There's been a lot of discussion about the Ask toolbar recently over at Wilders Security and the Calendar of Updates forums. We have a variety of vendors that are now bundling this bar with their products - something that I thought we'd never, ever do.
Then I read a thread over at Wilders where someone pointed out that for every time Ask bar was installed, the vendor got a dollar. I mulled over our OA Free download numbers and thought that this figure was highly likely to be inflated - but at a dollar per download - wow, that's some serious money.
Bundle Ask Toolbar and have an early retirement?
I then read a comment from BillP of Winpatrol fame saying that Ask had approached him - and - had he proceeded with them, he could have made enough money to retire in a few months. Bill basically told the guys to get stuffed - but there are a lot of other vendors that bundle the bar who didn't.
Having had two independent sources confirm just how much money could be made, I did what any self-respecting business owner would do - I contacted Ask to find out what the deal was. After all - if I could add tens of thousands of dollars to our bottom line every month, I'd be mad not to consider it, right ?
At the same time as I contacted Ask, Ask contacted me asking about business relationship opportunities. The chap on the phone I spoke with explained to me that the numbers quoted at Wilders were not quite reality - but for the purposes of basic math, we'll stick with the $1 per install
In other words, for a company like us - a small business out of Sydney - the Ask toolbar sounds like a dream come true. Call it free money. Call it monetizing our free product - we did both. Based on our download numbers we'd stand to make tens of thousands of dollars per month - all for including a harmless toolbar in our program.
Sometimes, I hate the internet...
Here's the problem. Imagine that you could get paid a dollar for each unique user. Imagine that you were moderately skilled at writing malcious code and had no morals. You could make a lot of money real fast by surrupticously installing something like this. And that's what people did. Ask were tarred with this brush.
As we proceeded along the path with Ask, we took note of the questions that they asked us and the hoops we had to jump through to sign up as a partner. They were really, really concerned to prevent malicious folks from bundling their bar.
It was unfortunate that they had been abused by malware writers and scammers - I'd hate for that to happen to us if we paid bounties for installation of Online Armor - but they shouldn't be nailed for this forever. Not only do they try to run a clean ship , but they were also a victim, right ?
This thinking gave us a bit of confidence going forward - as did the fact that a lot of our competitors, from the rats and mice upwards had done this.
...but most of the time it rocks
We decided that we'd proceed with the Ask toolbar. The money looked great. The company was clean. Our competitors were doing it. There were shouts at some of the guys that did it - from a highly vocal crowd - but we figured that provided we did it the right way (no default opt-in, no tricky wording or saying that the bar was required for security purposes) we'd be ok.
I took this to our private test team. They hated it. I took it to our forum admins. They hated it too. I took it to our Beta team after someone came out and said "You would never bundle a toolbar would you ?" - and I said, "um, actually yes, we would". They hated it too.
A rock and a hard place
On one hand, we have a way to boost our business by the tunes of tens of thousands of dollars per month. In this economy, that sort of money is not to be sneezed at - hell, in any economy the chance to quickly add a quarter-million USD per year to the bottom line with minimal effort is not to be sneezed at.
Unfortunately, adding that bar would mean that our users would hate us. Vocally. Is it rational hatred? Who cares. Hate is hate, and Vocal is Vocal. We'd already noted one of the smaller players get slammed for their search bar antics.
In all of our discussions and observations, some key points kept getting repeated:
- Users do not expect a security tool to install unneeded items, even if that security tool is free.
- Default opt-in is the only way people will install due to inattention, accident or trickery of wording.
- Default opt-in is wrong.
- Users place a lot of trust in security vendors. They are trusted to do the right thing. Do not abuse that trust.
- Is it ethical to ask your users to install a product you would not install and use yourself?
In fact - the ICQ bar is even worse - the uninstaller didnt work correctly and now I find myself trying to do a google search and sometimes getting ICQ. It's really, really annoying. Do I want to really, really annoy our users?
When we started our Online Armor project, we somehow stumbled onto a simple formula. Listen to our users, and give them what they want. Provided they don't want free ponies and chocolate, it's a model that works rather well. Everyone wins.
Our users - the ones privvy to the pre-launch information told us pretty clearly "We don't want this, and we don't think it's right". When your friends are telling you it's not a good idea - imagine what people who don't have that relationship will say or do.
So - we've decided not to proceed with Ask, though they'd probably pay us nearly enough to buy a nice car.
When the numbers look good from a financial perspective, and "everyone else is doing it" - it's easy to fall into complacently thinking that all will be fine. It's not fine for security companies to bundle someone elses toolbar. We lost sight of that for a moment and nearly did everyone a disservice.
Why did we decide not to proceed? Well, the money sure would be nice but at what cost? Bundling this bar would lead to a loss of trust... and that's something you generally only get to lose once.
I'll get the car another day.