Slashdot Mirror
Stealware: Kazaa et al Stealing Link Commissions
goombah99 writes "We all heard about spyware, well now Kazaa, Morpheus and LimeWire are sneaking a new type of nastiness onto your computer, software that - without you even knowing it - redirects commissions for online purchases you make from other vendors you make back to them. For example, if you buy a CD from an affiliate of Amazon.com, say some charity, the software fools Amazon into crediting the commission to Morpheus, not the charity! The story quotes a LimeWire Developer who admits 'While I agree that this is really a
bit of a scam, it is a way for us to pay salaries while not adversely affecting our users.' The insidious part is the stealware
program remains even if you delete the original P2P software. And you supposedly gave your permission when you clicked through the EULA."
'While I agree that this is really a bit of a scam, it is a way for us to pay salaries while not adversely affecting our users.'
"While I agree that slapping my wife around isn't very nice, it does get me my dinner on time."
"While I agree that insider trading is against SEC rules, how else am I going to get the 2nd Aston-Martin?"
"As God is my witness, I thought turkeys could fly." A. Carlson
IF this is true...
These guys are their own worst enemy. The RIAA doesn't need to do anything. These companies will end up destroying themselves. This is not the type of PR these guys need.
Sean D.
"Hmm. I am to metaphor cheese as metaphor cheese is to transitive verb crackers!"
'While I agree that this is really a bit of a scam, it is a way for us to pay salaries while not adversely affecting our users.'
That's part of it, it does affect the users - money that they may have WANTED to go to a particular affiliate is now going to these guys. Yay.
The other part is what about the affiliate contract? doesn't this violate it?
Desperation is a stinky cologne
That's why if your going to use Kazaa you should really use Kazaa Lite. It's Kazaa without all the spy stuff installed.
It's sort of a Catch-22 here. The user is using the software, agreeing to the EULA, and "illegally" (it's arguable) downloading music... What person out there would take a company to court that is allowing them to distribute and download music that a lot of the major companies don't want you to do?
I'm uneffected by this because i'm a happy WinMX user. I've never had a problem whatsoever, unlike AudioGalaxy and Bearshare (this is awhile ago) that deleted some of my system files, thus making me have to reformat!
"Now, the company said, the softwareoffers a choice to the consumer before each purchase: whether to give the commission to the affiliate or to himself in the form of a rebate, with a portion of the rebate going to Morpheus"
What would happen if I walked into a car dealership, bargained a nice proce for my new Kia, and told the salesperson that instead of him getting a commission, I'm going to take that money as a rebate? Wouldn't that be stealing, or am I missing something here?
In other news, Limewire captures credit card numbers on the fly and charges 1$ for every purchase you make.
"We do think this is stealing, but they are stealing music anyways so it can't be wrong? Plus it pays our salaries."
One would think that the online stores would get wize to this:
"Last week, Amazon cut off affiliate payments to Morpheus, one site that employs the shopping software, said an online executive. Coldwater Creek, an online clothing store, has also blocked Morpheus."
www.christopherlewis.com
If it's in an EULA, it must be legal.
I mean for crissakes - EULA is an ACRONYMN!
I don't need no instructions to know how to rock!!!!
people with KaZaA actually buy CD's from Amazon??? Hmm... Who knew?
Humor folks, enjoy it. =)
This is my sig. Its pathetic.
From the article's side-bar:
A Software Cleanup
Computer users who want to remove shopping software from their machines can do so in a few steps. Instructions for removing three of the most common programs:
BUYERSPORT - The shopping software with Morpheus:
Click the Start button.
Click on Find.
Click on Find Files or Folders.
Type in mbho.dll. Click on find now. When the file appears in the directory window, drag mbho.dll into the trash.
LIMESHOP - The software with LimeWire:
Click the Start button.
Click on Settings.
Click Control Panel.
Double-click Add/Remove Programs.
Click LimeShop.
Click Add/Remove.
SAVENOW - The software used by Kazaa:
Click on Start.
Click Settings.
Click on Control Panel.
Double-click on Add/Remove Programs.
Click SaveNow.
Click on Add/Remove.
www.christopherlewis.com
the moral and ethical rape was at least directed at an appropriate target in the RIAA
when it rains, it gets real soggy. when it pours, i'm under the tap just _waiting_ for the joy
It might not be as fast as the other p2p networks, but Gnucleus is free, open source, and not subject to any malware like Kazaa is...
Patrick Toland, a vice president for sales and marketing at TopMoxie, said that the company did not intend for its software to displace other affiliates' rights
Like so many claims surround P2P, this claim is utterly unbelievable: how do you build a program that hijacks sales and NOT know you're doing this ?
I just hope Amazon and whomever is affected by this sues their asses off.
This is more than "a bit of a scam" -- it's immoral and undoubtedly illegal. There are ways to get defeat all their little scams and still use the Fasttrack P2P network. You can try Kazaa Lite, which is Kazaa without the spy/scumware. I'd also recommend using AdAware, a great little program that scans your registry, memory, and hard drives for spy/scum/adware components and gives you the option to delete them.
Using AdAware to delete cydoor.dll will likely leave your P2P client not working. That's where the dummy cydoor.dll comes in. It allows the client to start without providing any of the unwanted cydoor functionality.
For more info on spyware and scumware in general, check out the quite wonderful Counterexploitation site...
Hope this helps...
:wq
Full disclosure of affiliates at the time the transaction is concluded. If Amazon and the others actually showed which affiliate was going to get a commision, people would spot the monkey business right away. The consumer doesn't have to know the amount, but knowing which affiliate is getting the credit would make this a self-policing situation. If the stealware people are so bold as to falsify Amazon's message back to the constomer, then it's time for the laywers.
I don't know if the big online retailers actually care about affiliate programs or not. If they do, then stealware is intolerable. Otherwise, the programs are useless.
"We knew it was wrong," said one vice-president, "but we had to keep the free snacks flowing for the programmers, or else we were screwed. We couldn't stop -- they'd all jump ship."
The executives insisted they had done nothing wrong. "Those kids are sick! What the hell are they getting candy for, anyway?" he asked rhetorically. "We left them instant cous-cous and bean soup. They've got it pretty good, if you ask me."
FSF founder and computer guru Richard Stallman was unavailable for comment. "He's out redirecting CDNow affiliate refferals to pay for his movie rental late charges," said an anonymous source close to the programmer.
Carousel is a lie!
I'd imagine that Amazon et al will be chaning their contractual terms specifically preventing this sort of behavior. The whole 'affiliate' program is dependant upon the warm and fuzzy feeling one gets by helping out a site you use, giving additional sales to Amazon. If users begin to question who will get the commission, then it fails as a marketing scheme for Amazon (and the others, presumably). I don't think this will be around for long.
I absolutely do not comprehend why people continue to use this software.
The very fact that it WAS spyware has kept me from using, even since they had supposedly gotten rid of it. Of course, I am a fairly paranoid individual. I see this as a good thing, however.
There are plenty of alternatives out there that are not spyware and don't go screwing with things they shouldn't be.
If Amazon allows software companies to redirect affiliate rebates, the incentive for people to link to Amazon's catalog goes away. I can't imagine they won't shut down the accounts of vendors like Kazaa who circumvent the process, once the practice becomes public (as it now has).
I'd like to point people's attention to furthurnet.com. I'm sure it won't have the popularity of the other sharing systems, but its a legit system and you get unique material.
Furthurnet.com is a system where fans of bands which allow bootlegging of live concerts post full sets from those shows.
Pros:
*Free, no ads, no spyware, nothin
*Legal - music is only by bands who approve
*New stuff - you can get stuff no on CD's yet
*Live stuff - could be a plus or minus depending on the artist, but its a new perspective.
Cons:
*Bigger - they're recorded in a non-lossy format shn, so a full concert is anywhere between 200-600 meg
*Recording quality not as good - depending on the band, the recorder and show, the acoustics and equipment aren't as good as live CD's and certainly not as clean as studio.
*Fewer artists
I just discovered this a few days ago looking for Jack Johnson stuff. I love it. Take a look. Its on Win and linux (maybe Mac too, not sure)
"Of all days, the day on which one has not laughed is the most surely the one wasted." -Sebastian Roch Nicol
Try adaware by lavasoft. Think of it as a virus scanner for spy/ad/stealware. Not a bad product.
"Of all days, the day on which one has not laughed is the most surely the one wasted." -Sebastian Roch Nicol
File sharing companies are, at the very best, a dubious bunch. Experience has shown tht they will try to screw up your machine in some way.
So...let them. They'll find some way of doing it eventually anyway. The trick? Just make sure the 'machine' is a virtual machine. I personally use Virtual PC for Windows, but VMWare would do just as well.
Make a blank virtual machine, install your P2P clients on it and take a back-up of that file. Then use that machine for nothing but P2P. The result? Spyware is useless, because there's nothing happening to actually spy on. The machine gets too spyware-ridden? No problem - delete the current machine and restore from that fresh backup you took.
Cheers,
Ian
"And you supposedly gave your permission when you clicked through the EULA."
You may have given somebody permission as far as your browser goes but that doesn't give you the right to change a link on a persons website... You can agree all day long but it isn't *your* link nor is it *your* commission being stolen.
I find this rather repulsive but I have to admit this is rather ingenious ( in an evil scientist kind of way ). However, the fact that a user accepts it in the EULA doesn't remove the fact that they don't have a contract with the website owner giving them permission to do this.
The flipside of this is they can screw you over in any illegal way they like and there's just about jack you can do about it. It's like owing your bookie money. Because the debt CAN'T be legally enforced, you have to pay it.
For all the crapware i use vmware. Sure, you've got to pay for it, but then it'll save you lots of headaches dealing with this stuff. Just use a virtual machine for the crap, and the main one for the real stuff. Probably bochs would also do, though i didn't test it.
IANAL but AFAIK, you cannot enforce a contract for commiting a crime. In other words, if two parties enter into an agreement where one party pays the other party to kill someone, this contract is not binding on either party (yeah I know, the parties will have other ways of dealing with a breach). As far as I understand the situation, the party that is supposed to receive the commission will not because of nasty P2P scum. Since the P2P guys have no direct involement with the "charity" and the P2P scum are diverting money from the "charity", this is at the very least FRAUD! As a crime is being commited, the EULA is no longer binding on either party.
In a truly civilized world these bastards would die a very prolonged, extremely painful public death.
If VISTA is the answer, you didn't understand the question
Here's the link: http://associates.amazon.com/exec/panama/associate s/join/operating-agreement.html/104-2963693-286633 7
Section 5, at the end:
In addition, you may not: [snip] (b) read, intercept, record, redirect, interpret, or fill in the contents of any electronic form or other materials submitted to us by any person or entity;
Desperation is a stinky cologne
> I see virtually no difference between this and reaching into one of those bell ringers donation buckets.
Alot are saying this. But yet they *do* see the difference between downloading an album versus shoplifting it from Best Buy.
KaZaa/Morpheus/etc all reek of get-rich-quick schemes based on the success of Napster.
I'm no more shocked than when I get an e-mail promising free porn, and then end up with 9000 popups eaching wanting to charge a dollar on my credit card for 'age verification purposes'.
You can always hide behind some legalese gobbledy-gook in an EULA. All hail the mighty litigator.
I don't need no instructions to know how to rock!!!!
I am shocked--shocked, I say--to hear that Kazaa, a fine purveyor of music-stealing software, would behave in such an unethical manner.
Since this comission theft is apparently legal, I'm going to modify our GL system here at the office to re-code all our product sales as being sold by me, so I get all the commissions. Why should those pesky sales people get any of the money, anyway? If they want money, they should become c++ programmers instead of salesmen.
Amazon write there affiliate program code so that you can't frig it; It's a piece of piss to do:
each affiliate has a key that they encrypt there product numbers, a hash and a few other standard authentication bits and bobs.
When you buy a product from an affiliate Amazon looks up the affiliate's ID in a database, un-encrypts the product ID and checks the hash.
The problem isn't that there's 'spy ware' spoofing Amazon, more like Amazon's shopping site has piss poor security.
Anyone fancy posting to Bug traq on spoofing affiliation with Amazon?
thank God the internet isn't a human right.
It may not be illegal, but it's undoubtedly immoral, and I think we should be emailing Amazon asking them to terminate their affiliate accounts. I know I will.
Hmmm... I wonder if Amazon would be willing to say how many CDs Kazaa users have bought? That might just prove (note that I said "might") prove that those filthy dirty music pirates are actually *gasp* big customers. Could be interesting.
"Sometimes a woman is a kind of religion, she can save your soul & set you free from all your sins" - Bad Examples
Want to prosecute P2P systems? Get in line...
Schnapple
I'd also recommend using AdAware, a great little program that scans your registry, memory, and hard drives for spy/scum/adware components and gives you the option to delete them.
I used my brother's computer the other day to show him how to crossfade tracks in Nero. Anyway I went to search something at Google and upon hitting search button was redirected to some shady search engine site for my results. The best part is that it lists the same shady porn/hacker links no matter what you search for (albeit in different order each time). So I tried Yahoo Excite and other sites, same hijacking. "That's it I'm downloading AdAware to fix this!" I go to www.lavasoft.com and wouldn't you know the bastardware re-directed me to the same friggin search engine site.
OK, now I go into Control Panel and removed at least 10 apps that I never heard of (suprised that they even show up in there) each time confronted with scary/threatening warnings about how removing this software will damage my computer or break my software etc. I installed Ad-Aware, Kazaa-lite and cleaned it up.
I assume these bastard-apps came bundled with the plethora of naked girl screensavers, dancing strippers etc. he installed. (He's 14 what do you expect)
Beauty is truly in the eye of the tiger
IANAL but... The EULA claim is irrelevant. Even if the EULA were enforceable - which it obviously is not no contract between scumcorp and the user can affect the rights of the afilliate and Amazon.
The EULA is invalid for so many reasons it isn't funny. First no contract can in any case give a license to perform an illegal act. Second no EULA entered into through a clickwrap agreement has ever been enforced for a term remotely close to this.
But the EULA is in any case irrelevant because it is clear that Kazza is no more legit than Naster was.
Of course crooks of this type tend to be litigious and there is every chance they will bring nuisance lawsuits to try to silence their critics. I don't think it will work in this case since even the RIAA can probably see that it is in their interests to make sure that any scum lawsuits are fought.
I have argued on many occasions that the way to kill theftware is to go after their money supply. In particular make any company whose roduct is bundled with theftware liable for damages to the RIAA.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Come on, who REALLY reads a EULA? It's just the annoying thing you need to click "OK" on or the software quits the install program. Nobody takes that shit seriously. What we do take seriously is when viruses and trojans get installed on our computer all hiding behind some legalistic bullshit. If you put in your EULA that you can come to my house and kill my children and I passively click "OK" without reading it it's still illegal to come to my house and kill my children! There are still laws that have to be followed that override a EULA.
There is no honor among thieves...
:)
and bonus points to anyone who pictures the artwork with that caption from the old D&D books (Dungeon Master's Guide?) when they hear that phrase
Come to the University of Mars! Classes starting soon!
you may not: [..] read, intercept, record, redirect, interpret, or fill in the contents of any electronic form or other materials submitted to us by any person or entity;
This should be enough to boot any account from amazon that has transactions coming from altering affiliate links. I'm starting to wonder how much my site 'lost' due to things like this.
The Virtual Bookcase: book reviews
An AC saying it's windows only with no documentation doesn't exactly satisfy me... I tried it out a few weeks back and didn't see any evidence of abuse, but then I wasn't looking for it, silly me I thought Limewire were the good guys. Grrr. I like Mldonkey a lot better anyway, but now I'm wondering if I may have gotten some bugs piggybacked on the Limewire client that I'm not even using. If anyone knows what to look for it would be appreciated...
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
www.winmx.com
It's a much better client than morpheus/kazaa, its network size has passed the threshold to be useful.
I've gotten quite a workout on my legs from running up and down the stairs getting to each computer in a 7 story building, though.
But seriously - I've gone so far as to do a free-pizza-if-you-come-here-and-listen-to-me presentation on how KaZaa is bad, and I'll still see KaZaa on every desktop I touch (except mine, of course).
I have been noticing for a while now that many corporate entities seem to think that their own private rules somehow take precedence over the general laws of the localities in which they operate. A quick example. My old ISP kept sending me a bill in the mail for a yearly subscription to their services that I had not used in months and had decided not to renew. I finally called up and asked them why they kept sending me a bill. Their reply was that THEIR POLICY was to renew subscriptions automatically (fortunately, they didn't have my credit card number or I would have had to jump through all kinds of hoops to get out from under them). To which I calmly replied that it was MY POLICY not to expect to be billed for items and services that I hadn't requested. The above mentioned attitude of the writers of user agreements that they can specify any old nonsense they want is just a special case of the general tendency of modern companies and institutions to try to write their own rules in complete disregard for the laws of the land. This goes for the ubiquitous rent-a-cops who parade around with guns pretending to be law enforcement officers.
Hic iacet Arthurus, rex quondam rexque futurus.
If you're running OS X, you can get the Ultrapeer/swarm-downloading goodness of LimeWire without that bitter SpyWare aftertaste. Have a look at Acquisiton. It uses the LimeWire core with a Cocoa front-end. While still very early, using Acquisition after using LimeWire is like... using OS X after Xp (oooh! Bad troll! how'd you get in here?!?)
I don't know the guy who writes it or anything, but he's a fellow Canadian so I feel the need to plug.
If Jesus wants me it knows where to find me.
What do you expect. They feel like their userbase are all criminals so they don't care about abusing them.
Not much different of an attitude from the RIAA.
News Flash: People who enable piracy are crooks
/. gets it.
Finally! This is what the RIAA has been trying to say all along! Finally someone on
We need to shut down the Internet. It enables piracy. All these ISP's are crooks, just selling something to enable piracy.
If we don't shut down the whole Internet, then at least shut down broadband. The only reason people get broadband is the same reason they get P2P: to do something illegal. (The same reason they got a PC in the first place, I might add.)
we now return you to your regular p2p downloading.
Those who would give up liberty in exchange for security and DRM should switch to Microsoft Palladium!
What really gets me is their claim that this diversion of cash doesn't hurt the customer. Sure, it doesn't cost the customer any more money, but most of the sites that have funds diverted away from them are small, special-interest sites that provide their content for free, and use that income to pay for their bandwidth. If that money dissappears, then the sites dissappear as well, and voila, the customer is now hurt. I certainly don't want *my* favorite sites dissappearing just because some amoral jackass decided he needs the money more than they do.
Nice!
The idiot Kirk did create my favorite juxatposition of quotes: So now he is threatening to sue people who quote him? He is a complete ass.
The stupidest thing out of all of this. The merchants who go with them see an increase in affiliate sales - sure, because they are paying affiliate comissions now even if someone just typed the site name into the browser! These companies do not drive traffic or promote the companies, they leave that to webmasters, they just step in at the last minute and grab the sale. In the long run this seriously impacts merchants and causes them to see a lower return on their affiliate programs, and then as affiliates leave since their commissions are being taken, the merchant is left with nothing.
The ad networks love this because they are paid a % on each comission. So what do they care? Comission Junction has gone from trusted third party, to scam that will do anything not illegal. I guess the idea of being ethical is beyond them? Phww.. Surprise, they are an idealab company.
Chet
It's totally illegal. What the EULA actually says is :
"By signing this contract you allow us to steal from your neighbor."
This is the same thing, period.
First, it asks the permission to someone not related to the contract's target, which is illegal. (You cannot have a contract that says: By signing this, you agree that your friend X owes us XX bucks.)
Second, stealing is illegal.
So, it doubly illegal!
This is just sick.
So this would be a perfect example of how a P2P network can be used for good, and as a marketing tool. Interesting to note that this artist didn't seem to mind the notion that the legion of Kazaa users they probably just created might then go and pirate all their songs, but given that ICP charged some $100 to get in to this packed conference and convention, they've obviously found some alternative revenue sources.
The problem with the "it has legitimate uses!" argument is that there aren't enough examples like this to offset the illegal ones. Note to artists: don't webcast your concerts - no one can watch them anyway with server overload and no one wants to watch U2 in RealMedia anyway. Do this sort of thing instead.
Schnapple
Why do they believe that the user's agreement makes this legal? An agreement between two parties cannot, as a general rule, relinquish the rights of a third party. This is almost certainly felony fraud, earning the players 5-10 in the clink. I hope the players have good attorneys. As soon as the victims (hint: not the user) hear about this and file a complaint, charges will be filed. They're not going to be civil charges, and it's not going to be judge Judy.
Some people are really stupid about the internet! "Oh, this is the internet, therefore if I do something unethical, they must not have passed a law against that yet." Not so. God. DUMB!!!!!
C//
Also, we need to remove mute buttons. They enable people to steal TV without viewing the commercials as per the contract.
And friends who hum new songs. They're breaking the encoding of the cd using a psychoacoustic matric, which violates the DMCA.
Oh, and bad reviews! They're stealing money by giving away how dumb so many things are nowadays. Need to put them in prison with the rapists, murderers, bank robbers, jewlery theives and anybody who doesn't like Ashcroft's haircut.
Hey freaks: now you're ju