Panel Explores Roots of Spyware, Adware

Following the money trail behind the flood of spyware and adware on the Internet poses some sticky questions around liability, said a panel of spyware experts at a workshop in New York City Friday.

Legal experts, government officials and technology professionals gathered at New York University School of Law to discuss the causes of and solutions to unwanted software programs that track Internet users’ behavior.

“Revenue sources is the area where I am most excited about and focused on right now. How do these programs make money? Who buys these ads?” said Ben Edelman, a Harvard University Ph.D. student and well-known antispyware advocate.

To help illustrate, Edelman showed attendees a Netflix pop-up advertisement at Blockbuster.com. Through HTTP (hypertext transfer protocol) redirects, Edelman traced the unwanted ad from adware company DirectRevenue back to Netflix.

Netflix initially paid an advertising affiliate, LinkShare, which then paid another ad company, AzoogleAds.com, which then paid yet another affiliate, MyGeek.com, which paid DirectRevenue, Edelman’s research found.

“Do we tell NetFlix they can’t advertise with LinkShare, or LinkShare they can’t advertise with Azoogle, or Azoogle they can’t advertise with MyGeek, who advertises with DirectRevenue?” Edelman asked. “I’m not sure where you draw the line, but as a matter of public policy, we’ve got a problem.”

One panelist suggested that companies advertising online should develop more thorough policies to control where their ads go on the Internet.

“Advertising and marketing companies are focused on the number of clickthroughs and conversions they get from online ads as a metric of success for their campaigns, but if you’re angering thousands of people in the process, is it worth it?” said Ari Schwartz, deputy director of the Center for Democracy and Technology (CDT), a Washington, D.C.-based nonprofit group, at the workshop.

Toward that end, the CDT Monday released a report naming about a dozen companies it says have paid for advertisements that surfaced on the Internet as adware from 180solutions.

Eleven of the 18 companies CDT contacted whose ads were displayed by 180solutions never responded, CDT said. Of the seven that responded, two have since developed policies to address the problem. The other five that responded already had policies in place.

The CDT earlier this year filed complaints with the U.S. Federal Trade Commission (FTC) charging 180solutions with “duping” users into downloading advertising software.

The center’s findings are available on its website. CDT plans to share its findings with the FTC and state attorneys general working on spyware suits.

Netflix, which was named in the CDT report, had taken steps to address problems before the report was released. The company monitors the Web for use of its ads in adware or spyware, has policies in place that forbid affiliates from using its ads in adware or spyware, and has altered and ended affiliate arrangements when problems persist, said Steve Swasey, director of corporate communications with Netflix.

“Online advertising is a whole new world, and there are some opportunists out there who take advantage of loosely based arrangements. It’s a problem for the whole industry,” Swasey said. “We have very open ears and very open minds. If someone comes up with a solution we’re not doing, we will certainly consider it.”

-Shelley Solheim, IDG News Service

For related CSO content, read Scumware Out There.

Keep checking in at our CSO Security Feed page for updated news coverage.