In the online ad-distribution business, "everyone only knows the person above them and below them," says Ari Schwartz, deputy director of the Center for Democracy and Technology, a nonprofit public-policy group. "There hasn't been a sense of [needing] to look four levels out. You have all these players in the middle. There are many broken pieces to the puzzle."
Who's to blame? The easiest targets are marketing companies that redirect Web addresses and deliver pop-up ads. But it gets more complicated. The Center for Democracy and Technology threatened to file a complaint with the Federal Communications Commission over 180solutions Inc.'s business practices, warning the Internet search-marketing company that its distribution mechanisms likely were violating federal law and charging it with duping consumers into downloading software they didn't ask for. 180solutions filed suit in August against seven former distributors, alleging they used botnets--networks of infected computers--to surreptitiously install search software without notice or consent. "We deplore botnets," says a spokesman for 180solutions, which has stopped using more than 500 of its 8,000 distributors in the past nine months for failing to receive informed consent from users.
Some Praise
Ire also could be directed at companies that make their living selling ads through extensive networks--such as America Online, Google, and Yahoo--each with its own set of rules about adware and diligence about policing them. Schwartz praises Google for its advertising policies and says AOL has done the best job of enforcement, while Yahoo lags, choosing to lead work on an industry standard.
And then there are the advertisers, who pay as much as several dollars for every click on one of their pop-up pitches. "That's where the money starts," Schwartz says. "The chain begins and ends with the advertisers themselves."
Questions About Yahoo
Yahoo gained unwanted attention last month when spyware researcher and consultant Benjamin Edelman reported that Yahoo-syndicated ads appeared more frequently than any other pay-per-click ad network in his tests of various spyware-infected PCs.
"Yahoo has been more willing to take on dubious partners and allow their partners to have partners so that Yahoo couldn't know where the ads are appearing," Edelman says. "It's created a real monster in terms of ads getting distributed all over the place." Edelman counts among his clients AOL, which dumped Claria Corp. and other adware companies after purchasing interactive marketing company Advertising.com a year ago.
Yahoo says it didn't authorize two of Edelman's four examples of ads shown on software installed without consent, from advertising company Direct Revenue and 180solutions. Yahoo made sure the ads were terminated and is "looking into exactly how our listings showed up through their applications and will take action as appropriate,"a spokeswoman says. "This can range from terminating an implementation to ceasing to work with a company." For its part, Direct Revenue last month said it was ending the use of third-party affiliate networks to distribute its software.
But Edelman doesn't believe cutting ties to one or two rule-breakers is enough. The whole system, with the partners of syndication partners having their own partners, must change. He finds several examples each week of other vendors that install ad software without consent, or with questionable consent, showing Yahoo ads. And because that web of partners is so tangled, he doubts that Yahoo could truly shut out a particular offensive vendor if it tried.
Yahoo says it makes sure its marketing partners that peddle downloadable apps give consumers high standards of notice, privacy, and ease of removal. "A key element of these standards requires that distribution partners don't download applications onto a user's computer until the user knowingly agrees to the terms of the download agreement," the spokeswoman says.
Yahoo also is working with the industry to develop a better way to enforce those standards. "You can make sure a given company meets the guidelines, but it's difficult to police them on a minute-by-minute basis," the spokeswoman says.
Everyone's Doing It
Progress is coming in small steps. Priceline.com Inc., which Edelman ranks as one of the top 10 most widespread spyware advertisers, spends "a very small portion" of its advertising budget with Claria, Direct Revenue, and eXact Advertising, and the site is drafting a company adware policy, a spokesman for the travel-shopping site says. That might not seem like much of a step, but in the "everyone else is doing it, so I do, too" mentality that rules the world of online travel advertising, that's progress, the Center for Democracy and Technology's Schwartz says.
So does this: Dell has ended its business with Claria, eXact, 180solutions, and other affiliates that have been found to use software downloads that are prohibited in the terms and conditions of the affiliate contracts. A Dell spokeswoman wouldn't disclose the total number of Dell ad affiliates or those that have been terminated. An affiliate, she says, isn't allowed to use adware or spyware. "We don't tolerate it," she says. "It's not good for our customers, and it's not good for us." To distribute its online ads, Dell works with affiliates, most of which are coupon- aggregator Web sites such as CouponMoutain.com or FatWallet.com, which earn commissions. Dell also advertises with banners on news sites and in search results on Google.
However, Edelman found an instance of a "pop-under" ad from Claria for Dell appearing on Dell's own Web site; if a shopper clicked on the ad, Dell would presumably pay Claria for delivering it a customer it already had. A Dell spokeswoman couldn't explain the anomaly.
Dell--along with AOL, Hewlett-Packard, Microsoft, and Yahoo--is a member of the Anti-Spyware Coalition, a group of software companies, academics, and consumer groups working on ways to tackle spyware and other potentially unwanted technologies. The Center for Democracy and Technology convened the coalition, and the group is expected this fall to release the final draft of a consensus document that will address best practices, risk modeling, and objective criteria for flagging the unwanted software.
Illustration by Getty Images