Inside an Adware Company

Haikster writes "Brad Stone of Newsweek wrote a great article exposing DirectRevenue which is actually a combination of the old Dash guys with IPInsight, abetterinternet, offeroptimizer and blackstonemedia and the others... it's a bit lengthy but a great read."

How many are Slashdot readers?

[badfrog]

Wonder how many of spyware developers are regular Slashdot readers... Step forward, cowards!

Re:How many are Slashdot readers?

Gonna go AC here (sorry), but since you asked, this might be an interesting story (but rather long, if you care to bear with me)...

I used to work for a company that made pretty hardcore spyware/popups. The owners claimed when they first hired me to do some consulting that they used popups to generate capital instead of going for VC money, and now that they had some income, were going to turn around and try to be a kind of Amazon/1-click shopping for useful tools (spam filters, privacy software, personal firewalls). This was a couple years ago before the market for this was absolutely saturated. So I thought, and the principals assured me, that once they had some $, they'd ditch the popup business and I'd be working on some really cool projects which I otherwise wouldn't have had the opportunity to work on, so I signed on fulltime. I was also really well paid and genuinely enjoyed the benefits, interesting engineering challenges, and people I worked with (none of the usual Office Space bullshit my friends complained about, but there were many downsides as you will see.)

However, after I joined, the owners kind of lost focus and kept delaying work on more legit projects to fix or enhance their popup distribution network or new things that all boiled down to schemes that would get our adware on more computers. Every week they owners would come up with some half baked new idea that was suddenly priority 1 (and the idea of "top priority" became something of a joke.) Because things took longer than expected and we were switching gears every week or so and could never truly get anything accomplished, the skewed lesson that the owners learned was that "software development is hard and expensive and not worth it".

At this point they stopped even fronting that they'd do legit things and just focused completely on adware. To keep the bills (and the principals' inflated salaries) paid, they started loosening their morals even more and fell down the slippery slope even more, delving into porn and other kinda shady areas which I won't go into, at which point I decided to resign since it was obvious that despite repeated promises, I would never be working on projects that had real value.

The time wasn't all wasted, though. In case anyone's curious, it is kind of interesting to see how things operate behind the scenes at one of these spyware places, and the psychology of the people who work there. I second another poster's point that the everyone who worked there -- business and developer types alike -- were otherwise normal, cool guys and not like evil masterminds or sociopaths or anything. (Ha, all of us were /. readers, too.) Everyone knows that what they're doing isn't totally cool but is sort of in denial (and we were repeatedly promised that we'd be working on legit projects "soon"), and you're so caught up in your work and the interesting engineering problems that you ignore the bigger picture (not a good thing).

The owners do a good job of sheltering themselves and most employees from the negative complaints that do arrive (delegating them to a "support" department that responds to hundreds of emails a day with "oh wow, we're sorry you're having problems, here's an uninstaller"). However, most of us did end up reading a lot of the complaints and most of us were in denial about the sheer volume of misery that the popups and other things created. It sounds strange that normal people would work on such clearly awful software, but every shady decision is rationalized in any number of ways including saying "well, it's legal" (or at least not illegal, for now), pointing to "worse" adware companies and being "at least we're not as bad as these assholes," policies like "hey, we email uninstallers to anyone who asks" (while ignoring the fact that only 1% might be savvy enough to actually figure out what's going on since most people never figure out where the popups come from). This will sound strange, but some of the projects were actually really cool technology and worth getting

Worst part of adware...

If it was written correctly, it wouldn't be such a big deal. However, it causes computers to run very slowly and crash due to rampant bugs. I mean, can't they just add an ad toolbar to IE and be done? Do they really need to hijack the windows API to prevent themselves from being killed/removed?

How can they live with themselves?

[mboverload]

I seriously question how these people can LIVE with themselves. Their products harass millions, slow down the worlds computers, and hurt the internet expirience. I could not stand to live with myself knowing I was screwing millions a day, an hour, a minute. These people MUST be heartless.

Google CEO ?

[SoLO]

Earlier this year, Direct Revenue raised $20 million from New York based Insight Venture Partners. The respected VC company boasts Google CEO Eric Schmidt and former Treasury secretary Robert Rubin on its advisory board.

Wonder if this is some kind of conflict of interest?

When Will AntiVirus remove it?

[QuantumRiff]

So, how can a piece of software that gets installed without permission on my machine, that sends out spam emails to everyone on earth be considered a worm/virus, but a piece of software I get installed without prompting, by visiting a fucking web page, that changes my hosts file, dns settings, proxy servers, and or nic drivers be considered adware?

When will Symantec, McAffee and the others start detecting and removing spyware. I've emailed them requesting that feature, and have never even gotten a response.

Honestly, at the school I work at, our public use library and labs have no problems except spyware. The 40 machines in our library average about a week before they are so bad that the systems have to be re-ghosted. Yes, I have netscape installed, and yes, its the default browser, but no, I can't remove IE, some services they need to use (other colleges in the area) have web pages that only work in IE. If freaking symantec would just treat adware as a virus, my god, I would love them.. and so would many others..

Re:The truth about Adware

this guy? you forgot to mention his faggy soul-patch.

transcript of that segment is here

http://cnnstudentnews.cnn.com/TRANSCRIPTS/0411/29/ lol.04.html

DANIEL SIEBERG, CNN TECHNOLOGY CORRESPONDENT: You may not know about spyware, but let's start with something you probably know way too much about, those pesky pop-up ads.

(voice-over): The pop-up ad for the X10 camera, remember that? It was among the very first pop-up ads to really sweep the Web. For a while there in 2001, it popped up again and again and again.

(on camera): Back then, such ads were pretty new. To help illustrate how things have changed, imagine that this tennis racket like the cursor or the mouse on your screen and you're trying to close down those pop-up ads.

Well, initially, there was a start of slow, steady stream, annoying but still manageable. Then along came something called spyware, little software programs that would install themselves on your computer. And pretty soon, that slow, steady stream turned into a raging flood, a torrent, if you will, of pop-up ads popping up faster than you can close them down. A little help?

(voice-over): And that's no coincidence. Most spyware is adware, as in advertisements, pop-ups designed to force you to click on them. But other versions of spyware actually track you around the Web, reporting your movements back to third parties. Some spyware even records everything you type, including sensitive information. How does this stuff get on your computer in the first place?

Well, you get it just by surfing the Web. When you visit certain sites, spyware programs insert themselves on your machine.

(on camera): So how do you know if you've got it? Well, the truth is there's no easy way to know. Look around on your desktop and you're not going to find an icon for spyware. That's because the people who make spyware don't want you to know that it's there.

(voice-over): One big tippoff that your machine has been infected is it will start to run slower, freeze up or even crash frequently. A recent study found that nine out of 10 computers connected to the Internet have been compromised with spyware lots of times. Dozens of different spyware programs are running all at the same time.

We sat down with Mark Rasch, a lawyer and computer security expert with the company Solutionary (ph) to find out more.

(on camera): Now spyware, beyond just providing all these popup ads, you're saying that it collects information, it collects what I'm typing? What do they then do with that information?

MARK RASCH, COMPUTER SECURITY EXPERT: What we have created with the Internet is this whole market economy in personal information. It's very important for me to know what are you looking at? What are you buying? What are you not buying? What time of day are you surfing? Who are you? So there's a whole marketplace for information. And so, what the spyware is trying to do is collect that information and the people who are purveying it, trying to sell it.

SIEBERG: Actually, we have been tracked online since the early days of the Web through something called a cookie. Most company Web sites use them. Here's how they work. When you visit company x's Web site, a small file gets placed on your computer called a cookie which tracks your movement on that particular Web site and remembers like the links you clicked on and how long you were there.

Now once you leave that Web site, the cookie stays on your computer. But it doesn't report back on where else you go on the Web. Not so with spyware. It can follow you anywhere.

RASCH: So here we have a computer that's acting very sluggish and we don't know why.

SIEBERG (voice-over): We turned off the spyware filter on a computer in our office, then we ran some spyware scanning software to see what it picked

Re:The truth about Adware

[geekyMD]

I think the shockingly absent outrage/response to adware has more to do with lack of awareness than anything else.

We all have gotten used to the idea of planned obselesence. From your car that is "old" after 3 years to your computer which was the absolute best until about 15 seconds after you bought it; most people expect their computers to run more slowly with time. And while popups suck, many people just don't really equate popups with adware. To them, its just "one of those things" that happen to PCs, especially when connect to that darned internet. I've worked in numerous offices that were about to buy a new set of PCs because their existing ones were "old and slow." After 30 minutes of AVG and SpySweeper they were amazed at the power of their "outdated" computer.

IMHO, Even when you include the viruses that go with spam, it seems like adware does much more to reduce producivity, hands down.

Alas, with SPAM we all see media 'orange alert's lasting for several days like:
"You computer will eat your first born and wreck your car if you open this email!!!"
But who has seen something like that for adware? How many people really know what it is or does?

We gotta get the word out! Alert the press! The baby eating, credit card stealing, nazi adware legions are headed straight for your comptuer! And if you don't uninstall them, Santa will be shot! That should wake some people up.

Re:It concerns us.... (the military)

[_xeno_]

I recently got a security clearance. Just because a single piece of information isn't classified doesn't mean it can't reveal classified information. That's the main fear.

As a simple example, assume some adware managed to steal an Excel spreadsheet as it was being entered. The information was simply the dates and costs of fuel being bought for vehicles on base. This information isn't classified.

From this information, you can get a rough guess of troop movements and the amount of mechanised gear at the base. Combined with more information, you can get a good idea of current strategy, what troops are going where, and the level of activity around a given base. This information is classified.

Just because a given computer isn't classified doesn't mean that you can't piece together classified information from data contained on the computer - especially when combined with other information. That's what the military is concerned about.

No new laws needed

Another site registered to Direct Revenue was TrueData.org. In mid-2001 the site declared that TrueData software "tracks every site visited, every keyword entered into search engines, every transaction completed at the top 500 merchants"

Don't beat around the bush. This is industrial espionage. This is the perfect tool for credit card fraud, identity theft, and blackmail. This is wire tapping. This is interstate computer crime. This is not a legitimate business. All board members, officers, and inside investors involved should be prosecuted, bankrupted, and imprisioned. All corporations involved should be bankrupted and disolved under the RICO act.

By passing a new law, congress is pretending that there was nothing illegal about it before. Bullshit! Enforce the laws we have now. Make an example of these bastards!