Techdirt. Stories filed under "adware"

Techdirt. Stories filed under "adware" Easily digestible tech news... http://www.techdirt.com/ en-us Techdirt. Stories filed under "adware"http://www.techdirt.com/images/td-88x31.gifhttp://www.techdirt.com/ Wed, 16 Jan 2013 15:35:09 PST Why Are Y Combinator And Andreessen Horowitz Backing A Drive-By Toolbar/Adware Installer? Tim Cushing http://www.techdirt.com/articles/20130115/17343321692/why-are-y-combinator-andreessen-horowitz-backing-drive-by-toolbaradware-installer.shtml http://www.techdirt.com/articles/20130115/17343321692/why-are-y-combinator-andreessen-horowitz-backing-drive-by-toolbaradware-installer.shtml thought you were installing was a Java update or some other unrelated program. No, go ahead. Yeah... that's none of us.

Bundled toolbars and the like are considered "necessary evils" by those hoping to monetize something they're otherwise offering for free. But to the average computer user, they're annoying, devious bits of software that do fun things like hijack your default search or plant a row of links you'll never use in your Favorites bar. And that's when they're not doing more nefarious things, like delivering all sorts of browsing data to who knows where or, worse yet, running an unasked for "virus scan" and holding your computer hostage until you purchase the software from some shady third party.

Knowing the preceding to be an actual, provable fact, why on earth would respected entities in the tech community like Y Combinator and Andreessen Horowitz get in bed with a startup whose sole purpose is to "monetize" installs by bundling unwanted adware, toolbars or worse with its clients' programs?

That's the question Long Zheng at I Started Something is asking.

Many people in the technology startup community have very high regards for Paul Graham and Y Combinator, the exclusive seed accelerator program in Silicon Valley which has under its belt acclaimed successes like reddit, Airbnb and Dropbox. There’s equal standing for Andreessen Horowitz, a private equity investment company with notable alumni such as Groupon, Instagram and Skype.

Now those people and companies have put their most valuable support – money, experience and brand – behind “InstallMonetizer“, a company that describes itself as a “windows based software monetization platform”. Very carefully selected words.

Now, there's nothing wrong with being a "software monetizer" who bundles products for clients with the software of others, other than the fact that your business method is highly unpopular with most computer users and that your financial success is usually dependent on the ignorance of those on the receiving end of opt-in/opt-out dialog boxes. In and of itself, not illegal or evil... just unwelcome.

No, the problems begin when your privacy policy can't even agree with itself as to whether InstallMonetizer is providing personal information to its clients, something Rafael Rivera discovered when reading through the company's typo-laden fine print:

Consumers Receiving Product Recommendations- We review the consumer’s pc for existing software. This is done to provide the consumer an advertiser software which they currently do not have installed on their computer. This information is not stored in order to maintain consumer’s privacy. We gather personally identifiable and may include information regarding your geo-location, ip address, operating system, language setting and information regarding whether recommended advertiser software has been accepted, downloaded, installed and any reason for failure installing. None of his information is personally identifiable.

But that statement seems to be false, on top of being nearly unintelligible. As Long Zheng points out, its own website clearly states (with pictures!) that it gathers IP and MAC addresses and makes them available to its clients.

So, all this information is/isn't gathered and is/isn't turned over to InstallMonetizer's clients, so there's nothing to worry about because the company takes rigorous security precautions...

We endeavor to take security measures to guard against unauthorized access to the systems where we store your data. This includes internal reviews of our data collection, storage, and processing practices and security measures and physical security measures.

and sends your unencrypted login data to you via a third party mailer...

Long doesn't question the fact that some software developers will find services like this a useful way to generate some additional income. What he does want to know is why respected entities like Y Combinator would back a startup that actively makes computing worse.

I’m not going to delve into the technical aspects of crapware – its effects on system performance, reliability and satisfaction are pretty well documented. The fact that there is a thriving ecosystem of “crapware, adware, spyware” removers is enough evidence it’s a significant issue.

Perhaps more importantly, I strongly believe crapware installers among other foul practices have eroded the trust of the Windows app ecosystem as a whole.

What used to be a fairly standard flow of app discovery has turned into a minefield of misleading download links on websites, defaulted checkboxes or sneaky install crapware buttons in position of “next” in wizards and browser homepage overrides. And it just takes one wrong click to have irreversible consequences.

Last but not least, disregarding the moral factor of this investment, I’m puzzled why such visionary investors would invest in a process that is slowly being phased out by changing industry practices...

I admit every person and company has the right to set their own moral compass, but it’s genuinely disappointing to see such respected and influential people and companies put their weight behind a practice that has undermined and continues to undermine the credibility of the Windows app ecosystem.

It's a good question. While no one expects VCs and accelerators to solely back conscionable startups, no one really expects those with stellar reputations to back a startup whose product is indistinguishable from hundreds of other shady installer packages standing between the end user and the product he or she actually wants.

InstallMonetizer claims it turns down 95% of applicants in order to keep it free of adware, spyware and malware, but just because the Yahoo! toolbar (to use one example) is none of the above doesn't make its uninvited presence in a string of opt-in/opt-out dialog boxes any more welcome. There are many ways to earn income while still providing a free product and there will be even more ways in the future. What's going on here isn't innovative. It's just another, slightly shinier version of something people are already sick of, and its questionable privacy policy quite possibly makes it no better (or different) than the others that have preceded it.

Permalink | Comments | Email This Story
]]> reddit,-Airbnb,-Dropbox,-Groupon,-Instagram,-Skype-and...-InstallMonetizer?? http://www.techdirt.com/comment_rss.php?sid=20130115/17343321692 Wed, 17 Feb 2010 15:41:08 PST An Olympian Spammer Discovers That Reputation Is A Scarce Good You Don't Want To Destroy Mike Masnick http://www.techdirt.com/articles/20100217/1229408200.shtml http://www.techdirt.com/articles/20100217/1229408200.shtml become lately, I have to admit to not paying attention to any of it so far. I heard the news of the luger's death, and that's been about it. So perhaps more people already knew about this, but apparently one of the mogul skiers has a bit of a reputation as a spam/spyware purveyor. It sounds like the guy is now out of that business, but what's fascinating is how his reputation has been tarnished over all of this, despite winning Olympic medals. The Canadians wouldn't let him on the team ~~this time around~~ years back, due to their dislike of his activities, so he switched his citizenship to Australia, and basically, it sounds like everyone hates him:

After Begg-Smith's second place finish in Vancouver this week, one Australian news organization published an article calling him--in the headline, no less--a "sourpuss." Another, the Sydney Morning Herald, labeled the Olympic athlete as "Mr. Miserable" and speculated that he was "simply flying a flag of convenience" with no real ties to Oz.

Canadians were more direct. Facebook groups such as "Dale Begg-Smith is a sourpuss" and another calling him a "traitor" have popped up. Twitter messages after the mogul race have included "traitor," "fake Canadian and all-around jerk," plus other phrases entirely unsuitable for a family publication.

Obviously, some of that hatred is due to him switching citizenship, but the article explains why his spamming/spyware activities are a large part of it as well (and may have resulted in the citizenship switch). I find this interesting not just because of the Olympic angle, but because of the reputation angle.

Reputation is a rather valuable "scarce good," and destroying your reputation through shady activities can come back to bite you for a long, long time, even if you do plenty of other amazing things. Just ask Metallica.

Permalink | Comments | Email This Story
]]> it's-your-reputation http://www.techdirt.com/comment_rss.php?sid=20100217/1229408200 Thu, 14 Jan 2010 06:18:00 PST Rob Glaser Leaving RealNetworks; A Chance To Reflect On How Being Anti-Consumer Fails In The Long Run Mike Masnick http://www.techdirt.com/articles/20100113/2257417739.shtml http://www.techdirt.com/articles/20100113/2257417739.shtml stepping down from the job (though will remain chairman, but without day-to-day operational activities). While several people are pointing out what everyone knows (that RealNetworks has basically disappeared off the online audio/visual map despite dominating the field in the 90s), there hasn't been a huge discussion on why. Some have suggested that Real just "missed the boat" with things like MP3s and YouTube video -- and there's something to that. But a bigger issue may be that so many people absolutely hate RealNetworks because of its long history of spreading adware through really sneaky and nasty installation techniques that hid the (checked off) approval buttons. It reached a point that lots of people never wanted to have anything to do with Real ever again. It should be a lesson for plenty of companies that look at short term profits over providing the best overall experience for users.

Permalink | Comments | Email This Story
]]> malware-galore http://www.techdirt.com/comment_rss.php?sid=20100113/2257417739 Wed, 22 Apr 2009 08:58:00 PDT Surreptitious Adware Company Zango Finally Shuts Down Mike Masnick http://www.techdirt.com/articles/20090421/1736564602.shtml http://www.techdirt.com/articles/20090421/1736564602.shtml gone, driven out by better security, FTC crackdowns and more sophisticated users. However, one of the big companies in the space, Zango, hung around for years, and finally shut down.

The company, which was originally known as 180Solutions, raised millions from VCs who didn't seem to recognize just how hated the company was, and just how many of its installs weren't by choice, but through annoyance. Then, for years, the company kept trying and failing to shake the "spyware" label, always blaming "bad actors" in its distribution network, but doing little to actually stop any of those bad actors. At times, it even rewarded them or made ridiculous claims about how its software couldn't be used for sneaky installs any more, despite plenty of evidence to the contrary. Incredibly, the company merged with another infamous adware firm and renamed the new company after the firm's most hated app Zango. And then, of course, came the lawsuits and a settlement with the FTC, which the company didn't appear to live up to. Most recently, the company was supposed to have "reinvented itself" in the "casual gaming" market.

Of all things, I'd actually run into some folks from the company at a conference last year, where they were pitching their "innovative advertising solutions," but would clam up or use misdirection any time you asked them for specifics about who would see the ads and how the software had gotten on their computers in the first place. In the meantime, one of the company's founders has written up something of a post mortem, where he suggests that only 4% of their installs early on were "completely silent," but doesn't note how many weren't necessarily "silent," but were done through trickery or a lack of full info. He also blames others in the space for being worse, and getting a bad rap because of their actions. Eventually, he also admits that the company also never provided much value in exchange for the advertisements, and at least is willing to admit that the company's management "was brain-dead" and should have recognized this early on. It's a fairly open and honest piece on what happened, though I think he doesn't give nearly enough blame to the company itself. It was quite evident how problematic the company's actions were from a very early stage, and the fact that it continued right up until recently suggests this wasn't just a case of a few small mistakes, but a systematic culture at or around the company that encouraged those types of actions.

Permalink | Comments | Email This Story
]]> about-time http://www.techdirt.com/comment_rss.php?sid=20090421/1736564602 Wed, 1 Oct 2008 10:10:00 PDT Is The Original Spyware Company Finally Dead? Mike Masnick http://www.techdirt.com/articles/20081001/0217292422.shtml http://www.techdirt.com/articles/20081001/0217292422.shtml first. When it turned out that there wasn't much of a market for an e-wallet product, the company quickly morphed its business into popping up ads over existing ads -- which resulted in a whole bunch of lawsuits. It didn't take long before Gator realized that people didn't really want its software popping up ads, so it began tricking users into downloading. As many folks recall, Gator was one of the first real "spyware" companies -- tricking users into downloading a product that watched what they surfed and popped up ads.

As the whole spyware (the companies in the space preferred the adware label) got a bad name, Gator first threatened to sue anyone who called its product spyware, and then eventually decided to shed the baggage of the Gator name and renamed itself Claria. -- insisting that it was now a legitimate advertising firm. Except, the charges of spyware kept flying in Claria's direction. The company tried and failed to go public, and then, once again, insisted that it was getting out of the adware business and moving into "behavioral advertising" -- which, most people realized was just another term for what it had been doing in the past.

Plenty of folks were shocked when rumors started spreading that Microsoft wanted to buy Claria, though, the public backlash to the "leaked" rumor was so harsh that Microsoft very quickly backed away from those plans. So, without being able to IPO or sell itself -- and with a still awful reputation as a spyware provider, the company tried to change once again.

The company insisted (yet again) it was getting out of that old sketchy business, and tried to launch a "portal" that would provide relevant content based on how you surfed. In other words: it was still in the spyware business, just positioning it under a better name. The company did try and fail to sell off its traditional adware business.

After that, honestly, we hadn't heard much of a peep out of the company. Despite launching its portal to great fanfare (we were inundated with PR spam from the company about this great "portal" idea), it didn't seem to get any traction. We apparently missed the news that recently the company (through a somewhat complex transaction) changed its name, yet again, to JellyCloud. Basically, the same exec team started a new company just a few months ago, raising another $11.5 million, and then took over Claria, though carefully hid all connections to its past, claiming to be just another online advertising company.

However, Valleywag is now reporting that the company shut down this weekend (despite having just raised all that money, and not counting all the money it raised in the past). If so, it's a rather quiet end for the company that really did become synonymous with the "spyware" term, and helped create that whole space.

Permalink | Comments | Email This Story
]]> a-milestone http://www.techdirt.com/comment_rss.php?sid=20081001/0217292422 Wed, 10 Sep 2008 17:22:00 PDT Zango's Latest Trick: Pitching Fake Batman MMORPG To Get People To Download Adware Mike Masnick http://www.techdirt.com/articles/20080908/0341372202.shtml http://www.techdirt.com/articles/20080908/0341372202.shtml pitching a new Batman online virtual world game, but if you click through, it turns out that it's just a severely limited demo version of a client-side Batman game from 2001. Despite the ad promising all sorts of things, such as "play online with your friends" the actual download has none of that... but it does include an install of Zango. Chris Boyd, who figured all this out wonders why the sites that ran this ad did so, knowing that it was almost certainly bogus. Zango, of course, will blame a "rogue affiliate" which is what they always do -- but Boyd wonders why they won't actually identify who's responsible.

Permalink | Comments | Email This Story
]]> and-so-it-goes http://www.techdirt.com/comment_rss.php?sid=20080908/0341372202 Fri, 29 Aug 2008 09:21:00 PDT Yet Another Company Sues Over Being Called Adware Mike Masnick http://www.techdirt.com/articles/20080828/0954182124.shtml http://www.techdirt.com/articles/20080828/0954182124.shtml few such cases in the past -- and they usually end with a judge telling the suing company to shove off, but here we have yet another company upset that its being labeled as an adware/spyware provider. In this case, it's a company called 7Search, which is suing McAfee. 7Search is claiming that McAfee's warning about "downloads" from its site having been "credibly" called adware or spyware are false and defamatory because 7Search no longer offers software for download off its site (though it apparently did in the past).

As Eric Goldman notes in the link above, just bringing these types of lawsuits tends to backfire. As we noted above, they rarely, if ever, win, and simply filing the lawsuit draws much more attention to the company -- often including reports from users about why they do think the software in question is adware or spyware. In the meantime, if 7Search no longer offers downloads, then it's not clear what it's upset about either, since it's not like the McAfee warning is going to stop people from downloading its software -- since, apparently, there's no software to download.

Permalink | Comments | Email This Story
]]> yet-again http://www.techdirt.com/comment_rss.php?sid=20080828/0954182124 Tue, 19 Aug 2008 07:49:57 PDT Zango May Have Worked Things Out With The FTC, But What About The MPAA? Mike Masnick http://www.techdirt.com/articles/20080818/0228242005.shtml http://www.techdirt.com/articles/20080818/0228242005.shtml evidence to the contrary. For a while, the company was in hot water with the FTC for tricking people into downloading its adware. It eventually settled with the FTC, paying a hefty fine. These days, once again, the company insists that it's reinvented itself to focus on the "casual gaming market."

However, that doesn't appear to be the case. I recently saw a presentation from the company where it didn't mention casual gaming at all, but instead called itself a "publisher" of content -- though it was quite vague and evasive about just what kind of content. Perhaps that's because it doesn't want parties like the MPAA to know. As Ben Edelman had noticed a few months ago -- and now more and more security researchers are finding, Zango's software is being offered up by folks who are promising fully pirated movies.

It makes you wonder if Zango recognizes that dealing with the MPAA may be a lot less pleasant than fighting the FTC. Of course, maybe the MPAA recognizes that when pirated movies come with intrusive adware like Zango, it only gives pirated movies a bad name.

Permalink | Comments | Email This Story
]]> out-of-the-frying-pan,-into-the-fire http://www.techdirt.com/comment_rss.php?sid=20080818/0228242005 Wed, 18 Jun 2008 20:34:00 PDT Zango Tries To Reinvent Itself (Again); Lays Off A Bunch Of Employees Mike Masnick http://www.techdirt.com/articles/20080618/0038431442.shtml http://www.techdirt.com/articles/20080618/0038431442.shtml merged and took a new name. The company kept insisting that it had reformed and wasn't using surreptitious installs any more -- but every time it said that, it didn't take long to find evidence proving that wrong. This happened time after time after time after time after time. Many of these happened after the FTC got the company to agree to stop these practices.

Well, now the company is trying to reinvent itself yet again -- claiming that it's going to focus on the "casual gaming" market -- and due to this, it's laying off 68 people. One would hope that these layoffs are for the folks responsible for building the malware part of their business. Of course, it was just a few weeks ago that security researcher Ben Edelman was demonstrating more problems with Zango's new business model.

Permalink | Comments | Email This Story
]]> like-anyone-trusts-them http://www.techdirt.com/comment_rss.php?sid=20080618/0038431442 Fri, 2 May 2008 10:06:10 PDT What If Sneaky Adware Died And No One Noticed? Mike Masnick http://www.techdirt.com/articles/20080502/0158171002.shtml http://www.techdirt.com/articles/20080502/0158171002.shtml era of sneaky adware seems to be pretty much over. For quite some time, one of the biggest annoyances online for many users were surreptitiously-installed client side adware programs that would pop up unwanted ads while you did other things. However, it appears that a combination of factors have pretty much wiped them out. Legal rulings found that the surreptitious installs (either with no notice or misleading notices) were fraud. Companies were sued, fined and went out of business. Security firms got better at catching and blocking these programs, and the few remaining firms in the space moved on to other projects (though, some are equally questionable). Either way, most folks probably didn't notice, because they either learned to avoid the sneaky adware or they were already well enough protected from it. Yet, as Goldman points out, pretty much everyone (with the possible exception of Zango) is no longer in the business of tricking people into installing ad-spewing software.

Of course, Goldman points out that no one has let the politicians in on this news yet, as many are still pushing various anti-spyware legislation that probably doesn't matter any more. He also points out that this doesn't mean questionable ad activity isn't still happening -- it's just moved on from sneakily installing an application on your harddrive. That's why Phorm (a former client-side adware maker) is in so much hot water these days. Its behavioral ad targeting solution may not be the same as the surreptitious client side ad spewing software -- but it's still surreptitiously watching your behavior and displaying ads based on it.

Permalink | Comments | Email This Story
]]> well-look-at-that... http://www.techdirt.com/comment_rss.php?sid=20080502/0158171002 Wed, 27 Feb 2008 22:09:00 PST British ISPs Hand Over Your Surfing Data To (Former?) Spyware Firm Mike Masnick http://www.techdirt.com/articles/20080227/114140370.shtml http://www.techdirt.com/articles/20080227/114140370.shtml questionable deal with a startup named "Phorm." The ISPs would share all of your surfing data with Phorm who would then target advertisements to you based on your surfing patterns. We raised some privacy concerns, and noted that Phorm's claims that it would anonymize the data were laughable, since every "anonymized" data set seems to get quickly de-anonymized. In the comments to that post, one commenter noted that the story was even worse, as Phorm was merely the reincarnation of a spyware firm that had made a rather infamous rootkit. Broadband Reports now has more on that story, noting that the firm has a very shady past. It makes you wonder why these big ISPs would link up with such a company and why more people aren't up in arms about what their ISPs are doing with their data.

Permalink | Comments | Email This Story
]]> privacy? http://www.techdirt.com/comment_rss.php?sid=20080227/114140370 Thu, 25 Oct 2007 15:16:00 PDT Ding Dong, DirectRevenue Is Dead Mike Masnick http://www.techdirt.com/articles/20071025/121442.shtml http://www.techdirt.com/articles/20071025/121442.shtml changing names every time people started to figure out how sleazy the company's marketing techniques were, and then repeatedly claiming it had cleaned up its practice of sneaky installs when the reality was that it kept doing the same thing. Eventually, the company was sued and paid a $1.5 million fine -- significantly less than the $28 million in profits the firm's founders apparently had made (and the $80 million the company had brought in over the years). Either way, now that the lawsuits appear to be done, and the fact that it's pretty difficult to make any money in that business without surreptitious installs, the company is shutting down. I'm sure the founders who walked away with all that money aren't too upset by it, however.

Permalink | Comments | Email This Story
]]> apparently-it's-tough-to-make-money-being-legit http://www.techdirt.com/comment_rss.php?sid=20071025/121442 Thu, 30 Aug 2007 02:03:29 PDT Court Rules That Anti-Spyware Companies Can Call Spyware Spyware Mike Masnick http://www.techdirt.com/articles/20070830/003443.shtml http://www.techdirt.com/articles/20070830/003443.shtml cases where security software firms were sued for calling some piece of software "spyware" or "adware." In fact, Microsoft even wanted to make sure that new anti-spyware legislation would make it clear that there's nothing wrong with calling spyware "spyware." However, in the latest ruling on one of these cases (in which Zango sued Kaspersky), the ruling makes it clear we already have such a law on the books. The judge dismissed the lawsuit, noting that security firms have every right to label software as they see fit, citing part of section 230 of the Communications Decency Act.

We often point to section 230, because it protects service providers from liability for the actions of the service providers' users. However, this is referring to a different part of section 230, which says that no service provider is liable for a good faith attempt to restrict access to something it deems objectionable. The court felt that the security company was a service provider, and that since it believed Zango was objectionable, then it has every right to try to restrict it. The court makes a second very important point. Zango complains that its software is not objectionable, and therefore the security providers cannot block it as objectionable. However, the court points out that the statute clearly says that it's for what the service provider finds objectionable. In other words, the content in question need not be "objectionable" at all -- it only matters what the service provider feels about it. This is a pretty strong endorsement for the idea that security companies absolutely can call software whatever they feel is appropriate.

Permalink | Comments | Email This Story
]]> what's-in-a-name http://www.techdirt.com/comment_rss.php?sid=20070830/003443