Media giant CNN caused more than a few raised eyebrows in the tech community when it was revealed recently that it installs an application that lets CNN use subscribers’ computers to distribute its live streaming content the first time viewers sign in to view streaming content.
It’s not a drive-by download or some insidious secret hack — more of a social engineering scam, actually. Millions of users who signed up for the live streaming feed of U.S. President Barach Obama’s inauguration last month were told they couldn’t get hooked in unless they first installed something called ‘the Octoshape Grid Delivery enhancement’ for their Flash Player.
Among other things, the ‘enhancement’ turns subscribers’ computers into relay stations, making them part of a grid to, “deliver parts of the video and audio stream to other end users of the Software,” as the Octoshape end user agreement clearly states.
Octoshape Grid Delivery is a peer-to-peer application that, in effect, uses the subscriber’s computer and Internet connection to create an ad-hoc distribution network for CNN.
CNN and independent security researchers confirm that the octoshape ‘enhancement’ is still being installed the first time a fan views any streaming CNN program feed. Non-streaming (pre-recorded) CNN video clips do not require installation of Octoshape.
Critics of CNN’s Octoshape gambit say CNN indulged in deceptive marketing to get end users to become part of their network. They also note that CNN downloaded the cost of distributing its streaming feeds to end users and ISP without asking their permission or expressly informing them.
And, of course, there is the question of security. Researchers charge that other Web sites which are ‘Octoshape aware’ can detect it on your system and activate it for their own purposes without your knowledge.
You can find out if you have Octoshape running on your system by right-clicking in any clear space the Windows Task Bar and then clicking on Task Manager. If you see an entry labeled ‘octoshape.exe’ under the ‘Processes’ tab, you’ve got the bug.
To remove Octoshape, use Add/Remove Programs in XP or Programs and Features in Vista to uninstall the app in the conventional way.
Mac users must manually delete the Octoshape folder that the download created on their systems to rid themselves of the infestation.
john campbell
adobe is the one to blame here.
did you notice it is positioned as a “flash player plugin” and the installation gets kicked off from within the flash player ?
as much as p2p is a valid technology for content delivery in 2009, adobe had to disclose the purpose of this plugin and not allow their flash player to act as a trojan dropper.
Jim
John – I went and looked at this more closely.. It says Octoshape Grid Delivery Enhancement.. and you get to choose to install it or not. This seems to me a bunch of hype to bash CNN, and Adobe as you infer. I would imagine that Adobe and CNN went to great lengths to ensure this was safe and responsible. perhaps I am missing something. Perhaps it is just a bashfest.
Maggie James
Critics have several objections, here, primarily that CNN did not properly disclose the nature of the ‘enhancement and, in the critics’ view, practised deceptive marketing to get end users to become part of a network, the existance of which was never explicitly disclosed to them. Critics also have a problem with CNN downloading the cost (for network bandwidth) of distributing its streams to users and their ISPs. Subscribers overwhelmingly said they thought that, by clicking OK and agreeing to the Octoshape install, they were simply signing up to view the streaming media content, not to become part of a clandestine CNN network — forever. Critics further complain that the language of the EULA was obscure and that, even if every potential CNN streaming subscriber had read it thoroughly, many would not have understood they were giving CNN and Octoshape’s developers a back door into their computers.
All Adobe did was allow Octoshape to develop a plugin for Flash Player. CNN foisted that technology on unsuspecting users who ended up paying (via CNN’s use of their ISP connections to distribute its streams) for something they were told was free.
Eric Jacksch
While I agree that the vast majority of the blame should fall to CNN as the entity deploying the software, Octoshape should protect itself by making the nature of the plug-in clear before it installs. Otherwise lots of other companies will do the same thing that CNN did, resulting in a backlash against Octoshape as well.
Corey Chambers on eBay
There is nothing deceptive about CNN’s octoshape grid enhancement. CNN accurately describes it as offering higher quality video streams, which it does. CNN and Octoshape accurately describe the way it works as “personal computer system on which you install the Software may also be used to deliver parts of the video and audio stream to other end users.” There is nothing deceptive about this. It is the new, smarter way to deliver massive video date to huge audiences on the internet. Corey Chambers on eBay
Matt
I was just prompted to install the Octoshape Grid Delivery Enhancement plug-in on another site to view a video. Before accepting, a google search brought me here. Most users are going to install it without thinking twice, or doing any homework on what it actually is…and that’s the inherent problem.
The EULA clearly states:
1. PERMISSION TO UTILIZE
You hereby acknowledge that you understand that the Software utilizes a grid streaming technology. With grid streaming technology, parts of the video and audio stream you watch and listen to may be delivered to your personal computer system via the personal computer systems of other end users of the Software, and the personal computer system on which you install the Software may also be used to deliver parts of the video, audio, and / or data stream to other end users of the Software. Accordingly, you hereby grant permission for Octoshape and other end users of the Software to utilize and share the processor and bandwidth of your personal computer system for the limited purpose of delivering video and audio streams between you and other end users of the Software, including Octoshape. You are responsible for any telecommunication or other connectivity charges incurred through the use of the Software.
But how many people do you know read EULA’s? Most won’t even know that their bandwidth and system resources are being sapped. Most people will read “Octoshape grid delivery enhancement” and it will make their brain hurt so much that they install it just to make the phrase go away.
Jim
I have seen exactly what Octoshape can do to a large ISP. We have multi-gig connections and have seen Octoshape utilize as much as 45% of our outbound as noted by Netflow monitoring. This has created major headaches as we have many hundreds of workstations behind ultra high speed connections. We have seen outbound data streaming at between 1.5 and 5 Mbps per workstation! This is totally unaccepatble. The end user has no idea what they are installing as most are ignorant and simply took the enhancement message at face value without considering the possibility that the software being installed could actually be something that could impact their network performance. They end up watching video feeds all day and then calling us wondering why their network is suddenly slow and why uploads are taking forever. Bottom line – CNN and other organizations using Octoshape are stealing bandwidth from end users and ISPs. We will do everything we can to block Octoshape and are in the process of notifying CNN and Octoshape that we will be holding them financially accountable for any bandwidth overage charges incurred by us directly resulting from their software. Their blatant gall is appalling. Their pilfering of bandwidth should be no more legal than some one tapping into their neighbor’s cable tv feed. It is theft pure and simple.
Don Andersend
I wasn’t required to ok anything to get a live feed from CNN for Obama’s Backyard chat in Des Moines today. I just noticed it as using a lot of memory when I looked in the Tack Manager, and did a search on the name and came here. I just deleted it in Add/Remove Programs. I thought it was taking a long time for the live feed to load, but apparently that was because of the time it was taking for the program to download.
Maggie
This octoshape thing prevented me from watching the Jon Stewart rally. A sign came up ASKING if I wanted to install it and when I clicked on no, the sign stayed there and I could not watch sanything. I am done with CNN.
Gewok
It will use your cpu and upload bandwidth – potentially even when you don’t watch the video. How much it will use depends on the good will of the plug in developers. Given that this is developed specifically to use your bandwidth to reduce their cost, and allows them to build out a free, high performance, world wide video distributed system, this belief on good will is not warranted.
rick
when i went to uninstall, found octoshape by seaching intalls on todays date, and left clicked on “octoshape grid”, it vanished and doen’t even show up as having been installed. so without me uninstalling it, it no longer shows up as being in my computer. anyone got any ideas as to how to find octoshape.exe and unistall it?
JustMe
Why do people go along with nonsense like this? Why is Adobe Macromedia flashplayer in on it? Adobe is not to be trusted, as we all learned long ago, with their supercookies (search for *.sol on your hard drive and then delete them!).
Sean
I am on a Mac. When CNN asked the question during a live stream whether I want to install this stuff, I cannot say yes, I cannot , say No. Both buttons are not responsive. So, I ended up not able to watch live video stream such as the presidential debate from a mac. I had to go to a PC, or a real TV to watch it. Get rid of that already, please. If this is Adobe’s fault, then please Adobe, do something.
Diogenes
I’ve watched live CNN a lot during the debates and election cycle. Today when I went to watch a live broadcast, Malwarebytes picked up on the Octashape trojan and alerted me. Not sure when it was installed. Do not recall seeing anything asking me to approve it, although I allowed a Flash update this week and it may have buried approval in something I approved without reading.
Nick
about 3 weeks ago I download an automatic update from adobe. Since then I have been getting these little windows that pop-up and it has adobe flash player settings on top of it then under that is says,”Local Storage”. It then ask in this box, http://www.cnn.com is requesting permission to store information on your computer. I have noticed that the http://www.____.com could be any website, some I know of and many I don’t. Since then my PC is acting crazy, so, I clicked on a question mark and it brought me to adobe’s website. I called them and this guy says he is a certified technician with microsoft and he can fix the problem and I gave him permission to take control of my PC and he brings up a box and it has 57,000 items on it in RED and he says, he says they are virus’ and he can fix it and I say great. the next thing I see is a dollar figure $295.00 so I ask what is that and he tells me it is going to cost me that much to get my PC fixed. I told him I did not have it and he went all the way down to $100.00 so I figured it was a scam. Now I am getting these windows that everyone in here is describing.
MY QUESTION IS, is it possible to have 57,000 virus’ on a computer and it still work, although it is a lot slower than it is supposed to be?
Malkah
Many of us, who didn’t grow up with computers in our lives are a bit skeptical. At first, I was NOT connecting my computer. Well, anyway, as you can see here, I gradually got into commuicating with sooooo many people.
— BUT —
For someone to access my computer, when I don’t want, through a backdoor, just for better graphics, this time I will say NO, don’t know if I will think about it, but, it seems hackers developed this backdoor, and if it is there, it is there.
Not that CNN would misuse this, but if they can get in, so can others, like when your contacts get hacked. No thanks.
tom
Congratulations… CNN is just following Obama’s big plan of redistribution of wealth. Wake Up people… I am the middle class and I am tired of paying for the 48% of the people that aren’t paying any taxes. Yes…that also includes General Electric and Apple who are not paying anything!!! It’s time for a flat tax charged to everyone equally!!!
tom
What I meant was this… CNN is just using other peoples computers to share the distribution of bandwidth. Same philosophy as Obama’s redistribution of wealth.
FelchMyHamflower
Octoshape Delivery Enhancement sounds like something I would jam up my four asses.
Mike
Cnn and Octoshape may have taken a questionable course of action–there could or should have been other approaches. Yet, as the USA falls further behind in broadband delivery capabilities and speeds in relation to other parts of the world I cannot blame CNN for trying something to icrease performance. However, if the software does affect ones computer system(s) in a negative way then both companies should have taken a different approach. Just think of the increase in productivity and quality of life that has resulted by the internet. Better performing broadband should be a NATIONAL PRIORITY and a joint effort between the federal state and local governments–all working with private industry to make it happen. We can build 5 billion dollar submarines but can’t keep the nation “hooked-up”?! What can one expect from Congress?!