Spyware as a service

The problem
Although Windows XP Service Pack 2 (SP2) provides fixes for many of Internet Explorer's persistent security flaws, it does little or nothing about spyware, where "free" software adds code to your system that can capture keystrokes, monitor e-mail and IM traffic, and send the resulting data back to the invader's home base without your knowledge.

The symptoms of infection are often difficult to identify--a gradual slowing down of the machine, proliferation of pop-up ads seemingly unrelated to the current Web site, and persistent disk access or packet bursts going outbound on your broadband connection. Spyware can burrow into your computer to lurk silently, awakening months later to spawn new infections or morph into back channels to servers armed with the latest exploits.

The RSS information router
As browsing the Web for information has become noisier and less secure, RSS aggregators have emerged as a more efficient way of retrieving strategic information, thanks to the publish/subscribe contract between customer and supplier. RSS feeds contain more and more of the information I'm looking for, as technology thought leaders are bypassing traditional media, marketing, and PR to go direct to their customers.

For example, Sun president and COO Jonathan Schwartz used his blog to float a potential Novell buyout and change the subject from open sourcing Java to what open really means for customers. The result: continued coverage and analysis from ZDNet's David Berlind, the Wall Street Journal, and other mainstream media outlets. Similarly, credentialed bloggers at the Democratic National Convention generated almost as much mainstream "ink" as they consumed.

RSS has not yet achieved ubiquity in the broader marketplace, but its market share among early adopters -- time-challenged decision makers and influencers valued by advertisers and sponsors -- is growing rapidly. Avid bloggers such as Microsoft's ">Robert Scoble consume thousands of feeds on a daily basis, while search services such as Technorati and Feedster provide users tools to track postings and conversations across multiple sites.

RSS clients -- such as Radio Userland, NewsGator and FeedDemon on x86 systems, and NetNewsWire on the Mac -- are now entering a second generation where embedded browsing functionality and persistent storage for offline use are being subsumed into the RSS application. Server-based content aggregators, such as Bloglines, My Yahoo, and Gmail (a web-based mail service that could easily expand to aggregate feed data), eliminate installation and maintenance overhead, though they depend on the insecure browser client for their user interface.

A solution
As long as spyware has an opportunity to penetrate the system through its weakest link, the HTML browser, this next generation iteration of the Web will continue to be held hostage. As Dave Winer suggests in an audio conversation, we need to rearchitect the underlying browser toolkits -- the IE controls, Safari's Webkit, or a subset of the Mozilla core -- to support a rendering engine that doesn't have the security vulnerabilities of the current generation.

For Winer, that means: "Add a snippet of HTML to a page with none of the 'features' turned on--no ActiveX, no scripts, just hyperlinks and maybe a simple image or two." By limiting the RSS aggregator's rendering to a subset of HTML, Winer believes much if not all of the spyware can be filtered out of the system.

I'd go a step further, harnessing the offending technologies rather than crippling the extensibility of the RSS application. In other words, allow any and all keystroke tracking, snapshoting, or attention monitoring to harvest your data , but then instrument the RSS application so that it can quarantine, store, massage, and aggregate the data gleaned by the spyware in a standardized format.

The user gains full control of the harvested data, and can choose to use it as barter for valued services. If services in the cloud are interested in your personal data, then you can choose to allow access to information--such as preferences, interests, lack of interest, and other valuable trend analytics--in return for services you want, such as full-text feeds, extended research materials, and audio-visual data.

This is the economic model behind the attention.xml framework that David Sifry, CEO of Technorati, and I are developing for use in third-generation RSS information routers.

Turned on its head, this adoption of spyware as a system service can provide an opportunity for corporations to indemnify customers from malware as a part of the legal contract between publisher and subscriber, or more basically, server and client. RSS's opt-in model of feed subscription can be used to create an expanding gated community where the security and safety of the community is a significant part of the value proposition.

Spying on the spyware may produce unintended consequences. But if the transparency is baked deep into the technology, and tied intimately to the rewards for users, it may prove more successful than current attempts to sweep the problem under the rug. This may not be a problem we want to fix, but rather exploit.