next up previous contents
Next: Fair End User License Up: End User License Agreements Previous: Microsoft and Apple: Industry   Contents

180solutions' Zango

At the time of writing, 180solutions (also known as Zango) are the developers of a software application named Zango, an advertisement serving program, which includes as part of its functionality the 180search Assistant, which effectively monitors the sorts of Web sites a user browses, offering up advertising based on the content of the Web sites browsed. This sort of advertising software, otherwise known as ``adware'', is not commonly the sort of software that a user would want to have installed on their computer, since popup ads are considered distracting and intrusive [McCoy et al., 2004]. I use this example as an illustration of one of the more extreme cases of problematic practices and use of End User License Agreements within the industry. There are many more examples of ``badware'' like this, many of which install covert software or change operating system settings or which ``hide'' important information within the End User License Agreement. The mere existence of the ``StopBadware'' Website, [StopBadware, 2008b], and the contents therein is testament to the contemporary use of poor or malicious programming or licensing arrangements. Some examples of these include the software and Websites of, Mediapipe, UnSpyPC, XP Antivirus 2008, and FreeWire, to name a few, all of which fail to meet StopBadware's guidelines for non-malicious software [StopBadware, 2008b]2.2. Although Zango is not listed there, it has evolved over the years, as will be shown, beyond simple badware and into a much morally greyer area of practice.

For a long time, 180solutions offered this advertisement software to people who wanted to make money through ``affiliation'', that is, that for every download and installation of the program, 180solutions would pay the affiliate a commission. Of course, the more installations, the more revenue, so affiliates began to be creative with their ways to entice people to install the software on their computer. Some of the ways they would get people to install it would be bundling it along with other software, requiring it to be installed before the other software, or requiring it to be installed before visiting certain Web sites, such as adult sites, etc. The sorts of software or Websites given access to would usually be ones that offered some sort of instant frivolous gratification, such as adding emoticons to email, or watching a video, or installing a screensaver [Zango, 2008].

The most common way the 180search Assistant was found to be installed on a user's system, was, however, through exploiting security vulnerabilities in Web browsers to make the browser download and install the software without the user even knowing it was happening. This is known as ``drive-by downloading'', referring to the fact that all the user would have to do would be to visit an otherwise innocuous-seeming Web site, and some exploitative code on that site would install the software without their knowing. There were other ways people unwittingly installed the program, such as when it was bundled without notice, or when they were misled into thinking it was something entirely different. At the time, the software was difficult to uninstall, or almost impossible to uninstall for anything less than an expert user, so once a user had it on their computer they needed to reinstall the entire system [Edelman, 2005].

This deceptive method of installing the software drew a large amount of criticism at the time [Edelman, 2005], with 180solutions claiming that they were not responsible for the acts of third parties. However they eventually gave in to the criticism by applying mechanisms to their software that made it more difficult for the software to be installed without a user's consent, and claiming to take action against those who work around these mechanisms [Edelman, 2005]. Unfortunately for computer users, although this seemed to be a positive outcome and would set 180solutions on the road to better informed consent procedures, they continued to refuse to acknowledge that some affiliates were still using questionable methods for gaining users.

The consent procedures themselves are confusing and misleading, with the Zango software Web site overemphasising the nature of the ``free'' software, movies, and activities (or ``content'') that the adware comes with, without mentioning the fact that adware is included at all until well into the download procedure. Although it is mentioned eventually, the lack of upfront disclosure (along with the repeated highlighting of the ``free'' nature of the content) is misleading, to the point of being deceptive. The content isn't free at all, users pay for it by being disrupted and annoyed by advertisements: it takes time away from a user for them to click an advertising box closed, or to filter out advertising from real information that is actually wanted by the user, and there are other ``payments'' associated with popup advertising (breaks in concentration leading to loss of work and social issues with particular types of popup advertisements in certain environments, to name a couple of examples).

Another claim for improved consent by Zango is that they made the EULA easier to understand by introducing it with a ``plain language'' overview of its contents. The ``plain language'' text introducing the updated End User License Agreement on the installer for one of the pieces of ``free'' Zango content, the Zango Easy Messenger, reads as follows:

Thanks to Zango, premium content on this and other websites is free, paid for by advertising. Once installed and while online, Zango software presents ads (based on keywords sent to Zango from your Internet browsing) in the Zango Toolbar and in a separate browser window that pops up on your screen. The Zango Outlook/Outlook Express Toolbar and Zango Word Toolbar give you access to free emoticons and other fun content from within those applications when you are online. Zango is always running and will upgrade automatically. You can uninstall Zango via Add/Remove Programs, but then won't have access to most Zango content.

In this we can see that the advertisements and behaviour of the program are indeed disclosed, and in far more detail in the EULA text itself, but the language used is vague and misleading. What exactly does the Zango Word Toolbar do? What is the ``other fun content'' it provides? Can you install only part of the software, if you do not want the ``free emoticons'', for example, and only want to use the content provided on the Web site? Also, what does it mean that you won't ``have access to most Zango content'' (emphasis mine)? And what sorts of advertisements will be served? In order to find the answers to these questions, one must dig deep into the body of the Zango End User License Agreement, the full text of which is available in Appendix 1.

The first section of the agreement is a standard capital-letter disclaimer of responsibility for the effects of other software, pointing out that the following text is what the user is agreeing to, and finally demanding that the user accept that the agreement is enforceable with the legal power of a written agreement. It is interesting that this, the most important notification, is written in all capital letters, when there is a great deal of evidence to support the fact that reading text in all capital letters is particularly intimidating and more difficult to find important information. Old studies have determined that the reading of all capital letters is slowed down drastically compared with lower and uppercase type [Tinker, 1955]. More recent studies show that readers find it difficult to read all capital letters on computer screens [Mills & Weldon, 1987], and they also find it hard to identify the information that is relevant and important to them [Greer et al., 2005]. This is one of the things that makes EULAs undesirable to read at first: a large chunk of text all in capital letters, that essentially intimidates the user, making them unwilling to even begin reading, let alone read through the entire agreement and feel as though they understand it. A simple alternative would be to simply bold the text or highlight it in a different form (such as a different background colour for the text).

In the second section, there is a notice to non-English speakers and, strangely, to Alaskan residents discussing the ability to understand the agreement and notification of state-specific laws. It is interesting that they recommend that if the user feels they ``cannot properly understand this Agreement, we recommend that [they] either retain the help of an English speaker to help [them] understand and accept the terms of this Agreement or, alternatively, refrain from installing or using the Zango Software.'' [Zango, 2007] The irony here is that the language in the EULA itself is difficult enough to understand for a native English speaker without the help of a lawyer for some sections, let alone someone attempting to translate the over four thousand word long EULA into a different language altogether. It is also strange that there is a notice for Alaskan residents, but not for any other US state or, for that matter, any other jurisdiction outside that of the United States, and even then, the phrasing used is ambiguous, saying that the software ``may be prohibited by Alaska law'' but without saying why, or giving any reference to any particular law. This is hardly useful for users from other countries to make an informed decision about the legality of the software in their jurisdiction, and in fact, references made to ``the law'' throughout the agreement are highly ambiguous as to which law is to be recognised: that of the United States, where the software was made, or that of the country where the user is situated. They state in section 17 that the agreement is governed in accordance with the laws of a particular state in the U.S., for purposes of legal claims against Zango, but make little or no mention of what that means for overseas users, and such users are highly unlikely to know of the legal requirements of their own jurisdictions, or of any laws in their jurisdiction that might override the information in the agreement without legal counsel. Also, this is the first mention of any other countries or jurisdictions; there is no way in the Zango software install to tell Zango which country you are in for the purposes of tailoring the EULA to that particular country's laws, rather an emphasis on the full disclosure and leaving it to the user to make the decision about whether or not the agreement applies to them.

Some of the more interesting sections of the EULA include agreements that the user is over the age of 18 (although no checks are made during the download process, nor is there any indication that an age restriction is in place), and the highly ambiguous agreement by proxy for ``Other Software''. This section does not state that a different EULA is required to be accepted by the user; all it says is that ``you may be required to click and accept additional end user license terms'' (my emphasis). This does nothing to protect the interests of the user, and is vague and non-committal. Nowhere does it have any list of the software that may be installed additionally, nor does it say whether or not this other software needs to be installed to access certain features of the Zango software itself. All in all, this section is highly confusing, ambiguous, and uninformative to the user.

Another interesting section is section 4, ``Restrictions''. Throughout this section there is reference to ``applicable law'', with no references to any laws that may be applicable, or any discussion about what this means to the user. One requirement is that the user does ``not Use the Zango Software for purposes for which it is not designed''. The EULA does not explain what this means or what purposes would be considered acceptable. What are the ``U.S. export control laws'' the agreement requires the user to comply with? No references are given and no plain language explanation of any of these requirements are given.

Further on, section 7 talks about the functionality of the software itself. This is well into the second printed page of information in the EULA, and probably one of the first sections that a user might be specifically interested in since it concerns the mechanisms and method for advertising within the software. This section begins with a condition that could be highly confusing: ``If the Zango Software consists of Zango Search Assistant [...] then the following terms and conditions apply'' (my emphasis). As far as I can tell, it is impossible to install the Zango Software without the Zango Search Assistant (since the whole point of the software is to install the Search Assistant with the sweetener of the ``free content''), so it seems a little strange to phrase the opening of that section in that way, unless it is to perhaps cast some doubt in the user's mind as to which sections apply to them.

At any rate, the subsections talk about the functionality of the software (7.1), the display of advertising (7.2), and the identification of advertisements (7.3). The disclosure of functionality doesn't include the fact that the Search Assistant adds a toolbar to the Web browser, but explains how the slider advertisement popup windows work, and explains that the software doesn't store any personally identifiable information and does not record browsing behaviour (although it does refer the user to the privacy policy). The display section, however, is much more interesting, giving an ambiguous reference as to how many advertisements might be served in a day (dependent on ``Internet activity'', but without any real reference as to what might be considered ``active''). It also says that you ``may receive ads for Adult-oriented websites if you utilize keywords connected to, search for or view Adult websites'', and goes on to define broadly what ``Adult-oriented'' means. However, it doesn't say how it handles these sorts of Websites, whether they are purely defined by search keywords (a list is given), or whether it registers what the site being browsed to is actually about. Some of the keywords are pretty broad, for example, ``sex'', ``drugs'', ``profanity'', ``blood and gore'', ``violence'' could all easily be seen on reasonably harmless sorts of Websites such as news Websites, or movie discussion forums, etc. Although Zango says they do not permit pornographic or gambling advertisements, there is the potential for embarrassment should an inappropriate advertisement be served due to having visited a Website with one of these questionable trigger keywords. Although Zango links to ways to prevent certain types of content being served, the link is a parental control mechanism within the browser itself and not something within the Zango software, and it works only for one particular Web browser. Also, such a mechanism would not only control the sorts of ads displayed by the software, but what Websites the user can browse to, which makes it unlikely to be used.

After this section are two other sections in all capital letters, detailing the disclaimers of warranties and merchantability. Although disclaimers of merchantability are fairly standard in IT, this is not the area that I am interested in for the purposes of this dissertation, though I acknowledge here that disclaimer of merchantability is a common practice in software production, and encourages bad software quality control practices such as lack of user and security testing. However, it is important to note here that once again we have an important piece of information (that is, a large, legally binding disclaimer) delivered in a particularly difficult-to-read format; this information displayed in this way is the de facto standard in EULAs such as this, but with minor yet important differences between applications that may easily be passed over by an intimidated reader.

In later sections Zango talks about information collection. In this section (section 12), they state that accepting the EULA means there is implicit acceptance of the privacy policy, another 1600 word document outlining their use of personally identifying information as sent to the software. Purely linking to this policy and requiring the user to click through is a further hindrance to the full understanding by the user of the information disclosed, and detrimental to reaching adequately informed consent, because it is unlikely that the user would even get to this point in the initial EULA let alone wish to click through to read another large amount of text before accepting the installation of the software.

The rest of the agreement is made up of legal information detailing the jurisdictions in which the agreement is governed, etc., but with one last section stating that the agreement can, essentially, be changed at any time, and with no specific mention of notification of the user by Zango. This in itself is interesting, as over the course of the time I spent looking at the Zango software, the EULA had changed three or four times. If there is no notification and re-request for consent of the user, then the user cannot be considered adequately informed under the traditional informed consent model because they have not had the contents of the agreement explicitly disclosed to them. Even if explicit notification and re-requesting of consent happened, the user may still not be considered informed due to the other consent-hindering issues rife in the agreement.

The Zango EULA is full of problems that make it intimidating to read and difficult to understand. These problems also allow Zango to be able to easily slip controversial items, such as less-than-savoury privacy policies, into the agreement, which the user is to a large degree deceived through incentive and misdirection into agreeing to. Not only that, but when one installs Zango, installation of other third party applications is requested, with no indication as to whether the installation of this software is optional or not. This is problematic because of the tendency of users to ``click through'' all the ``Yes'' prompts, because they feel they know how an install program works and that the quickest way to see the software installed is to agree to everything, so this third party software essentially hitches a ride with Zango. There is, as mentioned earlier, no specific mention of this third party software in the EULA, just a vague indication that third parties may offer the user other software installations.

There have also been several cases of affiliate practices that continue to use underhanded methods for installing the software, and Edelman has given a thorough analysis of the requirements from the US Federal Trade Commission that Zango improve its disclosure and standards for acceptance of affiliate commissions [Edelman, 2007]. One of these cases is quite recent, in which Zango was being installed by an affiliate via a Facebook widget2.3 masquerading as an application to find out who the users's ``secret admirers'' are on the Website. Facebook took down the widget and issued an apology, but soon after the secret admirer application was back under a different name [Fortinet, 2008].

As it stands, the Zango End User License Agreement and installation procedure are greatly lacking in qualities that would make it acceptable in terms of informed consent, even the effective consent form of informed consent as outlined by Faden and Beauchamp (as discussed in section 1.2.2 of this thesis)2.4.

next up previous contents
Next: Fair End User License Up: End User License Agreements Previous: Microsoft and Apple: Industry   Contents
Catherine Flick 2010-02-03