Category: genres

Posted on

Intermix Revisited

I recently had the honor of serving as an expert witness in The People of the State of California ex. rel. Rockard J. Delgadillo, Los Angeles City Attorney v. Intermix Media, Inc., Case No. BC343196 (L.A. Superior Court), litigation brought by the City Attorney of Los Angeles (on behalf of the people of California)against Intermix. Though Intermix is better known for creating MySpace, Intermix also made spyware that, among other effects, can become installed on users’ computers without their consent.

On Monday the parties announced a settlement under which Intermix will pay total monetary relief of $300,000 (including $125,000 of penalties, $50,000 in costs of investigation, and $125,000 in a contribution of computers to local non-profits). Intermix will also assure that third parties cease continued distribution of its software, among other injunctive relief. These penalties are in addition to Intermix’s 2005 $7.5 million settlement with the New York Attorney General.

In the course of this matter, I had occasion to examine my records of past Intermix installations. For example, within my records of installations I personally observed nearly two years ago, I found video evidence of Intermix becoming installed by SecondThought. By all indications, SecondThought’s exploit-based installers placed Intermix onto users’ computers without notice or consent.

Using web pages and installer files found on Archive.org, I also demonstrated that installations on Intermix’s own web sites were remarkably deficient. For example, some Intermix installations disclosed only a portion of the Intermix programs that would become installed, systematically failing to tell users about other programs they would receive if they went forward with installation. Most Intermix installations failed to affirmatively show users their license agreements, instead requiring users to affirmatively click to access the licenses; and in some instances, even when a user did click, the license was presented without scroll bars, such that even a determined user couldn’t read the full license. Furthermore, some Intermix installations claimed a home page change would occur only if a user chose that option (“you can choose to have your default start page reset”), when in fact that change occurred no matter what, without giving users any choice.

Remarkably, I also found evidence of ongoing Intermix installations, despite Intermix’s 2005 promise to “permanently discontinue distribution of its adware, redirect and toolbar programs.” For example, in my testing of October 2006 and again just yesterday, the Battling Bones screensaver (among various others) was still available on Screensavershot.com (a third-party site). Installing Battling Bones gives users Intermix’s Incredifind too. Even worse, this installation proceeds without any disclosure to the user of the Intermix software that would be installed. (Video proof. The installer’s EULA mentions various other programs to be installed, but it never mentions Intermix or the specific Intermix programs that in fact were installed.) Furthermore, I found dozens of “.CAB” installation files still on Intermix’s own web servers — particularly hard to reconcile with Intermix’s claim of having abandoned this business nearly two years months ago. Truly shutting down the business would have entailed deleting all such files from all servers controlled by Intermix.

I continue to think there’s substantial room for litigation against US-based spyware vendors. I continue to see nonconsensual and materially deceptive installations by numerous identifiable US spyware vendors. (For example, I posted a fresh Ask.com nonconsensual toolbar installation just last month. And I see more nonconsensual installations of other US-based vendors’ programs, day in and day out.) These vendors continue to cause substantial harm to the users who receive their unwanted software.

Technology news sites and forums have been abuzz over the FTC’s proposed settlement with Zango, whose advertising software has widely been installed without consent or without informed consent. I commend the FTC’s investigation, and the injunctive terms of the settlement (i.e. what Zango has to do) are appropriately tough. Oddly, Zango claims to have “met or exceeded the key notice and consent standards … since at least January 1, 2006.” I disagree. From what I’ve seen, Zango remains out of compliance to this day. I’m putting together appropriate screenshot and video proof.

Posted on

Yahoo syndication fraud litigation

I served as cocounsel in class action litigation challenging Yahoo placing advertisers’ advertisements in low-quality locations such as adware, popups, and typo squatting, while charging advertisers high prices predicated on search advertising.  After motion practice denying Yahoo’s motion to dismiss, Yahoo agreed to cease certain of the practices at issue and allow advertisers to exclude themselves from certain low-quality advertising placements.

In re: Yahoo Litigation, No. 06-2737-CAS (C.D. Cal.)

Case docket including consolidated second amended class action complaint and settlement agreement

Posted on

Methods and Effects of Spyware

Methods and Effects of Spyware (PDF) is my written response to the FTC‘s call for comments (PDF), leading up to their April 19 workshop on spyware. In this document, I explain how spyware works, including presenting specific personal information transmitted by both Gator and WhenU. (The WhenU transmissions are particularly notable because these transmissions seem to violate WhenU’s own privacy policy.) Other sections of the document discuss installation methods of spyware (with special consideration of the technical methods used in drive-by downloads), frequency of advertisement display, and performance and security effects of spyware.

I hope to attend the FTC’s April workshop, and I would be particularly pleased to hear from others who will be there or who have comments on this issue.

Posted on

New Publications about Spyware Legislation and Regulation updated March 19, 2004

Some months have passed since my last work on spyware — Documentation of Gator Advertisements and Targeting (spring 2003) and my expert testimony in the matter of Quicken Loans and Wells Fargo v. WhenU (not available on the web) (summer 2003).

This week I’ve been working on a new subsection of this web site, “Spyware”: Research, Testing, Legislation, and Suits, for which two new entries are now available:

A Close Reading of the Spyware Control Act takes a careful look at the spyware legislation recently passed in Utah and now awaiting the governor’s signature. This legislation requires software that transmits users’ usage data (web sites visited, etc.) to provide appropriate disclosures in a license agreement (in plain language, actually presented to users, etc.), and to provide an uninstall routine. Seems pretty uncontroversial? That’s what I thought, but in fact the bill has raised some opposition from big .COM companies that seem to think the legislation is actually a bad idea — even as they are among the sites most intensively targeted by spyware pop-up ads. Have these companies missed the boat? Or have I? Check out the article — including their letter (PDF) and my paragraph-by-paragraph response — and decide for yourself.

Methods and Effects of Spyware (PDF) is my written response to the FTC‘s call for comments (PDF), leading up to their April 19 workshop on spyware. In this document, I explain how spyware works, including presenting specific personal information transmitted by both Gator and WhenU. (The WhenU transmissions are particularly notable because these transmissions seem to violate WhenU’s own privacy policy.) Other sections of the document discuss installation methods of spyware (with special consideration of the technical methods used in drive-by downloads), frequency of advertisement display, and performance and security effects of spyware.

I hope to attend the FTC’s April workshop, and I would be particularly pleased to hear from others who will be there or who have comments on this issue.

Posted on

Akamai Technologies (teaching materials) with Thomas Eisenmann, and Eric Van den Steen

Edelman, Benjamin, Thomas R. Eisenmann, and Eric J. Van den Steen. “Akamai Technologies.” Harvard Business School Case 804-158, March 2004. (Revised June 2010.) ( educator access at HBP. request a courtesy copy.)

As the leading content delivery network, Akamai helps Internet companies deliver Web site content to end users with fewer delays and lower costs. Describes the strategic management challenges facing Akamai in early 2004. The company is poised to offer its next generation of services for enterprise customers, which will allow them to run Internet-enabled applications (“Web services”)—on demand, with minimal capital investment—from Akamai’s network of 15,000 servers located in ISP facilities at the Internet’s “edge”—close to end users. Many large enterprise software companies have developed proprietary platforms for creating and managing Web services. Akamai must decide which of these software companies would be attractive partners and whether it can and should remain uncommitted to a platform as it helps customers deploy Web services. A rewritten version of an earlier case.

Posted on

Intentionally Invalid Whois Data

Edelman, Benjamin G. “Intentionally Invalid Whois Data.” US House of Representatives, Committee on the Judiciary, Subcommittee on Courts, the Internet, and Intellectual Property, September 2003.

As the DNS is currently structured, registrants are under only an honor system to provide accurate Whois data. Meanwhile, it makes no economic sense for registrars to enforce Whois accuracy. The result is that in terms of accuracy, when compared with other compilations of public data (such as driver’s licenses and trademark registrations), the Whois database is substantially fiction. I suggest 1) a reduction in the lenience of opportunity to “cure” intentionally invalid data, 2) for registrants with multiple domain names with intentionally invalid data, forfeiture of all domains when any are to be cancelled, 3) statistically valid surveys of registrars’ Whois accuracy, with public reporting of each registrar’s accuracy, 4) public reporting of Whois accuracy complaints and their dispositions, and 5) financial and other penalties to registrars with poor Whois accuracy records.

Posted on

Expert Declaration in Washingtonpost.Newsweek Interactive Company, LLC, et al. v. the Gator Corporation

I had the honor of preparing two expert declarations in Washingtonpost.Newsweek Interactive Company, LLC, et al. v. the Gator Corporation in federal court in the Eastern District of Virginia. My clients were the plaintiffs in the case, including the Washington Post Newsweek Interactive Company, Gannett Satellite Information Network, Media West-GSI, the New York Times Company, the Boston Globe Newspaper Company, Dow Jones, Smartmoney, the Chicago Tribute Interactive, Condenet, American City Business Journals, Cleveland Live, and Knight Riddler Digital.

Soon after my declarations, the case settled, and Gator stopped covering my clients’ sites with its popup advertising and other ads.

My declarations and other case documents.

Posted on

Benjamin Edelman v. N2H2, Inc.

I sought to research and document sites categorized and restricted by Internet blocking program N2H2. N2H2’s block site list is protected by technical measures including an encryption system, but I sought to write software that would nonetheless allow me to access, analyze, and report its contents. However, I feared that conducting this work might expose me to liability for violation of the N2H2 License, of the Copyright Act of 1976, and of the Digital Millennium Copyright Act, as well as for misappropriation of N2H2’s trade secrets. With representation by the ACLU, I therefore sought from federal court a declaratory judgement that I could conduct this research and publication without fear of liability.

Case details including litigation documents