Zango Settles With the FTC

Zango, formerly 180Solutions, and the poster child for denying obvious stuff, have agreed to settle Federal Trade Commission charges that they used unfair and deceptive methods to download adware and obstruct consumers from removing it, in violation of federal law. The settlement bars future drive by installs, and most any other way of forcing this crap on users computers. they must actually provide a way to uninstall the crapware, and requires them to give up $3 million in “ill-gotten gains”, which is straight from the FTC site. I wonder if they actually figured out how much they made in “ill-gotten gains” and why it was only a $3 million dollar fine, they have always been shady, all one has to do is search for their names on Google to see it, and I remember reading they used to have a counter that counted how much money they made that day, so why just $3 million?

Here are some quotes from the agreement,

According to the FTC, Zango often used third parties to install adware on consumers? computers. The adware, including programs named Zango Search Assistant, 180Search Assistant, Seekmo, and n-CASE, monitors consumers? Internet use in order to display targeted pop-up ads. It has been installed on U.S. consumers? computers more than 70 million times and has displayed more than 6.9 billion pop-up ads. The FTC alleges that Zango?s distributors ? third-party affiliates who often contracted with numerous sub-affiliates ? frequently offered consumers free content and software, such as screensavers, peer-to-peer file sharing software, games, and utilities, without disclosing that downloading them would result in installation of the adware. In other instances, Zango?s third-party distributors exploited security vulnerabilities in Web browsers to install the adware via ?drive-by? downloads. As a result, millions of consumers received pop-up ads without knowing why, and had their Internet use monitored without their knowledge.

In addition, the agency alleges that Zango deliberately made it difficult to identify, locate, and remove the adware once it was installed. For example, Zango failed to label its pop-up ads to identify their origin, named its adware files with names resembling those of core systems software, provided uninstall tools that failed to uninstall the adware, gave confusing labels to those uninstall tools, and installed code on consumers? computers that would enable the adware to be reinstalled secretly when consumers attempted to remove it.

The settlement bars Zango from using its adware to communicate with consumers? computers ? either by monitoring consumers? Web surfing activities or delivering pop-up ads ?
without verifying that consumers consented to installation of the adware. It bars Zango, directly or through others, from exploiting security vulnerabilities to download software, and requires that it give clear and prominent disclosures and obtain consumers? express consent before downloading software onto consumers? computers. It requires that Zango identify its ads and establish, implement, and maintain user-friendly mechanisms consumers can use to complain, stop its pop-ups, and uninstall its adware. It also requires that Zango monitor its third-party distributors to assure that its affiliates and their sub-affiliates comply with the FTC order. Finally, Zango will give up $3 million in ill-gotten gains to settle the charges. The settlement contains standard record keeping provisions to allow the FTC to monitor compliance. Source: FTC

I wonder how this will work out. As Hoyt is fond of saying, NOT TOO GOOD! This is more of a moral victory than anything, and it does include a PDF, here, which defines express consent, and it excludes burying the information that the user is getting additional software with their download in the user agreement.

?Express consent? shall mean that, prior to downloading or installing any software program or application to consumers? computers: (a) Respondents clearly and prominently disclose the material terms of such software program or application prior to the display of, and separate from, any final End User License Agreement; and (b) consumers indicate assent to download or install such software program or application by clicking on a button that is labeled to convey that it will activate the download or installation, or by taking a substantially similar action. Source: 27B Stroke 6

Of course Zango is trumpeting this on their website, to try to spin it in their favor, saying

?Early in our business, and as we?ve acknowledged, we relied too heavily on our affiliates to enforce our consumer notice and consent policies. Unfortunately, this allowed deceptive third parties to exploit our system to the detriment of consumers, our advertisers and our publishing partners. We deeply regret and apologize for the resulting negative impact,? said Keith Smith, CEO of Zango. ?The FTC?s leadership in providing clarity around best practices is a welcome and significant step forward for Zango and our industry. We embrace the new standards and will continue to create, abide by and strive for best practices that protect consumers.?

Funny, they would only admit to it with dead on proof, and would still blame the affiliates or someone else, never them. They say the public is better off because of the FTC order, since they now have standards for the downloading of software and apps over the Internet. They also said that they have been in compliance since January 1, 2006 when they started using the S3 technology. Pretty funny since it was pretty useless in February, check out these links from Vital Security, here in July and from Ben Edelman. Pretty amazing technology and wonderful due diligence on Zango’s part in watching their affiliates. They say they have engaged an independent analyst,

To provide an independent analysis, the company has engaged with Richard Purcell, CEO of the Corporate Privacy Group, to audit Zango?s compliance against each of the FTC?s requirements. Purcell is formerly the chief privacy officer at Microsoft and currently is the chairman of the Board of Directors for TRUSTe, the leading independent trust authority for privacy on the Web. He will report his findings within a month.

Hopefully Ben Edelman will be in contact with him, as he says in the Wired blog they are still not in compliance,

180 continues plenty of bad practices, including some unlabeled ads, materially misleading installations that fail to disclose key aspects of 180′s effects, and installation attempts predicated on security exploits.

I commend the FTC’s efforts here, but serious diligence will be required to assure that 180 actually complies with its many obligations under the settlement. At this instant, I am confident that 180 is not in compliance.

Now who would expect them to not be in compliance? Oh, and here are a couple of companies that are just happy to do business with Zango, and, and one automotive site that was so happy with it, they didn’t even mention their name. Hmmmm. So feel free to avoid those sites like the plague.