Slashdot Mirror
The Plot To Hijack Your Hard Drive
An anonymous reader writes Business Week Online examines the business practices of spammers and pop-up advertisers, using much-maligned Direct Revenue as an example case. The article discusses the history of the company, their rocky road through good and bad times, and what they're willing to to get your eyes on their ads." From the article: "Among Direct Revenue's alumni, pride over technical cunning mingles with regret for exasperating so many computer users. After waffling on the issue during a long interview, one former Dark Arts wizard sighs and sums up his version of the company credo with an elegiac observation by abolitionist Frederick Douglass: 'Find out just what any people will quietly submit to and you have found out the exact measure of injustice and wrong which will be imposed upon them.'"
I don't know why, but I am still shocked that there are people who don't mind making a living this way. I mean, they must be smart enough to see what greed has done to them, or are they just evil and do not care?
"Patience is not a virtue, it's a waste of time."
In the end, Google knows how it's done. I find I much more often induldge in either clicking on or glancing at an unobstrusive (and generally relevant) google ad than I do any annoying popup which causes me nothing other than to feel contempt for the company who pulled it on to my screen. Sneaky and dirty marketing is just distasteful, and they should know that it reflects poorly on the company and the product. I suppose it still works well on people like my grandmother, who believe they are in fact the 5000th visitor.
indeed! these people should be held liable for the damage done and time wasted. it's unpleasant to think that there are actually people behind obnoxious spyware, and that they think that pissing people off is the best way to get them to acknowledge the adverts and buy whatever they're selling.
Make the companies (and thier owners) liable for the cost of fixing the PCs they infect, and allow people to take these companies to court over the cost of repairing thier PCs.
People on slashdot could hire eachother at $50/hr to fix eachother's PCs. And setup a revenue stream of about $200/week each. Even if 1% of 1% do it, with 1,000,000 PCs, that means that 100 people are sucking down a total of $20,000/week. I doubt the ad revenue from infecting 1M PCs is $1M/year.
If you think education is expensive, you should try ignorance -- Derek Bok, president of Harvard
The real goal of this type of advertising is not necessarily to get you to buy from them. Most of us, especially the computer savvy ones, would never buy from a popup add. But the simple fact is, we've seen them. We notice them, judging by the comments on /., which means the advertisers have done their job. They are getting a company's name and/or product out and NOTICED. Cingular and Netflix could make 0$ in sales from popups, but they certainly can claim they have been viewed by more users and more times due to this type of advertising. Coke doesn't put a purchasing phone number on their TV commercials (comparable to the ability to click on a popup directly to a sales site), yet plenty would say that Coke simply having commercials increases recognition and/or sales.
Development notes at http://devscribbles.blogspot.com
Then the obvious answer to both is that we need to work on bringing that low-end up to somewhere more reasonable. Such that a basic American education (eventually internationally) includes that sort of basic common sense.
I interviewed at Direct Revenue about 18 months ago. It's funny to hear thier version of what they do - they simply call it "contextual ad-based marketing". The whole place seemed very sketchy and unprofessional. When the sketchy manager walked me past the group he called "forensic computing" - I instantly knew I was in a spyware factory. I met with some other sweaty, twitchy geek who asked me to solve some algorithmic/data-structure type problem. He was very persistent and specific - harping on the minor details. After I got out of there, I realized he was actually tring to get ideas for a problem he was working on - not tech-ing me for the position. Told the equally shady recruiter to f-off & turned them down for another offer. Glad I did it, but I'm shocked that they are the focus of an article on BW. Surprised they're even still around...
How ironic. Just this morning, I was attempting to clean one of their pieces of crap, ABetterInternet, off of my wife's computer. They have made it really difficult to find their stuff and clean it off. It was a few hours before I had even identified what exactly it was, and although Adaware was aware of its existence, it was unable to remove it.
Norton Antivirus was completely useless. I'm going to have to try a series of Spyware removal tools to get it off, I think. Maybe the kids will listen now when we tell them to use Firefox, and not IE.
It is like all these meaningful parents feeding thier kids junk, buying them junk, not knowing any better because why would the government let stuff be sold to kids if it weren't safe? All these people buying SUVs, driving them inappropriately, and then complaining that they roll over. All these people smoking in the last 40 years, and now complaining they have been taken advantage of. The first reports on the harm of smoking were published in the 19th century folks. The list goes on. We have to hassle anyone named Muhamod for out own safety. We have to get rid of all guns for our own safety. We have to allow all conversations to be monitored for our own safety. God and his appointed prophets will save us, we don't need to think.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
I don't know why people feel that caveat emptor (buyer beware) should apply less today than it did many years ago. Pop-ups and spam to me are the equivalent of P.T. Barnum unloading a bunch of tuna as "white salmon, guaranteed not to turn pink in the can". Especially with all the vendor/product/reseller review sites out there, one would think it would be easier for more emptorii to caveat. I don't feel any different about my grandmother thinking she's the 5000th visitor than I did when she bought that Ronco rotisserie abomination.
This sig is exempt from disclosure under the privacy Act of 1974.
Then the obvious answer to both is that we need to work on bringing that low-end up to somewhere more reasonable. Such that a basic American education (eventually internationally) includes that sort of basic common sense.
The government very clearly saw what happens when you have a well educated youth during the 60's. The fact that public education has been on the decline since those days is no accident.
It is much easier to control a populace which is fat, dumb and happy. They got the first two down, now they just need to figure out the happy part and their job is complete.
"Nobody knows the age of the human race, but everybody agrees that it is old enough to know better." - Unknown
The article talks about "trailer cash" and that is indeed what this is about. Forget the scum spyware companies, instead consider the real culprit, the end user.
I am not just talking about people still running Windows/IE, that in itself is stupid enough but it can be done safely.
No the trailer cash people are not the victim of shoddy MS coding or brilliant spyware coding, they are the victim of their own greed and stupidity. Greed because the fast majority of spyware programs come from dubious source, P2P programs (and no they ain't using P2P to download the latest linux distro) and "free programs". It is similar to that "test" someone did were people gave away personal information on questionares for tiny rewards.
Smart people know their is no such thing as a free lunch. If someone therefore offers you a free lunch this is probably because they want you to sit through a 3 hour sales pitch before. This is a sales techinigue I was warned about by consumer programs as a kid, that my mother was warned about even my grandfather and it is still going on.
But even worse then the people that install this crap hoping to get something for nothing are the people who actually respond to the ads.
Believe it or not but the entire ad business is about making money. Nobody is going to pay for an ad campaign that doesn't produce results. The sad fact is that these spyware and spam ads are very effective at producing sales results.
It is here that the real problem lies. As long as people keep buying from these kind of ads someone will be serving up these ads.
But frankly I don't see the problem. I guess I have always had a soft spot for scammers. They are such nice evidence of evolution in action. If you been infected by spyware that is natures way of telling you are to stupid to breed.
Pity is that in our society it is the stupid who breed the most. Now with viagra spam they will become even better at it. The stupid are going to overrun this world. Good news for the spyware and spam people. At least these IT jobs ain't being outsourced yet.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
You don't have to buy something from the pop up ad. There exists a phenomena most marketers are aware of, that when you have several brands of a product to choose from, most people narrow their choice down to a grouping of 2-4, usually by "hunch" or "intuition", before making any drill down comparisons. It's a compromise of search breadth vs search depth. The pop up's main goal is to preprogram their brand as one of your intuitive choices - if you happen to click and purchase directly then that's an added bonus.
As for stopping the local infection version of the pop up - write a letter to your congressman. Tell them that instead of worrying whether or not gays can be gay, or a dissident can burn a flag in protest of his governments actions, maybe they could write a quick law that makes it illegal to install software on another machine without the owner's explicit consent. Then the websites that distribute this shit will have fines to pay, sucking the profit right out of the whole scheme.
(Oh noes, a spammer might lose his job!)
Here's an interesting website, not sure if they read the letters sent but at least it's a start:
http://www.congress.org/congressorg/home/
You can get 15 minutes of fame, but you can go down in history for infamy.
If only you could make money by running a consumer reports site that listed all the companies who advertise this way. And all the companies that install root kits, etc.
It would be nice to have a site that I could run to before I purchased things to see if the manufacturer/distributor/reseller is on the blacklist.
If the site had counters for each company to show how many people read their review and avoided doing business with that company because of their review...
I hereby propose a DRCFMSS:
Direct Revenue Customer Funds Misallocation Screen Saver
Basically, a virtual-machine-like sandbox that runs a DR-infected IE "clicking" on ads popped up as the "user" (networked spider/p2p agent) "browses" around, comparing notes with other agents and causing view and click fees to be charged to the asshat corps that pay DR for ads.
You can even choose to participate in specific campaigns: "Hey folks, we're 'doing' Vonage this week!".
Then you can also compile nice tables to show the same asshats how much of their ad budget was pissed away in this fashion.
Is Linux/MacOS really more secure then windows, is their just no one around to throw crap on it?
:)
By default no, Linux's kernel is pretty secure, but there are still constant holes being found in the various services that people often install such as sendmail. A few years ago in Linux's infancy I setup a default RedHat box, and left it connected to a 56K modem overnight. It was hacked before morning.
Of course this was like 10 years ago.. In other news, security sucked 10 years ago
I have a simple, foolproof idea to help eliminate spam.
Email certification.
If you want to be able to send Certified Email (CE), you apply for Certification from the company that gives you internet connectivity. They check you out, and 'Certify' you as being a legitimate emailer (ie: not a spammer). Then, you generate a private/public key pair and give them the public one. In the headers of all your email, is their certification, and an encrypted header line that's createdusing your private key.
When email arrives at the recipients server (or this could be done at the client level, as well), the server sees the certification, and connects to the certifying server to get your public key. It attempts to decrypt the header line. If it does it marks the email as 'certified', if it cannot, it marks the email as 'uncertified', and the email client can be programmed to filter messages based on that.
Due to the public/private key cryptography, there can be no certified email spoofing. (Assuming the private keys are secure, the keys are of decent length, etc.) All emails are traceable back to the originating server. CORRECTION- all CERTIFIED emails are traceable. Anonymous email is still possible. People can still set up email servers for mailing lists without "having" to get them certified. And people can still receive non-certified mail.
If an email server sends out spam, the complaints go to it's certifier. They can drop the certification, deleting the public key from their server. When this happens, ALL the email from the spamming server is now 'uncertified', and gets handled accordingly by email clients. If nothing is done, complaints go to THEIR upstream, etc. Individuals and groups can keep their own blacklists, if they wish, and anyone can choose to filter emails according to those lists.
Now, I've looked over that 'form email' that people like to post to shoot down anti-spam ideas. And nothing applies to this idea. (If something seems to apply, it's because I either left out details, or explained something wrong.) This idea does NOT need to be universally adopted, nor does it need to be adopted by everyone all at once. It's primarily a way of reliably tracing (certified) emails back to their originating server. The anti-spam part comes later: if you receive certified spam, complain and get the server un-certified. If you receive un-certified spam... well, just have your email client dump all uncertified emails in the trash. (Not nessisarilly, you could just use it's un-certifedness as a factor in filtering your email.)
This idea does not require anything be changed with SMTP. It simply requires a second connection be made to the certifying server. Now, before you bitch about the extra bandwidth, I'd like to remind you that, once this idea catches on, spam will be greatly reduced. This reduction will MORE than make up for the slight increase in bandwidth created in querying the certifying servers. Also, the certifying servers can set time limits on when the certifications expire, and need to be re-downloaded (kind of like DHCP leases). A 'new' company that just applied for certification might have it's certificate set to expire almost instantly. This way, every email they send requires a download of the certificate. This allows the certificate to be pulled rapidly if they start spamming. After a month or two, it could be set to expire weekly or monthly.
To sum up: Email Certification is reliable way of tracing the certified emails back to their originating server. This allows spammers to be identified unequivocally, and have their certification pulled. Email servers are NOT required to be certified, and anonymous email is still possible. Email recipients can, if they choose, set up their client to send uncertified emails to the trash, or to handle them however they wish. White lists and black lists are still possible. 'Hobby mailing lists' are still possible, certified or not. The extra bandwidth is minimal, and easily overshadowed by the reduction in spam being send once spammers realize no one is even seeing, much less reading or replying to their spam.