Virginia Watson unwittingly authorised a company she'd never heard of to install software that would help turn her computer into part of a brand-new network.
The software, from Brilliant Digital Entertainment, came with the popular Kazaa file-swapping program. But the 65-year-old Massachusetts resident--who has a law degree--didn't read Kazaa's 2,644-word "terms of service" contract, which stated that Brilliant might tap the "unused computing power and storage space" of Watson's computer.
"I have in the past read 'terms of agreement' and not retained a word," said Watson, who uninstalled Brilliant's software after learning about it recently. "I find them way too long. After scrolling down a few times, I just tend to give up."
Every month, millions of people agree to terms-of-service and privacy contracts they haven't read--and probably wouldn't understand if they tried--to download software without paying for it. Many are later disturbed to find their computers coopted by little-known companies to distribute advertisements, monitor online behaviour, or help solve complicated computing problems.
Terms of service have long been a source of controversy, especially when they involve consumer privacy. But the issue was raised to alarming levels this month when consumers using the Kazaa program learned that they had unwittingly agreed to install software that could help turn their computers into nodes for a peer-to-peer network controlled by another company.
PC invasion has become the hidden cost of free software such as Kazaa and Audiogalaxy, programs that allow people to share digital music and other files online. Instead of charging consumers, or giving away software like music-swapping service Napster did before it was shut down, software developers are giving advertisers direct access to people's computers.
The stakes are high: Six of the top file-swapping software programs have collectively been downloaded more than 144 million times, according to the companies' sites and statistics kept by popular software-aggregation sites. Most of those downloads have been accompanied by "adware," software that often monitors Web browsing habits to generate ads based on the person's interests, or by other tracking software.
Terms of service accompany virtually all adware, and consumers must generally click the "I agree" button to install the software. In some cases, the software will ask them to agree again months or weeks later.
Negative publicity in the wake of the Brilliant-Kazaa controversy has some industry veterans worried that consumers will switch from mindlessly clicking "I agree" to staunchly refusing to accept terms of service. In that scenario, innovative software might not receive advertisers' support or distribution.
Brilliant, whose Altnet peer-to-peer software piqued consumer fears, says it is committed to telling people exactly how their computers will be used via new agreements and pop-up boxes as it loads more software and starts using consumers' computer resources. But others say the case underscores the vulnerability of millions of PCs to all manners of invasion, disclosed or otherwise.
"Spyware," or "sneakware," monitors online behaviour or mines an individual's data without asking for consent before invading that person's PC. The programs haven't yet caused major damage, but experts say the applications could steal users' passwords or credit card numbers and become a security and privacy nightmare.
The voyeuristic, potentially criminal, nature of spyware has united an unlikely lot: privacy advocates and adware proponents. They're both speaking out about privacy policies and terms-of-use contracts, while adware executives are taking pains to define adware and spyware.
"I'm not an extremist," said Robert Regular, vice president of sales and marketing at New York-based digital advertising firm Cydoor. "But all this talk of spyware is the equivalent of elevating one bad seed, and it's having negative consequences on the good software. The public doesn't have time to investigate if it's negative software; they'll just stop downloading...I would hate to think we could reach a point that, whenever a dialog box comes up and says, 'Do you want to do this,' bells go off and people become worried."
Mindless clicking
Privacy and security experts say advertisers and other bundled software distributors are exploiting people's mindless habit of clicking "I agree," and they worry that consumers are abandoning their rights with the click of a mouse. Much as the avalanche of spam in the 1990s prompted action from legislators and regulators, growing annoyance with this quietly bundled software has triggered a backlash that could help set ground rules for using consumers' computers.
"The question is not whether people read and understand (terms-of-service agreements)--of course they don't--but whether they can be enforced," said Cern Kaner, an attorney specialising in software legislation who teaches computer science at the Florida Institute of Technology. "I don't think that companies should have the right to spy on you without your actual permission, but I think it will be hard...to prosecute companies who do engage in this type of practice if you have actually clicked on an agreement that gives them permission."
Although people regularly click on such agreements, few scroll through the verbiage. In a survey last month of 155 adults by consulting firm Privacy Council, 76 percent of respondents said they were "concerned" about having their privacy violated on the Internet. Only 22 percent admitted to reading privacy policies. Among respondents ages 18 to 25--a core constituency for file-swapping software--only 8 percent read the policy.
"It preys upon a very vulnerable population--namely teenagers and other people desperate to get free software," Privacy Council CEO Larry Ponemon said. "They never read any of that gobbledygook. They want to satisfy their need immediately, not make sure they have consent and protection."
Moreover, reading the policies does not automatically translate to understanding them. Like software license agreements for Microsoft Word or Windows, most privacy and terms-of-use statements that accompany bundled software are rife with impenetrable jargon and legalese.
Mark Hochhauser, a psychologist and readability consultant, said clicking the "I agree" button at the end of consent forms reflects widespread trust on the part of consumers--not necessarily ignorance or illiteracy.
"Patients who are very sick can be given a 3,000-word consent form written by lawyers with the same level of complexity as these privacy notices," Hochhauser said. "The sick people usually just sign it without reading it because their doctor said it was OK. Same thing here: The reader thinks, 'The FTC would close them down if they were doing something really bad.' There may be a basic element of trust that people bring into this."
Putting it in plain English
Stung by criticism in the media and on online bulletin boards, some adware companies are adopting "plain English" policies for their forms.
Gator, a popular free application that is supported by advertising revenue from its own bundled program, requires a marketing person to draft its terms of service. That person then sends the document to the legal department, which edits and returns it to the marketing department for revisions. The result is a three-paragraph statement that Chief Marketing Officer Scott Eagle calls a "kindergarten version" of the full policy.
Gator includes simple directions for how to remove its software and discontinue the targeted advertising in the first privacy policy that its users receive. It also requires the person to click "I agree" long after downloading is complete--part of a policy of "ongoing communication" with customers, Eagle said.
"Does an uninvited guest keep knocking on your door saying, 'Hi! I'm here!'?" he asked rhetorically, describing Gator's multiple disclosures and the icon of alligator eyes that appears whenever the program is running. "No. We are invited guests on the desktop and even pop up a fourth modal screen saying, 'Your Gator software is here.' And since our e-wallet software helps users every day fill out forms, we constantly come back and have an ongoing relationship with our customers."
Gator has more than 300 clients, including four of the top six automotive companies and businesses that sell everything from mortgages to diapers. It sends an average of two pop-up ads per week to more than 15 million people.
Sharman Networks' Kazaa, which many consumers sharply criticised for bundling Brilliant's Altnet software earlier this month, has set up a special Web site explaining bundled software. Audiogalaxy, which bundles Gator with its software, includes a separate screen during installation that shows Gator's logo and then forces people to go through several screens describing Gator and consenting to the service.
"Honestly, I don't know any other ways of harassing the user, other than making the screen flash," Audiogalaxy CEO Michael Merhej said.
Nevertheless, industry executives say a handful of companies--which emerge and go out of business quickly and rarely publish physical addresses on their Web sites--are tainting adware's image.
Gator executives said they recently submitted a list of "best practices" to the Interactive Advertising Bureau, including recommended guidelines for consent and disclosure, but spyware remains below the radar of the Better Business Bureau. The Federal Trade Commission has received complaints about the software, though it won't say how many or for which programs.
Internet industry groups are taking up the cause from a technological standpoint. On Tuesday, the World Wide Web Consortium endorsed standards for protecting consumers' privacy on Web sites.
Blissful ignorance--so far
Some consumer groups want to eliminate sweeping statements in contracts--including clauses that allow companies to change an agreement without any notice. Brilliant includes such a clause in its terms of use, noting it "reserves the right to change or modify any of the terms and conditions of this agreement and any of the policies governing the services at any time in its sole discretion." Other policies make no mention of bundled software at all--an omission that attorneys are quick to point out.
"You can't say with any certainty that click-wrap agreements are always enforceable," said Doug Isenberg, an Atlanta-based attorney and publisher of the GigaLaw.com Web site. "Many judges will look for a way to find that a click-wrap agreement is unenforceable if the terms of the agreement are not conspicuous."
Congress is examining bundled software and related issues. In 1999, and again in 2001, Senator John Edwards introduced legislation to force spyware distributors to get permission and notify people with a detailed description of the information they're collecting. No committee has picked up the bill, but broader consumer notice and privacy concerns are showing up in a compromise Internet privacy legislation soon to be introduced by Senator Ernest "Fritz" Hollings.
The FTC is urging consumers with complaints to contact the agency. Staff members are particularly concerned that children are among the most voracious consumers of free downloads and that software companies don't prevent children from agreeing to terms that affect their parents' computers. That was partly why the FTC took action recently against a company whose software disconnected surfers' computers from the Net and rerouted them through a 1-900 number.
Congress has already enacted some consumer protection rules in other areas that could eventually apply to bundled software. For example, credit card companies must list the long-term interest rates for credit cards in a large font, and they can't hide even ordinary terms and conditions in small print.
Market forces may also provide an antidote to bundled software abuses. German software company Lavasoft has distributed at least 4.5 million copies of Ad-Aware, a free program that scans a computer memory, registry and hard drives for known adware and spyware.
"What we need is a private police force on the Internet to make sure the software you get has sufficient protections," said Privacy Council's Ponemon. "There's probably a really good business opportunity there."
I have often wondered about coockies and also the history button .
Is it possible to obtain information from this by anone?
How long before the info on historie is eliminated
and is it possible to eliminate this yourself?
I am also driven grazy by porno mail I don't want
Is there any way of doing something about this.?