Legitimate Behavioral Targeting vs. Spyware

Two weeks ago, New York State Attorney General Eliot Spitzer sued Direct Revenue, a desktop-behavioral advertising company, accusing them of a vast elusive pattern of spyware (define) installations.

The suit arose under a variety of state laws prohibiting false advertising and deceptive business practices, computer tampering, and trespass.

The case offers a welcome opportunity to distinguish legitimate forms of behavioral targeted advertising from spyware.

It provides a real-world situation to reflect upon and an opportunity to make up our own minds as marketers and advertisers about what’s OK and what’s not when it comes to behavioral targeting.

Why Did Spitzer Sue?

The Attorney General’s office alleges Direct Revenue surreptitiously installed millions of pop-up ad programs on consumers’ computers.

In a press release, Spitzer stated, “these applications are deceptive and unfair to consumers, bad for businesses that rely on efficient networks to do their jobs, and bad for online retailers that need consumers to trust and enjoy their online experience.”

The suit followed an extensive investigation that documented Direct Revenue’s practice of installing advertising software on computers without proper notice.

In many cases, installations were instigated when Direct Revenue or one of its distributors advertised “free” applications such as browser enhancement software, omitting reference to the spyware that would accompany the downloaded application. Once consumers downloaded these “free” applications, however, surreptitious code placed on their computers caused Direct Revenue’s own servers to install its spyware without notice.

Spitzer’s investigation documented 21 separate Web sites through which this practice, known as “bundling” and “piggybacking” occurred. These programs then tracked consumers’ Web behavior and delivered pop-up ads.

Spitzer’s investigation revealed Direct Revenue and its officers deliberately designed spyware that, once downloaded, was extremely difficult for users to detect and remove. It even reinstalled itself after removal. The company’s executives knew this, proudly describing their software as “stealthy” and unable to be caught.

What is Direct Revenue?

Direct Revenue styles itself as one of the fastest-growing media companies in the world. The company provides desktop-advertising solutions it describes as behavioral marketing services. It maintains a site network and partners with software companies to aggregate a consumer base for advertisers.

Direct Revenue enables advertisers to deliver behaviorally targeted messages and search results millions of consumers “who access content or enjoy popular software.”

The company claims to benefit consumers by making the Internet affordable and by enabling providers of software, services, and content to offer free ad-supported versions of their products.

Response To The Lawsuit

Direct Revenue called the suit “baseless” and complained it focuses exclusively on past practices.

A Direct Revenue company spokesman said, “mislabeling our products as ‘spyware’ does a disservice not only to our company, but also to the public by creating an atmosphere of hysteria, confusion and inaccuracy.”

In their rebuttal, Direct Revenue pledged to adhere to TRUSTe’s proposed adware guidelines in the future. It asserts “none of the challenged practices have been in use for at least six months and that this case will change nothing about our business model going forward.”

What’s the Difference?

Many major Iinternet marketers don’t consider any form of desktop-targeted pop-up-delivered advertising to be legitimate. If the ad isn’t delivered in-page via an online publisher or service provider, it’s a no-go area.

Others believe there are some forms of ad-supported software, such as the Eudora email client, where advertising revenues offset shareware registration fees for end users.

A few things I believe distinguish ad-supported software from spyware include:

• Obtaining explicit consent from consumers prior to installation.
• Not delivering advertisements separately as pop-ups.
• Not collecting any personally identifiable information.
• Making removal easy by supplying an opt-out link with every advertisement and clearly listing the removal function in the add/remove programs menu in Windows.
• Direct distribution to users; not through third-party affiliates.
• Providing specific value to consumers; not “making the Internet better,” but offsetting a specific cost or fee to use the software

Here’s What I Think

If Direct Revenue service, as described in Spitzer’s investigation, is even remotely accurate, it fits squarely into the spyware category.

It’s just the kind of thing that casts online publishing, advertising, and software/Internet technology in a bad light by confusing what’s OK and what’s not.

Online advertisers who care about the quality of consumer interactions with their brands should steer very clear of this type of tactic. It’s not the OK type of behavioral targeting.

Direct Revenue’s response indicates the company has changed direction and now follows acceptable practices. Although this prevents more damaged user experiences, it doesn’t undo prior damage.

Direct Revenue should run one final pop-up ad across their entire desktop network notifying consumers they have software on their computer. The pop-up should provide a link to remove it.

Then, they should move forward with their newer, nicer approach.