Forgot your password?
typodupeerror
Privacy Software Your Rights Online

Digsby IM Client Quietly Installs Badware 259

Posted by kdawson
from the pushing-the-envelope-and-the-bounds-of-good-taste dept.
An anonymous reader writes "IM company Digsby has quietly included malware in an update to their client software that utilizes users' computing power and bandwidth while idle for a quick buck. When questioned, developers at Digsby claim that they have done no wrong and that users should not complain because the client software is 'free.'" The money-making distributed computing software is in addition to six "crapware" apps that users must refuse during installation. The terms of service that no one ever reads does describe the CPU- and bandwidth-robbing moneymaker, and its off switch is located behind the "Support Digsby" menu item.
This discussion has been archived. No new comments can be posted.

Digsby IM Client Quietly Installs Badware

Comments Filter:
  • Use Pidgin ... (Score:5, Informative)

    by Zen-Mind (699854) on Friday August 14, 2009 @11:44AM (#29066503)
    The power of choice: change IM client. There are tons of free IM client, just change it to something else like Pidgin [pidgin.im].
    • Re:Use Pidgin ... (Score:5, Insightful)

      by nametaken (610866) on Friday August 14, 2009 @11:57AM (#29066663)

      Agreed, and in the meantime, let them know why nobody is going to use their IM Client anymore.

      bugs@digsby.com

      http://forum.digsby.com/ [digsby.com]

    • Except Pidgin fucking sucks dog balls. I tried using that. Used it for over a year. I thought it was NORMAL for a multi-chat client to crash a couple times a week. Tried digsby, no crashes, worked well.

      Then I found out about the CPU bit, and I'll be uninstalling it when I return home. Maybe that Trillian Astra will be better than the old Trillian.

      • Re: (Score:3, Informative)

        by spyrochaete (707033)

        If you use Windows you should try Miranda [miranda-im.com]. It's got a low footprint, it has all the great features you could wish for from an IM client (except video chat), and it's free. Plus it supports Jabber and Gtalk whereas the free version of Trlilian does not.

  • Free or not... (Score:5, Insightful)

    by netruner (588721) on Friday August 14, 2009 @11:46AM (#29066521)
    Free or not, hiding (or not mentioning it, or putting it in the .000001 point fine print, or burying it in a 100 page EULA - IOW: obscuring the truth) something that you know people will object to is deceptive, dishonest and wrong. You have to ask yourself, would people not install my "free" software if they knew what it was doing - if the answer is anywhere close to yes, you have a moral obligation to reveal the details.

    This is part of the bargain - if you give away something for "free" and advertise it as "free", it needs to be "free" - as in not just that the costs are hidden. Otherwise, it really is a Trojan Horse.

    Don't reap the goodwill of the public when you're secretly using them.
    • Re:Free or not... (Score:5, Interesting)

      by TheRealMindChild (743925) on Friday August 14, 2009 @11:59AM (#29066707) Homepage Journal
      Nice little rant that I completely agree with. But I honestly think this needs some legal power behind it. Not just for software either. I don't want anymore "Fat free" foods that aren't fat free. I don't want anymore "Free trials" that automatically sign me up for a pay service that I have to cancel. And I definitely don't want anymore "Buy one get one free" where the "free" ends up being a mail in rebate.
      • The FTC gets around to doing something about it when a Senator falls victim to it.

        Since the state and federal computers are fairly tightly controlled, and most of their "computing" is done by interns, don't expect much to happen for a while. Unless a lot of people make a lot of noise.

        Cynical yes, but not exactly a rare circumstance.

      • Don't they usually say "after MIR" ?

        I'd rather have it free after MIR than not free at all...

      • by asdf7890 (1518587)

        I don't want anymore "Fat free" foods that aren't fat free.

        A lot of food adverts over here have started claiming "virtually fat free". They don't state how they are defining "virtually" in these instances though.

    • Re: (Score:3, Interesting)

      by nacturation (646836) *

      You have to ask yourself, would people not install my "free" software if they knew what it was doing - if the answer is anywhere close to yes, you have a moral obligation to reveal the details.

      I take a bit of a different angle. From the T&C they post:

      "15. USAGE OF COMPUTER RESOURCES.
      You agree to permit the Software to use the processing power of your computer when it is idle to run downloaded algorithms (mathematical equations) and code within a process. You understand that when the Software uses your computer, it likewise uses your CPU, bandwidth, and electrical power. The Software will use your computer to solve distributed computing problems, such as but not limited to, accelerating medic

      • by Khashishi (775369)

        This passage from the T&C sounds reasonably clear and specific, and I can expect a reasonably educated person to understand it. I don't see what the problem is. If you didn't read the T&C before installing, why not?

  • FOSS, maybe? (Score:5, Informative)

    by k33l0r (808028) * on Friday August 14, 2009 @11:46AM (#29066535) Homepage Journal

    Perhaps this is a good point in time to switch to Pidgin [pidgin.im] (multi-platform and my personal choice), Adium [adium.im] (Mac OS X), Empathy [gnome.org] (Gnome), Kopete [kde.org] (KDE), or some other, more trustworthy client?

    • by Toy G (533867)

      Why people never mention Miranda [miranda-im.com]? It's probably the best free & open-source client for Windows, so much better than Pidgin.

      • I actually specifically use Firefox, Thunderbird, Pidgin and X-Chat because my profiles are pretty much portable to different platforms. I've gone through the use of XP, various Linux flavors, OSX, Vista, and Windows 7 in the past two years... Without having to re-setup all my accounts on a different client. If I were to go with a better client for windows, I would probably have stuck with Trillian, which imho is the gold standard for multi-IM clients.

      • by bitt3n (941736) on Friday August 14, 2009 @01:00PM (#29067565)

        Why people never mention Miranda [miranda-im.com]? It's probably the best free & open-source client for Windows, so much better than Pidgin.

        because anything you say via Miranda can and will be used against you in a court of law

    • by Blakey Rat (99501)

      Pidgin-- unless you have a tablet PC or use voice recognition, Pidgin doesn't work with either of those. (Nor do any GTK+ applications on Windows, at least none I've seen... if anybody tells you a GTK+ app has a native look&feel, please slap them. Thank you.)

      Anyway, I "solved" my problem by just switching to Live Messenger, which works with all of Microsoft's UI features, and all my friends were on anyway. The two people I had left on AIM, I just told them they'd have to switch too if they wanted to IM

    • Re: (Score:3, Interesting)

      by Sir_Lewk (967686)

      Kopete is a really terrible application that I could never suggest anybody use, unless they really hate the alternatives.

      --signed, a kopete user...

      • by Toy G (533867)

        Kopete does integrate well with the KDE addressbook, and with the KDE look&feel in general. Doesn't work very well with webcams. The version I use (3.5.9, I think) is not too crashy.

        It might not be as good as Pidgin, but I personally cannot stand GTK applications and their huge buttons...

        • Re: (Score:3, Interesting)

          As of a few months ago, kopete occasionally dropped messages silently (confirmed via other channels). I switched to pidgin and no longer had to restart the program each time a "still there?" question went unanswered.

          For webcam support on yahoo, gyachi [sourceforge.net] works nearly flawlessly for me.

        • by Sir_Lewk (967686)

          Yeah, I use Kopete .70.90 (KDE 4.3.0 version) for exactly the same reason. It works alright now and it's integration with KDE 4.x has gotten much better, but there is still the occasional annoying bug.

  • I was about to try this out. Now I'm keeping Pidgin. TY Slashdot for the save!
  • Why not use one of the many free competing IM clients?

    My favourite is Miranda [miranda-im.com] (Windows only, free but not open source)) because it's incredibly lightweight, uses the default Windows UI, and has an incredibly active plugin community.

    Then there's Pidgin [pidgin.im] (multiplatform, free open source) which is also an excellent and mature IM which is also very extensible.

    No crapware whatsoever on these similar apps. Support the projects that contribute to the initiatives of free software with your downloads and your dollars. Snub the software that steals control of your computer for monetary gain.

  • by DynaSoar (714234) on Friday August 14, 2009 @11:54AM (#29066635) Journal

    ... if someone were to hack the malware. It would be very bad if they changed it so it downloaded copyrighted stuff, say whole CDs of recent music, to Digsby's machines, and then sent email to RIAA saying it's there. It would be a very, very bad thing indeed if this were then redistributed and thousands of unsuspecting people installed it and remained unsuspecting as the usually do, while it did its job then erased itself, because otherwise it would have been a Simply Awful very, very bad thing.

  • Due diligence (Score:2, Insightful)

    by DaveV1.0 (203135)

    Here's your problem:

    The terms of service that no one ever reads does describe the CPU- and bandwidth-robbing moneymaker

    In other words, they told you about it in documentation you agreed to and said your read but didn't. This sounds kind of familiar. I think it is because of all the people I have heard say "I didn't know that was in the contract. I signed it but didn't read it. You know, just like all those people with the "sub-prime" adjustable rate mortgages that ballooned after 2 years.

    It is called due di

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      There is such a thing as a reasonable expectation of the program's functionality. You can't legally put "if you do 100mph for 10 minutes, then a hidden bomb in the tank explodes" in a car rental contract, and neither can you legally add unrelated stealth functions to a program just because you said so in the ToS.

      • There's a menu item to turn it off. That doesn't sound too stealthy.
        • Except the menu item is in HELP. Under SUPPORT DIGSBY. And then it's in the middle, with nothing to make it stand out from the other options on there. They hid it as well as they fucking could have, and now that they're called on it, they're moving it again. To preferences. Only it'll still be on the "Support Digsby" tab. So most users who don't want to support digsby more than they are won't touch it.

    • Mod parent up! (Score:2, Informative)

      Despite what people would like you to believe, willful ignorance is never an acceptable excuse.
    • Re: (Score:2, Informative)

      by umrain (698867)

      Existing users who recieved automatic updates never recieved an updated EULA or any kind of notice of this addition and it was not even mentioned in the changelog.

      • by DaveV1.0 (203135)

        Then that is a different story. But, then again, they probably agreed to that in the original TOS or EULA.

    • by Culture20 (968837)

      In other words, they told you about it in documentation you agreed to and said your read but didn't.

      And if the Digsby devs weren't sociopathic assholes, they'd have advertised the "price" for their software instead of trying to hide it under multiple layers, doing only the bare legal minimum to cover their butts. I'm sure plenty of people would have been happy to let their computer do some number crunching if Digsby were up front about it.

      It is called due diligence and everyone should practice it, not just lawyers and businesses.

      You're joking, right? No one except the very rich or the very poor has the time to read through all the legalese presented to them at least ten times daily (every purc

      • by DaveV1.0 (203135)

        No one except the very rich or the very poor has the time to read through all the legalese presented to them at least ten times daily (every purchase signed receipt, signs on entryways and exits, software installations [multiplied by five if you're a sysadmin], etc).

        I call bullshit. I do it all the time and I am neither very rich nor very poor. You can read through most of the items you have listed in less than one minute. All but the most complicated can be read through in less than 10 minutes.

        Ignorance an

    • Re:Due diligence (Score:5, Insightful)

      by The Moof (859402) on Friday August 14, 2009 @12:33PM (#29067187)
      Maybe. If the contract is intentionally written in such a way that no layman can understand it and it's designed to take advantage of you, there is a valid argument against the company (IANAL, but people keep telling me this is true).

      And, as one person who replied to you also pointed out, if this was done via an automatic update without you clicking through to agree with a new EULA stating this, they're in trouble.
    • Re:Due diligence (Score:4, Insightful)

      by Belial6 (794905) on Friday August 14, 2009 @12:44PM (#29067339)
      Calling due diligence is like complaining about spelling. At the end of the day you just end up being a hypocrite. There is no way that any person can fully read every contract, warning, recall, EULA, instruction manual, etc.. There simply isn't enough time in the day to accomplish this and still function in society. So, what intelligent people do is make the best guess they can as to what has the greatest risk, and read those. This software is a perfect example of something that doesn't cause great harm, so it would have been a bad idea for most people to spend hours reading the TOS when they installed it, and re-read it every time they loaded the software to make sure the TOS didn't change. That doesn't mean that they shouldn't get up in arms about bad behaviour. It doesn't mean that they shouldn't feel that the company behaved unethically. It doesn't mean that they shouldn't complain as loudly and frequently as they feel the ethical infraction warrants. Just because something isn't technically illegal doesn't mean that it isn't unethical or harmful.

      As for the sub-prime adjustable rate mortgages that ballooned after 2 years... The number of people that didn't know EXACTLY what they were getting is so small as to be irrelevant. People getting sub-prime ARMs just let greed get in their way and made the stupid prediction that housing prices would always increase dramatically faster than inflation. Of course some people got 3 of them, and when the short term housing price increase happened, they massively mortgaged two of them, put the money into the third, and when prices dropped, they cried that they didn't understand as they walked away from the two massively mortgaged houses with the third being free.
      • by DaveV1.0 (203135)

        At the end of the day you just end up being a hypocrite. There is no way that any person can fully read every contract, warning, recall, EULA, instruction manual, etc.. There simply isn't enough time in the day to accomplish this and still function in society.

        That is bullshit and you know it. How often do you have to agree to a TOS or EULA? Most people can read through the average TOS or EULA in about 10 minutes. Somehow I doubt you can't spend 10 minutes doing that rather than watching some stupid TV show

    • So everything Digsby did was a-ok because the only stupid people were conned? Great.

      Things have different levels of importance, this should be pretty easy to understand: some things deserve to be buried deep into "documentation" and some things require more attention -- in this case there should have been a page in the installation wizard that explains the issue and Äets the user choose.

      The fact that Digsby developers did not do that tells me they are either incompetent or malicious. I am not intereste

      • by DaveV1.0 (203135)

        No one got conned. They agreed to do what happened. They should have read what they were agreeing to. You can whine all you want about where you think it should go, but until people are willing to take personal responsibility, practice due diligence, and read what they are agreeing to you have no argument.

        The Digsby developers did nothing wrong and are neither incompetent or malicious. The only incompetent people in this instance are the ones that agreed to something without knowing what they are agreeing t

  • Badware? (Score:4, Insightful)

    by RaceProUK (1137575) on Friday August 14, 2009 @11:58AM (#29066701) Homepage
    I know in computing it's fashionable to make up words, but badware? That's just crap. Besides, there's already a suitable word: malware.
    • Re: (Score:2, Interesting)

      by Ankur Dave (929048)

      While I agree with you that making up words is annoying, badware is different from malware: http://stopbadware.org/home/badware [stopbadware.org]

      It's a broader term that includes adware as well as directly malicious software. I don't think malware has the same scope.

  • N ot free (Score:2, Informative)

    by zzyzyx (1382375)

    It's not free if it costs you electricity to run the CPU at full power 24/7. All modern processors have idle states in which they reduce energy consumption. These are not just "wasted cycles" that could be put to some use anyway.
    A large amount of people also have metered bandwidth connections which might get impacted by this.

  • by Culture20 (968837) on Friday August 14, 2009 @12:07PM (#29066845)

    users should not complain because the client software is 'free.'

    A malware spreader saying this is like a person who knowingly spreads HIV saying his victims shouldn't complain because they got sex for free. I was going to say "rapist" but digsby doesn't install via drive-by download.

  • Aren't there about for zillion great free IM applications out there already? Why would someone use this one? What is the specific draw?

    • Re: (Score:3, Interesting)

      by Mean Variance (913229)

      Aren't there about for zillion great free IM applications out there already? Why would someone use this one? What is the specific draw?

      I used it to combine my Yahoo IM and Twitter feeds (yes, I follow certain people/things in Twitter). Also, it notified me about emails. Alas, I speak of it in the past tense. It was a nice program, but I was always a little leery about whether Digsby was doing something I didn't like. I noticed on IE, which I rarely use, that the search said "Google Search powered by Digsby." I knew that meant I missed a checkbox during the annoying install process.

      I uninstalled using Revo. The Digsby uninstaller left a bun

  • LOL! (Score:5, Funny)

    by Quiet_Desperation (858215) on Friday August 14, 2009 @12:50PM (#29067427)

    users should not complain because the client software is 'free.'

    Oh, I'd love to kick that guy in the nads and when he says "Dude! What up?" I'll say "Shut up! It was free!" and then he'd be all weepy like and I'd be all laughin' up in his face. Yeah, good times.

  • fyi (Score:3, Informative)

    by BattleApple (956701) on Friday August 14, 2009 @01:05PM (#29067651)
    http://forum.digsby.com/viewtopic.php?id=4708 [digsby.com]
    From steve: digsby developer

    @All: This issue will be addressed first thing in the morning. As for performance, the functionality has actually been off this entire time. It is in the TOS because it was planned for the future and Digsby has not been using your CPU/Bandwidth when idle so if you have had performance issues it is not Digsby related.

  • Old news (Score:5, Informative)

    by TheHawke (237817) <rchapin&pelicancoast,net> on Friday August 14, 2009 @01:06PM (#29067659)

    This started up back in December of last year according to the forum posts. To top it off, Steve the administrator, shut off the research module since then. Why the stir now? Plura is the one that needs to be hammered that provided the software for this.

  • Who the hell is Digsby and why should I care, when there's other [pidgin.im] perfectly [kde.org] free [igniterealtime.org] alternatives [psi-im.org] available that don't bundle crapware with them.
  • Wow, this is considered "badware"? It seems like a feature to me! Can I install the "badware" without getting Digsby with it?

  • I'm not sure what the issue is. When I opened Digsby today, it updated and with in a few mins it displayed a message directing me to a FAQ. It clearly tells you how to disable the feature if you don't want it.
  • by Jackie_Chan_Fan (730745) on Friday August 14, 2009 @02:48PM (#29069151)

    They were caught doing this before, so much that users made a big stink on their forums and they had to respond with a public statement. Apparently they havent learned their lesson.

    Then again its probably the only way they can stay in business so they'll do whatever it takes to make some money.

    Either way... I dont care. I dont use the software. I did install it recently while looking for an alternative to pidgin.... I now regret that greatly.

Passwords are implemented as a result of insecurity.

Working...