CNN installs invasive ‘enhancement’
Posted on February 6, 2009 by Susan Alexander
Media giant CNN caused more than a few raised eyebrows in the tech community when it was revealed recently that it installs an application that lets CNN use subscribers’ computers to distribute its live streaming content the first time viewers sign in to view streaming content.
It’s not a drive-by download or some insidious secret hack — more of a social engineering scam, actually. Millions of users who signed up for the live streaming feed of U.S. President Barach Obama’s inauguration last month were told they couldn’t get hooked in unless they first installed something called ‘the Octoshape Grid Delivery enhancement’ for their Flash Player.
Among other things, the ‘enhancement’ turns subscribers’ computers into relay stations, making them part of a grid to, “deliver parts of the video and audio stream to other end users of the Software,” as the Octoshape end user agreement clearly states.
Octoshape Grid Delivery is a peer-to-peer application that, in effect, uses the subscriber’s computer and Internet connection to create an ad-hoc distribution network for CNN.
CNN and independent security researchers confirm that the octoshape ‘enhancement’ is still being installed the first time a fan views any streaming CNN program feed. Non-streaming (pre-recorded) CNN video clips do not require installation of Octoshape.
Critics of CNN’s Octoshape gambit say CNN indulged in deceptive marketing to get end users to become part of their network. They also note that CNN downloaded the cost of distributing its streaming feeds to end users and ISP without asking their permission or expressly informing them.
And, of course, there is the question of security. Researchers charge that other Web sites which are ‘Octoshape aware’ can detect it on your system and activate it for their own purposes without your knowledge.
You can find out if you have Octoshape running on your system by right-clicking in any clear space the Windows Task Bar and then clicking on Task Manager. If you see an entry labeled ‘octoshape.exe’ under the ‘Processes’ tab, you’ve got the bug.
To remove Octoshape, use Add/Remove Programs in XP or Programs and Features in Vista to uninstall the app in the conventional way.
Mac users must manually delete the Octoshape folder that the download created on their systems to rid themselves of the infestation.
February 6th, 2009 at 23:00
adobe is the one to blame here.
did you notice it is positioned as a “flash player plugin” and the installation gets kicked off from within the flash player ?
as much as p2p is a valid technology for content delivery in 2009, adobe had to disclose the purpose of this plugin and not allow their flash player to act as a trojan dropper.
February 7th, 2009 at 14:58
John – I went and looked at this more closely.. It says Octoshape Grid Delivery Enhancement.. and you get to choose to install it or not. This seems to me a bunch of hype to bash CNN, and Adobe as you infer. I would imagine that Adobe and CNN went to great lengths to ensure this was safe and responsible. perhaps I am missing something. Perhaps it is just a bashfest.
February 8th, 2009 at 08:38
Critics have several objections, here, primarily that CNN did not properly disclose the nature of the ‘enhancement and, in the critics’ view, practised deceptive marketing to get end users to become part of a network, the existance of which was never explicitly disclosed to them. Critics also have a problem with CNN downloading the cost (for network bandwidth) of distributing its streams to users and their ISPs. Subscribers overwhelmingly said they thought that, by clicking OK and agreeing to the Octoshape install, they were simply signing up to view the streaming media content, not to become part of a clandestine CNN network — forever. Critics further complain that the language of the EULA was obscure and that, even if every potential CNN streaming subscriber had read it thoroughly, many would not have understood they were giving CNN and Octoshape’s developers a back door into their computers.
All Adobe did was allow Octoshape to develop a plugin for Flash Player. CNN foisted that technology on unsuspecting users who ended up paying (via CNN’s use of their ISP connections to distribute its streams) for something they were told was free.
February 9th, 2009 at 14:08
While I agree that the vast majority of the blame should fall to CNN as the entity deploying the software, Octoshape should protect itself by making the nature of the plug-in clear before it installs. Otherwise lots of other companies will do the same thing that CNN did, resulting in a backlash against Octoshape as well.
January 27th, 2010 at 21:36
There is nothing deceptive about CNN’s octoshape grid enhancement. CNN accurately describes it as offering higher quality video streams, which it does. CNN and Octoshape accurately describe the way it works as “personal computer system on which you install the Software may also be used to deliver parts of the video and audio stream to other end users.” There is nothing deceptive about this. It is the new, smarter way to deliver massive video date to huge audiences on the internet. Corey Chambers on eBay
March 6th, 2010 at 14:30
I was just prompted to install the Octoshape Grid Delivery Enhancement plug-in on another site to view a video. Before accepting, a google search brought me here. Most users are going to install it without thinking twice, or doing any homework on what it actually is…and that’s the inherent problem.
The EULA clearly states:
1. PERMISSION TO UTILIZE
You hereby acknowledge that you understand that the Software utilizes a grid streaming technology. With grid streaming technology, parts of the video and audio stream you watch and listen to may be delivered to your personal computer system via the personal computer systems of other end users of the Software, and the personal computer system on which you install the Software may also be used to deliver parts of the video, audio, and / or data stream to other end users of the Software. Accordingly, you hereby grant permission for Octoshape and other end users of the Software to utilize and share the processor and bandwidth of your personal computer system for the limited purpose of delivering video and audio streams between you and other end users of the Software, including Octoshape. You are responsible for any telecommunication or other connectivity charges incurred through the use of the Software.
But how many people do you know read EULA’s? Most won’t even know that their bandwidth and system resources are being sapped. Most people will read “Octoshape grid delivery enhancement” and it will make their brain hurt so much that they install it just to make the phrase go away.
June 7th, 2010 at 17:27
I have seen exactly what Octoshape can do to a large ISP. We have multi-gig connections and have seen Octoshape utilize as much as 45% of our outbound as noted by Netflow monitoring. This has created major headaches as we have many hundreds of workstations behind ultra high speed connections. We have seen outbound data streaming at between 1.5 and 5 Mbps per workstation! This is totally unaccepatble. The end user has no idea what they are installing as most are ignorant and simply took the enhancement message at face value without considering the possibility that the software being installed could actually be something that could impact their network performance. They end up watching video feeds all day and then calling us wondering why their network is suddenly slow and why uploads are taking forever. Bottom line – CNN and other organizations using Octoshape are stealing bandwidth from end users and ISPs. We will do everything we can to block Octoshape and are in the process of notifying CNN and Octoshape that we will be holding them financially accountable for any bandwidth overage charges incurred by us directly resulting from their software. Their blatant gall is appalling. Their pilfering of bandwidth should be no more legal than some one tapping into their neighbor’s cable tv feed. It is theft pure and simple.