Forwarded from: "eric wolbrom, CISSP" <ericat_private> http://news.com.com/2100-1032_3-1008954.html By Declan McCullagh Staff Writer, CNET News.com May 22, 2003 A Harvard University researcher has completed an investigation of the Gator advertising utility, offering a glimpse into the workings of one of the Web's most controversial pop-up networks. Gator is a utility, sometimes derided as " spyware ," that monitors a user's Web browsing activity and displays relevant advertisements. Until this week, the service promised advertisers that it could slap promotions onto a computer screen when a reader visited a competitor's Web site. According to the Harvard report , pop-up advertisements for Sun Microsystems' powerful V880 server, boasting "See how Sun beats IBM," are aimed at Gator users who visit IBM.com. In the cutthroat travel business, Orbitz, Travelocity.com, Priceline.com, and Cheap Tickets have purchased pop-ups that Gator users visiting arch rival Expedia will see, the study found. Expedia, in turn, uses Gator to aim its own "bargain fares" ads at all four of its competitors' sites. The report "provides some data as to how much advertising Gator is showing and to whom it is targeted," said author Ben Edelman , who has testified as an expert witness against Gator in at least one legal challenge to its service. "For Web site operators, and to be sure, their legal staff, it's important to know whether Gator is targeting them or not, and if so, how much." Scott Eagle , Gator's senior vice president for marketing, said the company was examining the report for possible errors, but he did not contest specific findings as of late Wednesday. Nevertheless, Eagle raised general doubts about the study's methodology, observing that the report relied on information gleaned from Gator's client software without taking into account actions performed on Gator's servers. "Eighty percent of the magic is what he'll never see," Eagle said of Edelman and his findings in a phone interview. "He's only touching a part of the elephant." Gator's advertisers are no secret to millions of Web surfers who have installed its software. Still, the company has been guarded about its customers and practices due in part to the stigma of pop-up ads and to ongoing litigation. Gator is one of the most aggressive companies peddling pop-ups--an Internet marketing technique that opens a browser window loaded with advertising over the top of, or underneath, an ordinary Web page. Early versions of Gator's service placed pop-ups directly over the top of advertisements embedded in Web pages, but the company has since ceased the practice. More recently, it has incorporated delays so that ads may be triggered only after visitors leave a Web site. Pop-ups have been credited with higher-than-average customer response rates, making them popular among advertisers. But consumers have rebelled against them, and countermeasures that block the ads from appearing have gained in popularity. Popping up in court Gator has run afoul not only of Web surfers, who generally dislike pop-ups, but also of publishers who rely on advertising revenues. The privately held company, which says it charges advertisers fees starting at $25,000, has attracted a slew of lawsuits challenging its business practices and the legality of luring advertisers away from Web sites that must pay to produce content. The company in February settled a case brought by The Washington Post, The New York Times, Dow Jones and other media companies. Other lawsuits brought against Gator by catalog retailer L.L. Bean, hotel chain Extended Stay America, and online loan marketplace LendingTree.com are pending. Gator says its practices are legal because consumers agree to receive the ads when they download and install its software: an e-wallet and authentication application that makes it easier for people to register with Web sites and make online purchases. Gator is included with popular ad-supported software such as Divx and NetSonic , which help Redwood City, Ca.-based Gator distribute its product to a claimed 35 million current users. Edelman, who is a student fellow at Harvard law school's Berkman Center for Internet and Society --which sponsored the report--has authored many similar studies in the past about topics such as Google's Web filtering, false Whois data, and registration of domain names with typographical errors. Although it would be possible for someone to install the Gator client and record its behavior, this approach is problematic. For instance, Gator delays serving ads from minutes to hours after a visitor leaves a Web site, making it difficult to trace what triggered the pop-ups. Edelman automated the process by using a packet sniffer to ask Gator for its ad lists for thousands of different sites. He found that Gator targets specific host names, such as support.microsoft.com, and sometimes targets identical ads at dozens or hundreds of Web sites. The University of Phoenix, for instance, pays for ads aimed at scores of other university sites, such as the University of California at Berkeley, Carnegie Mellon University and Stanford University. Wednesday's report shows that Gator is very specific in monitoring Web browsing. For example, it carefully watches what people type into the Google search engine, hunting for phrases like "preventing pregnancy," "high cholesterol" and "Toro lawn mower part," the study says. Edelman's research shows that even federal government Web sites are fair game. Gator users looking for information from the Centers for Disease Control and Prevention may see an ad for "thinner thighs in four weeks," and Gator watches for users visiting areas of the Food and Drug Administration's site relating to Viagra, breast implants and weight loss, the study found. Advertisers identified as Gator customers in Edelman's study, including Sun, did not immediately respond to requests for comment. How Gator works According to Edelman, a Gator server sends a list of ads to the Gator client, based on the domain name of the site visited. In his research, the lists consisted of a series of hyperlinks to Zip files, such as http://bg.gator.com/Banners/13811.1/13811.gbd2zip . The Gator client downloads and displays only the ads that jibe with the user's prior actions, Edelman found, which might mean not showing the same ad twice in a row. Gator's ad server appears to ignore other variables sent by the client utility, including locale, ZIP code, user ID and machine ID, and frequently displays ads after users leave a targeted Web site instead of while they're still viewing it. Gator's Eagle would not discuss details, calling it a "proprietary" algorithm. "Why am I going to put my intelligence where people like Ben or my competitors may be drilling down?" he said. Eagle contends that advertisers are only permitted to target groups of sites, not individual Web sites. But on Tuesday, after being alerted to the existence of the Berkman study, Gator deleted marketing materials from its Web site that suggested otherwise. The deleted Web page, which had existed since at least February 2002, had promised : "Gator can pop up your advertising or promotional message anywhere--even at a competitor's site." Gator said on Wednesday that the deletion was part of a new marketing campaign that had been planned for months. Even faced with the daunting threats of fierce legal battles and the dubious honor of marketing the most complained-about piece of "spyware," Gator says it's unbowed. "Companies like Google, Overture and Gator are shining examples of success," Eagle said. "Our consumers save billions of dollars per year on software that they'd have to spend $20 to $30 on if they weren't ad supported. Yes, I am sorry that many Web sites don't have a valid business model, but don't blame Gator on their failure. They crashed and burned long before we came on the scene." _______________________________________________________________________ eric wolbrom, CISSP Safe Harbor Technologies President & CIO 190 Goldens Bridge Ct. Voice 914.767.9090 ext. 6000 Katonah, NY 10536 Fax 914.767.3911 http://www.shtech.net _______________________________________________________________________ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri May 23 2003 - 10:55:16 PDT