Forgot your password?
typodupeerror
News

General Public Realizes KaZaa is Spyware 411

Posted by CmdrTaco
from the death-to-the-eula dept.
blankmange writes "CNet is reporting the slow dawning of the general public to KaZaa and spyware. "Virginia Watson unwittingly authorized a company she'd never heard of to install software that would help turn her computer into part of a brand-new network. The software, from Brilliant Digital Entertainment, came with the popular Kazaa file-swapping program. But the 65-year-old Massachusetts resident--who has a law degree--didn't read Kazaa's 2,644-word "terms of service" contract, which stated that Brilliant might tap the "unused computing power and storage space" of Watson's computer. " " Fortunately the helpful graph in the article compares the complexity of IRS tax forms with Brilliant's terms of use... guess which one is harder to read?
This discussion has been archived. No new comments can be posted.

General Public Realizes KaZaa is Spyware

Comments Filter:
  • service agreements? (Score:4, Interesting)

    by dryueh (531302) on Thursday April 18, 2002 @09:03AM (#3364604)
    "The question is not whether people read and understand (terms-of-service agreements)--of course they don't--but whether they can be enforced," said Cern Kaner, an attorney specializing in software legislation who teaches computer science at the Florida Institute of Technology. "I don't think that companies should have the right to spy on you without your actual permission, but I think it will be hard...to prosecute companies who do engage in this type of practice if you have actually clicked on an agreement that gives them permission."

    I'm wondering if anyone DOES know the legal implications of those service agreements. When those long agreements pop-up before installation, not only does no one read them, but you agree to the thing by clicking on either 'yes' or 'no' buttons....is a yes/no button a legally binding clause? They do not, at any point, get your signature nor is the agree monitored by anything other than the installation program itself (i'm assuming, anyway).

    I don't know...I'm curious..thoughts?

    • by The_Pey (532136)
      The other interesting case is where use of the software implies acknowledgement of and binds you to the service agreement. This case is one that happens without actually clicking on the "Yes / No" buttons. How legally binding is this?
    • I'm wondering if anyone DOES know the legal implications of those service agreements the real question is wheather anyone who clicks on them is actually prepared to honour any agreements, i mean most of these companys are providing a sevice that is at best in the "grey" rea of the law, i dont think a lot of users read the acgreements simply because they *will* igonre them.
    • by Jugalator (259273) on Thursday April 18, 2002 @09:35AM (#3364776) Journal
      is a yes/no button a legally binding clause?

      From http://www.techlawonline.com/internet.htm#about3:

      The Internet variant of "shrinkwrap" licenses are "clickwrap" licenses which are standard-form contracts entered into online; for example, Terms of Service posted on a web site, under which the purchaser signifies his assent to the terms simply by clicking on a box marked "I Agree." Like shrinkwrap licenses, the terms are non-negotiable. Unlike post-payment shrinkwrap licenses, however, the purchaser's consent to the posted terms is usually obtained before the exchange of funds.

      While the courts have not explicitly upheld the enforceability of clickwrap licenses, in at least one recent decision, the U.S. District Court for the Northern District of California implicitly ruled that such an agreement was enforceable. Hotmail Corporation v. Van$ Money Pie Inc., 47 U.S.P.Q. 2d 1020, 1998 WL 388389 (April 1998, N.D.Cal.). It remains to be seen whether other courts will similarly find these types of agreements enforceable.

      The court's decision in the Hotmail case above can be found here:

      http://eon.law.harvard.edu/h2o/property/alternat iv es/hotmail.html
  • Agreements (Score:2, Interesting)

    by itsnotme (20905)
    Heck.. I like having the GPL or the PGPL and whatnot since its a standarized agreement and once you've read it once you dont really have to read it again because its the same agreement over again so its easier to think about whether you want to use it or not.. but the terms of service agreeements and whatnot are different that there's really not a standard.. and yet thats probably why almost nobody reads 'em.. here's a direct quote from the article:

    Although people regularly click on such agreements, few scroll through the verbiage. In a survey last month of 155 adults by Richardson, Texas-based consulting firm Privacy Council, 76 percent of respondents said they were "concerned" about having their privacy violated on the Internet. Only 22 percent admitted to reading privacy policies. Among respondents ages 18 to 25--a core constituency for file-swapping software--only 8 percent read the policy.


    Only 22% admitted to reading it! gee I wonder why.. that 10 page terms of use policy in windows 2000 was so frickng long and complicated that once you get past the 2nd page you just hit the pg-down button and hit the F8 to confirm afterwards after taking advil to try to forget that you even read it in the first place!

    Maybe they should do what newspapers do and dumb it down a bit so that it'd be shorter and a easier read then more people would be better informed..
    • taking advil to try to forget

      In our society, it is traditional to use spirits for this purpose. Advil is normally utilized as a pain reliever, though alcohol functions quite well in this role as well.

    • Re:Agreements (Score:3, Insightful)

      by analog_line (465182)
      I feel little sympathy for people "burned" by click-through stuff. If you're not willing do deal with the possible consequences, and you don't want to read the agreement, don't click "I Agree". If you click "I agree" you've got a shaky case because you allowed whatever to be installed on your machine.

      Let the buyer beware. If you sign on the dotted line or click on the flashing button, you are assumed to have done your damn homework. If you haven't, you and only you are responsible for the problems it causes. It's common sense, people.

      Oh wait, I forgot. Common sense is stuff that everyone says, but no one actually believes. I forgot.
  • by inKubus (199753) on Thursday April 18, 2002 @09:05AM (#3364615) Homepage Journal
    I am glad that I do home computer consulting for a living. There are so many idiots out there who just install whatever software they find without knowing the facts. And I'm glad that most of the facts are only availible on obscure sites until most people have already been hurt. I LOVE AMERICA. I am glad that companies to stupid stuff like this to hurt consumer's PCs. Somebody has to fix the damage, therefore it translates into MONEY for me ($75/hour).

    I am no troll. This is the truth. It's not very nice, but look at how much a body shop charges. Or a plumber. People don't want to be protected. They do not want knowledge. They want to make mistakes, and they want to pay to have them fixed.

    God Bless America.
    Cheers.
    • I am glad that I do home computer consulting for a living. There are so many idiots out there who just install whatever...

      I bet you don't get too many call backs with your arrogant attitude. People can tell when you hold them in low regard, and they usually return the favor.

      Most of these people you're helping are not idiots, just beginners. Unscrupulous companies are taking advantage of them. Your bad ethics aren't making things any better.

      When I gave my wife her first computer she was on a web site and called me to ask for help. A banner ad designed to look like a Windows alert message was telling her that her Internet connection was "too slow, do you want to upgrade?" I told her that was an ad and to ignore it. She then asked how she was supposed to know that and I couldn't give her a simple answer. She was right, it was a trick. In the end, I told her that some things just come with experience.

      The general public is going to slowly wake up to punitive and immoral EULA over the next few years. In the meantime, you might try behaving like a professional. The world has enough self-important experts. Wanna be a good American? Try helping someone for a change.
  • Kazaa Lite (Score:5, Informative)

    by Anonymous Coward on Thursday April 18, 2002 @09:05AM (#3364617)
    Kazaa Lite is without spyware:
    http://www.kazaalite.com [kazaalite.com]

    It replaces one of the spyware DLLs Kazaa requires with a do-nothing version.

    Dan East
    • by Marillion (33728) <`ericbardes' `at' `gmail.com'> on Thursday April 18, 2002 @10:11AM (#3364973)
      Anyone else find it ironic that I visit the site and and a popup ad appears?
  • I don't see the big deal here. Software tries to get onto your computer all the time. What about Macromedia Flash? That'll install within the browser. Or how about those lame Comet Cursors? Ditto. Do I want either? No.

    It happens in the real world too. When you buy something at Circuit City, they'll ask you if you want this 'cover plan' or that 'insurance' blah blah.. and after standing in a lot of lines, I've noticed that people generally agree to these things without understanding what they are!

    Once I stook behind a guy who agreed to everything, signed all the papers, and then the sales guy said.. okay, that's an extra $45 please. The customer didn't realize what was going on and said 'No thanks' and left.. after holding everyone up in the line for 5 minutes filling all the forms out!

    So I don't really see a problem here. It's a form of idiot tax. It's harder to avoid all of the pitfalls today, but hey.. you gotta remain vigilent at all times.
    • Thank god someone agrees with me. Honestly, why should I waste my time looking after stupid consumers when I could be making money off them?

      *I* know how to protect my computer. The last thing *I* need is more laws telling me what I can and can't do. That just makes more jobs for lawyers. I'd rather the money goes into my home computer consulting pocket. :)
  • by arnoroefs2000 (122990) on Thursday April 18, 2002 @09:06AM (#3364624) Homepage

    Get it here [kazaalite.tk] or here [kazaalite.com]

    ---

    Extra Features compared to original KaZaA
    - No Adware
    - No Spyware
    - No banners
    - No bitratelimit for mp3 files
    - No irritating websites loaded into KaZaA
    - No crappy BDE Viewer
    - No f*cking Bonzi Buddy
    - Set up multiple users with the included PseudoTrack tool
  • by angst7 (62954) on Thursday April 18, 2002 @09:07AM (#3364626) Homepage
    I've been using these file sharing programs for severel years now, beginning with Gnutella several years ago. Napster never held much appeal for me, and I've tried Audio Galaxy and KaZaa, and liked both for different reasons.

    The problem with this embedded spyware is that is ultimately serves the RIAA's purpose of shutting these networks down. I simply refuse to use any variant of KaZaa or other file sharing software until I know someone who has installed it, used it for some time, and has had no instance of spy/piggy back ware.

    Ultimately I see this nonsense and the flood of bad press which will inevitably surround it making people wary of the use of any such software (as I am now).

    Pity really.

    ---
    Jedimom.com [jedimom.com], the not-so-fresh feeling.
  • by SweenyTod (47651) <sweenytodNO@SPAMsweenytod.com> on Thursday April 18, 2002 @09:07AM (#3364627) Homepage
    It's called AdAware, and it seems capable of nuking most nasty little apps installed by websites and applications like Kazza. Grab it here from Lavesoft USA [lavasoftusa.com] and be very afraid at how many spyware components it finds!

    You should also download their reference file update utility too. This lets you keep up to date with the latest spyware programs out there.
  • by zbuffered (125292) on Thursday April 18, 2002 @09:07AM (#3364629)
    Much as the avalanche of spam in the 1990s prompted action from legislators and regulators

    Yeah, I'm glad we got that taken care of back in the 90s...
  • by Sabalon (1684) on Thursday April 18, 2002 @09:08AM (#3364634)
    He got a new computer, got all excited about Morpheus and then they switched. Since then he hasn't been able to get anything to start downloading. So he was telling me he was going to install this Kaaza thing and try it, and asked me if I'd heard of it.

    As I explained some of the functionality surplus to him, you could see his jaw just dropping and dropping.

    But I betcha he'll still install it - cause he loves the CD burner he has and how easy it is to burn MP3's-> CDDA.
    • Audiogalaxy!! (Score:2, Informative)

      by GePS (543386)
      I don't understand why someone would use a large general-file-sharing app when all they want is music. If you download the audiogalaxy client [audiogalaxy.com], you get access to a far superior collection, and with creative searches, find anything for download.
  • by reaper20 (23396) on Thursday April 18, 2002 @09:08AM (#3364636) Homepage
    I care that this bde stuff is bringing w2k/xp machines down to a grinding halt in fugly ways.

    Ad-aware is getting used more and more in my toolkit. I sure wish Norton/Macafee/whoever would just go ahead and add crap like this into their AV software. This garbage is a "virus" in my book.
    • Ad-aware is getting used more and more in my toolkit.
      Amen to that, I run Ad-Aware once a week on the lab I administer, spyware bogs down those PC's like nothing else.
    • Probably not as bad as new.net, mind you... I just gave a deep discount to a co-worker for cleaning her computer up. The amount of nastiness left on that computer before she brought it to me prevented an upgrade to IE6 and broke the start-up process, leaving it in a totally unusable state. And she had to get files on the machine back, no backups to restore from. So I had to go the long way around and clean it all up manually. Ugh. new.net, bde, 4 different instances of gator, the list goes on and on and on. On the other hand I also trained her to use ad-aware. So hopefully that won't be a recurring issue.
  • by kvn299 (472563) on Thursday April 18, 2002 @09:11AM (#3364649)
    I'm so glad these guys are getting pounded for this. It's pretty amazing how many news outlets picked up on this story. Unfortunately, there are many many more situations like this that are overlooked.

    I really don't have a problem with companies adding extra programs into their software. The problem I have is 1) Not being told about it and 2) Not being given the option of opting out or not installing it.

    As far as I'm concerned, a license is not an appropriate place to inform the user of third party software coming along for the ride. Software should be very explicit during install exactly what's happening. That way, the user can either not install the program, or if allowed, not install that component. What's so hard about that?

    The fact that these companies try to hide this stuff shows they know the systems are a bit shady.

    Strangely enough, this happens with big-time commercial software as well. I was pretty p*ssed when Intuit's TurboTax installed Internet Explorer on my laptop without asking. It just told me, "Installing IE 5.5 now" with no cancel button. I had 5.0 installed and it was there for a reason. Oh, well.

    Hopefully, awareness of these practices will hurt companies who will entually find it beneficial to be up front with their customers!

  • by n-baxley (103975) <nate AT baxleys DOT org> on Thursday April 18, 2002 @09:12AM (#3364650) Homepage Journal
    Unfortunatly, I lost interest and didn't take the time to read all the way through it. I hope there wasn't anything I'm supposed to know in there.
  • by Anonymous Coward
    or burglerware if you like. People rightfully don't expect their pc to be tapped, its resources used or otherwise tampered with.

    Of course "it's their own fault" but that does not take away the unprecedented lack of morality of the companies involved.

    It should be considered virii and nothing else.
  • by phunhippy (86447) <zavoid@gEINSTEINmail.com minus physicist> on Thursday April 18, 2002 @09:13AM (#3364657) Journal
    How many millions have downloaded this software now?
    How come not one person out of these millions noticed that line about tapping your computers unused cycles and wrote to a news site pr here about it?
    Why did this come out only when brilliant filed with the SEC?

    Surely at least one person must have read the damn eula? Somehow i don't feel to bad for everyone..

    A very happy furthernet[furthernet.com] user :)

    burn my karma if ya like i don't care i think i have a good point :)

  • by CaptainPhong (83963) on Thursday April 18, 2002 @09:14AM (#3364667) Homepage
    It should be illegal to have complicated and misleading user-agreements in software. Over the course of a day, a consumer might have to agree to several of these, not to mention other contracts, service agreements, etc. they have to sign in their non-computer life. Invariably, these sorts of things are unreadably long and full of Legalese unintelligible to the average Joe. We're bombarded by so many, that it is literally impossible to read and understand them all, let alone send them to our lawyers (as we are "supposed" to do with contracts).

    Because of the size, complexity and volume of these things (and the need to usually get past them quickly), I would argue that they amount to coercion (which would invalidate them). The same is true of shrink-wrap software licenses (which you are rarely able to examine until well after you've unwittingly agreed to them). Of course, I doubt a court of law would agree with me. However, I think it would make sense to have a consumer protection law that requires that these sorts of things have a short, concise, easy to read summary at the beginning that gives the user an idea of what they're getting in to (with all the legalese below for completeness). That would prevent companies from creating scumware like this then hiding behind their user-auto-agreements.
    • `coercion` to me suggests someone being forced to do something against their will. This is the exact opposite - someone choosing to download some software, then choosing to install it, and choosing to NOT read the contract they are entering into. Its about as far from coercion as you could hope to be.
    • GREAT! MORE LAWS! (Score:3, Redundant)

      by inKubus (199753)
      Hey, let's just pave the way for lawyers to have further control of the fucking world! That's exactly what we need! To have this issue debated and decided by computer ILLITERATES who will end up fucking us all straight up the pooper! YAY! HAVEN'T WE LEARNED, FOLKS?!

      If you are too LAZY to learn the facts, to learn how to compile your own open source software, to learn how to fix your own plumbing, YOU ARE GOING TO BE GETTING SCREWED BY SOMEONE WHO DOES KNOW.

      So please. Don't ask for new laws. Learn the facts. And then make money off the people who don't know them.
      • by karmawarrior (311177) on Thursday April 18, 2002 @10:12AM (#3364977) Journal
        Except that the current system is great for lawyers: You're forced to accept an EULA to use a piece of software, if you don't want to, you have to (somehow) negotiate your money back. And in order to understand the EULA, you probably should consult a lawyer anyway: Even if it apparently reads like plain English, there will be clauses that are likely to be invalid, or ambigious, or have hidden repercussions.

        Simply outlawing them, or offering a basic "If someone pays you for the right to use the software, you MUST offer them the ability to install and use the software without agreeing to any conditions beyond those implied by copyright law and first-use/right of first sale doctrines." is not going to help the lawyers. It removes them from the process, and a good thing too.
        • Simply outlawing them, or offering a basic "If someone pays you for the right to use the software, you MUST offer them the ability to install and use the software without agreeing to any conditions beyond those implied by copyright law and first-use/right of first sale doctrines." is not going to help the lawyers. It removes them from the process, and a good thing too.

          Yes, this sounds like a good idea on the surface, yes? But it is just asking for trouble. The laws as they are can be screwed up. And sure, some change might be due. But who are you asking to institute this change? CONGRESS?! heh, I think not.

          Perhaps this is a good idea: State laws, a proposition or referendum proposing to void EULA validity? Then at least the PEOPLE get to write the law, etc.

          Because you know congress will sneak in some backdoor that just makes us all worse off than we were before.

    • I would prefer to get rid of licensing agreements entirely. I don't have to agree to any binding terms when I purchase a CD player or a hair dryer; why should software be treated any differently?

      Of course I realize that unlike my hypothetical hair dryer, a piece of software can be copied and distributed using little or no personal resources. It isn't exactly a commodity, so it can't be treated as such. Nevertheless, I'm still opposed to EULAs in their current forms, so perhaps a compromise is in order.

      Generally speaking, the GPL and its close relatives don't get much flack from the SlashDot crowd. In essence they are EULAs, using the same legalistic and hard-to-understand languages as their distant proprietary cousins, but they are accepted, tolerated--even welcome in our community. They are maintained by standards organizations, publicly reviewed, and well understood.

      Can this be done in the commercial world? Like, such-and-such has a EULA that is approved by the [insert standards body here]? But then again, even if it did help identify these issues sooner, my guess is that no one would even bother to look for that seal ("Kazaa isn't using an approved EULA? Oh no! Oh well.").

      And then, no one could force a company (*cough*Kazaa*cough*) to get their EULAs approved. I'm not sure if I'd want that anyway.

      • Of course I realize that unlike my hypothetical hair dryer, a piece of software can be copied and distributed using little or no personal resources. It isn't exactly a commodity, so it can't be treated as such. Nevertheless, I'm still opposed to EULAs in their current forms, so perhaps a compromise is in order.

        You don't have to sign a licence agreement when you buy and read a book, borrow a book, watch TV, watch a movie at a theatre or on a VHS tape or on a DVD, listen to a music CD, listen to a radio station, etc, etc. To varying degrees, all of these are comparable to the use and flexibility of software.

        So I agree: screw 'em. At the very least, it should be possible for every user to use a piece of software without agreeing to an EULA, to the extent that a buyer can claim money back, time and effort recouped, and extra damages if they are not given the option. If a software company wants to offer an alternative, then that's fine, as long as it's an alternative, and not a replacement.
      • by LL (20038) on Thursday April 18, 2002 @10:20AM (#3365019)
        Because for software to be useful, it has to interact with other components and people. A hair dryer is a stand alone task but driving a car, you have to acknowledge the rules of the road and all the traffic signals and accept liability for 3rd party damaage and injury.

        GPL is a *voluntary* offer. In return for consideration of using other people's GPL code, you agree to behavior restrictirs (not obscuring source). EULA offer zero warranties and impose so many conditions and disclaims and exclusions clauses it wouldn't surprise me if it violated a dozen statutes. Because so many technical people have tested GPL (not to mention argued it up and down the valley) hackers have a fair understanding of the implications, even if they disagree with it, can can even come up with their own counter-offers (MPL, etc).

        With the commercial world, pre-defined contracts basically weight themselves against the user, there is no negotiation, and courses for remedy are virtually non-existant. The doctrine of equity is seriously eroded here. Until companies come up with a way of justifying their service (as encoded in software) is legally binding and balanced as to benefit/obligations, I think the public is right to be sceptical of any claims. Would you trust an email that offered you $xxxx by doing your taxes in a certain way? Or would you ask your accountant who can at least be charged with professional negligence.

        LL
  • AdAware (USA Link) [lavasoftusa.com]

    AdAware (.de) [lavasoft.de]
  • by drew_kime (303965) on Thursday April 18, 2002 @09:15AM (#3364671) Homepage Journal
    "I'm not an extremist," said Robert Regular, vice president of sales and marketing at New York-based digital advertising firm Cydoor. "But all this talk of spyware is the equivalent of elevating one bad seed, and it's having negative consequences on the good software. The public doesn't have time to investigate if it's negative software; they'll just stop downloading ...
    I would hate to think we could reach a point that, whenever a dialog box comes up and says, 'Do you want to do this,' bells go off and people become worried." (My emphasis)

    Personally, I wish that is exactly what would happen. Popups dialogs and confirmation boxes should only appear when there is something you need to think about. If you're not supposed to think about it, then why are they bothering you with the popup in the first place?

  • jeebus! (Score:4, Insightful)

    by xarfel (250123) on Thursday April 18, 2002 @09:18AM (#3364685) Homepage
    This is so ridiculous. Trust is soon to become a thing of the distant past. The last shreds of it are slipping away. Modern cannibalism for the sake of the dollar. So sad.

    "Brilliant, whose Altnet peer-to-peer software piqued consumer fears, says it is committed to telling people exactly how their computers will be used via new agreements and pop-up boxes as it loads more software and starts using consumers' computer resources."

    If they were so committed to telling people, why the hell didn't they? All of these companies set out to decieve, then lie and manipulate to cover their asses. I can't even imagine the discussions that these people had to plan such an underhanded ploy.

    You can't even hum two bars of a song without someone looking for royalties. Do you think these companies intent to pay up when they use your computer to solve a million dollar math problem? hell no! damn the man..haha
  • Hillarious (Score:4, Funny)

    by Kenshiro (6045) on Thursday April 18, 2002 @09:18AM (#3364686)
    "... I would hate to think we could reach a point that, whenever a dialog box comes up and says, 'Do you want to do this,' bells go off and people become worried." (Robert Regular, vice president of sales and marketing at New York-based digital advertising firm Cydoor)

    Oh yeah, wouldn't want that...
  • I'll bet you a nickel that if they run the Kazaa TOS through TextArc [textarc.org], Bill Gate's face will appear. =)
  • msconfig (Score:5, Interesting)

    by The Ape With No Name (213531) on Thursday April 18, 2002 @09:19AM (#3364692) Homepage
    Part of my job is to configure students machines for use on a dorm network. Very often we get complaints about service ranging from no connectivity to slow performance. Of course the slowness can be directly attributed to P2P apps and their tendency to hog bandwidth, but Gator and its ilk are notorious in our circles as poorly written programs that not only do all the privacy violation, etc that they should be reviled for, they also have the unique ability to mung Winsock on machines running ME, 98 and 2000. The fix requires a young priest and old priest and a silver sword (read: edit the registry and rebuild the TCP/IP stack). So now when I get a machine with Gator, etc. I edit the system startup to shut it down. Invariably the performance of the machine and its network connectivity rebounds. I don't ask permission to do this as we are not removing the program, but simply preventing having the prolematic software do what it does -- start.
    • Just curious.

      How exactly do you do when you "rebuild the TCP/IP stack"? Does Gator and it's ilk tip the stack over or something?
      • Re:msconfig (Score:3, Interesting)

        Delete tcp/ip from the network config and delete all the winsock keys from the registry as well as the dhcp keys. reboot. reinstall the tcp/ip in the network config. reboot. Worky.
  • by Skidge (316075) on Thursday April 18, 2002 @09:19AM (#3364697) Homepage
    "I'm not an extremist," said Robert Regular, vice president of sales and marketing at New York-based digital advertising firm Cydoor. "But all this talk of spyware is the equivalent of elevating one bad seed, and it's having negative consequences on the good software. The public doesn't have time to investigate if it's negative software; they'll just stop downloading...I would hate to think we could reach a point that, whenever a dialog box comes up and says, 'Do you want to do this,' bells go off and people become worried."

    So we're supposed to trust them. These spyware folks are just a few bad apples among the wonderful adware crowd. Damn you, Brilliant, you're keeping me from all this good adware software.
  • by Lobsang (255003) on Thursday April 18, 2002 @09:24AM (#3364717) Homepage
    This *could* be a valid business model. Think about it: Company X offers services for free in exchange for a few of your CPU cycles. The same client could be used for both distributed processing and, say, file downloads. Company X makes money by selling CPU power to third parties (your spare cycles) and you, the user, enjoy free service.

    Unfortunately, KaZaa wants to do it *without* telling you. That's just unacceptable...
  • KaZaA should of predicted the amount of backlash it would face when adding distributed spyware to it's installer. Consumers are willing to tolerate some level of spyware, as we have seen with the variety of P2P apps with "bundled apps", but KaZaA has not just stepped over the line, they flew over it. Now look at where they are at, the name KaZaA is synonymous with spyware, but more importantly KaZaA has been removed from download.com [slashdot.org], I can't think of a worst fate for a windows app.
  • by smagruder (207953) <stevem@webcommons.biz> on Thursday April 18, 2002 @09:30AM (#3364754) Homepage
    1. While installing software, don't bother with reading the EULA (unless that gives you kicks, or you're required to), but run the installation as you normally would, making sure that whenever you have the option to *not* install adware or spyware, take it.
    2. Scan your system with Ad-aware [lavasoft.de] or other comparable software. Note: I don't work for Lavasoft.
    3. If the previously installed software still works, Great! If not, uninstall it.
  • So I've been thinking more and more about this as I still can't download Farscape on the "new" Morpheus (Curse it's infernal codes), and I'm starting to come to a a conclusion that should get thrown out to see if it's not off base. . .

    So KaZaa (which still sounds like 'l337 Skr1pt k1dd13' speak) lets Morpheus use their network, since it'll pull in those people who want to use peer-to-peer and also know enough that spyware is out there and it's bad, mm'kay? One day, when Morpheus has something like a few million users, they pull the plug. Question: Where will these newly-deprived users go? For the most part, KaZaa. Now how many 'new things' are suddenly added to KaZaa and not mentioned? Seems to me like the main purpose of Morpheus in the beginning was more of a "gateway drug" to get otherwise intelligent people to use KaZaa. I think if the management at our favorite spyware-headquarters didn't know that they were using it to drag people in when they would eventually shut it down, they would have never let it run at all.

    One giant user grab? I think so.
  • by sh0rtie (455432) on Thursday April 18, 2002 @09:35AM (#3364779)

    I think the general concensus amonst us all is that spyware is bad, yet the only reliable (and free) solution seems to of been delegated to our friends at Lavasoft [lavasoft.de], while they are doing a *great* job, their project is unfortunatly closed source and therefore people/programmers cannot really contribute to its success (other than donate cash which is reccomended but not convienent to everyone)

    if people feel so strongly on this issue why hasen't anyone started an open source solution to this scurge so the talented programmers amongs us can improve the scanning and detection techniques ?

    at the moment the spyware companies only really have to make their product beat lavasofts Adaware and they are in business (at least til/if Adaware picks it up)

    sure spyware seems to be only targeted to Windows users but as other operating systems become more widespread it is only a matter of time before they spread to these alternative platforms too

    while closed source could be argued as a good thing (stop spycompanies seeing how it works) could they beat 100's of programmers all working to make the scanning engine more robust and secure, this obviously works in regards to computer security on *nix platforms as viruses are not more prominent than closed source platforms
    so would beating spyware benefit from these same techniques ?

    While i agree that these spyware programs should be regarded as viruses/trojans i think once you bring a commercial element into the equation you open yourselves up to attacks of perpetuating the products life/success (ie: rumours that virus detection companies create viruses)

    so would an open source spyware detection solution work ?

  • A legal virus? (Score:5, Insightful)

    by The G (7787) on Thursday April 18, 2002 @09:37AM (#3364794)
    I know that it's a mistake to think of legal documents as if legal language were source code or machine instructions for the legal system. None the less, it does seem as if we are beginning to see legal documents employing the same sort of "social engineering" and "viral behaviour" that we encounter daily in code.

    What Kazaa has done is no different from what the Mellissa virus did: It presented people with a choice (install this software for Kazaa, open this document for Mellissa) that appeared to most to be benign. The means of knowing the choice was not benign were available (the license agreement for Kazaa, the actual contents of the document for Mellissa), but were obfuscated (in complex and opaque legal language, in obfuscated macros in an opaque document format) and chaffed (in one small part of a very large file/document in both cases).

    Perhaps, then, we need to look upon trojans written in legal "code" the same way we look at trojans in software: As malicious and probably illegal. It is no more sensible to expect people to be able to fully comprehend a complex (and deliberately obfuscated) legal document than it is to expect people to read the binary code of every program they run. Yet our legal system presumes that you are responsible for your agreement to "run" the legal code but that you are the victim when you run the binary.

    We need to treat contracts and licenses written in legal language the same way that we treat compiled code: as opaque and, when they are harmful, as malicious "exploits" of user vulnerabilities.
    --G
  • by stinkydog (191778) <sd.strangedog@net> on Thursday April 18, 2002 @09:42AM (#3364827) Homepage
    1. We have the right to use your computer, drink your beer and sleep with your sister.
    2. You agree to binding arbitration, which means our representitve "Bubba" will tie you up and have his way with you until you stop whining.
    3. You agree to purchase additional hardware as we deem necessary to run our software.
    4. Your rights: NONE

    Accept Yes/NO

    SD
    • They post a EULA. If you can't read a EULA, get a lawyer or learn legalese. People need to take responsibility for themselves, and people ultimately need to be accountable for the software they install on their computer. It'll be a cold day in hell and a dark day on the surface if some judge ruled in favor of the plaintiff if anybody sued over this.
    • This is actually a good idea: Kazaa provides a free service for its users and a free download, and in exchange for this the users give up some CPU time. Maybe you all who think everything on the Internet should be for free (*glare at T(H)GSB*) should take your altruism back to 1999.
    • If you don't know what software does, don't install it. I know what I have installed on my computer, I know what it does, and I don't get surprised when I do (pkg_info|dpkg -l).
    • My favorite part from the article: "76 percent of respondents said they were "concerned" about having their privacy violated on the Internet. Only 22 percent admitted to reading privacy policies." No comment, this quote speaks for itself.
    • The 1040EZ is less of a read than the EULA? I should hope so. That's not even saying much.

    If you disagree, reply.
    • by gelfling (6534) on Thursday April 18, 2002 @09:48AM (#3364862) Homepage Journal
      IF you want to make a big deal about the legality of EULAs don't forget that something is either a contract or it is not. In which case it may have to conform to readibility statutes including being in a language you can actually read. Time and time again, legally speaking oh libertarian one - obscurity for the sake of obscurity has been struck down in the courts under the general principal that if you have something to hide you are probably committing fraud or trying to commit fraud.
    • Non Est Factum

      A legal rule for voiding contracts based on
      - (computer) illiteracy
      - (program) radically different from what it is
      - failure to understand due to complexity (not carelessness)

      The key item is #2, that the program is in fact radically different in intent to what the person downloading it believes it to be (file fetching v P2P node). Fact is that computer literacy is so absymally low that items 1) and 3) would apply to 99.9% of the population.

      This is the same reason why we retain accountants. The complexity of the legal code is such that we trust professionals to interpret it for us. Perhaps in some far off day, we ask open source advocates to help audit/secure software instead of picking up viruses and trojan horses willy-nilly.

      LL
  • by TDScott (260197) on Thursday April 18, 2002 @09:52AM (#3364888)
    ...then I've written an under-600-word guide to the problem and how to fix it [thomasscott.net], designed for the uninitiated.

    Pointing people there could save hours of explanation...

  • by Midnight Thunder (17205) on Thursday April 18, 2002 @10:01AM (#3364925) Homepage Journal
    I am starting to really believe that all software licenses should include a FAQ, so people don't have read the whole unreadable text of a software license. I know that many companies write software licenses to protect themselves, but more and more are also doing it to gain additional rights.

    Other ideas that come to mind are standardized liability levels to which you can associate a logo. Something like 'MC' = Mission Critical, we pay if it breaks, 'NL' = No liability, you assume all the risks, and probably other more fine grained categories? The idea is that a software purchaser should know where they stand when buying a piece of software, rather than having to resort to hiring a lawyer or screwing themselves royally because they don't have the time for the fine print.

    Just imagine having a license written on the wrapping paper of every present you get at christmas. I am not sure anyone would check what it had to say, since they just want to get to the goody inside - software is the same.

  • by Dr. Bent (533421)
    Whenever I read articles about this I think about the free amusement park in the movie "Pinnochio" that turns you into a donkey. Moral of the story: There's no such thing as a free lunch.
  • Most of what I've read so far in this discussion is about click through licences, which is fair enougth.

    However what I'am wondering is, am I bound by any licencing aggrement on any software that comes pre-installed on my PC.

    I never signed or clicked an agrement, nor did I openn a package, so do I have to abide by any licence agrement I find with the Machine.
  • Just get drunk (Score:3, Insightful)

    by CoreyG (208821) on Thursday April 18, 2002 @10:46AM (#3365121)
    If it's true that you can't enter a legally binding agreement while drunk, just pound a few brews before clicking "I agree." Time to go install some more software...
  • by Dragoness Eclectic (244826) on Thursday April 18, 2002 @11:23AM (#3365342)

    I wonder if anyone has reverse-engineered BDE's protocols yet? It would be a damn shame, wouldn't it, if their surreptiously installed thiefware should inadvertantly retrieve data containing a destructive worm as a payload, or if their computations were all skewed just enough to still be plausible, but uselessly wrong, or if the client on some computer that their server connected to wasn't quite the client they originally installed, and had unfortunate effects on said server....

    Eavesdroppers can't complain if what they hear is unflattering, and thieves can't complain if the stuff they stole is dangerous to them.

  • by ChaosDiscordSimple (41155) on Thursday April 18, 2002 @11:32AM (#3365396) Homepage
    I think the fact that Kazaa has 65 year old users is the real news here. Clearly file sharing has become mainstream if grandmothers are using it.
  • Retaliate? (Score:4, Funny)

    by upshift (151237) on Thursday April 18, 2002 @12:16PM (#3365806) Homepage
    Wouldn't it be great to take AdAware to the next level? I'd call it retaliation-ware. Figure out what the scum-ware is looking for and send bogus data. I wish I had the time for it.

    Upshift
  • by Xunker (6905) on Thursday April 18, 2002 @12:21PM (#3365836) Homepage Journal
    ..I as because I, like so many others, have a client for a distributed computing project installed on the PCs that I use regularly. In my case it's the Dnet OGR client, and it runs in super nice mode, sucking up any spare cycles that fall through the other processes. In this scenario, techically, almost all of my CPU time (with the exception of a micron here or there) is used.

    Not, I don't know how brilliant's distributed system works, but if it's like any others it will do the same thing as my Dnet client and put itself in the lowest priority group, right next to my Dnet client which means that they will be splitting the remaining cycles -- yet these are not cycles that were unused, they are cycles one client too from another I had previously installed!

Brain off-line, please wait.

Working...