In a statement posted on his Web site Nov. 20, independent adware researcher and Harvard-trained attorney Ben Edelman published a list of examples of ways in which he claims Zango is violating the terms it has proposed to the FTC, including the use of misleading EULAs (end user licensing agreements.)
The document is penned in collaboration with Eric L. Howes, another well-known researcher of adware and related spyware schemes
On Nov. 3, the FTC announced that Zango, formerly known as 180Solutions, based in Bellevue, Wash., had agreed to pay a $3 million fine for using unfair and deceptive methods to dupe users into downloading its advertising software, and blocking people from removing the application from their computers once it was installed.
The settlement, which is slated to become official sometime in the next several weeks after the FTC finishes considering input about the agreement from external parties, bars future downloads of Zangos adware without Zango having first gained explicit consent from users, and also requires that the company make it easier for people to opt out of its future programs.
In their report, Edelman and Howes maintain that Zango continues to do business as it did before the FTC filed its charges, despite the companys claim that it has "met or exceeded" the details laid out in the settlement since January 2006 on improving the clarity of its EULAs. The researchers specifically claim that Zango is violating several requirements of the settlement regarding the manner in which it explains the implications of its software to users, including the failure to publish those details in more prominent locations than inside its EULA.
Edelman and Howes said Zango also violates the FTC settlement by omitting details regarding the full impact of its programs during the software installation process, and further accuses the firm of failing to gain express consent from people before loading its software onto their machines. In some cases, Edelman said, Zango software continues to be installed with no disclosure to users whatsoever.
Zango also continues to use older versions of its software that it has promised to abandon, and still employs deceptive advertising practices aimed at tricking people into downloading the programs, he said.
While Zango has promised the FTC it will improve its act, evidence that the company has not done so abounds, according to Edelman.
"Theyve created a bit of a mess for themselves with so many years of bad practices carried out through so many partners; cleaning that up is not an easy process, yet the settlement requires that they successfully pull it off," Edelman said. "At the same time, their corporate culture clearly doesnt make it a priority to give full or frank disclose of what the software really does, and even their newest installations seem misleading."
In response to Edelman and Howes claims, Zango company spokespeople offered a written statement that said the firm is currently working to fall in line with the FTC settlement. Among the efforts specifically cited by the firm to that end is ongoing consultation with Richard Purcell, chief executive of the nonprofit Corporate Privacy Group, who is helping Zango to facilitate compliance with the proposed agreement.
"We are reviewing the information released today and take concerns relating to the FTC consent order very seriously, and welcome any and all input about our business practices and the protection of consumers," Zango said in the statement. "We are working diligently to meet and exceed every single one of the requirements set forth by the FTC."
Edelman remains unconvinced that Zango is trying to mend its ways and said that based on the companys history, the firm will do anything to try and continue its long-running business practices, which he said have not changed despite repeated efforts by the company to recast its image.
While the firm may have changed its name from 180Solutions after that brand become synonymous with adware, its policies have changed very little, according to the researcher.
"Zango has repeatedly promised to improve its practices, and changed its names a handful of times, but in fact it has essentially done the same thing since 2002 in terms of making software that shows pop-ups, tracks the Web sites that users visit and sneaks onto computers," Edelman said. "The FTC settlement is an excellent document; the question will be if anyone is able to enforce it and make sure its … more than a PDF file sitting on a Web site."
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.