Pryin' eyes

Spyware: Computer users beware sneaky programs that slip in and report data to marketers.

February 21, 2002|By Kevin Washington | Kevin Washington,SUN STAFF

Worried about hackers sneaking into your computer, ruining files and lighting out with your most private documents? Maybe you should be more worried about the nosy software you invite in through the front door.

"Spyware," as it's known in the trade, is often attached to free programs downloaded from the Internet. It can collect information about your browsing habits and secretly ship it back to advertisers or marketers. They, in turn, may use it to send you targeted ads, or sell it to others.

Meanwhile, there seems to be no end to the use of "Web bugs," nearly invisible graphics embedded in Web pages or e-mail to let a third party know where on the Web you've been or whether you've read a particular message.

Finally, a new generation of hidden program, labeled "scumware" by its critics, establishes advertising links to lure you away from the Web page you're viewing and to a site the scumware's sponsor pays for.

Many of these programs arrive via free software, such as Kazaa and BearShare, that hundreds of thousands of surfers use to swap music, movies and other files over the Net.

The file-swapping programs and other popular downloads are free to users because advertisers and marketers pay their publishers to include the spyware or scumware with them. Often, the parasite programs remain on the user's computer after the programs that bore them are uninstalled.

It's a development that infuriates privacy advocates.

"It's unconscionable," said Steve Gibson, president of Gibson Research Corp. (, who has led a long crusade against snoopers with the motto, "It's my computer."

Gibson first gained notoriety in a dust-up with RealNetworks over information the company surreptitiously collected from users of its free music programs. Users should be outraged about spyware and other intrusions into their computers, he said.

But spyware strikes people in different ways. Many people just don't see it as a problem. Others are ready to take up arms against it.

"Very few people are in the middle on this," Gibson said.

Some parasite-bearing software warns users that third-party programs have hitched a ride, usually in the "click-on" license agreement that appears when the program is installed. But relatively few users slow down to read the warnings.

How do these programs work? Consider vx2, a program that tagged along for a month last year with Audio Galaxy, another free file-sharing program. Joshua Abram, vx2 Corp.'s president, said vx2 was sold for use to Mindset, an advertising firm that in turn contracted with Audio Galaxy to include it in the music program's download. It tracked users' Web-browsing habits, along with some personal information, such as whether they had filled out Web forms indicating their sex. The vx2 program passed the information to Mindset, which in turn used it to send those Web surfers targeted ads that vx2 popped up on their screens. Mindset no longer distributes the software.

Abram said that in vx2's agreement with Mindset, users were to be warned about vx2's inclusion in any downloaded package - and given an option to head to vx2's privacy policy Web page. Now, vx2 is experimenting with a warning screen that would appear before the user downloads the software that carries it, he said. Almost no spyware provides such notice.

Web bugs are a much simpler form of spyware. These are references hidden in the code of a Web page that cause your browser to request an invisible graphic located on an advertiser's or marketer's Web site. When your computer requests the graphic, the marketer learns your IP address and the site you're currently browsing. This information can also be stored in a "cookie" on your computer and can give marketers an excellent picture of your browsing habits over time.

Meanwhile, advertisers have begun to change the way unaffiliated Web pages display in browsers that have been modified by programs that critics call scumware. One of critics' top targets is TopText, which accompanies some freeware and changes the look of Web sites when they appear in Microsoft's Internet Explorer browser.

TopText highlights specific words on Web pages, creating pseudo-links that were not placed by the original Web designer, but instead whisk surfers to advertising sites paid for by TopText sponsors. Those sponsors pay, which distributes TopText, to highlight keywords that might lead surfers to their sites.

eZula also collects information from users such as IP address and the words that the surfer clicked on. While eZula says it won't share personally identifiable information, it does share "aggregated data with its advertisers, business partners, investors or otherwise as required by law."

eZula also ominously warns that it can't be responsible for the use that third-party sites make of the information they collect at the end of a TopText click-through.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.