Release of ``PCFriendly Enables DVD Backchannels''

Interhack releases PCFriendly Enables DVD Backchannels, showing how adding Web content to a DVD might have more drastic implications than originally imagined.

COLUMBUS, OHIO (February 28, 2002). Interhack's Internet Privacy Project announces the release of its latest report on the privacy ramifications of using Internet-enabled systems. More than seven million owners of DVD titles are using PCFriendly or its replacement, InterActual Player, a DVD content enhancement product from InterActual Technologies. Interhack's technical report documents the system's backchannel that profiles users. Contrary to the PCFriendly privacy policy statement, such profiles are pseudonymous, and can be linked with product registration data.

Interhack's analysis focuses on the older PCFriendly product, which was used on popular DVD titles produced between 1996 and 2000. While making no charge of malice, Interhack asserts that the system was implemented in such a way that it would sidestep privacy-enhancing technologies such as HTTP cookie management, and has several significant privacy-related failures.

``Privacy as an add-on simply does not work,'' said Matt Curtin, Interhack's Founder and author of Developing Trust: Online Privacy and Security (Apress, 2001). ``With millions of nontechnical users, including children, using the system, PCFriendly should be `private by default','' continued Curtin. The technical report describes the PCFriendly system, offering suggestions for privacy-enhancing changes in design and implementation.

About Interhack

Based in Columbus, Ohio, Interhack ( is a firm dedicated to computer trustworthiness, engaged in research, development, and consulting for clients all over North America. Interhack's services offerings include privacy and security assessments, development services, and forensic analysis.

About Internet Privacy Project

Interhack's Internet Privacy Project is a research effort to document privacy ramifications of Internet-aware systems released for public use. Its goal is to document failures to support user privacy so that developers of future systems can avoid making the mistakes of their predecessors.