Strategic Bidder Behavior in Sponsored Search Auctions

Edelman, Benjamin, and Michael Ostrovsky. “Strategic Bidder Behavior in Sponsored Search Auctions.” Decision Support Systems 43, no. 1 (February 2007): 192-198. (Winner of Emerald Citations of Excellence.)

We examine sponsored search auctions run by Overture (now part of Yahoo!) and Google and present evidence of strategic bidder behavior in these auctions. Between June 15, 2002, and June 14, 2003, we estimate that Overture’s revenue from sponsored search might have been higher if it had been able to prevent this strategic behavior. We present a specific alternative mechanism that could reduce the amount of strategizing by bidders, raise search engines’ revenue, and also increase the overall efficiency of the market. We conclude by showing that advertisers’ strategic behavior has not disappeared over time; rather, such behavior remains present on both search engines.

Greedy Bidding Strategies for Keyword Auctions

Cary, Matthew, Aparna Das, Benjamin Edelman, Ioannis Giotis, Kurtis Heimerl, Anna Karlin, Claire Mathieu, and Michael Schwarz. “Greedy Bidding Strategies for Keyword Auctions.” Proceedings of the International Conference on Electronic Commerce (2007): 262-271.

How should players bid in keyword auctions such as those used by Google, Yahoo! and MSN? We consider greedy bidding strategies for a repeated auction on a single keyword, where in each round, each player chooses some optimal bid for the next round, assuming that the other players merely repeat their previous bid. We study the revenue, convergence and robustness properties of such strategies. Most interesting among these is a strategy we call the balanced bidding strategy (bb): it is known that bb has a unique fixed point with payments identical to those of the VCG mechanism. We show that if all players use the bb strategy and update each round, bb converges when the number of slots is at most 2, but does not always converge for 3 or more slots. On the other hand, we present a simple variant which is guaranteed to converge to the same fixed point for any number of slots. In a model in which only one randomly chosen player updates each round according to the bb strategy, we prove that convergence occurs with probability 1. We complement our theoretical results with empirical studies.

Optimal Auction Design in a Multi-unit Environment: The Case of Sponsored Search Auctions

Edelman, Benjamin, and Michael Schwarz. “Optimal Auction Design in a Multi-unit Environment: The Case of Sponsored Search Auctions.” December 2006. Mimeo. (Revised and published as Optimal Auction Design and Equilibrium Selection in Sponsored Search Auctions, American Economic Review 100, no. 2 (May 2010): 597-602.)

We characterize the optimal (revenue maximizing) auction for sponsored search advertising. We show that a search engine’s optimal reserve price is independent of the number of bidders. Using simulations, we consider the changes that result from a search engine’s choice of reserve price and from changes in the number of participating advertisers.

Services for Advertisers – Avoiding Waste and Improving Accountability

In the course of my research on spyware/adware, typosquatting, popups, and other controversial online practices, I have developed the ability to identify practices that overcharge online advertisers. I report my observations to select advertisers and top networks in order to assist them in improving the cost-effectiveness of their advertising including by flagging improper ad placements, rejecting unjustified charges, and avoiding untrustworthy partners. This page summarizes the kinds of practices I uncover and presents representative examples drawn from my publications.

For Display Advertisers and Display Networks

In work for display advertisers and display networks, I catch and report the following problems:

For Affiliate Advertisers and Affiliate Networks

In work for affiliate advertisers and affiliate networks, I catch and report the following problems:

Information and Incentives in Online Affiliate Marketing analyzes patterns in merchants’ vulnerabilities and effective defenses.

For Advertisers in Comparison Shopping Engines

In work for comparison shopping engines (CSEs) and their advertisers, I catch and report the following problems:

  • Advertisements loaded, and clicks recorded and billed for, without a user seeing the advertisement link or clicking on it. (CSE click fraud)
  • CSE advertisements presented in adware including injections, popups, sliders, and toasts.

Methods

I catch infractions using multiple “crawler” PCs which operate 24 hours per day, continuously checking for improper advertising placements. These crawlers run from multiple locations in the US, along with systems to detect behaviors targeting users outside the US. Some of my reports draw on large-scale automation developed in partnership with Wesley Brandi. I supplement automatic observations with manual testing using methods I have refined over more than a decade.

Each of my reports includes a packet log presenting the specific methods and identifiers (ad tags, affiliate IDs, etc.) associated with the infraction. Where an incident includes notable on-screen appearances (e.g. a popup), I typically include a screen-capture video or screenshot image showing occurrences as they appear to users. Each report includes a customized explanatory memorandum.

Please contact me to learn more about my reports.

Last updated: May 21, 2016

Search Engine Safety, Revisited

This article uses data from SiteAdvisor, a company to which I serve as an advisor.

In January I bemoaned the sorry state of search engine results for "screensavers." I pointed out that most "screensavers" ads lead to sites I can’t recommend, and I criticized search engines for their failure to enforce higher standards. But this problem goes well beyond that single keyword and that single genre of sites.

Today SiteAdvisor’s Hannah Rosenbaum and I released The Safety of Internet Search Engines. We obtain top search engine keywords from authoritative sources like Google Zeitgeist. We extract top organic and sponsored search engine results for those keywords. Then we evaluate site safety, using SiteAdvisor’s assessments of spyware, spam, scams, and other Internet menaces.

A representative Google ad -- asking users to pay for software widely available elsewhere for free.SiteAdvisor markup of search results, flagging a representative Google ad — asking users to pay for software widely available elsewhere for free.

Our most notable result? Search engine ads are a risky business. Overall, across all keywords and search engines, 8.5% of sponsored results were "red" or "yellow" by SiteAdvisor’s standards, versus only 3.1% of organic results. It’s not unusual to see ads for notorious spyware vendors like Direct Revenue (as documented in my January piece); for sites that charge for software available elsewhere for free (like the ad shown at right, trying to charge $29 for Skype’s free phone); and for spammers that send hundreds of mesages per week, if a user enters a single email address. These scams deceive and harm search engine users, and I’d like to see Google update its advertising editorial guidelines to prohibit such practices — then enforce these rules with appropriate diligence.

Our article includes an abundance of data. I particularly enjoy this chart of Google site safety by individual keyword — showing "free screensavers" as our single most dangerous search, with other notorious searches including "bearshare," "free music downloads," "winzip," and "kazaa." See also our charts of specific red and yellow sites found within search results.

The full article:

The Safety of Internet Search Engines

Pushing Spyware through Search

This article uses data from SiteAdvisor, a company to which I serve as an advisor.

Much of the computer security industry acts like spyware is immaculately conceived. Somehow it just appears on computers, we are led to believe, and supposedly all we can do is clean up the mess after it happens, rather than prevent it in the first place. I disagree.

Now, we all love Google. I use Google’s search site all day every day, and I enjoy their downloadable applications too. So I have the greatest respect for Google’s core service. But there’s another side to their business. Indirectly, Google and other search engines make big money from spyware, through paid search advertising that infects users who don’t know any better or don’t understand what they’re getting into.

Consider a Google search for “screensavers”:

Risky Entries in 'Screensavers' Search Results

The colored icons next to search results were inserted not by Google, but by the SiteAdvisor client application, based on the results of SiteAdvisor’s automated tests for each listed site. Six of Google’s ten sponsored links get “red” or “yellow” ratings — generally indicating unwanted advertising through spyware or, in some instances, high-volume commercial email. But without SiteAdvisor (or some similar protection), users would have no idea which sites were safe; they’d be at great risk of clicking through to an unsafe site, ultimately risking installation of unwanted software.

Screensaver Advertisers’ Business Model

Google surrounds its “screensavers” search results with ten ads selected from interested Google advertisers. Whenever I see a company buying an ad (online or offline) for a “free” product, I ask myself: How do they make money? With few exceptions, companies only buy online advertising when they expect to get something directly in return. (There are exceptions — dot-com bubble “eyeball” purchases, Fortune 500 “brand building,” perhaps some free ads offered by the Google Foundation.) But in the case of these screensaver providers, they’re almost certainly making money somehow if they can afford to pay Google’s high pay-per-click prices.

So how do Google’s screensaver advertisers make money? Most of Google’s screensaver advertisers really do offer screensavers that are “free” in the sense that users need not provide a credit card number. But they’re not free in the sense of being available without substantial adverse effects. Quite the contrary: Users must put up with various forms of intrusive advertising.

Let’s look at funscreenz.com, a top-ten Google advertiser for “screensavers.”

"Funscreenz installation page

Funscreenz.com is owned by BestOffersNetwork, which is another name for notorious “adware” company Direct Revenue. Recall Direct Revenue’s Newsweek profile – plenty of users (and multiple lawsuits) alleging that their software installs improperly and, in many cases, without consent. I’ve previously documented Direct Revenue installed in tricky popups, via false claims of purportedly-required add-ons, and through exploits without any consent at all.

Of course Funscreenz is not alone. Also in top “screensavers” Google results are ads for Claria, Ask Jeeves, and various adware bundlers (who distribute changing or multiple advertising programs). One top Google “screensaver” advertiser sends 15+ emails per week to those who provide an email address to get a screensaver. Results at Yahoo and MSN are similar.

Estimating Search Engine Revenues from Spyware Infections

Every time a user clicks through a search engine ad, the search engine gets paid. Google doesn’t ordinarily say how much advertisers pay. But Yahoo (which does) charges about $0.25 for a “screensavers” click. Let’s do some math. Of the users who click through to screensavers.com, suppose 10% actually download a screensaver – a conversion rate most web sites would celebrate. Then screensavers.com needs to earn $2.50 per download ($0.25/10%) just to break even. That’s a lot of money per download. But they’re buying the ads anyway, and they’re savvy decision-makers. So we can deduce that this site grosses at least $2.50 per download.

How much money do search engines make from these ads? Some initial back-of-the-envelope estimates: According to Yahoo’s keyword inventory tool, “screensaver” (and its hundred most common variants) received about 2.3 million searches in December 2005. Suppose 20% of those searchers clicked on paid links. (That’s conservative, since ads fill more than half of typical users’ screens.) As estimated above, suppose Yahoo collects $0.25 per paid click. Then Yahoo made about $115,000 in December 2005 from “screensaver” and variants. Throw in Google, with its bigger market share, and “screensaver” likely yields about $250,000 of revenue per month.

Of course, not all “screensaver” ads ultimately yield spyware. But from SiteAdvisor’s tests, it seems at least 60% push spyware, spam, or similar unwanted materials. So Google and Yahoo’s “dirty” revenue, from dubious screensavers ads, is probably about $150,000 per month.

But “screensaver” is only one of many terms that commonly leads to spyware and adware. I’ll look at other risky keywords in future articles, as I try to measure the prevalence of this problem in greater detail. Reviewing traffic data from Yahoo’s inventory tool, I’m confident that similarly-affected keywords total at least fifteen times the traffic to “screensavers.” Then Google and Yahoo make about $2.2 million per month, or $26 million per year, through this spyware-pushing advertising. That may not be big money to them, but to my eye it’s a lot.

Clearly there are quite a few estimates here. Send email for methodological improvements and alternative data sources.

Closing Thoughts

As with so many great Internet inventions, the bad guys have stormed the gates of search engines. Now is the time to start fighting back. That doesn’t mean search engines should blacklist every company I ever criticize, but some “adware” vendors are so shady that search engines could proudly refuse their money. Responsibility starts at home. More on search engines’ possible strategies in a future article.

Past work on search engines funding spyware: Yahoo ads syndicated into spyware, Google ads shown through spyware-delivered popups and other vendors’ improperly-installed toolbars.

More on Google’s Role: Syndicated Ads Shown Through Ill-Gotten Third-Party Toolbars

I’ve previously written about two different ways that Google gets involved in distributing and funding spyware: Allowing Blogspot to be used to foist spyware through tricky ActiveX popups and paying fees to AdSense sites who in turn buy pop-ups through 180solutions (such that revenue ultimately flows from advertiser to Google to AdSense site to 180solutions).

Many of Blogspot’s ActiveX popups have disappeared since my February article, and Google promises to put a check on AdSense popups too. But Google’s role goes much further: Through syndication relationships, Google provides ads to multiple web toolbar operators, including to toolbars installed on users’ PCs without notice or consent. Google pays these toolbar companies for the ads they show — thereby supporting and funding their operations.

Google’s Rules and Policies

Google repeatedly tells its advertisers that their ads will appear only on Google’s “high-quality” partner sites.

What does “high-quality” mean? Google doesn’t say. But last year Google published a set of “Software Principles” for advertising programs — calling for improved notice and consent before advertising software becomes installed. A basic notion of “high-quality” sites is that they don’t solicit traffic through software violating Google’s Software Principles, and that they also don’t make or distribute such software. My sense is that an advertising channel cannot be considered “high-quality” if it is predicated on installing software onto users’ PCs without their consent or without their informed consent.

Ask Jeeves and Its Ill-Gotten Toolbars

I’ve previously shown that Ask Jeeves’ toolbars sometimes install without asking for permission (additional videos on file). Other Jeeves toolbars install in effective stealth or otherwise without informed consent. Some examples:

  • The AJ toolbar bundled with the iMesh P2P program is disclosed only at page 27 of iMesh’s 56 page license. Users who manage to locate this paragraph are likely to face some difficulty in understanding it; the text largely uses euphemisms in place of the word “toolbar” to describe AJ’s software. (Until recently, the license didn’t use the word “toolbar” at all.) See also analysis by SearchEngineWatch.
  • Kazaa has long bundled AJ’s MySearch toolbar (though a recent revision to Kazaa seems to have replaced it with a competing toolbar). Historically, AJ’s inclusion has been prominently disclosed in the Kazaa installer. But users wanting to learn more about AJ have had no reasonable way to find details or even to read AJ’s license: Kazaa oddly placed the AJ license agreement at page 32 of a document puzzlingly labeled “Altnet License Agreement” (without mention of AJ).
  • When Ask Jeeves promotes its toolbars in banner advertising, it again fails to obtain the kind of consent that Google seeks. AJ advertises on kids sites, using euphemisms in place of plain language, and showing pictures of smiley faces rather than pictures of its advertising toolbar. AJ’s installation does not affirmatively show a license agreement providing more detailed terms. On 800×600 screens (such as many older PCs), AJ even fails to show a properly-labeled link to a license or to mention the word “toolbar” in on-screen text prior to installation..

So even if a user has an AJ toolbar, the user may not want it, may not know how it arrived, and may not have granted meaningful consent (if any consent at all). These various behaviors seem to constitute multiple violations of Google’s Software Principles — among others, installation without any consent at all, as well as failure to provide appropriate “upfront disclosure.”

    PPC advertisers    
money viewers
Google AdWords
money viewers
Ask Jeeves

How Funds flow from advertisers to Ask Jeeves

Notwithstanding the tricky installation methods used by these Ask Jeeves toolbars, AJ’s revenues ultimately largely come from Google: Enter a search term into an AJ toolbar, and most of the resulting ads are Google AdWords ads. AJ’s recent 10-Q says AJ gets 74% of its total revenues from Google. With AJ’s 2005 Q1 revenue at $94.9 million, Google apparently pays AJ approximately $278 million per year. Fees flow from advertiser to Google to AJ, as shown at right.

Google’s relationship with Ask Jeeves is widely publicized: Google issued a press release announcing its relationship with AJ, and Google’s main AdWords page even shows AJ’s logo. But Google’s statements to advertisers fail to mention the possibility that AJ will send advertisers traffic that was obtained from toolbars installed without proper notice and consent or, in some instances, any notice or consent at all.

Of course, Google’s relationships with toolbar makers doesn’t stop with Ask Jeeves. Google ads end up shown through other distribution channels with even worse installation practices.

How Google Supports IBIS WebSearch


I’ve long watched the IBIS WebSearch toolbar and its troubled installation practices. I’ve often seen IBIS installed through security holes with no notice or consent. (Multiple additional videos on file.) I’ve also posted documentation of IBIS installed in tricky bundles with minimal notice. I’ve even seen IBIS offered in repeated ActiveX popups that tell users “you must click yes to continue” if users initially refuse installation. Other IBIS ActiveX popups offer a defective license link; clicking the license yields no license. (Video proof on file.)

These practices seem to violate almost every one of Google’s Software Principles. Google says to let users decline an unwanted installation, to give users upfront disclosure of major program functions, to clearly disclose changes to browser configuration, and only to come bundled with other programs meeting these rules. But my records show IBIS failing to meet each of these requirements.

 PPC advertisers 
money viewers
   Google AdWords   
money viewers
Go2Net
money viewers
IBIS WebSearch

How Funds flow from advertisers to IBIS WebSearch

Notwithstanding these apparent violations of Google’s Software Principles, IBIS shows many Google ads, seemingly receiving payment for such displays. Run a search in IBIS, and the ads often match Google ads. See screenshot at left. See also a video showing a search conducted through the IBIS WebSearch toolbar, a click on an ad, and the immediate creation of Go2Net and Google cookies. (Note that Google ads typically fill the entire screen of an 800×600 web browser.)

Click on a WebSearch ad, and traffic flows from WebSearch to Go2Net to Google to advertiser. Payment flows in the opposite direction. See diagram at right.

Using a network monitor (“packet sniffer”), I recorded the raw traffic that occurred when I clicked on the Orbitz ad shown above. In particular, my browser retrieved the URLs listed below. See also the full packet log of the associated transmissions, showing the full parameters of all redirects.

http://www.websearch.com/xfb_redir.aspx?CP=
http://clickit.go2net.com/search?pos=1&ppos=1&plnks=5&query=car+rental
http://clickit.go2net.com/search/id?pos=1&ppos=1&plnks=5&query=car+rental
http://www.google.com/url?sa=l&q=http://www.orbitz.com/App/DisplayCarSearch&ai=
http://www.google.com/url?q=http://www.orbitz.com/&ai=
http://www.orbitz.com/App/DisplayCarSearch?semsource=goog&semkeyword=car+rental

Google’s listing of ad partners confirms that Google ads can be shown by InfoSpace, owner of Go2Net. Note that InfoSpace is a publicly-traded company (NASDAQ: INSP).

The example above shows an Orbitz ad being shown by IBIS WebSearch. In my testing, Orbitz often advertises through programs often called spyware. (Examples: Orbitz ads shown by Claria/Gator, eXact Advertising and Hotbar.) But because IBIS WebSearch syndicates and shows many Google ads for many keywords, IBIS shows ads even for advertisers who otherwise refuse to do business with spyware firms. Indeed, thanks to syndication from Google, IBIS even shows (and receives payment for showing) ads from firms that have filed suit against makers of such software. For example, I have captured proof of IBIS showing Google AdWords ads from the Hertz, LL Bean, and the New York Times, each of which has taken a stand against unwanted advertising software by suing Claria.

Enforcement Challenges

Google’s Software Principles document concludes by noting that “Responsible … advertisers can work to prevent [undesirable software] by avoiding these types of business relationships [those violating the principles set out above], even if … through intermediaries.” This is surely good advice. But Google’s far-reaching relationships with Ask Jeeves, IBIS, and others indicate that Google’s actions fall short of Google’s own recommendations to others.

Most of Google’s AdWords partners are probably highly trustworthy — unlikely to show ads except in the ways that Google intends and permits. But where Google’s partners have partners of their own (as InfoSpace/Go2Net does in WebSearch), enforcement is likely to be more difficult and accountability lacking. Google could eliminate this problem by prohibiting its partners from syndicating Google ads on to further partners of their own — though such a rule would narrow the network showing Google sites and thereby reduce Google’s revenues. Google’s existing partners may also have contractual rights to distribute Google ads to partners; AJ’s 10-Q comments that AJ “display[s] paid listings from Google on … many of the third-party sites in our network” (page 18).

My testing of Go2Net/WebSearch was made particularly difficult by the fact that the Google ads at issue apparently occur only on nights and weekends. During the business day, I have observed that WebSearch generally shows ads from other sources, not from Google. This type of change tends to undermine and confuse casual efforts at testing and enforcement.

Tough enforcement is particularly difficult due to the large amount of money at issue. Ask Jeeves’ relationship with Google has grown to hundreds of millions of dollars per year. Yet my documentation of AJ’s installation practices demonstrates that some AJ traffic to Google comes from AJ toolbars installed without consent or installed without consent that meets Google’s standards. With huge money on the line, will Google terminate its relationship with AJ, as its Principles seem to require (“avoid… these types of business relationships”)? The wrongful installations cannot immediately be undone — it’s hard (though probably not impossible) to determine exactly which AJ toolbar installations lacked consent or lacked the kind of consent Google calls for. But it seems clear that AJ’s practices don’t live up to Google’s standards. What will Google do now?

Research on WhenU Search Engine Spamming, and Its Consequences updated May 22, 2004

Today I released an article documenting at least thirteen web sites operated with WhenU’s knowledge and approval (if not at WhenU’s specific request) that use prohibited methods to attempt to manipulate search engine results as to searches for WhenU and its products.

Some of these cloaking sites do offer information about WhenU, but their genuine information is interspersed with a mix of gibberish as well as with articles copied, without attribution of any kind, from the New York Times, c|net, and others. Meanwhile, most or all of the sites were registered with invalid whois data — most registered on the same day through the same registrar, but to five different names with five different gibberish email addresses in four states. The details:

WhenU Spams Google, Breaks Google ‘No Cloaking’ Rules

Sound too weird to be true? It turns out these behaviors are part of a practice called “search engine cloaking” — designed to make search engines think a site is about one subject, when in fact the site redirects most visitors to totally different content. The situation is complicated, and the easiest way to understand it is to read my article, complete with HTTP transmission logs and annotated HTML code.

Meanwhile, Google’s response was swift: I notified Google of the cloaking infractions on Sunday, and WhenU’s sites were removed from Google by Wednesday. Try a Google search for “whenu” and see for yourself: You’ll get critics’ sites and news coverage, but not www.whenu.com itself.

In subsequent research, I also found that WhenU has been copying news stories from around the web, without any statement of license from the respective publishers. See WhenU Copies 26+ Articles from 20+ News Sites. After I released this article, WhenU deleted the article copies from the dozen WhenU sites on which they had been posted. Fortunately, I kept plenty of screenshots. Meanwhile, at least one affected publisher has confirmed that the copies were unauthorized.

These aren’t WhenU’s only controversial business practices. For one, there’s WhenU’s core business — showing context-triggered pop-up advertisements that cover other companies’ web sites, without those sites authorization, a subject which has brought on extensive litigation. In addition, I previously discovered that WhenU violates its own privacy policy. In its privacy policy (as it stood through May 22), WhenU tells (told) its users that “URLs visited … are not transmitted to whenu.com or any third party server.” WhenU’s software installers continue to say the same, sometimes even more explicitly (“does not track, collect or send your browsing activity anywhere”). But my research indicates otherwise — that WhenU transmits to its servers the specific web pages users visit, and that it makes these transmissions every time users see WhenU advertisements. Details, including HTTP logs and screen-shots, are in my WhenU Violates Own Privacy Policy.

CFP Presentation on Search Engine Omissions; Spyware Workshop Comments updated June 3, 2004

Today I presented Empirical Research on Search Engine Omissions at Computers, Freedom, and Privacy (CFP) in Berkeley, CA. My presentation focused on two prior empirical projects in which I documented sites missing from Google search results: Localized Google Search Result Exclusions (documenting 100+ controversial sites missing from google.de, .fr, and .ch) and Empirical Analysis of Google SafeSearch (documenting thousands of unobjectionable and non-sexually-explicit sites missing from google.com when users enable Google’s SafeSearch feature to attempt to omit sexually-explicit content).

On Monday I was in DC for the FTC‘s Spyware Workshop. I thought the final panel, Governmental Responses to Spyware, did a fine job of explaining the legislative options on the table, and of noting the pressure to address the problem of spyware for the large and growing number of affected users. But I was dismayed that the first panel (Defining Spyware) classified as fine and unobjectionable certain programs that, in my experience, users rarely want, yet often find installed on their computers. Key among these undesired programs are software from Claria (formerly Gator) and WhenU. The technical experts on the second and third panels agreed that these programs pose major problems and costs for users and tech support staff. Yet the first panel seemed to think them perfectly honorable.

Also puzzling was a new position paper from the Consumer Software Working Group recently convened by CDT. Examples of Unfair, Deceptive or Devious Practices Involving Software (PDF) purports to offer a listing of bad behaviors that software ought not perform. It certainly lists plenty of behaviors that so outrageous as to be beyond dispute. But what it misses — indeed, ignores — are the harder cases, i.e. the programs that make spyware a more complicated issue, and the programs that affect the most users. For example, the Examples document condemns software installed without any notice to the user. It is silent about — and thereby is taken to endorse — the far more typical practice of showing a user a license agreement and/or disclosure that describes the software in euphemisms, but admittedly does provide at least some notice of the software’s purpose.

What to make of the document’s failure to consider the methods actually used by the controversial software with highest installation rates? Perhaps one explanation is that Claria and WhenU helped draft the report! (See the signators listed on page five.) That said, the document doesn’t purport to be comprehensive. Perhaps a future version will address the problems of drive-bys and euphemistic, lengthy, or poorly-presented licenses.

For more on the workshop, and another critical reaction, see other attendees’ notes on dslreports.com forums (especially a recent post by Eric Howes). See also impressive studies from PC Pitstop showing that more than 75% of Gator users don’t even know they have Gator (PDF) (not to mention consenting to Gator’s license agreements) and more than 85% for WhenU (PDF).

See also a transcript of the workshop (PDF).