Article 43


Privacy And Rights

Tuesday, September 12, 2006

A Contract Only Microsoft Can Break

By Ed Foster
Sep 04, 2006

What kind of contract includes a provision that one of the parties has the right to violate the contract with impunity? Well, the Windows XP EULA for one, as an interesting analysis of Microsoft’s legalese points out.

Several readers have justifiably praised’s WINDOWS XP EULA IN PLAIN ENGLISH page in which each section of the current Windows XP Home EULA is printed side-by-side with a clear explanation of what it means. Given the fact that most of us have “agreed” to it or a very similar Microsoft EULA, the LinuxAdvocate’s analysis is definitely worth reading. But the plain English description of one section in particular caught my eye.

The XP EULA’s section on limitation of damages reads:


In plain English, what this paragraph means of course is that Microsoft isn’t responsible for any damages caused by their software. But because the list of things the company is not responsible for includes breach of contract, LinuxAdvocate’s article points out that this also means “Microsoft is not liable even if they break the terms of this agreement.” I must have read this damage limitation paragraph half a dozen times, since it’s common to many of Microsoft’s EULAs, but that little irony had escaped me.

A quick look at EULAs from other software publishers shows that some do disclaim damages for their own breach of the license agreement and some don’t. Now, considering how one-sided software EULAs usually are, you might wonder what terms are in any of them that the software publisher could violate. But in the case of the Windows XP EULA, Microsoft promises not to collect personally identifiable information in the product activation process and not to share user information it collects with third parties. Could that be why Microsoft’s lawyers decided it would be a good idea to be able to breach their own license agreements?

The real point here though is just how absurd it is talk about software EULAs as if they were real contracts. An agreement that one side can go back on at any time is no agreement at all. That is the real plain English message of the Windows XP EULA - if only a few more judges would get it.



Posted by Elvis on 09/12/06 •
Section Privacy And Rights • Section Microsoft And Windows
View (1) comment(s) or add a new one
Printable viewLink to this article

Tuesday, August 29, 2006

Kiss AOL Privacy Goodbye

Consumer advocates criticize AOL’s free Active Virus Shield antivirus software licensing agreement.
By Robert McMillan, IDG News Service
August 17, 2006

Just days after posting details of searches made by hundreds of thousands of subscribers, AOL is in hot water again with consumer advocates. This time the issue is with the company’s Active Virus Shield anti-virus software, released last week.

At issue is the software’s licensing agreement, which authorizes AOL to gather and share data on how the software is being used and permits AOL and its affiliates to send e-mail to users. “If you go through the installation, just as any normal user would, there is not the slightest hint of any advertising functionality or data gathering of any kind,” said Eric Howes, director of malware research at anti-spyware vendor Sunbelt Software.

ACTIVE VIRUS SHIELD uses Kaspersky Lab’s well-regarded anti-virus software, and comes with an optional security toolbar that blocks pop-up ads and manages passwords. The software is available for free to anyone who wishes to download it.


Although security experts, including Howes, say that Active Virus Shield does not behave in a malicious fashion or serve up unwanted ads, some are concerned that the product’s end user license agreement (EULA) would allow AOL to send spam or serve up adware at some point in the future. “If it actually does any of the things stated in the EULA, we would actually flag it as spyware,” said Christina Olson, a project manager with STOPBADWARE.ORG.

The Active Virus Shield agreement gives AOL much broader rights to collect information and then to share that information with third parties than typical EULAs, observers said.

A prohibition against blocking ads also caught Olson’s attention. “If you have any ad-blocking software up, you’re basically violating their EULA, which is ridiculous,” she said.

AOL in the News Recently

AOL’s licensing problems come at a sensitive time for the company. Earlier this month the Internet service provider weathered a public relations disaster after an AOL researcher inadvertently EXPOSED DATA on about 19 million Web searches performed by 658,000 users.

After being contacted by IDG News, AOL said it now plans to alter the licensing agreement. “We are updating the EULA to address any concerns,” said Andrew Weinstein, a company spokesman. “We are reserving the right solely to send periodic marketing e-mails that users will have the choice to opt out of.”

Adding to AOL’s troubles is the fact Active Virus Shield’s security toolbar is based on a product with a questionable reputation. An earlier version of this software, known as the Softomate toolbar, is flagged as adware by Kaspersky’s own anti-virus products.

“We don’t use the earlier code because it was used by a malware provider,” Weinstein said. “That’s why Kaspersky looks for it.”

Similar to Sony Rootkit Issue?

While AOL’s toolbar is not considered to be adware, observers say that AOL, which prides itself as a fierce opponent of adware and spyware, could have based its own toolbar on a better product. “I don’t understand how a legitimate company like AOL provides software that can be classified as rogue,” said Aviv Raff, a security researcher based in Israel.

After examining AOL’s toolbar, Raff discovered a flaw in the software that would allow hackers to change the toolbar’s configuration options. While the flaw does not in itself present a security risk, it could be used in combination with other types of malicious software to do things like pop up bogus search results, he said.

“The problem is similar to the Sony rootkit issue,” Raff said referring to Sony BMG Music Entertainment’s NOTORIOUS COPY PROTECTION SOFTWARE, which was found to be the source of security issues late last year. “A big company chose an external company’s software and rebranded it as their own, later to discover it might be bad after all,” he said.

Erik Larkin of PC World contributed to this story.



Posted by Elvis on 08/29/06 •
Section Privacy And Rights
View (0) comment(s) or add a new one
Printable viewLink to this article

Wednesday, August 16, 2006

An End Run Round Copyright Laws?

By Stephen Shankland
Published on ZDNet News August 15, 2006

What Linux has done for operating systems, the Internet should do for content, a prominent lawyer and activist urged Tuesday.

Lawrence Lessig railed against prevailing copyright laws and urged use of his alternative creation, the CREATIVE COMMONS license, speaking to attendees of the LinuxWorld Conference and Expo here. The license permits content such as music, video, photos or text to be reused and augmented by others in the same way that the open-source and free software movement permits programs to be copied and modified.

Stanford Law School professor Lessig noted that Department of Justice lawyers attacking Microsoft for its Windows monopoly fixated on IBM’s vanquished rival, OS/2. But Linux showed that decentralized, nonproprietary operating systems were viable, he said.

“The fight for free culture is harder than the fight for free software. There were no laws against free software, but there are laws that essentially block free culture,” Lessig said.

In Lessig’s view of the world, lawyers, lobbyists and politicians are building a world of “read only” cultural content. It’s “culture that, like potato chips, is to be consumed, not created,” he said. In contrast, the Internet is fostering “read-write\” content that is collaboratively produced and remixed by groups of people exchanging information.

“Copyright presumptively conflicts with the read-writeInternet. Every single use requires regulation permission to be granted presumptively,” Lessig said.

The Creative Commons license is essentially an end run around that copyright law, and Lessig boasted of its success in the last four years: As of June, 140 million content items on the Internet link back to the license, and Google and Yahoo search engines can filter for content using the license.

Lessig showed a variety of videos that mix animations or news footage with music to illustrate how copyrighted material can be combined to produce political commentary or humor. Such remixing will happen whether or not there’s a legal framework for it, but Lessig argued in favor of building one that doesn’t label the activity as piracy.

“You must ask whether the values built into our society--to ignore the rule of law--are the values we want to raise our children to understand,” he said.

Free networks
Linux has demonstrated that it’s possible to build operating systems and software that lets customers bypass Microsoft’s control. The Creative Commons, Lessig hopes, will do the same in letting people exchange content without reliance on entrenched media powers.

At a lower level, the technology that routes data across the Internet, TCP/IP, is an open protocol. But the physical networks used by TCI/IP give industry players another point to control the flow of information, Lessig said.

Lessig argued that networks need not be closed and proprietary, however, because wireless networks provide a way to bypass the “last mile” of networks that today link customers to networking companies.

“Everyone is focused on the only possible way to build broadband infrastructure, to turn over the soul of the Internet to Comcast and AT&T. I wonder if we’re not missing something,” he said. “There’s an explosion of municipal and ad-hoc wireless networks. The people building them will have no incentive to control how people use the network. As you see these miniclouds exploding above cities, the last-mile problem is solved.”

Networking companies have lobbied aggressively against government-funded wireless networks, arguing that it competes with private-sector services. But people need to look carefully at what the role of governments in supplying infrastructure before labeling supporters of publicly funded wireless networks as Communists, Lessig said.

Nobody complains that there aren’t private companies competing to build streetlights to supply photons when it’s dark, Lessig said. “We have this weird disconnect between what we take for granted about local infrastructure services,” he said.


Posted by Elvis on 08/16/06 •
Section Privacy And Rights
View (0) comment(s) or add a new one
Printable viewLink to this article

Tuesday, August 01, 2006

Corporate Greed and Microsoft

Windows Genuine Advantage and why you should be annoyed.
July 30, 2006

Just when it looks like Microsoft might be coming around, at least somewhat, on the boondoggle that is User Account Control in its upcomig Windows Vista operating system, the company loses all rationality and releases several consecutive betas of Windows Genuine Advantage (WGA) to millions of unsuspecting Windows XP users. Moreover, it has done so via its high-priority security Automatic Updates, Windows Update and Microsoft Update online-updating channels.

WGA is a beta anti-piracy program from Microsoft that’s designed to keep it from losing money on stolen product keys and counterfeit copies of Windows and Office. In typical Big Corporation lie-through-your-teeth-marketing style, Microsoft has named its anti-piracy push to sound as if there were something good about it for customers, when in fact, the only advantage is for Microsoft. For some small percentage of legitimate Windows customers, WGA is going to be a royal pain in the behind, with the potential to make some people very frustrated and angry with Microsoft. And for many other people already teetering on the fence about whether Microsoft is a good company to deal with, it may tip them away once and for all. If you doubt that at all, go search Google for “WGA.”

Bloggers, newsletter authors and computer publications have already reported a good deal about WGA. Unfortunately, the negative impact WGA may have on “man in the street” Windows users hasn’t permeated into the mainstream press. It wouldn’t be difficult for The New York Times, The Washington Post, CNN or Consumer Reports to find average people who’ve been told their legitimate Windows XP or Office 2003 software is a “counterfeit copy.” Because that’s what WGA does. It’s a small sliver of code that watches your computer and tries to determine whether your copy of Windows is legit. If WGA determines your software doesn’t have the proper credentials, it may offer you any of several options for paying up. In other words, WGA sets itself up as Big Brother, watching your PC for possible use of invalid or stolen product keys.

Microsoft has given out only vague information, published in a blog, about the existence of false positives—those times when WGA wrongly accuses Windows customers of having an illegitimate copy of Microsoft software. At least 80% of the pirated or counterfeit software WGA finds involves the use of stolen or repeat use of one-time product keys, where Microsoft has a genuine beef. Has Microsoft (or any software development company) ever written perfect code? Of course not. So there are false positives; We just don’t know how many.

What makes that doubly difficult to sort out—and this is the part that makes it hard for the press to report on WGA—is that not all of the apparent false positives are actually false positives. You may have paid for your copy of Windows, but it may actually be a counterfeit copy. You may have recently brought your PC in for repair, and the repair shop may have used its copy of Windows XP to reinstall Windows on your system as part of the repair process. You may have purchased a used PC sold with Windows XP or Office only to find that you weren’t sold a legitimate license. In some cases, that may even happen with new PCs.

This brings me to the aspect of WGA that I feel is the largest mistake. MICROSOFT IS GOING AFTER IT’S OWN CUSTOMERS—NOT THE SERIOUS BAD GUYS—WITH THIS SOFTWARE. I’m sure it believes it must do this to get the counterfeiters, the repair shops that use the same XP CD and product key repeatedly, the system builders who sell the same license over and over, and the smaller enterprises that, while they have purchased machines that are properly licensed, are using a single Windows image and product key (not acquired through volume licensing) for all their new PCs. But there has to be a better way than alienating hundreds of thousands, perhaps millions, of Microsoft software users who have no idea that they’re somehow violating Microsoft’s product licensing rules. The potential is huge for bad publicity, ill will and a feeling that using Windows is an open invitation to let Microsoft decide whether you need to pay a second time for Windows or Office. Microsoft is apparently more interested in squeezing every last penny out of its existing installed base than it is in preserving customer satisfaction or developing a better mousetrap.

The actual numbers of false positives don’t matter. It’s about the perception. It’s glaringly obvious that Microsoft cares not a whit about individual Windows users. Its only focus is largest volume-licensing customers and OEM PC makers. Since it’s all about Microsoft recouping money, it’s hard not to look at this as corporate greed at the expense of unsuspecting corporate customers and end users. I am personally disgusted by WGA. I’d be willing to bet that at least half the people working at Microsoft feel the same way. They can’t say it; I can.



Posted by Elvis on 08/01/06 •
Section Privacy And Rights • Section Microsoft And Windows
View (0) comment(s) or add a new one
Printable viewLink to this article

Friday, July 07, 2006

The Plot To Hijack Your Computer

They watch you surf the Web.
They plague you with pop-up ads.
Then [LIKE MICROSOFT] they cripple your hard drive.

Cover Story
July 17, 2006

Consumers have strong opinions about Direct Revenue’s software. “If I ever meet anyone from your company, I will kill you,” a person who identified himself as James Chang said in an e-mail to Direct Revenue last summer. “I will f------ kill you and your families.” Such sentiments aren’t unusual. “You people are EVIL personified,” Kevin Horton wrote around the same time. “I would like the four hours of my life back I have wasted trying to get your stupid uninvited software off my now crippled system.”

Sifting through a stack of customer complaints in June, 2005, a Direct Revenue employee decided to tally the most frequently used words of aggression: “die” (103 times), “f------” (44), and “kill” (15). Douglas Kee, then Direct Revenue’s chief of quality assurance (QA), ribbed colleagues in an e-mail that with all the death threats, it was a “good thing QA sits farthest away from the entrance.”

According to angry consumers and the New York State Attorney General, Direct Revenue makes “spyware.” These programs track where you go on the Internet and clutter your screen with annoying pop-up advertisements for everything from pornography to wireless phone plans. Spyware can get stuck in your computer’s hard drive as you shop, chat, or download a song. It might arrive attached to that clever video you just nabbed at no charge. Web security company McAfee Inc. (MFE ) estimates that nearly three-quarters of all sites listed in response to Internet searches for popular phrases like “free screen savers” or “digital music” attempt to install some form of advertising software in visitors’ computers. Once lodged there, spyware can sap a PC’s processing power, slow its functioning, and even cause it to crash.

This explains the vitriol aimed at Direct Revenue. The company, located in a loft above a clothing boutique in New York’s hip SoHo district, has been a pioneer in a seamy corner of the booming Net advertising industry. Although it is small by some corporate standards, having generated sales of about $100 million since its start in 2002, its programs have burrowed into nearly 100 million computers and produced billions of pop-up ads.

Direct Revenue’s swift rise illustrates the intertwining of spyware and mainstream online marketing. The Web is the hottest game in advertising, but what’s rarely acknowledged is the extent to which unsavory pop-ups boost the returns. Here’s how it often works: Sellers of advertising, ranging from giant Yahoo! Inc. (YHOO ) to much smaller networks, recruit clients, tally the clicks their ads generate, and charge accordingly. But then Yahoo and the other advertising companies sign up partners that distribute the ads beyond their own sites in return for a fee, and those partners sign up other partners. Down the line, a big piece of the business winds up in the hands of outfits like Direct Revenue, which disseminate the ads as pop-ups and share revenue with their more mainstream partners. Some advertisers say their messages have appeared in pop-ups without their permission. Others seek out pop-ups, and Direct Revenue frequently sells ads directly to such advertisers.

Spyware rakes in an estimated $2 billion a year in revenue, or about 11% of all Internet ad business, says the research firm IT-Harvest. Direct Revenue’s direct customers have included such giants as Delta Air Lines (DALRQ ) and Cingular Wireless. It has sold millions of dollars of advertising passed along by Yahoo. And Direct Revenue has received venture capital from the likes of Insight Venture Partners, a respected New York investment firm.

Many of those impressive ties have frayed or ripped apart recently as Direct Revenue has struggled to fend off a lawsuit filed in April by New York Attorney General Eliot Spitzer. The state court action alleges that Direct Revenue crossed a legal line by installing advertising programs in millions of computers without users’ consent. Shining a light on the shadowy spyware trade, the suit asserts that the company violated New York civil laws against false advertising, computer tampering, and trespassing.

This article is based in part on more than 1,000 pages of Direct Revenue’s internal e-mail and other documents included in court filings. BusinessWeek has reviewed additional documents and interviewed dozens of industry insiders, including 12 current and former Direct Revenue employees and executives.

The company denies any wrongdoing. In a filing in June, it calls the Spitzer suit “much ado about nothing” and defends its past practices as “commonplace” in the industry. It calls its programs “adware” and says it has notified consumers when putting the programs on their computers. It insists that some of the methods Spitzer assails “were long ago changed.” And it argues that by accepting its ads, consumers get popular software applications free of charge that otherwise can cost up to $30 apiece.

In the wake of the litigation, Direct Revenue has shrunk in size, but it remains an important player on the spyware scene. Thousands of people still complain each month to Web security firms about new computer infections caused by Direct Revenue programs (although many users are baffled about what’s causing the maladies). And a new generation of spyware purveyors of equal or greater potency is imitating Direct Revenue’s strategies, infuriating customers, and threatening to taint the larger business of online advertising. Chances are you have some of their handiwork hidden within your hard drive right now.

Direct Revenue’s origins trace the rise of what might politely be called one of the more freewheeling sectors of Internet commerce. The company’s sales philosophy, according to current and former employees, was heavily shaped by Jesse Stein, a Wharton School-educated marketer whose successes before joining the company included selling VigRX, an herbal penile-enlargement supplement. VigRX may sound familiar because, to win customers, Stein inundated e-mail in-boxes with spam promoting the product. In 2003, when the ABC News (DIS ) 20/20 program identified what it said were the biggest online spammers, it featured VigRX and showed one of Stein’s e-mails. He reveled in the notoriety. On his desk at Direct Revenue, Stein, now 36, kept a framed 20/20 screen shot of his VigRX spam, former colleagues say.

His eventual boss, Joshua Abram, came to online hawking from a different angle. His family has a rich history of public service. Abram’s late father, Morris, was a civil rights activist in the 1960s who later served as president of Brandeis University and U.S. ambassador to the U.N. under President George H.W. Bush. Joshua’s sister, Ruth, heads the Lower East Side Tenement Museum in New York.

In 1999 Joshua Abram helped start, a benign precursor to later spyware operations. Dash attached an unobtrusive horizontal bar to the bottom of a computer user’s Web browser. As the user moved around the Internet, Dash would note the sites being visited and offer relevant text ads inside the narrow bar. Dash went out of its way to ask users’ permission to install the ad bar, and the company even shared its fees with consumers who made purchases. But Dash’s tactful text ads drew relatively few clicks, and its fee-sharing became an administrative nightmare. As the Internet market imploded in 2001, Dash folded.

Abram, known for wearing stylish suits amid a sea of techie grunge, kept developing ad software with several colleagues. They joined a broad post-bust move toward treating customers with less respect. One of the new spyware variants he helped create was called VX2, which a former colleague and computer security professionals believe was named after the deadly, undetectable VX nerve agent. In 2002, Abram, a father of two and husband of a fashion-industry executive, started Direct Revenue. His co-founders were fellow Dash alumnus Daniel Kaufman and a pair of data-mining entrepreneurs from a company called Pipe9, Alan Murray and Rodney Hook. The next year, Direct Revenue did business with and then acquired Stein’s online ad agency, forming a spyware powerhouse. Stein declined to comment. The four founders didn’t respond to numerous inquiries.

By early 2004, Direct Revenue, with Abram as CEO, had settled into its SoHo loft, employing two dozen programmers and salespeople. Current and former staff members say the place had an informal, often cynical atmosphere. The unsophisticated computer users subjected to Direct Revenue’s ads had a nickname among some staffers: “trailer cash.”

Knowledgeable consumers can reduce the risk of spyware infection by using widely available security software and steering clear of free online goodies. Direct Revenue and its rivals—companies with such names as eXact Advertising and Zango—say they employ “user agreements” that notify individuals when they are about to download their software. But the agreements typically can be found only by clicking on links deep within separate legal agreements related to the online freebies. The documents tend to be lengthy and opaque. Large numbers of Internet users who lack adequate security software and fail to read the legalese make themselves vulnerable.

Once embedded in your hard drive, spyware communicates via the Internet with the company that produced it. The company’s computer keeps track of your online meanderings and sends you pop-up ads relevant to the sites you visit. The travel-booking sites Travelocity (TSG ) and (PCLN ) have both been direct customers of Direct Revenue. People who picked up Direct Revenue spyware and then perused flights on Travelocity might find their screens obstructed by a pop-up for Priceline, or vice-versa. The travel sites say they stopped doing business with the company earlier this year.

Direct Revenue and other ad software creators struggle to balance an impulse to pump out waves of profitable pop-ups against the danger of enraging consumers who lose control of their computers. “Most of these companies can’t overcome their desire to make the most money right away,” says Sam Curry, vice-president for product management at Computer Associates International Inc. in Islandia, N.Y. (CA )

From early on, a small group of programmers at Direct Revenue focused on how to protect their employer’s programs once they were lodged in a computer, current and former employees say. The team called itself Dark Arts after the term for evil magic in the Harry Potter series. One of the biggest threats Dark Arts addressed came from competing software. The presence of multiple spyware programs can so cripple a computer that no ads manage to get seen.

Dark Arts crafted software “torpedoes” that blasted rival spyware off computers’ hard drives. Competitors aimed similar weapons back at Direct Revenue’s software, but few could match the wizardry of Dark Arts. One adversary, Avenue Media, filed suit in federal court in Seattle in 2004, alleging that in a matter of days, Direct Revenue torpedoes had cut in half the number of people using one of Avenue Media’s programs. The suit settled without money changing hands, according to an attorney for Avenue Media, which is based in Curaao. “This is ad warfare,” explains former Direct Revenue product manager Reza Khan. “Only the toughest and stickiest codes survive.”

In light of the Dark Arts stratagems, Direct Revenue management in early 2004 procured from its lawyers a modified user agreement that would supposedly be shown to PC owners. Within the densely written seven-page documentwas a declaration that Direct Revenue “could remove, disable, or render inoperative other adware programs resident on your computer, which, in turn, may...have other adverse impacts on your computer.”

Abram presented the new agreement to his troops with an impudence befitting the Dark Arts crew. “It’s a lawyer-approved license to kill,” the CEO said in a February, 2004, e-mail. He urged some restraint because at the time potential investors were examining the company: “I would think twice about going too aggressively on the offense during [due] diligence.” But he added: “Obviously, if we find someone is slaughtering us in the interim, we should not wait to counter.”

“It was like a big game of Dungeons & Dragons,” a current Direct Revenue manager says, and it was becoming lucrative. An ad software shop generally charges advertisers up to a penny a day for each computer that showcases its ads. A company with access to 10 million computers can make about $100,000 a day. With its “install base” soaring to more than 20 million computers by late 2004, Direct Revenue’s annual sales rose 450%, to $39 million. Its four founders took home a combined $23 million, with Abram enjoying the biggest share: $8.1 million.

This cash geyser drew investors’ attention. Insight Venture Partners, which has among its advisers Robert E. Rubin, former Treasury Secretary and now chairman of the executive committee at Citigroup (C ), poured in $27 million, court filings show. Andrew J. Levander, a lawyer for Insight, says the firm’s pre- investment due diligence “did not raise any issues concerning the lawfulness of Direct Revenue’s disclosure and distribution practices.” Rubin wasn’t involved with the investment, Levander says. When Insight learns of complaints, he adds, it works with the company to address them.

Complaints were certainly not in short supply. “You have 24 hours to provide me with a removal tool for your piece of crap spyware program,” Joe LoMoglio e-mailed the company in September, 2004. “Your pop-up ads popped up a few porn sites while my 6- and 9-year-old children were using the computer.” Reached by e-mail, LoMoglio says the company “refused to respond.”

As Direct Revenue surged in late 2004, its hyperactive sales force profited as well. Several top performers took home more than $300,000 apiece that year, current and former employees say, and a celebratory mood enveloped the fourth-floor ad-sales department. On Friday afternoons, employees opened bottles of beer, and Paul Nute, a top sales executive, occasionally blasted the pop song Everybody’s Working for the Weekend.

Nute had a trademark line for corporate sales pitches, according to current and former sales employees. “It’s like crack,” he would say. “Once you try it, you’ll keep coming back for more.” Nute declined to comment.

By early 2005, Direct Revenue had notched deals with JPMorgan Chase, Delta, and the Internet phone company Vonage, according to former sales staffers and Direct Revenue documents. Cingular Wireless spent more than $100,000 a month at the peak of its relationship with Direct Revenue, current and former employees say. Direct Revenue put Cingular pop-ups in front of other phone companies’ Web sites and news sites such as the one affiliated with tech magazine Wired. Vonage, meanwhile, was billed $110 for each customer that Direct Revenue delivered, according to a sales report from July, 2005. For that month, Direct Revenue billed Vonage for 287 new customers, or $31,570.

JPMorgan Chase confirms that it advertised with a Direct Revenue unit through the middle of last year, but says it was unaware of any spyware activity. Delta and Cingular declined to comment. Vonage didn’t respond to inquiries.

By mid-2005, Direct Revenue had grown to more than 100 employees, and its practices were drawing public notice. Bloggers, invoking the right to be free of uninvited ads, singled out Direct Revenue. Benjamin Edelman, a prominent Internet consultant and spyware foe in Cambridge, Mass., tried to shame advertisers away from Direct Revenue by displaying on his site the names of companies that appeared in Direct Revenue pop-ups. Jules Neuringer, owner of Portronix, a Brooklyn (N.Y.) computer-service firm, says that during this period about a dozen of his small-business clients complained about Direct Revenue spyware. Of these, he says he “was never able to bring an infected computer back to pristine operating condition.”

Direct Revenue insiders knew they were alienating consumers and even made tentative moves to clean up their act, court filings show. But when the result was fewer people getting stuck with its software, Direct Revenue pulled back from reforms.

In early 2005 the company was bundling its products with a file-sharing program called Morpheus, which users could download onto their computers. Morpheus required that Direct Revenue make its software easy to spot in a computer’s “Add/Remove” panel, which is the registry where a user can find most legitimate software and delete it. Direct Revenue agreed at first but after a few months noticed that thousands of new users it gained via Morpheus were quickly deleting the ad software. Kaufman, a co-founder of Direct Revenue, sent an e-mail to colleagues in February, 2005, saying the company should drop the Mr. Nice Guy routine. “We need to experiment with less user-friendly uninstall methodologies,” he wrote. The distribution agreement with Morpheus ended within three months.

The same ambivalence was evident in April, 2005, when Direct Revenue released a concoction known as Aurora. The program clearly labeled ads as coming from the company, a gesture designed to build credibility. But Aurora had powerful features that fought off competing spyware and security programs. The company also raised the number of pop-ups it sent users to as many as 30 a day.

Disaster ensued, as Aurora paralyzed thousands of computers. Matt Oettinger, who ran media operations at Fastclick (VCLK ), an advertising network that bought ads from Direct Revenue, found his home PC afflicted by Aurora, e-mails in court filings show. In June he ordered all Fastclick ads disentangled from Aurora. Branko Krmpotic, the managing director of Technology Investment Capital Corp. (TICC) (TICC ), which had invested $6.7 million in Direct Revenue, also caught the Aurora bug and couldn’t kill it, according to e-mails. Eventually, Direct Revenue had to send its customer support director to fix Krmpotic’s machine. After receiving complaints about Aurora, Insight Venture, another major investor, told the company to remove Insight’s name from the Direct Revenue Web site. Fastclick declined to comment; Krmpotic didn’t return calls.

Even Aurora’s creators fell victim as the program froze computers at Direct Revenue. One sales staffer, Judit Major, documented receiving more than 30 pop-up ads in one day, according to e-mails. Her computer crashed four times. “We are serving WAY TOO MANY pops per hour,” wrote Chief Technology Officer Daniel Doman in a June e-mail to the company’s brass. “If we overdo it, we will really drive users to get us the hell [off] their machine. We need to BACK OFF or we will kill our base.”

By then consumer complaints were pouring in to Attorney General Spitzer’s office. He filed suit in April, after his staff had hauled away 150 boxes of the company’s e-mails. Spitzer alleges that he found numerous examples of Direct Revenue spyware downloaded with misleading user agreements or no disclosure at all. In many cases, the download was performed by a distributor on behalf of Direct Revenue, but company executives repeatedly conceded in e-mail that users were in the dark about how its programs got into their computers. This, Spitzer argues, amounts to illegal deception.

A Direct Revenue spokesman, Michael Spinney, says the company is “mystified” by Spitzer’s allegations. It cleansed its practices more than nine months ago, Spinney says, and now puts its name on all its pop-up ads. It also now makes its software available for deletion in a computer’s Add/Remove Programs registry and has limited its use of distributors. Before these changes, Spinney asserts, Direct Revenue employed practices common in its industry. He wouldn’t comment on Spitzer’s individual allegations.

The anti-spyware activists and computer security firms confirm that Direct Revenue has dropped its most destructive programs, such as Aurora. But they emphasize that the company continues to cause serious headaches. Tokyo’s Trend Micro Inc. (TMIC ) offers an online service that scans customers’ troubled computers. In April it identified Direct Revenue’s spyware as the culprit in 9,400 computer scans. That’s down from 14,000 in January, but it represents a substantial level of annoyance. “Direct Revenue is still on everyone’s top 10” of reviled spyware companies, says Anthony Arrott, Trend Micro’s spyware research manager.

Deborah Maradei-Ugel, a loan officer in Santa Clarita, Calif., says she receives more than 20 pop-ups a day on her home computer as a result of Direct Revenue spyware. She complained to the company, but removal instructions it sent her are impossible to follow, she says. Her machine frequently stalls and requires restarting. “You hit your computer,” she fumes, “but it doesn’t help.”

The way Direct Revenue describes its software during the download process remains vague and misleading, Edelman and other critics say. The company now bundles ad programs with Kazaa, an online service offering music and other digital content. Kazaa gives users a choice between a $30 version of its program and a free version labeled “ad supported.” But few ordinary consumers would understand that ad-supported means they get separate software from Direct Revenue that will monitor them online and serve a steady stream of pop-ups, Edelman says. Kazaa declined to comment.

Direct Revenue has lost business and reduced its headcount to a couple dozen employees. The four founders still own 55% of the company, according to Spitzer’s filing, and Abram is still seen around the office in his sharp suits. But he no longer serves as CEO. Sales gurus Stein and Nute have moved on to another Internet venture. Many major companies, such as Cingular and Yahoo, have severed connections with Direct Revenue. But the ads of others, including Vonage, continue to appear in Direct Revenue pop-ups. Insight and TICC remain investors.

Among Direct Revenue’s alumni, pride over technical cunning mingles with regret for exasperating so many computer users. After waffling on the issue during a long interview, one former Dark Arts wizard sighs and sums up his version of the company credo with an elegiac observation by abolitionist Frederick Douglass: “Find out just what any people will quietly submit to and you have found out the exact measure of injustice and wrong which will be imposed upon them.”


Posted by Elvis on 07/07/06 •
Section Privacy And Rights • Section Microsoft And Windows
View (0) comment(s) or add a new one
Printable viewLink to this article
Page 67 of 68 pages « First  <  65 66 67 68 >


Total page hits 8800309
Page rendered in 1.3609 seconds
41 queries executed
Debug mode is off
Total Entries: 3136
Total Comments: 337
Most Recent Entry: 10/15/2018 09:41 am
Most Recent Comment on: 01/02/2016 09:13 pm
Total Logged in members: 0
Total guests: 9
Total anonymous users: 1
The most visitors ever was 114 on 10/26/2017 04:23 am

Current Logged-in Members: 

Email Us


Login | Register
Resumes | Members

In memory of the layed off workers of AT&T

Today's Diversion

Teaching should be such that what is offered is perceived as a valuable gift and not as a hard duty. - Albert Einstein.


Advanced Search



October 2018
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      

Must Read

Most recent entries

RSS Feeds

Today's News

ARS Technica

External Links

Elvis Picks

BLS Pages


All Posts



Creative Commons License

Support Bloggers' Rights