Posts Tagged ‘spyware’

EULA – Are You Hiding Something?

Sunday, November 15th, 2009

I generallty try to read the EULAs (End User License Agreements) when I installed software, but after reading hundreds of them, it starting to seem to be a waste of time.

My first reason is that the language is not meant to be clear. If they are *even* going to tell you about spyware, they are going to make it as vague as possible anyway.

Here’s an example. I was installing an email client from the Android Market on my T-mobile G-1 Google Smartphone. Here’s part of the EULA, and it’s vague. Are they talking about spyware? What the hell are they talking about? I’m not saying they are doing anything bad, but I *am* saying it’s pretty vague.

EULA vague

(since the image is unclear, here’s the text:
EXTERNAL SERVICE: “[company] may rely on external services and service providers to provide you with capabilities to interoperate with such service. [company] will not be liable or responsible for … [blah blah blah”)

They could be talking about using Google contacts, or they could be talking about sending all your keystrokes to the mother ship … who knows?

Anyway……

Why I hate to read the EULAs:

I’ve found suspicious software behaviour even after reading the EULA and not finding anything negative.

Installing software takes 2 minutes if I don’t read the EULA, and 30 minutes or an hour if I do.

No one else seems to read EULAs. And I get pressure from anyone I’m working with, like “OH, I JUST CLICK THOSE”, or “are you gonna actually READ THAT??!!”

I think legal ‘strict liabllity’ is going to eventually have to apply to software. In other words, there needs to be a minimum resposibility for software. You can’t just wipe someone’s hard drive because you had it in the EULA. It’s a dismal situation and free-for-all right now though, insofar as software goes.

Even legitimate companies do it. Like back in 2000 (?) when I was maxed out at 384 megs of RAM, my HP printer drivers came with an update checker that took 60 megs just to sit in the systray and check for updates once a week. I called HP support … “I can’t afford the RAM for this. I only print once a month, anyway. How do I turn it off?” The rep said there was no way to turn it off. I told the rep that they ought to be in jail for that crap.

Admittedly, some of the problem lies with the end users. Consumers have some sick belief that everything should be free — that all the hundreds of hours a musician, or author, or programmer spend don’t mean anything, and they have some “right” (??) to steal music, ebooks, and programs. So I’m sure part of what’s going on is that the programmers are thinking “well okay, food doesn’t magically appear on my table and I have to pay the bills, and consumers bitch about paying for anything, so I’ll just add this browser tracker module and get a penny per record from the big tracking company, then I’ll either not mention it in the EULA, or create vague smoke screen language”.

Look at the example of website templates. “Free” means you don’t have to pay for them, but in many cases you end up with either cleartext or obfuscated links to what? … the template site? … porn or gambling sites? Many beginner webmasters aren’t even aware of this. Does it hurt? … yes, it can hurt your ranking if you are linking to a bad neighborhood.

I’m sure a lot of the FOSS (Free and Open Source Software) apps are written by good people, such as students who are just learning, or organizations looking for free feedback from users. And some are just trying to build a big following and hoping to get purchased by some big company. But I think you have to think about why someone would spend hundreds of hours to create a free app. And then, of course, read the EULA.