Slashdot Mirror
General Public Realizes KaZaa is Spyware
blankmange writes "CNet is reporting the slow dawning of the general public to KaZaa and spyware. "Virginia Watson unwittingly authorized a company she'd never heard of to install software that would help turn her computer into part of a brand-new network. The software, from Brilliant Digital Entertainment, came with the popular Kazaa file-swapping program. But the 65-year-old Massachusetts resident--who has a law degree--didn't read Kazaa's 2,644-word "terms of service" contract, which stated that Brilliant might tap the "unused computing power and storage space" of Watson's computer. " " Fortunately the helpful
graph in the article compares the complexity of IRS tax forms with Brilliant's
terms of use... guess which one is harder to read?
In todays world, marketing and business is going too far.
I hope news, irc and old protocols like that will survive to the flaming of capitalisme.
I'm wondering if anyone DOES know the legal implications of those service agreements the real question is wheather anyone who clicks on them is actually prepared to honour any agreements, i mean most of these companys are providing a sevice that is at best in the "grey" rea of the law, i dont think a lot of users read the acgreements simply because they *will* igonre them.
Burt "Out of my mind back in 5 minutes"
or burglerware if you like. People rightfully don't expect their pc to be tapped, its resources used or otherwise tampered with.
Of course "it's their own fault" but that does not take away the unprecedented lack of morality of the companies involved.
It should be considered virii and nothing else.
How many millions have downloaded this software now?
:)
:)
How come not one person out of these millions noticed that line about tapping your computers unused cycles and wrote to a news site pr here about it?
Why did this come out only when brilliant filed with the SEC?
Surely at least one person must have read the damn eula? Somehow i don't feel to bad for everyone..
A very happy furthernet[furthernet.com] user
burn my karma if ya like i don't care i think i have a good point
It should be illegal to have complicated and misleading user-agreements in software. Over the course of a day, a consumer might have to agree to several of these, not to mention other contracts, service agreements, etc. they have to sign in their non-computer life. Invariably, these sorts of things are unreadably long and full of Legalese unintelligible to the average Joe. We're bombarded by so many, that it is literally impossible to read and understand them all, let alone send them to our lawyers (as we are "supposed" to do with contracts).
Because of the size, complexity and volume of these things (and the need to usually get past them quickly), I would argue that they amount to coercion (which would invalidate them). The same is true of shrink-wrap software licenses (which you are rarely able to examine until well after you've unwittingly agreed to them). Of course, I doubt a court of law would agree with me. However, I think it would make sense to have a consumer protection law that requires that these sorts of things have a short, concise, easy to read summary at the beginning that gives the user an idea of what they're getting in to (with all the legalese below for completeness). That would prevent companies from creating scumware like this then hiding behind their user-auto-agreements.
... "Give me a woman who loves beer and I will conquer the w
Personally, I wish that is exactly what would happen. Popups dialogs and confirmation boxes should only appear when there is something you need to think about. If you're not supposed to think about it, then why are they bothering you with the popup in the first place?
Nope, no sig
So until you back up your claim with some credible links I am skeptical.
aus.music.scrapbook
This is so ridiculous. Trust is soon to become a thing of the distant past. The last shreds of it are slipping away. Modern cannibalism for the sake of the dollar. So sad.
"Brilliant, whose Altnet peer-to-peer software piqued consumer fears, says it is committed to telling people exactly how their computers will be used via new agreements and pop-up boxes as it loads more software and starts using consumers' computer resources."
If they were so committed to telling people, why the hell didn't they? All of these companies set out to decieve, then lie and manipulate to cover their asses. I can't even imagine the discussions that these people had to plan such an underhanded ploy.
You can't even hum two bars of a song without someone looking for royalties. Do you think these companies intent to pay up when they use your computer to solve a million dollar math problem? hell no! damn the man..haha
> Extra Features compared to original KaZaA ...
> - No Adware
>
Just two popup-ads on every single page. Thank-you-but-no-thank-you.
This *could* be a valid business model. Think about it: Company X offers services for free in exchange for a few of your CPU cycles. The same client could be used for both distributed processing and, say, file downloads. Company X makes money by selling CPU power to third parties (your spare cycles) and you, the user, enjoy free service.
Unfortunately, KaZaa wants to do it *without* telling you. That's just unacceptable...
If reading Slashdot, surfing the web, and thinking newspapers are nothing more than corporate whores makes you a demi-god, then you take the cake!
I wonder if these poor fucks to which you're referring bring any value into the world at all? After all, the internet, computers, software, etc all have intrinsic value, right? All other focus is folly.
Sanitation engineers (that's right, garbagemen) probably exploit me in some way too...but I don't have a way to get that garbage away from my house (in the city) without their help. If I see my friend downloading and 'agreeing' to an obviously sketchy program, I'll probably tell him to think twice--cause I can help him out with places that I know a thing or two about.
It's called 'learning'
Steve Magruder, Metro Foodist
Here's an even better idea! DON'T BUY A CAR if you don't want to have tracking devices in it! It says that there is one right there in page 15 of your loan agreement, and big deal if it calls the cops every time you speed! People already know that they're in there and if you're too stupid to have known yourself, tough!
If you are smart enough, you'd buy your own car parts and assemble your own car. But if you're too lazy, then you can't complain when a car company tries to make an extra buck or two from the government...
Moron. I don't build cars for a living and neither do I code.
I know that it's a mistake to think of legal documents as if legal language were source code or machine instructions for the legal system. None the less, it does seem as if we are beginning to see legal documents employing the same sort of "social engineering" and "viral behaviour" that we encounter daily in code.
What Kazaa has done is no different from what the Mellissa virus did: It presented people with a choice (install this software for Kazaa, open this document for Mellissa) that appeared to most to be benign. The means of knowing the choice was not benign were available (the license agreement for Kazaa, the actual contents of the document for Mellissa), but were obfuscated (in complex and opaque legal language, in obfuscated macros in an opaque document format) and chaffed (in one small part of a very large file/document in both cases).
Perhaps, then, we need to look upon trojans written in legal "code" the same way we look at trojans in software: As malicious and probably illegal. It is no more sensible to expect people to be able to fully comprehend a complex (and deliberately obfuscated) legal document than it is to expect people to read the binary code of every program they run. Yet our legal system presumes that you are responsible for your agreement to "run" the legal code but that you are the victim when you run the binary.
We need to treat contracts and licenses written in legal language the same way that we treat compiled code: as opaque and, when they are harmful, as malicious "exploits" of user vulnerabilities.
--G
IF you want to make a big deal about the legality of EULAs don't forget that something is either a contract or it is not. In which case it may have to conform to readibility statutes including being in a language you can actually read. Time and time again, legally speaking oh libertarian one - obscurity for the sake of obscurity has been struck down in the courts under the general principal that if you have something to hide you are probably committing fraud or trying to commit fraud.
I feel little sympathy for people "burned" by click-through stuff. If you're not willing do deal with the possible consequences, and you don't want to read the agreement, don't click "I Agree". If you click "I agree" you've got a shaky case because you allowed whatever to be installed on your machine.
Let the buyer beware. If you sign on the dotted line or click on the flashing button, you are assumed to have done your damn homework. If you haven't, you and only you are responsible for the problems it causes. It's common sense, people.
Oh wait, I forgot. Common sense is stuff that everyone says, but no one actually believes. I forgot.
he's basically someone who's only skill is that he has a slight bit of knowledge ver the average computer user and feels he needs to charge ridiculous prices for his *ahem* expertise. Try doing real work with computers for a living.
Hey, I just like the BMW. A LOT. I could be coding device drivers, but I prefer to have sex with girls. Being a computer "doctor" lets me work doctor's hours. And I can take a vacation whenever I want.
Personally, if you're not happy, then what the fuck is the point of existing? Coding device drivers does not make me happy. It can be interesting, but for about 24 hours straight only. I prefer to keep my sanity. So I fix stupid Windows problems? Does that make me not "l33t"? FUCK YES. Do have have an easy job? FUCK YES. Do I love my life? FUCK YES. You may answer these questions differently for yourself, but I am happy where I'm at and no ANONYMOUS COWARD can knock me off my pedestal.
BTW, got my +1 bonus today, so I'm just abusing it a bit to get my voice heard just this once.
Cheers.
Cool! Amazing Toys.
If your computer is your castle, YOU are the only person responsible for defending it, and YOU are the only person who is to blame when YOU install something without reading the license agreement.
You, you, you, you, you, you, and only you.
I install stuff from the internet all the damn time. I click through just like everyone else, but I don't complain that the devil made me do it. If its yours, take some responsibility for it. If you refuse to, then deal with it pal, 'cause only you are to blame. People don't say "read the fine print" because it's something nice to say. People say it because it's good advice.
"It's smart to ALWAYS know what you are signing for. Because you could be signing away the life of your child." That's what I get from this post.
Not "everything should be spelled out in 20 different languages to be fair" "we should all get everything for free." "I'm a worthless communist" as you intended to say.
I'm sorry to be acidic, but I never said I don't support consumer advocacy. I said I don't support LAWS governing what software CAN and CANNOT do. There are ALREADY laws prohibiting viruses and malicious, destructive software. Most people don't care if their spare computer cycles are used by some company if, in return, they get a good piece of software. And if it screws up their computer, they are happy to have it fixed.
There does not need to be LEGISLATION in this matter. There needs to be education. People should not just download and run software from untrusted sites. EVERYONE knows that. So in this case, I do not shed a tear.
No pity for the majority.
Cheers.
Cool! Amazing Toys.
Except that the current system is great for lawyers: You're forced to accept an EULA to use a piece of software, if you don't want to, you have to (somehow) negotiate your money back. And in order to understand the EULA, you probably should consult a lawyer anyway: Even if it apparently reads like plain English, there will be clauses that are likely to be invalid, or ambigious, or have hidden repercussions.
Simply outlawing them, or offering a basic "If someone pays you for the right to use the software, you MUST offer them the ability to install and use the software without agreeing to any conditions beyond those implied by copyright law and first-use/right of first sale doctrines." is not going to help the lawyers. It removes them from the process, and a good thing too.
KMSMA (WWBD?)
Whenever I read articles about this I think about the free amusement park in the movie "Pinnochio" that turns you into a donkey. Moral of the story: There's no such thing as a free lunch.
Most people don't care if their spare computer cycles are used by some company if, in return, they get a good piece of software.
Then how about distributing the software with "price: The Idle time of your PC"? Why are these "ways you pay for the software" always hidden away, usually installed silently in the background, and controlled via a checkbox that was careful placed outside of the visible range on one part of a 30 part install wizard? The reality is that most of this insidious software doesn't state its true intentions, because they know if they did many people would forgo using it, but instead they put "FREE!" all over the product.
There does not need to be LEGISLATION in this matter. There needs to be education. People should not just download and run software from untrusted sites. EVERYONE knows that. So in this case, I do not shed a tear.
Uh, we're talking about mainstream, very popular software : Not software from warez sites. So if Netscape 8.2 read your financial information and sent it on to banks, that's ay okay?
No pity for the majority.
And you work in computer configuration and repair? I feel pity for your customers. I'll guess that you're the type of guy that always has the raised eyebrow, exclaiming about how dumb the average Joe is, while at the same time wallowing in your own ignorance.
>Have you seen the source code?
You are aware that the number of people that could tell ANYTHING from the source code is extremely small, right?
That's always been one of the things that's bothered me - "Where's the source?!" I don't care, I couldn't do anything with it anyway. Neither could 99% of the people looking to use something like Kazaa.
"But there are people that can!", you cry. Great. What makes THEM any more trustworthy?
-l
If it's true that you can't enter a legally binding agreement while drunk, just pound a few brews before clicking "I agree." Time to go install some more software...
Yes they own the software but _you_ still own the machine. If the software is doing something other then the intended purpose whether that's gatering data about you or turning your machine into a node in a distributed processing network you should know about it. In clear, plain English (or whatever your native language is). It should not be burried in a multiple page document that can be understood if you have a J.D.
Sean.OutaHere()
No, you'll find a bunch of words saying that the publisher claims that to be the case, but that doesn't make it so. Using software you have legally obtained is not a violation of copyright law, so you don't need to agree to a EULA. In fact, since a EULA (usually) gives you no rights that you didn't already have, it should be invalid on its face for lack of consideration. (IANAL, yada yada yada).
How to solve most of our problems: 1.Lots of nuclear plants. 2.Cure aging.
You can't predict which program will pull the bait-and-switch anymore. A free filesharing program gets released, without spyware, then after I tell all my friends about it and they have a bunch of users they add spyware. Just like what happened with Limewire.
This one is easy. A real W$ alert box won't scroll away in a browser.
In this case, you are correct, and I showed her how to slide the scollbar and watch the ad fall out of frame.
But it is very simple to pop a real alert, a new window, or any multitude of other ways to trick an inexperienced user into installing software, joining a service, or disclosing personal information.
I think it's important to keep the right attitude toward users who are learning to use computers. If we make people afraid to seek our help, we only have more work to do later when we need to re-build a system.
The first message in this thread had a mocking undertone that I think is one of the reasons people have difficulty learning to use computers.
I hate that type of elitism. It's one of the things that hold back Linux.
Saying that people should get a lawyer before installing software is ridiculous.
:P
... :)
My initial comment was originally posted a bit tongue in cheek, but if you hit "I Agree" and you don't agree nor make any attempt to understand what you agree, that's not the fault of the company. If you hit "I Agree," you'd better agree.
Why aren't you thinking? Any lawyer worth his or her salt would look at any EULA, and tell you not to install the software.
Lawyers provide legal advice and break down the legal process for the average person. If I wanted to incorporate a business or get married, the lawyer would look at the forms I have to sign, and tell me what it is I'm signing. They don't say, "This form's too hard. Why are you wasting your time getting married anyway?" Lawyers are not just binary evaluators that say Do this/Don't do this and stop at that.
>I know what I have installed on my computer, I know what it does, and I don't get surprised when I do (pkg_info|dpkg -l).
Do you seriously expect anyone to believe you when you say this? I can guarantee that you do NOT know exactly what you have on your computer.
Uhh, I would say a lot of people who have been running BSD/Linux for a while could agree with this statement.
Your pkg_info paragraph is way off-base. I didn't say I know exactly what I have installed, but I have a fair understanding of what each program does based on what the author of the program has written about it. This is reinforced because a) I can trust the author as he or she is most likely not part of some greedy business and don't stoop to unethical behavior to match a profit margin, b) a vast majority of the software I have is open-sourced, and especially that which is in the FreeBSD base has gone through a fair amount of auditing, whereas Kazaa is a closed-source app that has probably not recieved any comprehensive security analysis, and c) if there were issues, I'd be alerted about them immediately as I'm seeing more 3rd-party auditors more interested in keeping whatever UNIX software secure rather than some silly windows utility.
If the trojans of which you speak are delivered by some cracker, than it's my fault for not keeping up to date on patches. If the trojans are delivered by the author, a highly unlikely event especially with a commonplace app like ftp, that author would essentially be commiting developmental suicide as I and many others wouldn't use software from this author anymore. I do not expect this level of quality in Windows.
Wouldn't you be pissed if it did? But, as you suggest, you only have yourself to blame.
I sure would be, and yup, I'd blame myself. I'm glad that we see eye to eye on this issue, and it's settled.
Besides, Kazaa alerted its users to some extent, and that's the whole point of this damn thread. Your questions of my knowledge of trojanned software is wholly irrelevant as trojans by definition are totally silent about their duality. And no 'Well, the obfuscation of the EULA sections on spyware is analogous to a trojanned program' because I don't see rootkits coming with click-through agreements that the legitimate sysadmin has to click "I Agree." to step through the installation process.
Gee, you can dog me on my misuse of the word altruism but when it comes to trojan, you're the one in the dark
If you disagree, reply.
"[T]he single essential element on which all discoveries will be dependent is human freedom." -- Barry Goldwater
First, unused cycles are ordinarily "optimized out" by my CPU. In other words, it runs slower and consumes less electricity when not being used. Most modern CPUs go into a low-power-consumption mode when not actively performing real processing. (If you doubt this, check your CPU temperature while it's been sitting idle with a blank screen for an hour or two. Compare that to the temperature after playing an hour of Quake III or even just running a graphics intensive screen saver for an hour. I know I could certainly feel the difference when I was running the distributed.net client at home. I just wish I had metered it.) So, I "hereby grant BDE the right to access and use the unused computing power" is another way of saying I will freely donate my electricity. Let's find out just how "free" that is.
First, let's assume that I pay $.0816/kWh for electricity (the 1999 national consumer average (page 14).) Let's also assume that I leave the computer powered on constantly (because I do.) Finally, let's assume that my computer consumes 60W when idle, but 120W when actively crunching numbers (because it's an Athlon.) So that's an extra 60W/hr I would unknowningly consume on behalf of Kazaa.
Look at it a different way: Assume there are 2,000,000 KaZaa users.
- 60W/hr * 2,000,000 = 120,000,000 watt-hours.
Thats 120 megawatts per hour. We're talking California-rolling-blackout-sized consumption of energy here. It's Environmental Impact Statement time.Is it still so unreasonable to ask them to say "Click here to agree with the above and oh, by the way, we're going to use about $40 worth of your electricity per year", or does something a bit more drastic have to happen?
John