Which company did your friend go to? The adware companies often times don't explain that they're adware to new recruits. And the pay, benefits, and perks are usually really good.
Regarding investors, I wonder if they just don't understand.
I've worked for adware companies for a long time. I find it crazy how many news publications, investors, and technologists don't realize how many companies are part of the adware ecosystem.
Iron Source is one of them and they just raised a lot of money from JPMorgan and Morgan Stanley to fund acquisitions in preparation for their IPO.
Building software nobody wants is pretty soul-crushing (I've since left the ad industry altogether), and I haven't heard a case of anyone actually wanting my previous employer's software.
Of course there's rationalizations ("That's just the way the internet works", "If we don't do it someone else will", and the insane "They agreed to the terms"), but I don't think anyone has the mental capacity to convince themselves people actually want malware.
People making adware generally aren't openly malevolent, but there seems to be the consensus that 'users' who install the software are idiots (sometimes with the implication that this makes it okay to scam them).
That said, it's still lucrative (and with very low risk of any repercussions), so most of the industry just wants money and doesn't really care.
In the mid-2000's I had a new co-worker who had recently come from Gator[1]. Even not working there any longer, he maintained that their software was an incredible product and that the injected ads were "yeah, a little aggressive, but they're fixing that!"
From that Wikipedia article: "Gator's end user license agreement attempts to disallow its manual removal by prohibiting "unauthorized means" of uninstallation."
Reading the word Gator really took me back in time. Never worked on that stuff, but it brought back the visceral pain of sitting down at a friend or inlaw's computer to find Gator or one of its peers installed. Each time the internal debate: to simply remove it, to try and explain why it is bad or simply to ignore...
Pretty much! And the funny thing is that every company is always "fixing that" until they make the advertising less aggressive and revenue drops 30%. Then they turn the dial back up.
And its big players too! I've uninstalled dozens and dozens of Ask.com and Yahoo Toolbars. In once instance, there were three in a row stacked on top of each other embedded into Firefox. Google bundled with WinZip if I remember correctly.
Those that install adware are less intelligent--no need to paper over that. Do the writers of educational shows for small children think it ironic that they are more intelligent than their customers?
Since adware often uses dark patterns to trick people into installing it I'm not sure you can draw any conclusions about intelligence. Ability to scrutinise every panel of an installation script, and check or uncheck a variety of boxes that might be described with double or tripple negatives -- and that's for the adware that is polite enough to tell you ot's going to install itself.
Ignoring for a moment all the adware that doesn't install toolbars -- superfish doesn't -- you seem to have no idea about actual users. Most people would not notice an extra toolbar, or would think it's part of the default browser.
Not knowing how to repair something can result in a form of learned helplessness, a belief that you are less of something than someone else.
There are efforts to show people that they don't need to buy a new computer, or install software that intentionally limits what their computer can do, or pretends to fix it for a fee. Even the programs that actually work to remove these kinds of threats (including AdAware and SD Search and Destroy) can blur the distinction between actions that are necessary to repair the problem and things that are a different kind of nuisance but not directly a threat to the operation of the computer (like tracking cookies). Software that makes installing it to use it optional is preferred, as the ongoing monitoring can often tax the computer as badly as the software being removed. (Note I'm talking only about anti-adware software here, not general anti-virus software.)
I would love to give a better option than re-install your operating system all of your software, and even that is often a difficult option since the re-installation mediums aren't even shipped with the computer in many cases. I don't want to direct a person to a service where they take the computer to be fixed that often charges more than seems fair for the hands-off approach they take to re-imaging.
Oh, on your last part, I've encountered more than one laptop where all of the installed browsers had been limited to a fraction of the screen being readable due to the number of toolbars, and general search engines being inaccessible or unusable due to the number of injection adds and popups.
Most adware is toolbar free. The only way a user would know the adware exists is by going to their extensions list.
And even now, that isn't the case anymore. More and more adware is moving over to being exclusively EXE based and proxying all HTTP traffic, or using DLLs, or doing something outside of the browser. The disclosures for the ads often times don't actually point to the name of the installed software.
I would agree that users with adware are less tech literate (sometimes), but the install screens are made to specifically trick people into installing.
>>> Is that last question wrong, and are there actually people that truly, unequivocally enjoy adware?
I used to think the same thing, then met a guy who was a fairly prolific ad spammer. He basically said the reason any type of adware exists is because it actually works. He said if nobody ever bought anything or clicked on any of the annoying pop-ups, adware would disappear inside of six months.
In essence, for web savy users, it's completely baffling why people would want this on their PC's. In reality, there are a ton, and I mean a TON of people who do click on the links and do buy from these types of invasive ads, which continue to be a very lucrative, very competitive market.
My mom was a victim of some adware and she had no idea. She thought she was seeing google ads or something and only asked me for help because a bunch of stuff stopped working.
Just because something is profitable does not mean it adds value to the world.
Brian Krebs' book Spam Nation talks about this quite a bit. So many people still buy prescription medications and fake watches and such through junk email. Enough that it still makes financial sense for the spammers to keep at it.
Interestingly, I read an academic paper that discussed how spamming vendors often actually deliver on these prescription medications, etc. You'd think they'd take the money and and run scammers, but in fact it's marketing for actual commerce.
I think lot of those real businesses are selling their products this way, because scam/adware networks are much cheaper than AdSense (few dollars for ten thousands of views)
I saw lot of adware ads are also for courses for _rich life_/making money on internet etc. I can imagine these businesses' target demo are people that get affected by adware.
I worked on the Ask Toolbar back in 2009. I did an AMA about it on reddit way back when[1]. I was hired to work on Bloglines, a Google Reader competitor that was shut down and I moved to the toolbar to work on the Firefox version.
I just wanted to make a good toolbar that people liked using. I worked on a Facebook version of the toolbar. A lot of the ugly things about the toolbar, the way it gets installed and what it changes for users are options the company (Nero, Oracle etc) that adopts the toolbar pick. It was a really good team with great people, but despite this I didn't feel good about working on the toolbar because of how it was used. Everyone on my team just wanted to make a really good toolbar. I am not proud of the work but not because of anything our team did. I don't plan to do any kind of work like that again.
I never worked on Adware, but I worked on a system called PrintMe, which enabled users to print to printers in Kinko's, airports, hotels, etc.
(I saw PrintMe as a logical next step after working on Cisco's internal CEPS printing system.)
PrintMe partnered with Adobe to add a PrintMe entry in the File menu of Acrobat. This was not received with universal applause. Typical disgruntled user:
Nobody was openly malevolent towards users. There was earnest hope that busy business travellers, who otherwise wouldn't know about PrintMe, might use that menu entry once and become hooked.
We knew the product was very useful to a certain kind of traveller, but getting that person to notice and try the product was hard.
You find ways to mentally make it not about the adware. You're building a monetization system that allows other software makers to continue their craft!
No one wants adware.
I think my first response supports your notion of a reality distortion field. People try and forget its adware and think more about the cool technical challenges (millions of installs per day!) or reframe it to not be about the adware.
The meetings were never openly malevolent towards users and there was a legal team to make sure user rights were never actually violated. People would come to our meetings and they would never realize we were an adware company, it just sounded like normal ad tech.
That's certainly one of the ways to rationalize it - scaling out the infra was actually pretty fun.
Legal stuff and the 'monetization' rationality are pretty spot on with my experience. There were even a few puff pieces from local tech outlets that had no idea they were a malware company.
Another ex-adware person here, from the download valley itself.
AFAIK, the key roles in the adware ecosystem are:
a. Distribution
Done mainly through "Pey Per Install" companies such as IronSource, InstallMontizer (actually funded by YC: https://news.ycombinator.com/item?id=5092711), InstallRex, etc. These folks bundle legitimate programs with adware in their installers. They use dark patterns (http://www.hanselman.com/blog/DownloadWrappersAndUnwantedSof...) in order to deceive users to install the offered "product". Some of them make it intentionally hard (practically impossible for the non-techie user) to uninstall the adware, or downloading additional adware without user consent (drive-by). Other shady practices include the use of malvertising (e.g. ad that mimic flash, acrobat or OS update) and the most extreme one, which is rare but exists, is exploit kits.
b. Monetization
Done mainly with advertising and information harvesting. Common practices (aka "revenue models"): ad injection (banners, pop-up\under, etc), affiliate fraud ("price comparison widgets", or just forcefully redirect user through affiliate link) , lead generation (e.g. scraping insurance details), social networks spam (Selling views, likes, followers, etc - works because google\fb\etc eliminates fake bot account fairly efficiently, but adware just impersonate real authenticated sessions) and selling cheap traffic.
I can't edit the original comment for some reason. Sorry for the n00bism, its my first comment here on HN.
I want to add this:
The profit of an adware company is the difference between its user acquisition cost and the revenue from the monetization phase.
As the monetization phase gets shortened by AV detection and removal, the lower the revenue gets. This cause adware vendor to adapt new methods that transitionally were associated with "more evil" malware (banking trojans): they use crypters and vulnerabilities in AVs in order to evade detection, randomly generated domain names (for the C&C, inject and publishing domains), etc.
Matt, if you want to learn more about practices and players of Download Valley, you can simply talk to the local Google sales/marketing representatives, who are working VERY closely with these companies. I believe they are definitely aware of all the practices and the dark patterns.
Adwarekiller gave a good answer, and I'll add some of my own notes.
* Distribution is mostly consolidating. A lot of adware companies used to both buy their own distribution through either pay per install or revenue share agreements and then monetize those users themselves. Now, the ecosystem is fracturing into companies that actually perform the distribution and companies that monetize those users.
Both Yahoo and Google are in bed with the adware companies via search reset deals and white labeled SERP pages.
There are a lot more companies in the ecosystem. It's massive. A good rule of thumb right now is that if a company advertisers they have cut a deal with an adware company (either directly or indirectly). As you can see from the above list, there is also A LOT of VC money in the ecosystem. The reach extends further when you consider companies that get benefit, like CPXi (http://www.cpxi.com/), AppNexus (http://www.appnexus.com/), OpenX (http://openx.com), or even Amazon Web Services, Google Apps, etc. since these services usually power the business, too.
Great answer. I can confirm that the market is indeed specializing through separation of the distribution and monetization operations.
More interesting bytes:
* Ad injection mentioned in the last ANA&WhiteOps fraud report (http://www.ana.net/content/show/id/botfraud), they found that over 500K ads were injected every day to one publisher.
d. There is also companies like rgnets (http://rgnets.com/), amobee (http://www.amobee.com/) and FrontPorch (http://www.frontporch.com/), which offers network appliance that performs the HTTP interception and tampering. In this method there is no need to install anything on the user, all you need him to do is connect your network. Large public networks (hotles, events, airports, etc) are using it as well as some ISPs.
Regarding investors, I wonder if they just don't understand.