I have been ranting and raving about insecure viral Tell-A-Friend scripts for over a year, and it seemed like I was just talking to a brick wall.
Now in the space of just a week I have been able to highlight a solution based upon one of my own blog posts that uses a slightly ghetto, but K.I.S.S method to achieve extremely effective viral tell-a-friend functionality, and now I want to mention another more sophisticated solution.
In my last post I mention that Stompernet currently have an offer to get their Stomping The Search Engines STSE2 SEO Course 100% Free with no credit card requirements.
Now if I am going to state that something is 100% free, I really want to be sure that there are no strings attached.
So I tested the signup procedure and created an account for my wife.
Stompernet Tell-A-Friend Process
As you can see, lots of import options, and whilst a few of them do require username/password, the most important business centric address for online marketers, Google, uses an API hosted by Google.
Remember, Google Account is Key To:-
- Gmail (Paypal, Domain registration, Hosting)
- Adwords
- Analytics
- Adsense
- Private Calendar
Entering your email and password into a form on a 3rd party site is a security liability.
Asking your customers to do it is a security liability for them, thus a business liability for you.
Stompernet are the first in the “Internet Marketing” niche that I am aware of to use a legitimate, safe process for gathering contacts for use with incentive based Tell-A-Friend, and do it better than Twitter, Facebook & LinkedIn.
Probably due to time constraints, one visible blooper is that they haven’t registered with Google (I am not sure of the procedure), and it might take a while to process.
Here is the email that gets sent to your friends.
It would be good if there was a way to edit it before sending
I Skipped Something
The observant will notice I skipped the import stage as I felt it wrong to crop the image, for impact. Whilst I am on a lot of email lists, and have a fair few contacts, I don’t think this situation is unusual.
This is going to be a usability issue with almost any primary email account used by an online marketer., unless they are ruthless with their email list pruning.
The more ghetto version doesn’t have this usability issue, because emails are filled out within the native email interface.
The script that Stompernet are using is Octazen which looks very capable, and they list lots of social networks among their customers. They also have a WordPress plugin though I am not sure of the capabilities – something I will be looking into myself.
I have no idea why so many sites still ask for passwords. Maybe they are using an old version of the script that doesn’t use the APIs for some reason.
I must admit that acted as a negative advert for them – I had been to the site previously, seen the logos for Twitter and LinkedIn – remembered how bad their systems were asking for Gmail passwords, and just ignored them.
Oh… that list of contacts – this rivalled John Reese’s 40 page Traffic Secrets sales letter… around 40 pages in this screenshot, though that only takes us up to letter “T” – my screengrab software was having problems with a file over 30,000 pixels high.
Gmail Imported Email Addresses
21 Comments
i clicked through to octazen (presumably your affiliate link) because I was generally interested in the service they used, and possibly purchasing it, however
it was really annoying that you were doing some sort of framing to the site that there was no option for me to escape. The entire time it had your url at the top of the page.
Just a heads up, not sure what you are doing to frame these links but it’s really annoying, especially for people who want to enter their credit card info (earn you an affiliate sale) but think it’s a bit fishy they aren’t on the real site but you framing it ;) (2checkout eventually broke the frame but really wierd experience)
why frame the affiliate offers? don’t you trust the cookies and just sending someone to the site?
cheers and keep up the great info.
mark
Hi Mark
I use Adtrackz more to manage links from a central location than anything else, especially when content gets syndicated. If you don’t use some kind of redirect that you can manage, then if at a later date you want to change it, then it is hard to do it on syndicated content.
Yes it is an affiliate link – I have posted about lots of viral TAF scripts that are unsafe, came across this one on the Stompernet site, looked at the code, hunted down the script publisher and by chance they had an affiliate program.
I generally do trust affiliate links – I even sometimes get lazy and don’t use Adtrackz… when that happens I often pay a price a few months or years down the line when a publisher changes their links, discontinues a product and doesn’t redirect to something else, or similar.
Update
Switched the link to just using meta refresh
cool thanks for the info.
it’s still weird from a visitors standpoint that it frames the entire site inside of yours.
but i do understand using a redirect because affiliate links go out of business sometimes.
This is something well worth looking into. I’d be interested in testing the Wordpress plugin or reading about it here (after you have undertaken the tests :) ) Thanks for the heads up.
Karl
he best way to get traffic to your website is write an article and submit it to article directories. The articles give linkbacks to your site (helping to get more Search Engine traffic) and also the articles can get traffic themselves (as they also rank in the search engines) meaning the users will click the links in the article and land at your website.
What you don’t want to do is write 1 article and submit it to 100 directories – this is fine but not the most effective way as Google will treat 99% of them as duplicate
What you don’t want to do is spam my blog with off-topic comments
You obviously don’t know enough about article marketing to offer advice, and I really hope you don’t give advice on blog commenting.
I can’t believe how people trust some 3rd party websites and giving their passwords. I don’t give any personel information to a website.
Hi,
First I would like to thank you for your kind words, I am the IT director at StomperNet, I was responsible for setting up the TAF scripts which by the way if you noticed we actually used two different scripts the first was just free form for people that did not want to give a password to retrieve their contacts, and the second one being Octazen’s script. Our main goal was to achieve simplicity but we also wanted to cater to people that did not want to fill out the form manually.
Hi Karim
Credit where credit is due, Stompernet were the first to do it right, at least in the internet marketing niche
The real credit is for caring enough to research better solutions than those heavily marketed in our industry
Well it doesn’t really matter how great your site is if you are associated with malware by google. Nobody will visit. Perhaps you should explain your association with reycross.com, which has been flagged by google. It might be helpful for us to understand the process you go through to clear this up (think of it as a learning experience. Here is the page from google:
http://google.com/safebrowsing/diagnostic?tpl=safari&site=reycross.com&hl=en-us
My next post will be about clearing up WordPress blogs that get hacked – it happens, and disaster recovery is fun though stressful
The important learning aspect though is that I don’t have any scripts on my site that ask people for personal details such as Google passwords
Well not until some geek would hack the system then your tell-a-friend might only end up spilling the beans.
Hey Andy,
Excellent post, I have often wondered if there was a better way of doing things like that as tell a friend is often the first thing that comes up, it’s always the skip this part button I hit, as I do not like giving out my password to these things.
Full credit to StomperNet for being first,
James Howard
I saw this on another blog the other day. I thought the same thing… you want me to give you my password? Nope! I use hotmail, but man with Gmail it is really lethal as you noted (adwords, adsense, analytics, etc..). I am amazed that someone would actually give out their password but I am sure many do. Good post!
Evan
yeah lol that google password is tied to so many different things, youtube accounts, adsense, adwords, and all that.
I never do it.
Yeah these sites are always asking for your passwords and it’s so easy to give them the same as you use on gmail so there easy to remember but you can’t and it’s a sad part of the internet.
Great article. I have always been suspicious of the tell a friend feature. This outlined it very well.
Emma you don’t work for the company you linked to on a full time basis, though I have a feeling you are working under the instructions of others who have blatant disregard for their own company published code of ethics.
I have left the link in place (evidence) but strongly suggest you question whoever instructed you to link build for clients in this way.
Hi Andy,
phew… just read through all the posts about viral tell a friend scripts here.
My name is Norman and I am responsible for one of those you wrote about here in the past – Viralinviter.
I have to say one thing first: Your input was very valuable for me and actually, we already acted upon it.
Viralinviter’s newest update will have many of your and other’s suggestions implemented.
Actually, Viralinviter’s newest beta already operates exactly the same way you described above about stompernet’s version.
The Authorization on Gmail’s servers can also be done similar on Hotmail’s – via a live.com login.
We will have that too.
Also, we’ll provide a best practice document to our customers about general server security and how they – if they are unsure – can use Viralinviter on a seperate hosting account without the possibility of other scripts being responsible for the hacking part and hackers THEN getting cross-access to Viralinviter.
We’ve been always on the lookout to improve Viralinviter and as i mentioned, are happy about feedback.
Thanks Andy!
Norman Freeman
PS: Are you located in Europe? or just have a EU domain? Greetings from Germany!
Hi Norman
Glad the feedback finally got through via alternative channels – set up some Google alerts :)
Hopefully I will get to see it in action tomorrow & I am right next door so to speak in Poland.
I still think the Ghetto version has real benefits but good to see Viral Inviter is being fixed