
Why is the opt-in toolbar scam still acceptable? - 1dundundun
Aside from when I need Photoshop, I&#x27;ve been using my Chromebook 80% of the time &amp; loving it but over the last year, I&#x27;ve had 3-4 family members and friends ask me to help them remove toolbars&#x2F;search helpers and other shit they downloaded by mistake while installing a legit piece of software on a Windows box.<p>The industry should have evolved beyond this practice by now. I&#x27;m sure there&#x27;s a less invasive profit center.<p>This practice specifically preys on the less tech savvy. Not cool... It seems like reputable companies would distance themselves from the practice but some of the most popular software still tries to get you to opt-in via a strategically placed checkboxes or misleading question. It&#x27;s time for us to stop accepting this. Our parents, kids and friends deserve better.<p>Thoughts?
======
ams6110
Strictly speaking, it's usually opt-out, i.e. the "install toolbar" option is
selected by default, usually in fine print at the bottom of the installation
screen, and you have to notice it and un-check it.

~~~
1dundundun
Yup, sorry. That's what I meant. If you aren't tech savvy or very careful, you
breeze right by it because it's often proceeded by questions that have to
remain checked.

------
simias
IMO the problem is that windows does not have a proper built-in package
manager. People rely on binaries installed from possibly shady websites to
install their software.

This would be a non issue with a proper package manager (that or a well
curated "app store").

Installers should be a thing of the past, they hardly serve any purpose in
this day and age.

You can't expect people to stop doing that if it makes them money. I'm pretty
sure the vast majority here doesn't accept this kind of behaviour (whatever
that means), but so what? We're not the target anyway.

~~~
kevingadd
Package managers would do nothing to stop vendors from bundling toolbars. They
bundle toolbars because it makes them money, not because they have to ship
their own installers...

~~~
simias
If you bundle crapware in your package it gets rejected. Problem solved.

Look at Steam. Look at the various un*x package managers. They don't have this
problem. When I install/update a game through Steam I don't have to worry
about crapware (besides steam itself, but that's an other issue).

~~~
brazzy
You want Microsoft to get to decide what software people can and cannot
install on their PCs? Seriously?

~~~
simias
No, I want Microsoft (or a third party) to propose a curated App Store for
common applications on Windows. You would still have the option to install
software through other means.

It would be a huge win for Microsoft IMO, better user experience, software
updated automatically for better security, less chance to spread a virus
etc...

I'm not advocating a walled garden, I'm advocating a fenced garden you can
leave at any moment if you need to and you know what you're doing. Best of
both worlds IMO.

It would also simplify the work of the devs, because right now most windows
applications feature a custom and non-standard way to check and download
updates. Or worse, they don't check, making sure that virtually nobody updates
them ever.

~~~
takatin
Given that their current walled/fenced garden is overrun with weeds [0], I
wouldn't expect much of Microsoft.

As for 3rd party curated stores, we don't need to look beyond Adblock
whitelisting Google ads to see where that's headed. Once any 3rd party store
reaches critical mass, dollar signs start showing up and it won't be long
before "official" weeds begin to creep into the 3rd party garden.

It might be possible for the EFF or a related body to step in and mandate that
before installing a toolbar/extension browsers run a check against a Web Of
Trust (WOT)-like decentralized system gathering ratings from actual users for
all toolbars and extensions. This is a long-term play, one that is unlikely to
come to fruition given the massive amount of co-ordination necessary for
relatively little payoff.

Realistically, it's up to the users to get savvy. People get ripped off all
the time in the real world and no one has managed to put a stop on that, why
expect anything different from the virtual world.

Edit: I just had an epiphany in the shower that leads me to believe I closed
off the discussion too soon. My initial thinking was that since this was a
social engineering issue a technological solution was impossible. It took a
hot shower to remind me that we have solved a similar issue with technology
before; we know this as "Parental Controls".

Adopting a similar system for naive users has huge benefits — the control
remains in userland instead of in the hands of a 3rd party which means its
scalable (new users can begin using it right away instead of waiting/hoping a
3rd party would approve) and specific (opt-in/opt-out remains a choice of the
user, so savvy users remain unaffected by the needs of the naive).

It works via a browser setting that a savvy relative can turn ON for the user.
Once turned ON, all extensions and plugins including toolbars are blocked.
Savvy user can whitelist some extensions etc during setup. Problem solved.

We can call this system "Special Controls", which I think is the best name
that describes the purpose of the feature without offending the sensibilities
of the user.

[0]
[https://news.ycombinator.com/item?id=7161609](https://news.ycombinator.com/item?id=7161609)

------
route3
I agree that this is a tactic that preys on the less tech savvy folks, and
share your continued astonishment that reputable companies would engage in
these drive-by toolbars/extensions that are bundled in installers.

YC has invested[0] in a company called InstallMonitizer[1] that appears to
help developers and advertisers connect in the pay-per-install marketplace.

[0] [http://www.techdirt.com/articles/20130115/17343321692/why-
ar...](http://www.techdirt.com/articles/20130115/17343321692/why-are-y-
combinator-andreessen-horowitz-backing-drive-by-toolbaradware-installer.shtml)

[1] [http://www.installmonetizer.com/](http://www.installmonetizer.com/)

Sadly it does't seem like a practice that will go away any time soon. I'd like
to do some digging around on developer forums and see if any folks have shared
their experience and would be able to comment on the amount of extra revenue
that they see from such programs.

~~~
1dundundun
Interesting.

------
ndepoel
The worst bit of social engineering of this kind that I recently encountered
was contained in the OS X installer for μTorrent. Halfway during the
installation process you get a large body of text along with the buttons AGREE
and DECLINE. You immediately think you're looking at a license agreement and
click AGREE. Then you realize what the buttons actually said was:

AGREE to this offer DECLINE this offer

And the offer obviously is to install some toolbar crap into your browser.
Normally I'm very careful not to install any adware or toolbars, but this one
caught me off guard.

------
digitalengineer
Correct. I've noticed incredibly SEO optimized pages for popular free software
(VLC I think). That is what people like my parents find if they google form
such products. If you install from one of these pages you get a lot of crap-
and adware. It wouldn't be a problem if they didn't score so high for names of
free software...

~~~
kubiiii
There is even worse, my mom installed Kies the other day from a website which
was better referenced than samsung's (Kies being the synchronizing app for
samsung devices for ppl wondering). It cost her € 10 through sms payment. Well
maybe it was some sponsored link but in the end its just the same for "elder"
people who dont have a minimum tech background (or common sense you might
add). Anyway no other website than the official developper / distributor one
should come first when doing such a straightforward search. This leads to a
terrible customer experience for both google and samsung along with some easy
earned money someone who doesnt deserve it.

------
VLM
Meta question for browser designers... is there any possible reason or purpose
for toolbar addons other than spamming users? No? Oh, then take out the entire
functionality, please. It'll be a massive net gain to humanity.

Since they won't, makes you wonder how much they're being paid to leave it in.

~~~
icebraining
On Firefox, toolbars are just one of the many functionalities that extensions
have available, and that allow them to completely modify the UI. And yes,
those capabilities are useful: see Firebug, Vimperator, etc.

~~~
VLM
I don't disagree with your assessment of usefulness, solely with the
assumption that useful = net gain to humanity.

As a guy who uses firebug, I'd much rather download a special built executable
of firebug for myself, once, than spend a lifetime cleaning up relatives
browser bars.

(edited to rephrase, what I'm asking for is a market bifurcation where
stereotypical end users can't install toolbars and stuff to get owned, but
devs are given the ability to screw their browsers up. Or we simply distribute
dev tools separate from end user tools.)

~~~
icebraining
What makes you think that spammers won't convince your relatives to download
"special built executables" that add those toolbars? In the IE world, the way
to create one of those toolbars _is_ to develop an executable - a DLL -, but
we all know that didn't stop them.

In the end, browsers can only do so much; you need full process isolation at
the OS level to avoid these problems.

------
slipstream-
Just deliberately search in google, yahoo and bing for "download <insert
popular software or game here>", find the obviously pay-per-install-crap ads,
report them. (say they try to get the user to download malware, which adware
is.)

~~~
Torn
'Download flash player' in Bing gives me a bunch of dubious sponsored links
before the official installer. Google has taken the step of removing all of
those and linking to the official installer first.

~~~
aethr
Last I checked, the _legitimate_ Flash installer from Adobe tries to install
McAfee.

And the Java updater for Windows tries to install the Ask toolbar on _every
update_. I feel like these are programs I can't really avoid installing,
either. Scum!

------
Antwan
(The biggest of these unwanted craps being Chrome.)

~~~
dserban
Is Chrome being installed without your consent when installing some other
piece of software? Could you give a specific example, that is new to me.

~~~
bcoates
It's in the standard rotation of shovelware. You don't get it 100% of the time
but I had a Flash update for Firefox try to install Chrome last week.

------
gales
When I visit my parents, I end up having to remove the Ask toolbar. It always
returns due to the frequent java updates having the Ask install box ticked by
default.

~~~
blueskin_
Put Ninite on their boxen and set it to autoupdate java, perhaps?

~~~
untothebreach
I want to believe that 'boxen' is a Brian Regan reference and not just a typo
:)

~~~
Robin_Message
Its been in the jargon file for a while –
[http://www.catb.org/jargon/html/B/boxen.html](http://www.catb.org/jargon/html/B/boxen.html)
– I guess its an obvious analogy with ox/oxen.

~~~
blueskin_
Also VAX/VAXen.

------
hobolobo
How could any industry evolve beyond such easy money? As long as there are
users who will put up with Google/MyCoolWebSearch/ALOT/Conduit/Baylon/etcetera
messing around with their settings and information these firms will never move
away from these tactics.

If I rememeber correctly, Ccleaner was removed from Ninite due to the
automatic refusal of big G's toolbar.

------
chalgo
Yes this practice should not be acceptable, if a company does it I actively
avoid them and recommend friends do the same. I think the market for this sort
of thing will ever be shrinking as more and more of the technology generation
grow into adults. It's a shame that normal people out in the world are
completely unaware this is even happening on their systems. I often speak to
people who've falled foul of this practice and they don't even know where it
come from and don't seem worried that something appeared without them
approving it. Most of the time they just assume that's how it's always been
and they'd not noticed it before.

------
AjithAntony
I tried installing something ostensibly legitimate from download.com. The
"download.com installer" masked the opt-in of 3 separate craps with EULA
acceptance prompts. If I was just slightly less paranoid about this stuff, I
would have clicked through all of them.

And to be clear, they were not checkboxes, or "custom install" options. They
were straight-up walls of text in tiny textareas, with only "accept" and
"decline" buttons.

My instinct was to decline them, and they just kept coming. After I dismissed
the final crap, the installer then downloaded the real installer for the app I
was trying to install.

~~~
FireBeyond
Having moved to OSX, but by no means a zealot, there are many things I miss
about Windows.

This - download.com and others - is absolutely not one of them.

------
wudf
One software that I really appreciate, Freemake Video Converter, perpetrates
this "scam." Personally, I prefer unchecking a box once to seeing ads on every
use. But I agree it's a pretty shady tactic. I'm sure the problem will go away
as tech literacy increases. Until then, so few people will be both aware and
bothered by it that there will be no sudden change... just like issues in the
non-tech world!

------
mschuster91
I 100% agree, but the problem is that people have adblockers everywhere now,
so toolbars are pretty much the only place left to serve ads.

~~~
vetler
Really? I know some people use them, but my impression is that most people do
not use ad blockers.

~~~
lostcolony
It's still low, but it IS likely on the rise; at least, I hope so, given how
advertisers are not averse to poisoning the well by allowing ads that are
distracting, or downright evil.

I know I avoided using adblockers (I want to support my favorite websites
after all)...until I had one particularly pernicious ad served to me on
comics.com that hadn't been vetted, and caused my browser window to minimize,
and displayed a popup right over my (Windows) system tray, styled to look like
a system alert, indicating my system wasn't secure and I needed to click here
and download X. That was the final straw, and I haven't looked back.

