Stealware: Kazaa et al Stealing Link Commissions

goombah99 writes "We all heard about spyware, well now Kazaa, Morpheus and LimeWire are sneaking a new type of nastiness onto your computer, software that - without you even knowing it - redirects commissions for online purchases you make from other vendors you make back to them. For example, if you buy a CD from an affiliate of Amazon.com, say some charity, the software fools Amazon into crediting the commission to Morpheus, not the charity! The story quotes a LimeWire Developer who admits 'While I agree that this is really a bit of a scam, it is a way for us to pay salaries while not adversely affecting our users.' The insidious part is the stealware program remains even if you delete the original P2P software. And you supposedly gave your permission when you clicked through the EULA."

Easy solution

[dcavanaugh]

Full disclosure of affiliates at the time the transaction is concluded. If Amazon and the others actually showed which affiliate was going to get a commision, people would spot the monkey business right away. The consumer doesn't have to know the amount, but knowing which affiliate is getting the credit would make this a self-policing situation. If the stealware people are so bold as to falsify Amazon's message back to the constomer, then it's time for the laywers.

I don't know if the big online retailers actually care about affiliate programs or not. If they do, then stealware is intolerable. Otherwise, the programs are useless.

Once again....use a virtual machine

[mccalli]

Every so often I post this when P2P comes up, but it always seems relevant.

File sharing companies are, at the very best, a dubious bunch. Experience has shown tht they will try to screw up your machine in some way.

So...let them. They'll find some way of doing it eventually anyway. The trick? Just make sure the 'machine' is a virtual machine. I personally use Virtual PC for Windows, but VMWare would do just as well.

Make a blank virtual machine, install your P2P clients on it and take a back-up of that file. Then use that machine for nothing but P2P. The result? Spyware is useless, because there's nothing happening to actually spy on. The machine gets too spyware-ridden? No problem - delete the current machine and restore from that fresh backup you took.

Cheers,
Ian

If they're an affiliate,how many CDs did they sell

[mbourgon]

Hmmm... I wonder if Amazon would be willing to say how many CDs Kazaa users have bought? That might just prove (note that I said "might") prove that those filthy dirty music pirates are actually *gasp* big customers. Could be interesting.

Re:Fer Chrissake, it's FRAUD!

[TGK]

No... it's not. For a number of reasons.

1.) You -=knew=- that the charity was not going to get the commission if you didn't buy it through their site

2.) You, the purchasing party, made that decision on your own. No one made it for you.

3.) All of the money involved was your own, and (again) it was your choice.

With this theftware, the situation is different. EULAs are paper tigers in court and we all know it. Even if they weren't, I'm not entirely sure tha this kind of scheme is legal in the first place, as there appears no way to cancel the contract once the software is uninstalled.

These companies are not putting up the money to buy the CD, they are taking it out of someone elses pockets. By any definition that is theft, particularly if you can demonstrate the irrelevancy of the EULA.