Posted on 06/13/2002 9:58:48 AM PDT by dead
A multitude of companies may be spying on your computer - and you, writes Nathan Taylor.
You may not know it, but you could be lending spare computer power to a new software company in the United States. A viral program, Altnet (formerly known as Brilliant Digital), is covertly installed with recent versions of popular file sharing software KaZaA, along with several other file sharing programs. Altnet uses the spare processing power of the host computer for the company's own ends. That is, it can hijack a user's spare processing power for use by the company, with the user being none the wiser.
It's not the first time that KaZaA has secretly installed unwanted software. Late last year, the Australian-owned software company was embroiled in a scandal in the Net community. As part of the install process for KaZaA's eponymous file sharing software, an extra application called ClickTillUWin was surreptitiously forced on to the user's computer.
Ostensibly, ClickTillUWin delivers advertising to a computer. KaZaA, which gives away its software for free, uses revenue from the advertising (which appears in a bar at the top of the application) to make ends meet.
But ClickTillUWin does not just deliver ads to users. It contains a virus that reports back to its developers, Cydoor, which websites computer users visit. This information is then used to deliver "targeted" advertising. So if the program found you visited a lot of sports sites in a day, for instance, it might deliver more ads for sporting goods to your system.
Then there's vx2, which came with another file-sharing tool, Audio Galaxy. It monitors when a computer user fills in an online form. It takes the information and sends it back to the developer. Even credit card information may be sent back.
You might be excused for thinking that these are malicious programs inserted by hackers. They're not. These are legitimate programs bundled with commercial and free software, sometimes from major companies -- but the companies are less than forthright about letting users know what is being installed on their computer along with the software.
A number of software development/marketing houses in the United States and elsewhere develop spyware. Most of them you would have never have heard of: Cydoor, Brilliant Digital, Conducent and Radiate are some of the biggest. These companies started on the premise of delivering ads with software that can be downloaded for free (paying a chunk of the revenue to the developer of the free software), but have morphed into something far more sinister.
"Businesses demanded information about behaviour that can be used to sell," said Nigel Waters of Pacific Privacy Consulting. With Net advertising revenue so thin on the ground, struggling software providers sought a competitive advantage. Many adware applications turned into spyware applications. Adware programs are applications that foist advertisements and links on the unsuspecting party. TopText, which comes with a number of applications, is an example of this kind of stealth advertisement. It parses Web pages that the user visits and inserts hypertext links on keywords, linking to sponsor pages. These links look no different to the links that would originally appear on the Web page. Other programs might simply replace banner advertisements on Web pages visited with banner ads provided by the software manufacturer, effectively stealing ad revenue.
While TopText is merely invasive, most others are much worse. Most adware/spyware applications include additional tracking software, which secretly reports a user's Internet movements back to the software developer. In short, all those free programs that you installed could be reporting your every move back to an unknown marketing or development company. Ostensibly, this information is gathered for marketing purposes, but in most cases the companies involved do not reveal what they are doing with the information they gather.
According to Waters, the privacy implications of these programs are "potentially devastating". "They threaten to breach fundamental principles of fair collection and result in a range of organisations knowing more about the users than the user wants," he says. What's more, there is not nearly enough awareness of the phenomenon in Australia, but Waters says "knowledge and resistance are growing fast".
As for the Spyware purveyors themselves, early indications are that the strategy has been only marginally successful. Earlier this year, online ad provider DoubleClick abandoned targeted advertising schemes, since the cost of gathering and maintaining the information outweighed the premiums they could charge for having it.
The biggest culprit when it comes to spyware is free software. Because bundling spyware is an easy way to get revenue, huge numbers of free applications now come bundled with at least one spyware package. If you're a user of free software, particularly file-sharing, Napster-like tools such as KaZaA, LimeWire, BearShare or Grokster, there's a pretty good chance that you're running some spyware on your computer right now. They're not the only culprits; the spyware Aureate (see the sidebar) alone comes with no less than 490 different applications, including games, Net tools and productivity software.
The host software vendors, of course, argue that the presence of adware/spyware is the "price" for using their software: if you don't like it, don't use their software. Fair enough, too, says Pacific Privacy's Nigel Waters. "They're not inherently unethical," he says. "There can be legitimate uses, but only if users are fully informed and have as much choice as possible."
Electronic Frontiers Australia's executive director Irene Graham, holds a similar position. For Graham, the issue is not the presence of the software, but the fact that the spyware is so carefully hidden, and that so few users know about its presence. ``We don't object, in principal, to the software,'' she says. ``It's a fair position that you do not have to use the software as long as the provider of the software gives clear and explicit information about what is happening. As long as the user has informed consent, it's OK. There needs to be, clear in advance, advice to users of these programs that their movements are being tracked. Right now, that's not happening.''
Purveyors of adware/spyware hit back at such criticisms by saying that they do, in fact, warn users about the spyware as part of the license agreement during the install process. For privacy groups, however, that's not nearly enough. "The `click-wrap' model of user licenses is clearly not good enough, because people don't read it," says Graham. "It doesn't usually work because there is so much legal mumbo-jumbo that people skip though. To put things about privacy in there just doesn't cut it. It needs to be somewhere obvious. It needs to be somewhere that you can't just click past it without making an informed decision. And there's also the other problem that the only person who sees it is the person who installs the software."
Under the terms of the current Privacy Act, most of the spyware applications would fall into an untested legal grey zone, according to the EFA's Irene Graham. The law is only breached if the data collected is associated with a specific individual, rather than used as bulk statistical data. Most spyware applications do not record the name of the user, although they may record the Internet address of the infected computer. Whether on not the IP Address (a computer's unique address on the Internet) constitutes individual identification has yet to be tested in court, says Graham.
In any case, the law can only be applied to Australian companies or companies within Australia. Unfortunately, most of the software infected with spyware is downloaded from foreign companies over the Internet, untouchable by Australian law.
Very few of the spyware applications are easy to remove. In nearly all cases, the host software has to be uninstalled first, and then removing the spyware may involve some serious computer voodoo, involving hacking the Windows registry (a challenge well beyond most computer users) and the tracking and deletion of specific files.
For those particularly worried about the invasion of their privacy, two applications in particular are designed to detect and remove spyware, although they frequently require the removal of the host program as well (so users can't have it both ways). Lavasoft's Ad-aware and Gibson Research's OptOut automate the detection and removal of most known spyware products.
With their revenue sources being cut off, however, the free software vendors are not at all happy with these applications. In true viral fashion one of the spyware vendors, RadLight, has hit back, with RadLight's free media player coming with a routine that actually turns the tables on Ad-aware and removes it from the system. A small clause in the RadLight license agreement states: "You are not allowed to use any third party program (e.g. Ad-Aware) to uninstall applications bundled with RadLight."
Wherever this battle ends up, for the meantime it's worth reading the license agreements of the software you install -- painful as that may be.
A quick look at some of the most prevalent spyware applications.
Of course, this list is far from comprehensive. Lavasoft, the producers of ad-removal software Ad-aware, also list the following programs as suspect: Alexa, Doubleclick, DSSAgent, EverAd, eZula, Expedioware, Flyswat, OfferCompanion, Hotbar, OnFlow, Webhancer, Transponder, Wnad, ZapSpot, SurfPlus, AdvertBar, NetPal, CashBar, WurldMediaBHO, MessageMates, EWA, Ezsearchbar, CommonName, DownloadWare, NetworkEssentials, ImiServerIEPlugin, TopMoxie, Lop.Com, BDE Projector, OpenMe and JaypeeSysBHo.
It's been rumored that one can make enough money from spyware to finance a run for the US Senate.
Actually, I am sure. Since MacOS X is based and is UNIX, it makes it very simple to see what software is running on the computer. Also the software would require a local root exploit (which is very,very,very,very rare on BSD systems) to install spyware on it. Windows is built for advertisers to flood you with ads, MacOS X makes it very simple to prevent them -- I never see banner ads on the internet or popups without having to buy special software or use a third party browser.
I'm glad you said it.
My heterosexuality prevents me from using a Mac.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.