Spyware Plagues Online Ad Networks

180solutions filed suit in August against seven former distributors alleging they used botnets to surreptitiously install the company’s search software without notice or consent. “We deplore botnets,” says Sean Sundwall, spokesman for 180solutions, which has shut down more than 500 of its more than 8,000 distributors in the past nine months for failing to receive “informed consent” from a user.

Ire also could be directed toward the companies who make their living off selling ads through extensive networks -- like Yahoo Inc., Google Inc. and American Online Inc. -- each with its own set of rules about adware and diligence about policing them. For a quick scorecard, Schwartz praises Google for its advertising policies and says AOL has done the best job of enforcement while Yahoo lags behind, choosing to lead work on an industry standard.

And then there are the advertisers, who pay as much as several dollars for every click on one of their pop-up pitches. "That's were the money starts," Schwartz says. "The chain begins and ends with the advertisers themselves."

Yahoo gained unwanted attention earlier this month when spyware researcher and consultant Ben Edelman reported that Yahoo-syndicated ads appeared more frequently than any other pay-per-click ad network in his tests of various spyware-infected PCs.

"Yahoo has been more willing to take on dubious partners and allow their partners to have partners so that Yahoo couldn't know where the ads are appearing. It's created a real monster in terms of ads getting distributed all over the place," Edelman says. "There's not much accountability as to who's doing what."Edelman, who counts among his clients AOL, which dumped Claria Corp. and other adware companies after purchasing Advertising.com a year ago, details his findings in his blog.

Yahoo says two of Edelman's four examples of ads shown on software installed without consent, from Direct Revenue and 180solutions, were not authorized by the company, which made sure the ads were terminated immediately.

A spokeswoman said Yahoo was "looking into exactly how our listings showed up through their applications and will take action as appropriate. This can range from terminating an implementation to ceasing to work with a company."

But Edelman says he has proof that Yahoo ads are still shown by these same vendors. What's more, he doesn't think cutting ties to one or two rule-breakers is enough. The whole system -- with the partners of syndication partners having their own partners -- needs to change. He says he finds several new examples every week of other vendors who install ad software without consent, or questionable consent, showing Yahoo ads.

And because that web of partners is so tangled, he doubts that Yahoo could truly shut out a particular offensive vendor if it tried. "Yahoo is surprisingly ill-equipped to terminate relations with 180solutions and kin even if it officially resolves to do so," he says.As for Edelman's other two Yahoo partners of ill repute: the company could not provide detail about eXact Advertising LLC by press time; it says Claria meets its partner standards for obtaining consent. Yahoo paid Claria $31 million for distributing ads in 2003, back when the company called itself Gator Corp. Edelman estimates that those payments could now total as much as $50 million annually.

Yahoo insists it makes sure that its marketing partners who peddle downloadable applications give consumers -- some of whom actually enjoy the benefits of that free software, despite the ads -- high standards of notice, privacy and ease of removal. "A key element of these standards requires that distribution partners do not download applications onto a user's computer until the user knowingly agrees to the terms of the download agreement," the spokeswoman says.

Yahoo is also working with the industry to develop a better way to enforce those standards. "You can make sure a given company meets the guidelines, but it's difficult to police them on a minute-by-minute basis," she says.

Adding fuel to the fire, not all advertisers are willing to give up ads linked to spyware programs.

Priceline.com, which Edelman ranks as one of the top 10 most widespread spyware advertisers, according to his research, spends "a very small portion" of its advertising budget with Claria, eXact and Direct Revenue, and the site is in the process of drafting a company adware policy, says Brian Ek, a company spokesman.That might not seem like much of a step, but in the "everyone else is doing it, so I do too" playground mentality that rules the world of online travel advertising -- and dating sites as well -- that counts as progress, Schwartz says.

On the other hand, Dell has terminated its business with Claria, 180solutions, eXact and other affiliates who have been found to use software downloads that are prohibited in the terms and conditions of the affiliate contracts. Spokeswoman Jennifer Davis would disclose neither the total number of Dell advertising affiliates nor those that have been terminated.

An affiliate is not allowed to use adware or spyware programs. "We do not tolerate it," she says. "It's not good for our customers and it's not good for us."

To distribute its online ads, Dell works with affiliates, most of which are coupon aggregator web sites like CouponMoutain.com or FatWallet.com, which earn a commission for every sale they generate. Dell also advertises with banners on news sites and in search results on Google.

Edelman, however, found an instance of a "pop-under" ad from Claria for Dell appearing on Dell's own Web site; if a shopper clicked on the ad, Dell would presumably pay Claria for delivering it a customer it already had. Davis could not explain the anomaly.Dell, along with AOL, HP, Microsoft, and Yahoo, is a member of the Anti-Spyware Coalition, a group of software companies, academics, and consumer groups working on ways to tackle spyware and other potentially unwanted technologies. The Center for Democracy and Technology convened the coalition, considered one of the more significant industry efforts. The group is expected to release the final draft in early fall of a consensus document, called "Spyware Definitions and Supporting Documents," that will help address best practices, risk modeling and objective criteria for flagging.

The coalition, which defines spyware as tracking software deployed without adequate notice, consent or control for the user, recognizes that the term has also become synonymous for any potentially unwanted technology. It defines adware as advertising display software, "specifically certain executable applications whose primary purpose is to deliver advertising content in a manner or context that potentially may be unexpected and unwanted by users. Many adware applications also perform tracking functions, and may be categorized as tracking technologies."