Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy

Gator's EULA Dissected 93

theVP writes "Ben Edelman has recently written up his disassembly of the Gator EULA. He has come across some interesting finds, including the fact that their EULA states that you can't remove their software via 3rd-party means, as well as prohibiting the use of packet sniffers or intercepting the data coming from their software."
This discussion has been archived. No new comments can be posted.

Gator's EULA Dissected

Comments Filter:
  • by Ayaress ( 662020 ) on Thursday December 02, 2004 @11:29AM (#10975157) Journal
    That if they ever decided to try to legally enforce that EULA that the fact that their software installs itself without permission or intervention from the user invalidates it. The legitimacy of EULA's aside, they usually say they're activated by using the software. You don't really use Gator/Claria/whatever they're calling themselves now, and most of the people who have it probably don't even know they have it, so you don't do anything to enter into the agreement.
    • We are lucky virus writers don't tag such EULA's to their stuff (yet).
    • I think that's the right way to approach / attack Gator's EULA. IANAL, but for a contract to be valid there has to be consideration (something of value, could be intangible or tangible) given to each side.

      Currently, software companies are skating on the thin ice that the EULA actually gives you permission to load the software into memory (i.e. making a copy of it) and use it - purchasing the box and media the software is stored on does not. So that is the consideration you get for agreeing to the EULA (w
  • by mhesseltine ( 541806 ) on Thursday December 02, 2004 @11:30AM (#10975176) Homepage Journal

    Often times, it's mentioned on /., K5, Fark, etc. that EULAs aren't enforceable as a contract. Would this be a good case for someone to take Gator to court over, since Gator seems to want to restrict a person's ability to use thier computer? Would a judgement against Gator cause other companies to be less restrictive in their EULA terms? Or, would other companies just point and laugh (figuratively) at Gator for getting nailed?

    • I believe this has been done in Germany, though I'm not positive. I'd like to see it done in the US, though (blah, blah, standard "Slashdot's editors are US'ian, that's why it's US-centric" disclaimer here). IANAL, but IIRC, a contract is considered in parts. So the ludicrousness of the "can't remove with 3rd party software" doesn't invalidate Gator's EULA (assuming it is a contract). Not that we care, for the sake of this discussion; we want a precedent set that EULAs simply don't have the authority th
      • IANAL.

        However, a contract must be agreed to by both parties. If you manage to download software onto my machine without asking, that also means that I didn't get a chance to agree to the EULA. No contract then exists between me and the "vendor".

        Well, they may argue that it's not a contract, it's an agreement. But if I didn't agree to it, how is it an agreement?

        No matter how you slice it, you aren't bound to a contract/license/agreement that you never even saw, let alone agreed to...
        • Yes ... but Gator and some other spyware programs are voluntarily downloaded (I just spent 20 minutes explaining to a neighbor that there was no point in having me clean spyware off her computer if she wanted to keep CometCursor). Now, perhaps one could argue that a EULA of that sort is invalid because people don't read it, and the company knows it (a "good faith" type argument), but I have no idea whether that would hold any legal water.
    • EULA's have been enforced before, by blizzard against a company that was making 3rd party add-ons to starcraft (against the world editor EULA). Kinda sucks, but what you gonna do.

      EULAs do have their uses, however, since you can slap them on software you release for free with a warning saying it my asplode your computer, use at your own risk and recieve some kind of legal buffer if some company decides that you broke their computers and need to be taken to task.
  • The part about removal is quite obviously exorbitant and would not likely hold in court. There is nothing really shocking in prohibiting the use of packet sniffers (esp. as a step towards reverse-engineering.)
    • Is it really that typical to prohibit use of packet sniffers? Any other programs include this in their EULA? I've never seen it before, though perhaps I haven't been reading the right EULAs.

      If programs can prohibit packet-sniffers, then how are users (or researchers or testers or auditors) supposed to confirm whether or not programs are complying with their own privacy policies?
      • Exactly. Their spyware does not 'OWN' the packets. Once the packets are generated, I can do whatever I want with them. Obviously, this includes grabing the destination ip address, which then allows me to setup firewall rules to drop the packets. This is why you need a firewall that works both ways.
        • "Their spyware does not 'OWN' the packets."

          Doesn't matter if they do. The EULA to use my LAN is that all packets are statefully inspected for malicious content prior to ingress or egress from the border of the lan to the Internet.

          HA I win. My EULA is just as enforcable as yours :P
          -nB
      • Most if not all online games (MMOGs) have something like that in their EULAs. But, yeah, I doubt it would hold up in any court.
      • Easy to work arround. Have someone else do the monitoring, someone that does not have the game or have agreed to the EULA.
    • Re:Exorbitant clause (Score:3, Interesting)

      by Jerf ( 17166 )
      There is nothing really shocking in prohibiting the use of packet sniffers

      The "shocking" thing is that they think the clause does anything.

      If I wanted to sniff Gator packets, well, I sure as hell wouldn't install it on my machine anyhow. I'd get one of my friends to install it and use it on the local network, and I'd stiff those packets.

      I am not bound by the license and as it would be my network I can do whatever sniffing I want. Legally I couldn't "do whatever the hell I wanted" with the data since cop
    • their EULA states that you can't remove their software via 3rd-party means
      What are they going to do about it? Rescind permission to use their software? I think I would have demonstrated that I wanted to stop using it by removing it.
      • That's what I was wondering. They can't claim you've breached the licence. You are no longer taking advantage of the "rights" offered.

        IANAL but surely the obvious first response to a breach of the agreement would be for Gator to withold the right to use the software. uhhmmmmm.... fair enough....
    • This makes me think of Johnny Mnemonic [imdb.com] .

      Johnny Mnemonic: I'm a dead man if I don't get this out of my head!
      Spider: I can get it out.
      Johnny Mnemonic: How?
      Spider: A cranial drill and a pair of forceps.
      Wave link for the visualy challenged [sciflicks.com]

      It sums up my experiences with spyware rather nicely I think. To bad my customers become upset when I secure their machines by drilling a hole in the hard drive and install a padlock through the platters.

      SD
  • by l1nuxpunk ( 738263 ) <linuxpunk@nOsPAm.linuxpunk.net> on Thursday December 02, 2004 @11:33AM (#10975195) Homepage
    The USER of this SOFTWARE gives up all rights to their immortal SOUL. Any attempt to regain the rights to your SOUL will result in immediate banishment.

    Have a great Gator day!
  • I normally do not support the death penalty, but I think those responsible for gator should be executed in a shocking and public manner, such as public beheadings or a firing squad. These people are a menace to society, and probably cannot be reformed so just trowing them in prison until they change their ways would not be adequate.
    • by Ayaress ( 662020 ) on Thursday December 02, 2004 @11:48AM (#10975378) Journal
      I think that would set a very bad precident on what the government would accept as grounds for capitol punishment. Afterwards, people would be saying, "You killed those bastards for making spyware, why is my neighbor still alive? He walked on my goddamn lawn!" and so forth.

      Now angry mobs armed with torches and pitchforks, on the other hand, have nothing to do with the government and I hear they make for some damn fine keggars afterwards.
      • by brunson ( 91995 ) * on Thursday December 02, 2004 @12:07PM (#10975569) Homepage
        I think the death penalty is justified for sitting stopped in front of me when you have a free acceleration lane to use to merge with traffic.

        And for not realizing it's legal to make a left hand turn on red from one one-way street onto another.

        And for hanging out in the passing lane on the freeway while people are passing you on the right.

        And for being my mother-in-law.
        • <pedant>It's not legal everywhere in the U.S. to turn left on red from one one-way street to another. It's legal in Ohio but not in North Carolina, for example.</pedant>

          <rant>I can understand frustration about slow drivers hanging out in the left lane on freeways that have all of the exits on the right. However, I tend to have people get frustrated at me (driving some approximation of the speed limit) in the left lane on freeways where a left exit is coming up, or even on large city stre

        • Don't forget to include people who try to back down an exit ramp while there is traffic behind them! I swear I saw this happen before. At the very least, chop off the idiot's right foot so they can never drive a car again.
        • I know you were trying to be sardonic, but there's some flaws:

          I think the death penalty is justified for sitting stopped in front of me when you have a free acceleration lane to use to merge with traffic.

          Not unless the vehicle's acceleration factor would cause it to run out of pavement before fully getting up to speed to merge with flowing traffic.

          And for not realizing it's legal to make a left hand turn on red from one one-way street onto another.

          Not in all jurisdictions. Traffic laws can and ofte

          • In WI, I've been in a car that was pulled over on I94 going 1mph under the limit in the left lane, because it is ALSO illegal to be in the left lane going that slowly. I can't remember if the terms were obstructing other traffic or about only being in the left lane while passing.

            Admittedly, the deputy didn't like the looks of our car, was a real moron (unusual in my experience, but this guy was) and let us go after his superior showed up and they had this long talk back by their cars.

            The upshot, though
            • that reminds me of something interesting that happened up here in canada.

              two guys took their cars out on the 4-lane hiway near here, took up both east-bound lanes, driving exactly on the speed limit all the way for 67 miles.

              they were arrested for obstructing traffic. and they were clocked at exactly 66 miles/hour (the speed limit on that highway)
          • "And for hanging out in the passing lane on the freeway while people are passing you on the right.

            Not if the person is driving at or below the speed limit. This one has always been a personal pet-peeve of mine. People assume that the left lane is the fast lane, but not if the vehicle is driving faster then the speed limit.

            The operative word here is limit . Those signs with black numbers on white backgrounds don't say speed allow. A limit is a restriction, so therefore a speed limit of 65 MP/h means ... in
            • My personal pet-peeve is for speeders in general. I live around Atlanta. You know, where the minimum speed-limit on I-75 *is* 75 MP/h (posted 55/65), and the minimum speed on I-85 *is* 85 MP/h (posted 55/65), and for Ga. 400 it's 400 MP/h (posted 65).

              Every day I see countless lives lost and wasted by assholes who think it's their God given right to speed. Hell, I've got to average 85-90 down 75 just to avoid getting run over. Speed limits aren't for fiscal desires, they are there to save lives.
              • Item #1: If you stay out of the left lane, you don't have to drive as fast to avoid getting run over. That's my point about it being a safety issue. Yes, I have driven in Atlanta many times. You're either going 75+ or you're doing 10. I know. Getting in others' way, deliberately, is just plain stupid.

                Item #2: In many places, speed limits ARE about fiscal. The national 55 limit was about fuel economy as much as anything, and the last stats *I* saw indicated that traffic deaths had NOT risen as a resul
      • Wait, I thought you said it was a "bad" precedent.

        Anything that forwards the progress of human extinction has to be good.
  • So, if you can't remove it via 3rd party tool why can it be installed without the users knowledge, or even be un-installed by Gator itself?
  • I can't remove it with 3rd party software. Your uninstaller doesn't remove it, so I can't remove it. I can't use a sniffer to see what it is doing and you can install it on my computer by any means most of which will never display this EULA.

    Sounds great, so about switching my company to Linux.....
  • from the article:

    If Gator were easy to uninstall, users might not need to resort to third-party removal programs. But Gator makes its software hard to remove. Browse to Add/Remove Programs on a computer with Gator installed, and there's often no entry for Gator. Instead, users are required to identify, find, and remove all programs that bundle Gator, and only then is Gator's software designed to uninstall. This unusual removal procedure -- unique among all programs I've ever encountered -- makes Gator diff
    • Rogabean writes: "When you installed say, Kazaa, you agreed that in exchange for running Kazaa for free that you also agree to run for instance Gator. So removing Gator should entail removing Kazaa or whatever program bundled it. I can't argue that point."

      Certainly Gator claims that Gator is required in exchange for getting Kazaa for free. Whether or not users understand this and meaningfully accept it is another question, of course. If they did, there's a certain persuassive force to Gator's requirement
      • I don't agree with their method. That's why i called it shady. I'm just saying... I can't fully argue the method...Ya can't blame for making it a little harder to uninstall though.. I mean who wants that crap?

        I still feel dirty.
      • Certainly Gator claims that Gator is required in exchange for getting Kazaa for free. Whether or not users understand this and meaningfully accept it is another question, of course. If they did, there's a certain persuassive force to Gator's requirement that Gator stay as long as Kazaa stays.

        Unless kazaa's EULA stipulates that you can't have it without Gator, they're irrelevant to the discussion. You can't as part of your license put additional riders on other people's licenses. It doesn't work that way

  • Not discussed in the initial write-up above, but potentially of interest:

    Gator's license, as presented by Kazaa, merges section headings in with body text. No bold type separates section headings from the paragraphs that follow. For that matter, no line breaks separate the headings from the paragraphs. They're just all merged together.

    Example:

    Ownership; All Users of This Computer Bound You represent and warrant that you are the owner of the computer and that you have authorized the download and inst

  • "Any use of a packet sniffer or other device to intercept or access communications between GP and the GAIN AdServer is strictly prohibited."

    Does this mean that we will get fried under the DMCA if we sniff what our personal information is getting sent through the line without our authorization? (CC#, SSN#, etc)?
  • by G4from128k ( 686170 ) on Thursday December 02, 2004 @12:18PM (#10975684)
    Next, companies will prohibit users from even reading the EULA or discussing the EULA with others. Its not unlike the database EULAs that prohibit the sharing of benchmark results. This type of contractual control of communications is bad for achieving the transparency needed for true capitalist competition.
  • So, whats the legal situation where you get a drive-by install and dis-agree with the EULA.
    If you dis-agree with the EULA then you are not supposed to run the software. However, you are not given the means to not run the software. This is twisted.
    But, since you did NOT agree to teh EULA, and it was put on your system without your permission (illegal unauthorized access, according to the anti-hacking laws, just ask Mitnick) then I don't think the DMCA can apply.

    So, now, I can legally dis-assemble the softwa
    • Except for one minor detail. Copyright still applies to the software, regardless of if you agree to the EULA or not. Posting the disassembled source would still be copyright violation, although you could probably legally do the first two without any problems.
      • The copyright could probably be fought in court since the source is still independently (kinda) developed. Also, the source would likely be different than the *original* source. Most modern compilers also perform some optimization of source code. Thus, the disassembled code will contain the optimizations, and the source derived from that would be different still. Though you might still be able to call it a derived work. The comments and documentation added would definitely be original works.
        Of course, I was
  • by nightsweat ( 604367 ) on Thursday December 02, 2004 @12:44PM (#10975957)
    So what's Gator's remedy if you violate the EULA? They consider the contract broken and you can't use their software anymore?

    Great! That's what I want - your crap spyware gone. Now please enforce the EULA.
    • by Anonymous Coward
      not to mention the absurdity of disallowing a third party uninstall in the EULA.

      "If you try and remove our software using third party software, we will, uh... remove our software..."
  • And if I sniff the data and see the packets then what exactly is the action against me? Does it mention any actions that can be brought against the capturer of the data or what happens if you remove the software?
  • by gstoddart ( 321705 ) on Thursday December 02, 2004 @01:40PM (#10976528) Homepage
    Wait, so they are asserting they own control of any network which has had Gator installed? If I have a home LAN, and I'm sniffing packets on my LAN, those packets belong to me. So if someone installs it on a corporate computer, then the IT department is now prohibited from reading their own packet data?

    They also claim that someone who installs a piece of software on a machine can make anyone else who uses that machine bound by that agreement? How the hell does that work? "By clicking here, your agree your sister will have sex with me" is not a valid license. And if the user wasn't the duly authorized 'owner' of the machine, is their entire license void???

    Good god. I completely can't see how any of this shit is legal. Not even remotely. Especially since it piggy-backs its installs with so many other things.

    Sheesh. No wonder I do my web surfing on Mozilla on a FreeBSD box behind a firewall. Good luck putting gator on that.

  • by scupper ( 687418 ) * on Thursday December 02, 2004 @02:06PM (#10976842) Homepage
    I'm wondering if anyone is working on documenting how the spyware EULAs, like Gator's, might violate any one of the many Microsoft product EULAs, and how that violation might be used to leverage Microsoft(or it's board) into smashing the alimighty Hammer of Bill on these spyware companies.

    Say like folks who use/subscribe to MSN services( MSN Wallet, bCentral, MSN Shopping, Expedia, MSN Maps, MSN Music, etc) or the application services (Passport, Messenger, Encarta, Money, MSN Toobar, Mappoint, Streets and Trips, Picturte It, Windows Media, etc, etc..), can there not be conflicts between Gator's EULA and any of these M$ product EULAs and servcies websites terms of use for the data they collect and claim "ownership" to?

    It would seem Microsoft could gain some ground with users if, instead of focusing on attacking Open Source products and their infringement on M$ EULA, to target the compainies exploiting the vulnerabilities of their software and it's users, aka GATOR. Everyone would cheer that effort.
  • :) They really don't have a leg to stand on, people, however, I admire Ben's enlightening article.
  • For one thing, I don't know about the legality of most EULA's as a whole. They certainly -might- be workable, but certainly some have been struck down as invalid, and rightfully so.

    "By installing and using X software package, you agree that every time you type in a credit card number to your system, X software package's keylogger will transmit this data to X developer. You further agree to let X developer use this information to make all the purchases he damn well likes."

    While this may seem an extreme exa

If you steal from one author it's plagiarism; if you steal from many it's research. -- Wilson Mizner

Working...