Slashdot Mirror
General Public Realizes KaZaa is Spyware
blankmange writes "CNet is reporting the slow dawning of the general public to KaZaa and spyware. "Virginia Watson unwittingly authorized a company she'd never heard of to install software that would help turn her computer into part of a brand-new network. The software, from Brilliant Digital Entertainment, came with the popular Kazaa file-swapping program. But the 65-year-old Massachusetts resident--who has a law degree--didn't read Kazaa's 2,644-word "terms of service" contract, which stated that Brilliant might tap the "unused computing power and storage space" of Watson's computer. " " Fortunately the helpful
graph in the article compares the complexity of IRS tax forms with Brilliant's
terms of use... guess which one is harder to read?
Kazaa Lite is without spyware:
http://www.kazaalite.com
It replaces one of the spyware DLLs Kazaa requires with a do-nothing version.
Dan East
Of course, the whole point of the article (if you've read it, though I'll guess that you haven't) is that the complexity of most EULAs are absurdly difficult : The type of convoluted, circular, impossible to read verbage that virtually no one could read through and understand even if they were truly committed to reading the EULA for every single piece of software that they installed.
Personally, I think that there should be basic laws governing software just as there are in the rest of society (i.e. There is a 20 page EULA every time I go to a variety store and buy a can of coke, because there are certain expectations and societal and legal standards that govern the experience : i.e. Drinking a coke doesn't make them own my liver) : For instance, no software can communicate over the internet without explaining, in simple English (not intentionally vague legalize) why it is doing it, and who it's really benefitting.
It's called AdAware, and it seems capable of nuking most nasty little apps installed by websites and applications like Kazza. Grab it here from Lavesoft USA and be very afraid at how many spyware components it finds!
You should also download their reference file update utility too. This lets you keep up to date with the latest spyware programs out there.
Alas gallinaceas de urbe bovis volo
Much as the avalanche of spam in the 1990s prompted action from legislators and regulators
Yeah, I'm glad we got that taken care of back in the 90s...
Synergy is your friend
He got a new computer, got all excited about Morpheus and then they switched. Since then he hasn't been able to get anything to start downloading. So he was telling me he was going to install this Kaaza thing and try it, and asked me if I'd heard of it.
As I explained some of the functionality surplus to him, you could see his jaw just dropping and dropping.
But I betcha he'll still install it - cause he loves the CD burner he has and how easy it is to burn MP3's-> CDDA.
It only goes to show that you should read everything before you sign it. This is similar to discovering on your car lease that the company reserves the right to use the car when you aren't.
I've always wondered if the "click if you agree" thing is enough. I remember learning once in my highschool law class that when it came to contracts etc, both parties had to fully understand the extent of the wording - in order to protect people from "fine print" trickery.
It would seem to me that these over-complicated EULAs are an attempt to either confuse users, or get them to click "Agree" without understanding the terms.
If I "trick" you into signing something, you should still be legally protected. Granted of course that you can afford to take it to court.
But that's what class action suits are for right?
IADNAL (D==Definitely)
I'm so glad these guys are getting pounded for this. It's pretty amazing how many news outlets picked up on this story. Unfortunately, there are many many more situations like this that are overlooked.
I really don't have a problem with companies adding extra programs into their software. The problem I have is 1) Not being told about it and 2) Not being given the option of opting out or not installing it.
As far as I'm concerned, a license is not an appropriate place to inform the user of third party software coming along for the ride. Software should be very explicit during install exactly what's happening. That way, the user can either not install the program, or if allowed, not install that component. What's so hard about that?
The fact that these companies try to hide this stuff shows they know the systems are a bit shady.
Strangely enough, this happens with big-time commercial software as well. I was pretty p*ssed when Intuit's TurboTax installed Internet Explorer on my laptop without asking. It just told me, "Installing IE 5.5 now" with no cancel button. I had 5.0 installed and it was there for a reason. Oh, well.
Hopefully, awareness of these practices will hurt companies who will entually find it beneficial to be up front with their customers!
Unfortunatly, I lost interest and didn't take the time to read all the way through it. I hope there wasn't anything I'm supposed to know in there.
THIS SPACE FOR RENT
It should be illegal to have complicated and misleading user-agreements in software. Over the course of a day, a consumer might have to agree to several of these, not to mention other contracts, service agreements, etc. they have to sign in their non-computer life. Invariably, these sorts of things are unreadably long and full of Legalese unintelligible to the average Joe. We're bombarded by so many, that it is literally impossible to read and understand them all, let alone send them to our lawyers (as we are "supposed" to do with contracts).
Because of the size, complexity and volume of these things (and the need to usually get past them quickly), I would argue that they amount to coercion (which would invalidate them). The same is true of shrink-wrap software licenses (which you are rarely able to examine until well after you've unwittingly agreed to them). Of course, I doubt a court of law would agree with me. However, I think it would make sense to have a consumer protection law that requires that these sorts of things have a short, concise, easy to read summary at the beginning that gives the user an idea of what they're getting in to (with all the legalese below for completeness). That would prevent companies from creating scumware like this then hiding behind their user-auto-agreements.
... "Give me a woman who loves beer and I will conquer the w
Part of my job is to configure students machines for use on a dorm network. Very often we get complaints about service ranging from no connectivity to slow performance. Of course the slowness can be directly attributed to P2P apps and their tendency to hog bandwidth, but Gator and its ilk are notorious in our circles as poorly written programs that not only do all the privacy violation, etc that they should be reviled for, they also have the unique ability to mung Winsock on machines running ME, 98 and 2000. The fix requires a young priest and old priest and a silver sword (read: edit the registry and rebuild the TCP/IP stack). So now when I get a machine with Gator, etc. I edit the system startup to shut it down. Invariably the performance of the machine and its network connectivity rebounds. I don't ask permission to do this as we are not removing the program, but simply preventing having the prolematic software do what it does -- start.
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
"I'm not an extremist," said Robert Regular, vice president of sales and marketing at New York-based digital advertising firm Cydoor. "But all this talk of spyware is the equivalent of elevating one bad seed, and it's having negative consequences on the good software. The public doesn't have time to investigate if it's negative software; they'll just stop downloading...I would hate to think we could reach a point that, whenever a dialog box comes up and says, 'Do you want to do this,' bells go off and people become worried."
So we're supposed to trust them. These spyware folks are just a few bad apples among the wonderful adware crowd. Damn you, Brilliant, you're keeping me from all this good adware software.
(I am not a lawyer, but my wife is studying to be one)
While she was taking her contracts class, she pored over EVERY single contract (Wedding coordinator, photographer, hotel where the wedding was held, DJ, etc.) with a fine tooth comb. That is the lawyer in training method.
But when I speak with friends of the family who are lawyers, many simply sign every document thrust in front of their face becuase they know that no matter how you phrased it, they can wiggle out if need be!
That explains why I sign legally binding documents as I. P. Freely
In the future, I would want to not be isolated from my friends in the Space Station.
This *could* be a valid business model. Think about it: Company X offers services for free in exchange for a few of your CPU cycles. The same client could be used for both distributed processing and, say, file downloads. Company X makes money by selling CPU power to third parties (your spare cycles) and you, the user, enjoy free service.
Unfortunately, KaZaa wants to do it *without* telling you. That's just unacceptable...
Steve Magruder, Metro Foodist
is a yes/no button a legally binding clause?
t iv es/hotmail.html
From http://www.techlawonline.com/internet.htm#about3:
The Internet variant of "shrinkwrap" licenses are "clickwrap" licenses which are standard-form contracts entered into online; for example, Terms of Service posted on a web site, under which the purchaser signifies his assent to the terms simply by clicking on a box marked "I Agree." Like shrinkwrap licenses, the terms are non-negotiable. Unlike post-payment shrinkwrap licenses, however, the purchaser's consent to the posted terms is usually obtained before the exchange of funds.
While the courts have not explicitly upheld the enforceability of clickwrap licenses, in at least one recent decision, the U.S. District Court for the Northern District of California implicitly ruled that such an agreement was enforceable. Hotmail Corporation v. Van$ Money Pie Inc., 47 U.S.P.Q. 2d 1020, 1998 WL 388389 (April 1998, N.D.Cal.). It remains to be seen whether other courts will similarly find these types of agreements enforceable.
The court's decision in the Hotmail case above can be found here:
http://eon.law.harvard.edu/h2o/property/alterna
Beware: In C++, your friends can see your privates!
I know that it's a mistake to think of legal documents as if legal language were source code or machine instructions for the legal system. None the less, it does seem as if we are beginning to see legal documents employing the same sort of "social engineering" and "viral behaviour" that we encounter daily in code.
What Kazaa has done is no different from what the Mellissa virus did: It presented people with a choice (install this software for Kazaa, open this document for Mellissa) that appeared to most to be benign. The means of knowing the choice was not benign were available (the license agreement for Kazaa, the actual contents of the document for Mellissa), but were obfuscated (in complex and opaque legal language, in obfuscated macros in an opaque document format) and chaffed (in one small part of a very large file/document in both cases).
Perhaps, then, we need to look upon trojans written in legal "code" the same way we look at trojans in software: As malicious and probably illegal. It is no more sensible to expect people to be able to fully comprehend a complex (and deliberately obfuscated) legal document than it is to expect people to read the binary code of every program they run. Yet our legal system presumes that you are responsible for your agreement to "run" the legal code but that you are the victim when you run the binary.
We need to treat contracts and licenses written in legal language the same way that we treat compiled code: as opaque and, when they are harmful, as malicious "exploits" of user vulnerabilities.
--G
That's fine, but here is my issue.
So you say "that would never happen", and I say take another look at the lows that internet companies will go to to turn a buck. especially companies that will use a another program to slip your install script onto users programs.
Oh wait... I'll have to wait until "Brilliant Digital Entertainment" is done with my CPU to finnish this post....
If you want to convince a court that your knowledge of English is limited, I suggest you refrain from using phrases like "intentionally obfuscating the agreement."
If it ain't broke, you need more software.
Except that the current system is great for lawyers: You're forced to accept an EULA to use a piece of software, if you don't want to, you have to (somehow) negotiate your money back. And in order to understand the EULA, you probably should consult a lawyer anyway: Even if it apparently reads like plain English, there will be clauses that are likely to be invalid, or ambigious, or have hidden repercussions.
Simply outlawing them, or offering a basic "If someone pays you for the right to use the software, you MUST offer them the ability to install and use the software without agreeing to any conditions beyond those implied by copyright law and first-use/right of first sale doctrines." is not going to help the lawyers. It removes them from the process, and a good thing too.
KMSMA (WWBD?)
Most people don't care if their spare computer cycles are used by some company if, in return, they get a good piece of software.
Then how about distributing the software with "price: The Idle time of your PC"? Why are these "ways you pay for the software" always hidden away, usually installed silently in the background, and controlled via a checkbox that was careful placed outside of the visible range on one part of a 30 part install wizard? The reality is that most of this insidious software doesn't state its true intentions, because they know if they did many people would forgo using it, but instead they put "FREE!" all over the product.
There does not need to be LEGISLATION in this matter. There needs to be education. People should not just download and run software from untrusted sites. EVERYONE knows that. So in this case, I do not shed a tear.
Uh, we're talking about mainstream, very popular software : Not software from warez sites. So if Netscape 8.2 read your financial information and sent it on to banks, that's ay okay?
No pity for the majority.
And you work in computer configuration and repair? I feel pity for your customers. I'll guess that you're the type of guy that always has the raised eyebrow, exclaiming about how dumb the average Joe is, while at the same time wallowing in your own ignorance.
I wonder if anyone has reverse-engineered BDE's protocols yet? It would be a damn shame, wouldn't it, if their surreptiously installed thiefware should inadvertantly retrieve data containing a destructive worm as a payload, or if their computations were all skewed just enough to still be plausible, but uselessly wrong, or if the client on some computer that their server connected to wasn't quite the client they originally installed, and had unfortunate effects on said server....
Eavesdroppers can't complain if what they hear is unflattering, and thieves can't complain if the stuff they stole is dangerous to them.
---dragoness