Sleuthing Spyware--And Its Corporate Sponsors

R.A. Hettinga rah at
Wed Jan 26 13:20:42 PST 2005



Sleuthing Spyware--And Its Corporate Sponsors
Penelope Patsuris,   01.19.05, 5:34 PM ET

 Benjamin Edelman became a spyware expert before most of us had any idea
what was even clogging our computers.

 He's currently a candidate for a doctorate in economics at Harvard
University and a Harvard Law student, but his work is hardly academic.
Edelman, 24, has built a cottage industry documenting the nefarious ways of
the spyware and adware industries, which he contends are one and the same.
His extensive Web site is packed with the kind of hard
evidence--screenshots and videos--that's required to combat the deception
he says has been employed by companies like Claria, 180solutions, WhenU and
DirectRevenue to make a buck.

 Each of these companies denies any wrongdoing, except DirectRevenue, whose
spokesman had no comment. Many of Edelman's opponents say his accusations
are self-serving, since he has at times worked for companies suing adware

 Edelman has lots of litigation experience despite his young age, having
consulted for and testified on behalf of organizations like the ACLU, the
National Association of Broadcasters and the National Football League. In
2002 he testified on behalf of a group of media outfits, including The New
York Times Co. (nyse:  NYT -  news  -  people  ), The Washington Post's
(nyse:  WPO -  news  -  people  ) interactive unit and Dow Jones (nyse:  DJ
-  news  -  people  ), in their lawsuit against adware outfit Gator--now
named Claria. The suit claimed, among other things, that Gator's pop-up ads
were unlawfully obscuring the media companies' own online content. The suit
was settled under confidential terms in February 2003.

 Edelman doesn't just take on the makers of spyware--he outs the big-name
companies that support them. In June 2004, he posted a list of WhenU
advertisers, including J.P. Morgan Chase (nyse:  JPM -  news  -  people  ),
Verizon Communications (nyse: VZ -  news  -  people  ), Merck (nyse:  MRK -
news  -  people  ) and T-Mobile.

 Advertisers react to the finger-pointing with varying degrees of concern.
Verizon says that it "no longer uses WhenU," while a spokesman for T-Mobile
says that he hasn't received any complaints about the WhenU ads and that
"WhenU is opt-in and it can be removed easily." Repeated calls to Merck and
J.P. Morgan Chase were not returned.

 Edelman's Web page also accuses WhenU of transmitting the browsing
activity of its users back to the company, a practice that he says WhenU's
privacy policy specifically promises not to engage in. He also writes that
WhenU has spammed search giant Google (nasdaq:  GOOG -  news  -  people  ).

 WhenU President Avi Naider says Edelman is wrong. "In the past Mr. Edelman
has made statements about WhenU that drew incorrect conclusions about WhenU
and were legally inappropriate," says Naider. "We take our privacy
protection very seriously."

 He adds that WhenU's privacy policy has been audited by Microsoft's
(nasdaq:  MSFT -  news  -  people  ) former chief privacy officer, Richard
Purcell, who is chairman of TRUSTe, a nonprofit online-privacy organization.

 Perhaps what's most interesting on Edelman's Web site is a video dated
Nov. 18, 2004, which depicts roughly 25 different adware programs,
including 180solutions, that download via security holes onto his browser.
Todd Sawicki, 180's director of marketing, says that his company is taking
various steps to prevent this kind of thing from happening, but that
"unfortunately, where there is money, the bad guys will follow."

 Edelman's biggest beef with Claria: "Their license fails to prominently
disclose the fact that they are collecting and storing information about
what users do online," he says. "But when you read the Claria installer, it
never tells you, 'We collect information.' Instead it says, 'We show you
ads that are based on where you visit.' "

 Claria Chief Marketing Officer Scott Eagle says the company's updated user
agreement clarifies that point, but admits that the update isn't presented
to many users that get Claria when they download free software like Kazaa.
Indeed, Claria said in an S-1 filing with the U.S. Securities and Exchange
Commission--since withdrawn--that it gets most of its users via Kazaa.

 Still, Eagle questions Edelman's motives, saying he's worked for companies
that are suing Claria. (Edelman did work for Teleflora, which has a case
against Claria, but he no longer does.)

 Edelman counters, "My clients don't hire me to help them with litigation
against Claria because I'm a big fan."

 The Harvard student also takes Claria advertisers to task, posting a
screen shot of a British ad for Dell (nasdaq:  DELL -  news  -  people  )
that appeared on his PC via Claria when he was browsing IBM's  (nyse:  IBM
-  news  -  people  ) Web site. Edelman notes the irony that Dell has been
quite vocal about the burden that the spyware boom has placed on its own
customer support.

 "When any issues like this come to our attention, we put an end to them,"
says a Dell spokeswoman. "I can tell you that today we do not do business
with anyone like Claria."

 Edelman says he has a long list of advertisers who currently work with
Claria that he hasn't posted to his site. "They're a very litigious
company," he says.

 Maybe he'll reconsider after he gets that law degree.

R. A. Hettinga <mailto: rah at>
The Internet Bearer Underwriting Corporation <>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

More information about the cypherpunks-legacy mailing list