What Are You Really Giving Away When You Use "Free" File Sharing Software?
You've probably heard the term "freemium." The software/mobile app industry has its form of freemium model, but business users definitely pay in other ways.
19 February 2016
We all love getting something for free. What a bargain not to have to spend money to get something we want! But does "free" ever really mean you don't pay in some way?
You've probably heard the term "freemium." It's derived from the words "free" and "premium." According to Freemium.org, the word freemium describes a business model in which a core product is given away for free but the company behind the offer generates revenue by selling some sort of premium products to cover the cost of its free offering. Freemium.org cites free music downloads as an example of this business model. A band might allow its fans to download its music for free in the hope of enticing those people to buy high priced concert tickets later.
Retailers have used a similar model for years, but they call it "BOGO" or "buy one, get one free." You buy one item at full retail price and get a second item for free. Of course, there's a hefty profit margin built into the cost of the item you pay for so that it covers the cost of the item you think you are getting for free. Quick service restaurants use the BOGO technique too. If you buy a premium menu item at regular price, you get a soft drink or a side of fries for free. The soft drink or fries only costs the restaurant a few pennies and the premium menu item has a good profit margin, so the restaurant wins when you take this offer. I suppose you win, too, if you were going to buy that high priced food item anyway. At least you saved the cost of paying an extra dollar for the drink or the fries.
The software/mobile application industry also has its form of freemium model, but it doesn't strictly adhere to Freemium.org's definition of the customer getting something without also having to pay in some way. We can download plenty of useful apps for our smart phones and computers without paying money for them, but we definitely pay in other ways.
The Ad-supported Model of Computer and Phone Apps
The software/mobile application industry primarily uses an advertising model to support the cost of developing and providing those free apps we all love. Here's how it works:
A software developer creates an application. It might be for a smart phone platform, or for the PC platform, or perhaps even a version for both. The developer puts the software in an app store or on a website and encourages people to download it for free. A user comes along and wants that app. A user hits the "download" key and the user license agreement (ULA) — otherwise known as the fine print — comes up. The ULA typically explains, albeit in vague terms, what the software does and what the user agrees to in exchange for getting the right to the use of this software.
The ULA might ask the user for permission to do certain things, like access the Internet from the device, access the user's location, calendar or task list, or even write to the device's settings file. If the user even takes the time to read the ULA — which many people don't — the user might learn that the software, via those permissions, collects a lot of information about the person and his or her device and shares it with third parties, often under the guise of "improving the user experience." The information gathered varies by application, but it could include the user's geographic location (which can be quite explicit), the contact list on the device, websites the user visits, text messages on a smart phone, the device's unique identifier (such as an Internet Protocol (IP) address or a smart phone's International Mobile Equipment Identity (IMEI)) and more. Often, it’s much more.
The app developer then shares this information with third parties who are often advertising networks. These companies want to collect as much detailed information as possible about a user in order to create a user profile. Once these companies have developed a user profile, the advertising network sells the profile to advertisers who then have the opportunity to push targeted ads to that user's device. (The permission to push that advertisement may or may not be buried in the ULA.)
You've seen these types of pop-up ads in your own web surfing, whether you're on your PC or smart phone. They seem to be very targeted toward your interests, and in fact, they are. You have been profiled, whether you know it or not.
Meanwhile, the software developer who created that free app that our trusting user has downloaded is compensated by the advertising network, with the amount of compensation increasing as the user profile becomes more detailed and accurate. Thus, the more personal and detailed information that an app can collect, the higher the payday for the software developer. So, even though the software developer gave away its app for free, it is being paid (and often handsomely) for your use of the app and your personal information.
Free Software Doesn't Belong in the Enterprise
Now let's put this into context for the business world. Your employees, co-workers and business partners need tools to be able to do their jobs. Suppose Bob in Engineering needs to send the new product design to the company you've partnered with to create a prototype. The product design file is massive — certainly too large to send as an email attachment. The partner is waiting for the file and Bob doesn’t want to hold things up so he goes out to the Internet and downloads some free software that allows him to set up a file share in the cloud. He puts the product design file out there and gives the partner a link to access the file. The partner downloads the files and business carries on.
What just happened? In addition to your intellectual property being put out into some unknown file sharing tool available for free in the cloud, the "free" software application that Bob used brought one or more advertising networks with it to his computer. They are all salivating over the information they can get about Bob, his computer and the people in his contact list. The advertising networks sells "air time" to advertisers that push their content to Bob's PC. Unfortunately, there's also a possibility that content could be "malvertising," or malware disguised as an ad. Bob's computer could now be infected with malware that wants to spread to your broader network. You see where this is going ...
This is not a hypothetical situation; it happens. Responsible companies should block their employees from downloading and using free applications that have not been thoroughly vetted by their IT experts. More importantly, companies must provide a safe and secure alternative that their employees can use to safely and securely share files with people outside of the company’s firewall. If there is no officially sanctioned software, workers will find their own and that's a risky proposition.
This is all just a reminder that there is no such thing as free software. You might not pay for it with your money, but you pay in other ways.
Daren Glenister is the Field CTO for Intralinks. In his role, he acts as a customer advocate, working with enterprise organizations to evangelize data collaboration solutions and translate customer business challenges into product requirements, helping to steer Intralinks’ product road map and the evolving secure collaboration market. Daren brings over 20 years of industry experience and leadership in security, compliance, secure collaboration and enterprise software having worked with many of the Fortune 1000 companies helping to turn business challenges into real world solutions.