This seems to be a growing trend, and so many bloggers are falling for the linkbait, poorly researched content, and unethical marketing practices.
Reactionary development of computer products and services can prove to be a disaster both for development cycles and the feature set of a product. An extremely careful balance has to be achieved between supporting the wishes of hardcore supporters of a product, and achieving core goals and maintaining a development schedule.
I have experienced this first hand in the computer games industry being the middleman both between publisher <> development team, and consumer <> development team. I know that I have significantly disrupted development of products in the past, and at times I even ignored or delayed passing information from a publisher or customer on to a development team simply because of the disruption it could cause. Sometimes I used a middleman, passing information onto my only superior, the company MD, and allowing him to decide whether the feedback should be passed on to the development manager or development team members.
I was also in charge of sales and marketing internationally, and even though we had a relatively small organisation, channels of communication existed to prevent disruption to the development schedules. Here is a good article on the subject.
If someone is attempting to hack your website, steal your content, or damage your business, the expected reaction shouldn’t be to pat them on the back, thank them for their help and offer them all kinds of bonuses and credibility.
In a web environment, the logical first step to people abusing your site is to block their IP – this is what various spam control systems do. How many bloggers have a terms of service stating that if you spam them with comments they will block your IP address?
It shouldn’t matter how influential a blogger thinks they are, the tail shouldn’t wag the dog.
The first sign Shoemoney received that he had been banned from MyBlogLog was a 403 Error. From the w3.org site:-
10.4.4 403 Forbidden
The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.
If someone was spamming me, scraping me, or hacking me, and I could pinpoint it down to a single IP address, that is exactly what message I would give them. It doesn’t matter who the hell it is.
I doubt Shoemoney was sending signals such as:-
Hey this is Shoemoney, I am hacking your site for hackbait to get links and subscribers, but it is all harmless and not really intended to damage your business
Now on one point yesterday I was wrong, it seems that whilst an email was claimed to have been sent a month ago regarding the cookies problem with MyBlogLog (but from the French site), it might have got lost in various technical and logistics problems.
Another insight, Shoemoney had been asked specifically by the MyBlogLog team to give them a heads up before posting any more hacking MBL information.
Here is what Eric posted in a comment on Li Evans post:-
Here’s the thing. We *did* have reach out to Shoe. Every time he posted a hack we thanked him in his comments for pointing out a vulnerability.
Then a couple days before this was posted, Scott Rafer emailed him and said, basically, “dude, I understand you’re pissed at Jeremey Zawodny and so be it. But keep in mind that he’s not part of the team and it still just us five guys bangin away. We’ve had a good relationship with you and we would just appreciate a heads up before you post your next exploit.”
And then he posted this.
(I had previously omitted the previous info because I was unable to get in touch with Rafer last night to request permission to discuss his email exchange.)
OMG A Tracking Service is Tracking Clicks
Today I have read yet another piece of Hackbait on Shoemoney’s site, though admittedly by his partner in crime DDN.
He has come up with the absolute revelation that tracking programs track clicks on adverts.
He thinks it is a scandal that a Yahoo owned company can track clicks on Google adverts.
Something Stinks & It is Not MyBlogLog
Google Analytics can be used to track Yahoo clicks in exactly the same way as MyBlogLog can be used to track Adsense clicks, and people have been doing it for a long time.
Aaron Wall posted code to do this in November 2005, and it was also discussed on Digital Inspiration in December 2005.
I keep a reasonable eye on discussions regarding analytics. I have never seen anyone claim that Google shouldn’t be allowed to have tracking information on Yahoo clicks or for that matter any other monetization links.
In many ways MyBlogLog having this tracking information as part of Yahoo is a good thing.
- Defending on Clickfraud – A Yahoo owned tracking service would be looked on as a more credible source of data than a self hosted script.
- Personal Data – MyBlogLog probably have enough data not just to isolate the IP address, but possibly who clicked the advert – for defence of your Adsense account, surely that is an ideal scenario
You should always have some form of tracking for advertising – both Google Analytics and MyBlogLog (Yahoo) fall short in this capacity, and I hope they improve in the future making this more accessible for average users to improve their advertising returns. Microsoft are also entering this field, and I doubt very much they will prevent tracking of clicks on Yahoo or Google adverts. That would actually make their tracking system useless.
Tracking systems should track advertising… period
In many ways anyone looking to earn revenue from their blog should demand more tracking and interoperability and not less.
MyBlogLog could easily become a universal tracker for the masses, it is so easy to switch between different sites to check stats, and Google Analytics for an average user is a little confusing.
I am not in a position to prove whether Yahoo ads can be tracked with Google Analytics.
With Adsense the code can be placed on any site, so I could just stick some Adsense on this site for people to test, either with my own publisher ID or… someone elses.
I am not sure whether that works with Yahoo, they might lock advertising code to a particular domain in their beta testing, but I am not going to use someone elses Yahoo code just to prove a point.
The Danger Of Controversy
Now if your content is deliberately controversial, and especially regarding hacking, you are not just placing your MyBlogLog account in danger.
Yahoo YPN Terms
Here is a small excerpt from the YPN FAQ
We will not show results on pages that contain problematic content, including but not limited to:
# Propaganda, potentially offensive or controversial content
# Defamatory, libelous, threatening or other material that advocates against any individual or group
# Political, religious or charitable organizations, issues or causes
# Hacking, surveillance, interception or de-scrambling equipment
Google Adsense Terms
Taken from the Google Adsense Policy:-
Sites displaying Google ads may not include:
* Violent content, racial intolerance, or advocacy against any individual, group, or organization
* Hacking/cracking content
* Deceptive or manipulative content or construction to improve your site’s search engine ranking, e.g., your site’s PageRank
* Any other content that is illegal, promotes illegal activity, or infringes on the legal rights of others
The wrong kind of linkbaiting is seriously playing with fire, though some people it seems are meant to have asbestos suits.
Whlist I don’t have YPN or Adsense on this site, I have been very careful not to link to anything that has hacking related content, and as far as I am concerned, Shoemoney is now effectively “grey boxed”, a bad neighbourhood to link to containing hacking information.
If someone wants a link condom plugin so they can make all links to Shoemoney nofollow just let me know, it would be easy to modify the Wikipedia nofollow plugin. Hmm I think Matt Cutts might even have linked to Shoemoney in the past, it wouldn’t be good to link to a hacking site.
For some true reflections on MyBlogLog, which I actually feel are unbiased despite being a sister company, try a co-founder from Flickr.
I can even claim a gripe against Flickr having a 2 month old support case on commercial usage that I really should “bump” again, but that is in all honestly my own fault. If I haven’t had a response, and I still have a problem after a few weeks, I should chase it up.
Sometimes honest communication does get lost – I have at least 2 issues with Google that haven’t been responded to, one regarding use of Google CSE with Toolbar Buttons, and for some reason no response to submission of toolbar buttons I have created.
MyblogLog have responded to the adverts tracking feature.
Unfortunately Eric has succumbed to the Wolfpack of lies, and just made Shoemoney, the guy who started his MyBlogLog recruitment campaign by carefully selecting and inviting 8000 contacts as “featured user” in the MyBlogLog panel. I am sickened. Shoemoney hasn’t removed any of the previous posts. Was he threatening to expose more?
Pamela Heywood puts some nice perspective on the tracking situation after examining the Google terms of service.
I would like to point out to Tony Hung that he doesn’t have a comments policy on the Blog Herald or on Deep Jive Interests. You really shouldn’t block people from comment spamming you without some kind of ToS or policy. I wonder if he realises that it is almost impossible to use any tracking service without some conflict of interest or insecurity, and he will need something if he is going to monetize his blog. In fact I don’t personally know of any tracking service or script that doesn’t represent some risk or conflict.
Mathew Ingram has made a fairly balanced post, but I think he like others might not be aware that Shoemoney was specifically asked not to post another exploit without giving a heads up.
I would love to know what Thomas Hawk would do if someone was attacking his servers with a denial of service attack… maybe block their IP? What happens if someone was trying to hack into private data? Block their IP?
Would he send them an email first asking them to kindly notify him before revealing whatever exploit the hackers discovered.
I wonder how much it would cost to pay an East European programmer to come up with some Zooomer hacks and exploits, or maybe Indian would be slightly cheaper. It seems that as long as you are not looking to change the data on Zooomr, then any hacking is allowed, and providing information on how to change data or tools would also be within the ToS.
Unauthorized attempts to infiltrate the Web Site electronically for the purposes of changing some part of the service are actively monitored and are prohibited. This includes, but is not limited to, ‘cross-site scripting,’ ‘worms,’ ‘viruses,’ and ‘trojan horses.’
Then again maybe you don’t really need a ToS (though MBL do have one now) to prevent someone hacking you or causing disruption for your clients.
Actually, if you read the ToS from Yahoo, it looks like it is a blanket ToS that covers all Yahoo services. Obviously as most people at one time or another have established a Yahoo account, everyone has read the Yahoo ToS at least once, and would know that it covers all Yahoo services, including any new services introduced.
Thus the Yahoo ToS has been in effect since the day MBL was acquired by Yahoo. Yes I am sure they forgot to link to it, and maybe they should get you to agree to it again when you next log into MyBlogLog, just to avoid any confusion. I am sure everyone would have read the ToS if it had been linked to from the MBL page.
Realistically, no one reads terms of service completely, but most people are aware of what is looked upon as good conduct. Hacking isn’t looked on as being socially acceptable unless you are a 14 year old script kiddie.
There seems to be some confusion regarding how visible the advertising tracking might be, and the confusion is predominately among high traffic blogs who have so many external clicks that any Adsense clicks would be right at the bottom of the list.
You have to remember that the majority of MyBlog users that everyone seems to be so worried about, and encouraging to abandon MyBlogLog are lucky to have 100 unique visitors per day, and don’t get as many external clicks. They are much more likely to see the advert clicks and rather than be worried about it, they are going to be happy, and rush off to discover they made $0.20 in their Adsense account – yes, if you are only receving one click per day you can get fairly granular about how much it was worth.
Here is a screenshot I have taken from an account that is not upgraded, and clearly displays some Adsense clicks. Just a thumbnail you can click for the full size as I wanted it to be very clear that this was a basic free account.
Here is a write up on MyBlogLog I missed over the weekend by Rex Dixon, and he doesn’t mince his words.
Technically Speaking, Shoe screwed Shoe. If he was really concerned about security, he could have reported it to the MBL crew asap via proper channels. What is that? He could have messaged Rafer, Eric or anyone else at the MBL staff. He chose to make more money for Shoe, and for that Shoe, you got booted. Please donâ€™t come off as the innocent and hurt entrepreneur to the world. When I worked in the IT realm, YOUR type was the most scary to deal with.
This is my last update on this post, but nothing is really concluded. The hacking information is still being displayed along with Digg buttons. The poorly researched tracking story is still there as well.
Lots of bloggers jumped on this hackbaiting train, with poorly researched material, and even possible conflicts of interest or lack of disclosure.
I have seen people suggest that MyBlogLog banned Shoemoney for the exposure – what a badly thought out statement. They don’t need to rush promotion or increase support or PR time. They are still working on migration to new servers, hiring a community manager, probably looking for other staff to help with the problems of a growing demanding user base.
Then there are the “unknowns” like Measuremap that Google recently purchased. I have no idea what data that service tracked regarding advertising, possibly not just Google Adsense. Measuremap has been in private beta for as long as I can remember, though Michael Arrington still uses it on Techcrunch for more than a year.