| reply to richtig
Re: What I Told the FTC about Spyware... richtig:
You've put your finger on the unpleasant truth of so much of what passes for "spyware" recently: its difference from traditional malware is increasingly nil -- at least from a functional perspective. In fact, there is some spyware is that is arguably more destructive to the user's ability to USE the computer than some forms of malware.
Another issue you raise is the question of security: once you hide your application behind 18 pages (8400 words) of legalese, you can sneak in almost anything and then argue that the user agreed to the installation -- which is obvious horse hockey, since there is not a user out there who would have the faintest hope of getting through all that legalese. So, yes, it is entirely possible.
And then, of course, there's the nightmare scenario: what if these virus-coders actually started putting a EULA in front of users before infecting their systems? That might not actually be a bad idea for them to pursue (at least for their purposes; for the rest of the internet community it would be a disaster).
Since some of these viruses are now hijacking people's computers to set up massive spam networks, there is a commercial function or intent behind some of these viruses, just like the commercial function that we see with "advertising software" (i.e., spyware). Could virus makers get respite from AV applications and vendors by putting a EULA in front of users? If the spyware pushers' line of argument is accepted, they very well could.
Best,
Eric L. Howes |
|
 jeisenbergNew Year's Eve
join:2001-07-06
Windsor, ON
 ·Cogeco Cable
| reply to eburger68
I think the most enjoyable EULA I've ever encountered was in a shareware screensaver product called DiveVision from Atlantis 3D.
I'm not affiliated with the company, and copped this URL from the Atlantis website.
»www.atlantis3d.com/index.php
It's worth downloading their product and BEGINNING the installation process just so you can read what a EULA should be like. |
|
| reply to eburger68
WHAT I WROTE TO THE FTC
Just a qiuck comment in regards to "spyware" or "adware". I am an owner of a computer service company and more than 95% of the customer PC's that enter our shop that all have "spyware" or "adware" that has somehow crippled or reconfigured the users system without their consent. This statistic has grown incredibly in just the last year. 100% of all the customers had no idea that these programs were installed on their PC's. This is a blatent Invasion of Privacy! If I were to sneak in your house and post advertisements on your refridgerator I would be in violation of the law and that is in effect what these companies are doing to the general public only through their internet connected PC's !
Please see this uninvited installation of software for what it is, it is criminal!!!!
Corey Hardenburg
Axiom Technologies
1006 Yakima Ave
Yakima, WA 98902
509-457-7670 |
|
Host:
Road Runner
PC gaming GAMES
PC gaming Tech
| reply to eburger68
Oh, you're just part of an "anti-advertising" cabal to prevent those poor marketers from spreading joy and love to the American people! 
Seriously, I think your activisim is fantastic. The world needs about 40 million more of you to give a shit and we'd be on the right track. |
|
 jaykaykay4 Ever YoungPremium,MVM
join:2000-04-13
Scottsdale, AZ
kudos:19
 ·Speakeasy
| reply to eburger68
Once more, you have added something quite special for those who use a computer. That is if the FTC bothers to really absorb your very salient information. Thanks, Eric, for continuing to educate not only the public in general, but those that are more specifically oriented, or should be, the FTC. |
|
| reply to richtig
Just submitted my copy to the FTC, received an e-mail saying it was going to be posted on the public part of it during the hearing. |
|
| reply to axiomtech
The last MAJOR problem I had on my bench was 1400 instances in AdAware, that caused over 300 reg. problems. The sys. would barely start and function it was so crippled. She (the owner) had dealt with it for so long that she didn't really notice the hampering of speed...her reply was, "Yea...I guess it's gotten slow over time...I just figured it was because of age".
I call this place (Yakima) "The Bubble"...people just happy to go with the flow, not to much from what I've seen gets anyones shorts in a twist...to include slow computers. You'll have a hard time getting people to understand what spyware is, let alone get pissed off about it. I try to explain the damage of "Almost on Line" (AOL), and how they are now logging all transmissions of AOL Messenger...the reply is always the same..."That's O.K., I'm not doing anything wrong". Go figure?
Was in AZ...Now in YAK |
|
| reply to eburger68
Hi All:
I want to thank everyone who posted to this thread for their kind comments and observations.
Really and truly, though, folks, we need more people to file comments with the FTC. It is depressing to see so many people complain about spyware in forums like this and then pass up the opportunity to actually do something substantive about it. The days when we can simply sit around in a forum like this bitch about spyware are swiftly coming to an end. See my long post in this thread:
»What's the *motivation* for hijack-ware?
...for the reason.
All the best,
Eric L. Howes |
|
1 edit | Eric, very impressive, I haven't read it all yet but I have printed it all out and will read it later. I am going to make sure my father reads the documents as well because he is getting his ADSL connection this week and I am sure without an awareness of these issues, his PC will be compromised in no time.
Hopefully this isn’t to OT - I wonder why AV companies don’t block spyware properly, as it seems it’s just as important as viruses these days. I noticed that McAfee VirusScan Enterprise 7.5, which entered beta testing this week, have improved their “unwanted programs” feature to block spyware, adware, remote administration tools and dialers amongst other things. Reports from the beta list indicate that the feature doesn’t work that great at the moment and it’s no substitute for adaware or equivalent.
Anyways, great work Eric. |
|
|
|
| First off kudos to you Eric, secondly I've posted my thoughts to the FTC and recieved a confirmation saying it would be posted.... Even after they updated their posts I still don't see it even after the email.  Anyone else had problems with this. |
|
| GodKhaine:
Well, the last time they updated was April 8. When did you submit your comments? My guess is that whoever is updating that page is struggling with other responsibilities. They went several weeks without updating and then updated twice in a week. If your comments don't appear in the next update, send them an email.
By the way, in response to several requests for HTML versions of the three documents included in that one rather large PDF file that I submitted to the FTC, I've now made corresponding web pages, which you can find here:
Comments to the FTC
»www.staff.uiuc.edu/~ehowes/ftc-comments.htm (51 kb)
Junkware: A New Name for Spyware
»www.staff.uiuc.edu/~ehowes/junkware.htm (21 kb)
The Anatomy of a Drive-by-Download
»www.staff.uiuc.edu/~ehowes/dbd-anatomy.htm (952 kb)
The third document is still a little large (b/c of the screenshots) but it is now about half the size of the PDF version. You'll also find menus and clickable links in these HTML versions (though I've disabled links that may land readers on pages that perform drive-by-downloads).
All of these new HTML versions are now listed on my main FTC Spyware Workshop page as well:
»www.staff.uiuc.edu/~ehowes/ftc-spyware.htm
So, have at it. If you discover any errors or other anomalies, please don't hesitate to let me know.
Best,
Eric L. Howes |
|
| You were right eburger68 I must be impatient, because a few days later they updated it.  |
|
 navalairNavalairPremium
join:2001-02-16
Arkansas City, KS | reply to eburger68
An extraordinarily complete and carefully written document, Eric. My hat's off to you for taking the time to compile all the necessary major and minor (but no less important) arguments--pro and con--on this subject and presenting them in such a masterful manner.
It would truly be a shame if your all-inclusive arguments and points of contention fall on deaf ears at the FTC, because the spyware lobbyists are able to divert attention from your well written document with reams of overwhelming First Amendment arguments (or, worse, with well placed political contributions).
Thank you, Eric, for posting your thorough documentation here for the enlightenment of us BBR members as well as sending it to the FTC. My printer is going to get a real workout the next few days copying all you have provided in your post, so it can be perused at my leisure. |
|
| reply to eburger68
Thanks for posting this Eric. I have just made a cup of coffee and will begin what appears to be a very informative read. Kudus for all your effort. |
|
 whizkid3Premium,MVM
join:2002-02-21
Queens, NY
kudos:8 | reply to eburger68
Eric, fantastic work. In fact, after reading much of your work, I see that you have done the FTC's job for them.
I would not be surprised if the FTC used your documents as definitive texts on the subject, and offered you a director level position.
Once again, Bravo! |
|
Reviews:
·Shaw
1 edit | reply to eburger68
I just noticed the date on the original posting. I am glad this was resurrected or I would have missed it completely, (work does tend to be an annoyingly intrusive thing in one's life).
Some general and very belated comments.
quote:
Most alarming to me, though, is the increasingly aggressive nature of this spyware, whose creators seem to find ever more sophisticated ways to push their software on unsuspecting users and hijack consumers' computers for commercial purposes.
Eric, what strikes me most is that the originators of "junkware" are able to use the internet as a medium to excuse those practises which essentially would be actionable or in some cases illegal,had they been undertaken in any other context. "Junkware" exponents have exploited a definite gap in the law occasioned by the electronic media.
quote:
Second, these spyware programs can severely degrade the stability and usability of victims' PCs and prevent consumers from using their computers and internet connections as they choose. The computers that I fix are usually sluggish and unstable, prone to errors and crashes, and are unable to connect to the internet in some cases. Even when the performance of their PCs is not degraded, these spyware victims are frequently subjected to a raft of unwelcome system changes.
Such conduct is tortious, in that by trespass "junkware" may cause damage to an individual's personal property,(ie ranging from software to the actual pc) and if that pc is used in business there may even be a greater anticipated economic loss occasioned by its malfunction. Such deliberate intrusion and interference would not be legally tolerated anywhere else, so why on the internet.
quote:
All too many of the EULAs that consumers encounter with unwanted software are presented in confusing, pressured circumstances -- in the midst of several pop-ups from a web site that refuses to work unless the user installs the correct plug-in, for example.
High pressure sales tactics, no more no less. Contractually the owners of "junkware" hide behind the tried and true methods of obfuscation practised by a litany of shady dealers throughout time. It appears they have recognised the benefits of technology and the ready access it provides to unwary and unsophisticated victims. Consumer protection laws generally do not countenance this type of behavior, and it certainly casts doubt on any number of the essential components of a valid contract, the least of which is the necessity for consensus ad idem, or a meeting of the minds.
quote:
Moreover, these EULAs often couch complex, even outrageous, terms of agreement in long, dense blocks of legalese that few consumers have any hope of understanding. Many of these EULAs point to still more EULAs from other associated parties, requiring users to track down and plow through a pile of prose so daunting that few would ever venture to attempt it.
Eric, I am mindful of what you later refer to as "numbingly long...intense legalese" which appears in most EULA's. It is clear that such agreements are meant to deter all but the most dogged of readers. Once again, it is the old fine print scam, with an internet flavor. I would only add that the majority of these documents are so vaguely worded as to be meaningless, including the privacy statements, which generally contain conditions that provide for unilateral amendment by the "junkware" vendor, with very little or no notice and for the most part protect no one but the company foisting the "junkware".
quote:
When spyware distributors couple dense crops of legalese with disorienting "drive-by-downloads," the effect on confused consumers is not unlike the bewilderment created by the fast-talking door-to-door salesman who gets his foot in the door and, in a flash, is in your living room, busily vacuuming the carpet and arranging shelf space for a new set of encyclopedias.
A more than appropriate analogy. Simply put, those unethical and illegal methods used by unscrupulous individuals since time immemorial, subject to sanction by law, seem to operate with relative impunity on the internet. Hopefully the FTC recognises this. Glad this resurfaced and I was able to read it, and please update us with any response.
Regards |
|
| mens rea:
Thanks for your comments, all of which are right on the mark. The common theme throughout your comments is that spyware vendors are engaging in behavior that would be tolerated nowhere else. That they are able to ply their trade on the internet is an accident of the law and the law's inability to keep pace with the "innovative" scam tactics practiced in cyberspace.
As I am not an attorney and have no formal legal training, I avoided saying anything in my comments that might be regarded as a legal judgment. I largely confined my comments to the effects on users.
At the risk of becoming a pushy salesperson myself, could I persuade you to submit comments such as you made here to the FTC? We sure could use another voice on this issue who is informed about the law and the practices that are traditionally not tolerated by it.
I haven't heard any response (formal or informal) to my comments -- or indeed to any of the other excellent anti-spyware submissions to the FTC. The workshop is in one week. I'll be there and will be happy to report back here what significant happenings took place.
Best,
Eric L. Howes |
|
Reviews:
·Shaw
| said by eburger68:
At the risk of becoming a pushy salesperson myself, could I persuade you to submit comments such as you made here to the FTC?
I am flattered but I think there may be an issue as to standing...at the very least...I will im you. |
|
