In the online world, we come across terms and conditions and end-user licensing agreements all the time. We’re all busy and it’s so easy to just check the “I Agree” box and continue with our business. But there are times when TOS and EULA’s can be very enlightening. And they are legally binding agreements, so there is prudence in knowing what you are agreeing to in many situations.
I came across this EULA the other day. I have to think it falls nicely into a EULA from hell. I have to wonder how many end users would still install the software if they a) read the EULA and b) understood it. This EULA is for some “free” P2P enhancement software that comes bundled with adware. The adware is put out by AdSingular, who does operate as an affiliate. Let’s take a look at this particular EULA and see what exactly the end-user is getting with this free ad-supported software.
The following outlines the terms under which Adsingular Inc. grants the user a non-exclusive license to install and run the [Edit Software Name ] applications found on the web site http://somewebsite.com. Adsingular Inc reserves the right to amend the terms of this agreement from time to time by updating this page, without notice to the user. The user understands and agrees that it is the user’s sole responsibility to visit this URL (http://somewebsite.com/terms) if and when they wish to view current Terms and Agreement. By installing the application, the user agrees to the terms of this license agreement and terms of use.
I’ve removed the name of the software and the URL because I know someone will not be able to resist clicking and installing to go check it out. And it’s really not software you may want on your computer unless you have it in a protective environment. So far we have pretty standard fare as EULA’s go. The one thing that does jump out here is that AdSingular just gave themselves the right to update the terms of the EULA, but without giving any type of notice to the end user. The end user needs to remember to periodically check back on their web site for the lastest version of the EULA. Yes, I’m sure end users remember to check specific web pages periodically to see if their software has changed.
I -The user understands and acknowledges that the application is only downloaded, installed, and used at the user’s sole liability and risk, and agrees to indemnify and hold harmless Adsingular Inc, and any of it’s partners from any liability or consequence whatsoever arising out of the download, installation, use, or removal of the application or any of its component applications at any time, said consequence including, but not limited to, computer crashes, Internet connection charges, system instability, data loss, application errors, application damage, file/data corruption, or other hardware, software, or network related problems.
At first glance, this appears to be the usual indemnification clause: they aren’t responsible for any damage to your computer, files, other software, etc. But they don’t just indemnify themselves, they also throw in their partners and component applications. In the world of adware EULA’s, when you start seeing mention of partners and component applications that usually is translated into plain English to mean “we install other adware applications”. So the clause seems to be saying they aren’t liable for any damages by their adware or anyone else’s adware they install on the end user’s computer.
II -The user understands and agrees that the application provided and any of it’s component applications are not warrantied or guaranteed for use in any specific purpose.
We have mention of both their adware and other’s adware they may install. And I thought the specific purpose was to earn them revenue with online advertising channels.
IV -The user understands that the application does NOT collect bank account/credit card information at any time from the user, and never has any access to personal financial account information.
Section III was not contained in the EULA, but IV makes up for a missing section. Wow! I feel safe and secure. Sign me up! I do have to wonder and ask….why did they feel the need to say they don’t access sensitive financial information of the end user? Hmmm…………
V -The user understands and acknowledges that the application and associated components may communicate from time to time with Adsingular Inc server systems and/or that of its partners, and gives express permission for said communications and data transmissions of any and all types used by the application and any associated components.
Here we go again with throwing in their partners into the mix of their own EULA. Not that we have yet to see any specific information about exactly WHO those partners may be. We’ve just given them permission for any type of communications with their servers or their partner’s servers as well as any type of data they decide to transmit. I guess any data is now fair game except for what was mentioned in Section IV? That’s pretty much a blanket approach to data the end user has just given permission to transmit to the AdSingular (or their partners) servers. You have to consider all the possibilites of the type of data which is stored on an end user’s computer. Let’s see if we get an idea of the type of data their software is interested in further along in the EULA.
VI -The user understands, acknowledges and agrees that the application and associated components may alter Internet browsing and/or computer user experiences in a manner acceptable to Adsingular Inc, in its sole discretion, including but not limited to, search engine query results, display of pop-up window messages, highlighting and hyperlinking of words on web pages, redirection of error message pages, changing of user home page, addition of bookmarks to user’s browser, and/or other alterations/modifications.
Translation: I give you permission to hijack my browser, bombard me with pop-up ads, change the web sites I’m viewing, change my personal browser preferences I’ve set like my homepage and bookmarks and pretty much change anything else that you want at your sole discretion. I just gave you total control of my browser. Not only that, as the consumer, I just gave you the right to alter and change the content of anyone else’s web site I happen to be surfing. Wow, I didn’t realize I had such power to grant that right. I feel so empowered now! And not only am I allowing you to do all of this, I’m also allowing it for any other adware application you may install on my computer.
VII -The user understands, acknowledges, and gives express permission for the application and/or associated components to collect personal information, including, but not limited to, name, demographic data, interests, profession, education, marital status, sex, age, income, and any other information Adsingular Inc. decides to collect regarding user, at its sole discretion.
Ah, here we go…some insight about those data transmissions we agreed to in Setion V. I’m wondering exactly *how* this adware collects that type of PII (personally identifiable information). Since they don’t elaborate, like through surveys, we’ll just have to wonder. And again, we are giving them permission to collect not only the PII they named, but any other PII they decide they would like to harvest…I mean collect. If you are an end user who cares about your PII, who may have access to it and where it may wind up then this software is probably not for you.
VIII -The user understands, acknowledges, and gives express permission for the application and/or associated components to collect information and data regarding Internet activity, including web sites visited, search queries conducted, applications installed and used, files present on user’s hard drive or system, transactions conducted, and any other behavioral data deemed necessary by Adsingular Inc in its sole discretion.
Translation: By the way, we aren’t just adware but we are also spyware too! But AdSingular doesn’t limit themselves to just tracking surfing behaviors. They may also take a gander at what other software you have installed on your computer. I wonder why they would want to do that? Maybe we’ll get a hint further into the EULA. But why stop there? They can also take a look at *any* files on your computer (banking records excluded I’m sure). And since they are on a roll, why not monitor transactions conducted on the computer? Now exactly what they mean by transactions isn’t defined, but my mind reels with all the possibilites. Could they mean purchase transactions? And they didn’t forget to cover all other bases by the catch all “anything else they decide at their discretion they want to collect.” I really do hope they are discreet with all these mentions of discretions.
IX -User understands, acknowledges, and gives express permission for the use of any data collected by Adsingular Inc.as it sees fit, including the sharing, rental, or sale of any of said data or any portion thereof to any entity at the sole discretion of Adsingular Inc. User expressly indemnifies and holds harmless Adsingular Inc. from any liability or consequence arising out of the possession, use, sale, or transfer of said data, and grants the ownership of any said collected data to Adsingular Inc, including the rights to transfer ownership to another entity at any time for any reason. User understands and acknowledges that the permission granted for collection and use of data is irrevocable and survives any removal of the application and associated components.
Now that we’ve given the permission to pretty much collect and transmit to themselves or their partners any and all data from our computer about us, what do we allow them to do with the data? Data afterall has little monetary value unless you do something with it. Well, we allow them to share, rent or sell it to anyone they want to. At their discretion of course. But they go even further with regards to the passing around of our PII and content of our computer. We also agree to release them of any liability or consequences we may incur from whoever they decide to share our data. Now I really have to ask…exactly WHO are they sharing the data with where there could be harm or consequences to us? They really show their stones with the next bit of EULA wonder. We also give them *ownership* of all that data collected and the right to transfer the ownership to anyone else they want to. At their discretion of course. And finally, once they’ve collect the data there is no “out”. No opt-out option down the road allowed here. It’s their data and they aren’t about to give it up or delete it. You can decide to remove the software, but whatever information they have already collected belongs to them. Forever and ever. Ahem.
X -User hereby gives authorization and permission for marketing offers and solicitations to be sent from Adsingular Inc or any of it’s authorized partners via any methods deemed acceptable in Adsingular Inc.’s sole discretion, including but not limited to web browser, email, instant messaging applications, or via proprietary delivery methods to user’s system or desktop.
Ok, it’s adware so we would expect to be receiving marketing offers through the software. We have also just agreed to marketing from any other their nameless partners. How will they be delivering those marketing offers to us? By any methods they want to. At their discretion of course. Seriously, if you manage to get your adware installed on the end user’s computer, why limit yourself to just pop-ups? Come on now, browsers aren’t the only software on a consumer’s computer that connects to the Internet. Let’s not forget email and instant messaging. We shouldn’t forget them because AdSingular certainly didn’t. But my favorite has to be they may use proprietary delivery methods to send marketing offers to the user’s system or desktop. Ah the power of being a consumer. And if we stop and think about it for just a minute, then we realize that their adware isn’t just connecting up with the browser but it is also accessing such applications as email and instant messaging clients. Let us not forget the complete and total rights to collect any data they see fit, and that isn’t necessarily the prettiest picture.
XI -User hereby understands and gives permission for application and/or any associated components to alter applications, files, and/or data so as to display information and/or marketing messages, including but not limited to file sharing applications, media viewers, and/or player applications.
I guess when you are on a roll, why not just go for the whole nine yards. The sky is the limit when you have the consumer in your corner granting you rights left and right. Not to limit themselves to just using their own adware to deliver marketing, they have now received permission to alter the *files and data* of the proprietary software belonging to others to deliver their marketing. Wow! I’m sure the owners of the other software might have an issue with this, but hey the end user agreed to it.
XII -User hereby understand, acknowledges, and gives express permission for application and/or associated components to disable or delete applications and/or files deemed unfriendly or harmful to Adsingular Inc or any of its partners in Adsingular Inc.’s sole discretion without notice to the user, and may auto-reinstall application and/or any associated components, unless approved auto-uninstall application is used.
Scroll back up and reread Section VIII. Why would they want to collect information about the other software and files on your computer (aside from other applications they will use to display marketing)? You have to know what is there if you are going to possibly disable and delete them. Yes, the end user just gave AdSingular the right to disable and delete any other software the end user has installed on their computer! At their sole discretion of course. But have no worries, just the software they feel is unfriendly or harmful to AdSingular and their nameless partners. And they can do it without giving you notice. I wonder what types of software they may feel, at their sole discretion, is unfriendly and harmful. Could it be other adware applications which are their competitors? Maybe it’s security software like firewalls which might block their Internet connection? Or could it possibly be anti-spyware software? Maybe it’s potentially all of those and more. Maybe it’s none of those, but then they don’t really tell us what software they may be wiping off our computer. Software, I should mention, that we possibly didn’t get as “free” to enhance our online experience, but actually paid for. I’m beginning to see the need for all those indemnification clauses at the beginning of the EULA now. And if you do uninstall their software without using an “approved” auto-uninstall application, then they have the right to put their adware (and their partners) right back on your computer. And they can do this without notification to you. Not that they give us a list of approved uninstall applications, but how much do you want to bet that products such as McAfee, CounterSpy, Norton’s, WebRoot, etc aren’t on their approved list? There’s not nice way to say it. They have some serious balls to put that in their EULA. Wow.
XIII -User certifies that they are 18 years of age or older, and is authorized to download and install the application on this computer. User understands, acknowledges, and agrees that application may download and self-install associated components without notice to the user.
Translation: You have to be 18 to be screwed. You give use permission to use stealth, backdoor techniques to install other adware on your computer without your knowledge. Lucky number 13 EULA clause.
XIV -User agrees to indemnify and hold harmless Adsingular Inc and any of its partners from any liability whatsoever in regards to any breach of agreement relating to any other End User Licenses, Terms of Service, User Agreements, and/or Privacy Policies that they may be bound to by any party.
Considering the degree to which you are allowing them to invade your computer, it’s probably a good CYA measure to end the EULA with one final indemnification clause. Again, they take the approach of covering themselves and their partners. With the clause, any breaches in EULA’s, TOS, User Agreements and Privacy Policies that may be violated by the end user that the end user holds with other software companies or in the course of their online activities because of the behavior of AdSingular’s adware (and their partners) falls on the end user and not AdSingular (or their partners). So if AdSinglar inserts banners or hyperlinks on a web page the end user is viewing and that violates the web site’s TOS, it is the end user who is responsible. If the AdSingular adware modifies the files/code of another piece of software on the end users computer which violates the software’s EULA and TOS, it is the end user’s responsibility. The end user can not hold AdSingular responsible for any consequences the end user may experience for violating other parties agreements.
This just goes to emphasize the point that even though a EULA (or Privacy Policy for that matter) is in place, it doesn’t automatically mean that there aren’t any possible concerns nor that the end user is installing software which may not be problematic for them. Indeed, this particular EULA reads as software which can potentially wreck havoc on the user’s computer as well as raise all types of potential privacy issues for the user. And that is assuming this EULA is always even presented to the end user when the AdSingular software is installed. You know what they say about assuming…..
And did I mention that AdSingular is an affiliate as well? They are. They are also an ad network providing contextual advertising for advertisers, although their web site emphasizes contextual links placed on web sites and fails to mention the involvement of any adware.
But this brings up one last point, an issue I’ve been talking about awhile now. How far does end user consent go with regards to affiliates generating traffic and sales through adware? There has been a trend by many companies over the last two years of focusing on the fact that their end users have installed their adware with consent. There is certainly good reasons to address the issue that the end user really did agree to the installation. The FTC and State Attorney Generals bringing charges against companies using bad installation techniques is certainly a pretty good reason. The NYAG settling charges against advertisers using adware which engages in bad installations is another. There are definitely many more cases I could reference and the list continues to grow. But is the fact that the end user ticked off an “I Agree” box to a EULA or TOS prior to installation the only hurdle an adware affiliate needs to meet in order for the affiliate to be deemed acceptable and welcomed in the affiliate marketing channel? That certainly seems to be the argument and rationale being put forth of late. I’ve been saying no and I continue to say no. This particular EULA is a glaring example of why I have a stance that consent is only the first hurdle, but how the software behaves and generates traffic and revenue is an equally important hurdle the adware affiliate must meet in order to have “compliant” software. As a Network, what kinds of liability and risks are you opening yourself up to by allowing an affiliate in your Network who engages in the types of behavior outlined in this EULA? The same question can, and should, be asked of Merchants. What are your risks and liabilities as a Merchant if your ads are being displayed under the conditions outlined in this EULA? Is this the type of behavior we want associated with the Affiliate Marketing Industry? Are we willing to say that all the different behaviors outlined in this EULA are acceptable just because the end user agreed to the EULA? My answer is an emphatic no