The distortions of Ben Edelman, or how Vonage isn’t spyware scum

The ever-suspicious stone-turner Ben Edelman has released an interesting report explaining how yet another major computer vendor has affiliate programs and related campaigns that are picked up by spyware vendors and, through multiple levels of indirection and redirection, generate revenue for the spyware vendors from the vendor. This time the accused party is Vonage, the troubled VOIP company.
There’s more here than meets the eye, however. I’ve heard Ben explain his basic research methodology at the Affiliate Summit in Las Vegas earlier this year and was struck by how phenomenally difficult it is for affiliates and other marketers to control the dissemination and evolution of their campaigns once they get into the affiliate / pay per [action] space.
The real issue, however, is how reporting on this issue again demonstrates the how both bloggers and the media bend and distort stories as they travel from blog to media to blog, round and around. Let me show you what I mean…


First off, Ben’s report is worth reading as a starting point. He picked a nice, attention-grabbing headline: How Vonage Funds Spyware. Then it was picked up by Information Week, who wrote a good piece entitled Vonage Ads Delivered Via A Dozen Spyware Makers: Report. The Information Week piece is actually better than Ben’s original piece in terms of balanced reporting, actually.
So far, so good. The coverage is fair and accurate, but it’s mainstream media and professional journalists so far, remember. Move to blogs and here’s what we see: Spyware expert: Vonage injects ads into others’ sites. That’s from ZDNet’s Russell Shaw, ostensibly a professional writer too, but he’s completely distorted the story and makes it sound like the Vonage application itself is a spyware purveyor, even though that has nothing to do with what Ben reported in his original research.
Now Google’s Gnews service is ranking Russell’s piece as an important news story in the tech space, even though 1. it’s not news, and 2. it’s a significant distortion of the facts, facts that are questionable in the first place.
Techdirt also skimmed the story and then shot from the proverbial hip: “… you wondered why the [Vonage] customer acquisition costs were so high? Now you know that a large chunk of that money was going directly into the bank accounts of some awfully questionable companies.” Their title is inflamatory too: How your Vonage Fees Help Fund Spyware, but, to their credit, at least they don’t distort the story anywhere near as badly as ZDNet does.
Let me explain my concerns with Ben’s assertions further, since I know that’ll raise some hackles with the online community (and fairly so, most of what Ben does is great stuff). In his report, for example, he states:
“I have repeatedly observed Vonage buying “ordinary” spyware pop-up ads from vendors like 180solutions, Direct Revenue, and eXact Advertising. See e.g. the top thumbnail at right, a March 2006 screenshot of a Vonage ad appearing through Direct Revenue. See also my March 2005 report of Vonage ads appearing through eXact Advertising. These relationships add up to big money: BusinessWeek last week reported that Vonage paid Direct Revenue $31,570 in a single month of 2005 — a remarkable $110 for each customer Direct Revenue sent to Vonage.”
What I don’t see explained is how he “observes” Vonage buying specific ad space through given companies. Ben, do you have a webcam in their marketing office? Do you sneak into the Vonage advertising offices when they’re talking about allocating ad budget?
Of course you don’t. What you’re seeing is that these crummy spyware and popupware companies are advertising Vonage services, and that Vonage is, as reported by BusinessWeek, paying these companies for leads generated. That’s not the same as Vonage directly contracting with spyware companies to advertise their services. That distinction is incredibly important.
With a $110/lead payout, it’s no surprise that lots of affiliate marketers, ranging from the legit operations to the worst of the nefarious hackers, are attracted to the possibility of generating revenue. If Vonage signs up for, say, Commission Junction, a popular affiliate management service, and finds that its offers are valuable enough and have a high enough conversion rate to attract lots and lots of affiliates, some of whom use bad practices (but shield them from CJ and the individual merchants), is it appropriate to accuse and convict the merchant corporation of “supporting” those practices?
If I sign up for Amazon’s popular Associates program and find out that they’ll pay me $25 for each Harry Potter DVD set I sell, then I set up a couple of shell accounts that redirect links a few times so that the backlink on my referrals is clean and legit but I secretly use spyware or similar to push my link onto Web browsers throughout the world, is Amazon de facto guilty of supporting or “funding” my practices?
It’s the nuances, the gray area, that makes all of this tough, and that offers yet another risky area with affiliate marketing. After all, once you empower third parties to act on your behalf, you lose a lot of your control and have to trust that they act in accord with your corporate policies, beliefs and ethics.
And for the record, I don’t particularly like Vonage and use a different company, Vbuzzer, for my own VOIP services.
Go read Ben’s report, read both how the media and bloggers are covering the story, and then tell me: am I wrong, or is there some fast and loose reporting going on here, based on some mis-interpreted research findings?

9 comments on “The distortions of Ben Edelman, or how Vonage isn’t spyware scum

  1. Dave,
    I take your core question to be the level of directness of Vonage’s dealings with spyware vendors. I’d like to think I address this in appropriate detail in my piece: I include packet logs and revenue/traffic diagrams that show exactly how the relationships are structured. In short: The relationships I presented yesterday are indirect relationships — Vonage pays someone who pays a spyware vendor, or Vonage pays someone who pays someone who pays a spyware vendor, and so forth.
    So where does that leave Vonage, and where does that leave the story? Can a big, tech-savvy, award-winning advertiser throw up its hands and claim “these indirect relationships are hard to track, so we give up”? “We really can’t be sure how or where our ads will appear, so don’t bug us about this”? Of course not. That wouldn’t be taken seriously. Fact is, sophisticated and determined advertisers have important tools at their disposal to control how and where their ads appear. They can implement tough contracts that tell their partners exactly what’s acceptable. They can withhold payment from partners who break the rules, or in principle even sue rule-breakers. They can refuse to do business with partners that fail to provide appropriate transparency, confirmation, documentation, and proof that their leads are legitimate and compliant with applicable rules and policies.
    Now, these approaches may be hard for some advertisers — those with few resources, little market power, and little tech sophistication. But things are quite different for Vonage — an advertising powerhouse in the technology industry. Every ad network wants a piece of Vonage’s budget, and Vonage could do far more to make them *earn* a share of Vonage’s ad spending — making advertising vendors be even more careful when spending Vonage’s money than they would when spending their own. Instead, by all indications Vonage fails to take these precautions — even doing business directly with some companies, like Vendare Group, whose ties to spyware are well-known and well-documented (as linked and discussed in my article and elsewhere on my site).
    Finally, I think you understate the directness of Vonage’s relationships with certain spyware vendors. As I understand it, Vonage’s $110/lead deal with Direct Revenue was indeed a direct relationship. By 2005 Direct Revenue’s outrageous practices were well known — yet Vonage paid them anyway. That lax approach is what has landed Vonage in hot water — with Business Week, with the NYAG, and with anti-spyware researchers.
    Ben Edelman

  2. Actually, I have two core concerns, only one of which is your presumption of blanket responsibility for vendors who use online advertising and affiliate marketing to promote their product. I’ll get back to that, but my other concern is the way in which ideas and concepts are distorted – without apology or apparent concern – throughout the media and most especially the blogosphere.
    You never reported – at least, I never read you stating – that the Vonage application was actually adware and it injected ads directly into computers upon which it was installed, but that’s the insinuation of the ZD Net headline. That’s a serious allegation and if believed to be true, could have a deleterious effect on the viability of Vonage as a going concern.
    Yet of all the different people writing about this subject in the blogosphere, I haven’t found anyone else who is concerned at this gap between the facts and the insinuations. That’s just sloppy reporting, bad blogging and while it may be exciting, it’s not true and adversely impacts the entire blogosphere, in my opinion.
    Now, again, I’m not here to defend Vonage, but I find it easy to believe that a company that’s dropping millions of dollars each month on advertising and lead generation could have missed realizing that a tiny percentage of their affiliate partners used inappropriate and antisocial methods for producing results.
    Read the BusinessWeek piece again, and it’s clear that just about every well-known business that was associated with these malware companies promptly pulled out once the nature of those companies were clarified by the reporters. Did Vonage do that? I don’t know. But if they didn’t, then that’s the story, not what you’re reporting, Ben. The story would be more “Why would Vonage, after finding out that a marketing partner unabashedly utilizes adware popups, decide to continue its relationship? Could it be that profits and a gnawing hunger for new customers is trumping common sense at the VOIP provider?”
    You hint at that in your comment here on my blog, but where is that in your original report? Where is that in the “soundbite” picked up by the media and other bloggers?

  3. Dave,
    very quick because I am traveling.
    There is much debate on whether these companies are “spyware” or “adware”. Semantics aside in my eyes many of them are simply very bad actors or unable to control their distribution networks or they have used very dubious tactics in the past. That is why we now see some of them in court.
    Mistakes do and can happen, but when it is a repeating pattern it gets old… e.g http://www.vitalsecurity.org/2006/07/zango-affiliate-serves-up-exploit-from.html
    (Note in above they were serving Google Adsense too).
    To me, as a researcher, the big issue was the ad injection and that is what the media missed. Sensational reporting? I am not responsible for that. The media picks up what they want. For many the textures are very advanced.
    Prime and interesting example:
    http://www.wayneporter.com/?p=67
    From research perspective, again the key was on “ad injection” http://blog.spywareguide.com/2006/07/edelman_ad_injection_research_comments.html
    In the end I guess you are asking is Vonage really responsible? I think so. But that is still up for debate.
    See CDT: (Section 3)
    http://www.cdt.org/publications/pp_11.03.shtml
    Given the pattern of abuse, the outcry from people (it is out there), historic bad distribution practices- I personally think Vonage should have had tighter controls. In short they are big enough to have “tigher control”
    One key issue might be the effects of “partner sprawl” and the what can happen???

  4. Dave:
    Ben is here and speaks for himself, of course, but his role is a researcher… not a blogger, reporter or otherwise. It’s not only unfair but inappropriate/illogical (as I’ve similarly pointed out to Jeff Doak over at Revenews with regard to his holding SeekingAlpha.com’s Managing Editor accountable to his own pre-defined journalistic standards) to hold him accountable as a journalist. Ben has never claimed to be one.
    The root discussion here is that of responsibility. I disagree with Wayne in that advertisers *have* been held responsible (for the actions of their affiliates) nearly a dozen times over the last year or so… via the FTC (in the adult space, the DirectTV case, the Gevalia case among others).
    Across the pond, our friends in Europe are setting interesting legal precedents as well. Recently, Tesco (the UK equivalent to Walmart) went up against an affiliate. They sued the affiliate for back-commissions (3 years worth) as the affiliate’s tactics were not to their liking (purely typo-squatting on mis-spells of their domain). Not to their liking at the moment (this is key).
    The result? The court ruled that because they, and Tradedoubler… their affiliate network, were in full knowledge of the affiliate’s tactics over the years they were NOT deserving of relief.
    In other words they knew and couldn’t change their mind on what’s good and bad marketing based on which way the wind blows.
    More on that case here:
    http://www.affiliate2dot0.com/archives/2006/06/uk_affiliate_in.php
    I’m perplexed that you would take on Ben’s work and try to place it in a category that suits your arguement. Vonage, like so many advertisers, doesn’t care where its ads end up or how they are delivered. Why not get behind Ben’s research rather than try and create gaps of logic that aren’t real? Is the affiliate marketing industry so defensive about its image problem that it’s willing to do this? Wouldn’t it be better to openly criticize these companies and shame them into eliminating demand for adware/spyware?
    I accept that you’re not here to defend Vonage so I am left to conclude that you’re hear to make another kind of statement… that about how unfair Ben is being? That Ben’s logic falls apart when he suggests that Vonage has a legal duty to know (supported by precedent)?
    If so I think you’ve failed although I’m sure there’s an audience out there that appreciates any kind of slight on Ben’s work 🙂

  5. Dave,
    Going on vacation but found this old blog entry to ponder.
    http://www.revenews.com/wayneporter/archives/001704.html
    “Two weeks ago, an attorney at the New York AG’s office said in a public lecture that advertisers and marketers can still be found liable if any link in the chain of affiliate networks, sub-affiliate networks, and independent contractors is found to have acted illegally. “You don’t want to ever assume that the existence of intermediaries, whether it’s two or six, is going to immunize you from liability,” he was quoted as having said.”

  6. Jeff, interesting to see how this discussion is evolving. My two core concerns are the assumption of blanket responsibility of the entire marketing channel by Ben, and the distortions and inability to keep the core message consistent in the blogosphere. The latter seems to be something everyone wants to just ignore, which is weird, to say the least.
    But back to Ben. 🙂
    Wayne’s postings have been very thought-provoking and I am digging further to find out what the legal responsibilities of companies are regarding their marketing channels. I also have serious concerns about the viability of affiliate marketing in this sort of environment, and am surprised that it’s not more of a significant discussion point.
    Nonetheless, Ben does great research, I haven’t doubted that for a minute. I was very impressed – and told him so – after his presentation in Las Vegas. At the same time, however, I was also very aware how he’d completely lost at least 90% of his audience with his explanation of how he captured redirects and so on. If companies can’t figure out how affiliates are exploiting the Internet for profit, doesn’t that call into question the entire basis of affiliate marketing?
    I expect it’d be easy to set up a company that uses completely “white hat” legitimate affiliate marketing techniques for, say, 25% of its revenue, and then has highly complicated, multiple redirect, shell company, sub-affiliate masked, adware partnerships that can produce the other 75% of the revenue. The company whose product is being advertised has a look at the affiliate and its approach and it all looks great. No problem.
    It just seems kinda wacked to say “yes, bad guy companies can build sufficiently complex systems that you’ll never figure out what they’re really doing” and “you’re completely responsible, by law, for every affiliate or company that disseminates your message.”

  7. By the way, having said all of that, if Vonage was indeed notified by authorities that Direct Revenue promoted products through the most heinous of adware and spyware, knowing that they had a direct and overt relationship with the firm, well, then there really is no excuse and Vonage deserves all the flak of a terrible marketing decision with serious consequences.
    This doesn’t obviate anyone else from the responsibility of accurate reporting and dissemination of the facts, and valid and reasonable reporting of those facts from researchers and unbiased parties like Ben, however.

  8. Not sure how this became about affiliates since only of the tons of ad networks involved in brokering Vonage’s offer was an CPA network. The major affiliate networks have tried cleaned up (some more than others), the channel is being flamed with the actions of companies like 24/7 media which are a CPM ad network who are clearly considered paid media by advertisers, not even a CPA network.
    Dave, to be honest, I have no idea about the legal liability and I have often had thoughts to why is the advetisers responsible if the buy is 5 degrees away. But here is my problem with that logic, who is responsible then…the buck needs to stop with the advertiser, it’s just a hard cross to bare for advertisers like Vonage because the trail is hard to follow and Ben is the only consultant out there that can help an advertiser out.
    Beth

  9. Opps, Vendare/eMarketMakers were on the list too. Missed that, ti would make two CPA networks. If the deal was with Vendare that would be an ad network if eMarketMakers that would be a CPA network. But given that Vedare and Netblue (YFDirect) just combined, this is a hard one to guess.

Leave a Reply

Your email address will not be published. Required fields are marked *