Ben Edelman and Eric Howes teamed up on this very strong message to users and to the FTC about ongoing bad practices by Zango.
The FTC proposed in January 2006 an excellent start for a settlement with Zango, however Ben and Eric, as well as Chris Boyd/Paperghost at VitalSecurity.org have all shown that despite the claims by Zango of compliance, this is not the case.
Enforcement of the settlement as it stands will be costly and necessary if the FTC intends to actually send the right message. If monitoring and enforcement are not maintained, Zango will continue to do what they have been doing currently despite their claims to the contrary, some of which are clearly outlined in the article by Ben and Eric (link at the top of this posting).
I also wonder at the numbers game with profits versus revenue that appears to be going on and discussed in Ben and Eric’s article on this and if statements by Zango reflect differently than the numbers given to the FTC to base their ‘settlement’ on, maybe the FTC should be looking much closer at that?
Back in December 2005 we posted BetaNews | 180solutions Tries to Clean Up its Act where 180Solutions and Zango are linked, and this year several postings: February 2006 we posted When Spyware Performs as Advertised, and in June 2006, we posted about this as well in 180Solutions Plus HotBar Equals Zango and again in August 2006 An Interview with Zango Myspace Affiliate, Mark Arruda.
And that’s just since December 2005. Many others including Ben Edelman and Eric Howes, as well as Suzi Turner/Spyware Warrior, paperGhost, SunbeltBlog, to name only a few! So many others have carried the torch much much longer than I have since my blog is relatively new in the scheme of things. But I have kept tabs on this through all of the spyware/adware researchers’ postings for many years.
To make matters, n-Case is back in the picture in addition to the combination of 180Solutions and HotBar as noted in the postings above and in one of many industry news outlets like InformationWeek’s article November 6, 2006 entitled Spyware Researcher Claims Zango Hasn’t Mended Its Ways. This combination goes back at the very least April 2005 where Spyware Warrior posted Scratch a Lie, Find a Thief.
Mending their ways are they? I think not. They have no respect for anything but the almighty dollar. And that should be a clue as to why Ben Edelman and Eric Howes are suggesting the following recommendations regarding this very tough nut to crack:
Zango’s Statements and the Need for Enforcement
In its November 3 press release, Zango claims its reforms are already in place. “Every consumer downloading Zango’s desktop advertising software sees a fully and conspicuously disclosed, plain-language notice and consent process,” Zango’s press release proclaims. This claim is exactly contrary to the numerous examples we present above. Zango further claims that it “has met or exceeded the key notice and consent standards detailed in the FTC consent order since at least January 1, 2006” — again contrary to our findings that nonconsensual and deceptive installations remain ongoing.
From the FTC’s press release and from recent statements of FTC commissioners and staff, it appears the FTC intends to send a tough message to makers of advertising software. We commend the FTC’s goal. The proposed settlement, if appropriately enforced, might send such a message. But we worry the FTC will send exactly the opposite message if it allows Zango to claim compliance without actually doing what the proposed settlement requires.
As a first step, we endorse CDT’s suggestion that the FTC require Zango to retract its claim of compliance with the proposed settlement. Zango’s statement is false, and the FTC should not stand by while Zango mischaracterizes its behavior vis-a-vis the proposed settlement.
More broadly, we believe intensive ongoing monitoring will be required to assure that Zango actually complies with the settlement. We have spent 3+ years following Zango’s repeated promises of “reform,” and we have first-hand experience with the wide variety of techniques Zango and its partners have used to place software onto users’ PCs. Testing these methods requires more than black-letter contracts and agreements; it requires hands-on testing of actual infected PCs and the scores of diverse infection mechanisms Zango’s partners devise. To assure that Zango actually complies with the agreement, we think the FTC will need to allocate its investigatory resources accordingly. We’ve spent approximately roughly 10 hours on the investigations leading to the results above, and we’ve uncovered these examples as well as various others. With dozens or hundreds of hours, we think we could find many more surviving Zango installations in violation of the proposed settlement’s requirements. We think the FTC ought to find these installations, or require that Zango do so, and then ought to see that the associated files are entirely removed from the web.