In reading through the comments on my last several posts, I get the impression that a lot of people think that Zango winked at the silent and/or inappropriate installs perpetrated by its distribution network. I can assure everyone that was not the case. I first found credible evidence of silent installs happening in mid 2004, and the emails that I sent on the topic for the next year or more were not exactly models of tact and discretion. But they also show the dawning awareness that our distribution model was broken, and badly needed to be revamped from the ground-up. A few examples out of many emails on the topic that I personally sent.
Sent on 11/8/2004, after one of my developers noticed a silent install taking place through a sub-affiliate of LoudMarketing, our largest distributor (and the company that eventually became ZangoCash):
It looks like 2229 is from Loud, which is not a good thing. They need a good swift kick in the balls for pulling shit like this. Tell them in no uncertain terms: THIS IS FUCKING UNACCEPTABLE.
We need to get this taken care of, and ASAP. This is absolutely intolerable. We can't have folks going around giving us this reputation.
We'll be able to detect this in a more automated fashion once we get the CET running – but for now, we'll have to put up with ad hoc information like this.
Sent on 12/2/2004, after I found Zango being installed through a security hole by a company called CrazyWinnings (or one of its sub-affiliates):
And these guys are definitely bundling a Trojan. No doubt about it. After I uninstalled everything that I could find to uninstall, AdAware still found hundreds of entries – and so far as I can tell, at least four different pieces of spyware. And no matter how many times I ran AdAware, they still came back. These guys are a bunch of frigging bastards.
I can't say too much that we HAVE to completely and permanently distance ourselves from players like this. If we are ever going to build trust as a brand, we need to never, ever be associated with guys like CrazyWinnings. I would strongly encourage us not to wait until tomorrow at 3:00, but just drop them now. We will never, ever be able to trust them. They're slimy, and they're associated with guys that are even slimier.
Zango will never get any traction – and 180solutions will never be able to build a legitimate, long-term business – if assholes like these guys are still dragging 180solutions' name through the mud. Fuck 'em. Get rid of them now, and sue their asses.
Sent 4/11/2005, after I found Zango being installed on a page that was using an exploit to install other software:
Although they [IST] don't install the slotchbar AX without asking, my own testing actually indicates that they are using an IE security hole to install some stuff besides the slotchbar. And although a number of the things that get installed from that page have uninstalls, a number of the uninstalls don't work (including IST's). After I finished uninstalling everything that could be uninstalled, and rebooted, MS AntiSpyware still found four separate and working installations of various spyware applications. And yes, they install us (through the slotchbar, not through the security hole, but given that it all happens at the same page, and given that the slotchbar uninstalls don't work, that's not relevant).
This is a big, big problem. This is a clear violation of our code of conduct. We can't have ourselves out there associated with this kind of stuff. Ken M., it seems to me that legal action is clearly warranted here. What's your take on this?
And it's another problem that I'm the one finding this. We clearly need to do our testing better. I'd like to call a meeting to discuss how we handle testing applications like this, to figure out why my own testing was able to find such a clear violation of our COC, and our formal testing didn't. Who all should be there at that meeting?
Diplomacy has never been my strong suit as an executive.
I should also note that although I was probably the most vocal, my concerns were taken very seriously by the folks in charge of our distribution relationships. Not only did they work very hard to address these issues with the distributors in question, they also proposed the strategy which eventually fixed the problem, namely, to acquire our largest distributor, and clean up their network.
Should we have been associated with guys like IST, Aztec and CrazyWinnings in the first place? In hindsight, of course not. But we honestly didn't know the extent of the problem, and even when it became clear, it took real time, effort and work to fix it. And ultimately, and regrettably, my predictions came true: they dragged our name through the mud, we were unable to build trust as a brand, and we were never able to build a legitimate, long-term business. Zango had other problems besides this one, but this was the largest.
No comments:
Post a Comment