Hacker News new | past | comments | ask | show | jobs | submit login
What we discovered about InstallMonetizer
333 points by pg on Jan 21, 2013 | hide | past | web | favorite | 178 comments
Last week there was some controversy online about a company we funded called InstallMonetizer. IM makes software that companies can put in their Windows installers that offers other software to the user as part of the install process.

It's unclear exactly how much of a right we as investors have to tell the companies we fund what to do. But on the other hand we don't like the idea that someone we funded might be doing something illicit, so we felt like we should at least investigate the claims and if there was a problem, try to convince IM to fix it.

Here's a list of things people said about IM or similar products, and what we discovered about each:

1. They make "drive-by installers." A drive-by installer installs software without the user's knowledge. This accusation is false. Other companies in this business do such things, but IM doesn't. Every IM install screen has a decline as well as an accept button, and if the user declines, no software is installed.

2. The apps that get installed are "crapware." This one seems a matter of opinion. A lot of the world's most popular apps and sites seem like junk to us. But the users are choosing to install these things.

3. IM "monitors and uploads user’s ongoing usage activity of the bundled crapware." This fact is disclosed in the IM EULA (which admittedly probably no one reads), but more importantly isn't used for any money-making purpose. The usage info is (a) collected only for the first 30 minutes and (b) is only used to prove to the advertiser that the install is by a human and not a bot.

4. "This surprisingly includes not only IP but the globally unique MAC addresses." This information also isn't used for marketing purposes, only if advertisers request it to clear up discrepancies in dowload figures. We asked IM to switch to uploading hashes of the IP and MAC address instead, and they are going to start doing that.

5. Comments on HN mentioned that a lot of companies in this business wrap OSS in violation of the license terms. When we asked IM, they scanned their publishers and found that 6% of them were doing this. Those publishers have been banned from using IM, and all future publishers will be thoroughly screened for ownership of their software.

6. Comments on HN also pointed out that some apps installed by this type of installer are excessively hard to uninstall-- e.g. because when you try to uninstall them, they re-install themselves. This again is something that while common practice in this industry, IM won't do. They ban advertisers who do such things.




I dunno, 1. and 2. seem like a cop out to me. When crappy freeware Windows installers provide a checkbox (checked by default, of course) to opt out of Bonzai Buddy or a million Ask.com toolbars or some bullshit malware scanner, they are still shitty and sketchy, and it's disappointing to me to know that YC is now behind a company that makes such software. And saying this crapware is popular does little to assuage my concerns. If users are "choosing" to install these things, it's unclear to me how informed or aware of a choice they're making. I bet successful viruses and worms are also popular by this metric.

By the way, here's an example of what we're talking about: http://imgur.com/8SGXUPP. Oracle bundles the ask toolbar with Java installs now. This is the default state, i.e., the box is default-checked. Why, users love the ask toolbar, they probably have a 95% install rate!


Exactly, I always feel these "choices" are like being sold an extended warranty. It's presented as a choice but is "strongly recommended", non tech savvy users are likely not sure what "recommended" means in this context. Does it mean that the software might break my computer without it? Does it stop me getting a virus?

Anybody who consciously decides that they want the ask toolbar on their computer can find the standalone download here:

http://sp.ask.com/toolbar/install/apnasktoolbar/download.php


It's worse than that, actually. Experienced computer users interact with a computer in a completely different way from inexperienced ones; at some point, experienced users develop the ability to do some kind of fast cognitive relevance filter on the screen, so they know which UI elements they can interact with, which ones might be important, which ones aren't, and so on.

Less experienced users can't do that -- they have to read every single word on the screen and make a decision about it. They mitigate this by memorizing specific actions. i.e., "to send an email, first I click in this area, then I click on the blue thing, then I click in that area..." (which is why constantly changing UI is such a problem for them, btw).

So what do they do with installers like this one? They just click "Next" with all the defaults on. The text on a screen like this is no different to them than the text of the EULA that none of us read.


Completely agreed.

Amongst my non-computer literate friends, many of them adopt the "click next quickly until the install starts or it stops working" tactic.


Yes, the install dialogs might as well be a series of screens of lorem ipsum with buttons labeled WHATEVER


The game is to get those people who aren't tech savvy, and PG knows and actively supports it. There literally is no way to do what IM is trying to do without somehow engaging in questionable behavior (reminiscent of Facebook in many ways)


> There literally is no way to do what IM is trying to do without somehow engaging in questionable behavior

For starters, default to not install the crapware.

Alternatively, instead of creating more required user actions than necessary. While the software is installing, show splash screen type adverts of software the user may also be interested in installing with a way to add them to the install queue on the fly or select it after the install is done.

Sure, they rate of install will be shit, but if they were really interested in doing the right thing this wouldn't be a problem and the users of said applications would be legitimate users, not just angry computer illiterate people.


> "... rate of install will be shit, but if they were really interested in doing the right thing ..."

That's just it -- they aren't.

The sole purpose is to generate revenue. They don't make money when users don't install the software.


The customers (advertisers) actively push for insidious installation methods. Legitimate software developers don't advertise using those methods (have you ever seen an ad for WinEdt?), preferring google or other direct methods.

So the population IM attracts are precisely those unscrupulous developers and programs that profit from questionable behavior. Working in a proper manner runs counter to their customers' goals.


Legitimate software producers do use similar methods I outlined above. Examples, and correct me if I'm wrong, my memory is quite shaky on this subject, ubuntu installer, steam installer, most PC games, and I think even the open office installer uses similar.

The examples are usually just advertising other products they own, or features within their software so not exactly direct examples but its not a huge jump by any means.

While I agree the population of customers they will attract are those shady toolbar guys, it certainly doesn't follow that they cannot make a business out of pushing good software. I think as long as they tailor the ads to relating software or software people will likely install alongside the current piece it could work. Taking the high road could even payout bigtime down the line when more developers catch on and realise it won't detract from their image/brand by using such a service.


> PG knows and actively supports it.

I don't think this statement is really fair. If you read the previous post about this, he was clearly surprised and troubled, and he again seems troubled here. He also mentioned in a comment in this thread [1] that he didn't seem to know about InstallMonetizer, and that the team is working on a different product.

[1]: http://news.ycombinator.com/item?id=5093047


Something seems off here, reminiscent of Rupert Murdoch's testimony regarding phone hacking. Being troubled is easy to say, but the fact that a company he has invested in is engaging in questionable activities doesn't really jive well with PGs claims regarding office hours. Not to say that he isn't genuinely troubled, but I would have hoped YC would inculcate his values (which, if they did act in accordance with PG's stated views, would have resulted in a far different product)


Are you seriously, unironically comparing PG to Rupert Murdoch? Have you hit your head on something particularly hard recently?

The facts here are simple:

1. There are somewhere in the neighborhood of 50 startups in the current YC batch (http://ycombinator.com/w13smaller.html).

2. They are all coached by around 7 active partners (http://ycombinator.com/w13smaller.html) and perhaps some program alumni.

3. But those people also continue to support participants from past batches too.

4. This is (so far) an isolated incident -- YC hasn't even had time to change any of its procedures, even if it deems it necessary to do so.

5. Immediately after it being brought to his attention, PG followed up with the owners and they made some changes as a result...

6. ...even though they aren't in YC for IM, YC has no real influence or control over IM or even the team.

So what's your expectation here? Should YC be performing a full background check on participants? If IM wasn't mentioned during the application or interview process, how reasonable is it to expect YC to have known about it? Are we supposed to expect someone at YC to be able to glance at something like IM and sense whether it's icky or not, or are we supposed to expect them to spend hours digging into it?

A program like YC is bound to attract some bad apples eventually (and we don't even know that these guys are "bad"), especially since YC explicitly looks for people doing things that might seem questionable at first.


"If IM wasn't mentioned during the application or interview process, how reasonable is it to expect YC to have known about it?"

It's listed on the LinkedIn pages of both co-founders as their current business, together with AdMonetizer as a previous business. I assumed that checking the LinkedIn pages of applicants and taking a brief look at the websites of their businesses would be a minimum background check, but I guess I assumed incorrectly.


If you paid attention to the Murdoch issue you'd actually realize each of your facts parallel a facet of the phone hacking scandal:

A) Your purported argument about scale really suggests that YC may have more investments than they can reasonably manage, but that doesn't absolve them from blame. This is EXACTLY the same argument Rupert Murdoch made (We have so many newspapers that we couldn't possibly be aware of hacking at one paper)

B) Your sixth fact is

    6. ...even though they aren't in YC for IM, YC has no real influence or control over IM or even the team.
There are actually two parts here, and I'd like to hone into the first for a moment: "even though they aren't in YC for IM". It seems VERY odd that PG would allow companies to pivot without first having an office hour or discussion with partners on the matter, and if what you are saying is true then there are deep procedural issues. Murdoch tried to make the same argument regarding autonomy of the individual units under News Corp.

C) Your second and third fact focus on partners and alumni. They have additional senior staff, so how was this allowed to happen? If the partners and alumni did share the same mores as PG purports to hold now, and if at least one partner or alumnus dealt with IM, then there's an internal inconsistency (akin to blaming rebekah brooks for what is really a cultural issue)

D) Your fourth fact tries to argue that this is a single bad apple. It's the first instance being reported. Of course it's an isolated incident insofar as no other company attempted the same effort, which is exactly what James Murdoch claimed regarding News of the World.

E) " Immediately after it being brought to his attention, PG followed up with the owners and they made some changes as a result..."

The problem is that the underlying problem wasn't resolved. PG decided to point to the TOS, which doesn't address the nature of the business model. This is akin to James pointing to ATT's terms of service and security model.

I'm pretty sure that for whatever "fact" you wish to throw there's an analogue, and until there's some sort of real "accountability" I don't see how you could have such unwavering support.

My expectation is simple: if YC wants to invest in those types of firms, that's their prerogative and they should own their decision. Don't try to pull some cognitive dissonance. Just say that you are comfortable with investing in the malware model, and this entire discussion would be moot. The only reason my reply makes sense is because PG and YC claim to aspire to something higher. If we all drop that assumption, then the original issue is really irrelevant.

And with regards to your last comment: " YC explicitly looks for people doing things that might seem questionable at first.", I think you misunderstand what 'questionable' means there. Questionable there means "i doubt it could succeed", not "shady business practices".


Perhaps against my better judgement I am going to give you the benefit of the doubt here. You seem to be misunderstanding the situation with IM and YC; according to what PG has said so far, the IM team did not "pivot" while in YC. Again, just to be completely, perfectly, totally crystal clear: nobody at YC was aware of IM. That's not what the team applied for, and it's not what they were accepted for. YC applications do not ask for work history. You are not required to share your resume. They do not ask for references. If I had in the past built a business on exploiting Wordpress installations, it would be largely irrelevant to YC (until such time as someone found out about it, posted it to HN, and triggered the predictable witch hunt).

And, again, even if someone knew about IM -- even if it was mentioned on their application as a past project -- there is absolutely no reasonable expectation that YC's principals should have looked far enough into it to come to the same conclusions that other people here did.

Furthermore, I'm not sure where people are getting the notion that YC funds things on some moral basis. As far as I know, there has never been any statement to that effect, nor is it supported by data. At most I would say only that YC looks for startups that "make something that people want". You seem to be on some kind of mission to "expose" YC, except that all you're really doing is exposing what you have imagined YC to be. This makes you look silly, not them. Every single batch, there is at least one thread on HN wondering why YC funded some company or another, usually because people disagree with the business model. Yet, people are still surprised when YC funds something they disagree with.

I did not at all misunderstand what questionable means. I used it exactly as I meant to.

Finally, your continued comparison to Murdoch is beyond absurd. You are performing a slightly more contemporary version of Godwinning this thread. I shouldn't dignify it with a response, but, Murdoch was found to have been willfully ignorant of what was going on, all while there were widespread (and well-founded) allegations that in fact the top-level executives of his various companies were (and still are) carrying out his wishes in spirit, if not in letter. The News of the World incident was only the one that they happened to get caught at. Only the most imaginative mind could find some kind of allegory between that situation and this one.


It's clear you don't seem to understand investments, given your assertion:

    the IM team did not "pivot" while in YC
Like with any other venture capital or private equity placement, YC starts from the moment the team accepted the investment and ends when the legal entity behind Y Combinator fully divests its financial interests. YC can choose to sell its equity, and their refusal to do so is a tacit approval of the company and its actions.

You are trying to claim that YC has divested its interest. Clearly that didn't happen -- if it already did, then PG wouldn't have had to respond. Stop trying to change the subject by focusing on the application -- the problem you are trying to avoid explaining is on the fact that somehow they went from state A to state B, a massive shift, without anyone at YC noticing (ironically, this is exactly the storyline in the News of the World scandal that you find criminal in one case and plausable in another). YC is a significant investor in most of these companies and (based on their claims) has a sufficiently frequent engagement with the companies that it would be hard to pivot without them noticing.

"I'm not sure where people are getting the notion that YC funds things on some moral basis."

I don't think they are, but PG is in a state of cognitive dissonance: he is trying to claim that he is being "moral" by not sponsoring spam yet is profiting from the practice. That's the part that rubs me wrong (and, incidentally, another aspect of the phone hacking scandal that rubbed me wrong) Defending cognitive dissonance is not just silly -- it's deceptive and does a disservice to silicon valley.


>"YC applications do not ask for work history. You are not required to share your resume. They do not ask for references."

Honest question: why not?

Seems reasonable, even if only to protect brand image.


But not troubled enough to not make money off them.


"literally no way" is a very strong statement - do you have any proof?


Any software that is desirable on its own will be sought out on its own. Plain and simple. There is no need to piggyback adobe PDF reader in any software that doesn't use PDFs because people who need a PDF reader will seek one out.

Any sort of parasitism is trying to circumvent this process by convincing others that they need software that isn't directly needed for the problem at hand or otherwise forcing people to install software. And that's the type of behavior styled as "questionable" in this discussion. Tactics like omitting a "no thanks", while perfectly legal, seem as questionable in many other contexts.


I feel like you may be right for the wrong reasons. "Any software that is desirable on its own will be sought out on its own." is the prelude to many a failed software project. People say the same thing about films, games, apps, etc... and it's almost universally untrue.

If you are right, it's not because no good software aught to be promoted and thus this (and by extension of your logic most any type of promotion) can't be legit, but rather that there doesn't exist a non-scummy way of conducting this particular type of promotion. Is that true?


I'd say that piggybacking on installation process is not a valid way of promoting other software. If I go to the cinema to see movie X, I don't want to have to see half X, than Y, than other half of X, just because the distributor thought that Y ought to be promoted.

Sure, advertise the crap out of your product, but do it in contexts where people expect to see them. It's like I'd let a friend through my doorstep, and a random salesman tried to sneak in while doors were open.

And first make sure that whatever you're promoting has any value for user. I'm yet to see a single thing install-bundled that is net-positive for user.


Perhaps you've heard of this thing called 'movie previews'.


I'm not saying that "no good software ought to be promoted", but rather that the promotion should happen at the places where people would seek them out (e.g. Google). Advertise for photoshop where designers would go to look for software (e.g. in design magazines, google, etc).


Gotcha.


Don't make libelous public accusations of PG if you don't know anything about the situation.


Unless the parent comment has been edited, I'm not sure what you think is libelous about it?

It's certainly a questionable company, they either didn't bother to scan for open source software being rebundled, or deliberately chose not to scan, because they knew the result would be bad.


It looks like niggler edited his comment, but he's still saying that PG is an active proponent of this. YC companies are completely independent, and you really can't assign any blame to him for what one of YC's hundreds of portfolio companies do.


PG accepted them into YC, funds them and defends them in public. If that's not an "active proponent" then I wonder how you define that term?


Comment was not edited. It looks like you viscerally reacted to a comment suggesting PG isn't a deity.


Ah, sorry, I thought it was edited, it seemed to read differently the second time. I was reacting to your implication that PG was somehow responsible for this, which, if you know anything about how YC operates, is obviously untrue.

Edit: Reading some of your other comments in this thread confirms that you're assuming a lot of things that aren't true to build an internal narrative and participate in this silly little drama. YC is not controlling at all, and is frequently not directly involved with guiding a company, unless the founders reach out for advice. It's a self-directed program.


My comment wasn't edited -- I think the critic just realized that PG isn't holy or perfect ...


I think some of us are finding it difficult to draw other conclusions.


Well as in life its the "perception" of a thing, can be more powerful than the actuality.


Definitely. I find it hard to find any reason why something like Babylon (one of the things I remember that IM might install) should not be called "crapware" or malware. Babylon hijacks your browser and then becomes practically unremovable (it can be removed but the people savvy enough to remove it are the ones savvy enough to never install it).

If users like this software so much then why do the creators of this software have to work so hard to make it next to impossible to remove? Who would want to get rid of software they love?


I ran into this one recently at work we couldn't figure out how our testing machine got "infected" with all of the ask toolbar defaults... Eventually we traced it back to the default install options for java. A lot of software depends on java, so all of these users get asked to install java, and end up infected with ask's toolbar.. It's pretty sad that legitimate software is selling out like this.


Why don't you include examples of IM misbehaving rather than other companies you're trying to associate with them? The other post about this was full of this and it's crap.


The example of Babylon translator being bundled via IM in the previous thread was specific to IM, as was the input from anti-malware companies who had targeted IM's products specifically.


haha! Good point about the ask toolbar! Didn't think of that...


Paul, I'm one of the two people you're indirectly addressing with this HN post. (The second is Long Zheng.)

I wrote here: http://www.withinwindows.com/2013/01/16/installmonetizer-qui...

Long zheng wrote here: http://www.istartedsomething.com/20130115/y-combinator-is-fu...

I'll respond to each of your items individually.

1. OK.

2. Maybe. Or more likely users are mistakenly installing these applications because the offer screen is made to look exactly like the EULA acceptance dialog seen in every other installer.

But we don't expect this to be fixed. Anti-malware vendors have stepped in and are improving their definitions to catch this garbage but it's very much a cat/mouse game. (IM has been detected a few times, btw.) IM is very aware of this "threat" and designed their system around random domain names to mitigate detection issues as they arise. (Think about it -- Does IM, a legitimate company, really need to use fcgoatcalear.us and fcvalcsoi.us domain names? Come on.)

3. No idea where you got this information, given InstallMonetizer bundled software shows no actual EULA. The only EULAs shown during install are ones provided by the package author and the offer advertisers. Can you clarify this point, please?

4. Wrong. Existing IM bundles out there still send PII in the clear. This isn't something they can just flip a switch on and fix. (I saw IM edited their privacy policy to note the new hashing procedures but sadly that doesn't cover the bundles on the Internet today. So it's wrong.)

5. Yeah, I saw the company slip in the "Open-source software is a community product and you may not use our co-bundles with it" line. What a slap in the face of those who use commercially-permissive OSS libraries in their software...


4. Wrong. Existing IM bundles out there still send PII in the clear. This isn't something they can just flip a switch on and fix. (I saw IM edited their privacy policy to note the new hashing procedures but sadly that doesn't cover the bundles on the Internet today. So it's wrong.)

Note that Paul's response said that they "are going to start" uploading hashes.


Few problems:

1. They already edited their privacy policy, so as far as I'm concerned it's "live". But...

2. It's not. And it will never be, because it's hard-coded into the software bundled out on the Internet today. They may provide new bundles with hash code in place, but it's too late...


3. It's included in the EULA of the app itself. They modify the installer.

4. I don't think there is any claim that this can be fixed instantly.

5. This is not for OSS-using libraries -- that's totally cool. Everyone uses open source. What they've banned is people wrapping VLC to make money off software they haven't written. That's not cool.


3. Have you used IM? :)

4. It's in the privacy policy, so it's supposedly live. Or are you saying the policy is wrong?

5. That may be the intent, but did you read the policy? It's a one liner banning all OSS.


Also, transmitting MAC addresses and IP addresses in the clear really isn't anything to write home about -- that's how all TCP/IP packets are transmitted over ethernet, after all. The real question is what they do with that data on the server side. If they so desire, they could change that behavior far more easily, and retroactively apply that transform to all the data they've retained.


Not exactly, the MAC address (which is a far stronger unique identifier than an IP address) will usually only survive the first hop in an IP transmission.


Not even 'usually', it doesn't exit your LAN at all, once it hits your router, it is stripped and your data is packed with a different MAC address on the WAN (or any other layer 2 identifier depending on your connection), same for each hop after that.


If you use EUI-64 as your interface ID in IPv6, your MAC address is part of your IPv6 address. That said, no modern OS does that anymore, times 1% of IPv6-enabled users, so the closer term is "almost never".


Confusing inept users into installing random toolbars[1] that break their browsers and force them to call IT pros to 'clean up' their computers is pretty scummy. Sorry, but it is.

You can make a lot of money doing all kinds of popular things -- pimping women, selling drugs, selling 'likes' on facebook, selling botnets that create fake clicks on advertisers, ponzi schemes, etc. Some are illegal, some are just barely legal, but they are all damaging to someone. This line of business is known as 'scummy' and InstallMonetizer is plain 'scummy'.

Simple fact, trying to rationalize it doesn't help.

[1] http://installmonetizer-review.blogspot.com/ " 3. Which type of bundled software does Install Monetizer include in your installation package? Most of the bundled software are toolbars, though the company is always changing which software are available. When I first started Install Monetizer they offered just two softwares. A toolbar called White Smoke and good old Real Player. Today they have about seven install packages available. However, only USA Search and Facebook Profile turned profitable."


I installed these things from an Install Monetizer install on my own computer. I uninstalled them. They were all completely uninstallable. None of them broke my browser.

IM actually screens out advertisers and publishers who break browsers, and they don't work with them.

Seems better to me. As another commenter mentioned, IM is trying to legitimize a space that's scummy, the way Google did for PPC.


So you're a YC partner defending this company. You also posted this in another thread, which was your own submission with a linkbait headline to your own blog, which was an obvious advertorial for Survata:

"Survata is a survey-wall -- meaning you have to answer a survey before you see a given article. They have about 20 publishers signed up, and they're all non-spammy content."

Survata is also YC funded.

FYI, all survey walls are "spammy content" and the data from them is garbage. Installer bundles are spammy content. This is all scummy. Please stop funding these types of companies. And please stop with the borderline meatpuppet posts and plugs.


I think people will be wondering if this resembles the founders' ideas when they were funded by you, and if this represents the kind of company you wish to be funding.

You may of course defend the product on technical grounds (accept buttons, EULAs, etc) but I find it hard to believe that you truly think it is anything but a nuisance to end-users.


They're working on something new, and all the office hours I had with them were about that. They're not even in our database of companies as InstallMonetizer but as the new thing. (I'm not sure if I can say the name because it may not be launched yet.) I knew they had some previous product that was called a Windows installer, but I don't think we ever talked about what it did.

The whole world of Windows software seems pretty grim, and when people get something for free or cheap they're often willing to click through a bunch of buttons to get it, but as far as I can tell IM isn't actually misleading anyone. E.g. as far as I can tell it's no worse than all the upsells people have to click through to register domains on GoDaddy.


pg, I think you should make this point clear in your OP. The reason I say this is that I don't think the majority of the indignation towards InstallMonetizer was around the fact that they do what they do, but rather the fact that YC appeared to have endorsed their behaviour. I think it would come as a kick in the guts for a lot of people who slaved away at 'big ideas' only to get rejected for YC in favour of a company like InstallMonetizer.

I don't think the average HN user is really interested in having InstallMonetizer change their business practices (it seems futile to form a witch hunt against one of many companies).

Currently, the OP above makes it looks as though YC did invest in InstallMonetizer and that you endorse their current practices and are defending them against the mass of hate.

I think a better way of handling this would be to make it clear that engaging in questionable business practices is not the way to get funded by YC, and distance yourself as much as possible from these guys.

Just my two cents, FWIW.


Fair enough. It does come across on http://www.installmonetizer.com/AT_aboutus.php that the product is funded/endorsed by Y Combinator though.


I think this clarifies the whole thing: pg doesn't mind that much making Windows ecosystem a bit shittier. Not doing it purposefully, but also not feeling too bad if that is a side effect.

Edit: spelling


Thanks for the update. I hope that whatever new they're working on will be less grey than this, and wish them the best of luck!

pg, the world of Windows software is grim, but mostly it's because majority of users are not tech-savvy. It's not that they are willing or not to click through buttons, they simply don't know what they're doing. I've seen this countless of times, and cleaned up many more computers from the results of such installations. IM might not be misleading anyone, but it's mostly because you cannot mislead a person who doesn't even listen to you.

All in all, whether or not IM will make Windows software space worse depends strongly on how they'll select the advertisers. It's a lot of trust to be put in a company, so no wonder people are sceptical.

I also think that GoDaddy is a very low standard to compare to, much, much lower than what we came to expect from YC startups.

(EDIT: spelling)


Thanks for the update, pg.

I'm glad they're looking at a different avenue. While we can debate the particulars about whether or not certain windows installer ride-alongs or all of them are scammy, I don't think it's a valuable business. Comparing to GoDaddy doesn't make it sound better via association.

Hope to see something more awesome from these folks soon.


I somewhat disagree that this is "no worse than all the upsells people have to click through to register domains on GoDaddy"

Although admittedly I have no idea what GoDaddy's checkout procedure is like since I have honestly never used it, maybe it is especially terrible in which case that is not a glowing reflection on this software..

However, thinking of less technical users here.

When you are in the mode to buy something , you are probably prepared for an upsell at some point and know what to look out for.

When installing something on your computer, a less savvy user is likely not knowledgeable enough to understand the implications of something extra being installed on their computer with often full administrative privileges.

They are also unlikely to understand the difference between an extra system component that must be installed for technical reasons (.Net, DirectX etc) and some third party software that is completely separate and not required.


I suspect people registering a domain on GoDaddy will have a much higher probability of being technically inclined and able to know what to pay for and what they don't need. Further, GoDaddy will recommend products which are relevant to someone who does or will be managing a website etc..

This is worse than that. I know the types of people who have browsers full of ask.com/aol/etc toolbars. They aren't technically inclined. They don't even recall how those toolbars ever came to be there and they never wanted them.

They aren't able to see through the tricks. They want to download software. They know that's the goal. Installers simply have to keep offering them opportunities to download software and they'll keep agreeing to it to achieve their goal.


I think the right thing to do here would be to ask them to remove mention of YCombinator from their website and not use it in press mentions.

At the moment, their website states:

"We are a YCombinator company (YCW2012) and are backed by some of the most prestigious investors in the silicon valley."


Any comparison involving "no worse" and GoDaddy does not have the intended effect...


You're a much more patient and understanding person than I am, pg. My initial reaction to pretty much every comment here is "Peanut gallery -- start your own incubator, or just accomplish one noteworthy thing in your life."

As a non-pg entity, I feel vicarious indignation. Who are these random nobodies who think they're entitled to question how/where you spend your time and effort?

And the people who get up on their soapbox about the ethics of YC or how you've tacitly endorsed deceptive practices? Ugh... eff the eff off

EDIT: to head off the obvious criticism, yes I do think there are legitimate questions about IM's business model. My point is: show some humility and circumspection when asking them. Unless you've had to earn $1 directly from a customer (no boss managing and organizing your work) you're an outsider looking in at a completely different universe. Act accordingly.


You're more obnoxious than all the critics in this thread put together. Get off your high horse.

The reason all the "random nobodies" are questioning IM's business model is that they have deep-seated feelings about the scammy business and the evilness of Windows installers. They spent hours cleaning up mountains of crap from their relatives' and friends' computers. They understand how non-tech users feel helpless in the face of sneaky bullshit artists piling that crap onto their hard drives, and they feel enraged when they think about it, and for a good reason too.

So in fact, nobody who's in business of building installers that distribute crap toolbars deserves humility and circumspection. They might possibly be that rare exception, a flower blooming on a dunghill, but asking sharp questions to establish that is neither impolite nor inappropriate. It comes with the territory they've chosen to grow on.

Your moral indignation is as laughable as it is corrupt. Just as much of it would be appropriate defending an actual spammer - I can see you directing people to get off their soapboxes and telling them they don't get to judge the spammer's business until they earned $1 from a customer. A "completely different universe" indeed. Get a clue.


> They spent hours cleaning up mountains of crap from their relatives' and friends' computers.

In my case (by extension, my business), the appropriate units here would be "months" (assuming 720 hrs/month).

Yet I still don't see this as a YC issue, I don't see anything more justifiable than a quibble over PG's response to it, and I'm a little stunned at the vitriol here.


I like your recap of the issue in a different comment, but I think you're not giving enough weight to the fact that it wasn't known before that YC funded the team starting on a different projects, not IM. In fact, even now this information didn't appear in pg's update, only in a comment of his later on. I think much of the vitriol you're stunned at comes from people thinking that YC knowingly signed off on and invested in IM's business model, and I think that's quite enough to be shocked by, if it were true.


That seems reasonable, and it's supported by IM claiming to be part of YC on one of their pages.

Still though, the response seems disproportionate. It's not like YC has recently developed a pattern of funding distasteful businesses (or teams); why did everyone automatically assume YC was behaving badly?

There still seems to be a problem in people jumping to conclusions before having enough information at hand. A lot of the comments on Aaron's case were symptomatic of this (the fallout too).

I'm not sure if this is a new problem here or not, but it seems to be getting a lot uglier recently.


Thanks for demonstrating my point exactly. You are so far removed from the actual facts of the case, let alone any actual impact, and yet the fury and vitriol you're showing -- along with the certitude you have in your judgments -- suggest that, frankly, you feel entitled to have a say about anything you please. No justification necessary, you have an opinion, therefore your opinion matters.


I never really like these type of arguments. For example if I believe a doctor is acting unethically is it wrong for me to call him out because I don't have a medical license?

Sure, there may be factors here we don't understand here but I think now would be an excellent time to unveil whatever grand plan they have to head off the PR shitstorm this is in the process of creating.

As I have mentioned elsewhere YC have gained significant nerd-cred which has no doubt been beneficial to them. This seems to be largely because they appear as a company that has strong driving principles about the sort of changes they want to see in the world.


For example if I believe a doctor is acting unethically is it wrong for me to call him out because I don't have a medical license?

No it doesn't mean that. What it means is that you, as a non-doctor, should excercise some discretion and humility wen choosing your words. Expressing harsh condemnation and judgment when you have a small piece of the picture is an unbelievable asshole move. None of these Tough Guys throwing around words like "crapware" and "spammer" would ever call anyone out like this in public, I guarantee it -- it's all keyboard courage and nerdrage.

This seems to be largely because they appear as a company that has strong driving principles about the sort of changes they want to see in the world.

IMO it's more due to the fact that YC asks for nerds to come as they are -- the entry process asks you how you're a hacker, and if you're selected you get an interview where pg wants you to geek out with him about your product. No flashy pitches or navigating social networks to get the right intro -- it's a process that cuts out all the BS that doesn't appeal to nerds.

The idea that there is some violated goodwill is just backwards rationalization. And it doesn't change my point, which is, essentially: who are you to question where YC invests?


who are you to question where YC invests?

A free man, in a free country, on a message forum where all are free to post their opinions?


I've earned several hundred thousand dollars directly from customers by doing honest work. I guess that means I can say that taking advantage of a person's lack of computer expertise to crowd his computer with toolbars, hijacking his search efforts, and making his web browsing slow to a crawl just to make a buck is very sleazy behavior.


Uh. No you could already say that. You are also qualified to talk about how hard it is to earn money and find customers for whom you can deliver value. You can also now maybe talk about the balancing act that occurs when you take on outside money, start a new product, or look for customer money in places that are less-than-promising. Perhaps you can also talk about what it's like to have to do things you might find distasteful and work with people you might otherwise not choose, so the business can stay afloat.


"Perhaps you can also talk about what it's like to have to do things you might find distasteful and work with people you might otherwise not choose, so the business can stay afloat."

Maybe the business shouldn't stay afloat, maybe it should wind itself down.

I say this as someone who was approached by InstallMonetizer in 2011/2012 to add IM to the installers of my Windows apps. I declined, of course, because I wouldn't want to trick my customers with the tactics that InstallMonetizer uses. Tricking customers with EULA-like 'offer screens' to install browser toolbars is wrong.

I would rather close down my business than treat my customers that way.


This. More transparency with what and how IM used to act is not relevant to the forward perspective. They carved a niche with piggy back installers. What possible positive use could such service have?


Just because you or I might find something to be a nuisance, doesn't mean most end-users will. Done right, I can easily see unsophisticated end-users being appreciative at being offered useful software that they would otherwise have not known about. I see this crap on my mom's computer all the time - she's bothered by it only if it affects performance or pops up with some message. If it's just sitting there, or if she actually uses it, she couldn't care less how it got there.


Do you really think "most end-users" prefer the stuff that IM installs? Come on.


"Prefer" is a higher bar than "don't care" / "not a nuisance".

I don't know what IM installs - but I see Norton on their webpage. I can easily see "most end-users" installing something, seeing the opportunity to install Norton Anti-Virus, and thinking to themselves "oh yea, that sounds like that'd be useful".

Just about everybody on HN is extremely technically savvy - we can't assume that our computing preferences are shared by "most end-users". Note that I am just responding to the assertion that "it['s] hard to believe that [PG] truly think[s] it is anything but a nuisance to end-users".


Of what value to users can be a piece of software that they never heard of, don't know what it does and don't feel a need for it? Were they having a problem they wanted solved, they'd intentionally look for the software.

> we can't assume that our computing preferences are shared by "most end-users".

Those are still anecdotes, but I think most of us actually can say this or that about end-users preferences, after countless of hours spent on cleaning their computers. I for one think that calling it "nuisance" is a massive understatement.


if you ask these non-technical end users whether they rather have the free software that comes with some crapware, or have to purchase a paid version (of the same software), i think you would find most would choose the free version.

While i dislike the idea of crapware, if it funds useful pieces of software, perhaps its a nuisance that could be tolerated.


Norton is not a current advertiser (neither is Bing or Real), assuming Withinrafael is correct about how the Offer Screens are gathered. See his post about how to download & view the offer screens here:

http://news.ycombinator.com/item?id=5086435

Quoting Rafael: "You'll find they only have 42 current advertisers... and not Norton/others listed on the site."


People pay businesses like mine to remove the sorts of software that IM bundles. From the end-user's perspective, they don't understand how this stuff gets on their computer, and they don't feel comfortable removing it because they don't want to break anything.

Put another way: people "get" this software for free, and then pay other people to get rid of it.

And then other scuzzy companies have built a niche industry around the "PC tune-up", prompted by stuff like this software, charging a lot of money to people who don't know better. And, often all these companies do is run software that has been specifically designed to remove junk software.

A lot of this niche is exploitative, taking advantage of people who don't know better, and it's all supported by the bundling of this crap. That goes well beyond "opinion"; "opinion" might be, "Facebook is crap", but there isn't an entire market built around people paying other people to shut down Facebook accounts. Users aren't "choosing" to install these things any more than someone might "choose" to step on a pile of doggy doo in the park.

IM really isn't your responsibility though, so thanks for getting them to flush out the OSS-wrapped stuff at least.


> Every IM install screen has a decline as well as an accept button

Well, could you provide a screenshot of that screen? Usually users are misled into thinking they are accepting the install of the software they actually downloaded.

> The apps that get installed are "crapware." This one seems a matter of opinion.

Yeah... I don't think very highly of your opinion if you really think like that. Making someones computer slower or less usable by installing "unwanted software" is something that should be forbidden in my opinion. Really, do you have any idea how much hours of my life were lost by removing crapware from computers?

I did check the ycombinator.com website for any indication if the type of company or product was of any concern. I did not find anything about that. This probably means ycombinator is actually just interested in the money and not in making the world a better place. Silly idealistic me...


Yes, I definitely think we need screenshots (too lazy to sign up and get them myself). There used to be a graphic on their website (gone now) that showed an offer looking like a decline/agree license page. Under it they claimed their text is optimized for conversions--in other words, getting people to click.

Edited: the graphic isn't visible on their pages, but still available on their servers; see GuessWhy's comment:

  http://news.ycombinator.com/item?id=5093242
Also, if this company pitched a new product to the investors, and then used the funding, or at least the branding, to run their old product (especially one deemed spammy or scammy by a majority of HN readers), it sounds like this company has figured out how to game the angel investing game.


All the technical details aside, if you guys at YC ask yourself "Am I proud of funding this startup?" we both know what the answer is. In all fairness, PG said that YC funded another project from this company; I guess they've just used the YC name for credibility.

I find it quite ironic how PG went from building a spam filters to funding a spam company. Just for your information, this is what you've put your money and using your growth YC alumni for: http://www.kraftfuttermischwerk.de/blogg/wp-content/uploads2....


I worked for a few months recently as a remote support agent for a big ISP, and many of my customer's browsers looked almost as bad as screenshot you posted. As I was cleaning up, I would ask them for each toolbar (because I was required to) "do you want me to remove this?" They would invariably reply "I don't know what it is or how it got there." I think this pretty much kills the "informed choice" rationalization. About the only toolbar they understood or wanted was Google, and maybe the one that came as part of the isp's setup package (because they were used to it).


I don't understand all the moralizing going on in this thread.

VC is about funding the companies that could make a lot of money. When did we start expecting them to be the morality police?

Sure, if YC wants to build up a reputation for funding "honorable" startups, then they can choose to do so (and will choose to do so to the extent that they think it makes business sense). The comments here that say "This might be bad for YC's image and hurt YC long term" are all well and good. But lots of them amount to "this is bad and you should feel bad", and these just seem disconnected from the reality of market economics.

If YC doesn't fund some scuzzy but profitable company, someone else will. You can't solve job-outsourcing by asking companies not to outsource jobs, because the companies that play along will just get their asses kicked by those who don't. If you want to solve this problem, you have to do it at some other level (usually the laws and taxes level).

It's unreasonable to demand that YC pass on profitable businesses just because we don't like what those businesses are doing. I agree that IM doesn't seem to be making the world a better place, but that's not a problem that gets fixed by asking everyone to cooperate in starving them out.

Perhaps there's a line at which it's worthwhile to call out people for following the incentives that the market has given them, but I think this line is probably a lot closer to the "murder" end of the spectrum than the "installer checkboxes" end.

(Expecting downvotes, think I'm okay with that.)


I've never understood this line of reasoning.

It is entirely within YC's right to fund businesses that a portion of the Internet find scummy.

Shockingly, it's entirely within the rights of that portion of the Internet community to then whinge about them funding said scummy businesses.

And it's YCs right to care, or not, about that opinion.

Someone once wrote a blog post that had a paragraph on cheating (on your spouse etc) and what constitutes cheating. He said that it doesn't matter whether you think what you did was cheating, only whether your spouse thought you were cheating. Your worthiness is entirely in the eyes of the other person, not yours. The other person is who you're 'selling' yourself to.

And so it is with companies. If McDonald's customers suddenly care about healthy food, McDonald's has to too.

The question is, is the portion of the Internet community that thinks these people are scummy YC's spouse? Should YC bend to their version of reality?

That's for YC to decide.


There are a bunch of people who believed that YC was somehow different from/better than tactics and behaviors exemplified by firms like Bain Capital. Some of those people are starting to wake up.


There are shitty things in the world. Some of those shitty things are profitable. Many many profitable things are not shitty. It is entirely up to the individual whether they want to be a part of the shitty things, particularly when the individual has the privilege of being in demand. If you're a software developer who decides to work on scammy tools to make money, that's fine, but don't expect me to not factor that information into how I decide what kind of person you are.

Further, YC is supposed to be innovation, and disrupting entrenched markets. Profitable innovation and profitable disruption, yes, but as I said, there's more than one way to make money, and the way YC claims to want to make money is in those ways. Bundling crapware with Windows installers is not a disruptive or innovative way of making money. It would be classified as a shitty, scummy way of making money that has been happening for years. Many of us here that admire YC admire them because we think that innovation and disruption ultimately are beneficial. So when YC, instead of funding innovation and disruption, funds scumminess and shittiness that's been happening for years, we are disappointed in them.


If IM would be solving a problem, I would agree. Unfortunately it is crapware. Crap. Ware. It is not solving a problem. It is making the world a worse place. Maybe they should start Investing into viruses?! where does this end? It's something I wouldn't expect of pg and yc. It's simply immoral and shit behaviour. Divest or be disgraced!


Classic straw man argument. Viruses are illegal in almost every case and thus clearly they should not, and will not, invest in viruses. Not that I support IM, but they are solving a clear and distinct problem: software is hard to monetize.


I'm not sure why you characterise this as a straw man argument. GP post suggests that investing in viruses is unethical on a similar scale to investing in deceptive crapware installers.

You drew a separate distinction between those scenarios (whether or not there is a legal difference between deceptively installing crapware and promulgating viruses). I would suggest that you are re-stating and seriously misrepresenting GP's argument, rather than pointing out any genuine fault with that argument.

On a related note, in my view tying your ethical standards to whether or not a given activity is currently illegal is both lazy and far from optimal.


The virus statement was a rethorical question.. Unfortunately it is not a real problem that users face. It's a problem that a very small minority has and that inconveniences the majority. If that's what you set out to do in life..


I guess most of us here got used to YC's reputation and don't want to see it loosing it.

> If YC doesn't fund some scuzzy but profitable company, someone else will.

This is never a valid argument for explaining your behavior. There's a good chance that someone else will do it anyway, so now there are two bad actors instead of one.


Yep, if there are less VCs and incubators willing to fund these companies then these companies will find it harder to get favourable terms, therefor there is less incentive to start these sorts of business.


The problem with your logic is that if these ethically grey business models are profitable, you have to agree that the less morally demanding VC will indeed fund them (after all, profit is profit). Eventually, YC might still have their high ethical standards, but its the unscrupulous VC that makes the most dough. And the market selects for those who makes the most dough, not those who has the highest moral standing.


Well, YC does not control the entire market but they are certainly prominent in it and seem to have no lack of interest from investors and entrepreneurs.

I think what YC does probably does send stronger signals to the market through the startups they invest in than it does through pure dollars and cents.


> VC is about funding the companies that could make a lot of money. When did we start expecting them to be the morality police?

Maybe they should start investing in private prisons and arms dealers. I hear they make loads of money.

To come down from that loaded statement, a good investment is different from a profitable one. Or at least, I'd like our culture to believe that.


Nobody necessarily expects YC to be a charity, on the other hand they have made significant PR and marketing capital on the basis of being basically a force for good in the world.

For example PGs own writings: http://www.paulgraham.com/good.html


It's not an issue of installer checkboxes - it's an issue of abuse of trust. Would you feel the same way about the no-doc home-loans that were handed out just so that some brokers could make some money? They were simply some checkboxes too that nobody cared to read through - and look where it led us.


YC already is associated, by their own will, with companies that innovate, work on crazy new ideas, build the future, disrupt markets, solve problems. Not sleazy marketing schemes.


While you may not have a right to tell the companies you fund what to do, you certainly have the right not to fund them. At the same time, you are running a for-profit business, and turning down a company you feel is likely to be successful isn't responsible to the other people involved in Y Combinator. And as far as I know, they could have entered the program with a different product and changed tacks partway through. All this to say that I do not have the right nor the information to question your professional decisions.

Personally, though... is this a product you're proud of?


The vast majority of people are not deliberately choosing to install the software. They are "accepting" it by accident, by pressing the wrong button or because they are rushing through the installation and are not paying attention.

No consumer wants this stuff. The advertiser's software is a nuisance and gives no advantages to the end-user.


That's one of the hard things about advertising-- beyond an informative product announcement, most other advertising ranges from useless to annoying to the consumer. I know that I spend a certain amount of almost unconscious mental energy ignoring advertising, and any time I do research I have to sieve the results to filter out biased advertising-driven material. (It's particularly bad in health-related stuff.)


This doesn't mean pushing useful software isn't possible.


These guys have gotten a lot of flack they don't deserve. A friend of mine builds and distributes what most people would consider "crapware" (toolbars, adware, etc.) and was flat out denied by IM when he tried to use them for distribution. Sure a bad apple or two might slip through, but according to my friend its rare to ever be denied by a distributor unless you're not willing to pay going rates.

It seems like they are working to clean up a dirty industry. Just like AdWords did to the PPC business.


This industry sounds dirty by nature, you can't 'clean up' spammers or prostitution either. Just because a pimp won't sell his girl to just any old John, doesn't make the whole act any better. It's people in the middle trying to make money off of someone else's hard work.

It is really simple, just don't attempt to trick users into installing stuff they didn't want to download in the first place (anything outside the bundle they chose to download). Additional steps on install only take away from the user experience and taint the experience of the application you are wrapping.


To be fair, I don't think the prostitution analogy holds too well here. At least a prostitute is providing a service that there is legitimate demand for from the end user. You could also argue that one could "clean it up" by making it safer and better regulated.

A more apt analogy might be drug dealers subsidising medication by cutting it with heroin.


> To be fair, I don't think the prostitution analogy holds too well here.

I agree. That's why I often tell people that I have higher regard for prostitution than for telemarketing - the former at least provide value in response to a genuine need (whether we feel it's beneficial for society or not). Telemarketers however, just like install bundlers, actively try to exploit people.


Yeah, it was a stretch, your analogy is far better.


Well... I would like to disagree on your opinion about cleaning up prostitution. Over here in the Netherlands it seems to work just fine. If person A pays person B for doing intimate stuff that doesn't really harm anyone.


Yeah, it was an analogy that did not work and would lead off-topic here. Some people can willfully sell their body, while others have no choice (lack of education, drug addiction), it's those ones I am worried the most about.


[deleted]


I think we agree?


Probably not, since I've never seen clean prostitution (or participated in any), I don't feel experienced enough to make a statement either way, I'll admit to that. Since it is not legal here, most of the people getting into it are either being abused/exploited/drug-addicted.

I'm generally under the thought that person B is always being exploited in some way or another, but there are always other cases out there.


The best way to "clean up" a dirty industry that adds no value is to starve it until it dies.


Why do you think it is impossible for it to add any value?


Why does it add value?


Thanks for this explanation pg

This raises a question though: does this company make something that users want? When a user installs a specific program is he/she looking to install other software as well? Is the argument that InstallMonetizer bundles useful software that it feels will enhance the user's life in some way? (going off the adage that the consumer does not really know what they want i.e. they'd just ask for a faster horse)


In this case the users are the advertisers. Clicking on a decline button for other software they don't want (in the worst case) is for the end-users the price of getting software they do want.


That isn't the worst case. The Windows using victim* could install something accidentally by careless clicking (the "Yes,Yes, Yes" Windows installer process).

I recognise you are treading a fine line between defending a company you feel a duty to and practices and business model that you probably wouldn't select for Y-Combinator on the publicly visible business model. I hope they pivot to a less controversial model and leave you in a more comfortable place.

* You are right that the users are the advertisers but that must make the person running the installer the victim or at best the product.


In a few months, I will, once again, uninstall 10 tool bars from my mother's computer. She doesn't want them but they are all installed. Why? Because allowing users to opt out of installs is effectively the same as installing through a drive by process. This type of software is among the lowest form. Whether it's legit or not, the end result is a nuisance to users. I hope their new product isn't as seedy.


Despite the defense of InstallMonetizer, their payment model and practices do not appear to be what you would find with a legitimate software business.

InstallMonetizer has been used by malware as a method to make money as early as April 2011. It was being silently installed by a large botnet, and I assume that the botnet affiliate was making money off the installs.

Their installers are also labeled as a malware by AV vendors, and treated as such by network monitoring infrastructure.


my company's IA dept treats IM as malware FWIW...and we have industry leading IA/CND operations


Extremely disappointed. If integrity in all aspects of a business is a lower priority than growth, then I don't suppose there is any difference between Wall Street and Silicon Valley investors anymore.

Questionable practices should be just that - questionable - and remain that way. This "ironing" over by stalwarts like pg poses the danger of this stuff becoming the norm over time.


You can stomp on the grey areas all you want on individual points, but you have to really look at the whole picture.

What is the end result of the software they produce? Without marketing buzzwords thrown in to mask the true intentions?

To bank on ignorant users and to leverage that ignorance to increase revenue.

Same people who do the AV browser pop-ups designed to convince your grandma that 'your computer is infected', they are using the same tactics with a different costume. I actually spoke with a spammer last year (I'm sorry 'content distribution network' as they called themselves) and the double-speak was just infuriating, that was all I could think about when reading this.


>Every IM install screen has a decline as well as an accept button, and if the user declines, no software is installed.

Which is the default? Decline or accept?



This really is the key question. When installing an app, a user should just be able to breeze through the install wizard and not waste time on every screen reading to see if it may slip an unwanted install in.


About 95% of installs are from users who don't understand what they are doing. Of course they are going to make it opt-out by default. They will probably provide an option for advertises to choose opt-in, but that will be used in only about 1% of the cases since it cuts their profits by 20x


What about opt-in vs opt-out? Would this company be profitable if all of their toolbars were opt-in only?

I'd be willing to bet a dollar that InstallMonetizer will tank if they relied on opt-in, but will make bank if they rely on opt-out.


InstallMonetizer will tank if they relied on opt-in, but will make bank if they rely on opt-out.

Just like the US Postal Service if direct mailing was opt-in instead of opt-out. What's your point?


The USPS is a public service. The public service is subsidized via direct mailings. If everyone opted out of direct mailings(or if direct mailings were opt-in), the USPS would continue to operate, only they would either charge much more to deliver posts, or they would be granted more subsidies from the taxpayers.


The point is that post is providing opt-out value for their users. Install bundlers are providing opt-out things their end-users don't want or wouldn't want if they understood what's going on.


Can you clarify what you mean?


Please disregard that comment. I misunderstood the meaning of "direct mail" (I'm not from US). I apologize.


Of course, the USPS is tanking anyway...


Beware that IP addresses are only 32-bit and MAC addresses are only 48-bit. So hashing them individually won't do any good.


Concat them into a single 80 bit value and hash THAT however, and you should be more than fine.

Even the 48 bit mac address alone is 281,474,976,710,656 possibilities, and thus likely rainbow-table proof, especially if salted.


Perhaps worth noting that mac addresses do not have 48 bits of entropy. You can prioritize the OUIs actually being used in consumer NICs and chop that down substantially.

IP addresses don't have 32 bits of entropy either for that matter.


That's true. However, with adequate salting it really shouldn't matter.


I think the idea of the hash for IM is to prove uniqueness in a dispute. Salting the hash would make it useless in that case.


In response to point #2: Glad to hear you'll be choosing to install my new search toolbar! Did you know it comes with free 3D smileys?

Really though, if you weren't one of the criticized parties (for funding them), would you really think the same about points two and three? And even bothered to point out the first? Regardless of whether you should have funded them, your post sounds rather biased.


You can explain it any way you want but it's still a product that's meant to take advantage of an ignorant audience plain and simple. Any person outside their audience knows where and how to get the software they want. There is no use for IM's service outside of the ignorant mass of computer users.

Consider another angle on this software: it is a direct contributor to the daily stress of IT people and the "computer person" found in many families.


>They make "drive-by installers." A drive-by installer installs software without the user's knowledge. This accusation is false. //

Nope.

A drive-by installer installs software without _express_ consent of the user. A default of accept or a checked "install" checkbox for a bundled product that is not labelled directly as the software being installed (ie you clicked a download link and it said SoftwareX) then it's a drive-by.

Adobe are doing this now. Last straw, if Adobe Readers vast girth wasn't enough well this certainly is.

Either the download must say "StuffYouWant.exe with CrapwareBloat.exe" or the installation of the later must only be done by non-default action. If these conditions aren't met then it's a drive-by installer and those consciously profiting from it need to check their morals.


PG, your funding a company who recommends users to install Bablyon which is considered a virus by many. Why don't you come out and tell it like it is? IM is a profitable business with potential to make you lots of $$. Stop the bullshit, it's making it worse.


By default add-ons should be unchecked.

I always get calls from my parents (this weekend with an AVG download) when they realize they downloaded a service and now they have extra services they did not want - toolbars among other things... it becomes my problem and it sucks.


Woah. This is so off, so disappointing. Petty defence on technicalities, while stepping around absolutely bloody obvious ethical issues. Wow.


I kind of figured this from the get-go. I met them at Affiliate Summit and was quite impressed with them, so the controversy felt a little overblown at first glance.

Glad to see they are the kind of people we can safely work with.


Go right ahead, since your profile says you're an affiliate marketer with an "eye for monetization."


This is a company doing the right thing in these messy industry. They are growing and winning because they are playing by the rules and trying to do the right thing!


This may be true. I don't think they're doing anything truly unethical -- if everything pg says is true -- and they may indeed be trying to bring some improvement to a sloppy and shady industry.

That being said, this sort of thing is sort of depressing. It's representative of the ho-hum dregs of innovation being offered up by most startups, at least in the Internet sphere. If I didn't know better, and I don't, I'd say the net is showing signs of being stuck in a holding pattern. Yuck.

All the interesting stuff seems to be in other areas: bio-medical, consumer devices, high-tech hobbyist stuff, and in the big ticket realm aerospace and transportation.


Good to know that you did something about it PG :)

I will remain liking your work! :)

But please, keep paying attention... I think that sometimes if companies can get away with doing bad stuff, they will (in that case maybe it was not malicious, but getting IP and MAC addresses is kinda dangerous for example).


Doesn't sound like he did anything to me. We all know damn well that this is crapware, and the only people who install it are confused or just clicking through.

Set the default to opt-out with no encouraging language and you'll see how much users really "want" it.


As long as the choice to install (unwanted crap) or not is opt-out this can only be considered a bad-faith business.


Some of you guys are being ignorant, and too much time on your hands. What IM is doing seems legit from all the information here. It's giving devs some opportunity to make a living. If you don't like the wares don't install it. Simple.

If you were seriously concerned about internet privacy you'd be discussing in depth Google, Microsoft, etc.. policies which affect virtually all inet users and not some small operation like IM.


> It's giving devs some opportunity to make a living.

So does writing IT software for the Mafia.



Is this intended to be persuasive? You're not doing your coworkers a service here.


"The usage info is (a) collected only for the first 30 minutes and (b) is only used to prove to the advertiser that the install is by a human and not a bot."

Well that sounds easy to spoof.


Consider for a minute that one of the biggest successes in the past few years have been "crapware", e.g. Talking Tom, Draw with me (or something similar), and iFog/Fart.


I very much appreciate this response from pg. Y Combinator doesn't have to justify who it is funding in my opinion. This info was insightful to me. Thank you.


This is a great example of how to be a level headed, clear-minded investor/entrepreneur, even when you're under fire... And just generally a great human being.

Good show!


So far I have read nothing about this except for pg's post creating this thread.

Having read only that, I am certain that I am not in whatever target market might appreciate IM's software (“A lot of the world's most popular apps and sites seem like junk to us”) and that I would hope that I never encounter it myself.

That said, I would likely enjoy an encounter with some other software from “this industry” far less still.


The standard practice of making decline option available is a nice way of deceiving non-technologically inclined users. But IM and related companies are here to make money. Most of the above points are the way how it works in Windows ecosystem.


This seems like a pretty fair analysis -- both fair to the users/ecosystem as a whole, and fair to a portfolio company that you invested in.



"We asked IM to switch to uploading hashes of the IP and MAC address instead, and they are going to start doing that." ... c:


Fair play for responding. I still think the whole area is (for want of a better word) kind of scuzzy.


Glad to hear the follow up


thank you for taking the time to look into that!


InstallMonetizer can't in good conscience offer Babylon translation satanware.

Or, to put it another way, if they care one ioda about the enduser experience and staying in business, they should not add Babylon software to their bundle.

Babylon is diabolically hard to uninstall. Even after following instructions found on a number of websites, trying different malware removers and doing about:config on Mozilla, it still keeps propagating - EVEN NOW, months later.

I dare someone to install the Babylon software on their main PC and then try to remove it. Go ahead, follow instructions you find on the Internet. Good luck, you'll need it.

It's an ugly, ugly piece of work.


I was able to totally remove Babylon from my system after installing it through an IM ad unit.

I can't speak for installs from other sources, because I hear what you say is true. But I saw with my own eyes that it didn't happen with IM.


Garry, you've spoken up a lot here to defend IM, and that's fine, they probably need defending. However, it would've been nice to disclose in this thread that you're a YC partner.

I know, it's in your profile, and easy to find, as I did. But I'm a newbie here, I don't know personalities, and your posts made it sound like you're some Joe-User happy with IM's product, which isn't really the case.


Haha, that explains it. Thanks for pointing that out.

There are contrarians in every thread, but if there is one thing for certain besides death and taxes, it's the fact that nobody wants this garbage on their machines. It's the cancer of Windows. To see someone so adamantly defending it had me really confused.


"What we discovered about InstallMonetizer"

'We discovered that they are sneaky as fuck. But it's ok because we funded them.' - pg

For the rest of the community - See what withinrafael has to say in his comments below and how unethical this start-up is.

I for one, love YC. But such shitty tactics by start-ups and Paul defending them is terribly disappointing.


The Windows app culture has really deteriorated. Even Oracle has started distributing malware with their Java installer. Applications that phone home, reboot the computer at random times, and modify system settings are not only tolerated, but expected.

It's hard to imagine a real-world parallel to this kind of behavior. It would be like if rape was a socially acceptable form of greeting.

In the future, I think all of this will give Microsoft a perfect excuse to shut down the independent application developers and force everything through their app store. Companies that develop for Windows better start thinking hard about their relationship with Microsoft.




Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: