No more ads, no more trackers

You might have noticed that I changed the design of this site a month or so ago. As part of the process, I also eliminated advertising.

That’s the culmination of a transformation that’s been going on since last year, when I removed the Google Analytics code from this site. I shut down my Google AdSense account and removed the code serving ads from the network I was previously part of.

With those changes, there are no longer any web trackers on this site. I do have the Stats widget (part of the WordPress Jetpack add-in), which counts site visitors and helps me determine which posts are most popular and which search terms visitors used when coming here via search engines. It doesn’t gather any additional information about visitors, as far as I know.

I have nothing but respect for the people who run my former ad network, Federated Media. They’re professionals of the first order.

The advertising industry, on the other hand, seems to be engaged in a race to the bottom. I finally got tired of ugly, misleading ads, which in turn were accompanied by tracking code that aggressively monitors your movements on the web.

So for now, at least, this site is free. If you want to support my work, I hope you’ll buy my books. I occasionally also recommend products here, from online merchants I trust. Those recommendations might include affiliate links. If they do, I include a disclosure as part of the post. (The link to Amazon.com at the beginning of this paragraph is an affiliate link, in fact.)

Ad-supported business models are becoming increasingly less tenable for small publishers like me. And the advertising industry is getting worse, much worse, in the way it tracks us.

I don’t have any answers for fixing the Internet. But at least in this one small plot of online real estate, I can make a statement.

When they say “destroy,” they mean it

James Kendrick says Spybot Search and Destroy eats Tablet PCs.

If you have a Tablet PC, better look at this one.

Technorati tags: Tablet PC, security, spyware, spybot

Is Yahoo in bed with spyware companies?

Ben Edelman is putting his Harvard Law degree to good use. The renowned spyware expert has filed an epic lawsuit against Yahoo!, according to a report by the Washington Post’s Brian Krebs yesterday::

A class-action lawsuit filed Monday against Yahoo! Inc. and group of unnamed third-parties accuses the company of engaging in “syndication fraud” against advertisers who pay Yahoo to display their ads on search results and on the Web pages of partner Web sites. The suit claims that Yahoo displayed these advertisers’ online ads via spyware and adware products and on so-called “typosquatter” Web sites that capitalize on misspellings of popular trademarks or company names.

Potentially more explosive is the plaintiff’s claim that Yahoo regularly uses its relationship with adware and typosquatting sites to gin up extra revenue around earnings time, alleging that the company is conspiring to boost revenue by partnering with some of the Internet’s seamier characters.

This is an escalation of an argument Ben has been making for some time now: Spyware couldn’t exist without the support of the companies that advertise through spyware networks. On his personal site, he’s documented the connection between big-name advertisers and spyware networks and Yahoo’s relationship with those shady networks. A PDF copy of the lawsuit is here.

As Ben has shown time and again, legitimate companies try to maintain plausible deniability for their relationships with these scummy networks. But those denials just don’t stand up to close scrutiny.

I hope this lawsuit scares the bejesus out of the legitimate companies that have been turning a blind eye to their complicity in these sordid schemes. The legal system isn’t fast, but it can be inexorable.

Go get ’em, Ben.

Windows Defender beta is out

Windows AntiSpyware is now officially Windows Defender. Dwight Silverman has more details here, and Windows Connected has a gallery of screenshots here.

I’ll have some thoughts after I’ve had a chance to work with the new beta.

Get the new Windows AntiSpyware Beta

No, this isn’t the long-awaited Beta 2; it’s yet another refresh of Windows AntiSpyware Beta 1:

The latest beta refresh, build 1.0.701, extends the Windows AntiSpyware beta expiration date to July 31, 2006 and provides new signature updates to help protect against recently identified spyware.

Existing users of the beta (Build 1.0.615) will receive a software update that includes the new beta refresh. The latest beta refresh is also available for download through this site.

Microsoft would like to encourage all Windows AntiSpyware (beta) users to download and install the new update (Build 1.0.701).

If you already have Windows AntiSpyware installed, it should update automatically. If you’re thinking of installing this program, this is as good a time as any. It’s lightweight, effective, and free.

Windows Defender and a dissertation on search algorithms

Dwight Silverman has a pair of interesting observations on the news that Microsoft Antispyware is about to become Windows Defender:

I mentioned above that there’s already an application dubbed Windows Defender. I found that by doing a Google search, which turned up many links to the existing package as the top results.

But if you do the same search at MSN Search, the top results are front-loaded with references to the Windows Defender renaming announcement by Jason Garms. In fact, the first reference to the existing Windows Defender product doesn’t show up until the seventh page of results at MSN.

Maybe Microsoft forced the results for its own entry higher on its search engine. Or maybe Google’s just slow to index blog postings. Or a little bit of both . . .

That first observation is interesting, indeed. Microsoft has an army of lawyers, and one would have to assume that no product naming decision gets publicly announced until there’s been a thorough trademark search. (At least the windowsdefender.com domain is owned by a guy in Seattle who is a contractor for Microsoft.) If someone made a public announcement like this without acquiring the trademark rights from the existing product, they were incredibly sloppy.

What about the search results? Is Microsoft really favoring itself?

When I looked at the MSN Search results, I found that a download link for the existing Windows Defender product was fourth on the list. (Hey, I’m even on that first page!) So it’s not like every reference to the existing product has been scrubbed.

I think there’s a (somewhat) more innocent explanation for the different search results for MSN Search versus Google. In my admittedly limited testing, I’ve seen clear evidence that the MSN algorithm emphasizes freshness much more than Google does. By contrast, Google’s algorithm emphasizes the number and quality of links to a given page (PageRank) and thus is inherently biased toward pages that are older and have had more time to acquire lots of links from high-traffic sites. So at least in this case it stands to reason that pages talking about the latest news on this phrase would rank higher at MSN Search than at Google.

For an example that isn’t Microsoft-related (and thus doesn’t have the possibility that Microsoft is unfairly favoring its own sites), try searching for Sony copy protection, a topic that has been much in the news lately.

Here’s the MSN Search results. Note that everything on the first page is about the current rootkit controversy.

Now try Googling the same words. Although there are lots of results about rootkits, I noted that the third item on the first page was a USA Today article from 2002. The sixth item is an undated article from KAOS2000 Magazine that talks about using marker pens to defeat Sony copy protection schemes used on a “new Celine Dion album” released in 2002. And the ninth link on the page is to a discussion at cdfreaks.com, also from 2002.

Those are interesting approaches. Knowing how those two search engines work can help me decide which one to use, but I don’t think either one is biased.

Scoble wrote a flurry of interesting posts on this some time ago. In this post, which I chose more or less at random, he says something I can wholeheartedly agree with: “Anyway, my point wasn’t to get into a rathole discussion on any one search term. It was to point out that at almost ANY search term you can find ways to improve the engine. But, I’ll keep hammering this one in until people get it and see that search is FAR from being done.”

Windows AntiSpyware gets a name change and then some

In case you’ve been wondering why Windows AntiSpyware has been in beta for what seems like two years (it’s actually been only 10 months), Microsoft’s Steve Dodson spills the beans. Three pieces of news:

The new name is Windows Defender.

It will be integrated into Windows Vista. Steve explains:

You will be able to run another spyware product instead of Windows Defender if you would like. Although I may shed a small tear, you will be able to disable or turn off Windows Defender and install whichever 3rd party anti-spyware application you would like. The really cool thing is that the Windows Security Center in Vista will be redesigned to detect if an Anti-Spyware application such as Windows Defender is running and operating normally.

And it will soon receive signature updates via Automatic Updates rather than through a separate update engine.

More details in a somewhat breathless post at the Anti-Malware Engineering Team blog:

Windows Defender is about what Windows will do for customers, defending them from spyware and other unwanted software. Our solution has really been about more than just the standard definition of “spyware”. We’ve always said we will provide visibility and control, as well as protection, detection and removal from other potentially unwanted software, including rootkits, keystroke loggers and more.

Making the engineering change from “Windows AntiSpyware” to “Windows Defender” took a lot of careful coordination across our team to ensure that the strings in the UI got changed, the help files all got updated, registry keys, file names and properties, as well as a couple of images all got changed. All this work was completed and tested last Thursday, and is currently making its way through our build systems in Windows to make it into the main build environment, where official builds come from. We’re pretty excited by the name, and by the sleek new UI and other improvements we’ve been making in it to help make Windows Vista the best operating system around! But Windows Defender is about a lot more than just a name change. The engine is now moved to a system service, and signatures are delivered over Windows Update. The detection mechanisms have also been radically improved by applying to spyware threats all the great detection technology we use in our antivirus engine.

~~Unanswered question: What happens to anyone using Windows XP or Windows 2000?~~

Update: The new software will be available for Windows XP, according to the AMET Blog post. But no word on Windows 2000.

Also see this follow-up story.

Is Sony violating the law?

I’m not qualified to pass judgment on legal issues, so when I run across infuriating behavior like what Sony has been engaging in (see Sony wants to hijack your PC“>here for background), I try to find an expert on the subject. For this question, I can’t think of anyone more qualified than Ben Edelman. He’s most famous as an expert on spyware, which is noteworthy given the spyware-like behavior of these copy-protected CDs.

I asked Edelman if he thought that Sony’s behavior was potentially illegal. Here’s his reply:

It all comes down to consent. If Sony’s EULA is taken to obtain a user’s consent for the installation, perhaps Sony is on strong ground. But if the “consent” procedure is deemed defective (too vague, too hard to find, no clear manifestation of assent, too inconsistent with the premise of buying a CD), suddenly Sony is in trouble — for a nonconsensual installation of software onto users’ PCs. One might reasonably accuse Sony of committing a trespass to chattels, or even of exceeding authorized access to a computer system (a Computer Fraud and Abuse Act violation).

I’m also struck by the fact these items, though apparently labeled as CDs and of course sold in CD stores, aren’t actually genuine CDs (as the official “red book” CD standard defines that format). Could Sony be committing fraud by claiming to sell users CDs, when in fact what Sony is offering is something else altogether?

There are a pair of 800-pound gorillas that might have something to say about that latter question. One is Philips, which owns the CD trademark and has been vocal about its objections to copy protection since at least 2002. If Sony is using the CD logo, they’re infringing on that trademark. The other party who might want to stomp on Sony is Eliot Spitzer, Attorney General of the State of New York, who has already taken on some big names in the spyware industry. I hope he’ll weigh in here.

Sony’s even sleazier than I thought

In the comments to my earlier post on the sleazy DRM software that Sony is pushing, Charles Arthur (who has a very cool new job) points out that I was mistaken to accuse Sony of installing this crap “without any notification or any attempt to obtain your consent.” Fair enough. As Charles points out, the original post from Mark Russinovich at Sysinternals.com includes a reference to the end-user license agreement (EULA) for the Sony DRM software that does indeed refer to a software installation and could be construed to be a notification. In fact, Russinovich’s post is unclear on this issue. He has posted a copy of the EULA for the DRM software (with a key clause highlighted in yellow), but that license agreement is not the one that pops up when you first insert the CD. To see that license agreement, read the F-Secure write-up. (I’ve posted a copy of the screen shot here.)

This is how the makers of spyware work. See anything in the first screen that says you’re about to install a hidden file-system filter driver that will run at all times and cannot be uninstalled? See the scroll box (the small handle in the scroll bar) on the right of the dialog box? Judging by the size of the box, I estimate that you would need to scroll through approximately 25 screens to read the entire license agreement, and way down at the end it includes this line: “The SONY BMG PARTIES may from time to time provide you with updates of the SOFTWARE in a manner that the SONY BMG PARTIES deem to be appropriate.”

Folks, this is how spyware makers work. They provide misleading end-user license agreements that they count on users ignoring. They fail to disclose the true purpose or impact of their product. They fail to provide removal tools. They reserve the right to update their sleazy software at any time without any further notice or consent.

It’s even worse than I thought.

Sony wants to hijack your PC

Mark Russinovich of Sysinternals.com has documented his experience with Sony’s new copy-protected CDs: Sony, Rootkits and Digital Rights Management Gone Too Far. It’s a bone-chilling story. According to Mark, just inserting one of Sony’s copy-protected CDs into your computer installs unwanted software on your computer. The software installs as a device driver that hides itself using techniques that are the same as those used by viruses and Trojan horses. It does this without any notification or any attempt to obtain your consent. Mark reports:

Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files.

Researchers at F-Secure were working on similar results at the same time and have now published their results:

Although the software isn’t itself malicious, the hiding techniques used are exactly the same that malicious software known as rootkits use to hide themselves. The DRM software will cause many similar false alarms with all AV software that detect rootkits.

The hiding techniques used by the DRM software can be abused by less technical malware authors to hide their backdoors and other tools. If a malware names its files beginning with the prefix ‘$sys, the files will also be hidden by the DRM software. Thus it is very inappropriate for commercial software to use these techniques.

According to Mark’s research, any attempt to remove this software will essentially disable their CD or DVD drive if they try to remove this crap.

This is beyond sleazy. Whoever approved this software should be forced into court and made to pay damages. I’m not a lawyer, but it also could violate several criminal statutes.

Screw you, Sony. You’re not getting another dime from me in any way.

Follow-up: Sony’s even sleazier than I thought and Sony tries to stop the bleeding.