Slashdot Mirror
General Public Realizes KaZaa is Spyware
blankmange writes "CNet is reporting the slow dawning of the general public to KaZaa and spyware. "Virginia Watson unwittingly authorized a company she'd never heard of to install software that would help turn her computer into part of a brand-new network. The software, from Brilliant Digital Entertainment, came with the popular Kazaa file-swapping program. But the 65-year-old Massachusetts resident--who has a law degree--didn't read Kazaa's 2,644-word "terms of service" contract, which stated that Brilliant might tap the "unused computing power and storage space" of Watson's computer. " " Fortunately the helpful
graph in the article compares the complexity of IRS tax forms with Brilliant's
terms of use... guess which one is harder to read?
How many millions have downloaded this software now?
:)
:)
How come not one person out of these millions noticed that line about tapping your computers unused cycles and wrote to a news site pr here about it?
Why did this come out only when brilliant filed with the SEC?
Surely at least one person must have read the damn eula? Somehow i don't feel to bad for everyone..
A very happy furthernet[furthernet.com] user
burn my karma if ya like i don't care i think i have a good point
It should be illegal to have complicated and misleading user-agreements in software. Over the course of a day, a consumer might have to agree to several of these, not to mention other contracts, service agreements, etc. they have to sign in their non-computer life. Invariably, these sorts of things are unreadably long and full of Legalese unintelligible to the average Joe. We're bombarded by so many, that it is literally impossible to read and understand them all, let alone send them to our lawyers (as we are "supposed" to do with contracts).
Because of the size, complexity and volume of these things (and the need to usually get past them quickly), I would argue that they amount to coercion (which would invalidate them). The same is true of shrink-wrap software licenses (which you are rarely able to examine until well after you've unwittingly agreed to them). Of course, I doubt a court of law would agree with me. However, I think it would make sense to have a consumer protection law that requires that these sorts of things have a short, concise, easy to read summary at the beginning that gives the user an idea of what they're getting in to (with all the legalese below for completeness). That would prevent companies from creating scumware like this then hiding behind their user-auto-agreements.
... "Give me a woman who loves beer and I will conquer the w
Personally, I wish that is exactly what would happen. Popups dialogs and confirmation boxes should only appear when there is something you need to think about. If you're not supposed to think about it, then why are they bothering you with the popup in the first place?
Nope, no sig
So until you back up your claim with some credible links I am skeptical.
aus.music.scrapbook
This is so ridiculous. Trust is soon to become a thing of the distant past. The last shreds of it are slipping away. Modern cannibalism for the sake of the dollar. So sad.
"Brilliant, whose Altnet peer-to-peer software piqued consumer fears, says it is committed to telling people exactly how their computers will be used via new agreements and pop-up boxes as it loads more software and starts using consumers' computer resources."
If they were so committed to telling people, why the hell didn't they? All of these companies set out to decieve, then lie and manipulate to cover their asses. I can't even imagine the discussions that these people had to plan such an underhanded ploy.
You can't even hum two bars of a song without someone looking for royalties. Do you think these companies intent to pay up when they use your computer to solve a million dollar math problem? hell no! damn the man..haha
This *could* be a valid business model. Think about it: Company X offers services for free in exchange for a few of your CPU cycles. The same client could be used for both distributed processing and, say, file downloads. Company X makes money by selling CPU power to third parties (your spare cycles) and you, the user, enjoy free service.
Unfortunately, KaZaa wants to do it *without* telling you. That's just unacceptable...
Steve Magruder, Metro Foodist
I know that it's a mistake to think of legal documents as if legal language were source code or machine instructions for the legal system. None the less, it does seem as if we are beginning to see legal documents employing the same sort of "social engineering" and "viral behaviour" that we encounter daily in code.
What Kazaa has done is no different from what the Mellissa virus did: It presented people with a choice (install this software for Kazaa, open this document for Mellissa) that appeared to most to be benign. The means of knowing the choice was not benign were available (the license agreement for Kazaa, the actual contents of the document for Mellissa), but were obfuscated (in complex and opaque legal language, in obfuscated macros in an opaque document format) and chaffed (in one small part of a very large file/document in both cases).
Perhaps, then, we need to look upon trojans written in legal "code" the same way we look at trojans in software: As malicious and probably illegal. It is no more sensible to expect people to be able to fully comprehend a complex (and deliberately obfuscated) legal document than it is to expect people to read the binary code of every program they run. Yet our legal system presumes that you are responsible for your agreement to "run" the legal code but that you are the victim when you run the binary.
We need to treat contracts and licenses written in legal language the same way that we treat compiled code: as opaque and, when they are harmful, as malicious "exploits" of user vulnerabilities.
--G
IF you want to make a big deal about the legality of EULAs don't forget that something is either a contract or it is not. In which case it may have to conform to readibility statutes including being in a language you can actually read. Time and time again, legally speaking oh libertarian one - obscurity for the sake of obscurity has been struck down in the courts under the general principal that if you have something to hide you are probably committing fraud or trying to commit fraud.
I feel little sympathy for people "burned" by click-through stuff. If you're not willing do deal with the possible consequences, and you don't want to read the agreement, don't click "I Agree". If you click "I agree" you've got a shaky case because you allowed whatever to be installed on your machine.
Let the buyer beware. If you sign on the dotted line or click on the flashing button, you are assumed to have done your damn homework. If you haven't, you and only you are responsible for the problems it causes. It's common sense, people.
Oh wait, I forgot. Common sense is stuff that everyone says, but no one actually believes. I forgot.
he's basically someone who's only skill is that he has a slight bit of knowledge ver the average computer user and feels he needs to charge ridiculous prices for his *ahem* expertise. Try doing real work with computers for a living.
Hey, I just like the BMW. A LOT. I could be coding device drivers, but I prefer to have sex with girls. Being a computer "doctor" lets me work doctor's hours. And I can take a vacation whenever I want.
Personally, if you're not happy, then what the fuck is the point of existing? Coding device drivers does not make me happy. It can be interesting, but for about 24 hours straight only. I prefer to keep my sanity. So I fix stupid Windows problems? Does that make me not "l33t"? FUCK YES. Do have have an easy job? FUCK YES. Do I love my life? FUCK YES. You may answer these questions differently for yourself, but I am happy where I'm at and no ANONYMOUS COWARD can knock me off my pedestal.
BTW, got my +1 bonus today, so I'm just abusing it a bit to get my voice heard just this once.
Cheers.
Cool! Amazing Toys.
If your computer is your castle, YOU are the only person responsible for defending it, and YOU are the only person who is to blame when YOU install something without reading the license agreement.
You, you, you, you, you, you, and only you.
I install stuff from the internet all the damn time. I click through just like everyone else, but I don't complain that the devil made me do it. If its yours, take some responsibility for it. If you refuse to, then deal with it pal, 'cause only you are to blame. People don't say "read the fine print" because it's something nice to say. People say it because it's good advice.
Except that the current system is great for lawyers: You're forced to accept an EULA to use a piece of software, if you don't want to, you have to (somehow) negotiate your money back. And in order to understand the EULA, you probably should consult a lawyer anyway: Even if it apparently reads like plain English, there will be clauses that are likely to be invalid, or ambigious, or have hidden repercussions.
Simply outlawing them, or offering a basic "If someone pays you for the right to use the software, you MUST offer them the ability to install and use the software without agreeing to any conditions beyond those implied by copyright law and first-use/right of first sale doctrines." is not going to help the lawyers. It removes them from the process, and a good thing too.
KMSMA (WWBD?)
Most people don't care if their spare computer cycles are used by some company if, in return, they get a good piece of software.
Then how about distributing the software with "price: The Idle time of your PC"? Why are these "ways you pay for the software" always hidden away, usually installed silently in the background, and controlled via a checkbox that was careful placed outside of the visible range on one part of a 30 part install wizard? The reality is that most of this insidious software doesn't state its true intentions, because they know if they did many people would forgo using it, but instead they put "FREE!" all over the product.
There does not need to be LEGISLATION in this matter. There needs to be education. People should not just download and run software from untrusted sites. EVERYONE knows that. So in this case, I do not shed a tear.
Uh, we're talking about mainstream, very popular software : Not software from warez sites. So if Netscape 8.2 read your financial information and sent it on to banks, that's ay okay?
No pity for the majority.
And you work in computer configuration and repair? I feel pity for your customers. I'll guess that you're the type of guy that always has the raised eyebrow, exclaiming about how dumb the average Joe is, while at the same time wallowing in your own ignorance.
If it's true that you can't enter a legally binding agreement while drunk, just pound a few brews before clicking "I agree." Time to go install some more software...
No, you'll find a bunch of words saying that the publisher claims that to be the case, but that doesn't make it so. Using software you have legally obtained is not a violation of copyright law, so you don't need to agree to a EULA. In fact, since a EULA (usually) gives you no rights that you didn't already have, it should be invalid on its face for lack of consideration. (IANAL, yada yada yada).
How to solve most of our problems: 1.Lots of nuclear plants. 2.Cure aging.
This one is easy. A real W$ alert box won't scroll away in a browser.
In this case, you are correct, and I showed her how to slide the scollbar and watch the ad fall out of frame.
But it is very simple to pop a real alert, a new window, or any multitude of other ways to trick an inexperienced user into installing software, joining a service, or disclosing personal information.
I think it's important to keep the right attitude toward users who are learning to use computers. If we make people afraid to seek our help, we only have more work to do later when we need to re-build a system.
The first message in this thread had a mocking undertone that I think is one of the reasons people have difficulty learning to use computers.
I hate that type of elitism. It's one of the things that hold back Linux.
Saying that people should get a lawyer before installing software is ridiculous.
:P
... :)
My initial comment was originally posted a bit tongue in cheek, but if you hit "I Agree" and you don't agree nor make any attempt to understand what you agree, that's not the fault of the company. If you hit "I Agree," you'd better agree.
Why aren't you thinking? Any lawyer worth his or her salt would look at any EULA, and tell you not to install the software.
Lawyers provide legal advice and break down the legal process for the average person. If I wanted to incorporate a business or get married, the lawyer would look at the forms I have to sign, and tell me what it is I'm signing. They don't say, "This form's too hard. Why are you wasting your time getting married anyway?" Lawyers are not just binary evaluators that say Do this/Don't do this and stop at that.
>I know what I have installed on my computer, I know what it does, and I don't get surprised when I do (pkg_info|dpkg -l).
Do you seriously expect anyone to believe you when you say this? I can guarantee that you do NOT know exactly what you have on your computer.
Uhh, I would say a lot of people who have been running BSD/Linux for a while could agree with this statement.
Your pkg_info paragraph is way off-base. I didn't say I know exactly what I have installed, but I have a fair understanding of what each program does based on what the author of the program has written about it. This is reinforced because a) I can trust the author as he or she is most likely not part of some greedy business and don't stoop to unethical behavior to match a profit margin, b) a vast majority of the software I have is open-sourced, and especially that which is in the FreeBSD base has gone through a fair amount of auditing, whereas Kazaa is a closed-source app that has probably not recieved any comprehensive security analysis, and c) if there were issues, I'd be alerted about them immediately as I'm seeing more 3rd-party auditors more interested in keeping whatever UNIX software secure rather than some silly windows utility.
If the trojans of which you speak are delivered by some cracker, than it's my fault for not keeping up to date on patches. If the trojans are delivered by the author, a highly unlikely event especially with a commonplace app like ftp, that author would essentially be commiting developmental suicide as I and many others wouldn't use software from this author anymore. I do not expect this level of quality in Windows.
Wouldn't you be pissed if it did? But, as you suggest, you only have yourself to blame.
I sure would be, and yup, I'd blame myself. I'm glad that we see eye to eye on this issue, and it's settled.
Besides, Kazaa alerted its users to some extent, and that's the whole point of this damn thread. Your questions of my knowledge of trojanned software is wholly irrelevant as trojans by definition are totally silent about their duality. And no 'Well, the obfuscation of the EULA sections on spyware is analogous to a trojanned program' because I don't see rootkits coming with click-through agreements that the legitimate sysadmin has to click "I Agree." to step through the installation process.
Gee, you can dog me on my misuse of the word altruism but when it comes to trojan, you're the one in the dark
If you disagree, reply.
"[T]he single essential element on which all discoveries will be dependent is human freedom." -- Barry Goldwater
First, unused cycles are ordinarily "optimized out" by my CPU. In other words, it runs slower and consumes less electricity when not being used. Most modern CPUs go into a low-power-consumption mode when not actively performing real processing. (If you doubt this, check your CPU temperature while it's been sitting idle with a blank screen for an hour or two. Compare that to the temperature after playing an hour of Quake III or even just running a graphics intensive screen saver for an hour. I know I could certainly feel the difference when I was running the distributed.net client at home. I just wish I had metered it.) So, I "hereby grant BDE the right to access and use the unused computing power" is another way of saying I will freely donate my electricity. Let's find out just how "free" that is.
First, let's assume that I pay $.0816/kWh for electricity (the 1999 national consumer average (page 14).) Let's also assume that I leave the computer powered on constantly (because I do.) Finally, let's assume that my computer consumes 60W when idle, but 120W when actively crunching numbers (because it's an Athlon.) So that's an extra 60W/hr I would unknowningly consume on behalf of Kazaa.
Look at it a different way: Assume there are 2,000,000 KaZaa users.
- 60W/hr * 2,000,000 = 120,000,000 watt-hours.
Thats 120 megawatts per hour. We're talking California-rolling-blackout-sized consumption of energy here. It's Environmental Impact Statement time.Is it still so unreasonable to ask them to say "Click here to agree with the above and oh, by the way, we're going to use about $40 worth of your electricity per year", or does something a bit more drastic have to happen?
John