Why Social Network Sites May Fail

Accused of spamming: Prerna Gupta, founder of Yaari.com

Look at a social networking site lie Yaari and you can see where the social networking phenomenon may fail, simply by abusing the trust of its users.

Sites like LinkedIn, Plaxo etc rely on expanding quickly by offering a useful service: trawling your address book to find friends and contacts who use the same service. We’ve gotten used to this, and it’s a great way to build a network quickly if you sign up for a new service.

But any service that uses this needs to stress privacy, and put control in the hands of users. Plaxo learned this a few years back. Spam a user’s contact list without them realising and you invite a firestorm of opprobrium on your head.

But surprisingly some services still do it. And in so doing they risk alienating users from what makes Web 2.0 tick: the easy meshing of networks—your address book, your Facebook buddies, your LinkedIn network—to make online useful.

Take Yaari, a network built by two Stanford grads which has for the past two years abused the basic tenets of privacy in an effort to build scale.

What happens is this.

You’ll receive an email from a contact:

 

It’s an invitation from a “friend” which

• gives you no way to check out the site without signing up. The only two links (apart from an abuse reporting email address at the bottom) take you to the signup page.
• neither link allows you to check out your “friend”  and his details before you sign up.

If you do go to the sign up page you’ll be asked to give your name and email address:

Below the email address is the reassuring message:

Your email is private and will stay that way.

But scroll down to below the create my account button and you’ll see this:

By registering for Yaari and agreeing to the Terms of Use, you authorize Yaari to send an email notification to all the contacts listed in the address book of the email address you provide during registration. The email will notify your friends that you have registered for Yaari and will encourage them to register for the site. Yaari will never store your email password or login to your email account without your consent. If you do not want Yaari to send an email notification to your email contacts, do not register for Yaari.

In short, by signing up for Yaari you’ve committed yourself, and all the people in your address book, to receiving spam from Yaari that appears to come from your email address. (Here’s the bit from the terms: “Invitation emails will be sent on member's behalf, with the 'from' address set as member's email address.”)

You should also expect to receive further spam from Yaari, according to the terms:

MEMBERS CONSENT TO RECEIVE COMMERCIAL E-MAIL MESSAGES FROM YAARI, AND ACKNOWLEDGE AND AGREE THAT THEIR EMAIL ADDRESSES AND OTHER PERSONAL INFORMATION MAY BE USED BY YAARI FOR THE PURPOSE OF INITIATING COMMERCIAL E-MAIL MESSAGES.

In other words, anyone signing up for Yaari is commiting both themselves and everyone else in their address book to receiving at least one item of spam from the company. Users complain that Yaari doesn’t stop at one email; it bombards address books with follow-up emails continually.

Needless to say, all this is pretty appalling. But what’s more surprising is that Yaari has been doing this for a while. I’ve trawled complaints from as far back as 2006. This despite the company being U.S.-based. I’m surprised the FTC hasn’t taken an interest.

 

So who’s behind the site? This article lists two U.S.-born Indians, Prerna Gupta and Parag Chordia, and quotes Gupta as saying, back in 2006, that to preserve the integrity of the network access is restricted to the right kind of Indian youth. I’m not young, I’m not Indian, and I’m probably not the right kind, so clearly that goal has been abandoned.

Here are some more details of the two founders.

Gupta, who is 26, is an economics major who graduated in 2005, was working for a venture capital firm in Silicon Valley called Summit Partners until 2005. Her facebook profile is here; her LinkedIn profile is here. According to this website she once won the Ms Asia Oklahoma pageant (her hometown is listed as Shawnee in Oklahoma, although she lives in Atlanta.

Chordia, chief technology officer at Yaari, has a PhD in computer music, and is currently assistant professor at the Georgia Institute of Technology, according to his LinkedIn profile. His facebook profile is here.

There’s a video of them here. An interview with Gupta last year indicates that they’re going hell for leather for size:

We are focused on growing our user base and becoming India’s largest social networking site within the next two years. Our goal for the next year is to become one of India’s Top 10 Internet destinations.

What’s interesting is that nearly every site that mentions Yaari and allows comments contains sometimes angry complaints from users. In that sense Web 2.0 is very effective in getting the word out. Unfortunately if Yaari and its founders continue to commit such egregious abuses of privacy, we can’t be sure many people will trust such websites long enough for the power of networking sites to be properly realised.

(I’ve sought comment from Gupta, which I’ll include in this post when received.)

del.icio.us Tags: yaari,social networking,spam,privacy,networks,plaxo

My First LinkedIn Spam

 

Got my first LinkedIn spam today:

Hi Jeremy,

[name deleted], here... we are linked on LinkedIn

I know you're interested in earning an in~come on the internet. I also know you probably wouldn't mind if 'understanding it' was made easier for you.

Well, I've been notified about a new F.REE report by internet marketers, [etc ad nauseam]

I logged in, and it's true: We are linked on LinkedIn. Or were; I've deleted him as quickly as I could. Or at least I tried to: There's no easy way to do it. (I found the answer, not in LinkedIn's answers or help page, but on Ask Dave Taylor, who points out that "with so many different social network sites cropping up, it's pretty amazing to me how few actually let you edit the connections you establish."

My policy with LinkedIn has been to add more or less anyone who asks to be linked. This is highly irresponsible of me, of course, but I figured it wasn't going to do any damage since I don't really use the tool. Now, after this bit of spam, I'm not so sure. If people see I'm connected to a spammer, maybe that could do me some damage. As I've never received a job offer, or even an indecent proposal, via LinkedIn I'm frankly not quite sure what it's for. But if it's a way for people to spam me then I'm all for tightening the guest list a bit.

So I'm going to start weeding out my LinkedIn contact list, which currently stands at about three gazillion people, only four of whom I've actually met.

Technorati Tags: linkedin, spam, networks, social networking, business networking

More on Veronica and Fake Flirting

Courtesy of ABC Australia IT guru Paul Wallbank, the source of my chat with Veronica Sexy may have been discovered: an automated sex talk service called CyberLover.ru. Paul points to this story from Conor Sweeney of Moscow's Reuters bureau:

A Russian website called CyberLover.ru is advertising a software tool that, it says, can simulate flirtatious chatroom exchanges. It boasts that it can chat up as many as 10 women at the same time and persuade them to hand over phone numbers.

The service, on the surface, appears aimed at guys who aren't able to win over girls online any other way: "It's happened - a program to tempt girls over the internet!" Reuters quotes the site as claiming. "Within half an hour the CyberLover program will introduce you to ... girls, exchange photos and perhaps even a contact phone number," it states. Woohoo. 

But is that all it does? Antivirus and software developer PC Tools says it's much more dangerous than that. “As a tool that can be used by hackers to conduct identity fraud, CyberLover demonstrates an unprecedented level of social engineering,” a company press release quotes Sergei Shevchenko, Senior Malware Analyst, as saying. “It employs highly intelligent and customized dialogue to target users of social networking systems.” The goal, Sergei says: to gather personal information about users and also to lure them to websites, possibly to infect them with malware (a generic terms for software that infects their computer which can then be used as what is called a bot to grab data, infect other computers or send spam.) That doesn't sound like the Veronica I know. 

The website itself denies this, according to the Reuters report. "The program can find no more information than the user is prepared to provide," one of the site's employees, who gave his name only as Alexander, said in an emailed reply to Reuters questions. "It maintains a dialogue with a person, but is not engaged in hacking or any other such schemes, I think this should be obvious," he said.

Well, there's hacking, and there's other stuff that comes close to it. The company or individual behind this product appears to be the same as that which runs Botmaster.Net, both of which are registered to one Alexander Ryabchenko. Botmaster sells a $450 piece of software called Xrumer, which spams websites, forums and blogs to build up a website's profile on search engines (it claims to get past CAPTCHA screens, where users are asked to identify letters in images.) Given the name of the website is botmaster you can't help wondering what else it does. 

So was Veronica Sexy an early prototype of of CyberLover? Well, they're both run by Russians, but beyond that it's not clear. I hope to find out more. What is clear, though is that SkyperSex, the website Veronica was trying to lure me to, is an affiliate of Streamray, a sex website that is one of several just bought by Penthouse Media as part of its purchase of Various Inc (for $500 million). It should make for an interesting bit of research. 

Oh, and if you're looking for automated online chat that's a bit more real, check out My CyberTwin.

Russian computer program fakes chatroom flirting - Yahoo! News

Technorati Tags: sex sites, penthouse, spam, botnets, viruses, malware, security, chat, pornography

Meet Veronica, Sexy Skype Spammer

Maybe this is commonplace for others, but I've just got my first sex-chat-spam on Skype. It's from someone called Veronica Sexy, whose profile indicates that it's unlikely to be someone I've met and just forgotten about (as if I would):

Just in case you can't read that last bit, it reads:

can't wait to get real nasty and show off :) IM REAL MISS WEB CAM!

Reply to the message and immediately you're asked to share your contact details (a la Skype.) I didn't risk having Veronica spam all my friends (not sure how that would work, but I've got some nice people on my list, and I'd hate for them to be upset.) But I did reply to her message, and her responses were quick, and, dare I say it, felt a trifle automated:

[8:53:55 AM] Veronica sexy says: Hi are U busy?
[9:03:43 AM] Jeremy Wagstaff says: hi
[9:03:50 AM] Veronica sexy says: How are u ?
[9:04:30 AM] Jeremy Wagstaff says: i'm great. who are you?
[9:04:31 AM] Veronica sexy says: I would love to chat with you, come on http://www.SkyperSex.com !!!

[9:04:36 AM] Jeremy Wagstaff says: no thanks
[9:04:37 AM] Veronica sexy says: I would love to chat with you, come on http://www.SkyperSex.com !!!

[9:04:45 AM] Jeremy Wagstaff says: i'm a bit busy. really
[9:04:47 AM] Veronica sexy says: My internet connection  is very bad come on http://www.SkyperSex.com !!!

[9:04:54 AM] Jeremy Wagstaff says: my internet connection is great!

That was the last I head of Veronica, although her scent lingers on.

The web address, by the way, is pretty much what you expect it will be -- lots of alleged clips of ladies cavorting. The administrator of the website is one Alexandrof Tiberiu in Moscow, who also owns www.yourlivecams.com.

I guess what's interesting here is that Skype don't seem to do much policing of this kind of thing. This could be a sex site spam, or it could be something worse.

(If you want to prevent Veronica getting in touch with you, go into Skype options, Privacy settings, and click on the Show Advanced Options button. Make sure the Allow chats from... option is only people in my Contact List:

Chances are Veronica won't come calling. Frankly, your life won't be the poorer for it.

Technorati Tags: skype, spam, sex sites, russia, privacy, security

Wikiscam

Just because something has the word Wiki, community and/or .org in its name, doesn't mean it isn't a scam. I just received an email from someone called Navin Mirania about Wikimmunity which on first glance sounds like a worthy project: a website designed around local community content. But on closer examination it has the word 'spam' written all over it: 

How are you?  My name is Navin from Wikimmunity.org. I recently tried to contact you by phone regarding your blog/web site Endangered Spaces to see if there was any opportunity for us to work together.  Wikimmunity.org, the local community source, is looking for writers to write about local organizations, groups, attractions, people, places, and more.

We pay a modest fee for writing about places and things that you already know about in and around your local area.  Your idea/topic list is unending. Let me know if we can set up a time for us to discuss further. We’d like to help you to generate additional revenue from your blog.  In the mean time, visit  https://www.wikimmunity.org/affiliate/scripts/signup.php to register.  I’ve also included some other links that you might be interested in visiting below. Thanks and I look forward to hearing from
you NAME HERE

Navin calls himself a "Content Distribution Specialist" which is a new one on me. I guess it sounds better than "spammer who forgot to set the autofiller in his distribution list software".

And what of the website itself? Well, it looks and feels like Wikipedia, until you realize there's no information about who's behind it, and until you start reading some of the entries. Which are, it has to be said, unconsciously amusing. Try this one, for example, about Walmart:

walmart has a lot of people's needs at great prices. they have snacks, electronics, drinks, furniture, sports stuff, music, and many more. they have video games and acsessories and many more. If you want the newest things for a great price go to walmart. They have so much sales and and items you know it is goinig to be a good store all around prices. if you wann visit their online store [1]. they are one of the best stores to go to. they have toys, fishing equipment, tires, and even t.v. so for this holiday that is coming up you must go to walmart for their awesome prices

Copy I'm sure Walmart would be proud of. Or this one on Barnes & Noble:

Alot of people should be Familiar with this store. In case you don't know this is a book store. in this store you can get all kinds of books in this place. they have fiction, non-fiction, realistic fiction, and many more. They also have new releases of books all the time. They also have cd's. the music they have is rock, classic rock, country, rap, and others. this is a good store to get both books and music. They also have drum books. They have Jimi Hendrix cd's!!!

Well, blow me down. Jimi Hendrix CDs?

Technorati Tags: scams, wikis, spam

A Tip off the Old Block

Chris "Long Tail" Anderson fires off at PR with both barrels, blocking unsolicited press releases and naming-and-shaming those who sent them:

Everything else gets banned on first abuse. The following is just the last month's list of people and companies who have been added to my Outlook blocked list. All of them have sent me something inappropriate at some point in the past 30 days. Many of them sent press releases; others just added me to a distribution list without asking. If their address gets harvested by spammers by being published here, so be it--turnabout is fair play.

It's not a bad response, albeit a tad unfair to not give due warning: The list includes identifiable individuals, whose comments should be solicited prior to publication. But it is definitely a problem for us journos, and his list does reveal those PR agencies that are most egregious in this regards: 5wpr.com, webershandwick.com, techmarket.com (not heard of them) and sspr.com. I've had problems with at least one of these and have set up a filter to dump anything from that domain into a junk folder since I get so many follow-up emails it's dizzying.

The problem here is sloppy, generic email blasts rather than carefully targeted emails. ("Dear X, here's a press release you may be interested in", compared with "Dear Jeremy, I know you've written on this subject before, but that was 18 months ago and I thought this announcement by our client may possibly offer a fresh angle on the topic").

It's not that we don't need press releases, it's that we need the right ones. And the more we're sent, the less time we have to find that nugget. PR folk don't seem to get this; one recently apologized that she couldn't separate out the ones that matched my interests and so asked me to bear with receiving all of them. Needless to say all of them now are sent to my junk folder so in effect I'm not getting any.

The best way for both sides to get something out of each other is, in my view, simple. Journalists (and bloggers) set up a page that explains, in detail, what their interests are (mine is here.) PR pitches get a stock response: "please check my PR page for what I'm interested in. Future releases that don't match these interests will be blocked, along with further traffic from this address."

The Long Tail: Sorry PR people: you're blocked

Technorati Tags: pr, public relations, spam, wired, chris anderson, journalism

Strip CAPTCHA Spam

Whatever useful stuff the good guys come up with, the bad guys ain't far behind. A few months back I wrote about researchers at Carnegie Mellon coming up with a way to use CAPTCHA tools to help decipher words in text by the Internet Archive. The basic idea is that the effort to prevent spammers and others automating their intrusion into websites (signing up for stuff, comment spam etc) should not be wasted.

Now a sleazeball has found a way to do the same thing: get folk to decipher CAPTCHA texts through a small program, delivered by Trojan, that offers striptease in exchange for guessing the texts correctly (Trend Micro, via via Seth Godin):

A nifty little program which Trend Micro detects as TROJ_CAPTCHAR.A disguises itself as a strip-tease game, wherein a scantily-clad “Melissa” agrees to take off a little bit of her clothing. However, for her to strut her stuff, users must identify the letters hidden within a CAPTCHA. Input the letters correctly, press “go” and “Melissa” reveals more of herself.

However, the “answers” are then sent to a remote server, where a malicious user eagerly awaits them. The “strip-tease” game is actually a ploy by ingenious malware authors to identify and match ambiguous CAPTCHA images from legitimate sites, using the unsuspecting user as the decoder of the said image.

As Trend Micro points out, the CAPTCHAs in this case are from Yahoo! Web site, suggesting that a spammer is building up Yahoo! accounts.

CAPTCHA Wish Your Girlfriend Was Hot Like Me? - TrendLabs | Malware Blog - by Trend Micro

Technorati Tags: captcha, spam, malware, viruses

Confusing, Sleazy Checkbox Syndrome

(Please see update below)

I am always amused by how even those companies you would think wouldn't stoop to the foot-in-the-door tactics of spammers, do. Like this one from IBM, at the foot of a submission form -- specifically for journalists, no less:

(The text reads:

This data may be used by IBM or selected organizations, such as Lenovo, to provide you with information about other offerings. To receive this via e-mail, check the first box below. Alternatively, if you would prefer not to receive such information by any means, check the second box.
    Please use e-mail to send me information about other offerings.
    Please do not use this data to send me information about other offerings.)

Why, specifically, two separate check boxes? What happens if you check both? Have you committed yourself to both receiving emails to get information about other offerings, and yet not allowing IBM to use this data to contact you? That would at least be a challenge for them. Leave both unchecked IBM cannot email you about other offerings, but they can use the data you just gave them (namely your email) to send you information about those exciting other offerings.

I urge you all to send them a query on their main submission form trying out both, and let me know what happens.

(Update Nov 2 2007: IBM have agreed having two checkboxes is confusing and unnecessary and promise to remove it. I have also tried leaving both unchecked, or checking both and error message is returned. So upon reflection I don't think this is a fair example of Sleazy Checkbox Syndrome and I take back my harsh words about Big Blue. It's poor form design, but it's not done to confuse the user. Interestingly a more egregious example I recently cited also seems to have disappeared, as far as I can work out. Laplink have yet to respond to my request for comment.)

 IBM Press room - Contact a media representative

Technorati Tags: ibm, public relations, journalism, checkboxes, sleaze, spam

Stoop to Congoo?

Is business networking site Congoo resorting to spam to build its user base? I suspect it is.

Congoo is on one hand a good idea -- a place to gather and monitor content on your industry, including content that is usually subscription only (like WSJ.com, who publish my weekly Loose Wire column.) But it's also a networking tool -- indeed, its blurb emphasizes that over the content:

But I don't like being spammed, and I think Congoo may be doing that. Of course, they're not alone in being accused of spamming -- the likes of Plaxo, Zorpia and other networking services make it overly easy for a new recruit to send an email blast to everyone in their address book without them realizing it. To me that's spam. Even Facebook isn't entirely blameless: Add any application to your profile and you're usually within a whisker of spamming all your friends unless you're alert and scout around for the "skip" button.

But Congoo seems to be taking a different, and in a way more openly spammy, approach. It's emailing non-subscribers -- apparently at random -- inviting them to join the network -- with no apparent invitation from an existing user, or even a personalized email to indicate the recipient is being chosen for a specific reason. Here's part of what I got this morning, from someone called Rebecca Simpson, identified as "Manager Network Development":

We would like to formally invite you to add your professional profile on Congoo. You may recognize many of the professionals already featured:  Media & Advertising  Healthcare  Internet Finance Technology  Politics  & Law

Rebecca's Congoo profile says she has "specialized in working with press and media outlets to distribute information. I have also organized and executed guerilla marketing campaigns as well as developed proprietary systems and methods for measuring ROI on Web buzz."

That may be so, but frankly I'm not impressed at this particular pitch. No attempt is being made to categorize me, as I've shown only an amateur's interest in healthcare, and my grasp of law goes no further than thinking 'tort' must be in some way related to the word 'retort'. And I've had no prior dealings with Congoo that I can recall aside from several pitches from their (somewhat, er, insistent) PR company, whose own contact database could do with some consolidating.

It appears I'm not alone in thinking this might be a bit too spammy to be decent business practice. The net-abuse mailing list last week collected four examples of an identical message from one Heather Faulkner, who also happens to carry the title of "Manager Network Development" (how many managers of one department are you allowed? I'm not really up to date on that kind of thing), while the spam manager at AKBK Home captured more than 50 in a few hours.

And then there's Congoo's own policy on spam, of which this seems itself to be a transgression:

Congoo is concerned about controlling unsolicited commercial e-mail, or "spam." Congoo has a strict policy prohibiting the use of all Congoo mail accounts to send spam.

I've asked Congoo for more information on this, and on their policy about emailing people. At best, I've got it all wrong and it's all a big mistake. At worst, it's a pretty poor display of a networking site trying to build its base through tactics that make it little different to those of a Viagra salesman. Times may be tough amidst the runaway success of something like Facebook, and the critical mass of LinkedIn, but stoop low and there's no way back to standing straight.

Technorati Tags: spam, networks, social networks, business networking, congoo, facebook, plaxo, zorpia

Lost in Transmission

I dread to think how much eBay is paying Waggener Edstrom to handle press relations for their Toy Crusade. At least I think that's what is being launched -- all the press stuff I received this morning, including image-laden email, attachments was all in Chinese. Oh, except for the headline.

I know I should, but I don't speak Chinese.

Now, admittedly, the event is about China, it's being organized in Hong Kong, and the website itself is entirely in Chinese (no English version in sight), but you'd think one of the world's biggest PR agencies could have managed

• to have a database of journalists' language preferences clue: names are often a giveaway), or
• perhaps an English-language version somewhere in the text, or
• a link to an English-language version, or
• an explanation that this is a Chinese-language only event/issue, or
• a link on the email indicating it was sent by an intern with no idea of what mayhem he may be creating for himself by blasting off emails to all and sundry, or
• a link in the email to a place where we journalists can complain volubly and ensure we never receive another email like it.

Serious lesson in this: At the very least, this kind of email is likely to end up as spam in a non-Chinese speaking recipient's email inbox because the Bayesian filters will have been trained to treat it as such. (This is what happened to mine.) So that's all pretty much a waste of everyone's time.

But at the most, as a PR agency you're being paid large amounts of money to target the message to the right people. I'm clearly not the right people. So either don't send it to me, or send me an English language version, or send me a query about whether this might be of interest. Or expect me to get grumpy, and take 15 minutes of my day to write a grumpy blog post like this.

Update, Aug 27 2007: I've just heard from Waggener who have offered an apology and explanation:

In the case of the toy crusade press release, a staff member accidentally inserted the wrong distribution list, and this was overlooked by their supervisor during the checking process.

People do make mistakes and of course the individuals concerned are very apologetic.  To be sure, we have also added more safeguards to the process to minimize the likelihood of this ever happening again.

Fair play. Of course it's better that these things don't happen, but they do, and their response is measured and the right one. The proof will be in the pudding -- will it happen again?

Technorati Tags: waggener, press releases, PR, china, hong kong, spam

Customer Abuse in Exotic Locales, Part I

HP have long been fighting a battle against refill cartridges, especially in my part of the world. But I think they're going too far in this case -- abusing customers and damaging their credibility and brand in the process.  

Recently I received spam in my inbox from the website www.hporiginalsupplies.com, in Indonesian, inviting me to the HP Original Supplies Zone, where it said I could receive information about original HP products. (The email said I had received it because I had participated in HP promotions before. The only way that they could have received that particular email address was through my official dealings with HP, when at no time do I recall giving permission to be spammed -- which raises its own concerns.)

The email itself contained some links to HP.com but its images etc were mostly hosted on the hporiginalsupplies.com website. I could find no easy way of confirming this was a legit HP site -- the website was registered by a local webhosting company called Master Web Network. So no way of telling there. And as you may have found if you clicked on the link, the home URL itself throws up only a blank page; only this one, for unsubscribing, seems to.

It took a while for the HP guys to figure it out too: They came back to me today to tell me it is legit. It's a website for an "electronic direct mailer" or eDM for "the HP Original Rewards program in Indonesia.... HP Original Rewards is an HP loyalty program designed for Small and Medium Businesses (SMB) for the purchase of original HP print cartridges."

To their credit, HP acknowledge that the "eDM doesn't comply with HP’s brand standards" and have promised to do something about it. But that's not really what troubles me. What troubles me is this:

• Why is HP setting up website addresses with its brand name in without following the usual brand procedures -- a way for consumers to check whether it is, indeed, an HP site through the usual methods.
• Why is HP sending out spam, sorry, eDMs? OK, this is just Indonesia, but hey, we're still people, right? I don't like being spammed at any hour of the day by anyone, but especially not by a big player who doesn't even bother to identify themselves properly.
• What makes this worse is that we're talking about HP trying to persuade people to buy non-fake, non-refilled disposables. But how would I know that isn't a company pretending to sell legit goods? The malls and streets here are full of exactly that: HP boxes and containers full of goods that aren't, or are no longer, legit HP products.

I can understand HP's difficulties here. It must be hard to launch these kinds of promotions while keeping an eagle eye on agencies and promoters you may outsource the work to. But if you're trying to get the message across to consumers that they should be buying your genuine products and not falling for fakes and knock-offs, you shouldn't be spamming them from a domain that itself looks fake and dodgy.

Technorati Tags: hp, printers, spam, fakes, indonesia, advertising, marketing, phishing

"How's the Review Going?" Spam

At a conference I have been attending I was asked to explain to PR folk there what journalists want. Apparently, by the time my session came around, the PR folk had been put off by several previous journalists who had presumably used clear language to express what they want because most didn't turn up. Wisely, since the three who did either nodded off, feigned stomach convulsions and left the room or got overly fresh with their BlackBerry.

This didn't stop me ranting and raving like a lunatic about how PR people don't often understand what we want. One thing I didn't mention is the Bane of the Follow-up Email. These are emails sent (often automatically) in the period after a journalist expresses interest in a product sufficiently to download it, or receive further details on it, or whatever. From then on the PR person will send a weekly email -- exactly the same one, each time -- asking for a status update. Forever, or until the PR company no longer represents the client, or the PR person dies, or the company they work for gets shut down for being a spammer.

Now, not many PR agencies do this, but those that do seem impervious to the irritation this causes folk like me. Imagine if every PR agency did this: A journalist's inbox would be so full of these things they wouldn't be able to do any reviewing at all. So my policy is never to reply to them for fear of encouraging the practice. But, frankly, it is no better than spam, and it leaves the journalist (well, this journalist) in a frayed and hostile mood, which can't be good for the company or the product the PR person is being paid to promote.

So, please, no mindless follow-up emails unless it's to offer fresh (and relevant and useful) information, and certainly no automated one that goes out every week. We'll get to your products when it suits our schedule, not yours, and if you start to bombard us we'll probably ditch the idea of writing about your product in a fit of petulance.

Technorati Tags: press releases, public relations, spam

Getting Ecards from Worshippers

You got to give scammers credit where credit is due. This latest wave of e-card spam at least exhibits some imagination on the part of the sender:

At first it was from a friend, then a colleague, then a classmate; now it's neighbors and worshippers sending you ecards. Good on them. I must confess I don't worship that often, and I haven't spoken to my neighbor since the Korean-funded mistress moved out from next door, so they're not likely to dupe me. But they might dupe someone. (If I got one from from a Fellow Technology Columnist, I might bite.)

Which would be bad, because the links contain a variant of the Storm Trojan, according to Urban Legends, which will turn your computer into a zombie and do some scammer's bidding.

All this must be really hurting what is left of the e-card greetings industry (when was the last time you received an e-card? A real one, I mean?) Indeed, a press release from the Greeting Card Association warning users about these scams offers advice to recipients that is so tortured it's hard to imagine anyone would bother following it:

For consumers who are unsure if an e-card notice is legitimate, the Greeting Card Association recommends that they go directly to the publisher's website to retrieve an e-card, rather than clicking on a link within the e-mail.
-- Manually type the name of the card publisher's website URL into your browser window.
-- Locate the "e-card pick up" area on the publisher's website.
-- Take the card number or retrieval code information contained in the e-mail and enter it into the appropriate box or boxes on the publisher's e-card pick-up area.
-- If you are unable to retrieve the e-card, you will know the notification was a scam, and that it should be deleted.

Seriously. Who is going to do all that? My advice: if you care enough about the person, send them a real card. Or leave something on their Facebook wall.

Yoggie, Yoggie, Yoggie

This week's column in the Journal (subscription only, I'm afraid) is about something called the Yoggie:  

This small computer is called the Yoggie Pico, launched May 29 by an Israeli company called Yoggie Security Systems. The idea is that you should protect your computer not by installing firewall, antispyware, antivirus and antispam software on it, but by installing all that stuff outside it. In other words, network traffic gets diverted and screened first by the Yoggie Pico, where it kills off all the bad stuff before passing the clean traffic onto your computer. The thinking, says Yoggie's marketing director Avi Dardik, is that instead of your computer being the battlefield, "the war is being waged outside the laptop."

The review is largely positive, although I did find what I believe were false alarms of weird activity -- not too important since they don't pop up and tell you. But since the review was finished I have noticed some weird behavior that Yoggie is now investigating, and which you may want to consider if you're thinking of buying.

One is that my laptop started failing to reboot -- it would stick on the startup screen and stay there until I removed the battery and let the memory drain. I am not certain the Yoggie was to blame, but it seems the likely culprit. The other thing I noticed is that the password-system is not perfect: I suspect that if you change a password (there are two -- one for the console, one for the enabling) the software may not always remember it. Certainly if you upgrade the drivers the password will reset to the default one. Yoggie say they haven't come across these quirks but have promised to investigate.

Other quibbles I didn't have time to mention: The Yoggie can get warm. And at least on one occasion dangerously hot. I would not want to use it with kids around -- ironically one group of people the product is targeting, with its parental filters. Yoggie said they are aware of this, as they are of the fact that Yoggie does not communicate with Windows' own security controls; so expect Windows to keep telling you you don't have protection even when Yoggie is running.

All that aside, I still think Yoggie is a great product. I think the idea of outsourcing security to a device sitting outside the computer is a natural one, and will, as Yoggie claim, create a new category of security device for ordinary users. Yes, it's absurd that this kind of thing has to be farmed out, but it makes a lot of sense.

Technorati Tags: yoggie, security, firewall, viruses, malware, antivirus, xp, drivers

Your Phone as Stalker

Phone spam feels like it's getting worse.

I and my wife have been receiving numerous calls from the local arm of ANZ Bank -- a bank I am happy to identify by name because I've sought comment from them without reply for nearly a week now. Our mobile phone numbers were probably sold by another bank or possibly by the cellphone company.

Nokia researcher Jan Chipchase starts picking up SMS and phone spam on Hutch in India within a day of activating his SIM card, and finds that the company is three times as slow at removing his number from their spam lists:

Locals in the know send a text message to opt out, a process that, according to Hutch’s automated response takes at least three days to activate: “We respect your privacy. Please give us 72 hours to include your number on our Do Not Disturb list. Thank you” and an unspecified amount of time this to filter through to the companies that already have you on their disturb list.

I'm quite aggressive at fighting SMS and phone spam, but not always successful. One nightclub spammed me regularly until I got upset. Now they don't. (Embarrassingly, it turned out to be owned by a friend of mine.) Now a lot of people here don't answer their phone unless they recognize the number on the display.

Still, there's nothing is quite as bad as this case of cellphone stalking in the U.S., where one family claim to feel harassed to the point of paralysis through their cellphone. A good clear-eyed view of the mess here.

Technorati Tags: nokia, spam, sms spam, phone spam, india, indonesia, privacy, anzbank, hutch

Another Birthday, Another Batch of Birthday Spam

 

It's that time of year again. The big old 3 0, or however old I am. And the first where I've really felt the power of social networks. Not in a good sense, though. Sure, it's been nice to get some greetings from 'loose ties' in my online world who spotted, in one social network or another, that today is my birthday. Thanks, Graham and co. Really.

But all the other stuff? From websites I signed up for and, in a moment of madness, entered my real birthday (tho usually, the wrong year: 1900. That should mess up their stats.) There's something rather sad about finding yourself getting more email greetings from services you've signed up for than from real people. How pathetic is that?

And not just for my own miserable existence. How is it that companies think that folk like me either a) enjoy being wished a happy birthday by some automated computer script, or b) are ready to believe that employees at the company involved sat around and thought "Oo! It's Jeremy's birthday today! We should send him something!" Either way I come across as pretty stupid.

Which I'm not necessarily disagreeing with. Hey, I'd rather get birthday spam than nothing at all. And when you get to my age either your friends have long given up on you or think you're too old to get real birthday cards with little badges stuck on them you can wear. Message to friends and Auntie Mildred: You're never too old to get cards with badges on. Never.

Of course, social networks aren't all bad. At least with services like Facebook you can send birthday greetings and be reasonably sure they actually arrive. Which is more than you can say for those e-cards. Those silly email services where you choose the least lame 'card' from a very lame selection and whisk it off, feeling you've done the best you can for your buddy/spouse/mother. Awful. Thankfully, no-one sends those anymore, knowing that either they're so lame they were losing friends/spouses/mothers or that most of them wouldn't get through spam filters.

Anyway, we should be smarter than this by now. I'd love to see social networking tools used better to celebrate birthdays. We all know we don't actually remember people's birthdays; we remember to put them into some diary or calendar so it reminds us. Preferably before the day itself. Technology has just made that more efficient. But it's lame to then just turn what is supposed to be a very personal experience into a generic one by automating birthday greetings. Who (besides me) wants one of those?

Social networking tools should offer users the chance to opt out of receiving birthday greetings, or to receive them only from insanely attractive members of the desired gender, or automate a quick whipround so the birthday person gets a free year's subscription or a real g-string or something. I don't want to sound venal, but whoever enjoyed a birthday made up of only greetings cards or their online equivalent? Where, in short, is the loot?

Why can't, for example, a mall recognize someone with a birthday has entered the building and offer them freebies and piped 'happy birthday' music through the tannoy system? Or car-parks offer free parking? Or banks extra credit? If these companies were sincere about wishing us a happy birthday, shouldn't they put their money where their mouths are?

And, finally, a thought. Why, if I registered my year of birth as 1900 for these services, aren't the companies either awarding me 'oldest living customer' badges, or sending someone round on my birthday to check I'm ok/still alive, or something? If they really cared, wouldn't they make more of a fuss of their 107 year old customer?

Technorati Tags: birthdays, social networks, spam, facebook

A New Image for Your Email Address

John Graham-Cumming, author of Bayesian spam filter POPFile, points me to a neat tool he's created which will turn an email address into an image that may spare you some spam from bots scouring web pages for email addresses:

This site converts a text-based email address (such as me@example.com) and creates an image that can be inserted on a web site. The image contains the email address and is easily read by a human, but is intended to fool web crawlers that search for email addresses.

I can't guarantee that this is foolproof, but Project Honeypot reports that image obfuscation of an email address is very effective (they say 100%) against web crawlers.

Enter your email address in the box and the server returns a string of gobbledygook which contains the email address (padded with a large amount of random data to avoid a dictionary attack) encrypted using a key known only to the server. When the image is loaded into the web page the server decrypts the email address and creates the image. (The email address is not stored by the server; it resides only in the HTML on your website.)

 Here's what mine looks like:

Made using jeaig

If you need to put a contact address on your webpage or blog, but hate the amount of spam you're getting, it's worth a try.

Technorati Tags: spam, image generators, captcha

CAPTCHA Gets Useful

An excellent example of something that leverages a tool that already exists and makes it useful — CAPTCHA forms. AP writes from Pittsburgh:

Researchers estimate that about 60 million of those nonsensical jumbles are solved everyday around the world, taking an average of about 10 seconds each to decipher and type in.

Instead of wasting time typing in random letters and numbers, Carnegie Mellon researchers have come up with a way for people to type in snippets of books to put their time to good use, confirm they are not machines and help speed up the process of getting searchable texts online.

''Humanity is wasting 150,000 hours every day on these,'' said Luis von Ahn, an assistant professor of computer science at Carnegie Mellon. He helped develop the CAPTCHAs about seven years ago. ''Is there any way in which we can use this human time for something good for humanity, do 10 seconds of useful work for humanity?''

The project, reCAPTCHA, is using people’s deciphering to go through those books being digitized by the Internet Archive that can’t be converted using ordinary OCR, where the results come out like this:

Those words are sent to CAPTCHAs and then the results fed back into the scanning engine. Here’s the neat bit, though, as explained on the website:

But if a computer can't read such a CAPTCHA, how does the system know the correct answer to the puzzle? Here's how: Each new word that cannot be read correctly by OCR is given to a user in conjunction with another word for which the answer is already known. The user is then asked to read both words. If they solve the one for which the answer is known, the system assumes their answer is correct for the new one. The system then gives the new image to a number of other people to determine, with higher confidence, whether the original answer was correct.

Which I think is kind of neat: the only problems might occur if people know this and mess the system by getting one right and the other wrong. But how do they know which one?

Tags: captcha, spam, OCR, books, scanning, digitization, innovation, pittsburgh, mellon, recaptcha

The Name's Bristly. Sickling B. Bristly.

I don't want to encourage spammers because, frankly, they're so out of control even people who don't have email accounts are getting spam, but you have to admire the creative ones. I'm a sucker for a good 'from' name, so here are a few more (not that these are as good as earlier ones; you know who you are, and we expect better):

Assent. V. Brainstorm
Virgie Hightower
Levity S. Heehawed
Bazooka I. Cultivation
Netzahualcoyotl R. Rocker
Cynics G. Jauntiest
Invincibly B. Haycock
Isthmi B. Troubling
Pauperized V. Denote
Anemone P. Tarrier
Misery D. Converters
Rapist O. Renew
Sickling C. Bristly
Beguiled A. Lousy

Not about to call my kids these names. But I'm open for offers. Spammers: If you're going to spam us, at least entertain us.

What Probably Won't Happen in 2007

The BBC has asked me to make some predictions about the coming year, something I'm always loath to do because I seem to get it wrong. Anyway, here are my notes. They're based in part on my own bath-time musings, and partly inspired by the thoughts of others (tried to credit them where relevant.)

1999 just took longer than we thought, that's all

Web 2.0 is not just about AJAX, mashups, blogs and all that. It's about building a platform. That's now been done. All we need to do now is let people use it. That is already happening, but it will REALLY happen in 2007:

Delivery will get better

RSS will stop being something we have to keep explaining to people, because they'll be using it. It will be seamless -- a way for anyone to join something, whether it's a newsletter, a service, a MySpace group. It will stop being known as Rich Site Syndication or Really Simple Syndication and be Really Simple, Stupid.

Content will get better

The real improvement in computers will be the rise of the dual- and four-core processor, i.e. one that uses more than one chip. Think of it as the computer having more than one brain. This will speed up, and make easier, the editing of video and other multimedia content. Our computer, in a word, will no longer be an expensive typewriter. With faster connection speeds, too, video will be the thing that really makes the Internet compelling to people who were previously uninterested. What we watch on YouTube will get better. Individuals will have their 15 megabytes of fame. But this will couple with a rise of content generated specifically for the Internet, further blurring the lines between TV and computer viewing. Silicon Valley is no longer a tech center, but a media one.

The demise of big software

The rise of online applications will in turn blur the distinction between what is going on in your computer and what is going on at the other end of the line -- the server. Vista will seem more like a farewell than a big hello, as big software from big companies locking in users to specific ways of doing things will give way to open source alternatives like Ubuntu. Microsoft will fight this tooth and nail, but I'm sure they already know it.

The mainstreaming of social media

 Web 2.0 is really all about breaking down barriers by making it easier to do stuff, and to mix it up with other people doing stuff. In a way what the Internet has always been about. Expect the influence of blogs to further pervade those last few citadels that have been resisting it, breaking down walls within organizations -- internal blogs that flatten hierarchies and build up feedback mechanisms for employees to talk back to their bosses. Think government departments. Think universities, schools and anywhere else where hierarchies exist. This won't be a one way street: anonymous bloggers in places like Microsoft and China may find themselves outed and lynched.

The rise of the maven

As the Web gets bigger, Google will need to reinvent itself to keep up. Web 2.0 offers some great ways to find stuff through other means, leveraging the knowledge of others who have gone before. We will acknowledge the contribution, and marketers will acknowledge the power, of the maven: the person who seems to somehow know stuff, and is ready to share it. Tagging, blogging, and other social tools will be recognized as extremely powerful ways to do this.

The demise of the big computer

The cellphone will get better at what it does, and we'll grow to trust it more. We'll stop calling it a cellphone and just call it a wearable device, or something snazzier I can't think of right now. One day we'll think it quaint that we had to sit in one place to do stuff, or near an outlet, or within range of a WiFi signal. Cellphones don't have those limitations and this will start to hit home in 2007:

Teenagers will show us the way. Again

They're already sharing everything via Bluetooth, creating networks on the fly (that, incidentally, fly under the radars of commercial networks and marketers). They share videos, ringtones, songs, games, either by exchanging content or playing against each other.

Space-shifting

The cellphone has already redefined what space is, and that will continue. Sexual liaisons involving public figures will be recorded by one party as insurance against future hard times. Cellphone television will become more popular, not just because it's mobile but because it's personal, a time to be alone under the sheets, on a bus, waiting for a friend, stuck in traffic. Maybe not this year, but soon they'll be pluggable into the hotel TV. This is tied into the idea of personal space being something you control, either through presence, or through intermediary services where you only ever hand out personal details of your virtual self.

The End of the iPod

The iPod will decline in importance as the music-phone takes center stage. I didn't think this would happen because cellphone manufacturers mess up the software on the phone, but they're getting better at it. Even Nokia. So expect most people, starting with teenagers who don't want more than one gadget and probably can't afford them, to switch to one device. This will again throw open the mobile music/MP3/DRM debate, and iTunes will start to look a bit wobbly until Apple gets something sorted out so non-iPod users can download from the site easily and cheaply.

The downsides

It's not all fun and games. Bad things are going to continue to happen, and there's not much we can do about them. It's partly just the normal process of utopians being pushed aside by realists, but it's also about an ongoing debate about how to, or whether to, police a space that seems largely unpoliceable.

A dual identity crisis

Mainstream media's identity crisis will be compounded by an identity crisis among bloggers. The rise of pay-me blogging, where bloggers get paid for writing about specific companies or products, will lead to some scandals and make people explore more deeply the ethics of blogging, and how they're not that much different to the ethics developed by journalists over several hundred years. This won't however, lead to the demise of blogging, but the rise of a sort of online press corps, with its own associations and rules, both written and unwritten. Many bloggers will end up being journalists, and the best journalists will move effortlessly and happily through the blogosphere. Many already do.

Keep up, grandma

Things are moving so fast the slow will look like they're running backwards. If 2004-6 were anything to go by, 2007 will move quite quickly. Some folk I spoke to said that not much has popped up this year that's exciting, and that's true, in a boiling frog type way. It's the earth shifting that is changing, and we need to change with it. Young people just get it, but us digital immigrants need to not just learn the lingo but keep up with the fast-changing slang. Oh, and MySpace won't be the place to hang out in 2007; it'll begin to look like a sad school hall dance arranged by the teachers.

The Rise of the Snoop

We tend to make a distinction between these things, but they're actually all part of the same thing. Spam is getting worse, and it's not just an invasion of privacy but an invasion of our productivity (91% of email is spam.) Music and video files will also rise as vectors of trojans, malware and other PUPs. GPS devices married to phones will enable people to track their employees, spouses or offspring, and further empower stalkers. Cellphone monitoring devices like FlexiSpy will get better at distributing themselves, and will be powerful not just in the hands of eavesdropping acquaintances but identity thieves. The rise of virtual worlds will also lead to the rise of virtual identities and virtual identity theft, along the lines of CopyBot. Expect to see cellphone eavesdropping and data theft from cellphones to surge. And we'll start to realize that Google isn't as cuddly as it looks; it's a snoop, too.

Dud of the Week: eBay Anniversary

I shouldn't boast too much about this, I know, since you're all going to get horribly jealous, but I just received a very exciting email, courtesy of the nice folks over at eBay, congratulating me on an impressive year (or is it 10?) of dedicated custom:

 

 

 

 

 

 

 

 

 

 

Now my friend Jim says this is the lamest bit of spam he's seen in a long while, and points out that since I haven't actually sold anything on eBay the sentiments expressed therein are as genuine as the Microsoft Office on his computer, but I think he's just green with envy. Not least because the email contained a picture of the eBay Green-Pants Wearing Party Dude (pictured below for your convenience):