http://www.benedelman.org/ Original research on Internet architecture and regulation. en-us Copyright 2003-2009 Ben Edelman 19 Nov 2009 12:00:00 GMT 19 Nov 2009 12:00:00 GMT Post-transaction marketers have attracted criticism for solicitations that tend to deceive consumers. Offers often promise a savings or discount while actually charging customers on an ongoing basis. Offers often appear while customers are finishing the checkout process at trusted e-commerce sites -- a time when few users expect unrelated offers from third parties. Furthermore, post-transaction marketers obtain consumers' credit card numbers from partner sites (without consumers providing their card numbers to the companies that actually post charges). I summarize and post key documents recently released by the US Senate Commerce Committee, as well as reports from victims, an analysis by Committee staff, and recommendations from witness testimony (including my own). 19 Nov 2009 12:00:00 GMT http://www.benedelman.org/posttransaction/ http://www.benedelman.org//posttransaction/ I offer five rights to protect advertisers from increasingly powerful ad networks -- avoiding fraudulent charges for services not rendered, guaranteeing data portability so advertisers get the best possible value, and assuring price transparency so advertisers know what they're buying. I explain the need for these rights by presenting specific practices causing particular concern. 21 Sep 2009 12:00:00 GMT http://www.benedelman.org/advertisersrights/ http://www.benedelman.org/advertisersrights/ I present four examples of Google and its partners interceding to grab users already on (or headed for) advertisers' sites -- spyware/adware popups, tricky toolbars, typosquatting, and Chrome browser autocomplete. In each instance, Google charges advertisers for pay-per-click traffic they would have otherwise received for free. 13 May 2009 12:00:00 GMT http://www.benedelman.org/news/051309-1.html http://www.benedelman.org/news/051309-1.html I analyze Utah's HB450, which would prohibit certain deceptive online advertising. I consider the bill's effects, and I explain why I support its approach. 9 Mar 2009 12:00:00 GMT http://www.benedelman.org/news/030909-1.html http://www.benedelman.org/news/030909-1.html Yahoo's Right Media ad marketplace features widespread ads exactly designed to deceive. I present ten examples of these deceptive ads, and I critique their unwelcome characteristics. To estimate the prevalence of deceptive tactics, I examine Right Media's own analysis ad characteristics -- finding that by Right Media's own admission, deceptive ads total 35% or more of Right Media's advertising inventory. 14 Jan 2009 12:00:00 GMT http://www.benedelman.org/rightmedia-deception/ http://www.benedelman.org/rightmedia-deception/ Google's JotSpot service posts sensitive user data, despite specific promises to the contrary in JotSpot's privacy policy. JotSpot even allows this information to be indexed by Google's search crawlers. JotSpot's postings are, by all indications, accidental. But in the context of a series of similar slip-ups, this error raises questions about the efficacy of Google's model of hosted applications. 30 Oct 2008 12:00:00 GMT http://www.benedelman.org/google-jot-privacy/ http://www.benedelman.org/google-jot-privacy/ Affiliate marketer Hydra Network claims to be tough on fraud. But my AutoTester has seen Hydra affiliates receiving traffic from spyware or adware on fully 1,343 occasions. Today I'm posting ten examples -- ten different Hydra affiliates using five different spyware/adware programs to claim commissions from Hydra's top merchants. 14 Oct 2008 12:00:00 GMT http://www.benedelman.org/news/101408-1.html http://www.benedelman.org/news/101408-1.html Not all CPA fraud requires placing (or using) spyware or adware on a user's PC. In today's article, I show three examples of affiliates cheating CPA merchants using only a web browser -- without any special software on users' PCs. In particular, I show affiliates running invisible IFRAMEs, hidden portions of banner ads, and redirects loaded through signature icons in forum discussions. In each instance, affiliate claim commissions they did not earn. 7 Oct 2008 12:00:00 GMT http://www.benedelman.org/news/100708-1.html http://www.benedelman.org/news/100708-1.html This month and last, my AutoTester observed more than two dozen different affiliates cheating VistaPrint through spyware pop-ups -- in each instance, using "self-targeting" to claim affiliate commission on traffic VistaPrint would otherwise have received for free. In today's article, I offer six examples of these observations -- as well as some musings on what VistaPrint might do to block these scams. 30 Sep 2008 12:00:00 GMT http://www.benedelman.org/news/093008-1.html http://www.benedelman.org/news/093008-1.html Last month I was invited to Congress about competition among paid search providers, particularly Google's proposed purchase of susbtantial advertising inventory from Yahoo. At the last minute, the hearing was cancelled, and I won't be able to testify at the rescheduled session. But I'm posting the prepared testimony I had planned to offer last month. 11 Jul 2008 12:00:00 GMT http://www.benedelman.org/news/071108-1.html http://www.benedelman.org/news/071108-1.html A little-noticed Google AdWords API Terms and Conditions restriction substantially hinders advertisers' efforts to use multiple providers -- prohibiting software vendors from using Google's API to help advertisers copy AdWords campaigns to competing platforms. I present the restriction, analyze its effects, and critique the defense Google offers. 27 Jun 2008 12:00:00 GMT http://www.benedelman.org/news/062708-1.html http://www.benedelman.org/news/062708-1.html The Internet's current IPv4 numbering system is nearing exhaustion, and transition incentives hinder rapid v6 deployment. In that context, I present market mechanisms to reallocate existing v4 addresses and facilitate continued use of v4. In particular, I consider the possible effects of paid transfers of v4 addresses. I emphasize rules to ameliorate the worst effects of v4 scarcity, while preserving the core principles of existing regulation and avoiding major negative externalities. 6 Jun 2008 12:00:00 GMT http://www.benedelman.org/news/060608-1.html http://www.benedelman.org/news/060608-1.html I examine Zango's media library. I find widespread copyrighted videos presented without any indication of license from the corresponding rights-holders. I also find widespread sexually-explicit material, including prominent explicit material nowhere labeled as such. 28 May 2008 12:00:00 GMT http://www.benedelman.org/news/052808-1.html http://www.benedelman.org/news/052808-1.html Coupons.com continues to use deceptive filenames and registry keys that falsely indicate they're part of Windows -- some 6+ months after I uncovered this practice. Although TRUSTe last month announced that Coupons.com had stopped these practices, my tests indicate exactly the contrary. Furthermore, I show other ongoing violations by Coupons.com -- including incomplete uninstall and executable code left behind after an uninstall. 18 Mar 2008 12:00:00 GMT http://www.benedelman.org/news/031808-1.html http://www.benedelman.org/news/031808-1.html I introduce an alternative method of fraud prevention for certain online advertising systems. By delaying payments, a merchant or network differentially harms bad affiliates (who rightly worry they may get caught) without unduly harming good affiliates (who know they'll get paid, and who receive a bonus in compensation for the delay). With a suitable delay, a merchant or network can deter many bad affiliates while retaining the good. 10 Mar 2008 12:00:00 GMT http://www.benedelman.org/news/031008-1.html http://www.benedelman.org/news/031008-1.html I examine anti-spyware software from C-NetMedia. I show deceptive advertising for C-Net's products, including product names, ad text, and web site designs that falsely suggest affiliation with security industry leaders. I examine C-Net's use of many disjoint product names -- preventing consumers from easily learning more about C-Net, its reputation, and its practices. I analyze C-Net's high-pressure sales tactics, including false positives, which overstate the urgency of paying for an upgraded version. 14 Feb 2008 12:00:00 GMT http://www.benedelman.org/news/021408-1.html http://www.benedelman.org/news/021408-1.html I show that Sears' ManageMyHome site provides detailed customer purchase data without effective security measures. 4 Jan 2008 12:00:00 GMT http://www.benedelman.org/news/010408-1.html http://www.benedelman.org/news/010408-1.html I critique a Sears installation of ComScore software without meaningful notice or consent. I present the entire installation sequence in screenshots and video, then explain why the limited notice falls far short of applicable FTC standards. I also show that Sears' claims of adequate notice are demonstrably false. 1 Jan 2008 12:00:00 GMT http://www.benedelman.org/news/010108-1.html http://www.benedelman.org/news/010108-1.html I examine software from Coupons.com. Key findings: Coupons.com disguises some of its key files to make them look like they're part of Windows. These files stay on disk even if a user requests removal of Coupons.com. Coupons.com prints a user ID on each coupon, without any meaningful disclosure in its privacy policy. Any web site can use simple JavaScript to retrieve a user's Coupons.com user ID. Given a user ID, any person can check whether a user has printed a given coupon -- revealing sensitive information about users' purchasing interests. 28 Aug 2007 12:00:00 GMT http://www.benedelman.org/news/082807-1.html http://www.benedelman.org/news/082807-1.html Despite Zango's 2006 settlement with the FTC, Zango continues behaviors exactly contrary to what the settlement specifies -- including installations lacking out-of-EULA disclosure of Zango's material terms, and including unlabeled ads that don't tell users why the ads appeared or how to make them stop. I document these and other troubling behaviors in a series of screenshots and videos. 31 Jul 2007 12:00:00 GMT http://www.benedelman.org/news/073107-1.html http://www.benedelman.org/news/073107-1.html I describe multiple recent ComScore RelevantKnowledge installations that occur without user consent. I provide video proof of one such installation. I compare these installations with applicable law and with TRUSTe Trusted Download rules. 29 Jun 2007 12:00:00 GMT http://www.benedelman.org/news/062907-1.html http://www.benedelman.org/news/062907-1.html I post six examples of affiliates using spyware to claim commission on organic traffic to Blockbuster and Netflix. As usual, I offer screenshots, videos, and annotated packet logs to confirm what occurred. I conclude with strategies for detection and prevention. 21 May 2007 12:00:00 GMT http://www.benedelman.org/news/052107-1.html http://www.benedelman.org/news/052107-1.html I describe my new program for automated detection of spyware-based advertising fraud. 21 May 2007 12:00:00 GMT http://www.benedelman.org/news/052107-2.html http://www.benedelman.org/news/052107-2.html I post six examples of web sites receiving spyware-originating forced-visit popups. I discuss how these popups cause traffic measurement systems to overstate site popularity. 7 May 2007 12:00:00 GMT http://www.benedelman.org/news/050707-1.html http://www.benedelman.org/news/050707-1.html I post six examples of ongoing Cingular (AT&T) and Travelocity advertising through spyware -- notable in light of recent New York Attorney General settlements that specifically oblige these companies to cease spyware advertising. 14 Mar 2007 12:00:00 GMT http://www.benedelman.org/news/031407-1.html http://www.benedelman.org/news/031407-1.html In a joint piece with Eric Howes, I show numerous specific examples of ongoing Zango practices inconsistent with Zango's proposed settlement with the FTC. I include installations with no consent at all, as well as installations without prominent disclsoure of material effects (as required by the proposed settlement). I also show ongoing unlabeled Zango ads (again contrary to the proposed settlement). 20 Nov 2006 12:00:00 GMT http://www.benedelman.org/news/112006-1.html http://www.benedelman.org/news/112006-1.html I report the outcome of recent litigation against Intermix, including my investigations and findings. I provide video proof of ongoing, recent nonconsensual installations of Intermix software. 8 Nov 2006 12:00:00 GMT http://www.benedelman.org/news/110806-1.html http://www.benedelman.org/news/110806-1.html I assess current practices of Ask toolbars -- including soliciting installations through kids sites and through other vendors' spyware, and installing without any user notice or consent whatsoever. I assess Ask's installation solicitations under governing law, including the FTC's "deceptive door opener" precedents that prohibit misleading initial offers even when ultimately corrected by subsequent statements. 16 Oct 2006 12:00:00 GMT http://www.benedelman.org/news/101606-1.html http://www.benedelman.org/news/101606-1.html I present pay-per-click ads from more than two dozen different advertisers, all including false or materially deceptive claims. Often, ads claim that their offerings are "free" when they're not. I cite applicable FTC regulations that prohibit these practices. I then brainstorm about how much profit these ads bring to Google and how Google could take action if it chose to do so. 9 Oct 2006 12:00:00 GMT http://www.benedelman.org/news/100906-1.html http://www.benedelman.org/news/100906-1.html I compare the safety of sites certified by leading certification issuer TRUSTe with other top sites not certified. I find the TRUSTe-certified sites more than twice as likely to be untrustworthy, a result that holds when I control for site popularity, complexity, and other characteristics. 25 Sep 2006 12:00:00 GMT http://www.benedelman.org/news/092506-1.html http://www.benedelman.org/news/092506-1.html I test leading anti-spyware programs to see which detect cookies from major advertising networks. I find some networks' cookies detected by most scanners, but others (including Google) escape detection altogether. I report my raw results in full detail, along with a calculator by which affiliates and networks can estimate likely revenue losses due to cookie deletion. 13 Sep 2006 12:00:00 GMT http://www.benedelman.org/news/091306-1.html http://www.benedelman.org/news/091306-1.html I present a dozen recent examples of Vonage ads appearing in spyware. Beyond the usual spyware-delivered pop-ups, I show spyware-injected ads -- placing ads into sites without those sites' permission and without payment to those sites, in one instance specifically replacing an ad a site had intended to show. 18 July 2006 12:00:00 GMT http://www.benedelman.org/news/071806-1.html http://www.benedelman.org/news/071806-1.html I show several examples of spyware programs presenting users with unrequested sexually-explicit images. I determine what spyware programd and what ad networks are involved in these practices. I present screenshots, packet logs, and even video proof. 22 June 2006 12:00:00 GMT http://www.benedelman.org/news/062206-1.html http://www.benedelman.org/news/062206-1.html I critique practices of banner farm "Hula Direct" -- showing how they buy ads from notorious spyware vendors, then send that traffic to advertisers via convoluted banner ad networks. I further show how they automatically reload ads to increase their revenues. I list specific advertisers and ad networks involved in these practices. 12 June 2006 12:00:00 GMT http://www.benedelman.org/news/061206-1.html http://www.benedelman.org/news/061206-1.html