MBS response thread (2)

  Forum Editor 23:23 13 Jun 2007
Locked

This continues from the first MBS response thread, which you can access if you click here

4. Marketing Methods:

MBS represents a growing number of organisations and is expanding into other fields of payment services. We have put over 4 years of development into the systems that operate the MBS process. We work closely with the sites to ensure that they operate proper and compliant marketing methods to advertise their products and services. We monitor closely the advertising pages used. Without going into the complex nature of web advertising, it is not always possible to review every advert from a downstream traffic provider. Instead, we individually track every download made. This is linked to both the advertising page and the marketing partner. We can trace back from the download, this information for audit purposes. It is worth noting that many members say they are the subject of a blind download or never agreed to terms before downloading, every page has a confirmation box on it. If it is a genuine download it cannot be obtained unless this is checked. This further initiates the windows security features which request confirmation from the user before the download will begin. This further initiates the windows confirmation to run. A marketing company would gain nothing from attempting to by pass this process, as they receive payment from the website when a download can be traced. If the download does not come through the above process, its trace would be lost and they would receive no revenue. All software from MBS is code signed, if we were attempting to use unacceptable methods to deliver the software, why would we publicly sign all portions of the code? Trading Standards have had full sight of the marketing methods used by the Website companies and accept these comply with their requirements. Content Rating Although not obliged to by law, we request marketing partners apply content rating on advertising pages and the sites themselves.


5. Removal

This is a interesting discussion, to say the least. Under the terms agreed to, by attempting to remove the software, you are breaching the terms that have been expressly accepted by you thereby putting you in breach of contract. We have a long standing relationship with Symantec - the largest antivirus software company in the world (57% market share). We have been in discussion with the security teams both in the UK and America and they have confirmed that our software does not constitute, malware, spyware, a torjan horse or virus and have removed all reference to our files from their signatures. Prevex has done the same. AVG is in the process of reviewing our entire suite and has already suspended the incorrect classification. We note that several anti-spyware companies are using our files names to promote their software. Unfortunately, it is the unwitting that perhaps do not realise that these companies do this with a great many software companies in the sole attempt promote their own software, not assist the user. The price that many people have paid for this software is higher than that of the membership they owed! Several of these companies are merely untraceable 'white label companies' that promote other branded software. Many of which have Eastern European origins and are very difficult to locate. They also use copy methods of the mainstream Antivirus companies to identify software definitions, not produce their own. They then buy these as ad words on google. There is no Consumer interest in their promotion. Any person or organisation giving specific information on the removal of the software may be subject to legal action. In promoting these processes, the person is inciting the user to breech the terms of their agreement in which the user expressly agrees not to remove the software other than via our approved means. They are also facilitating the breech of contract between MBS and the Website client which maybe subject to a separate action. This has been successfully prosecuted with respect to the distribution of protected music over the internet. And in answer a couple of questions regarding disclosure, if a court orders the disclosure of information, it has to be done. Internet traceability is now easier than people may like to think.

  beynac 09:38 14 Jun 2007
  beynac 11:02 14 Jun 2007

I've read through these threads with interest. Here are my comments:

"And in answer a couple of questions regarding disclosure, if a court orders the disclosure of information, it has to be done. Internet traceability is now easier than people may like to think (see above.)"

Who agrees to the contract? My understanding is that MBS are saying that if "you" tick the box and click on the link, "you" have entered into a contract. Who is "you"? The only information that is available to the receiving page is either generated by javascript (and just includes affiliate references, if applicable) or through the 'Superglobal arrays in PHP. These can identify the referring page (if the user's software/firewall doesn't block this), the user's IP address and the hostname from which the user is viewing the page. None of this identifies the person accessing the site or even the actual computer being used (unless there is a way for PHP to gather this information - if there is, I am not aware of it). So, three options for the identity of the 'user':
1. the owner of the computer. Who's that? Computers don't have to be registered.
2. someone using it with the permission of the owner (has the owner authorised this type of action?)
3. someone using the computer without the owner's permission (how can the owner be held liable?)

It is the usual owner/user of the computer who will be affected. It appears to be left to them to sort it out - they may not have agreed to anything.

What about two, or more computers using one internet connection. MBS have the IP address. Should I, as the ISP's account holder, be legally liable for the actions of everybody who uses that connection. I cannot understand how you can have a legal contract if one of the parties to the contract cannot be identified. I accept that this is, apparently, legal but I don't see how it can constitute a fair agreement.

----------------------

"...many members say they are the subject of a blind download or never agreed to terms before downloading, every page has a confirmation box on it. If it is a genuine download it cannot be obtained unless this is checked. This further initiates the windows security features which request confirmation from the user before the download will begin. This further initiates the windows confirmation to run."

The only validation, which I can see, on the second page (the one with the T&C) is done using simple javascript. It asks the question "Is the box ticked?". If no, it opens an alert box prompting the user to tick the box. If yes, it just downloads the software ("../setup1_10046.exe") with no further checks at all at this point. It then relies on the "windows security features" to ensure that the user agrees to the download. In my opinion, this is totally unsatisfactory and is not secure at all. I cannot see anything here that couldn't be simulated by malware. I would have expected, at the very least, some sort of validation using PHP.

---------------------

"Any person or organisation giving specific information on the removal of the software may be subject to legal action. In promoting these processes, the person is inciting the user to breech (sic) the terms of their agreement in which the user expressly agrees not to remove the software other than via our approved means."

There seem to be two points here, not one! I'm no lawyer, but I can understand that actively promoting removal methods could be seen as inciting the user to breach the terms of their agreement. However, let's suppose that someone asks me to help them remove some software from their computer and I do so. I have not incited them to breach their contract. I have merely removed some files. Could someone point out whether I could be legally liable in those circumstances. What if I just advise them to reformat and reinstall, or restore a backup disk image? BTW, I will continue to help people to remove it.

(continued in next post)

  beynac 11:02 14 Jun 2007

Overall, I still can't see how the terms and conditions can be enforceable. MBS have obviously made sure that they are legal, and the FE confirmed this. I suppose the only way is for someone to challenge them as being unfair. Personally, I'm just even more determined to protect my computer and not click on anything, even adverts, unless I know exactly what is going to happen. I use Firefox with NoScript and should therefore be immune from their current offering. It can be annoying when some sites don't work properly, but it is a simple matter to temporarily 'allow' them.

In my opinion, MBS have not answered the questions - they have merely restated their position in very forceful terms.

  Forum Editor 14:25 14 Jun 2007

is a knotty one, and I've spent many a meeting discussing with clients the ramifications of logging visitors' IP addresses on web servers.

Broadly speaking it is not possible to identify an individual from an IP address without the active cooperation of an ISP, and the ISP is highly unlikely to divulge personal information without a court order. In themselves, IP addresses do not constitute 'personal data' within the meaning of the definition provided by the UK information commissioner, but if my clients use IP addresses to build profiles of individuals I always advise them to say so, loud and clear, in their website's privacy policy declaration. My advice to clients is that although the IP address is assigned to a computer (how could it be otherwise?), the ISP provides internet access to an individual - the person named in the connection agreement - and it is this individual who is responsible for the conduct of the computer on the internet.

It's rather like a car owner being fined for being trapped by a speed camera and trying to claim that someone else was driving - unless you have irrefutable evidence in support of the claim it's unlikely to succeed as the basis of a mitigation plea. In the same way, an ISP's customer who claims 'it wasn't me, someone else was using the machine' isn't likely to get very far.

Site owners/operators who intend to build customer profiles based on IP addresses would do well to consider that Only a court can decide whether or not this constitutes processing of personal data within the meaning of the Data Protection Act, and as far as I know and there have been no court rulings on this point to date. When such a case comes to court I believe that the court will pay careful attention to what the Information Commissioner might have to say on the subject.

  helpinghand 09:07 15 Jun 2007

While the points the FE makes are understood, there are issues relating to computer use that don't compare with the analogy of car use. In the case of a car, where its use can, and indeed (for insurance purposes) must be controlled by the owner, the legal position is generally easier to establish. Home computers don't have to be registered, and until such time as they do, there is no clear 'legal responsibility' when it comes to the identity of the owner. This could become very involved, especially if a computer is sold on privately and the only person with a proof of purchase may be the original owner. Even more complicated: what if a pc or laptop is stolen? - a scenario which has become increasingly common. It may be that, in time, governments may deem it necessary to enforce some kind of 'pc licence' to ascertain the ownership of a piece of equipment. Personally, I feel this should be unnecessary, but issues like the one we're currently debating could force things down a similar route.

All this would be completely unnecessary were service providers to be obliged to establish their contracts with named individuals rather than a piece of equipment, and one of the major flaws of the MBS method arises precisely from their choice not to use forms, credit cards, and the like, in their sign up procedure.

As has been said elsewhere, however, this method suits them very well for other reasons.

Incidentally, I wonder how the organisations and institutions who routinely talk about microbilling with another meaning (i.e. billing for very small amounts) are currently feeling about this company bringing this term into disrepute?

  €dstowe 14:43 15 Jun 2007

I urge everyone affected by the doings of MBS to give details to their Member of Parliament and refer him/her to the numerous messages here and elsewhere about the bad feeling that this company is creating.

  helpinghand 14:51 15 Jun 2007

That sounds a very good idea to me. In fact, it sounded a good idea to me earlier this week ..... And perhaps contacting some of those consumer programmes that are around?

  €dstowe 15:04 15 Jun 2007

Problem with consumer programmes is that they make a lot of noise but they have no power to do anything.

  helpinghand 15:14 15 Jun 2007

The power of these programmes is to raise the profile of issues like these. Remember the premium rate line furore just recently? After that became a radio item, action very rapidly followed that resulted in the main parties reviewing their practices. Also, I believe that raising the profile in this way will encourage others with experiences to contribute to make their concerns known.

  helpinghand 15:15 15 Jun 2007

Edstowe

The power of these programmes is to raise the profile of issues like these. Remember the premium rate line furore just recently? After that became a radio item, action very rapidly followed that resulted in the main parties reviewing their practices. Also, I believe that raising the profile in this way will encourage others with experiences to contribute to make their concerns known.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Fujitsu Lifebook P727 laptop review

Converse draws on iconic heritage for a fresh brand identity

Mac power user tips and hidden tricks

Comment lancer Windows 10 en mode sans échec ?