General Public Realizes KaZaa is Spyware 411
blankmange writes "CNet is reporting the slow dawning of the general public to KaZaa and spyware. "Virginia Watson unwittingly authorized a company she'd never heard of to install software that would help turn her computer into part of a brand-new network. The software, from Brilliant Digital Entertainment, came with the popular Kazaa file-swapping program. But the 65-year-old Massachusetts resident--who has a law degree--didn't read Kazaa's 2,644-word "terms of service" contract, which stated that Brilliant might tap the "unused computing power and storage space" of Watson's computer. " " Fortunately the helpful
graph in the article compares the complexity of IRS tax forms with Brilliant's
terms of use... guess which one is harder to read?
service agreements? (Score:4, Interesting)
I'm wondering if anyone DOES know the legal implications of those service agreements. When those long agreements pop-up before installation, not only does no one read them, but you agree to the thing by clicking on either 'yes' or 'no' buttons....is a yes/no button a legally binding clause? They do not, at any point, get your signature nor is the agree monitored by anything other than the installation program itself (i'm assuming, anyway).
I don't know...I'm curious..thoughts?
Agreements (Score:2, Interesting)
Only 22% admitted to reading it! gee I wonder why.. that 10 page terms of use policy in windows 2000 was so frickng long and complicated that once you get past the 2nd page you just hit the pg-down button and hit the F8 to confirm afterwards after taking advil to try to forget that you even read it in the first place!
Maybe they should do what newspapers do and dumb it down a bit so that it'd be shorter and a easier read then more people would be better informed..
Re:And the public cried... (Score:3, Interesting)
It's been going on for ages (Score:2, Interesting)
It happens in the real world too. When you buy something at Circuit City, they'll ask you if you want this 'cover plan' or that 'insurance' blah blah.. and after standing in a lot of lines, I've noticed that people generally agree to these things without understanding what they are!
Once I stook behind a guy who agreed to everything, signed all the papers, and then the sales guy said.. okay, that's an extra $45 please. The customer didn't realize what was going on and said 'No thanks' and left.. after holding everyone up in the line for 5 minutes filling all the forms out!
So I don't really see a problem here. It's a form of idiot tax. It's harder to avoid all of the pitfalls today, but hey.. you gotta remain vigilent at all times.
In other news... (Score:1, Interesting)
Why is it everyone calls us for technical questions but nobody has sense enough to trust us when we hit transitional topics like these. It's like the AMA being ignored on addiction and unsafe sex issues.
Oh, yeah, I remember: because we don't spend any money lobbying, we're inscrutible and we have some rather extreme views.
Re:service agreements? (Score:2, Interesting)
What ever happened to file sharing? (Score:4, Interesting)
The problem with this embedded spyware is that is ultimately serves the RIAA's purpose of shutting these networks down. I simply refuse to use any variant of KaZaa or other file sharing software until I know someone who has installed it, used it for some time, and has had no instance of spy/piggy back ware.
Ultimately I see this nonsense and the flood of bad press which will inevitably surround it making people wary of the use of any such software (as I am now).
Pity really.
---
Jedimom.com [jedimom.com], the not-so-fresh feeling.
Just enlightened my neighboor (Score:5, Interesting)
As I explained some of the functionality surplus to him, you could see his jaw just dropping and dropping.
But I betcha he'll still install it - cause he loves the CD burner he has and how easy it is to burn MP3's-> CDDA.
don't care about the 'hidden network'.... (Score:3, Interesting)
Ad-aware is getting used more and more in my toolkit. I sure wish Norton/Macafee/whoever would just go ahead and add crap like this into their AV software. This garbage is a "virus" in my book.
Re:And the public cried... (Score:5, Interesting)
I've always wondered if the "click if you agree" thing is enough. I remember learning once in my highschool law class that when it came to contracts etc, both parties had to fully understand the extent of the wording - in order to protect people from "fine print" trickery.
It would seem to me that these over-complicated EULAs are an attempt to either confuse users, or get them to click "Agree" without understanding the terms.
If I "trick" you into signing something, you should still be legally protected. Granted of course that you can afford to take it to court.
But that's what class action suits are for right?
IADNAL (D==Definitely)
Tax forms.. (Score:1, Interesting)
Sure a lot of people have problems with them:
a lot of people can't read bus time tables either.
I honestly don't think the IRS are out to make things as difficult as possible..
Now EULA:s on the other hand, are written in pure, unadulterated legalese,
by lawyers for lawyers.
You can't really expect your average Joe to read or fully understand those things..
Why is this so difficult? (Score:5, Interesting)
I really don't have a problem with companies adding extra programs into their software. The problem I have is 1) Not being told about it and 2) Not being given the option of opting out or not installing it.
As far as I'm concerned, a license is not an appropriate place to inform the user of third party software coming along for the ride. Software should be very explicit during install exactly what's happening. That way, the user can either not install the program, or if allowed, not install that component. What's so hard about that?
The fact that these companies try to hide this stuff shows they know the systems are a bit shady.
Strangely enough, this happens with big-time commercial software as well. I was pretty p*ssed when Intuit's TurboTax installed Internet Explorer on my laptop without asking. It just told me, "Installing IE 5.5 now" with no cancel button. I had 5.0 installed and it was there for a reason. Oh, well.
Hopefully, awareness of these practices will hurt companies who will entually find it beneficial to be up front with their customers!
Re:And the public cried... (Score:2, Interesting)
This raises an interesting question in my mind. My mother tongue is french, I have enough technical knowledge of english to figure out what the menus of a program are and what the use of the program is. But I don't understand english legalese (nor french, for that matter). So would a court consider that they tricked me into clicking the I agree button by intentionaly obfuscating the agreement?
You could of course complain that I should have clicked the "I don't agree" button then. But what in the case I give this software to my mother (who has no knowledge whatsoever of english), she tries installing the software and by trial and error, finds that the "I agree" button is the only one that installs the program. Can she still be considered tied by the "contract"?
msconfig (Score:5, Interesting)
A little more like Snowcrash (Score:2, Interesting)
If the company failed to take these actions and allowed the user to click through anyway, they could rest assured that their EULA would be unenforceable. That would certainly shorten EULAs fast.
Open source scanning solution ? (Score:3, Interesting)
I think the general concensus amonst us all is that spyware is bad, yet the only reliable (and free) solution seems to of been delegated to our friends at Lavasoft [lavasoft.de], while they are doing a *great* job, their project is unfortunatly closed source and therefore people/programmers cannot really contribute to its success (other than donate cash which is reccomended but not convienent to everyone)
if people feel so strongly on this issue why hasen't anyone started an open source solution to this scurge so the talented programmers amongs us can improve the scanning and detection techniques ?
at the moment the spyware companies only really have to make their product beat lavasofts Adaware and they are in business (at least til/if Adaware picks it up)
sure spyware seems to be only targeted to Windows users but as other operating systems become more widespread it is only a matter of time before they spread to these alternative platforms too
while closed source could be argued as a good thing (stop spycompanies seeing how it works) could they beat 100's of programmers all working to make the scanning engine more robust and secure, this obviously works in regards to computer security on *nix platforms as viruses are not more prominent than closed source platforms
so would beating spyware benefit from these same techniques ?
While i agree that these spyware programs should be regarded as viruses/trojans i think once you bring a commercial element into the equation you open yourselves up to attacks of perpetuating the products life/success (ie: rumours that virus detection companies create viruses)
so would an open source spyware detection solution work ?
Re:And the public cried... (Score:1, Interesting)
When I lease or own a car, I am responsible for all car maintenance outside of warranty service. When I rent a car I just bring it back and it's out of my hands. Totally different.
Software licenses and FAQs (Score:3, Interesting)
Other ideas that come to mind are standardized liability levels to which you can associate a logo. Something like 'MC' = Mission Critical, we pay if it breaks, 'NL' = No liability, you assume all the risks, and probably other more fine grained categories? The idea is that a software purchaser should know where they stand when buying a piece of software, rather than having to resort to hiring a lawyer or screwing themselves royally because they don't have the time for the fine print.
Just imagine having a license written on the wrapping paper of every present you get at christmas. I am not sure anyone would check what it had to say, since they just want to get to the goody inside - software is the same.
Re:msconfig (Score:3, Interesting)
On The Article's Mention of Gator... (Score:2, Interesting)
As one example, they describe in brief the software Gator uses to obtain marketing demographic information about you:
Does an uninvited guest keep knocking on your door saying, 'Hi! I'm here!'?" he asked rhetorically, describing Gator's multiple disclosures and the icon of alligator eyes that appears whenever the program is running. "No. We are invited guests on the desktop and even pop up a fourth modal screen saying, 'Your Gator software is here.' And since our e-wallet software helps users every day fill out forms, we constantly come back and have an ongoing relationship with our customers."
Well, the other week I ran RegMon on my XP box (wait, RegMon uses system-level hooks, doesn't it? That might be against the XP EULA) Anyway, I monitored my registry access, and aside from seeing expected system activity, I noticed a number of references to www.gator.com, checking for the presense of various applications of my computer. I have never knowingly agreed to have gator software installed on my machine (though I may have clicked Agree in some agreement where it was buried in legal speak). It does not appear in the "Remove Software" control in XP. Further, despite what the above quote suggests, gator eyes do not appear in my taskbar, and I have not seen a single modal dialog telling me gator is looking through my registry.
My guess is that gator was either bundled with my machine (Sony Vaio), or entered my machine piggy-backed onto another app that I did agree to install.
The app that believe sold my info to gator is AudioGalaxy satellite, a file sharing app ala Kazaa.
As an aside, I also noticed some registry activity from bundled virus software on my machine that I supposedly disabled; has hijacking my machine become an industry standard?
The question is not if you're being watched; the question is who is watching you!
Spyware (Score:2, Interesting)
Re:Kazaa Lite (Score:1, Interesting)
And what makes them more trustworthy? Absolutely nothing... Be paranoid... It's healthy... The whole world IS out to get you.
But,I feel a whole lot better when source is available because I know that eventually someone who is experimenting with the code could uncover any nasty bits that are there and point them out to the rest of the community so we can check it for ourselves.
All this spyware that has been circulating highlights the need for open source software. You have no idea what you're getting when you download a binary and neither does anyone else. Sometimes what you're getting is just a half step above a worm or a virus.
Thieves and Eavesdroppers can't complain (Score:5, Interesting)
I wonder if anyone has reverse-engineered BDE's protocols yet? It would be a damn shame, wouldn't it, if their surreptiously installed thiefware should inadvertantly retrieve data containing a destructive worm as a payload, or if their computations were all skewed just enough to still be plausible, but uselessly wrong, or if the client on some computer that their server connected to wasn't quite the client they originally installed, and had unfortunate effects on said server....
Eavesdroppers can't complain if what they hear is unflattering, and thieves can't complain if the stuff they stole is dangerous to them.
65-year-old Kazaa user? (Score:4, Interesting)