June 24, 2012

Phoenix man goes against Facebook

A locally produced Web-browser extension that generated $250,000 in revenue in its first two weeks of beta testing has online security and legal experts fighting over whether the software is legitimate or illegal.

At the center of the controversy is Phoenix software developer Dru Mundorff, creator of the virally spread browser app that he calls LilyJade, after his two daughters.

The 29-year-old Mundorff said LilyJade is a legal way for Facebook users to assert some control over the ads they see on Facebook and eventually other social-networking sites, too.

Mundorff said he envisions the software being used to generate revenue for charity organizations to support causes such as cancer research.

It also helps protect Facebook users from malware attacks, Mundorff said.

Facebook and some online-security and legal experts call LilyJade an illegal malware application that uses obfuscation, deception and spam to hijack users' Facebook pages.

LilyJade funnels Facebook ad revenue to Mundorff's customers by replacing some of the ads normally seen on Facebook with their own ads.

In other words, the user sees different ads than the ones Facebook intended, and a customer of Mundorff's whose copy of LilyJade was installed by the user receives the ad revenue instead of Facebook.

Mundorff's customers purchase a copy of the LilyJade software for $1,000, which includes a control panel that allows the customer to grow and monitor his or her own network of LilyJade-installed "victim" computers.

Mundorff said the term "victim" is hacker lingo and does not mean the LilyJade-installed computer is being victimized.

LilyJade spreads by posting an ad for itself to the user's Facebook "wall" every 10 days, Mundorff said. The idea is that LilyJade users' friends will click on the ad and install the software.

Mundorff insists that LilyJade is not malware because each user must read and agree to a terms-of-service agreement.

Aside from swapping out some Facebook ads and turning the user's account into a vector for the spread of LilyJade, the software does nothing malicious and is not unlike other commonly used ad-blocker applications, he said.

Attorneys for the Menlo Park, Calif.-based Facebook Inc. disagree.

On May 15, Facebook attorneys issued a cease-and-desist letter to Mundorff and his partner, Joseph Woreth, of South Setauket, N.Y.

The letter describes LilyJade as "malicious browser software that violates Facebook's terms and abuses Facebook users for gain."

"Mr. Mundorff, Facebook also has documented your attempts to sell the credentials of 80,000 Facebook users who have been victimized by your software," the letter states.

The letter goes on to list several state and federal computer-fraud and online-security laws that Facebook attorneys say Mundorff "may have violated."

It also revokes Mundorff and Woreth's licenses to use Facebook and bars all "agents," "employees" and "anyone acting on (their) behalf" from using the social-networking site.

Mundorff said he has chosen to ignore the letter and that he does not believe Facebook has a legal right to stop him.

"There's nothing that the program is doing that is currently illegal," he said.

Mundorff said he has consulted with several attorneys who specialize in Internet-related law, and that all said LilyJade passed muster.

But Douglas Sylvester, dean of Arizona State University's Sandra Day O'Connor College of Law and an expert on Internet laws, said the software faces a number of potential legal problems.

Foremost, he said, is that companies such as Facebook have a legal right to dictate the way their products and services are used.

Creating software that replaces or changes Facebook's ad content could be regarded as a violation of that right and might not stand up to a legal challenge, Sylvester said.

Legally, it is not the same as simply blocking content, which is what ad-blocker software does, he said.

Another potential problem for Mundorff is that a judge could interpret his Facebook-wall-posting method of spreading the software as a violation of federal laws against mass e-mailing, also known as spam.

A law known as the U.S. CAN-SPAM Act, which limits the legal use of mass e-mail marketing, does not specifically mention social-networking spam but could be interpreted by a judge as covering that type of activity, Sylvester said.

If so, Mundorff could be held liable for hundreds of millions of dollars in damages and penalties, he said.

"The damages in these CAN-SPAM lawsuits can be huge," Sylvester said. "It is a very serious law that was designed to crush spammers, when you can find them."

At least one leading computer-security firm, Russia-based Kaspersky Lab, has categorized LilyJade as malware and instructed its anti-virus software to block the program.

Mundorff said it was only pressure from Facebook that led Kaspersky to label his software a malicious "worm," and that other makers of anti-virus software have evaluated LilyJade and do not consider it malware.

"Facebook is a bully," he said. "They literally have more pull than 99 percent of the companies in the world."

Mundorff said the only thing that can stop him is for Facebook attorneys to prove in court that what he is doing is wrong.

"They can go and arrest me and put me in jail," he said. "My system can run on auto-pilot."

Glossary of Internet terms

Web-browser extension: A computer program that extends the functionality of a Web browser in some way, such as by adding or changing certain features.

Spam: A mass e-mail message used to market products or services or to spread malware.

Malware: Computer software developed for malicious purposes, such as to alter or monitor the activity on a user's computer.

Worm: A malware program that replicates itself to spread to other computers.

11 comments by Craig Anderson - Jun. 9, 2012 03:16 PM The Republic | azcentral.com

Phoenix man goes against Facebook

No comments:

Post a Comment


Crave: The Gadget Blog

PCWorld Latest Technology News

CNET TV: Laptops

Blog Archive

Recent Comments