- This topic is empty.
-
Posts
-
Ben has come out with the latest thiefware update. His updates are really excellent. If you buy ads you should read this – you may appear on thiefware and not know it! As usual, I am surprised by some of the things he digs up.
Much of the spyware problem results from ads placed by advertising intermediaries. Suppose an advertiser buys pay-per-click ads from Yahoo. Yahoo shows PPC ads when users run searches at Yahoo.com — but it also pays various spyware distributors (including vendors as notorious as 180solutions and Direct Revenue) to show these ads in popups, popunders, and sidebars. Yahoo never tells advertisers what is occurring, and advertisers have no way to opt out of Yahoo’s syndication programs (except by severing their entire relationship with Yahoo — meaning canceling their yahoo.com ads too). Details: How
Yahoo Funds SpywareOf course Yahoo isn’t the only intermediary creating relationships between advertisers and spyware vendors. Earlier this year, I wrote a program that examined tens of thousands of distinct pop-up ads shown by 180solutions, and counted which advertising intermediaries supported, placed, tracked or facilitated these ads. Google’s AdSense ads appeared in thousands of 180’s ads, and ads from aQuantive’s Atlas, from DoubleClick, and from ValueClick’s FastClick were also quite frequent. Details: Intermediaries’ Role
in the Spyware MessOther spyware funding arrives through affiliate networks. Online merchants often look to “affiliate” relationships for low-cost promotion by numerous small web sites (affiliates). But some affiliates buy pop-ups from spyware vendors — meaning merchants’ ads appear through spyware without merchants ever knowing, or ever intending to do business with spyware vendors. Other affiliates use spyware to cheat merchants — claiming affiliate commissions without actually doing anything to recommend merchants. These problems reach to the highest levels within affiliate marketing — companies like Gateway and Dell, among hundreds of others. Meanwhile, affiliate networks LinkShare and Commission Junction can’t manage to get to the bottom of these persistent problems. But many merchants don’t seem to care — and apparently neither does Rakuten, which is slated to buy LinkShare for an incredible $425 million, notwithstanding LinkShare’s various spyware dealings. Details: How Affiliate Programs Fund Spyware
Finally, some advertisers remain willing to buy spyware-delivered ads — and even defend this practice when asked. When asked about spyware, an Expedia spokesperson recently told the Associated Press that “It is just a marketing tool that we use.” Expedia claims to have “rigorous standards” for advertising software, but I documented Expedia buying ads with notorious spyware programs widely known to install without consent — not to mention installing through pornographic videos, ads targeted at kids, instant message spam, and numerous other tricks. Details: How Expedia Funds Spyware.
Installation MethodsI remain committed to the task of efficiently and thoroughly documenting what advertisers support these practices. Earlier this year I posted a substantially complete inventory of then-current ads for eXact Advertising. More in this vein in the coming months.
I have also continued to examine spyware installation methods. The programs at issue are programs users would not accept if given fair and frank information. So it’s no surprise that users are presented with trickery and deception when they’re asked at all. Some specifics —
Some Claria ads — including ads on kids sites — attract users’ interest by claiming that users’ computer clocks “may” be wrong, and offering to fix the problem. Claria ultimately does show a license agreement (thousands of words long), but it shows the license only *after* users accept the installation (which cannot then be cancelled). Details: Claria’s Misleading Installation Methods – Ezone.com.
Some 180solutions installers attract users’ interest by claiming to “remove” advertising — later disclosing “show[ing] … sponsor websites,” but never mentioning key terms like “pop-up ad” that would help users understand what 180 really does. These installations also fail to show or even reference a license agreement. Details: 180solutions’s Misleading Installation Methods – Ezone.com
Ask Jeeves installers also remain troubling. Widely promoted on sites catering to kids, Ask Jeeves’ ads generally depict a series of smiling faces (“smileys”) — rarely using the word “toolbar,” even though AJ’s main purpose in offering smileys is to bundle a toolbar that points to AJ’s search site. Furthermore, the link to AJ’s license agreement is off-screen on many older computers (with 800×600 screens) — so users can install AJ toolbars without seeing even a link to AJ’s license. Of course other AJ installers are even worse — installing without any consent at all, or with disclosure buried pages within a lengthy license. Details: Ask Jeeves Toolbar Installs via Banner Ads at Kids Sites
Some of these practices have improved a bit since I wrote these articles earlier in the year. Yet installation practices remain poor, and dubious claims like “you must click yes” or “click yes [for] browser enhancements” remain all too prevalent. My “Installation
Methods” index summarizes this line of research.” index summarizes this line of research.I have also continued to test for entirely nonconsensual installations — installations via security hole exploits. Almost all the “adware” companies still get installed this way; I have literally scores of videos showing 180solutions, Direct Revenue, and eXact installed through security holes. But smaller and less-well-known players use these methods too. I’ve seen nonconsensual installs of “loyaltyware” (like ShopAtHomeSelect), “navigation aides” (including the litigious New.net), and of course scores of browser toolbars. I struggle to distribute this information: My records give a damning rebuttal to vendors’ claims of legitimate consensual installations. But the videos are so overwhelmingly numerous and lengthy that it’s hard to know where to begin. (Though see the handful of examples I have previously posted: 1, 2, 3.) If you have a specific use for this research — perhaps for proof of a certain vendor installing without consent — do send me an email. I’ll be happy to try to help.
Consumer LitigationThere’s been growing coverage of consumer class action litigation against spyware vendors — widely-publicized cases now pending against Direct Revenue and 180solutions. The litigation section my site links to key case documents and selected news coverage. I’ll continue to update this section as the cases move forward.
LegislationAnti-spyware legislation remains under consideration in numerous states and on the federal level too. Of the states that have looked at the spyware problem, most have copied California’s weak 2004 law. But a few have gone further. Most notably, Alaska recently passed a law that prohibits “adware” from covering web sites with popups. Some critics say the bill goes too far, but it actually seems sensible to me. Defining such property rights is an appropriate and longstanding government function. And it’s easy to see how a legislature could lose patience with incessant adware pop-ups — especially given the resulting diminution of incentives to produce useful web content, and the resulting barrage of advertising software. The programs at issue become permanently installed within the state of Alaska, so Alaska has a substantial interest in addressing the problem. And these days most adware deduces its installation location (for ad-targeting purposes), so vendors could readily comply with Alaska’s law when installed in Alaska, while operating as usual when installed elsewhere. Details: State Spyware Legislation(index and table).
At present it seems no one is pushing for federal anti-spyware legislation. But that might change if advertising interests (adware vendors or ad networks) don’t like the tough Alaska bill. However, last year’s draft federal legislation didn’t impress me — too many loopholes that invite continued trickery and deception. Details: What Hope for Federal Anti-Spyware Legislation?
Future UpdatesI know I haven’t sent notes to this list as often as some might like, and for that I apologize. I remain uncertain about how to make this list most helpful: I get occasional requests for more frequent updates, but in this era of overflowing inboxes, I hate to add more to the pile. I’d welcome further feedback, and would take it to hear.
Meanwhile, for the most timely updates, I recommend signing up to receive my site updates via RSS. The RSS sign-up link is on the front of my site, and any standard RSS reader will keep you updated automatically. Need to learn more about RSS? Send me an email for pointers, or check out articles: c|net introduction, blogspace suggestions, kbcafe reviews.
Benjamin Edelman
http://www.benedelman.org
