Call me dissapointed or perhaps simply jaded but I am not so sure nonhierarchical news sites, despite their promises, are really what they are cracked up to be. I caught up with Joe Petvisashvili, creator of Jaanix.com, and an expert at tackling the problems.
In short, is there anyway to stop the system gaming that threatens to turn “citizen powered media” and free choice into marginalized popularity contests?
Wayne: Why did you start Jaanix?
Joe: I asked myself were there any alternatives to the problem you cited? Is there any way to have a community that can aggregate stories interesting to their users, and one that doesn’t encourage group think and trolling? Is it possible to create a destination that encourages different opinions even those not mainstream, and where the marginal opinions are not shut down and blocked out by trolls?
Wayne: Ok I have worked with Jaanix for awhile, after our conversations on Whuffie, so how is it different?
Joe: For starters there is no front page, there’s no karma, nor points to gain. In my vision users should value quality information and accurate news for the sake of quality and accuracy. This is something that is not only missing in nonhierarchical news sites, but in much of mainstream media. The Internet was supposed to liberate information!
Wayne: O.k. that is a lofty goal so how does it work then?
Joe: There is AI [artificical intelligence] behind the scenes that tries to learn what you find interesting, and tries to make a calculated guess to what’s important for you.
Wayne: I have eclectic tastes Joe. How would it know what’s important to me?
Joe: You’re not alone in the world Wayne, there are other people, and some of have similar interests- this is a matter of simple statistics. By comparing the patterns of likes, clicks and other activity with our technology it can find what is common between you and others and recommend accordingly.
Wayne: Why hasn’t Jaanix become as popular or mainstream as you like. Is it a matter of time, or are there other factors?
Joe: The plethora of other social news out there that have completely discredited the idea of social recommendations. There is no accountability and it is hard to stop group think.
Wayne: Can you give me an some examples or opinions?
Joe: Sure, reddit claims to be offer personalized recommendations while it is really employing simplistic vote counting. This is merely a popularity contest.
Wayne: How about the powerhouse- Digg. I have even managed to get a few stories, in my malware hunting days, on the front page.
Joe: It started out strong but now the front page is totally controlled by a tiny clique of power users while claiming to be a “democracy”. Perhaps the biggest loss is Hacker News – it was the last refuge for the reddit elite is now turning into “dictatorship” of sorts.
Wayne: O.K. Joe what can Jaanix offer users?
Joe: Jaanix is all about empowerment, stewardship and giving you back what you deserve. The more feedback you give - the more valuable information you receive. And there are so many ways you can give feedback: clicking only on things you like is already enough for the recommendation technology to know you, but you can also adjust your preferences dynamically with fast and easy to use sliders. You can even post and save things that you care about into your personal sub-jaanix.
Wayne: Cool. I will be giving it more attention. Thanks for your time Joe and good luck on your mission.
Users who haven’t checked out Jaanix might want to give it a try as an alternative to the household names of recommendation sites. Information is power and money in a virtual world and you are far better off if you are getting the best information. Quality beats quantity anyday in my book. Surf to: http://www.jaanix.com
On July 16th 2008 there will be a protest rally at The Barbican Centre (The Barbican Theatre) in London. The purpose of the event is to protest against plans by BT Group PLC, Virgin Media and Car Phone Warehouse to deploy intrusive technology across their broadband networks for the purpose of profiling the behaviour of their customers which is then sold to Phorm Inc. (formerly 121Media) and used for their Open Internet Exchange (OIX) service.
It seems they make good on their promises. Read on for excerpts of the coverage…and perhaps a lesson.
I have taken the liberty of quoting some of the more poignant wrap-up material, I suggest concerned parties read each article.
Now for a little bit of a rant, not enough people turned up (not even all the peopole who said they would be attending turned up). I shouldn’t need to remind people how much work went into this event and I certainly shouldn’t need to remind people how important it is for everyone to stand up for their rights and attending the protest would have been a step towards that. The protest was announced 2 months ago and it would have been nice for people to arrange a day off from work and make the effort to attend. I don’t use an ISP who are interested in Phorm (quite the opposite) so I personally have nothing to gain from the literally thousands of hours I have dedicated to trying to protect you guys from this sinister technology and whereas I appreciate the thanks and support I recieve from people this is not about me, it is about everyone and it is a very serious issue, so I was a little disappointed to see so few people turn up.
The European Commission has sent a message to the British government, and it reads something like this: “If you don’t deal with Phorm, we will.”
Earlier this month, according to Dow Jones, the European Union commissioner for information society and media sent a “pre-warning letter” to UK authorities, voicing her concern over Phorm, the behavioral ad targeter poised to track user activity on Britain’s three largest ISPs: BT, Carphone Warehouse, and Virgin Media.
BT has already conducted two trials with Phorm - and web surfers were not notified.
“It is very clear in E.U. directives that unless someone specifically gives authorization (to track consumer activity on the Web) then you don’t have the right to do that,” EU commissioner Viviane Reding said. If UK government does not deal with the issue, Dow Jones says, the EC could take action in the European Court of Justice.
I think that was probably as bad an AGM as BT could possibly have hoped for. It was completely dominated by Webwise, and the directors were made to look extremely uncomfortable.
I know some online will be unhappy I didn’t challenge them more aggressively; the reality is I would never have prevailed so I didn’t try very hard. BT Shareholders are a genteel bunch, I didn’t want to make myself the villain of the piece.
Curious thing; Ian Livingston answered not one single question that I put to the board, and the words Webwise or Phorm did not pass his lips once during the AGM.
One thing I did learn from shareholders was how great a concern phishing is to some people, particularly people who are relying on savings and investments for income. Its important we get the message across that filtering (as occurs already for child abuse sites) does not require advertising or mass surveillance. The two are completely separate and independent. If people do want network phishing filters, and choose to opt in to that as a service, why not? I think that’s a great idea if that’s what people want. Everything else about Phorm is vile, evil, and repels me to the core.
My Own Conclusion
Perhaps people who dislike the way things are going on in the world or certain issues that raise their hackles should take a clue from the playback across the pond. For example- predatory advertising practices. Concerted and coordinated action can cause pressure and pressure often causes change.
I have been talking about the Phorm and NebuAd lately and I received a very insightful comment from Kellie Stevens from AffiliateFairPlay.com Kellie has my utmost respect in terms of chasing the money trails and is a modern day click sleuth…I have paraphrased her comment and made a few spelling corrections and bolded a few key sentences. The original post about the controversy plus the comments can be found here. Other relevant posts: Twelve Questions for Phorm, more on Phorm, some more and Phorm’s response to me.
Kellie writes:
These are indeed very important issues emerging around NebuAd and Phorm. On a side note, it should not come as a surprise that some of the execs at NeBuAd are former execs from Claria/Gator. It is similar data tracking but only at a potentially much larger scale.
INAL so I’m not sure how strong of a legal case the Intellectual Property angle may be. It didn’t work that well in the past with lawsuits involving adware. But then a split hair can make all the legal difference at times.
I do think that there other issues surrounding this aside from consumer privacy rights and concerns. As if that isn’t enough in and of itself. ISP’s willingness to use both Phorm and NebuAd (until the stuff hit the fan) follows the same track as other practices I’ve observed by ISPs, which are flat out browser hijacks for their own profit IMO. With ISPs facing more competition these days and are looking at online advertising as a revenue source they need to understand what types of practices are and are not fair game. If certain practices have been deemed as unacceptable by software, why can an ISP engage in the practice? As an end user, I’m not any more happy when my browser doesn’t go where I’ve specifically intended for it to or my user preferences have been overridden. It doesn’t matter to me if it’s a piece of software or my ISP that has done it. I’m actually more disturbed when it’s my ISP because I view them (whether it’s correct or not to do so) as a public service provider such as other media providers. Indeed cable companies have been regulated by Public Service Commissions in the past, although that regulation seems to pretty fragmented now. Regardless, I have expectations of a higher level of responsibility from my ISP (which may well be providing my TV and telephone service as well in the case of companies like Charter).
I also think that this brings up another issue that I don’t think has ever been adequately addressed when looking such data collection by software applications on the end user’s computer. Even if the end user does agree to opt in to tracking such as by NebuAd and Phorm, where is the line drawn about what type of information can be collected and how it can be used. Online businesses need to have their rights to fair competition and protection of proprietary information protected along the same lines as in the brick and mortar world. The boundaries seem not as clearly defined online as they are offline.
I brought this issue to the FBI in the past in the form of a formal complaint when I saw the type of data a particular adware application was collecting and sending back to their servers. Coincidentally (?) the behavior disappeared from the adware a few weeks later. Of course some forms of behavioral tracking with consent has long been considered acceptable. Hence Nielsen ratings.
Thanks for the great commentary Kellie. It was too good to lose your thoughts in my terrible commenting system…I will fix that eventually…Keep up your fantastic analysis.
ON WITH THE PROTEST
Some people are not taking it sitting down either- they are having a protest. The people across the pond take their privacy very seriously. Good for them!
On July 16th 2008 there will be a protest rally at The Barbican Centre (The Barbican Theatre) in London. The purpose of the event is to protest against plans by BT Group PLC, Virgin Media and Car Phone Warehouse to deploy intrusive technology across their broadband networks for the purpose of profiling the behaviour of their customers which is then sold to Phorm Inc. (formerly 121Media) and used for their Open Internet Exchange (OIX) service.
NebuAd in the U.S. and Phorm (formerly 121 Media) in the U.K. have both been accused of deep packet inspection of user traffic without consent with the lofty goal of tracking behaviour to target ads. I posted a dozen questions for Phorm and while I know they have followed the entries, they declined to answer the dirty dozen. For what it is worth I also invite NebuAd to answer them as well- these are the questions that need to be asked. (So that it is clear Phorm and NebuAd are seperate companies and not related.)
The fundamental issue is pretty clear- permission needs to be obtained, it needs to be obvious and in easy-to-understand language. This means fifty page EULA’s written by lawyers are NOT the answer either. Bypassing consent is a deal killer.
…compares the NebuAd process to serving some other cola to a customer who asks for a “Coke.” He argues that when the NebuAd cookie is injected by your ISP into a page they serve you, that the page is no longer the exact page you asked for. He says ” When your ISP delivers you a page with a NebuAd cookie injected, the statement that this is the page you asked for is false. The ISP is passing off the NebuAd cookie as being from Amazon. It’s not.” This seems like a bit of a stretch to me, but I’m not an intellectual property attorney. He argues that since the cookie is used to sell you goods that it would be close enough to be an issue.
Talk about splitting hairs and cookie crumbs!
A coalition has formed to tackle NebuAd. (This is good!) The groups at this stage in the game include heavy-weights like the: Electronic Privacy Information Center (EPIC), the Electronic Frontier Foundation (EFF), the Center for Democracy and Technology (CDT), the Center for Digital Democracy (CDD), Public Knowledge, and Free Press.
As other security gunshave reported Charter Communications has cancelled a pilot of the NebuAd advertising system and apparently CenturyTel is cutting NebuAd loose as well. MediaPost reports that the CDT plans to present to the Senate Commerce Committee that NebuAd’s methodology may violate federal wiretapping laws due to how communications are intercepted. The title of their June report: “NebuAd and Partner ISPs: Wiretapping, Forgery and Browser Hijacking.” leaves nothing to the imagination.
The state of online security is wobbly enough, the last thing people need is yet another incursion that erodes their privacy. While privacy and security are different they are related…I really feel this needs to be nipped in the bud so make your voice known.
Ironically some people might already know…this quote from Art Brodsky a spokesman for Public Knowledge on NebuAd’s CEO’s claims is pretty startling:
“We have seen video of the NebuAd CEO saying, ‘Google knows what they do on your site, but we know everywhere you go, the sites you stop at and ads you see.‘ The problem is there’s no opt-in or opt-out to these types of services.”
It used to be that “street memes” were hard to track, but that has changed with the Internet. What is hot in the areas of spray paint, zines, tee-shirts and fringe culture greatly interest me (almost as much as shock memes in and of themselves)…so what about print-on-demand (POD) or Just in Time (JIT) inventory from grass roots designers? What can we infer or learn if anything?
Do t-shirt sales trends reflect the rise and fall of candidate popularity?
Do current events crank up sales? What does it say about their base?
The Cafepress graph offers a snapshot of weekly candidate product sales so you can do your own analysis…
Cafepress “Election Meter” charts sales across their millions of user created content products.
CafePress declares Barack Obama has won the Democratic T-Shirt Primary with 49% of cumulative sales, while Hillary finished at 18%. Look at the Meter since November, and you’ll see the T-Shirt Primary was truly an indicator of voter preference!
According to CafePress Obama took it away with a commanding lead. Let’s us take a look closer at the number of designs and total number of products. This should give us a better feel…from my snapshot (June 19, 2008) Obama has a commanding lead in overall products and a good edge in terms of designs.
Barack Obama: 32,800 designs on 1,140,000 products Hillary Clinton: 21,000 designs on 650,000 products John McCain: 8,250 designs on 291,000 products Ron Paul: 6,110 designs on 120,000 products
How about the inverse? Anti-candidate products…
Anti-Barack Obama: 6,480 designs on 215,000 products Anti-Hillary Clinton: 4,130 designs on 111,000 products Anti-John McCain: 3,080 designs on 85,400 products
I predict that in the future POD and JIT systems will be contested areas and political pundits will wake up to analyzing the “on demand” spread of ideas and candidates through these systems and various products.
I can almost hear some silly analyst on CNN now…
“Candidate X has a slight edge over Candidate Y in mouse pads, but a blazing lead in coffee mugs and golf balls in terms of conversion and number of products.”
“What does this mean?”
“Well it is hard to say, but the golf balls implies a more affluent voter base than Candidate Y”.
“How about the area of tattoos?”
“Anti-candidate tattoos or pro-candidate? Very important we take this into account.”
I go on record that while I think the right to bare arms is important, I would gladly give up that right as there are about fifteen other rights I would rather have. No bother. I had so much fun making my first set of target videos, inspired by Sam Harrelson’s Guns and Cookies, that I decided to grow an Isaac Asimov-like set of chops (or Wolverine if you are a younger person and so inclined) and give the .32, .357, and .44 magnum a go out in the homestead. (I have since shaved BTW.)
No worries… People shoot guns out in the hills all the time. The key element is they do not shoot people. That is not only rude, it is also illegal. In this video you will make note that the final four shots from the .44 are “loaded”. It nearly took my hand off.
And yes I already know “the spider” found out and reported in a magazine months ago that I got shot. For the record it was in the thigh…there are some other inaccuracies in that story, but for the sake of the story I will let it be. Thanks to Steve Rosenbaum and Jim Kukral for inspiring me to explore video despite not being comfortable with the medium. I am sure I will improve over time.
Since everyone is up in arms over Phorm, and as a security professional I believe there are many valid reasons to be concerned. I have put together a very simple Q&A. People who know me know that I treat these Q&A sessions fair and square. I take no sides, simply ask the questions and post the responses. The party can even pass on the question.
Phorm has informed me they would decline the Q&A here or at Revenews. If they don’t like the venue I urge others to take the list of questions, make the same offer and add your own. You don’t have to be nasty, just demand to be heard. Here we go- some questions I, and other security professionals, have. I am really curious as to the answers.
Questions for Phorm
Question 1. Why did Phorm not responsibly advise British Telecom (BT) against doing the trials in secret without consent nor explaining it to BT support staff?
Question 2. Is Phorm’s WebWise system currently undergoing development that will make it stealthy?
Question 3. What are the time frames for the next trials, with whom and what should we expect to see?
Question 4. How will Phorm’s WebWise system ask for consent without first intercepting and/or modifying the user’s connections over the Internet?
Question 5. Are Phorm aware that their technology will force many users to switch ISP? Do they feel this is OK?
Question 6. Why do Phorm feel it’s OK to intercept traffic without opt-in consent for profit where officers of the law have to get court warrants for each case?
Question 7. Do Phorm believe that because interception of business e-mails within the same organization is allowed that it means that it’s OK to intercept anyone’s traffic?
Question 8. How will Phorm gain the trust of an entire population after what its done?
Question 9. Why, if Phorm is willing to be so transparent, do Phorm not make this software open source?
Question 10. What happens if the equipment gets hacked and repurposed by hackers?
Question 11. And what happens when exploits are found in third party software they may be using as part of this solution? For example, a regular expression exploit: http://www.securityfocus.com/bid/14620
Question 12. Who will police the solution to ensure Phorm will not only follow the privacy laws during the tests, but in ongoing updates too? Does Phorm understand it will need everything checked with any changes, ranging from source code checks to legal requirements checks, demanding a team of specialized people just to monitor their solution?
There you go Phorm. An even dozen. I am happy to post your replies, or you can ignore it all and hope it goes away. History has taught me differently.
ADDENDUM:
William of Ockham chimes in with this comment:
Chris Williams from The Register has been in contact with EU Information Commissioner Vivian Reding.
She is monitoring the situation closely and is asking for anyone who is concerned about the covert and potentially illegal trials to send her a letter as soon as possible:
Viviane Reding
Member of the European Commission
BE-1049 Brussels
Belgium
The forum posting is based on an article published on the website http://nodpi.org/ which made false and defamatory allegations about Phorm Inc and Phorm UK, Inc – that we hijacked and replaced charity advertisements with our own ads.
Phorm have written to the author of the website, Alexander Hanff, and he has agreed to retract the allegations (see the article that now appears at http://nodpi.org/ under the heading “Humble Pie”).
In the circumstances we would be most grateful if you would edit the content on your article to remove the following words:
… which were substituted in place of some charity adverts e.g. from Oxfam.
Yours sincerely
Alex Laity
Phorm
Indeed the author of the blog has written Humble Pie Time as a retraction. I do not intend to edit my blog by deleting content. I will make every effort to get the straight facts and I will annote the blog so it is clear. In addition I have offered up an Interview Q&A at Revenews or here as to which Mr. Laity declined. I will post my questions anyway.
So that it is clear the ads were not hijacked but purchased.
From the Humble Pie Post at Nodpi:
I am unable to remove information posted on 3rd party sites but I will make this appeal to anyone who has posted stories, blogs or comments regarding the charity ads - please could you edit these to make it clear that I have the word of Kent’s solicitor and Emma Sanderson that these ads were in fact purchased and not hijacked.
Shameful indeed…It almost feels like the days of Nail.exe and Direct Revenue….wonder if they have a Dark Arts section?
It seems that there has now been a leak of the internal British Telecom Retail report, dated January 2007, which highlights the technical issues and performance of the illegal 2 week secret technical trial which British Telecom inflicted on thousands of its unsuspecting broadband internet customers, for two weeks in September 200 The report confirms that that none of the BT customers were consulted beforehand, and they did not grant their permission for their port 80 web traffic to be intercepted and modifiedby British Telecom and 121Media (as Phorm were then known
They tested out the substitution of banner adverts from a range of British based advertising agencies, mostly relating to Motoring, which were substituted in place of some charity adverts e.g. from Oxfam. It is unclear from this report whether Phorm had paid for the charity adverts, but, given the sneakiness of this commercial espionage test, it seems unlikely that any charity would have been consulted or agreed. The BT report highlights the obvious web cookie dropping problem and its incompatibility with informed consent.
The effect on static IP address customersby the sneaky imposition of the proxy servers is also recognized in the report. The report does not mention the Regulation of Investigatory Powers Act 2000 section 1 criminal offence legal implications of intercepting web based emails, but the engineers do seem to be passing the buck over to the BT legal department, to get the terms and conditions of the broadband customer contract changed.
Update:
A copy of the BT report (17Mb .pdf) also now resides on the supposedly “uncensorable” Wikileaks.org website in Sweden. Ouch.
ADDENDUM: Phorm contacted me about an accuracy. Please see this post regarding their letter, the original author’s retraction, etc. I have also offered up some questions for Phorm if they wish to respond to the e-commerce and security community.
Fifteen of the nation’s leading privacy and public interest groups released a letter urging Congress to hold hearings on the growing practice of Internet Service Providers targeting ads to subscribers based on their personal Web activities.
The letter urges the House Telecommunications Subcommittee leadership to investigate the plan of Charter Communications to capture all of the messages and activities of its Internet subscribers and share that data with a third-party firm, which plans to use the data to target those consumers with specific ads. The plan raises serious privacy and legal issues, the letter says.
This one had my colleague Timeless Prototype up in arms, hell they are even picketing BP shareholders over in the U.K. where people still value privacy (even though there are more surveillance cameras in the UK than I care to think about)…I found some good reading at the CDT blog.
Last week, the European Commission issued an answer to several queries regarding Phorm, a U.K. company that uses Internet traffic data to serve targeted advertisements. Phorm has proposed partnerships with some of the United Kingdom’s largest ISPs that allow Phorm to use deep packet inspection (DPI) to create profiles of individual consumers’ Web habits. Several members of the European Parliament asked the European Commission whether Phorm’s actions constitute an invasion of privacy contrary to European Union privacy protections.
European Commission & ePrivacy Directive
In its response to these questions (Joint answer given by Mrs Reding on behalf of the Commission Written questions : E-1884/08 , E-2227/08 , E-2576/08 ), the European Commission explained how the Phorm system intersects with the EU ePrivacy Directive. The Commission declared that, under the directive, the Web traffic information collected by Phorm is “traffic data” and the content of search queries intercepted by Phorm constitutes “communication,” both of which are protected from interception or surveillance without consumer consent.
The Commission noted that the U.K. Information Commissioner’s Office (ICO) — which enforces U.K. data privacy laws — is responsible for monitoring Phorm’s actions. In a review of Phorm’s DPI plans, the ICO said that Phorm’s system “does not appear to be” harming consumers. The ICO will be scrutinizing Phorm’s actions, however, to ensure that the company delivers on its promises to not violate consumer privacy rights.
The Commission itself is also taking ICO’s wait-and-see attitude, promising to remain vigilant in continuing to observe the situation and to “take appropriate action, should the need arise.”
Phorm’s Webwise system is a fascinating exploration of technology that is not fit for a commercially-sensitive Internet because if consumers lose trust in the Internet service they receive, it will harm the economy that is built around the Internet.
Even if that loss of trust has no factual basis! If this is not the case, it will simply be that the Internet ‘heals’ itself as consumers migrate to more trusted ISPs. The latter is already taking place regardless of cost and inconvenience to the consumer.
Many people in the UK have written to their MPs requesting an answer to the question: “If BT’s trials of the Webwise system were ‘illegal’ due to non-informed consent of the customers, then why has no criminal investigation begun?”
If it does go to court, it will be very important for each of the parties involved in the trials to show consistency in their actions at all times if they are to potentially get off lightly by showing that their intentions were pure. However, it may not go down so well if they are asked the question: “when issues were pointed out with the proposed solution, why was no action taken to remedy them?” But, this would really only apply if further trials of the system were to actually take place.
Currently it appears to be in a state of limbo. A grace period if you like where Phorm have the opportunity to hold off further public trials in order to implement changes that fix all the issues that have been highlighted. To deploy it now without making the changes whilst knowing about the issues opens them up to further litigation.
On the flip side, will this mean Phorm might try to make it completely stealthy and undetectable to the users and the web site owners? I’d like to hear a public statement from Phorm with regards to this question.
I will be following the progress of this very closely, as I’m sure many others are too.
You Bet I Will
NO time like the present to rattle the famous paperghost cage and my other Security MVP pals.
I apologize for the late April Fool’s Joke, but I prefer being out of sync, …(Scott Jangro has a funny video on April Fool jokes and includes some of my own history around jokes). You see why I had to publish something after the day of joking around. I also liked Jen Goode’s Penguin page. However Sam Harrelson sort of blew up every possible neuron I had left for lack of a better word. Hat tip to all you pranksters and story tellers. I laugh and I cry.
So on with my story on collissions and the value of generalization in a world of specialists and why being a specialist isn’t always great…I am thinking out loud because I can. (My Isaac Asimov beard is almost ready for video.)
Attention Serves Many Masters
My recent posts on Twitter and collisions received some play as I found it Stumbled, on many social networking pages and in some RSS feeds. Neat. It also got my attention as I ran through some stats and saw an alarming change in SERPs for my own blog (e.g. Right here.). I admit that I do not pay much attention to SEO because resources are better spent elsewhere and this blog often serves as my own sounding board, or “thinking out loud” place for others I know. I run small and large experiments, try creative approaches, and sometimes just keep an eye out for who (or what) shows up. Primarily I like to explore and share observations or give an opinion. I am not a lawyer.
I do not mean one should disregard SEO best practice- Don’t Be Evil is nice but perhaps too vague or too simple for the here and now. I think best practice might be to try to add to the value of the Internet through participation, discussion, and perhaps some basic common sense.
As a marketer if your site does not follow some basic architecture rules for Search Engines you will miss out on some of the “influentials” (potential collisions) that can happen.
If you rely on “search” as your primary attention tool you are probably missing out on a number of emerging technologies that connect people to people and therefore people to information. There are lots of sources of free information, there are plenty of people, but putting it together takes knowledge, experience and time and perhaps even a bit of luck. (Makes a side note to Ev- what might have caught your attention was not Unicode but perhaps the nature of chance e.g. gambling on Twitter or it could have been pure chance, on a quantum level just about anything “could” be responsible.)
Quick Review
I allready knew that my blog was dated and I have started the processes for cleaning up and proofing it for problems. In short a “force unknown” injected some pretty nasty links into a YouTube video post about self learning and another repeat injection another entry. It was injected in such a way as to be cloaked and the content I found extremely “disturbing”. Having researched, as a trade, some of the shadier sides of the Internet economy it really has to be nasty to make me flinch. This was pretty rude.
I am still tracking down how it happened, but it did get my attention as I realize how difficult it is to make everything secure in a period of hyper-change. The charge of being the steward of one’s own blog is a tough task today. However I realize that exploration means a trade-off in security. I value exploration and the liberty to do so and believe it worth the risk. Life is all about taking risks and the outcomes from those risks determine the future. I am a skeptical optomist.
I am not the only one battling it with issues of security, stewardship and liberty as I note various search engines and large media sites have either struggled, are struggling or trying to find their own way in a very chaotic world or at least one that seems chaotic. Reality is broken to the point of being “fake”. Actually I would argue “reality is not even real”, but that is beyond the scope of this post and my understanding. Remember I am merely thinking out loud.
Quick thoughts for my friends to ponder:
- Assume new rules are in play and have been in play for some time.
- Computers are truly acting and growing exponentially in ability.
- We need to start assuming personal responsability for our actions.
- This will take some time as no one wants to be ultimately responsible.
- Technology is pacing faster than our legal system and even our human brains can handle.
- A good place to start practicing stewardship is at your home- and online your home is everywhere.
- Wayne should heed the very advice he gives, but he sometimes gets lost in exploration. (Smack- because he is only human.)
- It is ok to make mistakes and learn, but try not to keep making a mistake over and over.
The Outcome and Dust
Over the next weeks you should expect some dust here as I clean-up some things, update Word Press and the various plug-ins I have tested, and continue working on streamlining my own “work processes” for better vigilance, productivity and fun. I add fun because I know I will be a better steward if I really love what I do and I really enjoy games. Make no mistake, as much as I like Word Press, a quick search on any specialist’s sites about various security vulnerabilities and it gives you an idea of how fragile the concept of security can be.
Think about this- There is much talk in game circles about “gold farming” and World of Warcraft. What does it mean when people start outsourcing their fun?
Spammers Kindle Interests
One cannot spend all the time dwelling on the negative- much of the media will happily do this for you. This is a part of the learning process and step one is a reality check. No amount of money, formal education or mentorship can replace experience. I could spend all day, and probably many nights, talking about the nature of reality, but I won’t bore you with mental gymnastics or semantics. I will add that I firmly believe in getting one’s hands dirty. It is important not to accept everything at face value. It is important to remain as explorers and to try to understand that the very construct we operate in shapes what we do or do not do. Even technology can obscure what we do, how we think, and our intent. We are not even aware of this layer.
So a nasty spam injection on an entry about informal learning forced me to open my eyes up further to how Search Engineers might have to cope with this stuff from a pragmatic standpoint, from an engineering standpoint and from an internal and external competition standpoint. I can cite cases like WorldCup Blogspit technique, Spazbox or the Kmeth worm as prime examples of past research I have worked on and just how difficult this can be to sort out. Search Quality Assurance guards another very important ecosystem- SERPs (Search Engine Result Pages). It makes me wonder if the philosophy of “Right Livelihood” can, from a pragmatic view, be maintained and who gets to set the rules?
Quality Really is Relative
I admit years of going after spyware pushers and scummy adware makers may have left me blinded from a more “holistic view”. I go on record that I dislike spam. However, I must see spam for what it is- a key parasite that sends signals about our society and our systems.
“Although parasites are often omitted in depictions of food webs, they usually occupy the top position. Parasites can function like keystone species, reducing the dominance of superior competitors and allowing competing species to co-exist.”
To put it bluntly, as much as I hate it- spam, in certain periods, probably serves a more important function than a WII Mote.
Motivations Behind Spam and Stewardship
I would guess that quick economic gain is the primary motivating force behind a spammer’s actions, however this doesn’t mean economic gain is intrinsically “evil”, it could mean that short-term thinking is not healthy for our species as a whole. This has been rehashed over and over recently in the hot debate around affiliates (note Google’s recent moves with Performics and DoubleClick). From experience I know that affiliates are often “the patsy” for spam, lacking resources they will try and test many systems to survive. However, not all affiliates are spammers, nor are all spammers affiliates. Bad apples do exist, but to lump everyone together is a dangerous road to walk down.
It is important to remember gain can be money, influence, social capital, etc. Where and how it is converted is important. “Right Livelihood” is a philosophical concept you can look up in a basic philosophy primer or probably one of those “guides for idiots”. As I examine my own life and experiences I have come to the conclusion that at the end of the day, what I want to strive for is good stewardship. My father taught me this action by example. He maintained very complex communication equipment over a large region, yet he would never hesitate to do the most basic tasks he would ask of other technicians. When leaving a tower site he always took the time to use a broom to clean the site.
It is odd how small actions I see over and over shape my vision and even other’s perception. I am sure in ways I do not know and cannot know. (e.g. Johari Window Communications Theory)
Power of Collisions…
In my interim posts about “collisions”, and a good and constant reason to be a social collider I happened upon a real-life metaphor on how powerful colliders are being built. I found this via Phillip Lessin’s bookmark on his FriendFeed. (Note my FriendFeed and disclosure of using an Amazon “affiliate link” as a crude form of “attention measurement”. This is like caveman era measurement.)
The world’s physicists have spent 14 years and $8 billion building the Large Hadron Collider, in which the colliding protons will recreate energies and conditions last seen a trillionth of a second after the Big Bang. Researchers will sift the debris from these primordial recreations for clues to the nature of mass and new forces and symmetries of nature.
Wow. That is some heavy stuff, yet companies are spending much more on mobile marketing. That is a constant you can bank on for a little while anyway.
Yet, and I cite the New York Times again:
“The possibility that a black hole eats up the Earth is too serious a threat to leave it as a matter of argument among crackpots,” said Michelangelo Mangano, a CERN theorist who said he was part of the group. The others prefer to remain anonymous, Mr. Mangano said, for various reasons. Their report was due in January.”
Double Wow. This is the New York Times and while we are looking at weird mobile advertising figures while some physicists are potentially creating collisions that could make the earth a black hole, in theory. What next? The cure for cancer? Even if we had such a cure I think it would be important for many people to talk about it first because we probably couldn’t handle it. I would suggest printing it on the back of baseball cards in some sort of statistical code so people could find it later. Everything takes time and time is a finite resource for people. Come to think about it, baseball might not be valuable so I might use rocks or stone.
The Meme Code- Spam or Brilliance?
A game from the creator of FriendFeed…
I think it is quite interesting, yet I worry about diversity. Note how the web pages are encoded to “die”.
The meme code generates a page from a visitor who arrives from Google, the page will create a new modified and randomized version of itself via a database back-end, and creates a link to it in a visible place. The new page will continue do the same as the old page. After some time a page is taken offline or “dies” although how it dies is not made clear.
Over time several pages would be able to specialize on search niches in the Web – word combonations people are looking for that are not yet covered online are created. This makes “evolutionary pages” turn up in the top results which people will actually click on. A search phrase entered by a search engine visitor is just like food in our nature’s ecosystem. Primarily our ecosystem is full of corn- I might add as an aside. The dynamic process of the meme game means there will be specialized or niche pages to catch this “food”.
A page’s “meme code” will lead it to become a successful species with a lot of offspring, or if not popular it will die and be forgotten…this is not new as Lessig’s game has been around for sometime….even affiliates have been doing it with web services and/or datafeeds too only I doubt they encoded a “termination gene” into the pages. Limited resources and financial incentives would probably force smaller publishers to ensure all pages live and to not practice disclosure because it selects against their visability.
See Kids Forbidden to Use Google this is good food for thought. The comments are even more illuminating. As I collide along I start to make some neat connections and new ways of seeing and experiencing the world. I share them because I am able to do so. I think therefore I am.
How Can You Collide with People and Have Fun? Here is a simple and short list. Five simple concepts or exercises.
Break your pattern: This is much harder than it seems because patterns are so ingrained.
Talk with others outside of your core discipline from time to time. Exchange information. Be tolerant.
Spend some time in the humanities, music, or philosophy to find common ground or evaluate new and old views.
Understand that collissions can be bumpy, but you will grow your business and you will grow. That is OK.
Help someone out. I don’t want get into the philosphical arguments about the nature of altruism (selfish or not)- just help someone or take the time to thank them. It simply makes the experience here more fun.
Example Exercise. Think about Music and why you listen to what you do? How does it make you feel? Today my son is using the Wii to play songs on Guitar Hero. The songs or genres he finds “main stream” did not even exist when I was his age, and when I was a foolish teenager they were considered “taboo”. I am an adult, I am still foolish yet wise enough to know I am foolish, but at any age I can appreciate music.
Here is some music via a video (Semi-Random- I selected it from someone’s Last.fm feed) and it is not a band I follow: Faith & the Muse - Burning season. Do you like it or not? What do the images conjure in your mind? Who listens to this? What neurotransmitters change in the brain when you watch or listen to music? I don’t know- that is the downside of being a generalist in a specialized world. I am asking the same questions because I think they are good questions to ask and by building bridges I can find some experts.
So excuse me while I randomly select someone from Twitter or maybe somewhere else for my next experiment. I plan to use a new O/S, and a couple of dice rolls, and the room temperature to help with the randomness- there are some things in life I don’t want to outsource e.g. being random.
I had a long talk with a colleague about death and our digital lives…it stemmed from an earlier post about Kurt Vonnegut and a question Kevin Lee posed in a LinkedIn thread about what to do about the blog remnants of those now gone. The digital aspects of our lives will continue, at least until the account or medium fades, for some time after our deaths. They can be quite awe-inspiring, like the Vonnegut video, or perhaps dark and sinister as Steve Rosenbaum noted in the Huffington Post piece regarding my trip around the grid. His thoughts on Cho and the Virginia School shootings in stark contrast to Vonnegut’s passing and their respective digital “after-spectrums”- for lack of a better word, and because I feel “spectre” has too much of a negative connotation. Be it web page, forum post, blog entry or avatar…this is something I think will come to startle us a bit as we move on as a society.
It is hard to run from your old classmates now, thus it is logical to believe it will be hard to run from the after images of the departed. I wonder if this is how the families of say- a famous book author might feel.
ON CHO and VONNEGUT
The Huffington Post piece goes on too say…
And as if this week didn’t have enough terrible news…there was the sudden passing of Kurt Vonnegut. Perhaps not surprisingly - Vonnegut did something to make his mark, even in his passing. He creates a clue about what immortality may look like in our new virtual world. As Wayne Porter discovered in his exploration of the grid of Second Life.
So in a chilling parallel, both Vonnegut and Cho live on - virtual media selves that reach beyond the grave. Vonnegut’s immortality is a sign of the web’s power to amplify and archive wonderful creative minds. Cho’s immortality is less welcome, and profoundly disturbing. Would Cho have been inclined to act if he hadn’t known that he could push the buttons of the media machine? We’ll never know the answer.
RISE OF 3D VIRTUAL MEMORIALS
So as we grapple with what to do with our post-human selves as we decay. Threfore it comes as no surprise that memorials (mail me if you know of more 3D memorials) should start cropping up. Unlike the two-dimensional funeral home pages these pack more punch. First we have (courtesy of Point3D) the 9/11 Memorial. I happen to know Liam Kanno, who runs Silicon Island.
9/11 SECOND LIFE MEMORIAL
The build has been carried out by Liam Kanno (in real life: Odin Liam Wright) of the V3 Group. But this is more than just another commission for Liam, one of the most talented builders in Second Life. He was at Ground Zero that fateful day, and so this is of special significance to him. I believe my New York friends will find this site deeply moving, but this was a tragedy of global impact: 82 nations lost people that day. I hope you will agree that this is a most fitting tribute.
SECOND LIFE VIETNAM MEMORIAL
Then the truly technically difficult and exhausting task of recreating a well known memorial in detail- the Vietnam Memorial in Washington, D.C. I should note a correct as it is scheduled to open in-world at The Wall island on November 7th, 2007 to coincide with the real life event in Washington DC.
From my talks with developers (OK I have my hand in it), a complete detail of the Vietnam Memorial Wall. I have seen the beta and it is awe inspiring. I don’t think you can quite capture the power of the real thing, how one decends into darkness, or seems too, and then after reach the middle of the Memorial one seems to slowly emerge into the light. These events transpired when I was too young to even understand them (does anyone ever really understand?), but one can’t be helped feeling emotionally bowled over or
The island will open to the public in early November, with a formal unveiling on the actual anniversary, the 13th of November. The plan is locate the island adjacent to the existing Capitol Hill islands, reflecting their location in the real world. The island will feature all 3 components of the memorial: The Wall; the Three Soldiers statue and the Vietnam Women’s Memorial. Information and name search facilities are planned, along with the option to leave virtual items (supplied by Meme) at The Wall.
The purpose is to provide a contemplative space for remembering the U.S. servicemen and women who died in Vietnam. It will be tied into a website that will offer name search facilities, research resources and more. The full list of features remains to be finalised. Evian was at pains to point out that the aim of the island is not political, it is simply to honour those who had given their lives and provide an education resource for those wishing to find out more, with tours, seminars and other events.
IF WE DON’T FORGET
These aren’t the only memorials either. Some are small gravestones, or epitaphs on prims textured with granite, or a poem carved on a random spot on the ever-changing, pulsing Grid. The nice thing about these memorials, if done correctly, it affords people the opportunity to see them, experience them- those who would never have had the chance. No, I don’t believe they will replace the impact of “the real thing”, but they help us to not forget.
If we don’t forget, hopefully, we won’t repeat the same mistakes…I still find it sad that we continually have a need to build so many memorials…where the names number in the thousands, or tens of thousands like the Vietnam Memorial. We should look at them and remember, or if we were too young, ask why they are there.
Zango’s response in the past to Edelman’s allegations has been to impugn the motives of the messenger. “There are people, and I won’t identify anyone specifically, but if you look at the loud detractors of us in particular — not of the space, because spyware is a problem — but the loud detractors of Zango, most of them, if not all of them, have a direct financial benefit to continue to churn out fear about us and about this space,” said Smith in November. “Whether they’re selling software or consulting services, they have a direct financial incentive to make us look bad.”
And that remains the company’s position. “Ben does have a financial incentive here,” said McGraw. “He purports to be an independent academic but he does benefit commercial from reports like this. It’s not unnoticed by us that as a paid consultant in litigation against Zango, he uses this in order to garner extra fees from his client base.”
Zango too has a financial incentive here, as can be inferred from its decision to sue security company PC Tools Limited, which makes a program called Spyware Doctor that uninstalls Zango’s software.
In June, Zango lost the first round in that case when the judge denied Zango’s application for a temporary restraining order. The judge said it was unlikely Zango would prevail in its allegations of tortious interference, trade libel, or violations of the Washington Consumers Protection Act. The judge considered PC Tools classification of Zango’s software as something to be removed to be reasonable “given Zango’s past conduct” and other companies’ assessment of Zango’s software.
Years ago I was a nurse. One could imply I had a vested interest in keeping people sick. But I wouldn’t- it is a simple matter of ethics. The spirit of an oath I took.
I was on the scene long before Zango, or before the big A/V companies joined in, or the government, or even Ben Edelman- I have seen the kitchen sink. I started from the mindset of advertising software could be a great idea, to a neutral stance (mediating the Summit at the Yale Club), and finally- this model is so broken and there is little to no incentive to fix it, and no penalty harsh enough to deter it. I have seen little if any improvement.
I am still trying to figure out if the guy in the article is the Zango fellow (That you Ken? I recall the person being new to Zango and thinking- I feel sorry for this person.) who, very politely I add, called me up during the RSA show while I was on the floor talking about meeting up and their FTC Certification. I told him I didn’t realize the FTC certified companies. News to me. Must have been a mistake or a special thing. I think someone has a video of that call. I must see if it can be retrieved because I think I can be heard.
I have seen this before, time and time again- don’t like the message- attack the messenger or their motivations. I have read it before it too…sometimes in e-mails the public doesn’t get to see. Maybe they should? (Eric Howel recall our conversation standing in line in San Francisco? What we would rather be doing?)
There is more…
In a November, 2006 interview with InformationWeek following the announcement of the FTC settlement, Zango CEO Keith Smith sounded contrite. He acknowledged that pop-up ads — at least “traditional” ones, which may be distinct in his mind from the ones Zango delivers — are problematic and distanced his company from the actions of its affiliates. “The traditional pop-up is typically a terrible experience for consumers,” he said.
Yet, Zango continues to deliver that experience to consumers, according to Edelman, who points to “ongoing Zango-designed installation sequences which install Zango pop-up ad software without any on-screen disclosure of material terms” and other pop-up ads that violate the FTC settlement requirements
“On computers running Windows XP Service Pack 2, the installation sequence described in the preceding section appears somewhat differently. But the core shortfall is the same: Here too, Zango installs without unavoidable and prominent disclosure of material terms. Installation proceeds in five steps:
1) Various web sites serve ads like that shown in the top screenshot at right. In the example shown in at right, a freestanding popup asks “Do you want to block Junk Emails ?” (s.i.c.). In some instances, these installations begin with a Zango banner ad embedded within a third-party publisher’s web site (as shown in the first screenshot of the preceding section).
2) If a user clicks Zango’s ad in step 1, the user is taken to the landing page shown in the second screenshot at right. The screenshot shows that landing page just as IE displayed it (without any adjustment of its size or shape). Bullet points tout the various features Zango promises (“Protects your Inbox from annoying Junk mail”, s.i.c., etc.), but Zango makes no mention of any adverse effects or any bundled advertising whatsoever. An animated red arrow encourages users to press a button labeled Free Download.
3) If a user presses the Free Download button, the user receives the standard Internet Explorer download confirmation screens shown in the third and fourth screenshots at right. These are standard IE SP2 screens shown during any EXE download.
4) Zango then shows a screen captioned “Welcome to the Spam Blocker Utility Installation” (the fifth screenshot at right). This screen presents a lengthy End User License Agreement (4,070 words, 45 on-screen pages) within a scroll box. The first page of the EULA mentions the single word “advertising” without any specific disclosure of the type of advertisements (e.g. pop-up ads and in-toolbar ads). The first page mentions that “our [Zango's] software collects information” but says absolutely nothing about the nature of information collected, or about where that information is sent or how it is used.
5) Finally, Zango asks the user to choose between the “free ad-supported version” and the “Paid version” (the bottom screenshot at right). But as explained in the prior section, this choice is illusory: Nowhere does Zango describe the kind of ads at issue, nor does Zango offer any abort or cancel option for users who want neither ads nor a charge.
If a user chooses the “ad-supported” option, Zango installs in full — including its browser toolbar and its pop-up ads. Users have no further opportunity to cancel installation.
Bold text by me- not sure which one is installed- can they just arbitrarily roll out new lines and product names to evade a settlement?…
Lastly the banner…it depends on interpretation, but I seem to recall, years ago, Bonzi Software agreed in a settlement of a class action lawsuit to stop presenting banner ads disguised as fake user interfaces (FUI) or fake Microsoft dialogue boxes. Thanks Metafilter…is that kind of advertising ethical or really just trickery?
You can be the judge if it clearly and prominently discloses the material terms prior to the display of, and separate from, any [EULA] and if Zango labeled each of its ads with a clear and prominent marking as to the source of the ad, as well as a hyperlink to removal and complaint procedures…well you can judge part of the time- as I get the read on Zango’s response- this seems to only apply to “the software in the settlement”…is this really our legal system- are they really serious? Yep- they do it because it works. Try asking any aware teacher at your child’s school computer lab.
Point 1- I am not a lawyer, yet I do not recall any provision for heritage or grandfathered applications in the FTC settlement. I recall “any software program” being cited.
Point 2: They claim the material is outdated, well apparently you have lots of installations of your software floating out in hyperspace. KNOWING the ongoing problems it is quite simple to engineer a time delay “blade runner” or kill on remote. Given the past trouble with “partner sprawl” that would be a smart and proactive step. The stuff is still being installed.
Point 3: What is considered archaic and out-dated of a test computer? I think Ben tests, as most do, using a virtual machine at 800×600. Easy to read and hardly manipulation in my eyes.
As an aside, paperghost seems to be finding similar problems. I bet he isn’t the only one either.
If I didn’t know paperghost and the fact he wore the madcap shirt to RSA at our presentation…I would find it hard to believe.
Thomas Dullien, a prominent security researcher who has been a fixture at the annual Black Hat security conference, was denied entry into the US on his way to this year’s conference. Dullien said he was blocked from entering the US “for carrying trainings materials for the Blackhat trainings, and intending to hold these trainings as a private citizen instead of as a company.” The ironic twist? Dullien claims that “the largest [number] of attendees are US government related folks, mostly working on US National Security in some form.”
Next up is Christopher Boyd, Microsoft Security MVP and Director of Malware Research for FaceTime Security Labs. On a recent trip, Boyd discovered that his baggage had been inspected. He describes the affair: “Admittedly, a suitcase containing shirts saying “Terrorist”, “N.W.A” and “Hung Gar Kung Fu” is going to tick the “mad bomber”, “black power” and “Crazy Kung Fu Communist” boxes for Homeland Security in one fell swoop, but I was surprised to find that, while a “Notice of Baggage Inspection” card had been desposited in my case, a “We’re keepin sum stuff bai” card was strangely absent.Why? Oh, maybe because ALL OF MY UNDERWEAR IS MISSING.To the kinky freak running around in PG Pants, I hope they serve you well. But really, you could have just asked.”
This is why you should make up silly written languages for notes, never use power point or study ancient Assyrian- there is now a pragmatic use. As for paperghost- I had zero to do with the underwear but it sounds like you have a fan!
I have examined an article that will probably make some people at Zango queasy. Colleague Ben Edelman (assistant professor at the Harvard Business School in the Negotiation, Organizations & Markets unit) dissected some recent Zango installations — then cross-checked them with Zango’s settlement with the FTC.
The settlement bars Zango from using its adware to communicate with consumers’ computers – either by monitoring consumers’ Web surfing activities or delivering pop-up ads – without verifying that consumers consented to installation of the adware. It bars Zango, directly or through others, from exploiting security vulnerabilities to download software, and requires that it give clear and prominent disclosures and obtain consumers’ express consent before downloading software onto consumers’ computers. It requires that Zango identify its ads and establish, implement, and maintain user-friendly mechanisms consumers can use to complain, stop its pop-ups, and uninstall its adware. It also requires that Zango monitor its third-party distributors to assure that its affiliates and their sub-affiliates comply with the FTC order. Finally, Zango will give up $3 million in ill-gotten gains to settle the charges. The settlement contains standard record keeping provisions to allow the FTC to monitor compliance.
One- Wayne Porter, Paperghost, Sunbelt, Ben Edelman, Eric Howes, Facetime, Suzi Turner, Wilder’s Security, PCPitstop, CastleCops, Spyware Warrior, Temerc, and countless other security watchdogs have noted this type of behavior for years. Others in the performance marketing industry have covered and discussed e.g. Todd Crawford- source Revenews.com per Wired, Peter Figueredo noted the “heavy settlement”…I feel it was “a slap on the wrist” and if I took things personally a “slap in the face”- good thing I don’t.
Ben’s article argues Zango’s compliance is unusually poor. For one, some of Zango’s “installs” — especially the Hotbar-descended installation sequences fail to show the “short form notice” (prior to and separate from a EULA- End User License Agreement) that the FTC settlement specifically requires. Furthermore, some Zango ads up to and including toolbar ads, desktop icons, and even some pop-ups, don’t have the labeling and hyperlinks the settlement requires. Ben’s piece has the nasty details in his usual cold, cutting and methodical fashion and this security and media researcher is not surprised.
Naturally we have video and an array of screenshots. Ironically I have to wonder if this is what they mean by “the long tail” and “user generated content”- lets “help keep the internet free” or something similiar?
Since I have been talking about video ala Steve Rosenbaum (I did warn about never going the “adware” route) so keep that in mind Steve if you open things up…fine line between fair money and trust.
This article summarizes selected incidents I have recently observed. In particular:
Widespread Zango “ActiveX” Installations without Unavoidable, Prominent Disclosure of Material Terms (XP SP1 and Earlier).
Widespread Zango Banner-Based Installations without Unavoidable, Prominent Disclosure of Material Terms (XP SP2).
Ongoing Zango Installations with No Disclosure Whatsoever.
Unlabeled Zango Ads - Toolbars, Desktop Icons, and Pop-Ups.
Zango Ads for Bogus Sites that Attempt to Defraud Users.
These practices call into question the integrity of Zango’s business, as well as the status of Zango’s compliance with its obligations under its recent settlement with the FTC.
When Zango and the FTC announced their settlement, Zango claimed that it had “met or exceeded the key notice and consent standards since January 1, 2006.” I emphatically disagree. With widespread ongoing installations that fail to provide the notice required under the settlement, Zango cannot claim to provide the necessary notice before installing. And with widespread toolbar, desktop icon, and even popup ads still lacking the labeling required under the settlement, Zango cannot claim to be consistently providing the on-ad notice the settlement demands.
In a letter to me and to Eric Howes, responding to our concerns about enforcement of the FTC’s then-proposed settlement with Zango, the FTC said it “recognizes that it must be vigilant regarding Zango’s conduct once the proposed order becomes final.” I have previously remarked on FTC enforcement actions I consider too timid or narrow (echoing the position of FTC Commissioner Leibowitz). Whatever my prior concerns, these widespread violations by Zango offer the FTC a clear opportunity to demonstrate the importance of full compliance with settlement terms. I look forward to a tough and effective response from the FTC.
The more imaginative and effective are the weapons that are real. Never pull a baton you don’t intend to use, and batons come in many shapes and forms if you think metaphorically.
The FTC needs to wield said metaphorical baton…so the settlement is truly settled. Otherwise I predict what Jimmy Daniel’s echoes in this post of months past…or let’s go further back in history…..quote myself.
Companies will be measured by what they do and not what they say. Trust is not given, trust is earned.
Posted in Civic Issues, E-Commerce, Free Software, Gadgets Widgets, Social Bookmarking, Social Networks, Web 2.0 by wayne.porter on July 18th, 2008