top | item 5092711

What we discovered about InstallMonetizer

333 points| pg | 13 years ago | reply

Last week there was some controversy online about a company we funded called InstallMonetizer. IM makes software that companies can put in their Windows installers that offers other software to the user as part of the install process.

It's unclear exactly how much of a right we as investors have to tell the companies we fund what to do. But on the other hand we don't like the idea that someone we funded might be doing something illicit, so we felt like we should at least investigate the claims and if there was a problem, try to convince IM to fix it.

Here's a list of things people said about IM or similar products, and what we discovered about each:

1. They make "drive-by installers." A drive-by installer installs software without the user's knowledge. This accusation is false. Other companies in this business do such things, but IM doesn't. Every IM install screen has a decline as well as an accept button, and if the user declines, no software is installed.

2. The apps that get installed are "crapware." This one seems a matter of opinion. A lot of the world's most popular apps and sites seem like junk to us. But the users are choosing to install these things.

3. IM "monitors and uploads user’s ongoing usage activity of the bundled crapware." This fact is disclosed in the IM EULA (which admittedly probably no one reads), but more importantly isn't used for any money-making purpose. The usage info is (a) collected only for the first 30 minutes and (b) is only used to prove to the advertiser that the install is by a human and not a bot.

4. "This surprisingly includes not only IP but the globally unique MAC addresses." This information also isn't used for marketing purposes, only if advertisers request it to clear up discrepancies in dowload figures. We asked IM to switch to uploading hashes of the IP and MAC address instead, and they are going to start doing that.

5. Comments on HN mentioned that a lot of companies in this business wrap OSS in violation of the license terms. When we asked IM, they scanned their publishers and found that 6% of them were doing this. Those publishers have been banned from using IM, and all future publishers will be thoroughly screened for ownership of their software.

6. Comments on HN also pointed out that some apps installed by this type of installer are excessively hard to uninstall-- e.g. because when you try to uninstall them, they re-install themselves. This again is something that while common practice in this industry, IM won't do. They ban advertisers who do such things.

178 comments

[+] notJim|13 years ago|reply

I dunno, 1. and 2. seem like a cop out to me. When crappy freeware Windows installers provide a checkbox (checked by default, of course) to opt out of Bonzai Buddy or a million Ask.com toolbars or some bullshit malware scanner, they are still shitty and sketchy, and it's disappointing to me to know that YC is now behind a company that makes such software. And saying this crapware is popular does little to assuage my concerns. If users are "choosing" to install these things, it's unclear to me how informed or aware of a choice they're making. I bet successful viruses and worms are also popular by this metric.

By the way, here's an example of what we're talking about: http://imgur.com/8SGXUPP. Oracle bundles the ask toolbar with Java installs now. This is the default state, i.e., the box is default-checked. Why, users love the ask toolbar, they probably have a 95% install rate!

[+] jiggy2011|13 years ago|reply

Exactly, I always feel these "choices" are like being sold an extended warranty. It's presented as a choice but is "strongly recommended", non tech savvy users are likely not sure what "recommended" means in this context. Does it mean that the software might break my computer without it? Does it stop me getting a virus?

Anybody who consciously decides that they want the ask toolbar on their computer can find the standalone download here:

http://sp.ask.com/toolbar/install/apnasktoolbar/download.php

[+] bjxrn|13 years ago|reply

Definitely. I find it hard to find any reason why something like Babylon (one of the things I remember that IM might install) should not be called "crapware" or malware. Babylon hijacks your browser and then becomes practically unremovable (it can be removed but the people savvy enough to remove it are the ones savvy enough to never install it).

If users like this software so much then why do the creators of this software have to work so hard to make it next to impossible to remove? Who would want to get rid of software they love?

[+] chadscira|13 years ago|reply

I ran into this one recently at work we couldn't figure out how our testing machine got "infected" with all of the ask toolbar defaults... Eventually we traced it back to the default install options for java. A lot of software depends on java, so all of these users get asked to install java, and end up infected with ask's toolbar.. It's pretty sad that legitimate software is selling out like this.

[+] sbov|13 years ago|reply

Why don't you include examples of IM misbehaving rather than other companies you're trying to associate with them? The other post about this was full of this and it's crap.

[+] unknown|13 years ago|reply

[deleted]

[+] tylermauthe|13 years ago|reply

haha! Good point about the ask toolbar! Didn't think of that...

[+] withinrafael|13 years ago|reply

Paul, I'm one of the two people you're indirectly addressing with this HN post. (The second is Long Zheng.)

I wrote here: http://www.withinwindows.com/2013/01/16/installmonetizer-qui...

Long zheng wrote here: http://www.istartedsomething.com/20130115/y-combinator-is-fu...

I'll respond to each of your items individually.

1. OK.

2. Maybe. Or more likely users are mistakenly installing these applications because the offer screen is made to look exactly like the EULA acceptance dialog seen in every other installer.

But we don't expect this to be fixed. Anti-malware vendors have stepped in and are improving their definitions to catch this garbage but it's very much a cat/mouse game. (IM has been detected a few times, btw.) IM is very aware of this "threat" and designed their system around random domain names to mitigate detection issues as they arise. (Think about it -- Does IM, a legitimate company, really need to use fcgoatcalear.us and fcvalcsoi.us domain names? Come on.)

3. No idea where you got this information, given InstallMonetizer bundled software shows no actual EULA. The only EULAs shown during install are ones provided by the package author and the offer advertisers. Can you clarify this point, please?

4. Wrong. Existing IM bundles out there still send PII in the clear. This isn't something they can just flip a switch on and fix. (I saw IM edited their privacy policy to note the new hashing procedures but sadly that doesn't cover the bundles on the Internet today. So it's wrong.)

5. Yeah, I saw the company slip in the "Open-source software is a community product and you may not use our co-bundles with it" line. What a slap in the face of those who use commercially-permissive OSS libraries in their software...

[+] pcl|13 years ago|reply

Note that Paul's response said that they "are going to start" uploading hashes.

[+] garry|13 years ago|reply

3. It's included in the EULA of the app itself. They modify the installer.

4. I don't think there is any claim that this can be fixed instantly.

5. This is not for OSS-using libraries -- that's totally cool. Everyone uses open source. What they've banned is people wrapping VLC to make money off software they haven't written. That's not cool.

[+] pcl|13 years ago|reply

Also, transmitting MAC addresses and IP addresses in the clear really isn't anything to write home about -- that's how all TCP/IP packets are transmitted over ethernet, after all. The real question is what they do with that data on the server side. If they so desire, they could change that behavior far more easily, and retroactively apply that transform to all the data they've retained.

[+] RyanZAG|13 years ago|reply

Confusing inept users into installing random toolbars[1] that break their browsers and force them to call IT pros to 'clean up' their computers is pretty scummy. Sorry, but it is.

You can make a lot of money doing all kinds of popular things -- pimping women, selling drugs, selling 'likes' on facebook, selling botnets that create fake clicks on advertisers, ponzi schemes, etc. Some are illegal, some are just barely legal, but they are all damaging to someone. This line of business is known as 'scummy' and InstallMonetizer is plain 'scummy'.

Simple fact, trying to rationalize it doesn't help.

[1] http://installmonetizer-review.blogspot.com/ " 3. Which type of bundled software does Install Monetizer include in your installation package? Most of the bundled software are toolbars, though the company is always changing which software are available. When I first started Install Monetizer they offered just two softwares. A toolbar called White Smoke and good old Real Player. Today they have about seven install packages available. However, only USA Search and Facebook Profile turned profitable."

[+] SandB0x|13 years ago|reply

I think people will be wondering if this resembles the founders' ideas when they were funded by you, and if this represents the kind of company you wish to be funding.

You may of course defend the product on technical grounds (accept buttons, EULAs, etc) but I find it hard to believe that you truly think it is anything but a nuisance to end-users.

[+] pg|13 years ago|reply

They're working on something new, and all the office hours I had with them were about that. They're not even in our database of companies as InstallMonetizer but as the new thing. (I'm not sure if I can say the name because it may not be launched yet.) I knew they had some previous product that was called a Windows installer, but I don't think we ever talked about what it did.

The whole world of Windows software seems pretty grim, and when people get something for free or cheap they're often willing to click through a bunch of buttons to get it, but as far as I can tell IM isn't actually misleading anyone. E.g. as far as I can tell it's no worse than all the upsells people have to click through to register domains on GoDaddy.

[+] swampthing|13 years ago|reply

Just because you or I might find something to be a nuisance, doesn't mean most end-users will. Done right, I can easily see unsophisticated end-users being appreciative at being offered useful software that they would otherwise have not known about. I see this crap on my mom's computer all the time - she's bothered by it only if it affects performance or pops up with some message. If it's just sitting there, or if she actually uses it, she couldn't care less how it got there.

[+] thaumaturgy|13 years ago|reply

People pay businesses like mine to remove the sorts of software that IM bundles. From the end-user's perspective, they don't understand how this stuff gets on their computer, and they don't feel comfortable removing it because they don't want to break anything.

Put another way: people "get" this software for free, and then pay other people to get rid of it.

And then other scuzzy companies have built a niche industry around the "PC tune-up", prompted by stuff like this software, charging a lot of money to people who don't know better. And, often all these companies do is run software that has been specifically designed to remove junk software.

A lot of this niche is exploitative, taking advantage of people who don't know better, and it's all supported by the bundling of this crap. That goes well beyond "opinion"; "opinion" might be, "Facebook is crap", but there isn't an entire market built around people paying other people to shut down Facebook accounts. Users aren't "choosing" to install these things any more than someone might "choose" to step on a pile of doggy doo in the park.

IM really isn't your responsibility though, so thanks for getting them to flush out the OSS-wrapped stuff at least.

[+] DoubleCluster|13 years ago|reply

> Every IM install screen has a decline as well as an accept button

Well, could you provide a screenshot of that screen? Usually users are misled into thinking they are accepting the install of the software they actually downloaded.

> The apps that get installed are "crapware." This one seems a matter of opinion.

Yeah... I don't think very highly of your opinion if you really think like that. Making someones computer slower or less usable by installing "unwanted software" is something that should be forbidden in my opinion. Really, do you have any idea how much hours of my life were lost by removing crapware from computers?

I did check the ycombinator.com website for any indication if the type of company or product was of any concern. I did not find anything about that. This probably means ycombinator is actually just interested in the money and not in making the world a better place. Silly idealistic me...

[+] 205guy|13 years ago|reply

Yes, I definitely think we need screenshots (too lazy to sign up and get them myself). There used to be a graphic on their website (gone now) that showed an offer looking like a decline/agree license page. Under it they claimed their text is optimized for conversions--in other words, getting people to click.

Edited: the graphic isn't visible on their pages, but still available on their servers; see GuessWhy's comment:

  http://news.ycombinator.com/item?id=5093242

Also, if this company pitched a new product to the investors, and then used the funding, or at least the branding, to run their old product (especially one deemed spammy or scammy by a majority of HN readers), it sounds like this company has figured out how to game the angel investing game.

[+] d0m|13 years ago|reply

All the technical details aside, if you guys at YC ask yourself "Am I proud of funding this startup?" we both know what the answer is. In all fairness, PG said that YC funded another project from this company; I guess they've just used the YC name for credibility.

I find it quite ironic how PG went from building a spam filters to funding a spam company. Just for your information, this is what you've put your money and using your growth YC alumni for: http://www.kraftfuttermischwerk.de/blogg/wp-content/uploads2....

[+] davidroberts|13 years ago|reply

I worked for a few months recently as a remote support agent for a big ISP, and many of my customer's browsers looked almost as bad as screenshot you posted. As I was cleaning up, I would ask them for each toolbar (because I was required to) "do you want me to remove this?" They would invariably reply "I don't know what it is or how it got there." I think this pretty much kills the "informed choice" rationalization. About the only toolbar they understood or wanted was Google, and maybe the one that came as part of the isp's setup package (because they were used to it).

[+] powrtoch|13 years ago|reply

I don't understand all the moralizing going on in this thread.

VC is about funding the companies that could make a lot of money. When did we start expecting them to be the morality police?

Sure, if YC wants to build up a reputation for funding "honorable" startups, then they can choose to do so (and will choose to do so to the extent that they think it makes business sense). The comments here that say "This might be bad for YC's image and hurt YC long term" are all well and good. But lots of them amount to "this is bad and you should feel bad", and these just seem disconnected from the reality of market economics.

If YC doesn't fund some scuzzy but profitable company, someone else will. You can't solve job-outsourcing by asking companies not to outsource jobs, because the companies that play along will just get their asses kicked by those who don't. If you want to solve this problem, you have to do it at some other level (usually the laws and taxes level).

It's unreasonable to demand that YC pass on profitable businesses just because we don't like what those businesses are doing. I agree that IM doesn't seem to be making the world a better place, but that's not a problem that gets fixed by asking everyone to cooperate in starving them out.

Perhaps there's a line at which it's worthwhile to call out people for following the incentives that the market has given them, but I think this line is probably a lot closer to the "murder" end of the spectrum than the "installer checkboxes" end.

(Expecting downvotes, think I'm okay with that.)

[+] SCdF|13 years ago|reply

I've never understood this line of reasoning.

It is entirely within YC's right to fund businesses that a portion of the Internet find scummy.

Shockingly, it's entirely within the rights of that portion of the Internet community to then whinge about them funding said scummy businesses.

And it's YCs right to care, or not, about that opinion.

Someone once wrote a blog post that had a paragraph on cheating (on your spouse etc) and what constitutes cheating. He said that it doesn't matter whether you think what you did was cheating, only whether your spouse thought you were cheating. Your worthiness is entirely in the eyes of the other person, not yours. The other person is who you're 'selling' yourself to.

And so it is with companies. If McDonald's customers suddenly care about healthy food, McDonald's has to too.

The question is, is the portion of the Internet community that thinks these people are scummy YC's spouse? Should YC bend to their version of reality?

That's for YC to decide.

[+] notJim|13 years ago|reply

There are shitty things in the world. Some of those shitty things are profitable. Many many profitable things are not shitty. It is entirely up to the individual whether they want to be a part of the shitty things, particularly when the individual has the privilege of being in demand. If you're a software developer who decides to work on scammy tools to make money, that's fine, but don't expect me to not factor that information into how I decide what kind of person you are.

Further, YC is supposed to be innovation, and disrupting entrenched markets. Profitable innovation and profitable disruption, yes, but as I said, there's more than one way to make money, and the way YC claims to want to make money is in those ways. Bundling crapware with Windows installers is not a disruptive or innovative way of making money. It would be classified as a shitty, scummy way of making money that has been happening for years. Many of us here that admire YC admire them because we think that innovation and disruption ultimately are beneficial. So when YC, instead of funding innovation and disruption, funds scumminess and shittiness that's been happening for years, we are disappointed in them.

[+] ricw|13 years ago|reply

If IM would be solving a problem, I would agree. Unfortunately it is crapware. Crap. Ware. It is not solving a problem. It is making the world a worse place. Maybe they should start Investing into viruses?! where does this end? It's something I wouldn't expect of pg and yc. It's simply immoral and shit behaviour. Divest or be disgraced!

[+] TeMPOraL|13 years ago|reply

I guess most of us here got used to YC's reputation and don't want to see it loosing it.

> If YC doesn't fund some scuzzy but profitable company, someone else will.

This is never a valid argument for explaining your behavior. There's a good chance that someone else will do it anyway, so now there are two bad actors instead of one.

[+] jneen|13 years ago|reply

> VC is about funding the companies that could make a lot of money. When did we start expecting them to be the morality police?

Maybe they should start investing in private prisons and arms dealers. I hear they make loads of money.

To come down from that loaded statement, a good investment is different from a profitable one. Or at least, I'd like our culture to believe that.

[+] jiggy2011|13 years ago|reply

Nobody necessarily expects YC to be a charity, on the other hand they have made significant PR and marketing capital on the basis of being basically a force for good in the world.

For example PGs own writings: http://www.paulgraham.com/good.html

[+] photon137|13 years ago|reply

It's not an issue of installer checkboxes - it's an issue of abuse of trust. Would you feel the same way about the no-doc home-loans that were handed out just so that some brokers could make some money? They were simply some checkboxes too that nobody cared to read through - and look where it led us.

[+] ricardobeat|13 years ago|reply

YC already is associated, by their own will, with companies that innovate, work on crazy new ideas, build the future, disrupt markets, solve problems. Not sleazy marketing schemes.

[+] willwhitney|13 years ago|reply

While you may not have a right to tell the companies you fund what to do, you certainly have the right not to fund them. At the same time, you are running a for-profit business, and turning down a company you feel is likely to be successful isn't responsible to the other people involved in Y Combinator. And as far as I know, they could have entered the program with a different product and changed tacks partway through. All this to say that I do not have the right nor the information to question your professional decisions.

Personally, though... is this a product you're proud of?

[+] glass-|13 years ago|reply

The vast majority of people are not deliberately choosing to install the software. They are "accepting" it by accident, by pressing the wrong button or because they are rushing through the installation and are not paying attention.

No consumer wants this stuff. The advertiser's software is a nuisance and gives no advantages to the end-user.

[+] api|13 years ago|reply

That's one of the hard things about advertising-- beyond an informative product announcement, most other advertising ranges from useless to annoying to the consumer. I know that I spend a certain amount of almost unconscious mental energy ignoring advertising, and any time I do research I have to sieve the results to filter out biased advertising-driven material. (It's particularly bad in health-related stuff.)

[+] yuhong|13 years ago|reply

This doesn't mean pushing useful software isn't possible.

[+] dsl|13 years ago|reply

These guys have gotten a lot of flack they don't deserve. A friend of mine builds and distributes what most people would consider "crapware" (toolbars, adware, etc.) and was flat out denied by IM when he tried to use them for distribution. Sure a bad apple or two might slip through, but according to my friend its rare to ever be denied by a distributor unless you're not willing to pay going rates.

It seems like they are working to clean up a dirty industry. Just like AdWords did to the PPC business.

[+] ddunkin|13 years ago|reply

This industry sounds dirty by nature, you can't 'clean up' spammers or prostitution either. Just because a pimp won't sell his girl to just any old John, doesn't make the whole act any better. It's people in the middle trying to make money off of someone else's hard work.

It is really simple, just don't attempt to trick users into installing stuff they didn't want to download in the first place (anything outside the bundle they chose to download). Additional steps on install only take away from the user experience and taint the experience of the application you are wrapping.

[+] holograham|13 years ago|reply

Thanks for this explanation pg

This raises a question though: does this company make something that users want? When a user installs a specific program is he/she looking to install other software as well? Is the argument that InstallMonetizer bundles useful software that it feels will enhance the user's life in some way? (going off the adage that the consumer does not really know what they want i.e. they'd just ask for a faster horse)

[+] pg|13 years ago|reply

In this case the users are the advertisers. Clicking on a decline button for other software they don't want (in the worst case) is for the end-users the price of getting software they do want.

[+] dgunn|13 years ago|reply

In a few months, I will, once again, uninstall 10 tool bars from my mother's computer. She doesn't want them but they are all installed. Why? Because allowing users to opt out of installs is effectively the same as installing through a drive by process. This type of software is among the lowest form. Whether it's legit or not, the end result is a nuisance to users. I hope their new product isn't as seedy.

[+] dxdt|13 years ago|reply

Despite the defense of InstallMonetizer, their payment model and practices do not appear to be what you would find with a legitimate software business.

InstallMonetizer has been used by malware as a method to make money as early as April 2011. It was being silently installed by a large botnet, and I assume that the botnet affiliate was making money off the installs.

Their installers are also labeled as a malware by AV vendors, and treated as such by network monitoring infrastructure.

[+] holograham|13 years ago|reply

my company's IA dept treats IM as malware FWIW...and we have industry leading IA/CND operations

[+] photon137|13 years ago|reply

Extremely disappointed. If integrity in all aspects of a business is a lower priority than growth, then I don't suppose there is any difference between Wall Street and Silicon Valley investors anymore.

Questionable practices should be just that - questionable - and remain that way. This "ironing" over by stalwarts like pg poses the danger of this stuff becoming the norm over time.

[+] ddunkin|13 years ago|reply

You can stomp on the grey areas all you want on individual points, but you have to really look at the whole picture.

What is the end result of the software they produce? Without marketing buzzwords thrown in to mask the true intentions?

To bank on ignorant users and to leverage that ignorance to increase revenue.

Same people who do the AV browser pop-ups designed to convince your grandma that 'your computer is infected', they are using the same tactics with a different costume. I actually spoke with a spammer last year (I'm sorry 'content distribution network' as they called themselves) and the double-speak was just infuriating, that was all I could think about when reading this.

[+] tomjen3|13 years ago|reply

>Every IM install screen has a decline as well as an accept button, and if the user declines, no software is installed.

Which is the default? Decline or accept?

[+] guessWhy|13 years ago|reply

"Agree". http://www.installmonetizer.com/AT_images/process.gif

[+] JohnsonB|13 years ago|reply

This really is the key question. When installing an app, a user should just be able to breeze through the install wizard and not waste time on every screen reading to see if it may slip an unwanted install in.

[+] oh_sigh|13 years ago|reply

About 95% of installs are from users who don't understand what they are doing. Of course they are going to make it opt-out by default. They will probably provide an option for advertises to choose opt-in, but that will be used in only about 1% of the cases since it cuts their profits by 20x

[+] oh_sigh|13 years ago|reply

What about opt-in vs opt-out? Would this company be profitable if all of their toolbars were opt-in only?

I'd be willing to bet a dollar that InstallMonetizer will tank if they relied on opt-in, but will make bank if they rely on opt-out.

[+] zaidf|13 years ago|reply

InstallMonetizer will tank if they relied on opt-in, but will make bank if they rely on opt-out.

Just like the US Postal Service if direct mailing was opt-in instead of opt-out. What's your point?

[+] lucb1e|13 years ago|reply

In response to point #2: Glad to hear you'll be choosing to install my new search toolbar! Did you know it comes with free 3D smileys?

Really though, if you weren't one of the criticized parties (for funding them), would you really think the same about points two and three? And even bothered to point out the first? Regardless of whether you should have funded them, your post sounds rather biased.

[+] JungleGymSam|13 years ago|reply

You can explain it any way you want but it's still a product that's meant to take advantage of an ignorant audience plain and simple. Any person outside their audience knows where and how to get the software they want. There is no use for IM's service outside of the ignorant mass of computer users.

Consider another angle on this software: it is a direct contributor to the daily stress of IT people and the "computer person" found in many families.