checked my account on line. I found that I was set to receive a "paperless" bill! I changed that, and hopefully will receive a bill in the mail. Others who have called the 800 number have not been changed to "paperless", but it is worth checking, either on line or by calling Verizon Customer service.
Conclusion
In my opinion, Verizon offers the best coverage and the best service. It really is too bad that we subscribers have to pay such close attention to their actions.
As I had not heard from Mr. Citizen after over two weeks, I sent this follow-up.
-------- Original Message --------
Subject: spyware -- Noptify
Date: Sun, 09 May 2004 15:03:25 -0700
From: Jay O'Brien <jayobrien@att.net>
To: Jody.Citizen@VerizonWireless.com
Jody,
Any progress on how Verizon will inform its' customers that the CDs they have on hand install unwanted programs and/or registry entries into their computers? And, how to remove all traces of the tracking software that was installed without the users' permission?
I've received many queries on this, and I've assured my correspondents that I was convinced that you were sincere about Verizon's intent to inform its' customers.
Some idea of timing will be appreciated.
Thank you!
Jay O'Brien
Yet another follow-up message.
-------- Original Message --------
Subject: spyware -- Noptify - followup
Date: Thu, 20 May 2004 17:19:00 -0700
From: Jay O'Brien <jayobrien@att.net>
To: Jody.Citizen@VerizonWireless.com
Jody,
Did you receive the email I sent you on May 9th? I am including a copy of that email herewith.
Jay O'Brien
(No answer from Verizon as of May 26, 2004, when this web page was updated)
They are still doing it!
-------- Original Message --------
Subject: REF: Noptify Spyware still on CDs with new LG phones!
Date: Wed, 26 May 2004 09:46:35 -0700
From: WH Clark
To: <jayobrien@att.net>
CC: <Jody.Citizen@VerizonWireless.com>
Dear Mr. O'Brien,
On May 24, 2003, I acquired and activated a new Verizon LG VX6000 cell phone.
This morning I decided to view the CD ROM that came with the phone. Lo and behold! My ZoneAlarm Pro firewall notified me that 'Noptify MFC' wanted to phone home. I immediately went to Google and searched for references to this issue. Yours was the first link I opened. First of all, thank you for your diligence and hard work on this issue.
In the material that came with the phone, there was no reference to the 'spyware', no offer to replace the CD ROM, no instructions to remove the debris implanted in my PC.
As yet I have not done further investigation for dates and sources since you have been very thorough. I will run my spyware detection software and root out the infestation.
It appears to me that Verizon is doing this for the entire LG line of phones and, most probably, all phones that come with a CD ROM.
I am very impressed with Verizon service, but as many businesses are doing now, they are encouraging their marketing critters to focus on invading our privacy, and that is indeed too bad. As far as I am concerned, their 'Ethics' are rubbish!
Thanks again for your web site!
Regards,
Bill Clark
Glendale, AZ
Followup message to Bill Clark and his reply
-------- Original Message --------
Subject: Re: Noptify Spyware still on CDs with new LG phones!
Date: Tue, 01 Jun 2004 10:49:48 -0700
From: Jay O'Brien <jayobrien@att.net>
To: WH Clark
Bill,
Did you get any response from Verizon and/or Jody Citizen?
Jay O'Brien
-------- Original Message --------
Subject: Re: Noptify Spyware still on CDs with new LG phones!
Date: Wed, 2 Jun 2004 10:17:05 -0700
From: WH Clark
To: Jay O'Brien <jayobrien@att.net>
CC: <Jody.Citizen@VerizonWireless.com>
Jay,
Sorry for the late reply. No, I did not receive responses from Verizon or Jody Citizen. Yours was the only one. I guess I really don't expect the others to reply. I would imagine that any revenues indirectly generated as a result of their current practices would be too attractive to lose. For a business, the bottom line is about money and satisfied shareholders, not people and privacy.
Thanks,
Bill Clark
Jump to the top of this web page