The Internet is the first mass medium in history in which ultimate power resides in the individual computer user, and it was built on the concepts of transparency, choice, and user control. However, the individual’s power is only as strong as the software tools he or she uses, and it can be eroded by practices that hide a program’s actions from the user or that fail to function as expected.
The growing phenomena of spyware and adware are examples of programs that can diminish a user’s control over his or her computer by surreptitiously installing software, sharing personally-identifiable information, changing settings or functions, or other actions that we believe are inconsistent with the fundamental nature of the Web.
Private companies, like ESG, led the way in addressing the increasing distribution of spyware and adware. Our signature product, SpyHunter, is designed to address this phenomenon and to return ultimate control to the individual computer user. Our other products similarly are designed to serve the same basic purpose.
More recently, spyware has attracted the attention of public policy advocates and lawmakers, and there is a gathering momentum in the direction of regulatory responses to this issue. The first task that must be confronted in this effort, however, has been to develop a clear definition of what is meant by "spyware" or "adware". While the merits of any particular legislative or regulatory proposal depend on its specific details, ESG supports the movement toward providing a clear understanding of the issues involved.
To further that end, ESG sets forth the following "Statement of Principles" that describes how we operate as a company. The principles described below set forth the criteria we use for identifying spyware and adware with our various products, and they also serve as a code of conduct for ESG in our own business relationships. We believe that adhering to these principles is a matter of common courtesy and good Internet citizenship.
Statement of Principles
We believe the consumer should always have clear notice in advance of what software will be installed on their computers, either as single programs or as part of a bundle, and should be provided sufficient information to understand the function and purpose of each program before it is installed. The information should be presented conspicuously and in a way that a typical consumer will see and understand.
Installation and Removal
We believe that installation of software on a computer should never come as a surprise, and consumers should never be tricked into installing unwanted programs. An application should not be installed on a computer secretly or by hiding within another program, and the user should always have the clear option whether or not to agree to the installation. Consumers should be provided with the information needed to remove a program after installation, and the method of removal should be simple and effective.
Specific Practices to Avoid
We believe the following practices are characteristics of spyware or adware and should be avoided:
- Hijacking. This is the practice of taking control of a users’s computer without the user’s knowledge or consent. Certain specific abuses of hijacking may include sending unsolicited information or material to others; reseting the Internet browser; using the consumer’s Internet connection or service; using the consumer’s computer to launch a denial of service attack; or delivering pop-up ads that the user cannot close without turning off the user’s computer or closing the Internet browser.
- Modification of settings. This is the practice of modifying the settings related to the consumer’s access/use of the Internet without the user’s knowledge or consent. Such actions may affect the home page of the browser, the existing Internet connections settings, the list of bookmarks, or the security or other settings that protect information about the consumer.
- Surveillance of web surfing and other content. This is the practice of monitoring the content visited by the consumer and giving the results of such monitoring or analysis to third parties. It also includes keystroke logging.
- Snooping. This is the practice of collecting and transferring to a third party personally-identifiable information, such as the user’s address, without clearly and conspicuously asking the user to consent to such disclosure.
Sources for Best Industry Practices
The development of best industry practices and principles regarding spyware and adware is an evolutionary process that started within the Internet community. Because technology is dynamic, the specific programs and practices that fall under the umbrella of "spyware" and "adware" change over time. As businesses, public policy organizations, and lawmakers grapple with these concepts, it is important to pay attention to the continuing dialog on these issues. Good sources of information on issues relating to spyware and adware include the following: