Worth Reading to Avoid Being an Unsuspecting * SPAMMER *...

[Guest guest]

Hello Everyone,

Recently, I had joined boxbe to try out their services in supposedly

improving my email experience (handling spam, prioritizing emails,

etc.). Unaware, the software company essentially harvested my email

contacts list and sent out invitations to my list to join their

network on their behalf! I have since closed my account.

In the era of " social networking, " you may want to read this article

from the NYTIMES to get an idea of what companies on the net are doing

these days to help spread the word about their company at the expense

of your reputation and trust network.

Apparently, this practice of spamming by trust has shades of gray in

terms of whether this is considered inappropriate/illegal or not...

here's the article (source):

http://tinyurl.com/avoidSPAMtoday

(http://www.nytimes.com/2009/06/20/technology/internet/20shortcuts.html?pagewant\

ed=all)

**<clip>**

Typing In an E-Mail Address, and Giving Up Your Friends’ as Well

Article Tools Sponsored By

By ALINA TUGEND

Published: June 19, 2009

I THOUGHT it was a little strange when I received separate e-mail

messages from two people I knew only slightly asking me to click and

see their photos on a social networking site called Tagged.

I ignored them at first, but then thought maybe I should check it out.

After all, I should keep up on what’s hot in the social networking

world, right? This could be the new Twitter.

That’s when I started doing everything wrong. I obligingly typed in my

e-mail address and a password to see those photos. Well, the photos

didn’t exist, but I had unwittingly given the site “permission” to go

through my entire e-mail contact list and send a message to everyone,

inviting them to see my “photos.”

I found this out only when I started receiving e-mail back from people

agreeing to be my friend. I quickly realized what had happened and

shot off an apologetic message explaining why I inadvertently spammed

them.

As friends’ responses started rolling in, I heard from some who had

received similar e-mail. Others told me about the same problems with

Web sites like MyLife.com and desktopdating.net.

This wasn’t along the lines of someone stealing my bank account

information or Social Security number, but I was annoyed and

embarrassed.

“They’re using your good name to establish a connection,” said

Cassidy, secretary general of the Anti-Phishing Working Group, a

nonprofit organization with representatives from law enforcement,

industry and government.

So what’s going on here? I turned to Argast, a security

analyst with Sophos, an Internet security company based in Boston, to

find out.

He told me that this kind of thing has been happening for quite a long

time in various forms, but has really caught on in the last three to

six months. It’s not the same as what’s known as phishing — fake Web

sites masquerading as real ones to get personal information. These Web

sites really exist.

Instead, this is generally called contact scraping. Once you enter

your credentials, like your user name or password, the company sweeps

through your contact list and sends everyone an invitation to join the

site.

How do the companies benefit? They are expanding their user

population, Mr. Argast said, which they can use to attract potential

investors or advertisers. Whether those users are willing

participants, or people like me, is another question.

“There are multiple shades of gray,” Mr. Argast said. “Some social

networking sites, like Facebook, are pretty straightforward in asking

if you want to share information about your friends. Others are far

less scrupulous.”

In the case of Tagged, my friends received a perky e-mail saying:

“Alina has added you as a friend on Tagged. Is Alina your friend?”

Then you click on yes or no. Even more insidiously, it adds, “Please

respond or Alina may think you said no,” with a sad-face icon next to

it.

I apparently also offered to share some photos; some annoyed friends

even told me to resend the pictures because they couldn’t find them.

“It’s using the chain mail psychology,” Mr. Argast said. And he’s

right. My friends got guilt-tripped into signing on.

It’s easier for these sites to get information from Web-based e-mail

accounts, like Hotmail and Gmail, than from local Internet provider

services, like Verizon or Comcast, but nothing is absolutely secure,

Mr. Argast said.

I spoke to Greg Tseng, founder and chief executive of Tagged, to ask

him what happened. He said all social networking sites invite you to

e-mail your contact list to join up or discover which of your friends

are already members, but that a software glitch meant an unusually

large number of accidental invitations went out recently.

He said the company received almost 2,000 complaints from people who

didn’t intend to send invitations to all their contacts — a fraction

of the three million people who registered in the month when the

problem occurred.

“We immediately pushed the pause button,” Mr. Tseng said. “This

business lives and dies by the good will of people.” He added, “We

took immediate steps to rectify this problem and improve the user

experience on Tagged.”

Mr. Tseng said Tagged was the third-largest social networking site

after Facebook and MySpace, with 16 million active users and 80

million registered users. And guess what? I’m counted as one of those

registered users now.

A colleague, Tom, received a similar “invitation” from an acquaintance

inviting him to join MyLife.com about a month ago. He clicked on

“yes,” and started receiving e-mail from people on his contact list

thanking him for inviting them.

“At first it was amusing, but when I realized that it was mining my

address book, it wasn’t so funny anymore,” he said. MyLife.com was

formerly Reunion.com, another site that stirred up numerous complaints

regarding contact scraping.

Jeff Tinsley, founder and chief executive of MyLife.com, said that his

company was constantly improving its registration system.

“We register more than two million users a month, and the complaint

rate is very small,” Mr. Tinsley said. “It’s very important to make

the process very clear, but that said, sometimes people are going with

the flow and not paying attention. It’s impossible to just take

someone’s address book. An individual has to give us his credentials.”

Tom, however, said he didn’t recall typing in his password, so he was

not sure how his address book was accessed.

In some cases, buried deep within a company’s terms of service or

privacy policy is information about sharing e-mail addresses, but few

people ever get that far.

“We don’t think the consent is meaningful or transparent,” said Marc

Rotenberg of the Electronic Privacy Information Center, a public

interest research organization. “People don’t know how their

information is being used.”

Donna Tapellini, senior editor for Consumer Reports, which reported on

this in its June issue, said such practices raised privacy issues.

“It’s your private contact list and you should be able to protect it,”

she said.

Such actions may also violate the federal antispamming law —

officially known as Controlling the Assault of Non-Solicited

Pornography and Marketing Act and unofficially as Can-Spam — which

regulates unsolicited commercial e-mail, prohibiting, among other

things, false or misleading information in a subject line, said Eileen

Harrington, deputy director of the Bureau of Consumer Protection with

the Federal Trade Commission. Ms. Harrington emphasized that she was

speaking in general terms.

“We’re now fully in the era of Web 2.0 and under many circumstances,

consumers may be providing more information than they realize,” she

said.

The problem is, it takes a long time for people to learn the tricks.

So here are some words of advice from Mr. Argast.

First, don’t supply your user name and password from one site — say

or Gmail — to a third-party site. And don’t use the same user

names and passwords for different sites. That’s good advice that most

of us — myself included — often fail to follow. He told me some 80

percent of users his company surveyed reuse their passwords.

The problem, of course, is remembering different user names and

passwords. There are programs or tools that provide an easy way to

remember multiple passwords, like 1Password, Sxipper, Keychain or

Firefox Password Manager.

You can also set up a separate e-mail account for registrations, which

won’t have your contact list.

Also, just be alert. Look closely at the invitation. Are there

misspellings, for example? Does something just feel not right? If so,

e-mail your friend asking if he meant to send you the query.

Finally, I used this opportunity to clean up my contact list. I hope

I’m too savvy to have this happen again, but if it does, at least that

acquaintance I met in a seminar two summers ago and the British couple

I haven’t spoken to in five years will be spared.

E-mail: shortcuts@...

**

Kelvin