Media giant CNN caused more than a few raised eyebrows in the tech community when it was revealed recently that it installs an application that lets CNN use subscribers’ computers to distribute its live streaming content the first time viewers sign in to view streaming content.
It’s not a drive-by download or some insidious secret hack — more of a social engineering scam, actually. Millions of users who signed up for the live streaming feed of U.S. President Barach Obama’s inauguration last month were told they couldn’t get hooked in unless they first installed something called ‘the Octoshape Grid Delivery enhancement’ for their Flash Player.
Among other things, the ‘enhancement’ turns subscribers’ computers into relay stations, making them part of a grid to, “deliver parts of the video and audio stream to other end users of the Software,” as the Octoshape end user agreement clearly states.
Octoshape Grid Delivery is a peer-to-peer application that, in effect, uses the subscriber’s computer and Internet connection to create an ad-hoc distribution network for CNN.
CNN and independent security researchers confirm that the octoshape ‘enhancement’ is still being installed the first time a fan views any streaming CNN program feed. Non-streaming (pre-recorded) CNN video clips do not require installation of Octoshape.
Critics of CNN’s Octoshape gambit say CNN indulged in deceptive marketing to get end users to become part of their network. They also note that CNN downloaded the cost of distributing its streaming feeds to end users and ISP without asking their permission or expressly informing them.
And, of course, there is the question of security. Researchers charge that other Web sites which are ‘Octoshape aware’ can detect it on your system and activate it for their own purposes without your knowledge.
You can find out if you have Octoshape running on your system by right-clicking in any clear space the Windows Task Bar and then clicking on Task Manager. If you see an entry labeled ‘octoshape.exe’ under the ‘Processes’ tab, you’ve got the bug.
To remove Octoshape, use Add/Remove Programs in XP or Programs and Features in Vista to uninstall the app in the conventional way.
Mac users must manually delete the Octoshape folder that the download created on their systems to rid themselves of the infestation.
john campbell
adobe is the one to blame here.
did you notice it is positioned as a “flash player plugin” and the installation gets kicked off from within the flash player ?
as much as p2p is a valid technology for content delivery in 2009, adobe had to disclose the purpose of this plugin and not allow their flash player to act as a trojan dropper.
Jim
John – I went and looked at this more closely.. It says Octoshape Grid Delivery Enhancement.. and you get to choose to install it or not. This seems to me a bunch of hype to bash CNN, and Adobe as you infer. I would imagine that Adobe and CNN went to great lengths to ensure this was safe and responsible. perhaps I am missing something. Perhaps it is just a bashfest.
Maggie James
Critics have several objections, here, primarily that CNN did not properly disclose the nature of the ‘enhancement and, in the critics’ view, practised deceptive marketing to get end users to become part of a network, the existance of which was never explicitly disclosed to them. Critics also have a problem with CNN downloading the cost (for network bandwidth) of distributing its streams to users and their ISPs. Subscribers overwhelmingly said they thought that, by clicking OK and agreeing to the Octoshape install, they were simply signing up to view the streaming media content, not to become part of a clandestine CNN network — forever. Critics further complain that the language of the EULA was obscure and that, even if every potential CNN streaming subscriber had read it thoroughly, many would not have understood they were giving CNN and Octoshape’s developers a back door into their computers.
All Adobe did was allow Octoshape to develop a plugin for Flash Player. CNN foisted that technology on unsuspecting users who ended up paying (via CNN’s use of their ISP connections to distribute its streams) for something they were told was free.
Eric Jacksch
While I agree that the vast majority of the blame should fall to CNN as the entity deploying the software, Octoshape should protect itself by making the nature of the plug-in clear before it installs. Otherwise lots of other companies will do the same thing that CNN did, resulting in a backlash against Octoshape as well.
Corey Chambers on eBay
There is nothing deceptive about CNN’s octoshape grid enhancement. CNN accurately describes it as offering higher quality video streams, which it does. CNN and Octoshape accurately describe the way it works as “personal computer system on which you install the Software may also be used to deliver parts of the video and audio stream to other end users.” There is nothing deceptive about this. It is the new, smarter way to deliver massive video date to huge audiences on the internet. Corey Chambers on eBay
Matt
I was just prompted to install the Octoshape Grid Delivery Enhancement plug-in on another site to view a video. Before accepting, a google search brought me here. Most users are going to install it without thinking twice, or doing any homework on what it actually is…and that’s the inherent problem.
The EULA clearly states:
1. PERMISSION TO UTILIZE
You hereby acknowledge that you understand that the Software utilizes a grid streaming technology. With grid streaming technology, parts of the video and audio stream you watch and listen to may be delivered to your personal computer system via the personal computer systems of other end users of the Software, and the personal computer system on which you install the Software may also be used to deliver parts of the video, audio, and / or data stream to other end users of the Software. Accordingly, you hereby grant permission for Octoshape and other end users of the Software to utilize and share the processor and bandwidth of your personal computer system for the limited purpose of delivering video and audio streams between you and other end users of the Software, including Octoshape. You are responsible for any telecommunication or other connectivity charges incurred through the use of the Software.
But how many people do you know read EULA’s? Most won’t even know that their bandwidth and system resources are being sapped. Most people will read “Octoshape grid delivery enhancement” and it will make their brain hurt so much that they install it just to make the phrase go away.
Jim
I have seen exactly what Octoshape can do to a large ISP. We have multi-gig connections and have seen Octoshape utilize as much as 45% of our outbound as noted by Netflow monitoring. This has created major headaches as we have many hundreds of workstations behind ultra high speed connections. We have seen outbound data streaming at between 1.5 and 5 Mbps per workstation! This is totally unaccepatble. The end user has no idea what they are installing as most are ignorant and simply took the enhancement message at face value without considering the possibility that the software being installed could actually be something that could impact their network performance. They end up watching video feeds all day and then calling us wondering why their network is suddenly slow and why uploads are taking forever. Bottom line – CNN and other organizations using Octoshape are stealing bandwidth from end users and ISPs. We will do everything we can to block Octoshape and are in the process of notifying CNN and Octoshape that we will be holding them financially accountable for any bandwidth overage charges incurred by us directly resulting from their software. Their blatant gall is appalling. Their pilfering of bandwidth should be no more legal than some one tapping into their neighbor’s cable tv feed. It is theft pure and simple.
Don Andersend
I wasn’t required to ok anything to get a live feed from CNN for Obama’s Backyard chat in Des Moines today. I just noticed it as using a lot of memory when I looked in the Tack Manager, and did a search on the name and came here. I just deleted it in Add/Remove Programs. I thought it was taking a long time for the live feed to load, but apparently that was because of the time it was taking for the program to download.
Maggie
This octoshape thing prevented me from watching the Jon Stewart rally. A sign came up ASKING if I wanted to install it and when I clicked on no, the sign stayed there and I could not watch sanything. I am done with CNN.
Gewok
It will use your cpu and upload bandwidth – potentially even when you don’t watch the video. How much it will use depends on the good will of the plug in developers. Given that this is developed specifically to use your bandwidth to reduce their cost, and allows them to build out a free, high performance, world wide video distributed system, this belief on good will is not warranted.
rick
when i went to uninstall, found octoshape by seaching intalls on todays date, and left clicked on “octoshape grid”, it vanished and doen’t even show up as having been installed. so without me uninstalling it, it no longer shows up as being in my computer. anyone got any ideas as to how to find octoshape.exe and unistall it?
JustMe
Why do people go along with nonsense like this? Why is Adobe Macromedia flashplayer in on it? Adobe is not to be trusted, as we all learned long ago, with their supercookies (search for *.sol on your hard drive and then delete them!).
Sean
I am on a Mac. When CNN asked the question during a live stream whether I want to install this stuff, I cannot say yes, I cannot , say No. Both buttons are not responsive. So, I ended up not able to watch live video stream such as the presidential debate from a mac. I had to go to a PC, or a real TV to watch it. Get rid of that already, please. If this is Adobe’s fault, then please Adobe, do something.
Diogenes
I’ve watched live CNN a lot during the debates and election cycle. Today when I went to watch a live broadcast, Malwarebytes picked up on the Octashape trojan and alerted me. Not sure when it was installed. Do not recall seeing anything asking me to approve it, although I allowed a Flash update this week and it may have buried approval in something I approved without reading.