http://www.benedelman.org/ Original research on Internet architecture and regulation. en-us Copyright 2003-2008 Ben Edelman 18 Mar 2008 12:01:00 GMT 18 Mar 2008 12:01:00 GMT Coupons.com continues to use deceptive filenames and registry keys that falsely indicate they're part of Windows -- some 6+ months after I uncovered this practice. Although TRUSTe last month announced that Coupons.com had stopped these practices, my tests indicate exactly the contrary. Furthermore, I show other ongoing violations by Coupons.com -- including incomplete uninstall and executable code left behind after an uninstall. 18 Mar 2008 12:00:00 GMT http://www.benedelman.org/news/031808-1.html http://www.benedelman.org/news/031808-1.html I introduce an alternative method of fraud prevention for certain online advertising systems. By delaying payments, a merchant or network differentially harms bad affiliates (who rightly worry they may get caught) without unduly harming good affiliates (who know they'll get paid, and who receive a bonus in compensation for the delay). With a suitable delay, a merchant or network can deter many bad affiliates while retaining the good. 10 Mar 2008 12:00:00 GMT http://www.benedelman.org/news/031008-1.html http://www.benedelman.org/news/031008-1.html I examine anti-spyware software from C-NetMedia. I show deceptive advertising for C-Net's products, including product names, ad text, and web site designs that falsely suggest affiliation with security industry leaders. I examine C-Net's use of many disjoint product names -- preventing consumers from easily learning more about C-Net, its reputation, and its practices. I analyze C-Net's high-pressure sales tactics, including false positives, which overstate the urgency of paying for an upgraded version. 14 Feb 2008 12:00:00 GMT http://www.benedelman.org/news/021408-1.html http://www.benedelman.org/news/021408-1.html I show that Sears' ManageMyHome site provides detailed customer purchase data without effective security measures. 4 Jan 2008 12:00:00 GMT http://www.benedelman.org/news/010408-1.html http://www.benedelman.org/news/010408-1.html I critique a Sears installation of ComScore software without meaningful notice or consent. I present the entire installation sequence in screenshots and video, then explain why the limited notice falls far short of applicable FTC standards. I also show that Sears' claims of adequate notice are demonstrably false. 1 Jan 2008 12:00:00 GMT http://www.benedelman.org/news/010108-1.html http://www.benedelman.org/news/010108-1.html I examine software from Coupons.com. Key findings: Coupons.com disguises some of its key files to make them look like they're part of Windows. These files stay on disk even if a user requests removal of Coupons.com. Coupons.com prints a user ID on each coupon, without any meaningful disclosure in its privacy policy. Any web site can use simple JavaScript to retrieve a user's Coupons.com user ID. Given a user ID, any person can check whether a user has printed a given coupon -- revealing sensitive information about users' purchasing interests. 28 Aug 2007 12:00:00 GMT http://www.benedelman.org/news/082807-1.html http://www.benedelman.org/news/082807-1.html Despite Zango's 2006 settlement with the FTC, Zango continues behaviors exactly contrary to what the settlement specifies -- including installations lacking out-of-EULA disclosure of Zango's material terms, and including unlabeled ads that don't tell users why the ads appeared or how to make them stop. I document these and other troubling behaviors in a series of screenshots and videos. 31 Jul 2007 12:00:00 GMT http://www.benedelman.org/news/073107-1.html http://www.benedelman.org/news/073107-1.html I describe multiple recent ComScore RelevantKnowledge installations that occur without user consent. I provide video proof of one such installation. I compare these installations with applicable law and with TRUSTe Trusted Download rules. 29 Jun 2007 12:00:00 GMT http://www.benedelman.org/news/062907-1.html http://www.benedelman.org/news/062907-1.html I post six examples of affiliates using spyware to claim commission on organic traffic to Blockbuster and Netflix. As usual, I offer screenshots, videos, and annotated packet logs to confirm what occurred. I conclude with strategies for detection and prevention. 21 May 2007 12:00:00 GMT http://www.benedelman.org/news/052107-1.html http://www.benedelman.org/news/052107-1.html I describe my new program for automated detection of spyware-based advertising fraud. 21 May 2007 12:00:00 GMT http://www.benedelman.org/news/052107-2.html http://www.benedelman.org/news/052107-2.html I post six examples of web sites receiving spyware-originating forced-visit popups. I discuss how these popups cause traffic measurement systems to overstate site popularity. 7 May 2007 12:00:00 GMT http://www.benedelman.org/news/050707-1.html http://www.benedelman.org/news/050707-1.html I post six examples of ongoing Cingular (AT&T) and Travelocity advertising through spyware -- notable in light of recent New York Attorney General settlements that specifically oblige these companies to cease spyware advertising. 14 Mar 2007 12:00:00 GMT http://www.benedelman.org/news/031407-1.html http://www.benedelman.org/news/031407-1.html In a joint piece with Eric Howes, I show numerous specific examples of ongoing Zango practices inconsistent with Zango's proposed settlement with the FTC. I include installations with no consent at all, as well as installations without prominent disclsoure of material effects (as required by the proposed settlement). I also show ongoing unlabeled Zango ads (again contrary to the proposed settlement). 20 Nov 2006 12:00:00 GMT http://www.benedelman.org/news/112006-1.html http://www.benedelman.org/news/112006-1.html I report the outcome of recent litigation against Intermix, including my investigations and findings. I provide video proof of ongoing, recent nonconsensual installations of Intermix software. 8 Nov 2006 12:00:00 GMT http://www.benedelman.org/news/110806-1.html http://www.benedelman.org/news/110806-1.html I assess current practices of Ask toolbars -- including soliciting installations through kids sites and through other vendors' spyware, and installing without any user notice or consent whatsoever. I assess Ask's installation solicitations under governing law, including the FTC's "deceptive door opener" precedents that prohibit misleading initial offers even when ultimately corrected by subsequent statements. 16 Oct 2006 12:00:00 GMT http://www.benedelman.org/news/101606-1.html http://www.benedelman.org/news/101606-1.html I present pay-per-click ads from more than two dozen different advertisers, all including false or materially deceptive claims. Often, ads claim that their offerings are "free" when they're not. I cite applicable FTC regulations that prohibit these practices. I then brainstorm about how much profit these ads bring to Google and how Google could take action if it chose to do so. 9 Oct 2006 12:00:00 GMT http://www.benedelman.org/news/100906-1.html http://www.benedelman.org/news/100906-1.html I compare the safety of sites certified by leading certification issuer TRUSTe with other top sites not certified. I find the TRUSTe-certified sites more than twice as likely to be untrustworthy, a result that holds when I control for site popularity, complexity, and other characteristics. 25 Sep 2006 12:00:00 GMT http://www.benedelman.org/news/092506-1.html http://www.benedelman.org/news/092506-1.html I test leading anti-spyware programs to see which detect cookies from major advertising networks. I find some networks' cookies detected by most scanners, but others (including Google) escape detection altogether. I report my raw results in full detail, along with a calculator by which affiliates and networks can estimate likely revenue losses due to cookie deletion. 13 Sep 2006 12:00:00 GMT http://www.benedelman.org/news/091306-1.html http://www.benedelman.org/news/091306-1.html I present a dozen recent examples of Vonage ads appearing in spyware. Beyond the usual spyware-delivered pop-ups, I show spyware-injected ads -- placing ads into sites without those sites' permission and without payment to those sites, in one instance specifically replacing an ad a site had intended to show. 18 July 2006 12:00:00 GMT http://www.benedelman.org/news/071806-1.html http://www.benedelman.org/news/071806-1.html I show several examples of spyware programs presenting users with unrequested sexually-explicit images. I determine what spyware programd and what ad networks are involved in these practices. I present screenshots, packet logs, and even video proof. 22 June 2006 12:00:00 GMT http://www.benedelman.org/news/062206-1.html http://www.benedelman.org/news/062206-1.html I critique practices of banner farm "Hula Direct" -- showing how they buy ads from notorious spyware vendors, then send that traffic to advertisers via convoluted banner ad networks. I further show how they automatically reload ads to increase their revenues. I list specific advertisers and ad networks involved in these practices. 12 June 2006 12:00:00 GMT http://www.benedelman.org/news/061206-1.html http://www.benedelman.org/news/061206-1.html