logo logo logo logo logo logo

xml [LEMONS]


7.31.2005

YOUR DEFINITION OF SPYWARE MAY DIFFER FROM MY OWN

I was looking for a Dashboard Widget to track My Ebay stuff. And sure enough, there's a widget to do just that. But when it asked me to sign into eBay again, and seemed to have passed through a site or two on the way, alarm bells went off, and I decided to look at the package contents. Sure enough, there's a spammy little bit of code in there. Hidden away in the javascript is this nugget:

<img id='freestuffcrazy' src="images/blank.png" height="80" width="140" onClick="widget.openURL('http://www.freestuffcrazy.com');">
<img id='ebay' src="images/blank.png" height="80" width="140" onClick="widget.openURL('http://www.jdoqocy.com/3e81vpyvpxCEJMHHGDCIMDFDJM');">

The URL redirects to eBay, but only after passing your info through a third-party site, apparently operated by Commission Junction. After discovering this on my own, I found that there was a bit of a fuss about it on Dashboard Widgets. The developer (FreeStuffCrazy), defends the pass through justly:
Is it so wrong to benefit from my work? I spent a long time getting this thing to work well, and also the global user search tracking uses bandwidth off my server. I figured it'd be better just getting ebay to pay me instead of asking for donations. Sorry if you find this "dishonest" but the money has to keep things like this going have to come from somewhere. Are ads on websites wrong dishonest? There is no interference to the user and really don't see why it should be a problem.
FreeStuffCrazy goes on to claim that it contains "NO spyware of ANY sort." Oh. It's "Referalware," eh? Thanks. But I'd rather have known what you're doing with my data up front. ALTHOUGH I DO find that when you USE ALLCAPS FOR EMPHASIS, it does have a profoundly re-assuring affect on me.

Sure, perhaps I should know better than to put my trust in a company called, er, FreeStuffCrazy, but I think that as a Mac user, I've become very complacent about security. And that's the problem. As more and more people come to the platform, we're going to start seeing more and more exploits. And the Dashboard widgets in Tiger represent such an easy backdoor that any idiot can easily cook up some spyware for the Mac. Even if they aren't doing anything truly evil, there are going to be all sorts of varying degrees of nastiness coming our way. We have to start thinking with the same suspicious mindset that Windows users have, and we have to be careful with our widgets.

3 comments


If you don't like it, don't use it simple as that. I'm providing something thats useful for people. If you're not one of them simply uninstall it.

Sorry to hear you didn't find it useful.
-- noted Anonymous Chris : 6:31 PM


Chris,

If only it were that simple. When I go to the eBay Widget on Apple's site, there's no mention whatsoever of this being "referalware." If it was as "simple as that," you should be upfront about it, not hide it in the code. If it truly were so simple, you should state explicitly in the description what it is that your widget does. But you haven't do that. Assumedly because you know that it does somethine most people consider bad.

So I did uninstall it. Simple as that. But I'm also going to warn others.

And more to the point, I'm going to use it as an example of the wrong way to do things. You didn't have to label this widget as freeware. If you wanted to make money from it, there are better ways to do so than disingenuously hijacking my browser and network connection to send data to a third-party site without my permission or knowledge.

-Mat
-- noted Blogger mat : 6:52 PM


FYI: it's not "hijacking" your browser at all, it's the official affliate program from eBay themselves.

You get more information from your site tracker then I do from eBay.

Sure you maybe sending stats to the eBay affliate program, but it's a lot less information then you or any "normal" site tracks about their users.
Are you trying to tell me that we should all have disclaimers and warnings on our site saying that their visit is being tracked?

I still stand by the fact that it's not wrong, but as a fellow mac user I respect your opinion. Sorry to hear you did not find it useful enough to keep.

~Chris
-- noted Anonymous Chris : 7:06 PM
- l i n k -

-###-



www.flickr.com


honan.net logo by Goopymart