Why it's time to ditch Digsby
Updated Friday at 3:17 p.m. PDT with comments from Digsby.
When it comes to program installation, I'm a strong believer in caveat emptor. If a software publisher warns you during the installation process that it will install the Yahoo search bar or a Firefox extension along with its program, and makes it clear that you can opt out of it, then so be it. Nobody's forcing a gun to your head, and it's important to read each of the installation screens no matter which program you're installing--at the very least to make sure that the program is not legitimately changing a directory or installing somewhere you don't want it to be.
The section of Digsby's EULA where they tell you they're going to use your idle CPU cycles.
(Credit: Screenshot by Seth Rosenblatt/CNET)However, what's made clear in this Lifehacker post, and I've verified, is that popular multi-protocol instant messaging client Digsby will grab your processor cycles when you're not looking and use them without giving you a say in the matter. Whether Digsby is using your CPU for cancer research, the hunt for Yoda, or to help marketing agencies crunch their numbers is irrelevant. By not giving you the opportunity to choose to do so, they are distributing malware. Before you think that's too harsh of a comparison, a botnet like the notorious Conficker does the same thing: it grabs your processor, and gives you no choice about it. Digsby is merely polite about it, giving notice in the EULA and waiting until your system is idle. Of course, nobody is forcing you to install the program, but they're not exactly making this information prominently available.
To be fair to Digsby, they called out this behavior in a blog post back in December 2008. However, it's not noted in the installation process itself, whereas the other opt-out choices have been made easy to see and decide upon. This is abusing a user's trust, because--like the mention in the EULA--the information is essentially buried and inaccessible unless you know to look for it. As the comments to the Digsby blog post indicate, it's been receiving negative feedback about this since it announced it. To take no steps to rectify the situation except to give users more choices on promoting Digsby is unethical.
In light of all this, and the Digsby team's reluctance to address what we consider a serious flaw in the program, the Download.com editorial team has decided to lower the ratings score for Digsby.
I've requested comment from Digsby about their policies, and will update this post when I have a response.
Users looking for alternative multi-protocol IM clients should look at Pidgin, Miranda, Trillian, or VoxOx.
UPDATE: Digsby representatives have commented on the situation, both in a new blog post and directly to me. I found this new blog post to be somewhat disingenuous. It starts off by saying, "Several months ago, we started testing two unique revenue models to help us keep Digsby free and ad-free for all our users," and then the next sentence points to the above-cited blog post from December 2008. That's eight months ago, not exactly the standard definition ascribed to "several." It's a minor point, but one I found emblematic of Digsby's reaction to the situation because, as you'll see, nothing's changed.
The post continues, explaining that its relatively new installer is no different from other software publishers that offer a free product but force users to opt-out of installing a toolbar or search results hack. As noted above, I agree with that premise. Although it's unfortunate that you have to opt-out to avoid these changes to your system, they are definitely presented clearly.
Digsby build 61 on the left, and build 62 on the right. As you can see, the only change is a link in the research option to an explanation of what it is and how to turn it off.
(Credit: Screenshot by Seth Rosenblatt/CNET)After that, there's an explanation of the "research module," named Plura, which is the bit that borrows your CPU cycles. "Some of the research Digsby conducts may be for nonprofit projects like the ones mentioned above (in the blog post) and some may be for paid projects, which will help us keep Digsby completely free," the blog states, which means that whatever the project is that you're being asked to donate your spare processor time to, you're not going to learn what it is and it's none of your business. At least with SETI, you know what it is you're donating your cycles to. With Digsby, it's a crap-shoot--and hardly a transparent process.
When asked for comment last night, Steve Shapiro of Digsby said, "It's clear from this that a lot of users still weren't aware of it since they don't read the terms of service or track the blog closely," and I think that's a point we can all agree on. He also said: "(W)e will be making a change in the product to make sure that every user we have now and every user who signs up from this point forward is clearly informed of what we do to keep Digsby free and shown how to enable/disable the functionality."
Further e-mails with Digsby's Director of Public Relations Erick Davidson revealed what those changes were: "When it runs for the first time, there will be a pop-up that will stay until the user reads more about it." Despite having left my computer idle for 30 minutes after doing a clean install of Digsby build 62, when the Plura system theoretically would be running, I saw no pop-up warning when I returned to it.
Rushed out overnight, build 62 of Digsby does not include any changes to the installation process. When asked, Davidson stated that this was because the installer is provided by another company, and added in a follow-up e-mail that there is no time line at the moment for introducing a toggle to Plura into the installer.
Users who want to keep Digsby but don't want the Plura system to run can disable it by going to the menu bar Help option, clicking on Support Digsby, and choosing Disable for Help Digsby Conduct Research.
As I've said, the issue for me isn't that Digsby is running Plura, it's that it's doing it without giving users the ability to opt-out before installation. Given that Digsby's competitors are able to offer similar and, in some cases, identical features, and that they're able to do it without burying a bad-faith feature in the EULA or behind a semi-functional pop-up, I'm going to stand by my assessment from yesterday: For now, don't use Digsby.
Seth peers into the deep, dark corners of software so that you don't have to. He has yet to suffer a single nightmare about OS/2. You can follow him on Twitter. 
...except that posts about this have been on the Digsby forum for at least nine months, which led to the blog post they made (You didn't think they made that of their own volition, did you?). it's the tech blogs that didn't catch it until now.
The request to install all the garbage is more of a insult then this!
Unless your have a problem dealing with aids, or contacting aliens, or whatever good cause this thing does everyone needs to layoff. And for the anyone that does have a problem with those things you need a heavy dose of "reality check" and "humanity".
For all the things in the world, or even just in software to complain about this has got to be near if not at the VERY BOTTOM of things.
For crying out loud.
And for Seth Rosenblatt - Did you really waste that much text on this? I'm not talking about the general idea of writing this article in the first place. I'm talking about everything after about the 2nd or 3rd paragraph.
Something else too. Since when do programs list anything they do in the installation program? Okay okay. There are some, but frankly I have never understood it (your already installing the program), and they are (as far as I know) games, and OpenOffice.
And for the record - I would have never seen this article (at least in a timely manner) if it wasn't for a announcement made through the program. These programmers are VERY open. If people choose not to view their blog (aka their website) I don't know how anyone expects them to communicate to their users. Isn't that how big sites like Twitter and Facebook, and even Google get news out? Through their blogs?
Can I establish how absurd this is anymore? I highly doubt it.
http://adium.im/
What I have yet to see is a good explanation as to why it takes nine months to move the processor-harvesting opt-out to the initial install, and make users aware of it. Thanks for covering this issue, Seth, the more widely publicised it it the faster the Digsby team will be forced to act.
After all, who doesn't want to be trained as a Jedi by Yoda? Make your own lightsabers and stuff.
Use the Seti@Home Boinc client for that, not Digsby.
Help menu > Support Digsby > Help Digsby conduct research = disable
Thanks for the article! I wouldn't have known that Digsby did this if I didn't read it here.
They did post somewhat of a valid explanation in their blog a few days back.
http://blog.digsby.com/archives/68
not too sure how convincing that is thought
I suppose that the grid computing element could be more obvious but it is certainly in the EULA, it can be disabled and it was clearly explained on their blog.
So to call their behavior unethical and abusing a user's trust is, IMO, too extreme.
Digsby is a really nice program and one which is free to the user. They say that they are experimenting with revenue models and this is one of them. Yes, they could be clearer about how to opt out but using idle CPU cycles is not quite the same as stealing the silverware. These are cycles that go to waste if not used (CPU cycles are called a "wasting resource" by economists because once unused they cannot be stored for future use).
OK. You are all offended. And you want the company to be more responsive.
But yikes, given all the mess in the world today, I think there are better things to rant about.
Charlie
but on the other hand they have sincerly been continously developing digsby and its a hands down best multi messenger out there in the market today. and they have been fast and sincere in their responses till date.
so i feel its a bit harsh on cnet to downgrade digsby just because of this rather small issue.
if they really want to downgrade products they should start by downgrading Apple products for obvious reasons like the ones given below:
http://technology.timesonline.co.uk/tol/news/tech_and_web/personal_tech/article6736587.ece#
http://ultimibarbarorum.com/2009/08/10/the-worm-in-the-apple/
Asher
but seth says it better, it is already shady putting all that crapware, and now they sneak stuff in that you didn't even know about, a post in a blog and on the EULA is not explanation enough, how many read their blog or the EULA?, we expect EULA's to be pretty standard, not with shady stuff, because we trust the company to the the right thing
so yeah its unethical behavior and yes it certainly abuses the users trust and i'm glad to see CNET updating their review to add this, this way we CAN TRUST CNET TO BE ETHICAL IN THEIR REVIEWS AND NOT ABUSE OUR TRUST... seee
The increased electric consumption alone on an annual basis from something like this on a computer that's on 24/7 would cost me more than buying the product outright (assuming the cost was south of $15 or so).
For someone to take advantage of the fact that most people would never notice they agreed to this cost-shifting measure is completely unacceptable. The correct thing to do would've been to be upfront about it and allow people to opt-in to the option.
I can't belive Digbsy's staff actually did that, they will loose many clients over this!
I personally don't have a problem with this feature, I just think the folks at digsby should have a bit more respect for it's users by making it more upfront.
We are working to make this option more transparent and will release and update this morning. Check out our blog post where we in explain in detail the revenue models we are testing and ask for your feedback - http://blog.digsby.com/archives/693
Digsby is stealing your credit card num... wait...
Disgby is stealing you personal inform... uhhh...
Disgby is taking your keystrokes... that's not it either.
Disgby is borrowing your unused CPU cycles? After 5 minutes of inactivity? And it has been known about for months? And it is optional?
*rolls eyes and drops pitchfork*
Overreact much?
There are a LOT of software that uses not only CPU cicles, but bandwith without you knowing it (most of them included in ANY Windows version).
Still, Digsby guys posted this on their blog straighten things out, wich may be really interesting for everybody (specially the poll and how it's comming): http://blog.digsby.com/archives/693
I'll keep using it anyway an hope that it's kept free and ad-free (even to the cost of CPU cicles if I chose not to disable it)
The easiest solution logically is to call out Plura in the installation process, and allow users to opt-in or opt-out before the program is fully installed. However, Digsby has indicated at this time that that's not an viable option.
They should have been much more direct.. why didn't they post it in those crappy pop-ups I received whenever I opened the damn thing?
You know this is illegal in Germany for example? EVEN if it's included in the EULA?
"It likely uses your electrical power" - so who pays the bills? Me or Digsby staff?
This is a lot of crap, you are all vouching for a company that has such lousy PR they can't even respond in time and protect themselves from such posts. When there were voting posts on popular blogs about "Which is the best IM" they used the startup pop-up (digsby announcement) to make users vote for them (spam ftw) but they couldn't use it to display a short message: "We are using your cpu, ram and charge up your electrical bill - Click here to disable this".
Ignoring this or considering it an "overreaction" is plain stupid - so what if other software does the same thing, at least they hidden it well or tell you they do.
While I do not say we should just click through the EULAs and never read them (on the contrary, they are considered legal agreements and you need to know what you are agreeing to), my position is it is often times impractical to read the EULA, and when it is written in legalese, it is impossible for the common man to read *and truly understand* what they are agreeing to.
Regardless, the legality of the bindingness of the EULAs is yet to be truly tested. So call up your tech support for the software, ask them for help installing it, and they will tell you to agree to the license, likely without reading it, so they can get you to the install (EULA is normally the first or one of the first screens in the installation, for good reason). Then you have a legal out "they told me to do it", though it may not stand if you are proven to be tech or law savvy (i.e. the tech support call can be proven to be only a legal work around).
Basically, the program should do what the name, description implies, or warn you clearly in small reading chunks (i.e. "this will install ___ too, continue?", not chapter books) about probable unexpected behavior. Perhaps this is expecting too much, is naive, or too trusting, but it really is a better option than trying to write a EULA they can understand, expect them to read it, be bound by it, and expect a court to hold it up. But then again, maybe I am too ethically optimistic.
- by pjk0 August 14, 2009 11:00 AM PDT
- It IS an issue, due to lack of disclosure.
- Like this Reply to this comment
-
Showing 1 of 2 pages (43 Comments)A) You cannot (even remotely) expect every single downloader/installer of the software to have read ONE SINGLE BLOG POST.
B) You cannot (even remotely) expect every single installer of the software to READ THROUGH A RIDICULOUSLY LONG LEGALESE-LADEN "EULA", especially since that "EULA" hardly goes into detail about this feature, NOR does it describe how to disable it.
This is as if the company that built your automobile just "forgot to tell you" that it has a secret built-in microphone that records all conversations you have in the car, without telling you, and secretly sends all the recordings back to the manufacturer. "OH, SORRY, WE FORGOT TO TELL YOU ABOUT THAT. DON'T WORRY, WE'LL SHOW YOU HOW TO DISABLE IT NOW THAT YOU DISCOVERED IT".
Sorry, that is FAIL. Obnoxious, arrogant FAIL.
The fact that the guy from Digsby seems to admit in another response here that the reason for this "feature" is because Digsby MAKES MONEY FROM IT doesn't surprise me in the least. Some things never change...