Categories

BitTorrent
Conferences
Direct Revenue
Julie Amero
Myspace
Podcasts
Postbag
The Big Ones
The Fourth Wall
Yapbrowser
Zango

Creative Commons License
All articles licensed
under a Creative
Commons License.  








Home | About me | Press | The Fourth Wall | Links

Monday, September 12, 2005

Burn Hollywood, burn, I smell a riot goin' on...

That's right, its time to break it down with the warrior sound. Sunbelt and FaceTime go head to head with Ask Jeeves in the latest Eweek writeup. We all know Ask Jeeves aquired a bunch of programs not so long ago. We all know that some of that software (Smiley Central, anyone?) do not exactly warm the cockles of anyone who frequents security forums.

But should those products be classed as spyware? That is the question.

Or is it?

I think the question is far more complicated than that. Nobody is calling any of Ask Jeeves' software "Spyware". The problem is (once again) distribution. For me, the only real issue is:

How did it get on my machine, do I want it, and if not, can I get rid of it.

If it fails all of the above, then it sucks. If not, then it doesn't suck. If it fails some (but not all) then it only semi-sucks.

Now, in this case, we have to look at the ethic behind all classifications of software that can be installed on an end-user's PC. Fact is, if you have something that can potentially make a change to someone else's machine, you need to be accountable for the fact that someone else may try and install it in a creepy, non-compliant fashion. It's happened for years in the Adware scene (rogue....yawn....affiliates..), thus, almost every piece of advertising software under the sun is potentially a target for definition files. The same, unfortunately, goes for anybody and everybody else (or it should do). Hell, flag everything, fill the user with critical information and let them decide.

Because we shouldn't simply let some rogue affiliate with a bill to pay make that choice for us, right?

Now with questions galore on your mind, let's check it out and make your own mind up. I can't comment on the experiences of others with regard the whole "Jeeves" thing, so I'm going to go back in time and revisit an old friend....fasterxp.com.

But first...it is interesting to see Ask Jeeves and their initial response to "Wha? People don't trust the stuff we bought?"

Such an example can be seen here, dressed up in their best Missionary-taming-the-savage-hordes pants and jacket. Unfortnately it all went pear-shaped, the guy called "Askjeeves" reregistering as some other bloke and never coming back with an answer when faced with Ben Edelman, no doubt waving his big legal book o' doom at him. Nuts.

Anyway, on with the show.

Fasterxp.com drew my attention some time ago, mainly for its crazy EULA-Hoopla and double webpage insanity (long story short, to "fully understand" everything that was going on, you were expected to read through two seperate EULAs hosted at seperate websites. I think. The whole thing was so confusing, even I gave up eventually).

All the usual players were installed, including everyone's favourite killer-app (well it killed my testbox at any rate), Aurora. However, look what's sitting there all happy as punch. That's right, Askeeves' MySearch bar.

Now, going back to the Eweek.com article, AskJeeves seemed to think there were no issues with disclosure.

"They don't think that AskJeeves has a problem," (Wayne) Porter said.

Prepare to be amazed.

Let me make this clear - the install I'm about to dissect is NOT what you would call a "rogue affiliate". At least, not in the marketing guys' eyes. Direct Revenue famously called Vitalsecurity.org "deceptive" during the BitTorrent storm, because I had the cheek to suggest that the Fasterxp.com install sucked great big bananas. So no-one can attempt to wiggle out of this by dumping the blame on some crazy affiliate maniac with rolling eyes. Either this site is all messed up, or it isn't. And I quote:

Doman described Boyd's posts on VitalSecurity.org as "misleading" and pointed out that the screenshots provided by the researcher "clearly show full disclosure" before the Aurora program is installed.

He acknowledged that a "grey area" exists in the timing of the disclosure, but insisted that it was done in full compliance with existing laws. "We require all our distributors to fully inform end users about what is being installed. It's a clear opt-in procedure," he said.

Well, we all know how that one turned out. Let's use Doman's comments as the jump-off to see exactly how well Fasterxp.com discloses the software it installs...including the Ask Jeeves MySearch Bar.

FASTERXP.COM EULA BUTCHERY

Well, here we go. In a manner similar to the way Wayne tore it up with the Tinkopal EULA, so I attempt the same on Fasterxp.com. And guess what, kids? This will be messy!

Here is the Fasterxp.com EULA. Can you say, OMFGWTFISTHAT?!? I can. And let's see the scores on the doors...

EULA Key Metrics: Number of Characters: 69814
Number of Words: 11321
Number of Sentences: 344
Average Words per Sentence: 32.91
* Flesch Score: 13.86
** Flesch Grade: 20 = Beyond Twelfth Grade Reading Level

So, what have we discovered? Well, I'll tell you. This supposedly wonderful example of oustanding disclosure is a bad, bad joke. Using the Flesch-Kincaid Readability Test as a guideline, the lower the score, the more difficult the piece is to read. Reader's Digest magazine has a readability index of about 65, Time magazine scores about 52, and the Harvard Law Review has a general readability score in the low 30s.

The Fasterxp.com EULA score is 13.86!

What about reading level? Whoops, you did it again...

The Fasterxp.com EULA reading level is 20 - beyond twelfth-grade reading level!

Someone best get me Ben Edelman back in the house, because I think I'm gonna' need him to decipher the reams of text that currently face me. Why the Hell should I be expected to wade through ELEVEN THOUSAND, THREE HUNDRED AND TWENTY ONE WORDS to know exactly what software I am about to install?

This is clear disclosure?

Yeah, right. Burn, Hollywood, burn!

posted by paperghost at 5:44 PM | Digg it!

All Content © Vitalsecurity.org 2006. The content of this site is entirely the opinion of Paperghost, and is in no way endorsed by FaceTime Communications. In other words - have a problem, come see me.