Digital War- Latest from Spyware Researchers

As the CNET Spyware conference approaches experts are cranking up their research and eyes continue to open as we see not only basement operations but publicly traded companies in the cross-fire.

I have brought together the latest information for all those following the raging digital war between privacy activists and the spyware/adware industry.

Ben Edelman turns his trained eye on AskJeeves and the ongoing issues of kids and contracts. Another good piece on Claria and DopeWars. (As one anti-spyware insider puts it- “Here kid, Uncle Claria says the first game is free.“)

CastleCops talks about protecting kids online.
This particular area of study is of interest to me and this article, Dangerous liaisons illustrates how susceptible children are to the dangers of the darker alleys of Internet- not to mention advertising messages.

Ben’s latest study now includes an example video showing AskJeeves MySearch (and lots of other goodies) being installed through a security exploit. Also of note is this piece: Ask Jeeves Toolbar Installs via Banner Ads at Kids Site. It delves into the wondeful euphemisms that EULA’s seem to be packing today. I have to wonder if they tapped George Carlin to tone done the language. (e.g. shell shock becomes battle fatigue becomes PTSD…)

In terms of EULA euphemisms my all time personal favorite comes from a piece I covered a year ago on PurityScan.

Several PROMOTIONAL CONSOLES (daughter console/interstitial) may be launched for the duration of time you spend online. These consoles may continue to be launched as long as you have PurityScan installed on your machine. PurityScan does not monitor the activities or collect information from users once they have left PurityScan

Promotional consoles, daughter consoles, interstitials…insider advertising lingo that I am sure the average person has no idea as to their meaning. Perhaps like Ben’s new series on Deceptive Installation of the Week I may start my own called “EULA Euphemism of the Week” or “Just Plain Lousy Terms”. There seems to be no shortage of them.

Rob Cheng’s team at PcPitStop.com trains his eye on WhenU and how unaware people seem to be having the program installed on their PC.

Unawareness Rates

At the end of the day, the most important issue is whether users were actively giving consent to the installation of the WhenU software. Were they aware WhenU was being installed, and if so did they read enough to have any idea of its purpose and license terms? Our survey consistently shows that the majority of users did neither:

They say a picture is worth a thousand words, or perhaps several million+ installs…(Graph used by permission from PCPitStop)

It is notable that PCPitStop’s research resonates with the AOL-NCSA Online Safety Study [PDF] showing that users were not aware that this type of software was being installed on their systems.

In my opinion the advertising software industry (adware) must be judged on what it has done and not on what it promises to do. For the last five years people have endured a virtual onslaught of deceptive practices, drive-by downloads, confusing and legalese laden EULA’s, rogue distribution techniques and lousy value propositions. To make matters worse merchants continue to subsidize and profit from this poor stewardship. Whether through ignorance or pressures from “the street” it should not matter.

I have had had the privilege of getting an insider’s look into some of the research that will be presented at the conference this week. I could not find one shining example of a single adware company doing things in a manner that is supportive to the end-user. Perhaps this is because it is only being driven by the desire to scale and generate money. Short-term gains with no real thought to the long-term impact on e-commerce and the Internet as a whole.

I think this will be made abundantly clear at the conference. Affiliate networks, advertising networks, PPCSE’s, search engines, affiliates and merchants need to heed this clarion call. The facts are the facts and they are clearly- damning.

Internet users demand high standards from software providers. Despite the adware industry’s promises the fall woefully short of these standards. A leading spyware researcher, Eric Howes, sums it nicely with a plethora of examples.

Ask youself as a marketer what you can do to protect your customers, who are people, human beings, internet surfers that are a part of a global community in which we all share. In the end you will be judged by the company you keep.

About Wayne Porter

Wayne Porter is one of the original founders of ReveNews.com, and served as the CEO and founder of XBlock Systems a specialized research firm on greynets and malware research before being acquired by unified communications security leader, Factime Security Labs. His work includes serving as a panlist at the Federal Trade Commission to shape legislation on software and the creation of two patent-pending technologies for corporate networks. Wayne is a frequent speaker at e-commerce & business events including CJU, ASW and RSA and frequently cited in the press. He has been designated a Microsoft Security MVP three times and is recognized on Google’s Responsible Security Disclosure page- in addition to receiving the first Summit Legend Award. Wayne currently works as a Security Consultant on Social Media and operates a consultancy on digital worlds. His hobbies include reading science fiction, playing chess, fishing, writing, collecting shiny digital gadgets, playing racquetball and studying memetic engineering. He maintains a personal weblog at WaynePorter.com detailing his explorations in security, web 2.0, and virtual worlds.
You can follow Wayne on Twitter: @wporter.

Website: http://www.wayneporter.com