The Sony/XCP uninstall process requires you to fill out a web form that uses an ActiveX control. That control has several serious security issues including the ability to run arbitrary code and even a handy built-in reboot function. The ActiveX control gropes around your system and encrypts some information that is submitted in a hidden form field. Their privacy policy does not mention this.
Feel free to go over there and try it yourself. If you install the ActiveX you can remove it in Tools, Internet Options, Settings, View Objects, "CodeSupport Control". Here's what they send you:
From: contentprotectionhelp Sent: Monday, November 14, 2005 04:22 AM To: sony-bmg-sucks@invalid.com Subject: Re: ContentProtectionHelp Email Form
Thank you for contacting Sony BMG Online.
Sony BMG and First 4 Internet have released a Service Pack 2a update that addresses recent concerns surrounding the cloaking technology component on SONY BMG content protected CDs which use XCP technology. These components are not malicious nor spyware however to alleviate any concerns that users may have about the program posing potential security vulnerabilities the update removes the cloaking component from their computers. Please visit the link below to install the SP2a update.
If you do not want to install the SP2a update and only wish to uninstall the DRM software, visit the form below using IE 5.0 (or higher) from the computer where the software is installed. After submission, you will be emailed a customized uninstall link within 1 business day (M-F).
TIP: The uninstall request form will require an ActiveX plug-in.
Also you may need to temporarily turn off any pop-up blocker
software on the PC.
Thank you for the opportunity to be of assistance.
The Sony BMG Online Support Team FKSZ
This message and any attachments are solely for the use of intended recipients. They may contain privileged and/or confidential information. If you are not the intended recipient, you are hereby notified that you received this email in error, and that any review, dissemination, distribution or copying of this email and any attachment is strictly prohibited. If you receive this email in error please contact the sender and delete the message and any attachments associated therewith from your computer. Your cooperation in this matter is appreciated.
Rest assured they are both on the same side of the "isle", the one with a tropical island nest paid for by Thurston Howell III, er, the book publishers.
Bob Barr no doubt made plenty of friends in publishing when he recently wrote a book. Book royalties are a convenient way of laundering money bound for politicians (Newt Gingrich, Hillary Clinton, etc.) since they are ostensibly for something the person did rather than being outright contributions.
This controversy seems no different than the one about SBC's pipes, it's basically people griping that they want more money off someone else's hard work. Let's hope that the courts believe that indexing a book and putting that index online with small excerpts is fair use.
The military is supposed to get involved in domain disputes? Somehow I don't think the framers had sex.com in mind when they penned "provide for the common defense". Maybe it fits the "more perfect union" part.
'To have them resell the games, with developers having no participation, that's just wrong. That's just fleecing us.'"
Yes, the only fleecing that should be done is first-generation fleecing, where the game developers and distributors get a good chunk of the money before the buyer realizes the game is boring and unplayable.
So why would someone be selling a game? Perhaps because it is no longer interesting to them? Maybe because it became boring to play after a few weeks? Whose fault is that? If the buyer can't even resell the thing without some sort of permission from the game company it sounds like there is less incentive for them to make a "keeper".
I RTFA and can see what he's saying that the shuttle and ISS were basically mistakes, and I agree. However, I'm not so clear about his proposed alternatives. Is he shilling for Bush's "Man to Mars" mission and saying that should have been our goal since the 1970s? That would certainly be a wise career move (at least for the moment) but what purpose would it serve to send a man to Mars? We can't even get some of our unmanned probes to the Martian surface successfully. Maybe we could try to get a probe there and back to Earch first.
For a one-off conversion to a decade-old Jeep Cherokee, it would take lots of unique parts and experienced labor. You are probably looking at tens of thousands of dollars and when you are done it will still look like an old Jeep.
If you are fixated on going hybrid with an SUV, why not buy a brand new hybrid Highlander or Lexus? You'll spend as much and get the same marginal gas mileage increase, but you'll also get that new-car smell.
Or, put another way, companies will be nice when it's in their interest to be nice. Right now the buzz on Google is positive. But if enough bad things accumulate (refusing to talk to cnet, letting scammers ruin adwords, allowing blogspot to pollute search results and distribute spyware, etc.) then we'll reach a tipping point and Google will be a bad guy.
Did anyone else see the dup article about honeymonkeys from CmdrTaco that was here around 5:15pm eastern time? I guess he just deleted it to prevent humiliation.
I've seen constructive criticism of products in NewEgg reviews and if anything they made me more likely to buy. For example, there was a case that had the Firewire ports connected wrong but the reviewer pointed to a page that showed how to correct the pinout. I bought it and made the suggested change immediately.
I have seen NewEgg reviews where they censored prices and competitor sites but still posted the review, so they don't always reject an entire review because of that.
Most antispyware utilities also remove tracking cookies by default, and most users never change the defaults, so tracking cookies are being removed. If there wasn't so much truly dangerous spyware out there today, the nuisance caused only by tracking cookies wouldn't be the effort to fix. But as long as users bought something that cleans it all up they're going to use it.
Also, unscrupulous antispyware companies are sometimes using tracking cookies to scare users into buying something. Just put "spyware" into Google and look at the ads, then run one of their free scans. The more they detect, the more they scare users, and the better their chances of making a sale.
What it comes down to for both spyware and cookies is the same thing. What is the benefit TO THE USER of having this stuff on their computer? If there is none then it should be gone and the marketeers should figure out a better incentive.
Google's fraud detection is like a casino catching a card counter. If you win too much they figure you must be cheating. All they can do is look at the click patterns of your site and see how they compare to patterns at other sites that have AdWords.
It's possible that you were the victim of a "joe job" attack where someone came to your site and clicked every ad on every page. I suspect that Google gives you a pass or two on those kind of incidents since they can detect and filter them based on other info (cookies and/or IP address for example).
If you really pissed someone off, they may have set a few hundred zombie computers to fake-clicking on your links. Since those clicks come from completely different sources it isn't possible for Google to filter them like they can with Mr. Joe Job Happy Finger above. But based on high click rates they may have decided that the clicks can't possibly be real.
You are already on the right track if the projects are "well defined." I have had several experiences on eLance and the best results happen when you know exactly what you want. I mean, exactly. If you need something in ATL or MFC with specific dependencies (or lack of them), say so. The more specific the better.
Also specify how the project will be tested before being delivered to you. The end of the project can be the most frustrating. I have decided it's often easier to take ownership of the whole thing and do the little items (spelling and grammar in the UI) rather than trying to pass it back to them.
Finally, think about IP issues. If you think the project (or your whole company) will ever be bought by any large company, they will ask questions about where the code came from in due diligence. Get some assurances that the code they created "for you" is not yanked from some open source project.
Yes, SCO has found cases where their copyrighted code was stolen and then cleverly obfuscated by completely changing the variable names, comments, data structures and algorithms! But clearly it must have been stolen since it performs a similar function.
WhenU is a 3rd party, hired by a competitor to produce advertising when users enter a target site. Said site has no defense, or no method of blocking/taking down the ads, as the pop-ups are generated client side.
Yes, as I understand it this is basically the same losing argument made by 1-800-Contacts, we'll call it the "It's unfair commerce" argument. WhenU said the user had agreed to run WhenU software that would show these ads on the user's desktop. We'll call it the "User owns their computer and can run whatever they want" argument.
If some web site can limit what some unrelated piece of software does on your computer, then why wouldn't commercial sites try to limit popup blockers, ad blockers, and other anti-commerce innovations? You can bet they would if the courts ruled against WhenU and created some sort of "right of commercial display". Then they can outlaw Tivo 30-second skip too.
Let's look at a slightly different situation. Say that WhenU was an intelligent price search engine that really found you better deals rather than just selling ads to the highest bidder. What if it interrupted you just before you made a purchase and said "Hey, you're buying this memory through Dell, you can get the same thing for $30 less if you buy through Crucial." WhenU just popped something over the Dell site and robbed them of a sale, but you saved $30. Should that be illegal?
The court didn't have a lot of choice. WhenU was saying that the user authorized the software and it's the user's computer to do what they want. We all know intuitively that's bullshit, but the court needs evidence. If 1-800-Contacts didn't provide (enough) evidence of users having WhenU on their system without knowledge or consent then the ruling pretty much had to be for WhenU.
If the deal went through, I am sure that Microsoft would clean up any issues with Claria's distribution practices. After all, they have Windows Update and don't need no steenkin' drive-by downloads. My concern would be with the data that Claria has collected so far. They have the seventh largest data warehouse of "consumer behavior"; it's 12 terabytes and growing.
Claria's already said that they are moving towards an Adwords-style advertising network, and this is what Microsoft wants. They are planning to buy inventory from big web sites in bulk, then display ads in that space based on their monitoring of where the user has been and what they bought. The genius of this is that it turns web publishers from enemies into customers. The only losers are the users.
Google isn't necessarily losing any money at all to fake clicks. Google MAKES money on fake clicks because they take a cut of the money from every click. Google's advertisers lose the money. Long term, the risk that Google runs is that the advertisers lose confidence in the legitimacy of Adwords/Adsense and look for other alternatives. At the moment, the other alternatives are more corrupt and less principled than Google, IMO.
Both Google and Click Defense (RTFA) probably use a combination of IP addresses, cookies, time frames, and click patterns to guess whether the clicks are fraudulent or not. This dispute is probably over the gray areas.
There's no doubt that someone clicking a dozen times on the same ad over the period of an hour should be backed out. But if a user clicks once on a particular ad today, then does it tomorrow, and the next day, is that click fraud? Google could argue no, the user is just looking to see if the offer changes or taking some time to make up their mind. The merchant or Click Defense might argue the other way.
AFAICT, both the Google and Click Defense techniques do nothing to stop "click laundering" where the click is automatically generated by a trojan or spyware. Imagine a botnet of 100K PCs that run click laundering software. They attack certain advertisers by automatically "clicking" on their ads. This drains the victims Adwords account to zero and makes the keyword available to other advertisers, often belonging to the attacker. But there is no pattern, and only one click per computer, so how do you prove fraud or even stop it?
Another variation on click laundering is to set up a web site that has Adwords on it. Then have the trojan-infected PCs "click" on the Adwords ads on that site, or create ads that display off the site (in spyware popups for example) that will get clicks. There was a movie floating around on the P2P networks that displayed Google ads as part of the DRM license process!
There is a very big difference between taking back the analog spectrum from broadcasters and rendering all analog TV useless. If the FCC took back the analog spectrum today, it's true that I would not be affected even though I own no HDTV tuners. That is because the cable company would presumably continue to send me a wire full of analog TV. That does NOT make my analog TV go dark. If it does, well, then I'm 100% against this scheme.
Slashdot Mirror
The Sony/XCP uninstall process requires you to fill out a web form that uses an ActiveX control. That control has several serious security issues including the ability to run arbitrary code and even a handy built-in reboot function. The ActiveX control gropes around your system and encrypts some information that is submitted in a hidden form field. Their privacy policy does not mention this.
Feel free to go over there and try it yourself. If you install the ActiveX you can remove it in Tools, Internet Options, Settings, View Objects, "CodeSupport Control". Here's what they send you:
From: contentprotectionhelp
Sent: Monday, November 14, 2005 04:22 AM
To: sony-bmg-sucks@invalid.com
Subject: Re: ContentProtectionHelp Email Form
Thank you for contacting Sony BMG Online.
Sony BMG and First 4 Internet have released a Service Pack 2a update that addresses recent concerns surrounding the cloaking technology component on SONY BMG content protected CDs which use XCP technology. These components are not malicious nor spyware however to alleviate any concerns that users may have about the program posing potential security vulnerabilities the update removes the cloaking component from their computers. Please visit the link below to install the SP2a update.
http://updates.xcp-aurora.com/
If you do not want to install the SP2a update and only wish to uninstall the DRM software, visit the form below using IE 5.0 (or higher) from the computer where the software is installed. After submission, you will be emailed a customized uninstall link within 1 business day (M-F).
http://cp.sonybmg.com/xcp/english/form9.html
Your "Case ID" is: 9999999.
TIP: The uninstall request form will require an ActiveX plug-in.
Also you may need to temporarily turn off any pop-up blocker
software on the PC.
Thank you for the opportunity to be of assistance.
The Sony BMG Online Support Team
FKSZ
This message and any attachments are solely for the use of intended recipients. They may contain privileged and/or confidential information. If you are not the intended recipient, you are hereby notified that you received this email in error, and that any review, dissemination, distribution or copying of this email and any attachment is strictly prohibited. If you receive this email in error please contact the sender and delete the message and any attachments associated therewith from your computer. Your cooperation in this matter is appreciated.
- - - - -
typically on opposing sides of the [sic] isle
Rest assured they are both on the same side of the "isle", the one with a tropical island nest paid for by Thurston Howell III, er, the book publishers.
Bob Barr no doubt made plenty of friends in publishing when he recently wrote a book. Book royalties are a convenient way of laundering money bound for politicians (Newt Gingrich, Hillary Clinton, etc.) since they are ostensibly for something the person did rather than being outright contributions.
This controversy seems no different than the one about SBC's pipes, it's basically people griping that they want more money off someone else's hard work. Let's hope that the courts believe that indexing a book and putting that index online with small excerpts is fair use.
The military is supposed to get involved in domain disputes? Somehow I don't think the framers had sex.com in mind when they penned "provide for the common defense". Maybe it fits the "more perfect union" part.
'To have them resell the games, with developers having no participation, that's just wrong. That's just fleecing us.'"
Yes, the only fleecing that should be done is first-generation fleecing, where the game developers and distributors get a good chunk of the money before the buyer realizes the game is boring and unplayable.
So why would someone be selling a game? Perhaps because it is no longer interesting to them? Maybe because it became boring to play after a few weeks? Whose fault is that? If the buyer can't even resell the thing without some sort of permission from the game company it sounds like there is less incentive for them to make a "keeper".
I RTFA and can see what he's saying that the shuttle and ISS were basically mistakes, and I agree. However, I'm not so clear about his proposed alternatives. Is he shilling for Bush's "Man to Mars" mission and saying that should have been our goal since the 1970s? That would certainly be a wise career move (at least for the moment) but what purpose would it serve to send a man to Mars? We can't even get some of our unmanned probes to the Martian surface successfully. Maybe we could try to get a probe there and back to Earch first.
For a one-off conversion to a decade-old Jeep Cherokee, it would take lots of unique parts and experienced labor. You are probably looking at tens of thousands of dollars and when you are done it will still look like an old Jeep.
If you are fixated on going hybrid with an SUV, why not buy a brand new hybrid Highlander or Lexus? You'll spend as much and get the same marginal gas mileage increase, but you'll also get that new-car smell.
Perhaps justice will be done eventually, but in Soviet Russia...
Or, put another way, companies will be nice when it's in their interest to be nice. Right now the buzz on Google is positive. But if enough bad things accumulate (refusing to talk to cnet, letting scammers ruin adwords, allowing blogspot to pollute search results and distribute spyware, etc.) then we'll reach a tipping point and Google will be a bad guy.
Did anyone else see the dup article about honeymonkeys from CmdrTaco that was here around 5:15pm eastern time? I guess he just deleted it to prevent humiliation.
I made a post there but it seems to be lost at this point.
I've seen constructive criticism of products in NewEgg reviews and if anything they made me more likely to buy. For example, there was a case that had the Firewire ports connected wrong but the reviewer pointed to a page that showed how to correct the pinout. I bought it and made the suggested change immediately.
I have seen NewEgg reviews where they censored prices and competitor sites but still posted the review, so they don't always reject an entire review because of that.
"you can actually drag the various sections on the page and place them anywhere on the page"
/.ed so I can't tell what you mean, but the customizable Google start page lets you drag and drop sections.
The start.com page seems to have been
"if 123 had survived what would it have looked like by now?"
Maybe
like this?
Sure, but Microsoft is certain to see it tomorrow when it's posted as a dup!
"A company cannot be allowed to profit from deceit."
A government or political party, on the other hand...
Most antispyware utilities also remove tracking cookies by default, and most users never change the defaults, so tracking cookies are being removed. If there wasn't so much truly dangerous spyware out there today, the nuisance caused only by tracking cookies wouldn't be the effort to fix. But as long as users bought something that cleans it all up they're going to use it.
Also, unscrupulous antispyware companies are sometimes using tracking cookies to scare users into buying something. Just put "spyware" into Google and look at the ads, then run one of their free scans. The more they detect, the more they scare users, and the better their chances of making a sale.
What it comes down to for both spyware and cookies is the same thing. What is the benefit TO THE USER of having this stuff on their computer? If there is none then it should be gone and the marketeers should figure out a better incentive.
Google's fraud detection is like a casino catching a card counter. If you win too much they figure you must be cheating. All they can do is look at the click patterns of your site and see how they compare to patterns at other sites that have AdWords.
It's possible that you were the victim of a "joe job" attack where someone came to your site and clicked every ad on every page. I suspect that Google gives you a pass or two on those kind of incidents since they can detect and filter them based on other info (cookies and/or IP address for example).
If you really pissed someone off, they may have set a few hundred zombie computers to fake-clicking on your links. Since those clicks come from completely different sources it isn't possible for Google to filter them like they can with Mr. Joe Job Happy Finger above. But based on high click rates they may have decided that the clicks can't possibly be real.
You are already on the right track if the projects are "well defined." I have had several experiences on eLance and the best results happen when you know exactly what you want. I mean, exactly. If you need something in ATL or MFC with specific dependencies (or lack of them), say so. The more specific the better.
Also specify how the project will be tested before being delivered to you. The end of the project can be the most frustrating. I have decided it's often easier to take ownership of the whole thing and do the little items (spelling and grammar in the UI) rather than trying to pass it back to them.
Finally, think about IP issues. If you think the project (or your whole company) will ever be bought by any large company, they will ask questions about where the code came from in due diligence. Get some assurances that the code they created "for you" is not yanked from some open source project.
Yes, SCO has found cases where their copyrighted code was stolen and then cleverly obfuscated by completely changing the variable names, comments, data structures and algorithms! But clearly it must have been stolen since it performs a similar function.
WhenU is a 3rd party, hired by a competitor to produce advertising when users enter a target site. Said site has no defense, or no method of blocking/taking down the ads, as the pop-ups are generated client side.
Yes, as I understand it this is basically the same losing argument made by 1-800-Contacts, we'll call it the "It's unfair commerce" argument. WhenU said the user had agreed to run WhenU software that would show these ads on the user's desktop. We'll call it the "User owns their computer and can run whatever they want" argument.
If some web site can limit what some unrelated piece of software does on your computer, then why wouldn't commercial sites try to limit popup blockers, ad blockers, and other anti-commerce innovations? You can bet they would if the courts ruled against WhenU and created some sort of "right of commercial display". Then they can outlaw Tivo 30-second skip too.
Let's look at a slightly different situation. Say that WhenU was an intelligent price search engine that really found you better deals rather than just selling ads to the highest bidder. What if it interrupted you just before you made a purchase and said "Hey, you're buying this memory through Dell, you can get the same thing for $30 less if you buy through Crucial." WhenU just popped something over the Dell site and robbed them of a sale, but you saved $30. Should that be illegal?
The court didn't have a lot of choice. WhenU was saying that the user authorized the software and it's the user's computer to do what they want. We all know intuitively that's bullshit, but the court needs evidence. If 1-800-Contacts didn't provide (enough) evidence of users having WhenU on their system without knowledge or consent then the ruling pretty much had to be for WhenU.
If the deal went through, I am sure that Microsoft would clean up any issues with Claria's distribution practices. After all, they have Windows Update and don't need no steenkin' drive-by downloads. My concern would be with the data that Claria has collected so far. They have the seventh largest data warehouse of "consumer behavior"; it's 12 terabytes and growing.
Claria's already said that they are moving towards an Adwords-style advertising network, and this is what Microsoft wants. They are planning to buy inventory from big web sites in bulk, then display ads in that space based on their monitoring of where the user has been and what they bought. The genius of this is that it turns web publishers from enemies into customers. The only losers are the users.
Google isn't necessarily losing any money at all to fake clicks. Google MAKES money on fake clicks because they take a cut of the money from every click. Google's advertisers lose the money. Long term, the risk that Google runs is that the advertisers lose confidence in the legitimacy of Adwords/Adsense and look for other alternatives. At the moment, the other alternatives are more corrupt and less principled than Google, IMO.
Both Google and Click Defense (RTFA) probably use a combination of IP addresses, cookies, time frames, and click patterns to guess whether the clicks are fraudulent or not. This dispute is probably over the gray areas.
There's no doubt that someone clicking a dozen times on the same ad over the period of an hour should be backed out. But if a user clicks once on a particular ad today, then does it tomorrow, and the next day, is that click fraud? Google could argue no, the user is just looking to see if the offer changes or taking some time to make up their mind. The merchant or Click Defense might argue the other way.
AFAICT, both the Google and Click Defense techniques do nothing to stop "click laundering" where the click is automatically generated by a trojan or spyware. Imagine a botnet of 100K PCs that run click laundering software. They attack certain advertisers by automatically "clicking" on their ads. This drains the victims Adwords account to zero and makes the keyword available to other advertisers, often belonging to the attacker. But there is no pattern, and only one click per computer, so how do you prove fraud or even stop it?
Another variation on click laundering is to set up a web site that has Adwords on it. Then have the trojan-infected PCs "click" on the Adwords ads on that site, or create ads that display off the site (in spyware popups for example) that will get clicks. There was a movie floating around on the P2P networks that displayed Google ads as part of the DRM license process!
There is a very big difference between taking back the analog spectrum from broadcasters and rendering all analog TV useless. If the FCC took back the analog spectrum today, it's true that I would not be affected even though I own no HDTV tuners. That is because the cable company would presumably continue to send me a wire full of analog TV. That does NOT make my analog TV go dark. If it does, well, then I'm 100% against this scheme.
If that isn't a "power loss" I don't know what is. This is an answer worthy of the Oracle at Delphi.