• PC World
• »Software
• »Browsers & Add-Ons

Congratulations! You've just agreed to receive junk e-mail for the rest of your life. In less than 10 seconds, with one click, millions of us agree to cooperate with the worst of the online advertising industry without thinking twice.

The nasty fine print is buried deep in those long-winded, dense user agreements we mindlessly glance over with glazed eyes when we sign up for free software, e-mail newsletters, access to Web sites, and other offers. By skipping over privacy policies, end-user license agreements, and terms-of-service contracts, we often give advertisers the green light to create digital dossiers on us. Then they trade and sell the information, and of course aggressively market products to us through our inboxes as well as browser pop-ups and even plain old off-line junk mail.

It's too bad most of us don't take the time to read these dense contracts. I'll admit that even I don't. If we did at least scan them, we'd be shocked--and perhaps wouldn't be so keen to enter an online contest for a free MP3 player or to fork over an e-mail address to send an online greeting card. The fewer potential marketers that get our e-mail addresses, the lower the volume of spam that hits our inboxes--along with the spyware and adware that comes in the same digital envelopes.

But then again, if we did read all those contracts, we'd lose hours reading some of the most boring text the written word offers.

In the end, we only have ourselves to blame for giving uninformed consent to marketers when we breeze over the fine print. But a review of some user agreements and privacy policies suggests that things are getting out of hand.

Shockers in Fine Print

At the bottom of the home page for ImBum, which offers software and services for instant messaging programs, is a link to a 2100-word privacy policy. The site is run by OptInRealBig.com, which is owned by self-proclaimed spam king Scott Richter. Here's an eye-opening excerpt:

OPTIN may use Individual Information to provide promotional offers to individuals by means of email advertising, telephone marketing, direct mail marketing, online banner advertising, and package stuffers, among other possible uses.

Later, the privacy policy states: "OPTIN MAY SELL OR TRANSFER INDIVIDUAL INFORMATION TO THIRD PARTIES FOR ANY PURPOSE IN OPTIN'S SOLE DISCRETION."

Another privacy policy, from GroupLotto, hits new lows in sneakware. To access the site, you must register by accepting its terms of use, which are buried in a 1170-word privacy policy that allows GroupLotto to essentially stalk you while you use its Web site. If you want to read the privacy policy you're agreeing to, you must click yet another link.

GroupLotto's privacy policy informs readers that it will save responses "to questions and surveys, community listings, ratings, searches and comparison searches, bidding, purchasing, chat, games, or bulletin boards." It also retains the right to use and share this information with sites you co-register with, so all its marketing partners can display commercial pitches tailored to you. "By clicking on any Advertiser's banner you agree to be co-registered at that advertiser's website--at no cost to you," the agreement states.

Wow--there's no cost to me. Should I thank them? Wait, it gets better.

According to GroupLotto, by agreeing to its terms, GroupLotto and sites you "co-register" with can contact you via telemarketing even if your phone number is listed on the Federal Trade Commission's Do-Not-Call List.

End-User Outrage

These aren't offers, they're coercion. People don't typically have the time or the legal background to navigate and understand the often-confusing legal documents that are end-user license agreements. The examples I cite in this column may be from sites you don't regularly visit. But honestly, did you read the privacy policy the last time you installed a benign program, like America Online's Instant Messenger software?

Blogger Ben Stanfield may be the exception to the rule. He read the AIM software terms of service and wrote about it. He noted that AOL's terms of service for AIM say you have no right to privacy when using the IM client.

Stanfield points to a section that reads as follows:

Although you or the owner of the Content retain ownership of all right, title and interest in Content that you post to any AIM Product, AOL owns all right, title and interest in any compilation, collective work or other derivative work created by AOL using or incorporating this Content. You waive any right to privacy. You waive any right to inspect or approve uses of the content or to be compensated for any such uses.

After Stanfield wrote about this policy in his blog, his site's message boards lit up with heated discussion. AOL has tried to quiet the furor by stating its privacy clause does not pertain to AIM instant messaging communications. Instead, AOL spokespeople say, AIM chats are private. However, users of its chat room or message board shouldn't expect privacy.

Privacy Policies' Empty Promises

You may ask yourself, "Can't I just opt out after I agree to receive junk e-mail?"

Opting out and telling spammers to take a hike sounds like a great idea. The problem is, you get no assurance of compliance by any third-party firm that may have acquired your e-mail address and personal information legitimately, through one of those shared marketing deals.

To see how well opting out works PC World staffers, myself included, tested several sites' opt-in policies. Signing up with FreeLotto, for example, produced scores of messages from third parties. To be eligible for the daily prize drawings held at FreeLotto, we had to agree to receive marketing e-mail from FreeLotto's parent company, PlasmaNet, and other marketing partners. But despite weeks of repeatedly using opt-out links in the resulting e-mail from FreeLotto, PlasmaNet, and their partners, dozens of junk e-mail messages kept arriving.

When we contacted PlasmaNet, a spokesperson told us that we hadn't opted out correctly. To unsubscribe from all PlasmaNet-related e-mail, the spokesperson said, we should visit PlasmaNet's Web site and update our marketing preferences there. We followed these instructions; but weeks later, the inbox that we'd assigned to PlasmaNet was still filling with unwanted e-mail.

The Controlling the Assault of Non-Solicited Pornography and Marketing Act, known as CAN-SPAM, was supposed to lighten the load on our inboxes by allowing us to opt out of unwanted e-mail. It didn't.

CAN-SPAM actually legalizes spam because it doesn't prohibit unsolicited e-mail. Legitimate businesses and unsavory spammers alike can keep sending commercial e-mail until you explicitly ask them to stop by using a mandated "opt out" option in e-mail pitches. But because opting out often doesn't stop the e-mail onslaught, I rely on the blacklist filter on my e-mail client to stop any messages from an entire domain.

Sadly, 10 seconds of carelessly opting in to a site can cost you months of hitting the Delete key.

Q&A

Q: My e-mail account is receiving and apparently sending e-mail messages that include my name in the originator field with someone else's domain. For example, if my e-mail address was john_smith@myisp.com, I would see incoming messages from: john_smith@allstate.com or john_smith@someclub.org.

And I'm also getting e-mail daemon delivery error messages for e-mail supposedly sent from my account (john_smith@myisp.com). For example, e-mail sent to john_smith@fakesite.com is being returned to me because no such e-mail address exists.

I made sure my McAfee antivirus software was up-to-date and scanned my system and it is free from viruses.

What is going on?

--Bob R.

A: If you're certain your virus definitions are up-to-date, then you are not the source of the problem. Likely, someone who has your e-mail address in their contacts list is using a computer that's infected with a virus or a worm that is sending infected messages to everyone in the address book.

Worms and Trojan horses sometimes go a step further to pull data from address books and "spoof" the e-mail address and subject line of a message so it appears to come from you. Spoofed e-mail faking your address as the sender goes out to hundreds of e-mail accounts. Some of those e-mail addresses don't exist, and messages are bounced back to the address listed as the sender: you.

PC World contributing editor Steve Bass recently wrote "Four Fixes for the Most Annoying E-Mail," and it's filled with tips to help you better protect yourself from this type of threat.

Q: I receive an enormous amount of spam. Just how much income is generated by spam sent to people like me?

--Joe Z., Thailand

A: Zero income is generated by spammers who send their spam to people like you. That's because you're smart enough to ignore it and delete it.

But the sad reality is that others do reply and buy things advertised in mass e-mail. A recent report from the Radicati Group says more than 10 percent of respondents in a study acknowledge purchasing products advertised in spam.

Send gripes, questions, and tips for the spam wars to Tom Spring. Go to the Spam Watch page for more articles.