Back in the day (the day being sometime in the 1990s) I tried to convince various and sundry people I worked with that all network related activity on behalf of the company I then worked for should occur under the domain we managed. My argument then was: Sure, this product/service/release/announcement/gopher is the most critical thing in the world today and I'm sure you feel you need your own domain name, but in three months when you've moved on and the company has moved on and you forget about the domain name, you still might have links, or worse, customers who are using that special domain name you set up.

I was frequently ignored, and then called on (usually around 3:00 a.m. wherever I was in the world) to fix things. To this day, I still can't get over the request to create a .java top level domain because someone had printed companydomain.java on 15,000 mugs.

I digress.

Anyway, I'm gearing up to do some work, and in a bizarre footnote, I decided I wanted to install Lotus 1-2-3 and Lotus Freelance. I can't explain why except that I find Microsoft Excel and Microsoft Powerpoint a pain to deal with and for the immediate future, I just need to crunch some work.

I didn't go for the whole Lotus Smartsuite install, partly because you now receive a warning dialog that various Lotus Smartsuite programs are incompatible with the version of Windows I'm using (XP).

So, I install 1-2-3 and FLG and the last step is the dreaded registration screen. I should point out that as far as I know I have a legal copy of Smartsuite, it came with one of the IBM Thinkpads I've acquired over the years.

Anyway, you fill out the registration panel, and then it prompts you for dialing information. Apparently in the early 21^st century it was common to connect computers to POTS lines and do this bizarre dialup procedure. I cancel since I have yet to configure a modem on my x31 a year after buying it. It then offers a chance to register using this Internet thing and I click Ok.

Now, I've had this CD for a couple of years, possibly more. It's labelled Millenium Edition but I have to admit the last copyright date is 1998.

To be fair, now, the Lotus Internet Team generally ignored any suggestions I made and had every right to as Lotus was not part of the grand, galactic corporate web mess I was managing.

The registration program proceeds to attempt to ftp to lotus.regserver.com. This actually hangs in a SYN state for awhile as there's now no ftp server running on that site.

Now, the privacy hole I mention is this: I almost ftp'd a bunch of semi-personal data (I use my business contact information and a junk-mail email address) to a site which I'd assumed was a *.lotus.com site since it doesn't say anywhere that it was going to transfer data to a third party.

Some investigation revealed that that third party was a company called Naviant. Naviant apparently started out as a company focussed on product registrations but evolved into an email marketing service which leveraged all that nice product registration information it had received over the years. Fast forward from 1998 when the hostname was hardcoded into itp32.exe to today: Naviant was acquired by Equifax in 2002.

Now, at some point someone made a decision (usually unconciously) to drop this service, at least partially. The host name lotus.regserver.com still resolves, it's a CNAME to pipe.pcpipeline.com which in turn resolves to [216.31.246.147]. Now, that host doesn't appear to be running either ftp or http servers, so my data is secure. However the thought, in retrospect, that it could have been transmitted to Equifax is disturbing. Nothing against Equifax, but it was the last place I'd expect to transmit Lotus product registration data to.

So, I'm wondering what other products have these little privacy timebombs waiting to go off? It would have been much better to use a CNAME like regserver.lotus.com which could have pointed anywhere, and could also have been deleted at its end of life, rather than left out there like a solitary mine waiting to go off. I assume the products don't call home on a regular basis to this site, even so I'll be blocking the registration program with the Windows Firewall just in case.

Always, always maintain control over the hostnames and domains you hard code into products. And always, always listen to your Corporate Webmaster, no matter how psychotic he may seem to be.