Slashdot Mirror
Spyware Still Cheating Merchants
Jamie found an interesting story about how Spyware is still on the move. It talks about how Spyware vendors are trying to clean up their image, but still doing fishy things. It breaks down several common types of spyware and some analysis of each.
The spyware on slashdot's servers allowed me to spy on this story and craft a 1st post with ample time to spare.
I'm Ben Edelman, the author of the piece. I'm happy to answer any questions folks may have.
It would be particularly interesting to hear from merchants and by legit (non-spyware-using) affiliates who are ripped off by the practices I documented.
I like the article I thought is was well written and had some valid points, but I think the thing I learned most is don't go to blockbuster or netflix websites.
It talks about how Spyware vendors are trying to clean up their image, but still doing fishy things. ...the day Tony Soprano becomes a 'respectable businessman'. Crapware (my common term for deceotive adware, spyware, malware and whatever else "toolbars" and "helpers" and "assistants") couldn't get clean without going into legitimate advertising and shareware. And there the competition is solidly entrenched already, so all I want for them is to quietly die. They're a cancer to the computer industry and should be eradicated.
Live today, because you never know what tomorrow brings
These merchants, Netflix, Blockbuster and others signed with people with very low ethical standards. These spyware vendors install software without consent, fool people, irritate people with pop-ups etc. And these companies thought that is how they should get their customers. It should not surprise anyone, least of all these merchants, that the spyware vendors use every trick in the book and then some to cheat them and charge fees and commissions. Let them go bankrupt. Serves them right for providing food to these cockroaches.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
I don't have a strong view on pop-up blockers. I often use Google Toolbar. But in XP SP2, IE's internal pop-up blocker works fine too.
One key insight: Pop-up blockers don't stop spyware-originating pop-ups. Pop-up blockers stop pop-ups that load through a web browser, i.e. as a result of JavaScript code within pages users request. But pop-up blockers do nothing to stop full Windows programs (e.g. spyware) installed on users' computers.
I can see the ideal solution to this type of advertising fraud.
If I am running a site selling certain goods, then I don't really care how many hits I get, I'm bothered about how many sales I get.
Now if google can set up an adwords system for me that does not charge per click, but instead I use their payment system as a check out and grant them a commission on refered sales (as long as they can prove that the refereal was sent via a targetted ad in the current browser session would be my condition) then they can take say 5% of the sale (on top of their normal processing comission.
Then the problem comes down to trusting google to correctly report which sales on your site are actually directly from one of their adverts and not from their main search.... however its only one company, its a large and well known company so auditing it would be a lot easier than many of the smaller more dubious companies.
$_="Slashdotter";$syn="OTT";s;..;;;sub _{print shift||$_};s!ash!Perl !;s=$syn=ack=i;tr+LLEd+BLAH+;_"Just Another ";_
Trying to branch out into legit enterprises but you know that push come to shove your kneecaps are in trouble.
An Eye for an Eye will make the whole world blind - Gandhi
I did send a note to someone I know in marketing at Netflix. I don't know anyone at Blockbuster, so I couldn't readily contact them.
Of course the bigger issue extends beyond those two specific merchants. Most affiliate merchants lack the kind of tough oversight of their affiliates that would be needed to prevent these scams.
No sig for you. YOU GET NO SIG!
Does anyone else find it funny that spyware is trying to clean up its image? Maybe they should start with the name. The very name SPY WARE isn't very clean. Maybe they should change their name to "used to spy now trying to decieve ware"
How would the merchants detect that Zango or other spyware makers have hijacked organic traffic or a legitimate affiliates cookie? If the software routs traffic through the spyware vendor's servers first then to the intended website how is a site like Netflix or Blockbuster going to tell if they don't get a chance to put a cookie there? Not to mention that a spyware vendor probably doesn't have the affiliate code in their name but probably a shell corporation or some other company. If companies like Netflix take action how bad do you think the shakeup will be for companies like Zango?
Specks
Batteries not included
Specks, you're right that merchants generally won't be able to figure this out merely from inspecting users' traffic or web server log files.
Instead, in my experience, the only robust enforcement strategy is testing: Get copies of the spyware, browse the web on infected test PCs, and see what happens. If an affiliate's link is invoked wrongfully and unexpectedly, then investigate and take appropriate action.
Is this trivially easy? Well, no. But it's the only clear way forward. And arguably it's appropriate: Any merchant paying out $$$$$ of affiliate commissions ought to put forth reasonable effort to confirm who they're paying and what they're paying for. In few other contexts would a company have as many suppliesr, subject to as little vetting (ex ante) and supervision (ex post), as in Internet advertising.
Part of the problem is that online advertising has for a long time essentially been one gigantic circle-jerk, and in these cases, the original advertisers end up cleaning up the mess. Companies pay other companies to source advertising, who pay other affiliate networks and other websites a pittance to carry the advertising. There are enough middle men to make one's head spin. The original advertisers end up having no idea who they're dealing with.
Less outsourcing, and contracts that demand less second-degree outsourcing, would help the advertisers tremendously. I doubt that it would do much for the spyware victims, though, because there'll always be another scam right around the corner.
The usual responses are that "You are exaggerating the dangers", and "I have nothing of value for anyone to steal in my computer" or "it is too complex to lock the machine down" or "I dont know how to lock the machine down" or "there are millions of people who dont lock their machine down, are they all fools and are you the only smart guy out there".
Their file sharing stops working. They call the tech. Some cousin of me from India walks them step-by-step to turn off the firewall in the router so that "he can come in and fix it", turns off the firewall in the machine, turns on remote assistance, fixes something and leaves. For the tech guy the metric is "minutes to solve the problem". Staying on line to turn back all the firewalls and turning off remote-assistances "does not pay". The machine gets pwend even before he is done and he recommends wiping the hard disk and restoring, wiping out everything the customer had in the disk.
It is a torture to be the one-eyed man in the land of the blind.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
I'd have thought so.
Make business arrangements with criminals and you deserve to get ripped off.
...I arrived at the unshakeable conclusion that people in marketing businesses are relentless assholes who can only see things with dollar signs and care nothing about collateral damage they may cause. You can apply this to printed free papers who often litter the streets of many urban and suburban neighborhoods with their distribution boxes and papers flying through the air. You can apply this to spammers who are still convinced among themselves that they are not bad people and only annoy people a little. Just about anywhere there are marketing people, you will see them pushing over the edge of what is acceptable practices and behavior... not every marketer is like this, but the "successful" ones are definitely of that breed.
Glad I cleaned up that spyware before I read this, otherwise pop-ups would have gotten in the way!
--
Ticks are people too.
The poster had obviously only taken a brief glance at the article. It was not about pop-ups in the normal sense - it was about spyware and a very specific type of advertising fraud in the form of a certain kind of pop-up. I didn't mod down because it's a bad question. I modded it off-topic because it had little relation to the article. Read the article and tell me you don't agree...
If I'm reading your article correctly, at least some of these work by intercepting the customer hitting a link on the advertiser's site or popping up a redirected-through-affiliate page as a result of browsing the advertiser's site, to give the customer the impression he's just continuing his existing session.
If this is the case, it seems to me the advertiser would be able to identify this fraud by auditing his own logs - looking for a non-affiliate hit followed, soon after, by an affiliate hit claiming commission for his signup.
Seems to me that he could take this to court. With your evidence of this sort of deliberate fraud to establish a pattern of deceptive behavior, the results of the log post-processing could establish the amount of the damages.
Am I correct on this?
Business model for the advertiser:
1) Read the expert's article.
2) Post-process the log.
3) Hire the expert as expert witness.
4) Sue the bastards.
5) Profit.
No missing steps. (Also, the expert could probably consult to help out on step 2).)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
"Internet Marketing" and "Online Advertising" are pretty much the most corrupt and shady businesses you can involve yourself with. Seriously, if you're thinking about getting into it, but have some morals, go check out being an arms dealer or something. The only legitimate dealings I've seen in this space are between large advertisers (not networks, I'm talking blue chip companies doing actual 1-to-1 advertising agreements) and large publishers (generally run by large media companies) with lots of lawyers involved. Even then, it only gets as legitimate as the arrangement I just described can get.
As soon as you start dealing with CPA or affiliate networks or any of that shit, prepare to see some borderline-criminal activity as a matter of course. Any company who plays in this space as their main/only source of income is bound to be teeming with the scum of the earth. There's good money in it, but you're just ripping suckers off for the most part, which is kind of like most other types of advertising, but even more blatant online.
I don't think anybody's fooled by these companies trying to "clean up" their act, which is good, because they're ultimately the crooks they've always been.
Game... blouses.
> It is a torture to be the one-eyed man in the land of the blind.
There's another way of putting that, BTW:
He who foresees misfortune suffers it twice.
Yeah, I've been there.
The only way Spyware vendors will "clean up their image" is by not making spyware anymore.
My thoughts exactly. Any affiliate link should have the HTTP_REFERER header populated with where they came from. If the first hit to the site from any given IP address does not have an affiliate-style link, yet immediately after there's a visit to the site from the same IP address but with its referrer containing an affiliate-style link, then it should be possible to build up a history of suspected fraud. I'm glossing over things like proxy servers as this can either be solved with session cookies (which should persist when the ad interceptor opens the new window) or over a large enough sample size it won't matter.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
OS X is based on BSD, not Linux
Letter grades should be capitalized: D-
That is all
Your ad here. Ask me how!
I have to say, for someon making alot of statements about things, you sure are unaware
...what fraud???"...and enlighten them to
of click-fraud statistics. People even have brought Google to court because of fraudulent
stats. I have adwords on my website, if I even go to my own website, and spend the day clicking on all the link and refreshing the page to get new ads, then click on those, I get some money in the bank for those clicks, at the end of the year I could maybe get 100-200$. That is if I have the time to do this, now there are people smart enough to program a software that would do this automatically without intervention, and with delays built into the program....so as to not raise any flags.
This alone * how many people have ads, could ad up to the supposed millions lost in click fraud as per some stats have proven. I am not one to condone fraud, but I know how easy some peopl can think up new ways of stiffing the system. Now that you have that knwledge, I would suggest you
inform everyone that you have kindly told "fraud
this as well.
; )