||Just over a year ago the Federal Trade Commission hosted a
one day Spyware
Workshop, which was attended by a wide variety of
individuals representing a myriad of interests. That workshop signaled
an important turn in the debate over spyware and adware, which had
hitherto received little attention from regulatory authorities. The
major players in the adware advertising space recognized the importance
of the event, and a number of them either submitted comments or attended
the event (e.g., Claria,
In the one year since the FTC's workshop, the adware industry has
making a great deal of noise about its great regard for the privacy of
web surfers and its sincere intention to hold itself to high standards to
preserve users' control of their own PCs and online experience (e.g.,
The major adware companies have even advocated, set up, or joined
industry efforts to establish "best practices" governing the
installation and privacy practices of advertising software (e.g.,
In the wake of this activity, a great deal of effort has been devoted
to examining the installation practices of advertising software
(otherwise known as "adware"). Much of this effort on the part
of researchers and critics has focused on identifying and exposing the
worst sorts of installation practices -- "stealth installs" or
"force installs," often performed through the use of security
exploits, in which users receive absolutely no notice that advertising
software is to be installed on their PCs.
As outrageous as such stealth "drive-by-download"
installations are, we shouldn't neglect the mundane reality of spyware
and adware, namely that the vast majority of it is still installed after
users are presented with some form of notice and disclosure but are
tricked, hoodwinked, bamboozled, or otherwise induced into
"consenting" to the installation of software they would
otherwise find objectionable.
Thus, it becomes critical to examine closely the installation
practices of adware applications that do offer some form of notice and
disclosure, and to do so with an eye towards understanding just how users
can be induced to "consent" to the installation of software
they would otherwise not want. This task is especially important given
that most of the major adware players claim that their installation
practices are so clear, straightforward, and forthright that users must
be actually indicating their knowing, meaningful consent when they click
through installation screens that ask them to agree to the installation
of advertising software.
We hasten to add that we aren't the only ones who regard the
installation practices of adware vendors to be a critical subject of
scrutiny. In announcing
its recent action against Intermix Media, the New York Attorney
General tellingly singled out the notice, disclosure, consent, and
choice practices of that adware vendor. Moreover, in its several filings
the Attorney General devotes a good deal of space to detailing the
objectionable installation practices it encountered with bundled
installs of Intermix Media's software found at mainstream web sites.
To examine the installation practices of the major adware vendors, we
have tried to assemble not a "rogues gallery" of
"stealth-installs," but a collection of adware installations
that might initially appear to be substantially ethical and above-board.
We have also looked for installations that we could present as somewhat
representative of the typical installation practices used by the more
reputable adware vendors. In other words, instead of looking for the
"worst-of-the-worst," we went looking for installations that might
fairly be said to
represent the adware industry on its better behavior.
To do this, we have limited ourselves to bundled installs of adware
from apparently reputable, mainstream web sites, because these are the
most likely to employ carefully designed notice and disclosure
practices. What you will see are not "force-installs" by CoolWebSearch
variants through security
exploits at porn and "warez" sites, but apparently
innocuous installations of advertising software from the more reputable
players (WhenU, 180solutions,
Claria, among others) at web sites
offering mainstream fare.
We have also decided to ask readers to evaluate these
installations by using criteria offered by a leading advertising
software company, one which many critics and commentators regard as a
breed apart from most of its competitors in the adware space: Claria
Corp., whose GAIN advertising software has nonetheless been the subject
of heated discussion.
In the comments it submitted to the FTC last April, Claria
promoted three "core principles" for adware vendors to embody
in their business practices: notice, consent, and control. Claria
explained these principles thusly:
|A. Notice and Consent.
The consumer's decision to install ad-supported software must be preceded by notice of the relevant aspects of the software and consent to its installation. If adware collects and relies on personally identifying information to serve ads, or if it collects and uses sensitive personal information such as financial account numbers or health-related information, this must be disclosed to consumers clearly, conspicuously, and unavoidably before consumers can choose to download the software.
Consumers should have the right to change their minds. In the context of adware, Claria believes that no decision by a consumer to install its software should be final. Consumers should be able to identify the source of the ads they get from adware they have installed based on a quick look at the text and graphics of the ads themselves. Consumers should also be given a means - also from the ads themselves - to be reminded why they received the ads, and to uninstall the ad-supported software that generates the ads if they so desire. The uninstall procedures of the ad-supported software should be simple, easy to understand, and consistent with the way consumers uninstall software that is not ad-supported generally.
With those "core principles" in mind, we ask readers to
review the example adware installations that we have assembled and make
up their own minds as to whether the adware industry has made
significant progress in cleaning up its business practices.