Stealware: Kazaa et al Stealing Link Commissions

goombah99 writes "We all heard about spyware, well now Kazaa, Morpheus and LimeWire are sneaking a new type of nastiness onto your computer, software that - without you even knowing it - redirects commissions for online purchases you make from other vendors you make back to them. For example, if you buy a CD from an affiliate of Amazon.com, say some charity, the software fools Amazon into crediting the commission to Morpheus, not the charity! The story quotes a LimeWire Developer who admits 'While I agree that this is really a bit of a scam, it is a way for us to pay salaries while not adversely affecting our users.' The insidious part is the stealware program remains even if you delete the original P2P software. And you supposedly gave your permission when you clicked through the EULA."

Crap like this is going to Kill P2P

[FirstNoel]

IF this is true...

These guys are their own worst enemy. The RIAA doesn't need to do anything. These companies will end up destroying themselves. This is not the type of PR these guys need.

Sean D.

Re:Crap like this is going to Kill P2P

[Ooblek]

This type of stuff probably won't kill them. I'm pretty sure a company can't go on forever when their sole means of income is banner ads and affiliate commissions. I'm sure at some point they are going to have to pay market salaries to some of the people, which their income model will likely not support. I know nothing about their staff or their qualifications, but I would guess they have a staff of developers that are more dedicated than they are interested in making a lot of money. As they grow older, the lean-and-mean startup atmosphere drags on them and they make their experience pay by going to another company for a market salary. This leaves the P2P software makers with less experienced people, and the turnover rate gets bumped up and so on.

Its sad, but unharnessed P2P file trading is just too cool a thing to last forever. So my wife sits at home and tries to fill up our new 80GB hard drive while I'm at work.

Re:Crap like this is going to Kill P2P

[MrResistor]

The PR is irrelevant.

15-year-old morons who have already destroyed their brains with drugs and alcohol (like, for example, my old bosses son) don't give a rip about this kind of stuff. They will still be installing Kazaa on their school networks, their dad's company's computers and where ever else they manage to get access to. It doesn't matter to them that Kazaa is stealing from the charity that their step-mom always goes to Amazon through. Hell, if they knew they'd probably think it was cool!

So, no, since that's pretty much their target market, the PR isn't going to do jack to them. The charity finding out that Kazaa is stealing their commisions and sueing them and/or sicking the FTC on them for fraud, however, just might be the straw that broke the camel's back.

It's a shame, really. There is so much legitimate possibility for P2P, it's really sad to me that it is now so tainted by this kind of scuminess.

Now how is this not stealing?

[shaping_innovation]

"Now, the company said, the softwareoffers a choice to the consumer before each purchase: whether to give the commission to the affiliate or to himself in the form of a rebate, with a portion of the rebate going to Morpheus"

What would happen if I walked into a car dealership, bargained a nice proce for my new Kia, and told the salesperson that instead of him getting a commission, I'm going to take that money as a rebate? Wouldn't that be stealing, or am I missing something here?

Self Limiting?

[Christopher_G_Lewis]

One would think that the online stores would get wize to this:

"Last week, Amazon cut off affiliate payments to Morpheus, one site that employs the shopping software, said an online executive. Coldwater Creek, an online clothing store, has also blocked Morpheus."

i miss napster ...

[dlasley]

the moral and ethical rape was at least directed at an appropriate target in the RIAA

Easy solution

[dcavanaugh]

Full disclosure of affiliates at the time the transaction is concluded. If Amazon and the others actually showed which affiliate was going to get a commision, people would spot the monkey business right away. The consumer doesn't have to know the amount, but knowing which affiliate is getting the credit would make this a self-policing situation. If the stealware people are so bold as to falsify Amazon's message back to the constomer, then it's time for the laywers.

I don't know if the big online retailers actually care about affiliate programs or not. If they do, then stealware is intolerable. Otherwise, the programs are useless.

Kazaa

[CTRamsden]

I absolutely do not comprehend why people continue to use this software.

The very fact that it WAS spyware has kept me from using, even since they had supposedly gotten rid of it. Of course, I am a fairly paranoid individual. I see this as a good thing, however.

There are plenty of alternatives out there that are not spyware and don't go screwing with things they shouldn't be.

Amazon won't stand for this

[Dudio]

If Amazon allows software companies to redirect affiliate rebates, the incentive for people to link to Amazon's catalog goes away. I can't imagine they won't shut down the accounts of vendors like Kazaa who circumvent the process, once the practice becomes public (as it now has).

Re:Amazon won't stand for this

[jayayeem]

I hope you are right... Hopefully amazon will add an intermediate screen to the order process, telling the user who is recieving their commission.

Once again....use a virtual machine

[mccalli]

Every so often I post this when P2P comes up, but it always seems relevant.

File sharing companies are, at the very best, a dubious bunch. Experience has shown tht they will try to screw up your machine in some way.

So...let them. They'll find some way of doing it eventually anyway. The trick? Just make sure the 'machine' is a virtual machine. I personally use Virtual PC for Windows, but VMWare would do just as well.

Make a blank virtual machine, install your P2P clients on it and take a back-up of that file. Then use that machine for nothing but P2P. The result? Spyware is useless, because there's nothing happening to actually spy on. The machine gets too spyware-ridden? No problem - delete the current machine and restore from that fresh backup you took.

Cheers,
Ian

Re:Reprehensible

[xsbellx]

IANAL but AFAIK, you cannot enforce a contract for commiting a crime. In other words, if two parties enter into an agreement where one party pays the other party to kill someone, this contract is not binding on either party (yeah I know, the parties will have other ways of dealing with a breach). As far as I understand the situation, the party that is supposed to receive the commission will not because of nasty P2P scum. Since the P2P guys have no direct involement with the "charity" and the P2P scum are diverting money from the "charity", this is at the very least FRAUD! As a crime is being commited, the EULA is no longer binding on either party.

In a truly civilized world these bastards would die a very prolonged, extremely painful public death.

Re:Steal from charities???

[stratjakt]

> I see virtually no difference between this and reaching into one of those bell ringers donation buckets.

Alot are saying this. But yet they *do* see the difference between downloading an album versus shoplifting it from Best Buy.

KaZaa/Morpheus/etc all reek of get-rich-quick schemes based on the success of Napster.

I'm no more shocked than when I get an e-mail promising free porn, and then end up with 9000 popups eaching wanting to charge a dollar on my credit card for 'age verification purposes'.

You can always hide behind some legalese gobbledy-gook in an EULA. All hail the mighty litigator.

better solution 'Bug traq'

[oliverthered]

Amazon write there affiliate program code so that you can't frig it; It's a piece of piss to do:

each affiliate has a key that they encrypt there product numbers, a hash and a few other standard authentication bits and bobs.

When you buy a product from an affiliate Amazon looks up the affiliate's ID in a database, un-encrypts the product ID and checks the hash.

The problem isn't that there's 'spy ware' spoofing Amazon, more like Amazon's shopping site has piss poor security.
Anyone fancy posting to Bug traq on spoofing affiliation with Amazon?

If they're an affiliate,how many CDs did they sell

[mbourgon]

Hmmm... I wonder if Amazon would be willing to say how many CDs Kazaa users have bought? That might just prove (note that I said "might") prove that those filthy dirty music pirates are actually *gasp* big customers. Could be interesting.

Re:You can beat them, but they make it HARD

[CapnGib]

I'd also recommend using AdAware, a great little program that scans your registry, memory, and hard drives for spy/scum/adware components and gives you the option to delete them.

I used my brother's computer the other day to show him how to crossfade tracks in Nero. Anyway I went to search something at Google and upon hitting search button was redirected to some shady search engine site for my results. The best part is that it lists the same shady porn/hacker links no matter what you search for (albeit in different order each time). So I tried Yahoo Excite and other sites, same hijacking. "That's it I'm downloading AdAware to fix this!" I go to www.lavasoft.com and wouldn't you know the bastardware re-directed me to the same friggin search engine site.

OK, now I go into Control Panel and removed at least 10 apps that I never heard of (suprised that they even show up in there) each time confronted with scary/threatening warnings about how removing this software will damage my computer or break my software etc. I installed Ad-Aware, Kazaa-lite and cleaned it up.

I assume these bastard-apps came bundled with the plethora of naked girl screensavers, dancing strippers etc. he installed. (He's 14 what do you expect)

Re:Fer Chrissake, it's FRAUD!

[TGK]

No... it's not. For a number of reasons.

1.) You -=knew=- that the charity was not going to get the commission if you didn't buy it through their site

2.) You, the purchasing party, made that decision on your own. No one made it for you.

3.) All of the money involved was your own, and (again) it was your choice.

With this theftware, the situation is different. EULAs are paper tigers in court and we all know it. Even if they weren't, I'm not entirely sure tha this kind of scheme is legal in the first place, as there appears no way to cancel the contract once the software is uninstalled.

These companies are not putting up the money to buy the CD, they are taking it out of someone elses pockets. By any definition that is theft, particularly if you can demonstrate the irrelevancy of the EULA.

Re:Um, does the phrase massive lawsuit mean anythi

A. Software that you gave to me for free B. Something I agreed to take in the EULA

Come on, who REALLY reads a EULA? It's just the annoying thing you need to click "OK" on or the software quits the install program. Nobody takes that shit seriously. What we do take seriously is when viruses and trojans get installed on our computer all hiding behind some legalistic bullshit. If you put in your EULA that you can come to my house and kill my children and I passively click "OK" without reading it it's still illegal to come to my house and kill my children! There are still laws that have to be followed that override a EULA.

Doesn't matter for students, really...

[Kirby-meister]

...all the bad things about KaZaa go in one ear and come out the other with freshmen college students. As the local "computer guy" for my hall, I've had to uninstall and regedit kazaa out of so many freshmen comps that it's not really funny. When a user calls and tells me something is wrong with their connection, I no longer ask if their ethernet cord is plugged in - I ask if they have KaZaa installed.

I've gotten quite a workout on my legs from running up and down the stairs getting to each computer in a 7 story building, though.

But seriously - I've gone so far as to do a free-pizza-if-you-come-here-and-listen-to-me presentation on how KaZaa is bad, and I'll still see KaZaa on every desktop I touch (except mine, of course).

LimeWire without the Lime

[thatguywhoiam]

(While I have no idea what level the offending software is implemented at...)

If you're running OS X, you can get the Ultrapeer/swarm-downloading goodness of LimeWire without that bitter SpyWare aftertaste. Have a look at Acquisiton. It uses the LimeWire core with a Cocoa front-end. While still very early, using Acquisition after using LimeWire is like... using OS X after Xp (oooh! Bad troll! how'd you get in here?!?)

I don't know the guy who writes it or anything, but he's a fellow Canadian so I feel the need to plug.

Re:News Flash: People who enable piracy are crooks

[ReelOddeeo]

News Flash: People who enable piracy are crooks

Finally! This is what the RIAA has been trying to say all along! Finally someone on /. gets it.

We need to shut down the Internet. It enables piracy. All these ISP's are crooks, just selling something to enable piracy.

If we don't shut down the whole Internet, then at least shut down broadband. The only reason people get broadband is the same reason they get P2P: to do something illegal. (The same reason they got a PC in the first place, I might add.)


we now return you to your regular p2p downloading.

Finally

[Chetmurray]

I submittes stories on this last spring when they first started. How big of scum are these guys? After speaking out on affiliate boards against this company and personally talking some merchants into dropping them, wurldmedia/morpheus sent a goon to my house and threatened me. I am not kidding. They kept saying what I was saying was libelous and that one of their biggest investors was the second top cop in NY state and he could fast track any legal action against me.

Nice!

The idiot Kirk did create my favorite juxatposition of quotes:

Morpheus referred inquiries to Wurld Media, which operates its shopping rebates program. Kirk H. Feathers, the chief technical officer of Wurld Media, said that it had been wrongly accused of stealing and that the company would readily go to court to defend itself.

He acknowledged that an earlier version of the company's software did divert commissions away from other affiliate sites but said that new versions dealt with that situation.

So now he is threatening to sue people who quote him? He is a complete ass.

The stupidest thing out of all of this. The merchants who go with them see an increase in affiliate sales - sure, because they are paying affiliate comissions now even if someone just typed the site name into the browser! These companies do not drive traffic or promote the companies, they leave that to webmasters, they just step in at the last minute and grab the sale. In the long run this seriously impacts merchants and causes them to see a lower return on their affiliate programs, and then as affiliates leave since their commissions are being taken, the merchant is left with nothing.

The ad networks love this because they are paid a % on each comission. So what do they care? Comission Junction has gone from trusted third party, to scam that will do anything not illegal. I guess the idea of being ethical is beyond them? Phww.. Surprise, they are an idealab company.

Chet

Re:Dancing with the devil

[thomas.galvin]

Not much different of an attitude from the RIAA.

You know, if this keeps up, the RIAA isn't going to need that pro-hacking bill; hacktivists are going to get so fed up with Kazaa that they take them down on their own.

Seriously, the more I deal with the computer and related industries, the more disgusted I become. I miss the days when people basically did what they want, and were mostly harmless. And I'm only 22.

Re:Fer Chrissake, it's FRAUD!

[dclxv]

Does every indecent act require government action? I think it should be up to Amazon or whoever to police thier services, not the government. Let Amazon shut them down instead of an act of congress.

Re:Way beyond the pale

[Schnapple]

Actually, the Insane Clown Posse filmed a press conference for their upcoming album and encoded it as a QuickTime file. The conference was over an hour long and the four files made up some 550MB of video (they went a little overboard). When they tried to host it on their website, the demand completely hosed their server and their ISP. Not wanting to deprive fans of the video but being unable to host it themselves, they put it on Kazaa and after a while pretty much everyone was able to download it with no sweat.

So this would be a perfect example of how a P2P network can be used for good, and as a marketing tool. Interesting to note that this artist didn't seem to mind the notion that the legion of Kazaa users they probably just created might then go and pirate all their songs, but given that ICP charged some $100 to get in to this packed conference and convention, they've obviously found some alternative revenue sources.

The problem with the "it has legitimate uses!" argument is that there aren't enough examples like this to offset the illegal ones. Note to artists: don't webcast your concerts - no one can watch them anyway with server overload and no one wants to watch U2 in RealMedia anyway. Do this sort of thing instead.

Are they idiots?

[Courageous]

Why do they believe that the user's agreement makes this legal? An agreement between two parties cannot, as a general rule, relinquish the rights of a third party. This is almost certainly felony fraud, earning the players 5-10 in the clink. I hope the players have good attorneys. As soon as the victims (hint: not the user) hear about this and file a complaint, charges will be filed. They're not going to be civil charges, and it's not going to be judge Judy.

Some people are really stupid about the internet! "Oh, this is the internet, therefore if I do something unethical, they must not have passed a law against that yet." Not so. God. DUMB!!!!!

C//

Re:Fer Chrissake, it's FRAUD!

[BrianH]

Hey, I'm a "big L" Libertarian myself, but I have to disagree with you here. There are certain areas where the government SHOULD get involved, and where we do need it's services. These include military defense, foreign relations, LAW ENFORCEMENT, and a few others.

At the minimum, this meets the legal definition of fraud (IANAL, but the guy down the hall is, and he just told me that this meets the "legal yardstick"). At the most, we may be looking at criminal theft. Either way, this consitutes a real crime and is the kind of thing that governments were meant to deal with.