Citation[]
In re DirectRevenue, LLC, FTC Docket No. C-4194, File No. 052 3131 (complaint filed Feb. 16, 2007).
Factual Background[]
DirectRevenue LLC, a large adware distributor. According to the Federal Trade Commission's complaint[1] DirectRevenue was accused of installing its adware on consumers’ computers directly and through a large network of affiliates and sub-affiliates. The adware, including programs named The Best Offers, A Better Internet — ABI Network — Ceres, and Aurora, monitors consumers’ Internet use in order to display targeted pop-up ads. The FTC alleged that DirectRevenue and its affiliates frequently offered consumers free content and software, such as screensavers, videogames, and utilities, without disclosing adequately that downloading them would result in installation of the adware. In other instances, according to the FTC, some of DirectRevenue’s affiliates exploited security vulnerabilities in Web browsers to install the adware.
In addition, the FTC charged that DirectRevenue deliberately made it difficult to identify, locate, and remove the adware once it was installed. For example, DirectRevenue failed to label its pop-up ads to identify their source, stored the adware files in rarely accessed locations on consumers’ hard drives, failed to list the adware in the Windows Add/Remove utility or named the adware files to resemble core system software or applications, and installed technology on consumers’ computers to secretly reinstall the adware when consumers attempted to remove it or when the adware was deleted by consumers’ anti-spyware programs. In addition, when DirectRevenue provided an uninstall tool at separate websites, it required consumers to follow a ten-step procedure involving the download of additional software and deactivation of all third-party firewalls, thus exposing consumers’ computers to security risks.
The FTC charged that DirectRevenue’s failure to disclose adequately that downloading the free content and software would result in installation of the adware was deceptive, and that its use of security exploits to download the adware was an unfair practice. The FTC also charged that DirectRevenue’s failure to provide consumers with a reasonable and effective means to identify, locate, and remove the adware from their computers was unfair, in violation of the FTC Act.
Settlement[]
The FTC settlement (as incorporated into the Decision and Order dated June 29, 2007)[2] bars DirectRevenue from delivering ads to any consumer’s computer through adware that was installed on the computer before October 1, 2005 — “legacy users.” The settlement permits DirectRevenue to send legacy user]s up to three “opt-in” notices offering them the option of providing express consent to resume receiving the ads and advising them of the FTC settlement. The notices also must provide simple instructions on how consumers can uninstall DirectRevenue’s adware program.
The FTC settlement also bars DirectRevenue, directly or through others, from exploiting security vulnerabilities to download any software program or application, and requires that DirectRevenue provide clear and prominent disclosures and obtain consumers’ express consent before downloading software onto consumers’ computers. The settlement further requires that DirectRevenue clearly identify all of its ads, and establish and maintain effective, user-friendly mechanisms through which consumers can register complaints and uninstall the adware. It also requires that DirectRevenue monitor its affiliates to ensure that affiliates and their sub-affiliates comply with the FTC order. Finally, DirectRevenue will give up $1.5 million in ill-gotten gains to the FTC to settle the charges. The settlement contains standard record keeping provisions to allow the FTC to monitor compliance.