ComScore: Spyware or 'researchware'?

(continued from previous page)

flags for anyone concerned about the privacy of their personal data and the sanctity of their computer.

"From an overall security perspective, I would never recommend that to happen," said Webroot's Stiennon. "That's the one case where all of your activity can be sniffed and tracked. Even if it was the most reputable company in the world, I would not recommend that practice."

ComScore has a panel of 1.5 million people in the United States who use its software, and by doing so, report their behaviors. With the software, ComScore has built a reputable research business in recent years with less investment than traditional, random digit-dial research panels. Its star has risen since the dot-com bust thanks to the credibility of its large panel size and data. The company sells data to major Internet companies, universities and the media.

But as high-speed Internet service has proliferated in recent years--making its Internet accelerator software less enticing to consumers--ComScore has had to find new incentives and avenues for distribution. For example, it runs JD Academic Research Council, or JDCouncil.org, which offers students $5 or $10 for using Marketscore.

"Some companies fall into the middle, and there's a push back and forth as to whether they're the good guys or bad guys."

--Ari Schwartz, policy analyst, Center for Democracy and Technology

The company has reportedly bundled its software with peer-to-peer applications like iMesh, which are popular with students.

But recently, the company's distribution efforts have hit a snag in academia.

Columbia University and Cornell have begun blocking Marketscore from their networks and students' PCs, and issued spyware warnings on the software. Other schools, including Pennsylvania State University, Indiana State University, California State University and North Dakota University, also are looking into the software.

"It wasn't causing adverse performance effects to our network, but you might imagine if you're a student and logging on to what you think is a secure site, and it's not, and it records your credit card information. That's why we decided to be a little more active on this," Cornell's Schuster said.

Because Marketscore's Web page contains only a buried reference to ComScore, some people say it appears secretive and raises suspicion. JDCouncil.org does not openly refer to ComScore either, except within a company information page.

The controversy comes as spyware is of mounting concern to consumers, information technology managers and corporations. As more Net companies begin to offer tools for consumers to fight it, spyware makers are getting trickier, exploiting Web browser flaws to get onto people's PCs and making it nearly impossible to uninstall their software.

As a result, several states, including California, have anti-spyware bills to ban unauthorized installation of spyware on unsuspecting computer users. Congress is also drafting a federal law to protect consumers from spyware. In October, the U.S. House of Representatives approved the proposed Spy Act, which prohibits companies and individuals from "taking control" of a computer, surreptitiously modifying the URL of a Web browser's home page or disabling antivirus software without the proper authorization.

View reply Hide reply

Processing

No, you miss the point

by December 22, 2004 11:31 PM PST

No, you miss the point

Any time you "consent" to use a proxy server that collects private information at all, it's sypware. I wonder how many people who have given their consent realize that their credit card and banking information is gathered (whether it's scrubbed or not). When I go to my bank's website, I need to know that NO ONE is gathering my information other than my bank. I would never consent to use of a proxy server to track that information or any other transaction involving my personal information.

Gathering information on trends wrt to surfing habits is one thing. Collecting private information is something quite different.

The problem is that most computer users don't realize what they are agreeing to and have no clue what a proxy server is or how it can be used. That's where clear disclosure is necessary. I don't care how "top notch" a company is if they are redirecting users through their own server. That's as bad as or worse then MSFT's Passport.

Like this

TRUSTWARE

by hadaso December 20, 2004 2:49 PM PST

TRUSTWARE

TRUSTWARE - that's waht ComScore wants to be!

What they claim is that people downloaded the program knowing what it does - mining data and sending it somewhere, and those people trusted them when agreeing to the instalation. this is not the same as something a user got infected with while trying to install something else for a different purpose.

I think it was about 4 years ago that I installed my first adware-supported "freeware". I liked the idea back then: the ads where not intrusive (they were only shown when I was using an app that didn't need even 10% of the screen, and disappeared with the app as soon as it lost focus). Then later I found that I have three or four different ad-serving programs on my system, that came with things like pkzip and other shareware. One of them was shared but more than one ad-supported app, and what annoyed me was not that they are trying to use my data, but that I have way too many of them installed and using resources. Why can't they use just one ad-serving engine? Then started all the public ranting about spyware spying on you, and it all added up:

I think the model of paying for a software license by being served targeted ads is a good idea. It is just not implemented correctly. It should be TRUSTWARE and not SPYWARE! There should be one ad-serving program on a user's system, and it should be the user's choice which ad-serving program it is. The user would choose an ad-serving service the user trusts for doing the ad-serving. Ad-supported software downloads would not have bundled spyware. Instead it would look in the system to see what ad-serving software exists, and would negotiate with this ad-server. If there is no compatible ad-server on the user's system, the ad-supported app would inform the user that a compatible ad-serving program should be installed and running before the app can be used.

For this to work there should be a standard open protocol for ad-servers to negotiate with ad-clients (ad-supported apps) and for them to serve ads to the client, and also to pay the vendor of the ad-client for displaying the ads in their app.

The point is that this way the user doesn't get unwanted software sneaked into her system. Instead she gets ads from a source she trusts, and this way perhaps she is willing to share much more info with this trusted source, which can result in much better targeted ads, which serve her better and earns more money for the advertisers.

Of course there are lots of security issues to be solved for this to work. On the other hand there is potential in this model beyond just serving ads. It's really about different software components in a single computer negotiating and transfering real value between them, so it's a sort of micro-payments system working inside a single PC, and when aggregated over many users on many PCs resulting in real money being transfered between the user's chosen ad-server vendors and the ad-client vendors.

Like this Reply to this comment

It is spyware

by December 20, 2004 3:17 PM PST

It is spyware

Euphemisms to delude the victims or the purveyors? Either way it is an unwanted intrusion and most users would refuse if given a choice in the matter. Otherwise, why do the data miners need to do this in a stealthy manner? Do not even try to defend their actions in any manner.

- If the end user does not want to participate then any spying is just that.
- If the tracking must be done by imbedding code into the user's computer, it is a blatant intrusion, a trespass.
- It does slow down PC's and I have seen it interfere visibly with browser operations and ultimately corrupt drive data on a PC virus checked daily.
- It is also a violation of trust by those who do so without permission or clear ability to opt out.

Just call it for what it is. Rape Derived Data.

Like this Reply to this comment

Story author has been hoodwinked

by fredmenace December 20, 2004 7:02 PM PST

Story author has been hoodwinked

This article read as trying to be very "balanced" to the point of being apologetic of an unsavory activity, when in reality it appears the author was taken in by a disreputable spyware company just because it has lots of large clients, and the author was maneuvered into telling this company's side of the story. (I've seen the legitimacy claims of spammers covered in other stories, but usually with skepticism, rather than with such blind acceptance.)

Until the big uproar occurred over the last couple of years, many major corporations used the services of the worst spammers, and the same corporations continue to push annoying pop-up ads that people complain about and try to block.

Until the activity in question is clearly illegal, or until a sufficient number of customers become aware of it and start complaining (to the point it would be bad PR for a company to be associated with it), companies will continue to use these services. Spam and pop-up ads are cheap and effective. So is spyware-derived research. Until there were sufficient complaints and laws targeting it, customers of spam services claimed there was nothing wrong with it. This doesn't make it desirable or something we should just accept as OK.

Awareness of spyware and adware is just lagging behind that of more in-your-face intrusions like spam and pop-up ads, mainly because it IS so invisible (which makes it all the more troubling).

In fact, this kind of spyware is far more potentially damaging than standard pop-up ads and spam, if less immediately annoying. We should not just "trust" some company to know all of our passwords, bank account logins, personal activities, everything we buy, everything we read, every site we visit, every personal email and chat message we send, etc. Any such software would need an extraordinary level of awareness and accepance on the part of the user, not just clicking past some fine print in an EULA, and any personally-identifying information should be stripped fully before the data ever leaves the computer. The user should also be able to see the data that will be transmitted before it is sent, and have the ability to prevent its transmission if it tells more than they want to.

Going through a proxy is a REALLY REALLY bad idea. At the least, there should be suitable warnings each time someone logs into the computer or goes onto the internet that this is occurring (if a proxy IS used, all web pages should be in a frame which clearly explains what is happening, what data is being collected and by whom, and giving the easy option to bypass it at any time, and similar warnings should display any time email, news, ftp, or other internet activity occurs).

Of the 1.5 million claimed users of this software, I bet at least 1.4 million would be surprised (and probably angered) to discover that their online activities were being monitored in any way.

There is nothing distinguishing this company from any other disreputable spyware company. No new category is needed here, except for "illegal".

Like this Reply to this comment

Another point

by fredmenace December 20, 2004 7:05 PM PST

Another point

In addition to getting the consent of the owner of the computer, it would seem each and every user who accesses the internet from that computer needs to be made aware of this data collection and give explicit consent to it. I am positive that this isn't happening.

Like this

Research Project For The Federal Trade Commission

by December 20, 2004 9:07 PM PST

Research Project For The Federal Trade Commission

As a marketing research professional this article raises some interesting ethical questions and what boundries a reputable research firm should adhere to and where some type of government regulation may be required. It also raises some interesting questions on the ethics of the firms who buy and utilize this type of research.

First class research firms such as Nielsen adhere to strict ethical standards. I can't imagine Nielsen conducting a focus group or other type of research where they write down the social security number and credit card numbers of the participants involved. And I certainly think that Nielsen's research participants would know why, when and where they were being questioned or observed.

To say that MarketScore's type of research is ethical or OK because companies like AOL use it is a weak argument. To label their software as "Researchware" does not change the type of methods they employ.

I have an idea for a survey that the Federal Trade Commission might want to conduct with Comscore's "panelists". Since they know who the users are, it should be easy to pull a sample of MarketScore panelists.

Q1) Are you familiar with ComScore, MarketScore or JDCouncil.org ?

Q2) Is the MarketScore software program currently installed on your computer ?

Q3) Is the MarketScore software program currently running on your computer ?

Q4) Do you know that you agreed to have Comscore capture your personal information such as credit card numbers, bank passwords, social security numbers and other private information ?

Q5) Did you read the End User License Agreement prior to installing the MarketScore software?

Q6) Did you understand the End User License Agreement prior to installing the MarketScore software?

Q7) Do you know how to de-activate or uninstall the MarketScore software ?

Q8) Did you receive any renumeration or conisderation for installing the MarketScore software ?

Q9) Do you want your personal information such as credit card numbers, bank passwords, social security numbers, and internet purchases recorded and tracked by MarketScore?

Q10) Do you want the MarketScore software installed and running on your computer?

Q11) Would you like to recieve a short, easy to understand confirmation from MarketScore that would REQUIRE YOU TO CONFIRM that you would like to continue as a panelist?

Q12) If your personal information were to "leak out" as a result of your use of the MarketScore software and cause you personal harm such as identity or credit card theft do understand what liability MarketScore has to you?

I don't think that full disclosure equates to fine print. The mortgage loan industry used to bury it's disclosures in fine print. Now there are separate forms in large print and easy to understand language in loan documents. Government intervention was required to at least make an attempt to insure that people knew what they were getting into.

For now I applaud Webroot's and the universities mentioned stance on classifying this program as "Spyware". Until MarketScore can prove that it's panelists truely understand and agree to having this software installed and running on their computers, the panelists should have the option of this program being flagged as Spyware.

Like this Reply to this comment

Precisely!

by fredmenace December 21, 2004 6:16 PM PST

Precisely!

This is exactly correct: people may be willing to receive advertising or have their behavior monitored IF it is to a reasonable extent, they are fully aware of it, they get something in return, and THEY decide it is worthwhile. This is how most legitimate market research is done. Spyware and adware are part of the "we can do it cheaper because we can get away with things that we couldn't in the real world" philosophy of the internet. Sometimes this is true, and not a problem. But, like spam and file sharing, adware and spyware should be required to conform to the standards these practices would demand in the real world.

Like this

spyware

by December 20, 2004 10:30 PM PST

spyware

How can anyone suggest that there is any legitimate reason to put software on my personal computer? How can anyone find legitimacy in gather information about me? Next, they will want to put microphones in my house. It is unconstitutional.

Like this Reply to this comment

I don't care what they call it

by sderf December 21, 2004 7:25 AM PST

I don't care what they call it

I don't care what they call it I still don't want anybody following me around with out my permission.
If you need information ask.

Like this Reply to this comment

Spyware by any other name is still spyware

by albrown December 21, 2004 8:44 AM PST

Spyware by any other name is still spyware

No matter how you spin it its still wrong and anyone doing it should be fined, jailed or worse.

Intrusion without permission in the name of science is still intrusion. If I wanted to be part of a study group for these theives then I'd sign up.

Like this Reply to this comment

Place this data gathering on the server side

by jminniha December 22, 2004 6:18 AM PST

Place this data gathering on the server side

Data should be gathered at the ecommerce site's servers...these data gathering companies should be trading their data gathering sofware installs with free/discounted data gathered from their partners. As such spyware data miners would not need to be installed on each PC client.

Like this Reply to this comment

Just worried about the free internet.....

by December 22, 2004 10:17 AM PST

Just worried about the free internet.....

I am not a spyware vendor..I am just a concerned consumer who has been watching this for quite a while, and now that big players are in the game I can see that contol and power will be in few peoples hands.

I will say it again...the anti-spyware makers have a huge amount of power. They recommend what they think is good software and bad software. They have the power to remove "bad" software. This is all well and good if anti-spyware makers were all kind and benevolent, but they obviously want to make money too. The wheels can be greased. If the anti-spyware company has a large enough distribution, they can put out a software or definition update and kill another program in no time at all.

A good example is the tie between Alluria and WhenU. One could argue there is a little bit of a conflict of interest there:) In fact most of what I have seen is companies that do not want to be viewed as spyware have a tactic of teaming with a anti-spyware maker to get them on their side. This gets to the heart of my fears about this.

On the other hand I do think Privacy Protection Software is a good idea and that it is good for everyone if there are good rules. I think the P3P is a good example of how we can better inform consumers about privacy. This Privacy Protection Software may even be able to hit a web sites P3P policy and convey that in clear english for folks. Anyhow, I would like to see criteria like the following:

1) Objectivity - There needs to be a clear list of criteria by which software privacy will be measured. (the term spyware needs to go away because is not objective, it is just hype). Actual research needs to be done on the software and that research needs to be documented against the list of criteria. GIANT/Microsoft actually has a decent list of criteria, but maybe there needs to be an independent organization that sets the criteria?

2) Transparency - Both the consumer and the developer of the software applications need to have 100% disclosure of what the scoring criteria is for their application. This promotes having legitimate companies that are "in a gray area" to improve their practices and prevents anti-spyware makers from choosing how they want to apply their definitions to different vendors.

3) Fairness: ALL software must be treated and analyzed equally. i.e. the spyware companies cannot decide to include one piece of software and not another. All software has privacy concerns even if it is purchased by a consumer or used by an IT organization. For example, we use RAdmin here at work. By NO means is it spyware in the hyped sense of the word, but it could definitely be used to monitor what a person does on their computer and people have a right to know its capabilities.

Anyhow, just throwing out some thoughts. I think these are issues that are out there, but not too many consumers seem to be afraid of who we are giving power to. They hate spyware and any company that helps get rid of it is good in their books...Lets just not forget that the biggest reason anti-spyware companies are getting into this area is to make money and things can get out of hand if we let it.

Hopefully this will cause someone to think about this more..

Like this Reply to this comment

Ok

by volterwd December 28, 2004 9:29 PM PST

Ok

so i will stab someone and call it 'surgery', but hey... a peice of SHI* by any other name still stinks

Like this Reply to this comment

Big Brother by any other name....

by December 29, 2004 6:36 PM PST

Big Brother by any other name....

It is no more acceptable by ANY company whether for marketing purposes or whatever. It is still an invasion of our privacy to install anything unknowingly on our compters. If the Goverment did it (who knows) we would not stand for it. It slows down our machines and causes bandwidth to be used. I believe it to be worse than spam, since spam does not invade our systems, just fills our email boxes. (Spam does suck though)

Like this Reply to this comment

Showing 1 of 2 pages (31 Comments)

• prev
• 1
• 2
• next

Add a comment

Comment SUBMIT

Click here to add another comment.

Popular discussions on CNET:

1. Nokia hits Apple with latest patent complaint

   December 29, 2009 11:38 AM PST

   (117 recent comments)

2. Leaked Nexus One documents: $530 unlocked, $180 with T-Mobile

   December 29, 2009 8:30 PM PST

   (69 recent comments)

3. Aha! It's the iGuide, not iSlate--maybe

   December 30, 2009 10:08 AM PST

   (62 recent comments)

4. Kid gets Xbox 360, loses mind

   December 30, 2009 11:10 AM PST

   (54 recent comments)

5. Report: Apple event to be held January 26

   December 30, 2009 5:38 PM PST

   (53 recent comments)

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

No, you miss the point

Any time you "consent" to use a proxy server that collects private information at all, it's sypware. I wonder how many people who have given their consent realize that their credit card and banking information is gathered (whether it's scrubbed or not). When I go to my bank's website, I need to know that NO ONE is gathering my information other than my bank. I would never consent to use of a proxy server to track that information or any other transaction involving my personal information.

Gathering information on trends wrt to surfing habits is one thing. Collecting private information is something quite different.

The problem is that most computer users don't realize what they are agreeing to and have no clue what a proxy server is or how it can be used. That's where clear disclosure is necessary. I don't care how "top notch" a company is if they are redirecting users through their own server. That's as bad as or worse then MSFT's Passport.

[hadaso]

TRUSTWARE

TRUSTWARE - that's waht ComScore wants to be!

What they claim is that people downloaded the program knowing what it does - mining data and sending it somewhere, and those people trusted them when agreeing to the instalation. this is not the same as something a user got infected with while trying to install something else for a different purpose.

I think it was about 4 years ago that I installed my first adware-supported "freeware". I liked the idea back then: the ads where not intrusive (they were only shown when I was using an app that didn't need even 10% of the screen, and disappeared with the app as soon as it lost focus). Then later I found that I have three or four different ad-serving programs on my system, that came with things like pkzip and other shareware. One of them was shared but more than one ad-supported app, and what annoyed me was not that they are trying to use my data, but that I have way too many of them installed and using resources. Why can't they use just one ad-serving engine? Then started all the public ranting about spyware spying on you, and it all added up:

I think the model of paying for a software license by being served targeted ads is a good idea. It is just not implemented correctly. It should be TRUSTWARE and not SPYWARE! There should be one ad-serving program on a user's system, and it should be the user's choice which ad-serving program it is. The user would choose an ad-serving service the user trusts for doing the ad-serving. Ad-supported software downloads would not have bundled spyware. Instead it would look in the system to see what ad-serving software exists, and would negotiate with this ad-server. If there is no compatible ad-server on the user's system, the ad-supported app would inform the user that a compatible ad-serving program should be installed and running before the app can be used.

For this to work there should be a standard open protocol for ad-servers to negotiate with ad-clients (ad-supported apps) and for them to serve ads to the client, and also to pay the vendor of the ad-client for displaying the ads in their app.

The point is that this way the user doesn't get unwanted software sneaked into her system. Instead she gets ads from a source she trusts, and this way perhaps she is willing to share much more info with this trusted source, which can result in much better targeted ads, which serve her better and earns more money for the advertisers.

Of course there are lots of security issues to be solved for this to work. On the other hand there is potential in this model beyond just serving ads. It's really about different software components in a single computer negotiating and transfering real value between them, so it's a sort of micro-payments system working inside a single PC, and when aggregated over many users on many PCs resulting in real money being transfered between the user's chosen ad-server vendors and the ad-client vendors.

It is spyware

Euphemisms to delude the victims or the purveyors? Either way it is an unwanted intrusion and most users would refuse if given a choice in the matter. Otherwise, why do the data miners need to do this in a stealthy manner? Do not even try to defend their actions in any manner.

- If the end user does not want to participate then any spying is just that.
- If the tracking must be done by imbedding code into the user's computer, it is a blatant intrusion, a trespass.
- It does slow down PC's and I have seen it interfere visibly with browser operations and ultimately corrupt drive data on a PC virus checked daily.
- It is also a violation of trust by those who do so without permission or clear ability to opt out.

Just call it for what it is. Rape Derived Data.

[fredmenace]

Story author has been hoodwinked

This article read as trying to be very "balanced" to the point of being apologetic of an unsavory activity, when in reality it appears the author was taken in by a disreputable spyware company just because it has lots of large clients, and the author was maneuvered into telling this company's side of the story. (I've seen the legitimacy claims of spammers covered in other stories, but usually with skepticism, rather than with such blind acceptance.)

Until the big uproar occurred over the last couple of years, many major corporations used the services of the worst spammers, and the same corporations continue to push annoying pop-up ads that people complain about and try to block.

Until the activity in question is clearly illegal, or until a sufficient number of customers become aware of it and start complaining (to the point it would be bad PR for a company to be associated with it), companies will continue to use these services. Spam and pop-up ads are cheap and effective. So is spyware-derived research. Until there were sufficient complaints and laws targeting it, customers of spam services claimed there was nothing wrong with it. This doesn't make it desirable or something we should just accept as OK.

Awareness of spyware and adware is just lagging behind that of more in-your-face intrusions like spam and pop-up ads, mainly because it IS so invisible (which makes it all the more troubling).

In fact, this kind of spyware is far more potentially damaging than standard pop-up ads and spam, if less immediately annoying. We should not just "trust" some company to know all of our passwords, bank account logins, personal activities, everything we buy, everything we read, every site we visit, every personal email and chat message we send, etc. Any such software would need an extraordinary level of awareness and accepance on the part of the user, not just clicking past some fine print in an EULA, and any personally-identifying information should be stripped fully before the data ever leaves the computer. The user should also be able to see the data that will be transmitted before it is sent, and have the ability to prevent its transmission if it tells more than they want to.

Going through a proxy is a REALLY REALLY bad idea. At the least, there should be suitable warnings each time someone logs into the computer or goes onto the internet that this is occurring (if a proxy IS used, all web pages should be in a frame which clearly explains what is happening, what data is being collected and by whom, and giving the easy option to bypass it at any time, and similar warnings should display any time email, news, ftp, or other internet activity occurs).

Of the 1.5 million claimed users of this software, I bet at least 1.4 million would be surprised (and probably angered) to discover that their online activities were being monitored in any way.

There is nothing distinguishing this company from any other disreputable spyware company. No new category is needed here, except for "illegal".

[fredmenace]

Another point

In addition to getting the consent of the owner of the computer, it would seem each and every user who accesses the internet from that computer needs to be made aware of this data collection and give explicit consent to it. I am positive that this isn't happening.

Research Project For The Federal Trade Commission

As a marketing research professional this article raises some interesting ethical questions and what boundries a reputable research firm should adhere to and where some type of government regulation may be required. It also raises some interesting questions on the ethics of the firms who buy and utilize this type of research.

First class research firms such as Nielsen adhere to strict ethical standards. I can't imagine Nielsen conducting a focus group or other type of research where they write down the social security number and credit card numbers of the participants involved. And I certainly think that Nielsen's research participants would know why, when and where they were being questioned or observed.

To say that MarketScore's type of research is ethical or OK because companies like AOL use it is a weak argument. To label their software as "Researchware" does not change the type of methods they employ.

I have an idea for a survey that the Federal Trade Commission might want to conduct with Comscore's "panelists". Since they know who the users are, it should be easy to pull a sample of MarketScore panelists.

Q1) Are you familiar with ComScore, MarketScore or JDCouncil.org ?

Q2) Is the MarketScore software program currently installed on your computer ?

Q3) Is the MarketScore software program currently running on your computer ?

Q4) Do you know that you agreed to have Comscore capture your personal information such as credit card numbers, bank passwords, social security numbers and other private information ?

Q5) Did you read the End User License Agreement prior to installing the MarketScore software?

Q6) Did you understand the End User License Agreement prior to installing the MarketScore software?

Q7) Do you know how to de-activate or uninstall the MarketScore software ?

Q8) Did you receive any renumeration or conisderation for installing the MarketScore software ?

Q9) Do you want your personal information such as credit card numbers, bank passwords, social security numbers, and internet purchases recorded and tracked by MarketScore?

Q10) Do you want the MarketScore software installed and running on your computer?

Q11) Would you like to recieve a short, easy to understand confirmation from MarketScore that would REQUIRE YOU TO CONFIRM that you would like to continue as a panelist?

Q12) If your personal information were to "leak out" as a result of your use of the MarketScore software and cause you personal harm such as identity or credit card theft do understand what liability MarketScore has to you?

I don't think that full disclosure equates to fine print. The mortgage loan industry used to bury it's disclosures in fine print. Now there are separate forms in large print and easy to understand language in loan documents. Government intervention was required to at least make an attempt to insure that people knew what they were getting into.

For now I applaud Webroot's and the universities mentioned stance on classifying this program as "Spyware". Until MarketScore can prove that it's panelists truely understand and agree to having this software installed and running on their computers, the panelists should have the option of this program being flagged as Spyware.

[fredmenace]

Precisely!

This is exactly correct: people may be willing to receive advertising or have their behavior monitored IF it is to a reasonable extent, they are fully aware of it, they get something in return, and THEY decide it is worthwhile. This is how most legitimate market research is done. Spyware and adware are part of the "we can do it cheaper because we can get away with things that we couldn't in the real world" philosophy of the internet. Sometimes this is true, and not a problem. But, like spam and file sharing, adware and spyware should be required to conform to the standards these practices would demand in the real world.

spyware

How can anyone suggest that there is any legitimate reason to put software on my personal computer? How can anyone find legitimacy in gather information about me? Next, they will want to put microphones in my house. It is unconstitutional.

[sderf]

I don't care what they call it

I don't care what they call it I still don't want anybody following me around with out my permission.
If you need information ask.

[albrown]

Spyware by any other name is still spyware

No matter how you spin it its still wrong and anyone doing it should be fined, jailed or worse.

Intrusion without permission in the name of science is still intrusion. If I wanted to be part of a study group for these theives then I'd sign up.

[jminniha]

Place this data gathering on the server side

Data should be gathered at the ecommerce site's servers...these data gathering companies should be trading their data gathering sofware installs with free/discounted data gathered from their partners. As such spyware data miners would not need to be installed on each PC client.

Just worried about the free internet.....

I am not a spyware vendor..I am just a concerned consumer who has been watching this for quite a while, and now that big players are in the game I can see that contol and power will be in few peoples hands.

I will say it again...the anti-spyware makers have a huge amount of power. They recommend what they think is good software and bad software. They have the power to remove "bad" software. This is all well and good if anti-spyware makers were all kind and benevolent, but they obviously want to make money too. The wheels can be greased. If the anti-spyware company has a large enough distribution, they can put out a software or definition update and kill another program in no time at all.

A good example is the tie between Alluria and WhenU. One could argue there is a little bit of a conflict of interest there:) In fact most of what I have seen is companies that do not want to be viewed as spyware have a tactic of teaming with a anti-spyware maker to get them on their side. This gets to the heart of my fears about this.

On the other hand I do think Privacy Protection Software is a good idea and that it is good for everyone if there are good rules. I think the P3P is a good example of how we can better inform consumers about privacy. This Privacy Protection Software may even be able to hit a web sites P3P policy and convey that in clear english for folks. Anyhow, I would like to see criteria like the following:

1) Objectivity - There needs to be a clear list of criteria by which software privacy will be measured. (the term spyware needs to go away because is not objective, it is just hype). Actual research needs to be done on the software and that research needs to be documented against the list of criteria. GIANT/Microsoft actually has a decent list of criteria, but maybe there needs to be an independent organization that sets the criteria?

2) Transparency - Both the consumer and the developer of the software applications need to have 100% disclosure of what the scoring criteria is for their application. This promotes having legitimate companies that are "in a gray area" to improve their practices and prevents anti-spyware makers from choosing how they want to apply their definitions to different vendors.

3) Fairness: ALL software must be treated and analyzed equally. i.e. the spyware companies cannot decide to include one piece of software and not another. All software has privacy concerns even if it is purchased by a consumer or used by an IT organization. For example, we use RAdmin here at work. By NO means is it spyware in the hyped sense of the word, but it could definitely be used to monitor what a person does on their computer and people have a right to know its capabilities.

Anyhow, just throwing out some thoughts. I think these are issues that are out there, but not too many consumers seem to be afraid of who we are giving power to. They hate spyware and any company that helps get rid of it is good in their books...Lets just not forget that the biggest reason anti-spyware companies are getting into this area is to make money and things can get out of hand if we let it.

Hopefully this will cause someone to think about this more..

[volterwd]

Ok

so i will stab someone and call it 'surgery', but hey... a peice of SHI* by any other name still stinks

Big Brother by any other name....

It is no more acceptable by ANY company whether for marketing purposes or whatever. It is still an invasion of our privacy to install anything unknowingly on our compters. If the Goverment did it (who knows) we would not stand for it. It slows down our machines and causes bandwidth to be used. I believe it to be worse than spam, since spam does not invade our systems, just fills our email boxes. (Spam does suck though)