Software from Claria Corporation, formerly known as Gator, has been widely accused of being spyware. But is it? We took a look for ourselves, and didn't like what we saw.
The spyware case against Claria comes down to one of disclosure.
Critics of the adware vendor say that Claria does not adequately disclose to users the information it's collecting and how it will use that information. Claria counters that its disclosures are complete.
We decided to see for ourselves. We downloaded and installed two Claria applications from the company Web site: Weatherscope and Date Manager. We also downloaded and installed a third product, the file-sharing program Kazaa, which includes Claria software. We took a look at the installation process, trying to see things with the eyes of an intelligent but uninformed user.
The installation screens do not say that, for as long as the software is running, it will monitor the URL of every site the user visits and report that information back to a Claria database.
Another frequent accusation against spyware is that it actively fights against user attempts to uninstall it. We haven't heard that accusation against Claria, but, in the name of completeness, we decided to test how gracefully Claria uninstalled itself. As part of our testing, we ran four separate anti-spyware programs, both before and after installing the Claria software and Kazaa, to see how well Claria did at cleaning itself off the system.
The installation screens say that Claria will display ads based on the sites a user visits. But the installation screens do not say that, for as long as the software is running, it will monitor the URL of every site the user visits and report that information back to a Claria database.
That information is spelled out in a lengthy End-User License Agreement (EULA), which very few users are likely to read. The EULA also gives Claria the right to track — and report back — an inventory of all the software on your PC and the first four digits of your credit card number, so it knows which banks you use. The install screens also don't disclose that the monitoring part of the application continues running even when users shut down the useful part of the application.
The Weatherscope EULA is 2,600 words long and takes up 32 screens. Click image to enlarge.
Even more confusingly, the EULA itself isn't accurate as to what information Claria actually collects; it's a grab-bag of some information Claria now collects, and other information that it used to collect but has stopped collecting. Scott Eagle, Claria's chief marketing officer, said the only information the company now collects is activity of "commercial intent" — meaning online shopping and product research. The information is filed by anonymous computer ID number. Claria does not collect user names, e-mail addresses, credit card numbers, or ZIP codes.
Another thing that you're not told unless you read the EULA: You're forbidden from using anti-spyware software to remove Claria software from your PC. The only way you're permitted to remove it is by using the Microsoft Windows Add/Remove Programs utility.
Simply including this important information in a dense packet of fine print is insufficient notification.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.