
What we discovered about InstallMonetizer - pg
Last week there was some controversy online about a company we
funded called InstallMonetizer.  IM makes software that companies
can put in their Windows installers that offers other software to
the user as part of the install process.<p>It's unclear exactly how much of a right we as investors have to
tell the companies we fund what to do.  But on the other hand we
don't like the idea that someone we funded might be doing something
illicit, so we felt like we should at least investigate the claims
and if there was a problem, try to convince IM to fix it.<p>Here's a list of things people said about IM or similar products,
and what we discovered about each:<p>1. They make "drive-by installers."  A drive-by installer installs
software without the user's knowledge.  This accusation is false.
Other companies in this business do such things, but IM doesn't.
Every IM install screen has a decline as well as an accept button,
and if the user declines, no software is installed.<p>2. The apps that get installed are "crapware."  This one seems a
matter of opinion.  A lot of the world's most popular apps and sites
seem like junk to us.  But the users are choosing to install these
things.<p>3. IM "monitors and uploads user’s ongoing usage activity of the
bundled crapware."  This fact is disclosed in the IM EULA (which
admittedly probably no one reads), but more importantly isn't used
for any money-making purpose.  The usage info is (a) collected only
for the first 30 minutes and (b) is only used to prove to the
advertiser that the install is by a human and not a bot.<p>4. "This surprisingly includes not only IP but the globally unique
MAC addresses."  This information also isn't used for marketing
purposes, only if advertisers request it to clear up discrepancies
in dowload figures.  We asked IM to switch to uploading hashes of
the IP and MAC address instead, and they are going to start doing
that.<p>5. Comments on HN mentioned that a lot of companies in this business
wrap OSS in violation of the license terms.  When we asked IM, they
scanned their publishers and found that 6% of them were doing this.
Those publishers have been banned from using IM, and all future
publishers will be thoroughly screened for ownership of their
software.<p>6. Comments on HN also pointed out that some apps installed by this
type of installer are excessively hard to uninstall-- e.g.  because
when you try to uninstall them, they re-install themselves.  This
again is something that while common practice in this industry, IM
won't do.  They ban advertisers who do such things.
======
notJim
I dunno, 1. and 2. seem like a cop out to me. When crappy freeware Windows
installers provide a checkbox (checked by default, of course) to opt out of
Bonzai Buddy or a million Ask.com toolbars or some bullshit malware scanner,
they are still shitty and sketchy, and it's disappointing to me to know that
YC is now behind a company that makes such software. And saying this crapware
is popular does little to assuage my concerns. If users are "choosing" to
install these things, it's unclear to me how informed or aware of a choice
they're making. I bet successful viruses and worms are also popular by this
metric.

By the way, here's an example of what we're talking about:
<http://imgur.com/8SGXUPP>. Oracle bundles the ask toolbar with Java installs
now. This is the default state, i.e., the box is default-checked. Why, users
love the ask toolbar, they probably have a 95% install rate!

~~~
jiggy2011
Exactly, I always feel these "choices" are like being sold an extended
warranty. It's presented as a choice but is "strongly recommended", non tech
savvy users are likely not sure what "recommended" means in this context. Does
it mean that the software might break my computer without it? Does it stop me
getting a virus?

Anybody who consciously decides that they want the ask toolbar on their
computer can find the standalone download here:

<http://sp.ask.com/toolbar/install/apnasktoolbar/download.php>

~~~
niggler
The game is to get those people who aren't tech savvy, and PG knows and
actively supports it. There literally is no way to do what IM is trying to do
without somehow engaging in questionable behavior (reminiscent of Facebook in
many ways)

~~~
ericd
Don't make libelous public accusations of PG if you don't know anything about
the situation.

~~~
EwanToo
Unless the parent comment has been edited, I'm not sure what you think is
libelous about it?

It's certainly a questionable company, they either didn't bother to scan for
open source software being rebundled, or deliberately chose not to scan,
because they knew the result would be bad.

~~~
ericd
It looks like niggler edited his comment, but he's still saying that PG is an
active proponent of this. YC companies are completely independent, and you
really can't assign any blame to him for what one of YC's hundreds of
portfolio companies do.

~~~
niggler
Comment was not edited. It looks like you viscerally reacted to a comment
suggesting PG isn't a deity.

~~~
ericd
Ah, sorry, I thought it was edited, it seemed to read differently the second
time. I was reacting to your implication that PG was somehow responsible for
this, which, if you know anything about how YC operates, is obviously untrue.

Edit: Reading some of your other comments in this thread confirms that you're
assuming a lot of things that aren't true to build an internal narrative and
participate in this silly little drama. YC is not controlling at all, and is
frequently not directly involved with guiding a company, unless the founders
reach out for advice. It's a self-directed program.

------
withinrafael
Paul, I'm one of the two people you're indirectly addressing with this HN
post. (The second is Long Zheng.)

I wrote here: [http://www.withinwindows.com/2013/01/16/installmonetizer-
qui...](http://www.withinwindows.com/2013/01/16/installmonetizer-quietly-
starts-editing-privacy-policy/)

Long zheng wrote here:
[http://www.istartedsomething.com/20130115/y-combinator-is-
fu...](http://www.istartedsomething.com/20130115/y-combinator-is-funding-the-
future-of-spam-in-windows-drive-by-crapware-installers/)

I'll respond to each of your items individually.

1\. OK.

2\. Maybe. Or more likely users are mistakenly installing these applications
because the offer screen is made to look exactly like the EULA acceptance
dialog seen in every other installer.

But we don't expect this to be fixed. Anti-malware vendors have stepped in and
are improving their definitions to catch this garbage but it's very much a
cat/mouse game. (IM has been detected a few times, btw.) IM is very aware of
this "threat" and designed their system around random domain names to mitigate
detection issues as they arise. (Think about it -- Does IM, a legitimate
company, really need to use fcgoatcalear.us and fcvalcsoi.us domain names?
Come on.)

3\. No idea where you got this information, given InstallMonetizer bundled
software shows no actual EULA. The only EULAs shown during install are ones
provided by the package author and the offer advertisers. Can you clarify this
point, please?

4\. Wrong. Existing IM bundles out there still send PII in the clear. This
isn't something they can just flip a switch on and fix. (I saw IM edited their
privacy policy to note the new hashing procedures but sadly that doesn't cover
the bundles on the Internet today. So it's wrong.)

5\. Yeah, I saw the company slip in the "Open-source software is a community
product and you may not use our co-bundles with it" line. What a slap in the
face of those who use commercially-permissive OSS libraries in their
software...

~~~
pcl
_4\. Wrong. Existing IM bundles out there still send PII in the clear. This
isn't something they can just flip a switch on and fix. (I saw IM edited their
privacy policy to note the new hashing procedures but sadly that doesn't cover
the bundles on the Internet today. So it's wrong.)_

Note that Paul's response said that they "are going to start" uploading
hashes.

~~~
withinrafael
Few problems:

1\. They already edited their privacy policy, so as far as I'm concerned it's
"live". But...

2\. It's not. And it will never be, because it's hard-coded into the software
bundled out on the Internet today. They may provide new bundles with hash code
in place, but it's too late...

------
RyanZAG
Confusing inept users into installing random toolbars[1] that break their
browsers and force them to call IT pros to 'clean up' their computers is
pretty scummy. Sorry, but it is.

You can make a lot of money doing all kinds of popular things -- pimping
women, selling drugs, selling 'likes' on facebook, selling botnets that create
fake clicks on advertisers, ponzi schemes, etc. Some are illegal, some are
just barely legal, but they are all damaging to someone. This line of business
is known as 'scummy' and InstallMonetizer is plain 'scummy'.

Simple fact, trying to rationalize it doesn't help.

[1] <http://installmonetizer-review.blogspot.com/> _" 3. Which type of bundled
software does Install Monetizer include in your installation package? Most of
the bundled software are toolbars, though the company is always changing which
software are available. When I first started Install Monetizer they offered
just two softwares. A toolbar called White Smoke and good old Real Player.
Today they have about seven install packages available. However, only USA
Search and Facebook Profile turned profitable."_

~~~
garry
I installed these things from an Install Monetizer install on my own computer.
I uninstalled them. They were all completely uninstallable. None of them broke
my browser.

IM actually screens out advertisers and publishers who break browsers, and
they don't work with them.

Seems better to me. As another commenter mentioned, IM is trying to legitimize
a space that's scummy, the way Google did for PPC.

~~~
lawnchair_larry
So you're a YC partner defending this company. You also posted this in another
thread, which was your own submission with a linkbait headline to your own
blog, which was an obvious advertorial for Survata:

" _Survata is a survey-wall -- meaning you have to answer a survey before you
see a given article. They have about 20 publishers signed up, and they're all
non-spammy content._ "

Survata is also YC funded.

FYI, all survey walls are "spammy content" and the data from them is garbage.
Installer bundles are spammy content. This is all scummy. Please stop funding
these types of companies. And please stop with the borderline meatpuppet posts
and plugs.

------
SandB0x
I think people will be wondering if this resembles the founders' ideas when
they were funded by you, and if this represents the kind of company you wish
to be funding.

You may of course defend the product on technical grounds (accept buttons,
EULAs, etc) but I find it hard to believe that you truly think it is anything
but a nuisance to end-users.

~~~
pg
They're working on something new, and all the office hours I had with them
were about that. They're not even in our database of companies as
InstallMonetizer but as the new thing. (I'm not sure if I can say the name
because it may not be launched yet.) I knew they had some previous product
that was called a Windows installer, but I don't think we ever talked about
what it did.

The whole world of Windows software seems pretty grim, and when people get
something for free or cheap they're often willing to click through a bunch of
buttons to get it, but as far as I can tell IM isn't actually misleading
anyone. E.g. as far as I can tell it's no worse than all the upsells people
have to click through to register domains on GoDaddy.

~~~
jessedhillon
You're a much more patient and understanding person than I am, pg. My initial
reaction to pretty much every comment here is "Peanut gallery -- start your
own incubator, or just accomplish one noteworthy thing in your life."

As a non-pg entity, I feel vicarious indignation. Who are these random
nobodies who think they're entitled to question how/where you spend your time
and effort?

And the people who get up on their soapbox about the ethics of YC or how
you've tacitly endorsed deceptive practices? Ugh... eff the eff off

EDIT: to head off the obvious criticism, yes I do think there are legitimate
questions about IM's business model. My point is: show some humility and
circumspection when asking them. Unless you've had to earn $1 directly from a
customer (no boss managing and organizing your work) you're an outsider
looking in at a completely different universe. Act accordingly.

~~~
anatoly
You're more obnoxious than all the critics in this thread put together. Get
off your high horse.

The reason all the "random nobodies" are questioning IM's business model is
that they have deep-seated feelings about the scammy business and the evilness
of Windows installers. They spent hours cleaning up mountains of crap from
their relatives' and friends' computers. They understand how non-tech users
feel helpless in the face of sneaky bullshit artists piling that crap onto
their hard drives, and they feel enraged when they think about it, and for a
good reason too.

So in fact, nobody who's in business of building installers that distribute
crap toolbars deserves humility and circumspection. They might possibly be
that rare exception, a flower blooming on a dunghill, but asking sharp
questions to establish that is neither impolite nor inappropriate. It comes
with the territory they've chosen to grow on.

Your moral indignation is as laughable as it is corrupt. Just as much of it
would be appropriate defending an actual spammer - I can see you directing
people to get off their soapboxes and telling them they don't get to judge the
spammer's business until they earned $1 from a customer. A "completely
different universe" indeed. Get a clue.

~~~
thaumaturgy
> _They spent hours cleaning up mountains of crap from their relatives' and
> friends' computers._

In my case (by extension, my business), the appropriate units here would be
"months" (assuming 720 hrs/month).

Yet I still don't see this as a YC issue, I don't see anything more
justifiable than a quibble over PG's response to it, and I'm a little stunned
at the vitriol here.

~~~
anatoly
I like your recap of the issue in a different comment, but I think you're not
giving enough weight to the fact that it wasn't known before that YC funded
the team starting on a different projects, not IM. In fact, even now this
information didn't appear in pg's update, only in a comment of his later on. I
think much of the vitriol you're stunned at comes from people thinking that YC
knowingly signed off on and invested in IM's business model, and I think
that's quite enough to be shocked by, if it were true.

~~~
thaumaturgy
That seems reasonable, and it's supported by IM claiming to be part of YC on
one of their pages.

Still though, the response seems disproportionate. It's not like YC has
recently developed a pattern of funding distasteful businesses (or teams); why
did everyone automatically assume YC was behaving badly?

There still seems to be a problem in people jumping to conclusions before
having enough information at hand. A lot of the comments on Aaron's case were
symptomatic of this (the fallout too).

I'm not sure if this is a new problem here or not, but it seems to be getting
a lot uglier recently.

------
thaumaturgy
People pay businesses like mine to remove the sorts of software that IM
bundles. From the end-user's perspective, they don't understand how this stuff
gets on their computer, and they don't feel comfortable removing it because
they don't want to break anything.

Put another way: people "get" this software for free, and then pay other
people to get rid of it.

And then other scuzzy companies have built a niche industry around the "PC
tune-up", prompted by stuff like this software, charging a lot of money to
people who don't know better. And, often all these companies do is run
software that has been specifically designed to remove junk software.

A lot of this niche is exploitative, taking advantage of people who don't know
better, and it's all supported by the bundling of this crap. That goes well
beyond "opinion"; "opinion" might be, "Facebook is crap", but there isn't an
entire market built around people paying other people to shut down Facebook
accounts. Users aren't "choosing" to install these things any more than
someone might "choose" to step on a pile of doggy doo in the park.

IM really isn't your responsibility though, so thanks for getting them to
flush out the OSS-wrapped stuff at least.

------
DoubleCluster
> Every IM install screen has a decline as well as an accept button

Well, could you provide a screenshot of that screen? Usually users are misled
into thinking they are accepting the install of the software they actually
downloaded.

> The apps that get installed are "crapware." This one seems a matter of
> opinion.

Yeah... I don't think very highly of your opinion if you really think like
that. Making someones computer slower or less usable by installing "unwanted
software" is something that should be forbidden in my opinion. Really, do you
have any idea how much hours of my life were lost by removing crapware from
computers?

I did check the ycombinator.com website for any indication if the type of
company or product was of any concern. I did not find anything about that.
This probably means ycombinator is actually just interested in the money and
not in making the world a better place. Silly idealistic me...

~~~
205guy
Yes, I definitely think we need screenshots (too lazy to sign up and get them
myself). There used to be a graphic on their website (gone now) that showed an
offer looking like a decline/agree license page. Under it they claimed their
text is optimized for conversions--in other words, getting people to click.

Edited: the graphic isn't visible on their pages, but still available on their
servers; see GuessWhy's comment:

    
    
      http://news.ycombinator.com/item?id=5093242
    

Also, if this company pitched a new product to the investors, and then used
the funding, or at least the branding, to run their old product (especially
one deemed spammy or scammy by a majority of HN readers), it sounds like this
company has figured out how to game the angel investing game.

------
d0m
All the technical details aside, if you guys at YC ask yourself "Am I proud of
funding this startup?" we both know what the answer is. In all fairness, PG
said that YC funded another project from this company; I guess they've just
used the YC name for credibility.

I find it quite ironic how PG went from building a spam filters to funding a
spam company. Just for your information, this is what you've put your money
and using your growth YC alumni for:
[http://www.kraftfuttermischwerk.de/blogg/wp-
content/uploads2...](http://www.kraftfuttermischwerk.de/blogg/wp-
content/uploads2/2012/10/post-1-1160073179.jpeg).

~~~
davidroberts
I worked for a few months recently as a remote support agent for a big ISP,
and many of my customer's browsers looked almost as bad as screenshot you
posted. As I was cleaning up, I would ask them for each toolbar (because I was
required to) "do you want me to remove this?" They would invariably reply "I
don't know what it is or how it got there." I think this pretty much kills the
"informed choice" rationalization. About the only toolbar they understood or
wanted was Google, and maybe the one that came as part of the isp's setup
package (because they were used to it).

------
powrtoch
I don't understand all the moralizing going on in this thread.

VC is about funding the companies that could make a lot of money. When did we
start expecting them to be the morality police?

Sure, if YC _wants_ to build up a reputation for funding "honorable" startups,
then they can choose to do so (and will choose to do so _to the extent that_
they think it makes business sense). The comments here that say "This might be
bad for YC's image and hurt YC long term" are all well and good. But lots of
them amount to "this is bad and you should feel bad", and these just seem
disconnected from the reality of market economics.

If YC doesn't fund some scuzzy but profitable company, someone else will. You
can't solve job-outsourcing by asking companies not to outsource jobs, because
the companies that play along will just get their asses kicked by those who
don't. If you want to solve this problem, you have to do it at some other
level (usually the laws and taxes level).

It's unreasonable to demand that YC pass on profitable businesses just because
we don't like what those businesses are doing. I agree that IM doesn't seem to
be making the world a better place, but that's not a problem that gets fixed
by asking everyone to cooperate in starving them out.

Perhaps there's a line at which it's worthwhile to call out people for
following the incentives that the market has given them, but I think this line
is probably a lot closer to the "murder" end of the spectrum than the
"installer checkboxes" end.

(Expecting downvotes, think I'm okay with that.)

~~~
SCdF
I've never understood this line of reasoning.

It is entirely within YC's right to fund businesses that a portion of the
Internet find scummy.

Shockingly, it's entirely within the rights of that portion of the Internet
community to then whinge about them funding said scummy businesses.

And it's YCs right to care, or not, about that opinion.

Someone once wrote a blog post that had a paragraph on cheating (on your
spouse etc) and what constitutes cheating. He said that it doesn't matter
whether _you_ think what you did was cheating, only whether _your spouse_
thought you were cheating. Your worthiness is entirely in the eyes of the
other person, not yours. The other person is who you're 'selling' yourself to.

And so it is with companies. If McDonald's customers suddenly care about
healthy food, McDonald's has to too.

The question is, is the portion of the Internet community that thinks these
people are scummy YC's spouse? Should YC bend to their version of reality?

That's for YC to decide.

~~~
niggler
There are a bunch of people who believed that YC was somehow different
from/better than tactics and behaviors exemplified by firms like Bain Capital.
Some of those people are starting to wake up.

------
willwhitney
While you may not have a right to tell the companies you fund what to do, you
certainly have the right not to fund them. At the same time, you are running a
for-profit business, and turning down a company you feel is likely to be
successful isn't responsible to the other people involved in Y Combinator. And
as far as I know, they could have entered the program with a different product
and changed tacks partway through. All this to say that I do not have the
right nor the information to question your professional decisions.

Personally, though... is this a product you're proud of?

------
glass-
The vast majority of people are not deliberately choosing to install the
software. They are "accepting" it by accident, by pressing the wrong button or
because they are rushing through the installation and are not paying
attention.

No consumer wants this stuff. The advertiser's software is a nuisance and
gives no advantages to the end-user.

~~~
api
That's one of the hard things about advertising-- beyond an informative
product announcement, most other advertising ranges from useless to annoying
to the consumer. I know that I spend a certain amount of almost unconscious
mental energy ignoring advertising, and any time I do research I have to sieve
the results to filter out biased advertising-driven material. (It's
particularly bad in health-related stuff.)

------
dsl
These guys have gotten a lot of flack they don't deserve. A friend of mine
builds and distributes what most people would consider "crapware" (toolbars,
adware, etc.) and was flat out denied by IM when he tried to use them for
distribution. Sure a bad apple or two might slip through, but according to my
friend its rare to ever be denied by a distributor unless you're not willing
to pay going rates.

It seems like they are working to clean up a dirty industry. Just like AdWords
did to the PPC business.

~~~
ddunkin
This industry sounds dirty by nature, you can't 'clean up' spammers or
prostitution either. Just because a pimp won't sell his girl to just any old
John, doesn't make the whole act any better. It's people in the middle trying
to make money off of someone else's hard work.

It is really simple, just don't attempt to trick users into installing stuff
they didn't want to download in the first place (anything outside the bundle
they chose to download). Additional steps on install only take away from the
user experience and taint the experience of the application you are wrapping.

~~~
jiggy2011
To be fair, I don't think the prostitution analogy holds too well here. At
least a prostitute is providing a service that there is legitimate demand for
from the end user. You could also argue that one could "clean it up" by making
it safer and better regulated.

A more apt analogy might be drug dealers subsidising medication by cutting it
with heroin.

~~~
TeMPOraL
> To be fair, I don't think the prostitution analogy holds too well here.

I agree. That's why I often tell people that I have higher regard for
prostitution than for telemarketing - the former at least provide value in
response to a genuine need (whether we feel it's beneficial for society or
not). Telemarketers however, just like install bundlers, actively try to
exploit people.

------
holograham
Thanks for this explanation pg

This raises a question though: does this company make something that users
want? When a user installs a specific program is he/she looking to install
other software as well? Is the argument that InstallMonetizer bundles useful
software that it feels will enhance the user's life in some way? (going off
the adage that the consumer does not really know what they want i.e. they'd
just ask for a faster horse)

~~~
pg
In this case the users are the advertisers. Clicking on a decline button for
other software they don't want (in the worst case) is for the end-users the
price of getting software they do want.

~~~
josephlord
That isn't the worst case. The Windows using victim* could install something
accidentally by careless clicking (the "Yes,Yes, Yes" Windows installer
process).

I recognise you are treading a fine line between defending a company you feel
a duty to and practices and business model that you probably wouldn't select
for Y-Combinator on the publicly visible business model. I hope they pivot to
a less controversial model and leave you in a more comfortable place.

* You are right that the users are the advertisers but that must make the person running the installer the victim or at best the product.

------
dgunn
In a few months, I will, once again, uninstall 10 tool bars from my mother's
computer. She doesn't want them but they are all installed. Why? Because
allowing users to opt out of installs is effectively the same as installing
through a drive by process. This type of software is among the lowest form.
Whether it's legit or not, the end result is a nuisance to users. I hope their
new product isn't as seedy.

------
dxdt
Despite the defense of InstallMonetizer, their payment model and practices do
not appear to be what you would find with a legitimate software business.

InstallMonetizer has been used by malware as a method to make money as early
as April 2011. It was being silently installed by a large botnet, and I assume
that the botnet affiliate was making money off the installs.

Their installers are also labeled as a malware by AV vendors, and treated as
such by network monitoring infrastructure.

~~~
holograham
my company's IA dept treats IM as malware FWIW...and we have industry leading
IA/CND operations

------
photon137
Extremely disappointed. If integrity in all aspects of a business is a lower
priority than growth, then I don't suppose there is any difference between
Wall Street and Silicon Valley investors anymore.

Questionable practices should be just that - questionable - and remain that
way. This "ironing" over by stalwarts like pg poses the danger of this stuff
becoming the norm over time.

------
ddunkin
You can stomp on the grey areas all you want on individual points, but you
have to really look at the whole picture.

What is the end result of the software they produce? Without marketing
buzzwords thrown in to mask the true intentions?

To bank on ignorant users and to leverage that ignorance to increase revenue.

Same people who do the AV browser pop-ups designed to convince your grandma
that 'your computer is infected', they are using the same tactics with a
different costume. I actually spoke with a spammer last year (I'm sorry
'content distribution network' as they called themselves) and the double-speak
was just infuriating, that was all I could think about when reading this.

------
tomjen3
>Every IM install screen has a decline as well as an accept button, and if the
user declines, no software is installed.

Which is the default? Decline or accept?

~~~
guessWhy
"Agree". <http://www.installmonetizer.com/AT_images/process.gif>

------
oh_sigh
What about opt-in vs opt-out? Would this company be profitable if all of their
toolbars were opt-in only?

I'd be willing to bet a dollar that InstallMonetizer will tank if they relied
on opt-in, but will make bank if they rely on opt-out.

~~~
zaidf
_InstallMonetizer will tank if they relied on opt-in, but will make bank if
they rely on opt-out._

Just like the US Postal Service if direct mailing was opt-in instead of opt-
out. What's your point?

~~~
TeMPOraL
The point is that post is providing opt-out value for their users. Install
bundlers are providing opt-out things their end-users don't want or wouldn't
want if they understood what's going on.

~~~
zaidf
Can you clarify what you mean?

~~~
TeMPOraL
Please disregard that comment. I misunderstood the meaning of "direct mail"
(I'm not from US). I apologize.

------
lucb1e
In response to point #2: Glad to hear you'll be choosing to install my new
search toolbar! Did you know it comes with free 3D smileys?

Really though, if you weren't one of the criticized parties (for funding
them), would you really think the same about points two and three? And even
bothered to point out the first? Regardless of whether you should have funded
them, your post sounds rather biased.

------
JungleGymSam
You can explain it any way you want but it's still a product that's meant to
take advantage of an ignorant audience plain and simple. Any person outside
their audience knows where and how to get the software they want. There is no
use for IM's service outside of the ignorant mass of computer users.

Consider another angle on this software: it is a direct contributor to the
daily stress of IT people and the "computer person" found in many families.

------
pbhjpbhj
> _They make "drive-by installers." A drive-by installer installs software
> without the user's knowledge. This accusation is false._ //

Nope.

A drive-by installer installs software without _express_ consent of the user.
A default of accept or a checked "install" checkbox for a bundled product that
is not labelled directly as the software being installed (ie you clicked a
download link and it said SoftwareX) then it's a drive-by.

Adobe are doing this now. Last straw, if Adobe Readers vast girth wasn't
enough well this certainly is.

Either the download must say "StuffYouWant.exe with CrapwareBloat.exe" or the
installation of the later must only be done by non-default action. If these
conditions aren't met then it's a drive-by installer and those consciously
profiting from it need to check their morals.

------
watty
PG, your funding a company who recommends users to install Bablyon which is
considered a virus by many. Why don't you come out and tell it like it is? IM
is a profitable business with potential to make you lots of $$. Stop the
bullshit, it's making it worse.

------
andrewhillman
By default add-ons should be unchecked.

I always get calls from my parents (this weekend with an AVG download) when
they realize they downloaded a service and now they have extra services they
did not want - toolbars among other things... it becomes my problem and it
sucks.

------
eps
Woah. This is so off, so disappointing. Petty defence on technicalities, while
stepping around absolutely bloody obvious ethical issues. Wow.

------
kposehn
I kind of figured this from the get-go. I met them at Affiliate Summit and was
quite impressed with them, so the controversy felt a little overblown at first
glance.

Glad to see they are the kind of people we can safely work with.

~~~
205guy
Go right ahead, since your profile says you're an affiliate marketer with an
"eye for monetization."

------
mehuln
This is a company doing the right thing in these messy industry. They are
growing and winning because they are playing by the rules and trying to do the
right thing!

~~~
api
This may be true. I don't think they're doing anything truly unethical -- if
everything pg says is true -- and they may indeed be trying to bring some
improvement to a sloppy and shady industry.

That being said, this sort of thing is sort of depressing. It's representative
of the ho-hum dregs of innovation being offered up by most startups, at least
in the Internet sphere. If I didn't know better, and I don't, I'd say the net
is showing signs of being stuck in a holding pattern. Yuck.

All the interesting stuff seems to be in other areas: bio-medical, consumer
devices, high-tech hobbyist stuff, and in the big ticket realm aerospace and
transportation.

------
speeder
Good to know that you did something about it PG :)

I will remain liking your work! :)

But please, keep paying attention... I think that sometimes if companies can
get away with doing bad stuff, they will (in that case maybe it was not
malicious, but getting IP and MAC addresses is kinda dangerous for example).

~~~
lawnchair_larry
Doesn't sound like he did anything to me. We all know damn well that this is
crapware, and the only people who install it are confused or just clicking
through.

Set the default to opt-out with no encouraging language and you'll see how
much users really "want" it.

------
eCa
As long as the choice to install ( _unwanted crap_ ) or not is opt-out this
can only be considered a bad-faith business.

------
dpweb
Some of you guys are being ignorant, and too much time on your hands. What IM
is doing seems legit from all the information here. It's giving devs some
opportunity to make a living. If you don't like the wares don't install it.
Simple.

If you were seriously concerned about internet privacy you'd be discussing in
depth Google, Microsoft, etc.. policies which affect virtually all inet users
and not some small operation like IM.

~~~
ceejayoz
> It's giving devs some opportunity to make a living.

So does writing IT software for the Mafia.

------
kanzure
"The usage info is (a) collected only for the first 30 minutes and (b) is only
used to prove to the advertiser that the install is by a human and not a bot."

Well that sounds easy to spoof.

------
tomp
Consider for a minute that one of the biggest successes in the past few years
have been "crapware", e.g. Talking Tom, Draw with me (or something similar),
and iFog/Fart.

------
ltcoleman
I very much appreciate this response from pg. Y Combinator doesn't have to
justify who it is funding in my opinion. This info was insightful to me. Thank
you.

------
tylermauthe
This is a great example of how to be a level headed, clear-minded
investor/entrepreneur, even when you're under fire... And just generally a
great human being.

Good show!

------
charlieok
So far I have read nothing about this except for pg's post creating this
thread.

Having read only that, I am certain that I am not in whatever target market
might appreciate IM's software (“A lot of the world's most popular apps and
sites seem like junk to us”) and that I would hope that I never encounter it
myself.

That said, I would likely enjoy an encounter with some other software from
“this industry” far less still.

------
donniezazen
The standard practice of making decline option available is a nice way of
deceiving non-technologically inclined users. But IM and related companies are
here to make money. Most of the above points are the way how it works in
Windows ecosystem.

------
rdl
This seems like a pretty fair analysis -- both fair to the users/ecosystem as
a whole, and fair to a portfolio company that you invested in.

------
Eduard
"We asked IM to switch to uploading hashes of the IP and MAC address instead,
and they are going to start doing that." ... c:

------
gadders
Fair play for responding. I still think the whole area is (for want of a
better word) kind of scuzzy.

------
kaeawc
Glad to hear the follow up

------
wheelerwj
thank you for taking the time to look into that!

------
thoughtcriminal
InstallMonetizer can't in good conscience offer Babylon translation satanware.

Or, to put it another way, if they care one ioda about the enduser experience
and staying in business, they should not add Babylon software to their bundle.

Babylon is diabolically hard to uninstall. Even after following instructions
found on a number of websites, trying different malware removers and doing
about:config on Mozilla, it still keeps propagating - EVEN NOW, months later.

I dare someone to install the Babylon software on their main PC and then try
to remove it. Go ahead, follow instructions you find on the Internet. Good
luck, you'll need it.

It's an ugly, ugly piece of work.

~~~
garry
I was able to totally remove Babylon from my system after installing it
through an IM ad unit.

I can't speak for installs from other sources, because I hear what you say is
true. But I saw with my own eyes that it didn't happen with IM.

~~~
205guy
Garry, you've spoken up a lot here to defend IM, and that's fine, they
probably need defending. However, it would've been nice to disclose in this
thread that you're a YC partner.

I know, it's in your profile, and easy to find, as I did. But I'm a newbie
here, I don't know personalities, and your posts made it sound like you're
some Joe-User happy with IM's product, which isn't really the case.

~~~
lawnchair_larry
Haha, _that_ explains it. Thanks for pointing that out.

There are contrarians in every thread, but if there is one thing for certain
besides death and taxes, it's the fact that _nobody_ wants this garbage on
their machines. It's the cancer of Windows. To see someone so adamantly
defending it had me really confused.

------
davidpayne11
"What we discovered about InstallMonetizer"

'We discovered that they are sneaky as fuck. But it's ok because we funded
them.' - pg

For the rest of the community - See what withinrafael has to say in his
comments below and how unethical this start-up is.

I for one, love YC. But such shitty tactics by start-ups and Paul defending
them is terribly disappointing.

------
yuhong
Beware that IP addresses are only 32-bit and MAC addresses are only 48-bit. So
hashing them individually won't do any good.

~~~
TylerE
Concat them into a single 80 bit value and hash THAT however, and you should
be more than fine.

Even the 48 bit mac address alone is 281,474,976,710,656 possibilities, and
thus likely rainbow-table proof, especially if salted.

~~~
lawnchair_larry
Perhaps worth noting that mac addresses do not have 48 bits of _entropy_. You
can prioritize the OUIs actually being used in consumer NICs and chop that
down substantially.

IP addresses don't have 32 bits of entropy either for that matter.

~~~
TylerE
That's true. However, with adequate salting it really shouldn't matter.

~~~
heartbreak
I think the idea of the hash for IM is to prove uniqueness in a dispute.
Salting the hash would make it useless in that case.

------
hugbox
The Windows app culture has really deteriorated. Even Oracle has started
distributing malware with their Java installer. Applications that phone home,
reboot the computer at random times, and modify system settings are not only
tolerated, but expected.

It's hard to imagine a real-world parallel to this kind of behavior. It would
be like if rape was a socially acceptable form of greeting.

In the future, I think all of this will give Microsoft a perfect excuse to
shut down the independent application developers and force everything through
their app store. Companies that develop for Windows better start thinking hard
about their relationship with Microsoft.

------
yuhong
Also see: <http://news.ycombinator.com/item?id=5086148>

