Cracker of an Issue

Untangling the Web of Online Advertising and Privacy

Sunday, July 31, 2005

Spyware? Adware? Does it really matter?

This article makes some interesting observations. However, the conclusion seems to be that consumers should be responsible for deciding what programs they want on their computer and businesses should bear the responsibility of informing consumers (in simple words) about the programs they install on computers, with details like the program's function, the kind of information that is collects and what is done with the information, etc. Sounds like a brilliant plan to me, but unfortunately, the whole spyware controversy does not only involve the companies that install programs on computers and consumers who are not sure if they want the programs.

There are five basic parties involved in this whole issue. Firstly, consumers who are at the receiving end of this mess; the online advertising technology (adware) companies trying to make money with more installations and more eyeballs for ads they serve; the adware companies that have the same goal as party #2, but are willing to get there via deceptive means; the scum that just want to ruin computers and steal personal information and lastly the Anti-spyware folks who want to help consumers and of course, make some money in the process.

The attention span and patience of consumers are notoriously short and they want quick explanations to things they don't understand and even quicker solutions. Therefore, consumers are likely to believe the first good explanation they get from the first person that comes along with a proposed solution to the their computer problems. The obvious choice in this case would be the anti-spyware vendors and not the companies that install the programs. This is probably historically the case in the spyware controversy. In 1999 the founder of Zone Labs, Gregor Freund, supposedly used the term "spyware" in a press release for the Zone Alarm Personal Firewall. Since then, computer users have used the term in its current sense. The "spyware" meme was thereafter probably picked up by the media and other security vendors and spread rapidly across the globe. So, not only did anti-spyware vendors propgate the term, they got to arbitrarily decide what was or was not spyware and were free to change threat levels of programs. This is still the case and is the reason why the confusion persists and will only increase. Even if legitimate companies obtain consent by using very clear and conspicuous notices and not just EULA's, they have no choice but to fight anti-spyware vendors that identify them as threats.

Therefore, it does matter what is classified as 'spyware' or 'adware' and that's why this initiative is definitely a step in the right direction. I just hope the all the parties involved in this debate actively get involved and work towards arriving at some sort of understanding on what these terms should mean. It will improve the way anti-spyware vendors classify programs, while laying the groundwork for best practices that legitimate companies can adopt and will hopefully makes things easier for consumers.

Unfortunately, some do not agree. For example, Ben Edelman, (who has done some great work in this area) does not seem to believe that consumers are willing to accept adware even if they are provided clear notice and choice and installing the adware provides real value in return. According to him, "From the perspective of users whose computers are infected, there is nothing hard about (defining spyware). If you have adware or spyware on your computer, you want it gone." Oh, well...