“While we tend to think of UCITA as being dead outside of a few jurisdictions, its evil spirit is still very much with us. It’s haunting us in the form of the spyware problem, as I think spyware researcher Ben Edelman’s latest piece on spyware installation methods amply illustrates.
Edelman provides a step-by-step examination of all the deception that can lie behind one ‘I agree’ click to an innocuous-looking license agreement. 3D Desktop’s Flying Icons screensaver is initially presented to the user as shareware available for a 15-day free trial. Only by scrolling down in the little text window to the end of the EULA does the user find a hint that there’s another component to the deal. If you install the software, you’re also agreeing to the terms of something called Blazefind. The only way to find out what that means is to follow a link to Blazefind’s EULA.
When Edelman followed that link, the Blazefind license turned out to be the EULA for ‘Windows ControlAd’ software from CDT. Of course, in order ‘to give surfers a rich Internet experience,’ CDT was going to install programs from 180Solutions and others. And by agreeing to the CDT EULA, one in turn is also agreeing to the license terms and privacy policies for 180search Assistant, Internet Optimizer, TopRebates.com, and Target Saver. (The Blazefind license and the mix of programs it says it will download have changed slightly since Edelman conducted his research, perhaps due in part to 180Solutions’ takeover of CDT.) So, with just one click, one ‘contractually’ agrees to not only the 3D Desktop license but six different EULAs and the installation of a whole bunch of spyware. Or adware, if you think there’s a difference.
It probably won’t come as a surprise to you that Edelman found that those four weren’t the only programs that were loaded on his computer in the process. But that’s covered too, since the CDT EULA grants the company permission ‘to install new applications, at any time, in its sole discretion with or without your knowledge and/or interaction.’ And, just to add to our growing list of outrageous terms, Edelman pointed out this little gem in the arbitration section: ‘You also agree to pay CDT $300 per hour to attend arbitration including transport time.’
In other words, click OK to a shareware screensaver’s cryptic little license, and you have given away control of your computer and your privacy. It’s your fault you didn’t spend hours and hours typing in URL after URL to read thousands and thousands of obfuscating words to decipher who and what you’re really dealing with. And if you were to try to get some redress, well, you have to pay them more for their time then you could possibly win.”
And this is not the half of it! This is a must read for those who use Windows computers!
Also may wish to check out Alex Eckelberry’s post on Sunbeltblog: Ed Foster (rightfully) gripes about EULAs where even more information unfolds.
And if you are really up for some information, try out this one at SpywareWarrior.com: Oh, what a tangled web we weaveâ€¦ where Suzi gives another great synopsis of BlazeFind/CDT, Inc. and 180Solutions.
We all remember the EULAS, those shrink wrap things that were INSIDE the shrink wrap so you couldn’t read them till you got it home and opened it, but if you opened it and didn’t like what you read, you couldn’t return it, why? Because you had already opened it! Catch 22.
Well, those were bad enough, but these EULAs being discussed by Ed and Alex, and Ben, are much more devious and dispicable. Well worth reading all there is at these links and links within the articles.
NOTE: Originally posted: April 2005 (recreated from mangled original bambismusings.blogspot.com)