In the trenches of techno-rebellion
By John Borland
Staff Writer, CNET News.com
June 25, 2002, 4:00 a.m. PT
By day, Paul Kurland runs an innocuous pool maintenance business in Miami, but don't be fooled: Online, he's armed with the digital equivalent of an atomic bomb in the arms race against annoying advertising and spying software.
The SpyBlocker program he created can wipe out any targets in its path. In doing so, however, it also completely blocks access to large portions of many popular Web sites.
Some call it an overreaction, but Kurland isn't at all apologetic.
"To me, it's like picking my pocket," he says, criticizing the controversial practice of monitoring and harvesting personal information, often without people's knowledge. "The way I look at it, these sites can do it right. Just show me the ad, and if I'm interested I'll click on it."
Kurland is part of a grassroots movement fighting back against intrusive ads, software that tracks online behavior, and other mechanisms that quietly co-opt consumers' computers for marketing and other business purposes. These activist programmers are stepping in with such technologies to help fill a void left by regulators and legislators who are just beginning to examine this emerging area.
The techno-rebellion follows a long tradition of code-slingers who have turned first to their own programming skills to solve problems or combat Net abuses, dismissive of government's power to keep up with the fast pace of change online. Their efforts seem to be making headway: Driven by the recent Kazaa controversy and other fears, use of their programs is climbing well beyond that of previous generations of Web privacy tools.
More than 17 million people have downloaded ZoneAlarm, a free personal firewall that prevents any software from communicating with the Internet unless given approval. More than 10 million people have downloaded Ad-aware, which scours computer hard drives for adware or spyware components and deletes them free of charge. And Kurland said he distributed more than 5 million free copies of SpyBlocker before he began charging for it.
As impressive as those numbers are, these technologies are well short of ubiquitous on the Internet. Although such blocking software is a familiar part of the computer desktop for many tech-savvy surfers, it is far less clear whether these tools will become popular in the mainstream market.
Indeed, without government mandates or adoption by large companies such as ISPs (Internet services providers) or computer manufacturers, these technologies may never reach new or inexperienced computer users--the portion of the public most susceptible to software that might spy on them or take over their PC resources without adequate explanation.
"I've found there is a certain amount of people who will fight back using all the technology at their disposal. Then there's another group of people who just don't care," said Steve Gibson, a technology researcher and entrepreneur who wrote one of the first anti-spyware software programs. "What (this trend) is going to do is accentuate that division."
The roots of an arms race
Gibson's Opt-Out program, specifically written in 2000 to block the actions of early monitoring-software companies Aureate and Conducent, kicked off a technology arms race that is intensifying daily.
Previously, a few companies and individuals had written software that erased banner ads or blocked "cookies," the bits of code placed on hard drives by Web sites to gather information about visitors. These were adopted quickly in circles of people deeply concerned about privacy, though most consumers found that blocking cookies interfered with useful features such as saving log-in and password information.
Aureate, Conducent and a few other research companies then introduced a new tactic, bundling their programs along with free software downloaded on the Net. These "piggybacking" technologies could track consumer behavior and report the information to marketing companies, theoretically to develop specifically targeted advertisements.
Running in the background and often invisible to the PC's owner, such software was much more active than cookies, as well as a drain on computer resources. While fears of critical personal information theft proved overblown, it was immediately clear that the companies had hit a raw nerve once their practices became widely known.
Piggybacking software proliferated when dying music network Napster was succeeded by other file-trading programs that routinely included advertising software from companies like Gator, Cydoor, Web3000 or Brilliant Digital Entertainment. A few of these continued to monitor consumers' behavior to serve tightly targeted ads, while others simply provided technology for serving animated or other types of unusual advertisements.
Zone Labs' ZoneAlarm and Lavasoft's Ad-aware in particular have taken a lead in combating software that might track people, tap their computer resources, or use their Internet connections without their knowledge.
ZoneAlarm is a free software "firewall" designed to keep hackers from breaking in and prevent installed programs from communicating with the outside world. This means that downloaded software might be able to track or monitor surfing but cannot send the information back to its parent company without approval from the person using the computer. Many people using ZoneAlarm or similar software are amazed to discover how many products use an Internet connection, ordinarily without asking or providing any notice at all.
Net businesses see threat
As with SpyBlocker, this feature has angered companies that see it as a threat to their business, even though it can be removed or modified by the individual who downloaded ZoneAlarm. Many common programs, such as RealNetworks' music and video player or America Online's Winamp, routinely call out to check the Net for new information or to provide details on files being loaded.
Zone Labs Vice President of Marketing Fred Felman says the company regularly gets calls from such businesses, ranging from the most obscure to "the biggest companies everyone knows," asking it to build in back-door provisions allowing programs access to the Net without permission.
"Our answer is consistent," Felman said. "They need to communicate with their users."
Ad-aware, written and distributed by German developer Lavasoft, has also drawn criticism among advertising and marketing companies. It functions much like an antivirus program, checking a hard drive for adware and spyware components that have been installed--often surreptitiously--since the last time it was run. By simply clicking a button, individuals can clean their drives of any suspect programs.
Advertising companies constantly change their files in an effort to stay ahead of this and other programs, but Lavasoft updates its database just as often.
The arms race ratcheted another notch last month when RadLight, a Slovak Republic-based video software company, began distributing code that disarmed Ad-aware while installing its video player. A predictable outrage swept through privacy groups, and Lavasoft acted swiftly to counteract RadLight's hack.
"This possibility has been something we had discussed internally and publicly for quite a while but had always been considered remote," Michael Wood, Lavasoft's North American spokesman, said in an e-mail interview. "Why would a developer do something that could destroy their credibility and possibly their company? Sadly we were proven wrong."
Last month, the World Wide Web Consortium approved a technology called the Platform for Privacy Preferences, or P3P, as a standard that would help consumers choose how much of their personal information they want to divulge to Web sites if accepted by browser companies.
Moving into the mainstream?
Although none of these tools can guarantee a perfectly anonymous, advertising-free Internet experience, they provide more control over technologies on hard drives that might otherwise have existed and operated without detection. Yet it's
difficult to imagine vast numbers of consumers finding and configuring firewalls or other protection tools on their own.
"I don't think most consumers are aware of how much they're being monitored," said Jim Nail, an advertising analyst with Forrester Research. "It's a lot easier to just ignore ads than it is to download (a piece of software), install it, and make sure it works right."
Still, ISPs and computer manufacturers are beginning to consider offering these tools as a way to distinguish themselves from competitors, as well as quell privacy fears among their customers. If major, trusted companies do find market demand, they could vastly speed the use of these technologies.
Many large companies--particularly ISPs that receive ad revenues as well--are unlikely to support software that directly strips out advertising. But some are adopting tools like ZoneAlarm that allow customers to control which software applications can use their Net connections.
EarthLink, for example, has been distributing and supporting ZoneAlarm since late last year. The national ISP, which has more than 4 million dial-up subscribers, also provides a firewall as a standard part of its home-networking service.
"It's a very important part of what we do to give subscribers the tools to help recognize what's going in and what's going out," EarthLink spokesman Brian Kovalesky said.
A Gateway representative said the PC maker does not provide firewall software on a regular basis but is looking closely at the possibility. And at Dell Computer, a spokeswoman said her company would "definitely...play a role in that space" in the very near future.
Even if large companies do help bring these tools into the mainstream, however, the issue may be irrelevant in a few years. Advertising experts question whether intrusive practices are valuable enough to survive, noting that several companies that began the trend have already gone out of business.
Whatever the outlook, the distributors of anti-adware tools will remain focused on the here and now.
"Our aim is not to destroy or support any advertising model," Lavasoft's Wood said. "Economics and the market will either destroy or reward any business model, not Lavasoft or Ad-aware. The consumer will determine who succeeds and who fails."