I have examined an article that will probably make some people at Zango queasy. Colleague Ben Edelman (assistant professor at the Harvard Business School in the Negotiation, Organizations & Markets unit) dissected some recent Zango installations — then cross-checked them with Zango’s settlement with the FTC.

According to Ben’s allegations, and I think the evidence stands firm, Zango doesn’t seem to live up to what the FTC requires- if you recall that November 2006, FTC Settlement let’s review a snip from Sunbelt…which i have renamed “you dropped a bomb on me baby…you dropped a bomb on me”- hope you don’t mind Alex.:

The settlement bars Zango from using its adware to communicate with consumers’ computers – either by monitoring consumers’ Web surfing activities or delivering pop-up ads – without verifying that consumers consented to installation of the adware. It bars Zango, directly or through others, from exploiting security vulnerabilities to download software, and requires that it give clear and prominent disclosures and obtain consumers’ express consent before downloading software onto consumers’ computers. It requires that Zango identify its ads and establish, implement, and maintain user-friendly mechanisms consumers can use to complain, stop its pop-ups, and uninstall its adware. It also requires that Zango monitor its third-party distributors to assure that its affiliates and their sub-affiliates comply with the FTC order. Finally, Zango will give up $3 million in ill-gotten gains to settle the charges. The settlement contains standard record keeping provisions to allow the FTC to monitor compliance.

One- Wayne Porter, Paperghost, Sunbelt, Ben Edelman, Eric Howes, Facetime, Suzi Turner, Wilder’s Security, PCPitstop, CastleCops, Spyware Warrior, Temerc, and countless other security watchdogs have noted this type of behavior for years. Others in the performance marketing industry have covered and discussed e.g. Todd Crawford- source Revenews.com per Wired, Peter Figueredo noted the “heavy settlement”…I feel it was “a slap on the wrist” and if I took things personally a “slap in the face”- good thing I don’t.

Ben’s article argues Zango’s compliance is unusually poor. For one, some of Zango’s “installs” — especially the Hotbar-descended installation sequences fail to show the “short form notice” (prior to and separate from a EULA- End User License Agreement) that the FTC settlement specifically requires. Furthermore, some Zango ads up to and including toolbar ads, desktop icons, and even some pop-ups, don’t have the labeling and hyperlinks the settlement requires. Ben’s piece has the nasty details in his usual cold, cutting and methodical fashion and this security and media researcher is not surprised.

Naturally we have video and an array of screenshots. Ironically I have to wonder if this is what they mean by “the long tail” and “user generated content”- lets “help keep the internet free” or something similiar?

Since I have been talking about video ala Steve Rosenbaum (I did warn about never going the “adware” route) so keep that in mind Steve if you open things up…fine line between fair money and trust.

Article on violations here…highlights include:

This article summarizes selected incidents I have recently observed. In particular:

Widespread Zango “ActiveX” Installations without Unavoidable, Prominent Disclosure of Material Terms (XP SP1 and Earlier).

Widespread Zango Banner-Based Installations without Unavoidable, Prominent Disclosure of Material Terms (XP SP2).

Ongoing Zango Installations with No Disclosure Whatsoever.

Unlabeled Zango Ads - Toolbars, Desktop Icons, and Pop-Ups.

Zango Ads for Bogus Sites that Attempt to Defraud Users.

These practices call into question the integrity of Zango’s business, as well as the status of Zango’s compliance with its obligations under its recent settlement with the FTC.

And let’s not forget the outcome–as he sums up FTC retort to himself and respected colleague Eric Howes of Sunbelt-

When Zango and the FTC announced their settlement, Zango claimed that it had “met or exceeded the key notice and consent standards since January 1, 2006.” I emphatically disagree. With widespread ongoing installations that fail to provide the notice required under the settlement, Zango cannot claim to provide the necessary notice before installing. And with widespread toolbar, desktop icon, and even popup ads still lacking the labeling required under the settlement, Zango cannot claim to be consistently providing the on-ad notice the settlement demands.

In a letter to me and to Eric Howes, responding to our concerns about enforcement of the FTC’s then-proposed settlement with Zango, the FTC said it “recognizes that it must be vigilant regarding Zango’s conduct once the proposed order becomes final.” I have previously remarked on FTC enforcement actions I consider too timid or narrow (echoing the position of FTC Commissioner Leibowitz). Whatever my prior concerns, these widespread violations by Zango offer the FTC a clear opportunity to demonstrate the importance of full compliance with settlement terms. I look forward to a tough and effective response from the FTC.

This is the proverbial baton I was talking about in another post.

The more imaginative and effective are the weapons that are real. Never pull a baton you don’t intend to use, and batons come in many shapes and forms if you think metaphorically.

The FTC needs to wield said metaphorical baton…so the settlement is truly settled. Otherwise I predict what Jimmy Daniel’s echoes in this post of months past…or let’s go further back in history…..quote myself.

Companies will be measured by what they do and not what they say. Trust is not given, trust is earned.

I remember it well- inspired by this summit ages ago hosted by Esther Dyson. I recapped my thoughts almost a year later…and yet ANOTHER YEAR has flown by. My children have become fluent in “malwarese”. Sad.

We are beyond summits…

I don’t want to hear “the affiliate did it defense” either…

I desperately want to be able to tell my children one thing- their government responded decisively.

It is sad enough I have to educate them about this ongoing problem.

Addendum: Zango refutes the findings.

Popularity: 6% [?]

Share This