Adware Vendor Tries To Dance Around Sneaky MySpace Installs
from the blame-anyone-else dept
Earlier this week, we noted that adware/spyware vendor Zango (formed out of the merger of two widely disliked adware firms) apparently had someone trying to convince MySpace users to add videos to their site that also just so happened to install some of their adware. It did give users a popup, but as the original security researcher noted, it wasn’t clear that the popup was from Zango rather than MySpace — and many users would just click it to see the video, not realizing they would be installing adware in the process. In fact, it seemed particularly egregious to push these videos on MySpace users, urging them to include the videos on their own profiles as a sort of free distribution force. At first, it seemed likely that this was yet another rogue affiliate that the company had promised were a thing of the past. Instead, it turns out that it was the company’s own employee doing this — in violation of MySpace’s terms of service. The company admitted it was a mistake on an individual developer’s part (blame the employee!) and then proceeded to basically attack the researcher who brought this mistake to their attention.
The researcher, Chris Boyd, hits back today with a detailed response pointing out the inconsistencies and ridiculous statements from Zango. First of all, it’s amazing that they would make him out to be part of the problem, when all he did was point out to them what their own employee had done. Second, their claim about how the little popup they shove at people is perfectly clear is doubly amusing when you realize that they didn’t even bother to read MySpace’s own terms of service in setting these pages up. If they don’t read the legal language when they see them, why do they expect everyone to read theirs? Furthermore, the company later admits that if it hadn’t been an employee, but other users who went out and pushed these videos-with-adware through MySpace, they’d be perfectly fine with it. Given the company’s long history with surreptitious installs and blaming security researchers every time they highlight yet another problem with the company’s practices, is it really any surprise that this is happening?