Adware maker battles tarnished image

By

Zango says it has cleaned up its act, but security researchers disagree.

Adware maker battles tarnished image
Despite allegations that the company is not complying with the terms of a US$3m settlement with the FTC, adware vendor Zango said that they will not be making any drastic changes to their software.

"Nothing there was really a surprise," chief executive Keith Smith told vnunet.com in an interview.

"We said when the announcement was made that we were already in compliance, and we stand by that statement. So there are some minor tweaks being made."

In October of 2005, the company decided to no longer allow companies to sub-contract Zango distribution to 3rd parties. Only Zango's partners are now allowed to distribute the software, and in December of last year the company announced that all copies of Zango released before 1 January 2006 would no longer be supported or receive ads.

"We've spent the last two years focused on compliance and changing our distribution model," said Smith, who contends that Zango has come a long way from the days when the software was installed through exploits and spyware bundles.

"A year ago, we were having discussions with privacy advocates about affiliates who were installing software without notice or consent. Now the arguments are 'I don't like the font' or 'I don't like the way you put these words together' so you've got to put it in that context."

Critics however claim that deceitful tactics are still being used to install Zango software. In a recently released study, security researchers Ben Edelman and Eric Howes alleged that Zango failed to properly disclose how the software operates, that the disclosure of Zango installations are buried deep within End-User Licence Agreements (EULA) and that in some cases the software is installed with no warning whatsoever.

"They’ve simplified, but even so, they still have third parties that are adopting sleazy practices," Edelman told vnunet.com.

Edelman's study documents eight installations of Zango which he says violate the terms of the US$3m settlement. The study was conducted after the draft FTC agreement, and Edelman said that the examples were all collected in recent months, long after Zango enacted its new policies.

In one example, a distributor buried the Zango license agreement 44 pages deep in an application's EULA. In another case, no disclosure about Zango is given at all.

The problem, said Edelman, starts with Zango.

"Zango leads by example. On their own web sites they fail to disclose what the software does. They create a culture of misleading disclosures."

Edelman alleged that Zango's own descriptions are vague and misleading, specifically that the company fails to mention that the software serves pop-up ads and that it gathers information on users browsing habits and reports them back to Zango.

Zango executive Smith wouldn't address Edelman and Howe's study. He maintained that he was confident Zango's disclosure wording meets the FTC requirements. He also contended that Zango's advertisements were not really pop-ups.

"We don't view it as a pop-up ad, it doesn't feel like a pop-up ad," said Smith. The Zango founder said that conventional pop-up ads are randomly displayed and often have nothing to do with the content that the user is viewing.

Zango's ads, explained Smith, are clearly displayed as a separate browser window with a URL and a 'served by Zango' bar on the bottom of the screen with information on the application and how to remove it

Smith also said while information on browsing habits are gathered, Zango does not record any individually identifiable information.

"We have 20 million consumers, and we don't have an email address for any one of them," said Smith.

The CEO said that even when users install Zango unknowingly, they are soon notified of the installation. Within 72 hours of the installation, users are given a notice that includes instructions on how to remove the software.

The notification claim prompted a "so what?" reaction from Edelman.

"This is like the difference between opt in and opt out," said the researcher, "it doesn't work to say we told them later on that they could get out of the system, that's not what the settlement talks about."

Regardless of the changes, Edelman said that Zango has shown no interest in fixing the fundamental issues that affect their product.

"Their core problem is if they frankly told consumers what their software does, nobody would want it, nobody would agree to this."
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Log In

  |  Forgot your password?