http://www.wired.com/wired/archive/13.12/spyware.html?tw=wn_tophead_6
Three years ago the company was considered a parasite and a scourge. Today it's a rising star - selling virtually the same product. How a pop-up pariah won the adware wars. By Annalee Newitz Back in 2002, Gator was one of the most reviled companies on the Net. Maker of a free app called eWallet, the firm was under fire for distributing what critics called spyware, code that covertly monitors a user's Web-surfing habits and uploads the data to a remote server. People who downloaded Gator eWallet soon found their screens inundated with pop-up ads ostensibly of interest to them because of Web sites they had visited. Removing eWallet didn't stop the torrent of pop-ups. Mounting complaints attracted the attention of the Federal Trade Commission. Online publishers sued the company for obscuring their Web sites with pop-ups. In a June 2002 legal brief filed with the lawsuit, attorneys for The Washington Post referred to Gator as a "parasite." ZDNet called it a "scourge." Today Gator, now called Claria, is a rising star. The lawsuits have been settled - with negligible impact on the company's business - and Claria serves ads for names like JPMorgan Chase, Sony, and Yahoo! The Wall Street Journal praises the company for "making strides in revamping itself." Earlier this year, The New York Times reported that Microsoft came close to acquiring Claria. Google acknowledges Claria's technology in recent patent applications. Best of all, government agencies and watchdog groups have given their blessing to the company's latest product: software that watches everything users do online and transmits their surfing histories to Claria, which uses the data to determine which ads to show them. Apart from plush new offices at the northern edge of Silicon Valley, it's remarkable how little the latter-day Claria differs from the old Gator. It's true that the company has toned down its most aggressive tactics. Journalists, watchdogs, and regulators seem mollified. For the most part, though, the company is in the same business as before, courting the same customers and selling a product that does the same thing in the same ways. Claria wears in a sharp suit and has a scrubbed face and coiffed hair - but it still looks a lot like Gator. CEO Scott VanDeVelde doesn't deny this. "I don't feel like there's a need to wipe the slate clean," he says. "Our technologies are dead center of where the market is going." The spyware wars are over - and spyware has won. Like many dotcoms born in the late 1990s, Gator began with an idea for a product - but no clear way to make money from it. "Our idea was a program that would store your passwords and automatically log you into password-protected sites," says Wally Buch. Buch brainstormed the software with a friend, Symantec founder Denis Coleman, who would remain involved in the company until early 2004. They called it eWallet. Buch came up with the missing revenue model a few weeks later as he waited in the checkout line at a grocery store. The woman in front of him bought diapers, and he noticed that her receipt included coupons for baby products. Buch realized that the Web could do the same thing for advertising: If he kept track of sites people visited, he could deliver ads that reflected their interests and thus increase the chance of triggering a sale. Along with then-CEO Jeff McFadden and VP of marketing Scott Eagle, Buch and Coleman decided to give away eWallet and use it as a sort of Trojan horse for pop-up ads. As users surfed the Web, ads would appear based on the site they were visiting. The gambit worked. Millions of people downloaded eWallet, and Gator's bank balance began to grow. A host of similar companies followed, including WhenU, 180Solutions, and DirectRevenue. In 1999, Gator parlayed its early success into $12.5 million in financing. That's when McFadden and Eagle decided the company's main product was not password-storing freeware but a covert ad-delivery platform. "Things really changed after that," Buch recalls. "It's not that I thought pop-ups couldn't be valuable, but the way they did it was over the top. It was an invitation to trouble." Uncomfortable with the company's direction, he left before the year was out. The business took off without him. In 2000, The Industry Standard called Gator one of the "10 companies to watch." The firm pulled in $14.5 million in 2001; revenue totaled $40.5 in 2002, when Gator delivered pop-ups to 12 million desktops. "We had 300 retailers, and the click rates were amazing," Eagle says. "All we were thinking about was how to continue growing." While Gator was raking in profits and plaudits, computer users were growing frustrated. One minute they were downloading seemingly benign freeware, the next their systems were spewing pop-ups and uploading private data. Programs they hadn't deliberately installed and didn't want anyway were interfering with other apps and dragging down system performance. All this spawned a backlash, leading to a new market for antispyware utilities, like Lavasoft's Ad-Aware, designed to remove the offending software, including Gator's, from users' computers. Meanwhile, executives at Web operations noticed that pop-ups interfered with their own ability to do business. For one thing, the ads enticed visitors to click links that whisked them off to other sites. For another, the ads papered over their own sites' ads. Advertisers who didn't get an adequate response on publishers' sites wouldn't renew, and that was bound to compromise potential revenue. As the leading distributor of pop-up software, Gator became a lightning rod for criticism. By summer 2001, the Interactive Advertising Bureau was telling the press about Gator's "deceptive" practice of "illegally" interfering with Web businesses. Gator wasted no time in striking back. In August, the company had sued IAB for "malicious disparagement" that interfered with its right to deliver pop-ups. The parties settled in November, agreeing to cooperate in the development of future Gator products. In June 2002, The Washington Post, The New York Times, Dow Jones, and seven other online publishers filed a lawsuit, charging Gator with nine counts, including interfering with business and violating trademark. Gator's software, they claimed, infringed on their trademarks because it used their brand names to trigger ads for competitors - that is, when it detected a user logging into The New York Times' site, it would pop up an ad promoting The Wall Street Journal. The publishers hoped to convince the court that Gator was specifically targeting their businesses and delivering competing pop-ups. They hired Ben Edelman, a Harvard economics graduate student with a law degree and a techie bent, to trace the trail of secret signals, both within users' computers and over the Net. Thanks to his forensic work and eventual testimony, the publishers won a preliminary injunction forcing Gator to stop targeting their sites. Ben Edelman is the world's premiere spyware epidemiologist. In his Cambridge, Massachusetts, lab near Harvard Yard, he deliberately infects a sacrificial PC with programs like eWallet. Then he tracks the way the applications sink their tendrils into host desktops, collect sensitive information, and transmit it to the mothership. This research has earned him few friends in the industry. Eagle, ever on the defense against competitors, believes Edelman is a spy for his rival WhenU. After I tell the Claria VP I'm planning to visit Edelman, he turns grim. "Why don't you ask him who he works for?" he asks testily. The fact is, Edelman works for the same kind of customers Eagle does: large organizations with a substantial Web presence. His consulting clients include AOL, the National Football League, and Wells Fargo. In Edelman's testimony on behalf of the publishers in their 2002 suit, he gave a step-by-step overview of how Gator's user tracking and ad delivery software wound up on the machines of unwitting users. When someone downloaded eWallet, Edelman found, another program called OfferCompanion came along for the ride. Whenever the browser loaded a new site, OfferCompanion sent the new URL to Gator, which served a related pop-up for the software to display. Moreover, Edelman discovered, the stealth program couldn't be removed using the Windows uninstall command. Once it was on a PC, it took some effort to erase. He also found that thousands of smaller companies were also distributing OfferCompanion (along with similar programs) bundled with Kazaa and AudioGalaxy. These distributors made deals with yet another tier of companies that gave away the bundle along with still more freeware. Whenever a user clicked on an ad, everyone along the chain took a cut. So if Gator got $10 for each click on a Home Shopping Network pop-up, the second-tier distributors might get 10 cents each and the third-tier distributors 5 cents each. Sometimes, though, the middlemen didn't wait for a user to click; they simply made it look that way. When someone clicks on a pop-up ad, the advertiser puts a cookie - a small text file - on the user's browser to track his movements. The more active the user is on the advertiser's site, the more the distributors get paid - especially if the result is a sale. These companies realized they could add code that stashed a cookie in the browser whenever a pop-up appeared. Thus, each pop-up served made them another dime, whether or not it ever got clicked. The scam, known as cookie stuffing, became endemic to the industry. "Quite simply, affiliates use spyware to rip off marketing departments," Edelman says. The publishers' suit set off a cascade of bad news for Gator. L.L. Bean, Hertz.com, and Overstock.com piled on during 2003 and 2004, launching separate suits for unfair business practices and trademark infringement. In April 2004, the FTC held a summit to address the spyware problem and followed up with lawsuits against companies like Seismic Entertainment. Seismic's code embedded itself so deeply in the operating system that trying to delete it occasionally ruined the host PC. The agency didn't go after eWallet or OfferCompanion, but it was clear that the Feds were paying attention. Then Yahoo! announced that its toolbar would block pop-ups from Gator, among others. Amid the string of setbacks, Gator canceled plans for an IPO. Eagle declines to talk about it. "Suffice it to say that market conditions weren't right," he says. The lawsuits and bad publicity left the company wounded, but the numbers were exploding anyway: Profit grew from $91,000 (on revenue of $40.5 million) in 2002 to nearly $35 million (on revenue of $90 million) in 2003. The user base was roughly 35 million and growing 50 percent annually. Apparently, Gator didn't need to change its software; it needed to change its image. So, as Eagle puts it, "we shifted the momentum and grabbed the mike." The first move was to give the company a new name. Thus, in October 2003, Gator, the fearsome snapping reptile, became Claria, the paragon of transparency and light. Next Claria went to work replacing the pejorative word spyware with the more business-friendly adware. The adware model was already an accepted way for software companies to support otherwise free products - the free version of the Eudora email program, for instance, displays ads in a small window that can't be closed while the program is in use. Claria execs argued that eWallet was no different. Moreover, they policed the distinction with diligence: Anyone who called the company's products spyware risked a lawsuit. In late 2003, Claria filed a libel suit against PCPitstop.com, a mom-and-pop site that distributed spyware-removal tools. The suit claimed that PCPitstop was infringing on Claria's business by including the company on a list of firms that distributed spyware. As part of a settlement, PCPitstop took down several pages on its site describing how the company's pop-up generator ruins PC performance and tracks every move consumers make online. Meanwhile, Claria quietly settled the suits filed by L.L. Bean, Hertz.com, and Overstock .com. All parties signed nondisclosure agreements, so the terms are secret and nobody will discuss them. The next step was to cozy up to regulators. Claria offered to help government agencies and industry watchdogs establish guidelines for spyware, and perhaps show how its own practices were more benign. To that end, the executive suite made room for a new position: chief privacy officer. Reed Freeman, a former staff attorney at the FTC's Bureau of Consumer Protection, took the job. Freeman spoke at industry events about the importance of privacy and consumer rights, and Claria became a supporter of the Antispyware Coalition, a lobbying group headed by the Center for Democracy and Technology in Washington, DC. Claria seemed to embrace the Coalition's business-friendly list of rules for pop-up advertising companies that sought to rise above the spyware label. The rules are simple: There must be "conspicuous notification" when adware is downloaded, and that notice must include a clear explanation of what the software will do and how it can be uninstalled. But for all Claria's rhetoric, critics pointed out, its actions suggested a less than hearty embrace of the coalition's intent. For example, it complied with the notification provision by adding to the installation procedure a pop-up window full of small type explaining how Claria's products work. Edelman scoffs at this solution, arguing that the notification text is "longer than the US Constitution and nobody reads it." If Edelman wasn't convinced, several makers of antispyware software were. In April 2005, Claria issued a press release saying it had convinced McAfee to "acknowledge" that Claria's software apps weren't "malicious threats"; McAfee had "inadvertently labeled" Claria a "top threat of 2004." Claria also persuaded Microsoft and Aluria to remove its products from the list of programs targeted by their antispyware apps. Eagle won't discuss how he made his case to these companies, but Aluria CEO Rick Carlson says he's satisfied with Claria's disclosure policy. "At some point the consumer has to take responsibility and read," he says. As for whether it's easy enough to remove Claria's software, "users are never more than two clicks away from uninstalling," he says. Claria's cleanup strategy very nearly paid off in a big way. According to a June 30, 2005, New York Times piece, Microsoft considered acquiring Claria. The two went as far as holding meetings to discuss terms. However, Redmond employees who were aware of Claria's reputation demurred, setting off what the Times called an "internal battle" among Microsoft execs. Neither company will comment on the article. The reported deal didn't go through, but Eagle says he's not worried. His company's revenue for 2004 topped $100 million. Claria is back. As Claria sheds the last of Gator's skin, Eagle is keen to talk about the final element in the company's corporate makeover. "We're moving into the personalized content business," he says. Translation: The company plans to stop delivering pop-ups altogether. At first blush, the news sounds like solid evidence that Claria has emerged from the spyware wars with a new focus. Having taken pop-ups as far as it could, the company has decided to leave the format behind. But this isn't to say it's finished tracking customers and using the information to sell advertising. PersonalWeb, a Claria product scheduled to launch in January, is a close cousin of the OfferCompanion program that hitched a ride on eWallet. It tracks everything users do on the Internet and sends the information to remote servers for analysis. Then it places ads on partnering publishers' Web sites, changing them depending on the profile of the visitor. The crucial difference is that PersonalWeb doesn't display irritating pop-ups that might make users wonder what else has been installed on their PCs. Better yet, publishers will get a cut of the clickthrough commissions for ads Claria places on their sites. There will no more fights over territory. "It's great for everybody," Eagle says. "Merchants make money, publishers make money, and so do we." The new product doesn't alter Claria's course. Rather, it cuts a more viable pathway through the wilderness McFadden and Eagle first opened in 1999. PersonalWeb reflects the key lesson the company has learned since then: While everyone hates pop-ups, nobody much minds behind-the-scenes spying. In fact, surreptitious tracking is all the rage. Google - with its interconnected search, email, chat, blogs, and social networks - is also in the business of targeting ads based on user behavior. So are MSN and Yahoo! All three maintain profiles of everyone who signs up for their services. They use cookies to track what visitors do on their sites while they're logged in; the downloadable Google and MSN toolbars track which sites users visit when they're logged out. Like Claria, Google has amassed a vast database of user profiles that it plans to use for even better targeting in the future. Few people in the online business community question the idea that marketing software should track user behavior. Lydia Parnes, director of the FTC's Bureau of Consumer Protection, says it's possible to track people online without being underhanded. The FTC is in favor of online advertising, she explains, "and sometimes tracking makes advertising work better for consumers." Esther Dyson, who has been harshly critical of spyware companies in her influential newsletter, Release 1.0, agrees. "As long as there's disclosure and people are given a choice, I think monitoring users' behavior isn't a problem," she says. That's the kind of green light Gator could never get. But in the evolving world of behavioral marketing, Claria is the hottest, um, adware company around. Gregory S. Williams [EMAIL PROTECTED] Reply with a "Thank you" if you liked this post. _____________________________ MEDIANEWS mailing list [email protected] To unsubscribe send an email to: [EMAIL PROTECTED]
