Posts Tagged ‘instant messaging’

Spyware on Digsby

Monday, August 17th, 2009

I recently discovered that my former IM client, Digsby, was leasing out my computer for computational work without my explicit consent.  Since I don’t like the idea of possibly donating my computer (least of all, my work computer) to God-knows-who for God-knows-what project, I ditched it.  (This is usually against the IT policy of every major company I’ve ever seen — even benign things like folding@home are forbidden, because they suck up the company’s electricity, and companies want their resources used to make money).  I went back to Pidgin in the interim, which has a craptastic interface but is functional in a Soviet-automobile sort of way.  It works with AIM, Yahoo, and Jabber, and supports my company proxy — which is the bare minimum of functionality for me.  However, I discovered that Trillian has released a new IM client, Astra, which I’m now using and love so far.  As I use Astra more, I’ll follow up on it.

The Digby folks were rather non-specific in their description of what it does, offering feel-good descriptions like cancer research.  And yes, it’s true that this was disclosed in a blog post quite a while ago.  The problem is that I shouldn’t have to read some developer blog post to know that your software isn’t nefariously using my resources once I install your program.  It’s true that any time you install any software on your computer, some level of trust is required.  And yes, Digsby is free — but they also pitch themselves as some sort of fast-moving community of software developers, so it was never clear that they were leveraging their users for anything more than testing and community-building.  Seeing as how they kind of present themselves as the Facebook/Myspace of IM and seeing as how those other services are free (without nefarious strings attached), they have an obligation to prominently disclose behavior which very clearly deviates from a standard agreement between users and software publishers.  Burying this information with nonspecific descriptions in a click-through EULA which nobody reads (and whose legal basis has not been evaluated in court) does not count.  At very least, it’s unethical.

I’m sure some people are fine with what Digsby did, and they don’t mind running the so-called “research module”.  The problem is that none of Digsby’s explanations of the research module make any sense.  They first explain what grid computing is, then they give some examples of grid computing.  The clear intention is to leave the reader with the belief that what your computer will be doing is “things like” cancer research.  Hell, they call their distributed-computing client a “research module”.  Their intent to deceive is clear.  From their description:

There are numerous research projects that require a massive amount of computing power to complete.  One option is to run these on a supercomputer but there are very few of these in the world and renting time on them is very expensive.  Another option is to break the problem up into many little pieces so each of the little pieces can run in parallel on thousands or even hundreds of thousands of regular computers.  This is called Grid Computing.

A few examples of popular grid computing projects are: Help Conquer Cancer, Discovering Dengue Drugs, FightAIDS@Home, and The Clean Energy Project.  Besides these non-profit projects, there are many commercial applications for grid computing such as pharmaceutical drug discovery, economic forecasting, and seismic analysis.

Now that you have an understanding of grid computing, let’s go over how this fits into Digsby.  We are testing a revenue model that conducts research similar to the projects mentioned above while your computer is idle.  Unlike the installer revenue model above, which is commonly seen in many products, this is much more unique so we’d like to clarify what it does and how it works.

[2 paragraphs removed]

The idea is to make this both a revenue model and a feature!  Some of the research Digsby conducts may be for non-profit projects like the ones mentioned above and some may be for paid projects, which will help us keep Digsby completely free.  So, using this module keeps Digsby free and contributes to research projects that will make the world a better place. [emphasis mine]

So, first they explain that they’re doing grid computing with their “research module”.  Then they give some examples of grid computing, all which sound great and which happen to be research.  “Research”, “research module” — the average person would read this and conclude that this thing is doing AIDS research in the background, and Digsby’s being paid for it.  Except, those projects don’t work that way.  They take unpaid volunteers who install those clients on computers, typically at universities.  They don’t pay people.

So who does pay people for computationally intensive work?  Though it could be relatively harmless things, I have no hope of knowing, because Digsby will not disclose who their customers (no, not you, the people actually paying for their users’ compute power) are nor what, specifically, their applications are.  Digsby has told you what some “examples” of research are that sound great, but they haven’t told you the ones that you probably wouldn’t be so enthusiastic about.  Those examples include data-mining/analysis or prime-number factorization for decryption.  Possible customers include telecommunications companies, the NSA, the CIA, or foreign governments.  Those are all customers that would pay.  A more harmless example of for-pay distributed computing would be a security firm such as RSA wanting to test a new algorithm against distributed attack, but again, the problem is we’ve no idea of knowing who it is.  And because many of these examples would be fairly secret, the Digsby developers themselves probably don’t know, which raises all sorts of concerns.

There are numerous research projects that require a massive amount of computing power to complete.  One option is to run these on a supercomputer but there are very few of these in the world and renting time on them is very expensive.  Another option is to break the problem up into many little pieces so each of the little pieces can run in parallel on thousands or even hundreds of thousands of regular computers.  This is called Grid Computing.

A few examples of popular grid computing projects are: Help Conquer Cancer, Discovering Dengue Drugs, FightAIDS@Home, and The Clean Energy Project.  Besides these non-profit projects, there are many commercial applications for grid computing such as pharmaceutical drug discovery, economic forecasting, and seismic analysis.

Now that you have an understanding of grid computing, let’s go over how this fits into Digsby.  We are testing a revenue model that conducts research similar to the projects mentioned above while your computer is idle.  Unlike the installer revenue model above, which is commonly seen in many products, this is much more unique so we’d like to clarify what it does and how it works.