Slashdot Mirror
Spyware Still Cheating Merchants
Jamie found an interesting story about how Spyware is still on the move. It talks about how Spyware vendors are trying to clean up their image, but still doing fishy things. It breaks down several common types of spyware and some analysis of each.
The spyware on slashdot's servers allowed me to spy on this story and craft a 1st post with ample time to spare.
I'm Ben Edelman, the author of the piece. I'm happy to answer any questions folks may have.
It would be particularly interesting to hear from merchants and by legit (non-spyware-using) affiliates who are ripped off by the practices I documented.
It talks about how Spyware vendors are trying to clean up their image, but still doing fishy things. ...the day Tony Soprano becomes a 'respectable businessman'. Crapware (my common term for deceotive adware, spyware, malware and whatever else "toolbars" and "helpers" and "assistants") couldn't get clean without going into legitimate advertising and shareware. And there the competition is solidly entrenched already, so all I want for them is to quietly die. They're a cancer to the computer industry and should be eradicated.
Live today, because you never know what tomorrow brings
These merchants, Netflix, Blockbuster and others signed with people with very low ethical standards. These spyware vendors install software without consent, fool people, irritate people with pop-ups etc. And these companies thought that is how they should get their customers. It should not surprise anyone, least of all these merchants, that the spyware vendors use every trick in the book and then some to cheat them and charge fees and commissions. Let them go bankrupt. Serves them right for providing food to these cockroaches.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Then you should read the article again.
The article described how, if you go to, e.g. Blockbuster's website and perform some action(such as signing up—they intend to pay legitimate advertisers who refer new customers), while having certain spyware installed, then Blockbuster is ripped off by having to pay an illegitimate advertiser, and the spyware makers benefit. You aren't affected directly in the slightest.
I don't have a strong view on pop-up blockers. I often use Google Toolbar. But in XP SP2, IE's internal pop-up blocker works fine too.
One key insight: Pop-up blockers don't stop spyware-originating pop-ups. Pop-up blockers stop pop-ups that load through a web browser, i.e. as a result of JavaScript code within pages users request. But pop-up blockers do nothing to stop full Windows programs (e.g. spyware) installed on users' computers.
I can see the ideal solution to this type of advertising fraud.
If I am running a site selling certain goods, then I don't really care how many hits I get, I'm bothered about how many sales I get.
Now if google can set up an adwords system for me that does not charge per click, but instead I use their payment system as a check out and grant them a commission on refered sales (as long as they can prove that the refereal was sent via a targetted ad in the current browser session would be my condition) then they can take say 5% of the sale (on top of their normal processing comission.
Then the problem comes down to trusting google to correctly report which sales on your site are actually directly from one of their adverts and not from their main search.... however its only one company, its a large and well known company so auditing it would be a lot easier than many of the smaller more dubious companies.
$_="Slashdotter";$syn="OTT";s;..;;;sub _{print shift||$_};s!ash!Perl !;s=$syn=ack=i;tr+LLEd+BLAH+;_"Just Another ";_
No sig for you. YOU GET NO SIG!
Does anyone else find it funny that spyware is trying to clean up its image? Maybe they should start with the name. The very name SPY WARE isn't very clean. Maybe they should change their name to "used to spy now trying to decieve ware"
How would the merchants detect that Zango or other spyware makers have hijacked organic traffic or a legitimate affiliates cookie? If the software routs traffic through the spyware vendor's servers first then to the intended website how is a site like Netflix or Blockbuster going to tell if they don't get a chance to put a cookie there? Not to mention that a spyware vendor probably doesn't have the affiliate code in their name but probably a shell corporation or some other company. If companies like Netflix take action how bad do you think the shakeup will be for companies like Zango?
Specks
Batteries not included
Specks, you're right that merchants generally won't be able to figure this out merely from inspecting users' traffic or web server log files.
Instead, in my experience, the only robust enforcement strategy is testing: Get copies of the spyware, browse the web on infected test PCs, and see what happens. If an affiliate's link is invoked wrongfully and unexpectedly, then investigate and take appropriate action.
Is this trivially easy? Well, no. But it's the only clear way forward. And arguably it's appropriate: Any merchant paying out $$$$$ of affiliate commissions ought to put forth reasonable effort to confirm who they're paying and what they're paying for. In few other contexts would a company have as many suppliesr, subject to as little vetting (ex ante) and supervision (ex post), as in Internet advertising.
Part of the problem is that online advertising has for a long time essentially been one gigantic circle-jerk, and in these cases, the original advertisers end up cleaning up the mess. Companies pay other companies to source advertising, who pay other affiliate networks and other websites a pittance to carry the advertising. There are enough middle men to make one's head spin. The original advertisers end up having no idea who they're dealing with.
Less outsourcing, and contracts that demand less second-degree outsourcing, would help the advertisers tremendously. I doubt that it would do much for the spyware victims, though, because there'll always be another scam right around the corner.
The usual responses are that "You are exaggerating the dangers", and "I have nothing of value for anyone to steal in my computer" or "it is too complex to lock the machine down" or "I dont know how to lock the machine down" or "there are millions of people who dont lock their machine down, are they all fools and are you the only smart guy out there".
Their file sharing stops working. They call the tech. Some cousin of me from India walks them step-by-step to turn off the firewall in the router so that "he can come in and fix it", turns off the firewall in the machine, turns on remote assistance, fixes something and leaves. For the tech guy the metric is "minutes to solve the problem". Staying on line to turn back all the firewalls and turning off remote-assistances "does not pay". The machine gets pwend even before he is done and he recommends wiping the hard disk and restoring, wiping out everything the customer had in the disk.
It is a torture to be the one-eyed man in the land of the blind.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Then you didn't understand it. Blockbuster/Netflix isn't installing the spyware. They are the ones being robbed because of spyware you already have on your computer.
(IANAL)
How can Higaran's idiotic response be moderated "Insightful"? He managed to read a very clear article and come away with an interpretation that was almost completely the opposite of what it said. It does provide some insight into the sorry state of education these days, but definitely not into the topic of this post.
There is no spyware on the Blockbuster or Netflix websites.
There is spyware that may get loaded onto your computer by companies like Zango, which then intercepts your visits to Blockbuster/Netflix, and inserts a cookie that scams Blockbuster/Netflix out of commission $$.
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS