November 3, 2006

What would you do for $1?
Are you willing to allow a company to track your habits (shopping, viewing, listening, or browsing)?
Is $1 the price for your privacy?

By now you’ve heard the stories of people disclosing their password for a candy bar (  I’m talking about more than giving away access to their computer accounts.  It’s about people compromising their identity and/or their privacy for to get a $1coupon or to get a “free” application, screen saver or game. 

We already know that people don’t read EULAs (End Use License Agreements), so some vendors don’t even bother with the farce.  They just do as they please on the user’s system as soon as the user click’s the button.  Isn’t your OK consent enough to do what they want to on your computer as long as you get what you want? 

I’ve recently encountered a company that offered on-line a $1 off coupon for one of their products.  Just click the print button and it’s yours.  The problem was that when the user clicks , the vendor loaded software on the user’s PC to “track” the coupon. This triggered the anti-malware application.  If you’re not administrator on your computer, the application won’t work and you can’t print the coupon.  For $1 off of a grocery store product, the user gets spyware on his/her PC.  When the vendor was notified of these problems, they wanted to talk to the AV vendor to have them “fix” their software.

There are many other examples of software hiding malware.  It’s nothing new, but why does it keep happening?  Have they found a successful business model that preys on stupid end users?  Yes. 

To end users, the value of the application, service, or coupon is more valuable than the sanctity of their PC or their privacy.  There’s no easy way to associate value with those items, until they’re compromised.  Plus the initial ROI appears to be in the end users favor.  That is until they need to have their computer serviced or they buy a new one because the existing one is overrun with malware. 

Those reading this post should know better.  We are diligent and cautious in what we allow on our computer.  We may even read EULAs and will click No or Cancel when told an app wants to run on our machine.  We are the minority.

It’s Joe sixpack and our mothers that are the target.  They are the ones who can’t understand the EULA or will blindly click whenever given a prompt.  It’s the easiest way to get what they want.  In other words, the average American will sell their soul for $1.

We need to actively work to stop this problem.  Everyone reading this needs to use their sphere of influence to educate blindly clicking .  As OnGuard Online says, “Stop Think Click.”

We also need to challenge those who cause this trouble in the first place.  Does that app really need to be loaded in order to print a coupon?  I don’t think so.

Here are three things you can or should be doing about this:

1. Get in the habit of reading the fine print before you click.
2. Find out if your company is engaging in these practices.
3. Tell us about companies doing this sort of foolish thing so we can talk about them and determine if they should be doing this or not.
By working together, we all become stronger
About the Author Guest Blogger

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Don't know where to start?

Check out Security Catalyst Office Hours to meet your peers and celebrate the good, help each other, and figure out your best next step. We meet each Friday… and it’s free to attend.