Stealware: Kazaa et al Stealing Link Commissions

goombah99 writes "We all heard about spyware, well now Kazaa, Morpheus and LimeWire are sneaking a new type of nastiness onto your computer, software that - without you even knowing it - redirects commissions for online purchases you make from other vendors you make back to them. For example, if you buy a CD from an affiliate of Amazon.com, say some charity, the software fools Amazon into crediting the commission to Morpheus, not the charity! The story quotes a LimeWire Developer who admits 'While I agree that this is really a bit of a scam, it is a way for us to pay salaries while not adversely affecting our users.' The insidious part is the stealware program remains even if you delete the original P2P software. And you supposedly gave your permission when you clicked through the EULA."

Fer Chrissake, it's FRAUD!

[R2.0]

'While I agree that this is really a bit of a scam, it is a way for us to pay salaries while not adversely affecting our users.'

"While I agree that slapping my wife around isn't very nice, it does get me my dinner on time."

"While I agree that insider trading is against SEC rules, how else am I going to get the 2nd Aston-Martin?"

Re:Fer Chrissake, it's FRAUD!

Score: 4 - funny

WTF! This is funny it's serious and the poster is right this is dam right illegal, people are being defrauded and the government(s) should step in and shut these people down.

Do they not have any morals? How can they do this sort of thing and sleep at night?? You're STEALING money from charities FFS.

Re:Fer Chrissake, it's FRAUD!

[TekPolitik]

Isn't Kazaa owned by a Sydney based company now? This is definitely illegal in Sydney under the Crimes Act 1900 (NSW). AustLII's misbehaving at the moment so I can't find the links online, but:

s178BA - Obtaining money by deception - 5 years

s178BB - Obtaining money etc by false or misleading statements (it doesn't require the statement to be in writing, false claim as to referrer will definitely count) - 5 years

s180 - Causing payment etc by false pretence etc (the false referrer will count here too) - 5 years

This could be prosecuted under any one of these.

Re:Fer Chrissake, it's FRAUD!

[TGK]

No... it's not. For a number of reasons.

1.) You -=knew=- that the charity was not going to get the commission if you didn't buy it through their site

2.) You, the purchasing party, made that decision on your own. No one made it for you.

3.) All of the money involved was your own, and (again) it was your choice.

With this theftware, the situation is different. EULAs are paper tigers in court and we all know it. Even if they weren't, I'm not entirely sure tha this kind of scheme is legal in the first place, as there appears no way to cancel the contract once the software is uninstalled.

These companies are not putting up the money to buy the CD, they are taking it out of someone elses pockets. By any definition that is theft, particularly if you can demonstrate the irrelevancy of the EULA.

Moral issues anyone?

[evil_one]

'While I agree that this is really a bit of a scam, it is a way for us to pay salaries while not adversely affecting our users.'

That's part of it, it does affect the users - money that they may have WANTED to go to a particular affiliate is now going to these guys. Yay.

The other part is what about the affiliate contract? doesn't this violate it?

Re:Moral issues anyone?

[MushMouth]

I talked to Colin the head of the Amazon Associates program a few months ago, and they absolutely do not find this acceptable, however they have somehting on the order of 20,000 associates, so it takes a little while for them to see trends that would ferret this behaviour out. He said they had seen it before and told the companies to stop, or they would cancel their Associates account.

Kazaa Lite

[Gildenstern]

That's why if your going to use Kazaa you should really use Kazaa Lite. It's Kazaa without all the spy stuff installed.

Re:Kazaa Lite

[oconnorcjo]

That's why if your going to use Kazaa you should really use Kazaa Lite. It's Kazaa without all the spy stuff installed.

Ok so you are saying to not do it yourself but to endorse the community around it. If the community grows (whether from "Lite" users or not), it will be good for the Kazaa company. Do you really want to support a company that is twisting the internet in such an underhanded way? At first I was like you. They put in some spyware and they said that they would take it out (which as far as I am aware, they never did) and so I downloaded the Lite and thought 'mostly harmless'. Yet now they are showing thier true colors. The Kazaa company thinks that any underhanded way they can possibly make money is fair game in bussiness and war. I don't want to support a company with no moral standard and embraces such a corporate culture. I want the whole kazaa p2p to whither and die and to be never heard of from again.

Re:Kazaa Lite

[BurKaZoiD]

I agree. I don't feel bad about pirating mp3s and stealing from a bloodless record label, but stealing from charity?!? Lines have to be drawn...

Self Limiting?

[Christopher_G_Lewis]

One would think that the online stores would get wize to this:

"Last week, Amazon cut off affiliate payments to Morpheus, one site that employs the shopping software, said an online executive. Coldwater Creek, an online clothing store, has also blocked Morpheus."

Whats all the fussin' and a-feudin' about?

[stratjakt]

If it's in an EULA, it must be legal.

I mean for crissakes - EULA is an ACRONYMN!

Just Hold On a Darn Minute Here...

[LordYUK]

people with KaZaA actually buy CD's from Amazon??? Hmm... Who knew?

Humor folks, enjoy it. =)

Re:just great... (HOW TO REMOVE)

[Christopher_G_Lewis]

From the article's side-bar:

A Software Cleanup

Computer users who want to remove shopping software from their machines can do so in a few steps. Instructions for removing three of the most common programs:

BUYERSPORT - The shopping software with Morpheus:

Click the Start button.

Click on Find.

Click on Find Files or Folders.

Type in mbho.dll. Click on find now. When the file appears in the directory window, drag mbho.dll into the trash.

LIMESHOP - The software with LimeWire:

Click the Start button.

Click on Settings.

Click Control Panel.

Double-click Add/Remove Programs.

Click LimeShop.

Click Add/Remove.

SAVENOW - The software used by Kazaa:

Click on Start.

Click Settings.

Click on Control Panel.

Double-click on Add/Remove Programs.

Click SaveNow.

Click on Add/Remove.

i miss napster ...

[dlasley]

the moral and ethical rape was at least directed at an appropriate target in the RIAA

Gnucleus

[RailGunner]

It might not be as fast as the other p2p networks, but Gnucleus is free, open source, and not subject to any malware like Kazaa is...

Unbelievable

[tmark]

Patrick Toland, a vice president for sales and marketing at TopMoxie, said that the company did not intend for its software to displace other affiliates' rights

Like so many claims surround P2P, this claim is utterly unbelievable: how do you build a program that hijacks sales and NOT know you're doing this ?

I just hope Amazon and whomever is affected by this sues their asses off.

You can beat them.

[casio282]

This is more than "a bit of a scam" -- it's immoral and undoubtedly illegal. There are ways to get defeat all their little scams and still use the Fasttrack P2P network. You can try Kazaa Lite, which is Kazaa without the spy/scumware. I'd also recommend using AdAware, a great little program that scans your registry, memory, and hard drives for spy/scum/adware components and gives you the option to delete them.

Using AdAware to delete cydoor.dll will likely leave your P2P client not working. That's where the dummy cydoor.dll comes in. It allows the client to start without providing any of the unwanted cydoor functionality.

For more info on spyware and scumware in general, check out the quite wonderful Counterexploitation site...

Hope this helps...

Easy solution

[dcavanaugh]

Full disclosure of affiliates at the time the transaction is concluded. If Amazon and the others actually showed which affiliate was going to get a commision, people would spot the monkey business right away. The consumer doesn't have to know the amount, but knowing which affiliate is getting the credit would make this a self-policing situation. If the stealware people are so bold as to falsify Amazon's message back to the constomer, then it's time for the laywers.

I don't know if the big online retailers actually care about affiliate programs or not. If they do, then stealware is intolerable. Otherwise, the programs are useless.

KaZaa Admits to Stealing Candy from Sick Children

[Saint+Aardvark]

New York (AP) -- KaZaa executives, insisting on anonymity, admitted today to sneaking into pediatric wings of at least three hospitals to steal lollipops, Tootsie Rolls, and Mars Bars in an effort to keep programmers on staff and happy.

"We knew it was wrong," said one vice-president, "but we had to keep the free snacks flowing for the programmers, or else we were screwed. We couldn't stop -- they'd all jump ship."

The executives insisted they had done nothing wrong. "Those kids are sick! What the hell are they getting candy for, anyway?" he asked rhetorically. "We left them instant cous-cous and bean soup. They've got it pretty good, if you ask me."

FSF founder and computer guru Richard Stallman was unavailable for comment. "He's out redirecting CDNow affiliate refferals to pay for his movie rental late charges," said an anonymous source close to the programmer.

Kazaa

[CTRamsden]

I absolutely do not comprehend why people continue to use this software.

The very fact that it WAS spyware has kept me from using, even since they had supposedly gotten rid of it. Of course, I am a fairly paranoid individual. I see this as a good thing, however.

There are plenty of alternatives out there that are not spyware and don't go screwing with things they shouldn't be.

Amazon won't stand for this

[Dudio]

If Amazon allows software companies to redirect affiliate rebates, the incentive for people to link to Amazon's catalog goes away. I can't imagine they won't shut down the accounts of vendors like Kazaa who circumvent the process, once the practice becomes public (as it now has).

Furthurnet.com

[Bullschmidt]

I'd like to point people's attention to furthurnet.com. I'm sure it won't have the popularity of the other sharing systems, but its a legit system and you get unique material.

Furthurnet.com is a system where fans of bands which allow bootlegging of live concerts post full sets from those shows.

Pros:
*Free, no ads, no spyware, nothin
*Legal - music is only by bands who approve
*New stuff - you can get stuff no on CD's yet
*Live stuff - could be a plus or minus depending on the artist, but its a new perspective.

Cons:
*Bigger - they're recorded in a non-lossy format shn, so a full concert is anywhere between 200-600 meg
*Recording quality not as good - depending on the band, the recorder and show, the acoustics and equipment aren't as good as live CD's and certainly not as clean as studio.
*Fewer artists

I just discovered this a few days ago looking for Jack Johnson stuff. I love it. Take a look. Its on Win and linux (maybe Mac too, not sure)

Once again....use a virtual machine

[mccalli]

Every so often I post this when P2P comes up, but it always seems relevant.

File sharing companies are, at the very best, a dubious bunch. Experience has shown tht they will try to screw up your machine in some way.

So...let them. They'll find some way of doing it eventually anyway. The trick? Just make sure the 'machine' is a virtual machine. I personally use Virtual PC for Windows, but VMWare would do just as well.

Make a blank virtual machine, install your P2P clients on it and take a back-up of that file. Then use that machine for nothing but P2P. The result? Spyware is useless, because there's nothing happening to actually spy on. The machine gets too spyware-ridden? No problem - delete the current machine and restore from that fresh backup you took.

Cheers,
Ian

Re:Reprehensible

[xsbellx]

IANAL but AFAIK, you cannot enforce a contract for commiting a crime. In other words, if two parties enter into an agreement where one party pays the other party to kill someone, this contract is not binding on either party (yeah I know, the parties will have other ways of dealing with a breach). As far as I understand the situation, the party that is supposed to receive the commission will not because of nasty P2P scum. Since the P2P guys have no direct involement with the "charity" and the P2P scum are diverting money from the "charity", this is at the very least FRAUD! As a crime is being commited, the EULA is no longer binding on either party.

In a truly civilized world these bastards would die a very prolonged, extremely painful public death.

It's against the affiliate agreement for amazon.

[evil_one]

Here's the link: http://associates.amazon.com/exec/panama/associate s/join/operating-agreement.html/104-2963693-286633 7

Section 5, at the end:
In addition, you may not: [snip] (b) read, intercept, record, redirect, interpret, or fill in the contents of any electronic form or other materials submitted to us by any person or entity;

Shocked!

[cgreuter]

I am shocked--shocked, I say--to hear that Kazaa, a fine purveyor of music-stealing software, would behave in such an unethical manner.

hey, nice idea

[Deton8]

Since this comission theft is apparently legal, I'm going to modify our GL system here at the office to re-code all our product sales as being sold by me, so I get all the commissions. Why should those pesky sales people get any of the money, anyway? If they want money, they should become c++ programmers instead of salesmen.

Re:Now how is this not stealing?

[ShavenYak]

Don't you think that that's the same thing the RIAA is saying? "how is this not stealing..."

The difference: if the software tricks Amazon into awarding affiliate sales commission to Morpheus instead of the intended recipient, the intended recipient has lost money that they would definitely have received.

When you download "See My Boobies One More Time", Britney and her record company are only being deprived of income if you would have bought the album without the P2P service. In fact, with P2P you might check out more of the album, like it, and wind up buying it when you wouldn't have done so if your only exposure was the two overplayed songs on the radio.

To sum it up, what Kazaa, etc are doing takes the money away every time. The P2P user isn't always a true financial loss to the RIAA.

Note that I'm not saying this makes copyright infringement ok, I'm saying it's a "lesser evil" than the fraud being perpetrated on Amazon affiliates.

Solution

[TheSHAD0W]

It may not be illegal, but it's undoubtedly immoral, and I think we should be emailing Amazon asking them to terminate their affiliate accounts. I know I will.

If they're an affiliate,how many CDs did they sell

[mbourgon]

Hmmm... I wonder if Amazon would be willing to say how many CDs Kazaa users have bought? That might just prove (note that I said "might") prove that those filthy dirty music pirates are actually *gasp* big customers. Could be interesting.

Re:Way beyond the pale

[Schnapple]

Erm, they make a program for pirating movies and music. Do you think they'll give a damn that something else they do is seen as stealing?

Want to prosecute P2P systems? Get in line...

Re:You can beat them, but they make it HARD

[CapnGib]

I'd also recommend using AdAware, a great little program that scans your registry, memory, and hard drives for spy/scum/adware components and gives you the option to delete them.

I used my brother's computer the other day to show him how to crossfade tracks in Nero. Anyway I went to search something at Google and upon hitting search button was redirected to some shady search engine site for my results. The best part is that it lists the same shady porn/hacker links no matter what you search for (albeit in different order each time). So I tried Yahoo Excite and other sites, same hijacking. "That's it I'm downloading AdAware to fix this!" I go to www.lavasoft.com and wouldn't you know the bastardware re-directed me to the same friggin search engine site.

OK, now I go into Control Panel and removed at least 10 apps that I never heard of (suprised that they even show up in there) each time confronted with scary/threatening warnings about how removing this software will damage my computer or break my software etc. I installed Ad-Aware, Kazaa-lite and cleaned it up.

I assume these bastard-apps came bundled with the plethora of naked girl screensavers, dancing strippers etc. he installed. (He's 14 what do you expect)

Re:I guess Amazon will be changing their contract.

[Koos]

I'd imagine that Amazon et al will be chaning their contractual terms specifically preventing this sort of behavior. The whole 'affiliate' program is dependant upon the warm and fuzzy feeling one gets by helping out a site you use, giving additional sales to Amazon.

I am in the amazon affiliate program with The Virtual Bookcase and I recently checked the whole operating agreement again. A search in that agreement gives:

you may not: [..] read, intercept, record, redirect, interpret, or fill in the contents of any electronic form or other materials submitted to us by any person or entity;

This should be enough to boot any account from amazon that has transactions coming from altering affiliate links. I'm starting to wonder how much my site 'lost' due to things like this.

Re:Crap like this is going to Kill P2P

[nanojath]

The basic issue is pretty simple: free doesn't work very well as a business model for for-profit companies. You need to be able to provide some kind of value-add that people will pay for if you're going to make it. What are the alternatives? Pop-ups, Spy-ware, and Scum-Ware - of which this is the scummiest I've heard of yet. What's next? a software component that actually automatically programs your computer to steal candy from babies?

Kazaa, Morpheus et. al. are a simple concept: try to take advantage of people's enourmous predisposition to violate copyright laws via digital technology to skim some cash by any means whatsoever. It's a rotten business model and a rotten way to behave and it isn't much of a surprise that the rotten people responsible for it are as dishonest to their users as they are about what their software is really used for ("now don't use this to illegally copy protected media, kids, wink wink nod nod").

The broader picture

[Steve+Franklin]

I have been noticing for a while now that many corporate entities seem to think that their own private rules somehow take precedence over the general laws of the localities in which they operate. A quick example. My old ISP kept sending me a bill in the mail for a yearly subscription to their services that I had not used in months and had decided not to renew. I finally called up and asked them why they kept sending me a bill. Their reply was that THEIR POLICY was to renew subscriptions automatically (fortunately, they didn't have my credit card number or I would have had to jump through all kinds of hoops to get out from under them). To which I calmly replied that it was MY POLICY not to expect to be billed for items and services that I hadn't requested. The above mentioned attitude of the writers of user agreements that they can specify any old nonsense they want is just a special case of the general tendency of modern companies and institutions to try to write their own rules in complete disregard for the laws of the land. This goes for the ubiquitous rent-a-cops who parade around with guns pretending to be law enforcement officers.

Dancing with the devil

[dnoyeb]

What do you expect. They feel like their userbase are all criminals so they don't care about abusing them.

Not much different of an attitude from the RIAA.

Re:Dancing with the devil

[thomas.galvin]

Not much different of an attitude from the RIAA.

You know, if this keeps up, the RIAA isn't going to need that pro-hacking bill; hacktivists are going to get so fed up with Kazaa that they take them down on their own.

Seriously, the more I deal with the computer and related industries, the more disgusted I become. I miss the days when people basically did what they want, and were mostly harmless. And I'm only 22.

Re:Dancing with the devil

[loply]

Funny how everybody dislikes stealing when they arent the ones doing it.

Re:Dancing with the devil

[Courageous]

The problem is, they made a mistake about who they were stealing FROM. They are stealing from the affiliates, this is outright fraud, and the shrink wrapped agreement is hardly relevant. Two parties cannot agree to relinquish the rights of a third party!!!

C//

Victimless crime?

[Lendrick]

What really gets me is their claim that this diversion of cash doesn't hurt the customer. Sure, it doesn't cost the customer any more money, but most of the sites that have funds diverted away from them are small, special-interest sites that provide their content for free, and use that income to pay for their bandwidth. If that money dissappears, then the sites dissappear as well, and voila, the customer is now hurt. I certainly don't want *my* favorite sites dissappearing just because some amoral jackass decided he needs the money more than they do.

Re:Victimless crime?

[JoeBuck]

Their diversion of cash does hurt the customer.

Many co-op preschools in my area, in order to be able to charge less tuition money, permit parents to agree to engage in a certain amount of fundraising. Among the options available is to sign up for Schoolpop, at which point the school gets a quite generous cut of commissions for purchases on Amazon and similar sites.

However, if the KaZaa folks steal the commissions, the parent is liable, since the parent must raise some minimum amount (yes, Schoolpop provides the data to the school so the school knows who's raised the money for them). In cases like this, which are quite common, the KaZaa folks and their hitchhikers are directly stealing from their users, as well as from schools and charities.

Re:Victimless crime?

[yomahz]

"Shoplifting is a victimless crime, like punching someone in the dark."
-- Nelson, The Simpsons

Of course this isn't shoplifting but it's still funny :)

Finally

[Chetmurray]

I submittes stories on this last spring when they first started. How big of scum are these guys? After speaking out on affiliate boards against this company and personally talking some merchants into dropping them, wurldmedia/morpheus sent a goon to my house and threatened me. I am not kidding. They kept saying what I was saying was libelous and that one of their biggest investors was the second top cop in NY state and he could fast track any legal action against me.

Nice!

The idiot Kirk did create my favorite juxatposition of quotes:

Morpheus referred inquiries to Wurld Media, which operates its shopping rebates program. Kirk H. Feathers, the chief technical officer of Wurld Media, said that it had been wrongly accused of stealing and that the company would readily go to court to defend itself.

He acknowledged that an earlier version of the company's software did divert commissions away from other affiliate sites but said that new versions dealt with that situation.

So now he is threatening to sue people who quote him? He is a complete ass.

The stupidest thing out of all of this. The merchants who go with them see an increase in affiliate sales - sure, because they are paying affiliate comissions now even if someone just typed the site name into the browser! These companies do not drive traffic or promote the companies, they leave that to webmasters, they just step in at the last minute and grab the sale. In the long run this seriously impacts merchants and causes them to see a lower return on their affiliate programs, and then as affiliates leave since their commissions are being taken, the merchant is left with nothing.

The ad networks love this because they are paid a % on each comission. So what do they care? Comission Junction has gone from trusted third party, to scam that will do anything not illegal. I guess the idea of being ethical is beyond them? Phww.. Surprise, they are an idealab company.

Chet

Re:Way beyond the pale

[Schnapple]

Actually, the Insane Clown Posse filmed a press conference for their upcoming album and encoded it as a QuickTime file. The conference was over an hour long and the four files made up some 550MB of video (they went a little overboard). When they tried to host it on their website, the demand completely hosed their server and their ISP. Not wanting to deprive fans of the video but being unable to host it themselves, they put it on Kazaa and after a while pretty much everyone was able to download it with no sweat.

So this would be a perfect example of how a P2P network can be used for good, and as a marketing tool. Interesting to note that this artist didn't seem to mind the notion that the legion of Kazaa users they probably just created might then go and pirate all their songs, but given that ICP charged some $100 to get in to this packed conference and convention, they've obviously found some alternative revenue sources.

The problem with the "it has legitimate uses!" argument is that there aren't enough examples like this to offset the illegal ones. Note to artists: don't webcast your concerts - no one can watch them anyway with server overload and no one wants to watch U2 in RealMedia anyway. Do this sort of thing instead.