Media giant CNN caused more than a few raised eyebrows in the tech community when it was revealed recently that it installs an application that lets CNN use subscribers’ computers to distribute its live streaming content the first time viewers sign in to view streaming content.
It’s not a drive-by download or some insidious secret hack — more of a social engineering scam, actually. Millions of users who signed up for the live streaming feed of U.S. President Barach Obama’s inauguration last month were told they couldn’t get hooked in unless they first installed something called ‘the Octoshape Grid Delivery enhancement’ for their Flash Player.
Among other things, the ‘enhancement’ turns subscribers’ computers into relay stations, making them part of a grid to, “deliver parts of the video and audio stream to other end users of the Software,” as the Octoshape end user agreement clearly states.
Octoshape Grid Delivery is a peer-to-peer application that, in effect, uses the subscriber’s computer and Internet connection to create an ad-hoc distribution network for CNN.
CNN and independent security researchers confirm that the octoshape ‘enhancement’ is still being installed the first time a fan views any streaming CNN program feed. Non-streaming (pre-recorded) CNN video clips do not require installation of Octoshape.
Critics of CNN’s Octoshape gambit say CNN indulged in deceptive marketing to get end users to become part of their network. They also note that CNN downloaded the cost of distributing its streaming feeds to end users and ISP without asking their permission or expressly informing them.
And, of course, there is the question of security. Researchers charge that other Web sites which are ‘Octoshape aware’ can detect it on your system and activate it for their own purposes without your knowledge.
You can find out if you have Octoshape running on your system by right-clicking in any clear space the Windows Task Bar and then clicking on Task Manager. If you see an entry labeled ‘octoshape.exe’ under the ‘Processes’ tab, you’ve got the bug.
To remove Octoshape, use Add/Remove Programs in XP or Programs and Features in Vista to uninstall the app in the conventional way.
Mac users must manually delete the Octoshape folder that the download created on their systems to rid themselves of the infestation.
john campbell
adobe is the one to blame here.
did you notice it is positioned as a “flash player plugin” and the installation gets kicked off from within the flash player ?
as much as p2p is a valid technology for content delivery in 2009, adobe had to disclose the purpose of this plugin and not allow their flash player to act as a trojan dropper.
Jim
John – I went and looked at this more closely.. It says Octoshape Grid Delivery Enhancement.. and you get to choose to install it or not. This seems to me a bunch of hype to bash CNN, and Adobe as you infer. I would imagine that Adobe and CNN went to great lengths to ensure this was safe and responsible. perhaps I am missing something. Perhaps it is just a bashfest.
Maggie James
Critics have several objections, here, primarily that CNN did not properly disclose the nature of the ‘enhancement and, in the critics’ view, practised deceptive marketing to get end users to become part of a network, the existance of which was never explicitly disclosed to them. Critics also have a problem with CNN downloading the cost (for network bandwidth) of distributing its streams to users and their ISPs. Subscribers overwhelmingly said they thought that, by clicking OK and agreeing to the Octoshape install, they were simply signing up to view the streaming media content, not to become part of a clandestine CNN network — forever. Critics further complain that the language of the EULA was obscure and that, even if every potential CNN streaming subscriber had read it thoroughly, many would not have understood they were giving CNN and Octoshape’s developers a back door into their computers.
All Adobe did was allow Octoshape to develop a plugin for Flash Player. CNN foisted that technology on unsuspecting users who ended up paying (via CNN’s use of their ISP connections to distribute its streams) for something they were told was free.
Eric Jacksch
While I agree that the vast majority of the blame should fall to CNN as the entity deploying the software, Octoshape should protect itself by making the nature of the plug-in clear before it installs. Otherwise lots of other companies will do the same thing that CNN did, resulting in a backlash against Octoshape as well.
Corey Chambers on eBay
There is nothing deceptive about CNN’s octoshape grid enhancement. CNN accurately describes it as offering higher quality video streams, which it does. CNN and Octoshape accurately describe the way it works as “personal computer system on which you install the Software may also be used to deliver parts of the video and audio stream to other end users.” There is nothing deceptive about this. It is the new, smarter way to deliver massive video date to huge audiences on the internet. Corey Chambers on eBay
Matt
I was just prompted to install the Octoshape Grid Delivery Enhancement plug-in on another site to view a video. Before accepting, a google search brought me here. Most users are going to install it without thinking twice, or doing any homework on what it actually is…and that’s the inherent problem.
The EULA clearly states:
1. PERMISSION TO UTILIZE
You hereby acknowledge that you understand that the Software utilizes a grid streaming technology. With grid streaming technology, parts of the video and audio stream you watch and listen to may be delivered to your personal computer system via the personal computer systems of other end users of the Software, and the personal computer system on which you install the Software may also be used to deliver parts of the video, audio, and / or data stream to other end users of the Software. Accordingly, you hereby grant permission for Octoshape and other end users of the Software to utilize and share the processor and bandwidth of your personal computer system for the limited purpose of delivering video and audio streams between you and other end users of the Software, including Octoshape. You are responsible for any telecommunication or other connectivity charges incurred through the use of the Software.
But how many people do you know read EULA’s? Most won’t even know that their bandwidth and system resources are being sapped. Most people will read “Octoshape grid delivery enhancement” and it will make their brain hurt so much that they install it just to make the phrase go away.
Jim
I have seen exactly what Octoshape can do to a large ISP. We have multi-gig connections and have seen Octoshape utilize as much as 45% of our outbound as noted by Netflow monitoring. This has created major headaches as we have many hundreds of workstations behind ultra high speed connections. We have seen outbound data streaming at between 1.5 and 5 Mbps per workstation! This is totally unaccepatble. The end user has no idea what they are installing as most are ignorant and simply took the enhancement message at face value without considering the possibility that the software being installed could actually be something that could impact their network performance. They end up watching video feeds all day and then calling us wondering why their network is suddenly slow and why uploads are taking forever. Bottom line – CNN and other organizations using Octoshape are stealing bandwidth from end users and ISPs. We will do everything we can to block Octoshape and are in the process of notifying CNN and Octoshape that we will be holding them financially accountable for any bandwidth overage charges incurred by us directly resulting from their software. Their blatant gall is appalling. Their pilfering of bandwidth should be no more legal than some one tapping into their neighbor’s cable tv feed. It is theft pure and simple.
Don Andersend
I wasn’t required to ok anything to get a live feed from CNN for Obama’s Backyard chat in Des Moines today. I just noticed it as using a lot of memory when I looked in the Tack Manager, and did a search on the name and came here. I just deleted it in Add/Remove Programs. I thought it was taking a long time for the live feed to load, but apparently that was because of the time it was taking for the program to download.
Maggie
This octoshape thing prevented me from watching the Jon Stewart rally. A sign came up ASKING if I wanted to install it and when I clicked on no, the sign stayed there and I could not watch sanything. I am done with CNN.
Gewok
It will use your cpu and upload bandwidth – potentially even when you don’t watch the video. How much it will use depends on the good will of the plug in developers. Given that this is developed specifically to use your bandwidth to reduce their cost, and allows them to build out a free, high performance, world wide video distributed system, this belief on good will is not warranted.
rick
when i went to uninstall, found octoshape by seaching intalls on todays date, and left clicked on “octoshape grid”, it vanished and doen’t even show up as having been installed. so without me uninstalling it, it no longer shows up as being in my computer. anyone got any ideas as to how to find octoshape.exe and unistall it?
JustMe
Why do people go along with nonsense like this? Why is Adobe Macromedia flashplayer in on it? Adobe is not to be trusted, as we all learned long ago, with their supercookies (search for *.sol on your hard drive and then delete them!).
Sean
I am on a Mac. When CNN asked the question during a live stream whether I want to install this stuff, I cannot say yes, I cannot , say No. Both buttons are not responsive. So, I ended up not able to watch live video stream such as the presidential debate from a mac. I had to go to a PC, or a real TV to watch it. Get rid of that already, please. If this is Adobe’s fault, then please Adobe, do something.
Diogenes
I’ve watched live CNN a lot during the debates and election cycle. Today when I went to watch a live broadcast, Malwarebytes picked up on the Octashape trojan and alerted me. Not sure when it was installed. Do not recall seeing anything asking me to approve it, although I allowed a Flash update this week and it may have buried approval in something I approved without reading.
Nick
about 3 weeks ago I download an automatic update from adobe. Since then I have been getting these little windows that pop-up and it has adobe flash player settings on top of it then under that is says,”Local Storage”. It then ask in this box, http://www.cnn.com is requesting permission to store information on your computer. I have noticed that the http://www.____.com could be any website, some I know of and many I don’t. Since then my PC is acting crazy, so, I clicked on a question mark and it brought me to adobe’s website. I called them and this guy says he is a certified technician with microsoft and he can fix the problem and I gave him permission to take control of my PC and he brings up a box and it has 57,000 items on it in RED and he says, he says they are virus’ and he can fix it and I say great. the next thing I see is a dollar figure $295.00 so I ask what is that and he tells me it is going to cost me that much to get my PC fixed. I told him I did not have it and he went all the way down to $100.00 so I figured it was a scam. Now I am getting these windows that everyone in here is describing.
MY QUESTION IS, is it possible to have 57,000 virus’ on a computer and it still work, although it is a lot slower than it is supposed to be?
Malkah
Many of us, who didn’t grow up with computers in our lives are a bit skeptical. At first, I was NOT connecting my computer. Well, anyway, as you can see here, I gradually got into commuicating with sooooo many people.
— BUT —
For someone to access my computer, when I don’t want, through a backdoor, just for better graphics, this time I will say NO, don’t know if I will think about it, but, it seems hackers developed this backdoor, and if it is there, it is there.
Not that CNN would misuse this, but if they can get in, so can others, like when your contacts get hacked. No thanks.
tom
Congratulations… CNN is just following Obama’s big plan of redistribution of wealth. Wake Up people… I am the middle class and I am tired of paying for the 48% of the people that aren’t paying any taxes. Yes…that also includes General Electric and Apple who are not paying anything!!! It’s time for a flat tax charged to everyone equally!!!
tom
What I meant was this… CNN is just using other peoples computers to share the distribution of bandwidth. Same philosophy as Obama’s redistribution of wealth.
FelchMyHamflower
Octoshape Delivery Enhancement sounds like something I would jam up my four asses.
Mike
Cnn and Octoshape may have taken a questionable course of action–there could or should have been other approaches. Yet, as the USA falls further behind in broadband delivery capabilities and speeds in relation to other parts of the world I cannot blame CNN for trying something to icrease performance. However, if the software does affect ones computer system(s) in a negative way then both companies should have taken a different approach. Just think of the increase in productivity and quality of life that has resulted by the internet. Better performing broadband should be a NATIONAL PRIORITY and a joint effort between the federal state and local governments–all working with private industry to make it happen. We can build 5 billion dollar submarines but can’t keep the nation “hooked-up”?! What can one expect from Congress?!
jim
@Nick (about three weeks ago…): you’ve been scammed. Immediately procure a copy — from a known source (like Staples or Walmart) not some link on the Internet — of advanced anti-bug software (Norton, Kaspersky, or the like). Follow instructions for installation and keep it up-to-date. And stop clicking on links you are not 100% sure of!! 🙂
Who can blame CNN for trying to hi-jack bandwidth whereever possible and saving some big bucks in the process. I am sure the manager that approved this con job got a nice fat bonus. It’s all about the money, folks … as in removing from your pocket and moving it into their pocket. “No money changed hands!”, you exclaim! Wrong. They just didn’t send you a paper billing statement. Instead they stole your resources and time. And probably caused IT departments across the country to spend even more time and money (which comes out of your next raise BTW) acting as CNN’s unwitting participants in the process. It matters not about the fine print. Their lawyers were 100% sure that only 0.01% would read it and they were correct. Kudos and bonuses all around at the CNN home office. Along with a Bronx cheer.
jim
P.S. @Tom: screw that flat-tax and FairTax nonsense. Just eliminate corporate loop-holes. In other words, tell’em “Sell product here, make profits here, pay taxes here!” Stop patenting genes and other human bits and pieces. Tell drug companies they will stop charging more “here” than “there”; and that the cost advantages of their “free” university assistance will be factored into lowering the retail price; and that the day of $10,000 treatments is over – they will have to lengthen the amortization period (which is probably shortened to ensure the CEO-de-jour gets his multi-million dollar bonus in the current fiscal year); and the price of failure to comply is “nationalization” for the public good and safety. It’s about time we stopped turning public utilities (ie, electric, gas, etc.) into little gold mines for the soon-to-be-rich and not-so-famous (not to mention foreign interests that definitely do NOT have OUR interests at heart). Public Utilities were, and should be again, just that … non-profit corporations run for the good of the public. Every billion sucked out of them to buy Ferrari’s for some CEO’s kid in Monaco or Madrid is less money to build and maintain infrastructure we need in this country for reasonably priced power and communications. If the Italians or Spanish want to build new power and Internet facilities, let them charge their own people for it!
Terry Schneider
When the permission popped up to accept or decline I did the usual search to find out what is this program. I have read enough on this blog to decline. Two reasons, it is P2P and a streaming conduit which are vehicles for nastyware (coined by Happy PC Computing back in the late 1990s) intrusion on ones computer. Much has been made about NSA’s intrusion but news media are saying nothing how business have been controlling and spying on individual and business computers.
I pay for CNN via Dish and find this very irresponsible of CNN and not respectable of Dish customers attempting to put try this crap on customer’s computers.
Terry Schneider
Mike. This is not the answer to Telcom and Cable companies strangle hold on keeping this country in the dark ages of internet communications by preventing fiber start-ups from providing fiber to urban and rural areas of this country. Google has proven that it can be done but they are slow and will soon run into the buzz saws of the Telcom and Cable companies.
Amomonous
Anyone, see as expose http://windowssecrets.com/top-story/watch-a-live-video-share-your-pc-with-cnn/
Uninstall it and do everything you can to thwart and block Octoshape fucker. Fuck Octoshape. Fuck CNN.
@Stinking piece of shit troll “Corey Chambers on eBay”