Web content giant Yahoo may be pulling in a percentage of its profits through advertising relationships built on spyware and false "clicks" on their ads, according to security researcher Ben Edelman.
Edelman, a Harvard Ph.D economics student and consultant on fighting spyware, found evidence that Yahoo's Overture advertising network was mixed up with notorious spyware companies such as 180Solutions.
The spyware vendors were allegedly faking "clicks" on Web sites belonging to advertising partners with Yahoo, in order to push up the "pay per click" rates for the pages.
Each faked "click" means the advertiser in question forks over a portion of profit to Yahoo, and Yahoo pays the spyware vendor in turn.
In addition, users who visited certain pages had "duplicate" versions of the pages appear on their screens, enabling the spyware companies involved to make more money, even though the advertisers didn't get any more business.
Edelman backed up his claims with evidence including screenshots, logs, and notes for each find, all published on his Web site.
According to Edelman, Yahoo's spyware advertising was a result of lax policing of its agreements with advertiser companies.
"Yahoo syndicates ads to numerous partners, many of whom syndicate ads to others, some of whom then syndicate ads still further," Edelman said.
"The net effect is that Yahoo does not know who it's dealing with, and therefore cannot exercise meaningful supervision over how its ads are displayed. I consider this a bad idea -- bad business, bad for quality, bad for accountability."
In an interview with ConsumerAffairs.com, Edelman said that Yahoo's shady dealings were a result of "a special kind of ignorance."
"They had economic incentives to let this happen, even though they must have known that the end result would be bad," he said. "They may not have wanted it to happen, but it did."
The Yahoo/spyware mix is the latest example of the huge and often wildly complex mazes that develop between big companies and advertising networks on the Web.
Major corporations, both knowingly and not, pay ad networks to hawk their products via well-placed spots on Web pages. The advertisers will then partner with other, even less scrupulous companies, and use means such as adware and spyware to get Web surfers clicking on their ads.
Sometimes the end result is embarrassment, as in when major companies find their ads sitting side-by-side with racy ads or sites where consumers can write anything they want in blog-like postings.
Just as often, the end result can be a computer full of spyware and adware, causing an unknowing Web surfer hours of frustration as they try to remove the unwanted guests and get their machine working properly again.
Edelman said that the importance of the issue to the average consumer stems from the fact that they have "no real ability to influence the problem." They're not advertisers buying ads on Web sites, nor are they able to get Yahoo or companies like it to listen to their concerns.
Edelman himself has only occasionally dealt with Yahoo directly in his investigations of their spyware dealings. "Frankly, they didn't want to talk to me," he said.
Sometimes the legal system can work in consumers' favor against spyware companies. New York State Attorney General Elliot Spitzer won a high-profile settlement against media company Intermix for its "deceptive practices" in using spyware and adware to infest users' computers.
Intermix is mostly known as the company that originated the hugely popular Myspace.com, and ended up selling it to Rupert Murdoch's NewsCorp for a cool $580 million.
Spitzer recently launched another lawsuit against notorious adware purveyor DirectRevenue.
"These applications are deceptive and unfair to consumers, bad for businesses that rely on efficient networks to do their jobs, and bad for online retailers that need consumers to trust and enjoy their online experience," Spitzer said.
Internet policy organizations and the tech media have worked hard to shine a light on the money trail that leads from big-name companies.
The Center for Democracy and Technology (CDT) published a report in March 2006 that illustrated how adware company 180Solutions was profiting from a complicated mix of advertisers who ended up paying to have their ads attached to spyware downloads.
Ben Edelman thinks that more media attention will help convince advertisers not to do business with spyware companies.
"Spyware vendors want to enjoy the fruits of their labors," he said. "If the industry sees them under attack and reeling in terms of lost revenue, they won't want to do business with them."
Just as important is for Web users to practice basic safe surfing, he said. "Don't download any software you aren't sure about, read the fine print of any agreement you're about to get into, and if something seems too good to be true -- like free downloadable music with no strings attached -- it probably is."
"If you don't know if something's bad for your computer," Edelman said, "ask your computer-savvy friends to figure it out before you get it."