Claria Software

The software formerly known as Gator has been widely accused of being spyware. We took a look for ourselves, and didn't like what we saw.

August 3, 2005

7 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Inadequate Disclosure
The installation screens say that Claria will display ads based on the sites a user visits. But the installation screens do not say that, for as long as the software is running, it will monitor the URL of every site the user visits and report that information back to a Claria database.

Claria's privacy policy disclosure is inadequate. To get the whole story, you have to read the EULA. Click image to enlarge.Click to Enlarge

That information is spelled out in a lengthy End-User License Agreement (EULA), which very few users are likely to read. The EULA also gives Claria the right to track — and report back — an inventory of all the software on your PC and the first four digits of your credit card number, so it knows which banks you use. The install screens also don't disclose that the monitoring part of the application continues running even when users shut down the useful part of the application.

The Weatherscope EULA is 2,600 words long and takes up 32 screens. Click image to enlarge.Click to Enlarge

Even more confusingly, the EULA itself isn't accurate as to what information Claria actually collects; it's a grab-bag of some information Claria now collects, and other information that it used to collect but has stopped collecting. Scott Eagle, Claria's chief marketing officer, said the only information the company now collects is activity of "commercial intent" — meaning online shopping and product research. The information is filed by anonymous computer ID number. Claria does not collect user names, e-mail addresses, credit card numbers, or ZIP codes.

Another thing that you're not told unless you read the EULA: You're forbidden from using anti-spyware software to remove Claria software from your PC. The only way you're permitted to remove it is by using the Microsoft Windows Add/Remove Programs utility.

Simply including this important information in a dense packet of fine print is insufficient notification.

The Claria EULA says, "In exchange for offering you free software products, we collect anonymous usage information from your computer that we and our partners may use to select and display pop-up and other kinds of ads to you and to perform and publish research about how people use the Internet."

Here's all the data Claria collects about users: "GAIN collects certain non-personally identifiable information about your Web surfing and computer usage. This includes the URL addresses of the Web pages you view and how long you view Web pages; non-personally identifiable information on Web pages and forms including the searches you conduct on the Internet; your response to online ads; Zip code/postal code; country and city; standard web log information and system settings; what software is on the computer (but no information about the usage or data files associated with the software); software usage characteristics and preferences; and, for Gator(R) eWallet users, your first name and master password, if you choose to create one. For more information regarding the data we collect, click: www.gainpublishing.com/rdr/70/datause.html...."

That page contains a couple of more pieces of information on what Claria collects. In particular, the Claria apps are monitoring the Web forms you fill out, and collecting the first four digits of your credit card number, which tells it what bank you use.

They share the information with advertisers, partners who give the company information for displaying search results, and in "other limited circumstances" with "third parties who help us perform a business function (their use of such information is limited by our internal policies and/or confidentiality agreements, as applicable); to protect our rights, or if under a legal obligation."

One egregious term of service, buried in the license agreement: "You agree that you will not use, or encourage others to use, any method to uninstall the Licensed Materials other than through the use of the Add/Remove Programs feature of the Microsoft operating system. Use of any robot, spider, other automatic or non-automatic manual device or process intended to interfere or attempt to interfere with the proper working of the Licensed Materials is prohibited."

In other words, if you install Claria software, the only way you are permitted to uninstall it is through the Microsoft Windows Add/Remove Programs. You are forbidden from uninstalling the software using anti-spyware utilities. That's an outrageous imposition on the user, and it's unfair to bury that in a EULA.

Eagle says that license provision is never enforced.

The Date Manager installation and uninstallation processes are virtually the same as Weatherscope.

Kazaa's installation and uninstallation is very similar to the Claria programs. I won't talk about Kazaa much here, partially because of the similarity and partially because Claria plans to sever its relationship with Kazaa in a few weeks.

Uninstalling
For both Date Manager and Weatherscope, running Add/Remove programs to remove programs did not immediately remove the entire program.

A few seconds after completing the uninstall process for Weatherscope, I got a warning from StartupMonitor indicating that a program called GStartup registered the executable "c:program filescommon filesgmtgmt.exe" and "C:Program FilesCommon FilesCMEIICMESys.exe." StartupMonitor is a program I use to block software that tries to register itself to run at system startup. Likewise, WebRoot SpySweeper notified me that a GAIN program was trying to run — GAIN is the name of Claria's adware network.

Why were these applications running after I'd already uninstalled Claria?

Eagle explained that it's a function of the architecture of its products. Each package uses a separate add-delivery and traffic-tracking package, called GAIN. Each user is only required to run one copy of GAIN; if you use two or more Claria applications, you only need to use one copy of GAIN for all of them. The way to remove GAIN is to remove all of your Claria software. Each time you remove a different Claria application, GAIN wakes up, and looks around the PC to see if there are any Claria applications left on the PC. When there are no more, GAIN automatically uninstalls itself.

So the activity I was seeing was GAIN automatically uninstalling itself; if I'd waited a few seconds or minutes after uninstalling the application to run WebRoot, I would have seen no activity, and no active GAIN files, left on my PC.

And that was indeed what happened when I tested Eagle's claims.

My anti-spyware software did detect other detritus left by Claria after the uninstall process ran, including several registry entries and a couple of log files. But this is not unusual behavior for any Windows program; many perfectly legitimate programs leave some residue behind after you've installed them; it's one of the reasons why some users install third-party registry cleaners.

The bottom line: Claria did quite well in my unistall tests. The software requires user action to install — it doesn't just install itself onto a computer when that computer visits a Web site, as some of the worst spyware does. And the software uninstalls gracefully — it doesn't resist uninstalling, as some of the worst spyware does.

Conclusion
Overall, I found Claria software to be easy to install and remove. But Claria has the right to collect too much data about the user, and its disclosures about what data it's collecting are too vague and inaccurate.

Claria makes a convincing case in interviews and product literature that it takes its customer privacy seriously, but our evaluation of its products — in particular, reading the End-User License Agreement — tells a different story. Claria collects far too much information about user activity, and is far too cavalier about disclosing what it collects.

I've removed Claria from my test computer. If you're a consumer, I recommend you stay away from Claria's software, and if you're a network administrator, keep it off your company network.

Read the in-depth report: Claria Software Seeks Legitimacy

Mitch Wagner is senior online news editor for InformationWeek.0

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights