Snopes Pushing Zango Adware

DaMan writes "Here's something that isn't an urban legend — Snopes, the popular urban legends reference site, has been pushing adware, for at least 6 months, to users via ads displayed on its Web site. No one seems to have called them on it until recently."

News?

[Anonymous Coward]

All kinds of sites have those sort of crap ads. It's regrettable, but is it really news?

Re:News For Nerds HOW???

[Anonymous Coward]

Well, if you really are are nerd, you'll be interested to know that the malware you're fixing on [insert whomever roped you into free tech support]'s computer came from snopes after you sent them there, after getting an "OMG this letterz from George Carlin (no, not really) is SOOO TRUE!!!!" type mail. Again.

Re:Oneword

[CSMatt]

Which is probably responsible for no one knowing about the adware for so long.

all about the money

[bjmoneyxxx]

Snopes isn't something built for the common good of people, it's their to generate money, and they just happen to choose one of the darker ways to do it. "Do you want to block junk sites?"

Who does what how?

[mcmonkey]

A little on topic/a little bit just an excuse to blather about something in my mind since the Cloverfield [slashdot.org] story:

Folks in the ad game are in trouble. And I mean the folks using ads to sell another product and the folks selling the ads.

Apparently there was some sort of 'buzz' about Cloverfield for the past few months. I missed it. That may not be interesting, except I watch 2 to 3 hours of TV a day, spend more time than that on the web, subscribe to several popular (non-technical) magazines, and read a daily newspaper. I don't claim to have my finger on the pulse of pop culture, but I'm not quite ammish.

I vaguely remember a teaser-trailer (perhaps before Transformers?), but other than usual pre-release media push in the last few weeks, I know nothing of this buzz. If that's the state of advertising, then those folks are in trouble.

How does this tie in to the current topic? Well...Snopes has ads? I would guess it would since there's no subscription fee and would make a very strange charitable effort otherwise. But if Snopes has ads, I can't say I recall ever actually seeing one.

Seriously, for TV I have TiVo. For the web, there's ad buster and other tricks. For magazines, those ads are usually full page and very easy to recognize and skip without reading. For radio, there's NPR. Pretty much the only traditional advertising that gets my attention are bra ads in the daily paper. And those aren't even selling anything I might buy! (Unless the models are for sale.)

I don't see any claim for driveby install

[Tran]

But he does say that since people trust Snopes that the software appears to be enorsed by Snopes. Which would lead people to go ahead and install it.

The downside of adblockplus.

[ChangeOnInstall]

I've been running adblockplus for quite a while now and have effectively forgotten about issues like this. So have most others who would get upset by it. Of course then I'll unknowingly send friends/family to sites such as snopes without a second thought about malware concerns. To me it looked like a nice wholesome/clean site.

bad provider?

[dnwq]

Probably just a bad advertising provider than anything else. ... I get the whole "check who provides your advertisements" thing, it's a duty of the webmaster and all - but wasn't there a case where a provider only showed malicious ads outside the country of origin? Or something? Is checking even reliable? Ethical policy here would probably just be to poke Snopes.com via their forums first...

Re:Holy ...

[jjohnson]

Snopes isn't obscure--they're probably the most authoritative debunker of urban legends on the web. On the linked blog post, you can see several comments saying "I used to refer people to Snopes all the time when I got some glurge email."

Re:Who does what how?

[gandhi_2]

NPR doesn't carry advertising?

The fact that the personalities do the pitches, and they aren't screeming about hotdogs at the monstertruck show, doesn't mean NPR doesn't cary ads.

It likely wasn't Snopes' decision

[patio11]

A quick primer in online advertising, for those of you who block it:

At one end of the chain, we have Content Provider A. At the other end of the chain, we have Service Provider Z. Z wants to place advertising on A's site but, importantly, doesn't know how to do it, doesn't generally know specifically who A is, and needs this to scale to potentially thousands of As. This is where participants B, C, D, E, F, Google, H... etc come in. There are advertising aggregators, affiliate networks, affiliates, affiliates of affiliates, affiliates of affilates of networks of affiliates who subdivide the advertising market into smaller and smaller slices before it finally gets on A's site.

Now, somewhere in the chain, let us inject one person who is less than scrupulous. He doesn't work at Snopes -- this would tarnish a brand for a week's worth of income, not a smart play. He probably has a steady stream of relationships with each of the numerous advertising concerns on the Internet, picking up and moving from one after he has collected a check or three and then had the banstick for TOS violations catch up with him. He is the one working for, most probably, affiliate of an affiliate of an affiliate of Zango.

This is the way most malware makes its way onto ad networks and, from there, onto high-trust sites. Volokh Conspiracy, one of my favorite blogs, had a nasty browser hijacker which affected non-US users for months before their advertising network caught wind of it. A few popular MMORPG sites have ended up hosting keyloggers in the same fashion. It is an unintended consequence of a system without central control -- much like the Internet itself, actually. (The system being split up this way does have its advantages, for both endpoints of the chain and for everybody between. Google's business model is based on snapping the chain and replacing it with a big cloud labeled Gooooooogle, but they're not yet the only game in town.)

Adblock Plus

[Artuir]

It might be Adblock Plus, then. It automatically prompts upon your first Firefox load (after installing the addon, of course) for a subscription server. After that, you don't need to touch a thing. I didn't know Snopes (or most sites for that matter) even ran ads until I saw this article.

Re:I don't see any claim for driveby install

[yotto]

[i]Snopes readers... Who are generally somewhat cautious, skeptical or suspicious sorts, if only because they're most likely there to debunk some urban legend that's been going around... Are going to blindly install a shady virus scanner from a pop-up window ad.[/i]

Um, I don't send people to Snopes because they were cautious, skeptical, or suspicious. I send them to Snopes because they forwarded me an email about how a little girl in Indiana went missing and if you just forward it to your friends some company will donate $1 to the save the little girl fund or some garbage like that.

These are EXACTLY the type of people who will click on the flashy icon that says "Click here"

Re:It's not a Snopes Problem.

[Planesdragon]

It's a non free software problem. Free software users don't have to download software from untrusted third parties. No closed source software can be trusted, so Windoze users who don't get software from Snopes ads should not feel so smug. There is very little difference between M$ and Zango.

Sheesh.

1: Unless you went through the code yourself, don't trust it. Maybe you can trust the maintainer of that code, but either way you end up trusting a third party.

2: Spelling it "Windoze" and "M$" just makes me think you're a moron. You're not a moron, are you? Why would you want me to think that?

3: Microsoft takes my money and gives me software that is as good or better than what I can get elsewhere. (Otherwise, I don't go to MS.) Zango would take my privacy, and give me... what, exactly? Third-rate software I can find better from a freshman off his first coding binge?

Re:I don't see any claim for driveby install

[LrdDimwit]

They most definitely are not. They put up "The Repository Of Lost Legends", or "TROLL" for short, where they posted a bunch of bogus claims and said it was true. They wanted to drive home the point that you shouldn't replace blindly believing what $LUSER says, with blindly believing what's on snopes. Well, they didn't do a very good job; they had to add a disclaimer after they started getting their own bogus posts as real. People had been spreading them.

Yes, I was younger (a lot younger) then, but that's still no excuse for my becoming a vector for the idea you could substitute a zebra [snopes.com]* for Mr. Ed, on black and white TV, and no one would notice. They said it, I said "isn't that odd?" and believed it. It seems strange now that I would believe it just because they said it, but I did, despite the fact it makes no sense. I felt really stupid when I found out.

So I would say the claim that people might assume Zango must be OK, because it's on Snopes, is very possible. After all, Snopes' entire reputation is built upon having unassailable credibility. You would think no one would ever fall for the 419 scam ('Hi, I have $800M I need to launder. But I can't spare $100 for bribes, gimme.') but people fall for it all the time, some of them very smart indeed.

* -- Yes, I know, bad form to link to snopes when the story is 'snopes pushes adware', but it's needed for my point.

Re:Obnoxious Advertising

[Blakey Rat]

The only thing more obnoxious than ads on websites is the 45 people who crop up in every Slashdot discussing with their smug "I don't see ads, I use AdBlock!" bullshit we've already read 50,000 times.

Give it a fucking rest.

Re:It's not a Snopes Problem.

[ricree]

Unless you went through the code yourself, don't trust it. Maybe you can trust the maintainer of that code, but either way you end up trusting a third party.

That's true to some extent. There is, however, a large difference. In closed software the third party you are trusting is often limited to the people who actually wrote the code. In open source software, you just have to trust that some people out of the many on the internet capable of understanding the code have actually looked at it, and that at least one of the people who looked at the code would call the project out on any suspect parts of the code. Personally, I'd say that the second set of assumptions is probably more likely to be true (at least for non obscure projects) than the first.

Re:It's not a Snopes Problem.

[bfields]

"Unless you went through the code yourself, don't trust it. Maybe you can trust the maintainer of that code, but either way you end up trusting a third party." I've never read through Wiles's proof of the Fermat conjecture, but I'd still bet my life on its correctness, because I understand the process by which it was reviewed. I don't claim free software is free of problems. But, other things being equal, I *do* trust code that I know could be publicly reviewed by anyone over code that couldn't be.

Re:Who would care?

[Tim C]

I'll field that one. My experience of people who seriously use terms like M$ or Windoze (or open sores for that matter) are generally either trolling, morons or fanatics (or some combination). In any of those cases, there seems to be little point to trying to have a constructive, reasoned argument with the person.

Re:It's not a Snopes Problem.

[ArsenneLupin]

Microsoft takes my money and gives me software that is as good or better than what I can get elsewhere. (Otherwise, I don't go to MS.)

Simplistic really. There is plenty of reason why to get a product besides its quality.

How about:

1. you don't know any better
2. it's foisted on you by your PC salesman (in many places, it's still exceedingly difficult to find a Windows-less PC)
3. it's foisted on you by your employer
4. it's foisted on you by the manufacturer of a gadget that you like or by a radio station that you like to listen to
5. some of your personal (digital) belongings are being held hostage by MS because at some point in the past you were impacted by points 1-4 above.
6. you get it in order to test some code on it in order to help a friend impacted by cases 2-5 above

Yeah, monopoly power is a bitch, isn't it. In a free economy, you'd have the choice of only buying the software that is good or better than what I can get elsewhere. In the real world, unfortunately, you might not have that choice.

However, the more people become aware of this situation, the sooner it is going to change. So, spreading the word is not useless. Even if most of your audience can't do anything about it, some of them might be, and help the situation improve for everybody.