Slashdot Mirror
Stealware: Kazaa et al Stealing Link Commissions
goombah99 writes "We all heard about spyware, well now Kazaa, Morpheus and LimeWire are sneaking a new type of nastiness onto your computer, software that - without you even knowing it - redirects commissions for online purchases you make from other vendors you make back to them. For example, if you buy a CD from an affiliate of Amazon.com, say some charity, the software fools Amazon into crediting the commission to Morpheus, not the charity! The story quotes a LimeWire Developer who admits 'While I agree that this is really a
bit of a scam, it is a way for us to pay salaries while not adversely affecting our users.' The insidious part is the stealware
program remains even if you delete the original P2P software. And you supposedly gave your permission when you clicked through the EULA."
That's why if your going to use Kazaa you should really use Kazaa Lite. It's Kazaa without all the spy stuff installed.
From the article's side-bar:
A Software Cleanup
Computer users who want to remove shopping software from their machines can do so in a few steps. Instructions for removing three of the most common programs:
BUYERSPORT - The shopping software with Morpheus:
Click the Start button.
Click on Find.
Click on Find Files or Folders.
Type in mbho.dll. Click on find now. When the file appears in the directory window, drag mbho.dll into the trash.
LIMESHOP - The software with LimeWire:
Click the Start button.
Click on Settings.
Click Control Panel.
Double-click Add/Remove Programs.
Click LimeShop.
Click Add/Remove.
SAVENOW - The software used by Kazaa:
Click on Start.
Click Settings.
Click on Control Panel.
Double-click on Add/Remove Programs.
Click SaveNow.
Click on Add/Remove.
www.christopherlewis.com
It might not be as fast as the other p2p networks, but Gnucleus is free, open source, and not subject to any malware like Kazaa is...
This is more than "a bit of a scam" -- it's immoral and undoubtedly illegal. There are ways to get defeat all their little scams and still use the Fasttrack P2P network. You can try Kazaa Lite, which is Kazaa without the spy/scumware. I'd also recommend using AdAware, a great little program that scans your registry, memory, and hard drives for spy/scum/adware components and gives you the option to delete them.
Using AdAware to delete cydoor.dll will likely leave your P2P client not working. That's where the dummy cydoor.dll comes in. It allows the client to start without providing any of the unwanted cydoor functionality.
For more info on spyware and scumware in general, check out the quite wonderful Counterexploitation site...
Hope this helps...
:wq
I'd like to point people's attention to furthurnet.com. I'm sure it won't have the popularity of the other sharing systems, but its a legit system and you get unique material.
Furthurnet.com is a system where fans of bands which allow bootlegging of live concerts post full sets from those shows.
Pros:
*Free, no ads, no spyware, nothin
*Legal - music is only by bands who approve
*New stuff - you can get stuff no on CD's yet
*Live stuff - could be a plus or minus depending on the artist, but its a new perspective.
Cons:
*Bigger - they're recorded in a non-lossy format shn, so a full concert is anywhere between 200-600 meg
*Recording quality not as good - depending on the band, the recorder and show, the acoustics and equipment aren't as good as live CD's and certainly not as clean as studio.
*Fewer artists
I just discovered this a few days ago looking for Jack Johnson stuff. I love it. Take a look. Its on Win and linux (maybe Mac too, not sure)
"Of all days, the day on which one has not laughed is the most surely the one wasted." -Sebastian Roch Nicol
Try adaware by lavasoft. Think of it as a virus scanner for spy/ad/stealware. Not a bad product.
"Of all days, the day on which one has not laughed is the most surely the one wasted." -Sebastian Roch Nicol
For all the crapware i use vmware. Sure, you've got to pay for it, but then it'll save you lots of headaches dealing with this stuff. Just use a virtual machine for the crap, and the main one for the real stuff. Probably bochs would also do, though i didn't test it.
s178BA - Obtaining money by deception - 5 years
s178BB - Obtaining money etc by false or misleading statements (it doesn't require the statement to be in writing, false claim as to referrer will definitely count) - 5 years
s180 - Causing payment etc by false pretence etc (the false referrer will count here too) - 5 years
This could be prosecuted under any one of these.
Here's the link: http://associates.amazon.com/exec/panama/associate s/join/operating-agreement.html/104-2963693-286633 7
Section 5, at the end:
In addition, you may not: [snip] (b) read, intercept, record, redirect, interpret, or fill in the contents of any electronic form or other materials submitted to us by any person or entity;
Desperation is a stinky cologne
>What person out there would take a company to court
>that is allowing them to distribute and download
>music that a lot of the major companies don't want
>you to do?
Insightful.
>I'm uneffected by this because i'm a happy WinMX
>user. I've never had a problem whatsoever, unlike
>AudioGalaxy and Bearshare (this is awhile ago) that
>deleted some of my system files, thus making me
>have to reformat!
Yeah, isn't that something? It's faster to reformat a Window's partition than it is to deltree c:\windows and c:\progra~1. It takes hours to deltree and mere minutes (usually) to format.
I just boot LOAF (Linux on a Floppy) if I have to rm -fR the windows and the program files dirs on a windows partition... much much faster.
As for the stealing of commissions intended as charitable contributions, I have no first hand information on it but... if it is going on, it diminishes the spirit of charitable giving and probably breaks the law. Flame on!
Codifex Maximus ~ In search of... a shorter sig.
you may not: [..] read, intercept, record, redirect, interpret, or fill in the contents of any electronic form or other materials submitted to us by any person or entity;
This should be enough to boot any account from amazon that has transactions coming from altering affiliate links. I'm starting to wonder how much my site 'lost' due to things like this.
The Virtual Bookcase: book reviews
I talked to Colin the head of the Amazon Associates program a few months ago, and they absolutely do not find this acceptable, however they have somehting on the order of 20,000 associates, so it takes a little while for them to see trends that would ferret this behaviour out. He said they had seen it before and told the companies to stop, or they would cancel their Associates account.
www.winmx.com
It's a much better client than morpheus/kazaa, its network size has passed the threshold to be useful.
It's totally illegal. What the EULA actually says is :
"By signing this contract you allow us to steal from your neighbor."
This is the same thing, period.
First, it asks the permission to someone not related to the contract's target, which is illegal. (You cannot have a contract that says: By signing this, you agree that your friend X owes us XX bucks.)
Second, stealing is illegal.
So, it doubly illegal!
This is just sick.
Their diversion of cash does hurt the customer.
Many co-op preschools in my area, in order to be able to charge less tuition money, permit parents to agree to engage in a certain amount of fundraising. Among the options available is to sign up for Schoolpop, at which point the school gets a quite generous cut of commissions for purchases on Amazon and similar sites.
However, if the KaZaa folks steal the commissions, the parent is liable, since the parent must raise some minimum amount (yes, Schoolpop provides the data to the school so the school knows who's raised the money for them). In cases like this, which are quite common, the KaZaa folks and their hitchhikers are directly stealing from their users, as well as from schools and charities.