So what does the process include? Well, let's do it together...
So you go to http://activatemydsl.verizon.net. Fair enough. I was happy to see that the documents said I didn't need to use the installation CD if I could connect to that site. Good sign. Figured I might avoid getting some spyware installed on the system.
See that little innocuous message in the bottom right that says "A standard Firefox security warning may appear after you click GO. To continue the installation, click the Install Now button and Restart Firefox"? Well, that basically means "You're going to consent to turning off the browser security so we can completely take over your computer and do whatever we want." I wish I were kidding, but I'm not. The dialog allows them to run arbitrary code. It means they are going to download a native program that can do literally **anything** it wants. It can read your personal files. It can inventory your music collection and send it to the RIAA. Anything it damn well pleases.
Can you say "Don't install now?" Well, not really since you can't proceed with the install unless you download the component. Fortunately, they have versions for both Windows and Mac (both PowerPC and Intel).
What exactly is this thing you are installing? Well, it's file called dsl_installer_mac.xpi. XPI is a standard for Firefox extensions. It's a packaging mechanism based on Zip, combined with manifest information. What does it contain?
chrome.manifest
install.rdf
chrome/
chrome/content/init.xul
chrome/content/Verizon.dmg
Uh oh. That can't be good. What does the disk image contain unpacked?
A native executable called "Verizon Online DSL Installation". Without a disassembler, there's no telling what nastiness it does.
So back to the user experience, let's say I say "ok". Anything else I should be worried about?
Bastards. This is the "we need to take over your computer entirely dialog". You typically see it when you do something like install a new device driver. They aren't satisfied just being able to access my end-user files, they want root privilege to do who knows what.
It's worth noting that they aren't installing a device driver. Had I needed to install the USB driver for the DSL modem, I can appreciate this dialog. But since I'm connected to the modem over Ethernet, there is ABSOLUTELY no reason to have this level of privilege.
To add insult to injury, I go through the whole process and logon to my Verizon account page. What do I find?
Look at the bottom of the screenshot. I got signed up for "Verizon Security and Backup Bundle 5GB" for $7.99 per month, as well as the "Verizon Games on Demand Quick Pack" for $4.99 per month. Note that I was never offered these services when I talked to the Sales rep and ordered my DSL. Some fucker just clicked a few checkboxes and enrolled me in an extra $13 per month worth of crap I never asked for, don't want, and don't need. Can we say FRAUD?
I canceled the services, which will "take effect in one to two billing cycles". No way. I'm calling them tomorrow.
Imagine if I had not gone to the billing page now, and instead waited for my first bill to arrive. Imagine the shock that most customers must face when they find their $29.99 bill is actually 42.97 plus tax.
I keep thinking about how easy it was to install my cable modem, how it worked right the first time, how no technician had to come to my house after spending hours on the phone talking to 14 different representatives. How I didn't have to install any bloatware/spyware/"fuck up your machine ware". I just plugged my cable modem into my wireless router and it just worked.
Maybe later this week I will run the executable through Ida Pro and see what they did to my laptop. And then I will use this as an good opportunity to wipe the hard drive and reinstall the OS.
