These Eyes Are Trackin’

Pondering the tale of Gator, a company that created a password manager way back in 1999, but ruined goodwill by going full spyware. (Oops, I mean adware.)

Today in Tedium: There’s this tool I’ve used for a number of years that I’ve found incredibly useful and important. It’s a password manager called 1Password, and it helps me save logins so I don’t have to remember them. It’s far from a new application, but at its foundation is a basic layer of trust. You use 1Password, or LastPass, or whatever other tools of this nature, because you trust them. What if I told you that one of the most infamous examples of adware and spyware, one that snuck onto tens of millions of computers, started out as the 1999 version of 1Password, but almost immediately was bastardized by the desire to bake in a business model. That tool, once a scourge of Windows users everywhere, is called Gator eWallet—and it set the stage for a climate where our data is constantly being grabbed around the internet with little in the way of end-user control around the issue. Today’s Tedium looks straight into the eyes of the spyware gator that hates that I just called it spyware. — Ernie @ Tedium

If you find weird or unusual topics like this super-fascinating, the best way to tell us is to give us a nod on Ko-Fi. It helps ensure that we can keep this machine moving, support outside writers, and bring on the tools to support our writing. (Also it’s heartening when someone chips in.)

We accept advertising, too! Check out this page to learn more.

14

The number of companies Denis Coleman, a cofounder of Symantec and the inventor of the spell checker, was involved with founding, according to a 2007 profile in the MIT Technology Review. Having left the company in the mid-80s, Coleman was not involved with the production of its most famous product, the Norton antivirus software line (that was acquired in 1990), which perhaps explains why Coleman later became the cofounder of Gator Corporation, a company that infamously produced a product his prior company put a lot of energy into removing from the internet.

The Gator eWallet website, circa early 2000s. (via Internet Archive)

The roots of the Gator eWallet represent the roots of modern spyware … no matter what Gator’s opinion was of that term

In 2005, Wired gave a company called Claria the attention it was looking for: A long feature about how it had managed to vanquish its reputation as a provider of spyware and become accepted as a successful part of the internet, a company on the rise. And the then-CEO felt confident that it was a company on the right track.

“I don’t feel like there’s a need to wipe the slate clean,” the company’s then-CEO Scott VenDeVelde told the magazine. “Our technologies are dead center of where the market is going.”

He was arguably right, but it was not enough to prevent the market from absolutely disrupting the crap out of it. See, just as modern consumers have easily been able to see through the Facebook name change to Meta, so too did they see through the name change from Gator to Claria … and not long after that, another name change from Claria to Jellycloud. It may have gotten its redemption story in 2005, but by 2008, the company, having changed its name numerous times in unsuccessful attempts to shake off its reputation, was dead.

It sued a lot of people and companies in an attempt to salvage that reputation, but in the end, it wasn’t enough. The anti-consumer sentiment was just too obvious.

But let’s go back to the moment, in 1999, when Gator first emerged onto the scene. Arguably, the market was ripe for an application like it, because security was little understood during this era of digital culture when many people had been using computers for five years or less. As a case-in-point, games like Elf Bowling—which, while legitimate and not malicious, was transferred online as an executable file through the very risky medium of email—reflected how regular people just didn’t think about security or privacy when using the internet. At all.

And this was around the time that Napster was going viral, so people were literally just downloading random files from random sites on the internet without much care as to what those files included. Napster was largely just music, but it set a tone of what was allowed in regards to these apps, which meant that it was an anything-goes world of downloadable software for quite some time online.

An example of the kind of security warning Gator/GAIN often left on installers. (via Ben Edelman)

A major vessel for how we got software, besides the aforementioned file-sharing tools, were download sites that proliferated like weeds on the early internet. The sites best remembered today are probably Tucows and Download.com; there were dozens of others, of varying quality. As much as we complain about App Stores, this model was worse because this software inevitably came with some hangers-on in the install process.

One of the first apps to do this was Comet Cursor, a customization app that became very popular during the Internet Explorer era as it allowed for custom cursors, often tied to popular brands and franchises. But when word came out that the company was tracking individual users and installing itself without users’ consent, the application’s reputation declined to the point that its developers at one point got into a public fight with Lavasoft, a company that produced anti-spyware tools, in a desperate bid to save its parent company. It didn’t work.

In many ways, tools like Comet Cursor, BonziBuddy, and Gator eWallet fostered what could arguably be called an evolution of the model of shareware and freeware. Rather than paying if you liked the app, these apps subsidized the software by offering themselves as options within the installer. The goal was to make the application sound like enough of a good idea that you installed it, but then, once it had its grips in your system, to make it difficult to remove.

Combine the predatory business model with the rise of file-sharing tools like KaZaA and LimeWire, and you had a recipe for digital disaster.

“So here is the deal: In exchange for using the free and useful Gator software, Gator is going to deliver you, anonymously, to advertisers selling things that you might be interested in buying, based on your Web-browsing activity. I guess that is a fair arrangement, as long as everybody is fully aware of what is happening. In a sense, it is no different from what your credit-card company does. In exchange for the convenience of using plastic, the company assembles marketing information about you and targets advertising to your interests.”

— Lee Dembart, an editor of the International Herald Tribune, offering his take on Gator after talking to an official with the company. Dembart had been using the software for months, and found it useful to the point where he gave it positive notice in the newspaper’s pages, only for readers to point out the onerous privacy policy to him. Strangely, after talking to a representative of Gator, he found himself arguing that the software was a fair trade. (In reality, by the point they had talked to Dembart, Gator had decided that the eWallet wasn’t actually the business, according to Wired; the pop-up ads it generated were. If you’re not paying for it, you’re the product, etc., etc.)

Gator/Claria filed for a number of patents throughout its history, including this one, which might just be relevant to the creators of 1Password and LastPass. (Google Patents)

Was there another path forward for Gator eWallet as a business model?

It should be noted, given its current reputation, that had Gator actually used a legitimate model that respected consumers’ privacy rather than one that was literally inspired by the coupon printer at grocery store checkout lanes (as the Wired piece notes), it likely might have had a completely different reputation. (The later success of 1Password, first released in 2006, underlines this point.)

There were clear signs that the application could have been accepted on its own as a useful tool. One of the first mentions of the software in the media, a review published in The South Florida Sun-Sentinel, seemed ready to highly recommend it! Here’s what they wrote of this Trojan horse of a password manager:

Gator.com has introduced its free Gator program, which memorizes all your passwords, credit-card numbers and other pertinent information and uses the data to automatically fill out those final order form pages. When you come to an order page, Gator will automatically pop up and ask if you want it to fill in the blanks. With one click, the order form will be completed.

This is very different from the Auto-Fill ability of the more recent browsers that attempt a best-guess at filling in a form. Gator.com maintains a huge database of purchase forms and accurately fills in the proper information. And since we usually have more than one credit card, phone number, address and so forth, Gator will present the last data used at that site. If you want to change it, you can select any of your alternatives.

But Gator insisted on going another way, and ensuring that it was never not clear that the users were the product, rather than the other way around.

This was an application that was literally designed to suck up all your personal data, and reuse it to target pop-up advertising to you, and newspapers were out here talking about how useful it was! Clearly, someone in market research should have suggested there was another path forward for this tool they created.

But even early in its life, questions emerged about what Gator and other apps of its ilk represented. Jeffrey Rosen, a law professor who has frequently contributed to The New York Times Magazine and The Atlantic wrote an essay for the Times, titled “The Eroded Self,” that nailed the tension between advertising and privacy that complicates the public discourse in the internet era, explaining it though the lens of the still-fresh tale of Monica Lewinsky. Gator.com, of course, gets a mention:

The e-commerce lobby prefers a more modest Senate proposal that would require Web sites to display a clearly marked box allowing users to “opt out” of data collection and resale. But it’s not clear that “opt out” proposals would provide meaningful protection for privacy. Many users, when confronted with boilerplate privacy policies, tend to click past them as quickly as teenage boys click past the age certification screens on X-rated Web sites.

Moreover, many people seem happy to waive their privacy rights in exchange for free stuff. There is now a cottage industry of companies with names like Free PC, Dash.com and Gator.com that offer their users product discounts, giveaways or even cash in exchange for permission to track, record and profile every move they make, and to bombard them with targeted ads on the basis of their proclivities.

This is about as rational as allowing a camera into your bedroom in exchange for a free toaster. But as Monica Lewinsky discovered, it’s easy to forget why privacy is important until information you care about is taken out of context, and by that point, it’s usually too late.

Gator wasn’t first to this market, as Rosen implies; companies like Juno and NetZero did this a few years earlier, expanding the user base of the early internet at the cost of siphoning users’ data. But Gator represented a new front from a software perspective: It was an application that many people did not actually install themselves, that was basically included as part of a shareware package.

This image from a patent filing, created by the same person as the original app, is titled, and I quote, “Method and apparatus for defeating a mechanism that blocks windows.” Yes, Gator patented a pop-up blocker blocker. (Google Patents)

Despite the application’s controversial nature, it was not actually a pariah in Silicon Valley culture. Much the opposite, in fact: The company, in its various forms, raised tens of millions of dollars in funding. Of course it did! It offered something that advertisers didn’t have up to that point—a way to directly compete with a competitor by putting a pop-up ad in the user’s face.

That the model was highly funded and successful as long as it was really highlights just how little the company thought of the consumer.

“We are involved in litigation with multiple parties alleging that our display of advertisements violates trademark, copyright, unfair competition, unfair trade practice and other laws and could become subject to additional litigation in the future. The outcome of this litigation is uncertain. If it is determined adversely to us, we could be enjoined from displaying advertisements to our users or from engaging in other business practices fundamental to our business. In addition, a recently enacted statute in Utah will, upon coming into effect on May 3, 2004, prohibit us from providing our products and services in that state.”

— A list of risk factors that Claria faced, according to a 2004 S-1 form published ahead of an initial public offering. The firm claimed that it had 43 million users with $35 million in revenue in the prior year, but the concerns about the stability of its business, including the perceived legal risks that would make its model illegal, would sink the company. Claria ended up withdrawing the IPO as a result of this.

Don’t be fooled by the fun Gator logo. The gator was more like this gator. (Joshua J. Cotten/Unsplash)

One thing Gator didn’t like people doing: Calling its application “spyware”

Despite the reputation this application carried, it was not a pariah of the technology industry to the point where it couldn’t get funding. In fact, it showed up in the press frequently, announcing new funding rounds, and generally avoiding losing a step given its controversial brand name.

And perhaps for that reason the company took pains to ensure that it was not called spyware, despite the fact that the average person considered the application an annoyance, no matter what it was called.

And it was a company not afraid of picking a fight, using legal action to discourage others from calling the application spyware. Perhaps the most notable of these conflicts involved a website called PC Pitstop, which had a page on its website telling people how to remove the spyware while deeply criticizing the company. Claria sued, and PC Pitstop eventually settled. The suit eventually forced PC Pitstop’s hand, but despite not being a gator, the hand bit back: The company essentially rewrote the page (still online today thanks to its successor company, PC Matic) to the letter of the law, while maintaining the same criticisms as before.

“The most expedient thing we could do after settling the Gator suit, rather than changing our site point by point in real time, was to regroup and put together something that still conformed to our agreement with Gator but allowed us to say the things we needed to say,” said Dave Methvin, PC Pitstop’s chief technology officer, in 2003 comments to ZDNet. “For example, we still detect Gator and recommend that people remove it. I certainly don’t believe it’s libelous.”

One could argue, that all Claria did with all this litigation was make “adware” another way of saying “spyware,” with little effect on how people perceived the application’s reputation.

And besides, there were lots of other ways for Claria to ruin its reputation beyond lawsuits it brought against other companies. For example, lawsuits brought against it by numerous newspaper chains and Fortune 500 companies. The companies (among them The New York Times, The Washington Post, UPS, Hertz, and Wells Fargo) were upset because the pop-up and pop-under ads were doing what they were designed to do, recommending competitors while end users were on their sites.

They sued on a trademark infringement cause, and the lawsuits were powerful enough that Claria generally settled.

“Claria will continue to protect (its) business model,” company spokesperson Scott Eagle said at the time of a joint settlement with Wells Fargo and Quicken Loans.

The company ultimately did not; as Jellycloud, it essentially admitted that its pop-up ads didn’t work and came up with a personalized homepage product instead. That product didn’t work, either, and by October of 2008, the company, which specialized in spyware despite its protestations otherwise, was gone.

If only it had stuck with selling password vaults instead of behavioral marketing.

Gator, GAIN, Claria, Jellycloud, whatever that company was called, it was junk, and it ruined a lot of formative internet experiences for people just trying to get their footing on something that they were experiencing for the first time. It was obvious to everyone that their business model was exploitative, but they continued to exploit because they had the trappings of a regular company and could push back, pull out a few lawyers, and try to convince us all that, hey, we shouldn’t be called spyware because we have a legitimate use case.

It inspired more junk, but then it informed an industry that eventually solved its GAIN problem by being more careful about how it presented itself. Bad actors like Claria likely helped to discourage the worst advertising tactics, such as pop-under ads. But as Scott VenDeVelde told Wired, their technology was dead-center where the industry was going.

And in many ways, GAIN feels like a microcosm of a lot of the modern internet’s problems. It did a lot of really bad things in a really short amount of time, it got called out for them publicly, and it spun its tail for years, changing its name on two separate occasions and even changing its business model, twice, as it attempted to distance itself from the reputation its controversial software carried.

But the weird thing is that the modern internet actually does many of the same things Gator got called out for. Nearly every modern tool that we don’t pay for is “paid for” through the use of software that is designed to spy on our actions.

We can’t even trust our internet providers to do the right thing anymore! Just this week, Verizon Wireless was broadly nicked by critics because it announced a policy to automatically track users through its service.

Gator/Claria/Jellycloud was effectively a startup trying to do the exact same thing (track you), for the same reason (so it could serve you personalized ads).

And lots of modern applications, even the big guys, try to do similar things; Microsoft was heavily criticized recently for adding an advertisement for a buy-it-now service to its Edge browser. Google’s approach to a controversial browser extension upgrade just got eviscerated by the Electronic Frontier Foundation.

And it’s worth nothing that a lot of former employees of Claria have found other perches in the technology world, some of which are among the name-brand companies you rely on to live your digital life. That’s not to say that they currently support the things they did when they worked for the company, or that they don’t deserve another less-questionable work experience, but in many ways, the fact that the software worked in this gray area but had support from the mainstream of Silicon Valley raises these questions. It also makes you wonder just how far of a leap it might have been for any other startup founder to have an idea that takes them down a path filled with ethical compromise.

If you break it down, the promise of the Gator eWallet is not unlike numerous other applications that you can find on the internet today. It was a free tool that paid for itself with advertising. The big difference, in a lot of ways, was that its behavior was not normalized at the time, and one could argue that the benefit of the tool was not so extreme as to make what the end user was giving up a fair trade for what was lost.

Now, two decades later, the question lingers: Is the behavior that Gator/Claria/Jellycloud ultimately stood for normalized? We’re not dealing with quite as many popups today, but I would say it is.

--

Find this one an interesting read? Share it with a pal!