Do you know who your Grouply Friends are?

February 29, 2008

Ungrouply Behavior Mod,

Since the message below was censored by the GrouplyImprovements clownmod (volunteer Grouply “public relations officer” Texas Critter), you have my permission to publish it.

Netbud

———————————–
— In
http://tech.groups.yahoo.com/group/GrouplyImprovements/message/856
— “Rich Reimer” <rreimer91@…> wrote:
> I would have posted this, but we were going back and forth
> on changes (which we have made very quickly) so I did not
> want to confuse people.
>
> Per my email to you, we have fixed it yesterday so you can
> delete a friend by going only to the search listing
> page.  Please try it out.

I don’t see where anything I wrote “confused people.”  Nobody asked for a clarification.

You “would have posted” precisely what?  That you added a new feature to delete Friends that did not exist before?  Or a revision to that feature to allow deletion of Friends with closed profiles?  Or a notice to users that they should check their Friends list to see if they were affected by the bug that allowed people to get on a user’s Friends list accidentally, possibly granting them access to private profile data, depending on the individual’s privacy settings?

When I suggested privately to you that you post something about it, you did not respond to that suggestion, so I made it public in the interest of those who may have had their privacy breached by the bug (now fixed, but still could be the cause of the presence of unwanted Friends who gained presence on Friends lists before the bug was fixed, and before you provided the ability to delete entries on the Friends list).

In the interest of protecting privacy of confidential profile data, will you at least publicly acknowledge that there was a programming bug that did allow people to get on a user’s Friends list inadvertently, so that Grouply users will understand from an authority other than me that they really do need to check their Friends list if they have not done so within the past few days, especially if they ever sent out any invites, or responded to one (invites being the source of the bug)?

I also suggested to you privately that you offer Grouply users a place where they can see a list of known bugs that have been reported, and their status (fixed, in progress, etc.), so that they don’t have to depend on unofficial groups like this for such information.  You did not respond to that suggestion, either.

Or is it your intention that to get the latest scoop on the status of solutions to problems in your beta product, all Grouply users must hold membership in this [Grouply Improvements Yahoo!] group?  Is it not enough that they hold membership in Grouply’s public beta test?

People giving you the benefit of their time and labor to participate in your public beta test should have access to some kind of reporting mechanism on what problems have been reported and their status, ESPECIALLY for bugs that affect the security or privacy of their personal information, which they put at risk to participate in your beta.

Frankly, being only a beta, I don’t understand why it deserved TrustE certification, when the product was not sufficiently tested to confirm that there were no bugs in access to private data.  However, as I understand what I read of TrustE’s consumer reporting service, they ask that a consumer report a problem to them only if their licensee company does not address it satisfactorily.  You fixed the bug, but it should be reported to all users who may have been affected by it, when it involves security of privacy.

I think it would be a significant Grouply Improvement if Grouply provided an online source for registered Grouply users to see a list of important bugs that could affect privacy, confidentiality, or security, and progress in fixing them.  I’m disappointed that you did not reply to this suggestion when I made it to you privately.

As I told you in email, I’ve been involved in beta projects before, as a user and as project manager of them.  It is not unusual for the beta project manager to provide registered beta testers with status reporting on issues, at least important ones.  You could easily do that in your blog or on a web page accessible only to registered beta testers, or in a Yahoo! Group.  But leaving it in the hands of an unidentified third-party volunteer (“Texas Critter,” in this case, moderator of this group) hardly seems professional.  I suggested multiple ways for you to approach it, and you did not respond.

I was fair to Grouply in the way I publicly reported the Friends List issue.  Will you at least acknowledge the accuracy of my report?

By the way, I can no longer further test your new Friends deletion routine for people with closed profiles, because I already deleted all the people on my Friends list, the first time you tried to offer a Friends deletion routine that lacked the ability to delete ones who had closed profiles.  You’ll have to get somebody else to test that for you.

———————————————
Prior messages in this thread:
——————————————–

From Grouply COO Rich Reimer:
http://tech.groups.yahoo.com/group/GrouplyImprovements/message/856
——————————————–

From Netbud:
http://tech.groups.yahoo.com/group/GrouplyImprovements/message/852
— In GrouplyImprovements@yahoogroups.com, “netbud” <netbud@…> wrote:
— In GrouplyImprovements@yahoogroups.com, Ben D <netbud@> wrote:
> 2)  When you visit the profile of another Grouply user
> (if they have not closed it with the “only me” privacy
> setting), your visit is recorded and reported to them in the
> “Recent Visitors” box at the lower left corner of their
> profile display … and thus reported to anyone else who
> visits their profile page.  Deleting a friend who
> showed up accidentally or by a bug (or even if you just
> changed your mind about the friendship) should not require
> you to report to them and to others that you visited their
> profile.  Grouply Support has not addressed this
> concern in my dialog with them about the various Friends
> List issues.

Since I posted this prior message, Grouply Support said that they would change the Friends list functioning so that when you click on a Friend they will be displayed as a search listing instead of opening their profile page.  As I understand what Grouply Support told me, on the search listing page there will be a Remove Friend button or link.  When this is accomplished, it should resolve the problem of being unable to delete a Friend whose profile is closed (“only me” visibility), and enable you to delete a Friend without visiting their profile page and having that visit recorded and displayed to all others who visit that person’s profile.

——————————————–

From Netbud:
http://tech.groups.yahoo.com/group/GrouplyImprovements/message/850
— In GrouplyImprovements@yahoogroups.com, Ben D <netbud@…> wrote:

 Heads-up Grouply users:  CHECK YOUR FRIENDS LIST.

After joining Grouply, I discovered that I had “friends” (total strangers to me) on my Friends list that I did not invite to be on my Friends list, and who had not asked me to be their friends.

After some dialog with Grouply Support, it was discovered that they got there through a bug involved with clicking on the link in a group invite I had sent.  It also works the other way: if you click on the join Grouply link in an invitation message, you automatically got added to the Friends list of the person who sent the invitation, and they to yours.

Here’s how it worked until it was fixed a couple days ago:

When you use the group invite routine, the default message created for you by Grouply says, “You can use this link to sign up: http://www.grouply..com/register.php?r=nnnnn,” where “nnnnn” is a number referencing your Grouply account.  If some stranger in the group joined Grouply by clicking on that link in the invitation message you posted to the group, they got automatically added to your Friends list (and you to theirs).  Conversely, if you joined Grouply using such a link in an invitation, the sender of the link became your Friend and you theirs.

Grouply “Friends” can have special access to personal, private information in your profile, depending on your privacy settings.  This opened the door to undesirable and unauthorized access to private, confidential information by surprise “friends.”  Depending on your privacy settings and what information you entered in your profile, this can include access to your name, email address, postal address, phone numbers, group memberships, etc.

It has been fixed so that now when you use one of those invite links, you show up as a Friend *Request* in the privacy settings page of the person who sent out the link, and vice-versa: if someone clicks on that link in an invite you sent out, they then show up as a Friend *Request* in your privacy settings page.  In the list of Friend Requests, you can click Ignore to deny their joining your Friends list and gaining friends-only access to confidential information in your profile.

This problem was fixed a couple days ago, but people who either joined Grouply via an invitation or sent invitations out to their groups prior to a couple days ago should check their profile pages to see if they have unwanted Friends there who came on board prior to the fix.  This can be especially important if they kept the default privacy settings upon joining Grouply, and/or if they put any personal information in their profile, or did not turn off access to things like their email address, postal address, phone numbers, etc.

Deleting a Friend also has some troubles.

When I discovered my unwanted friends, I found there was no facility for deleting them.  While viewing the Friends list on my profile page, there was no button or link for “delete friend.”  After reporting this to Grouply Support, they added it, but not on the Friends list.  To delete a Friend, you have to click into their profile from your Friends list, where you will find a button to remove them from your Friends list (and, reportedly, simultaneously remove yourself from their Friends list).

I have two problems with this:

1)  If a Friend has a closed profile (privacy setting at “only me” visibility), you can’t get to that Remove Friend button in their profile page.  You’re stuck with them.  When you click on the link to a Friend in your Friends list, and that person’s profile is closed (“only me” visibility in their privacy settings), you get only their search listing, not their profile, and no Remove Friend button.  Grouply Support said that they will work on making a Remove Friend button available there in the search listing for those people who have closed profiles.

2)  When you visit the profile of another Grouply user (if they have not closed it with the “only me” privacy setting), your visit is recorded and reported to them in the “Recent Visitors” box at the lower left corner of their profile display … and thus reported to anyone else who visits their profile page.  Deleting a friend who showed up accidentally or by a bug (or even if you just changed your mind about the friendship) should not require you to report to them and to others that you visited their profile.  Grouply Support has not addressed this concern in my dialog with them about the various Friends List issues.

I do not understand why one’s own Friends list in their own profile display cannot or should not have a button for deleting friends right there instead of having to go to their profile to do it.  So far I have not received a satisfactory answer to this from Grouply Support.

All else aside, my main reason for raising this issue here is to alert Grouply users that they should check their Friends list (in the My Profile tab) to see if any unexpected friends showed up, because Friends have special access to confidential data depending on what privacy settings you used, and the default set of privacy settings does grant them that access.

I felt that Grouply should have reported this potentially serious confidential data access control problem and its fix, so that people who joined prior to its fix could be alerted to check their Friends list if they had not visited their Profile page since having sent out invitations, or if they joined from the link in an invitation.  I suggested it to Grouply Support, but they did not respond to the suggestion.  I find that unfortunate.  Users should be notified of an important issue like this.


Grouply Evangelism

February 23, 2008

I guess this whole Grouply thing just means that now owners have two new responsibilities:

(1) constantly watching the group-related message boards for information about invading third party services and other risks, and

(2) educating all their co-owners and co-mods about it.

It’s not enough to just know how to use the Management settings in a group.  And Yahoo’s Moderator Central is weak in reporting things that many of us regard as problems and risks, though not useless.

You know how well that will work.  Many group owners and mods barely know how to use the service, much less become experts in third party issues.

Maybe someday Yahoo! will accommodate us by providing a firewall that by default blocks all third party access, and provide a checklist in Management settings where we can opt-in to third party services we want to offer our groups.

(One can dream, right?)

Otherwise, the whole notion of free online groups is going to go bad in a big way, and serious moderators of serious groups will have to sign up for a paid system that is truly secure.  It shouldn’t be expensive, though, given the continually decreasing costs of running a web service.

Did you know that there is a core team of GrouplyFans calling themselves Grouply EVANGELISTS?

http://finance.groups.yahoo.com/group/grouply_evangelist_program/

I enjoyed noticing that it’s in the FINANCE section of YG.  Should be in the religion category.

The home page says:

“The Grouply Evangelist Program is a select group of Grouply users who help define and select new Grouply features and who broadly communicate the benefits of Grouply in order to expand the Grouply user base.”

That “broadly communicate” thing?  Spammming.  Why don’t they realize that spamming as a promotional tool is self-defeating?  It just arouses the ire of group owners.

Their other tool: propaganda blogs and groups.  But they’re not the only ones who can play that game.

Evangelist?  Hmmm.  Not a bad word for it, really.  When you dig into what it’s all about, and its roots in the history of web-scouring hooking-up for commercial purposes, it does tend to feel sorta like a kind of religion … or like a cultish thing that can give you the willies.

How much ya wanna bet a dollar (as my cousin useta say when we were kids) that these evangelists would scream bloody murder if someone spammed their group and members’ personal email addresses with commmercial messages for a service they don’t want, don’t need, don’t like?  They’d declare something like a jihadist war.

Grouply Evangelist Program group:
Created 11/23/07
14 members
Fairly active, I guess …
Postings:
Nov 07 = 47
Dec 07 = 410 (!!! – no wonder Grouply became such a hot topic recently)
Jan 08 = 181
Feb 08 = 55

Now I guess they’ll move to some other cave.

Given that kind of activity, and Grouply’s spamming machine, and YGOG and EL-M and GrouplyImprovements mods defending and advocating for Grouply, and their activity in the blogosphere, there is a NEED for vocal activism to counter the Grouply propaganda, to protect our groups and members and what integrity is left in the whole idea of free online group services.  If we don’t take a stand now, as other third-party invaders come along YG will never be the same.

Eventually I hope to be able to point to some investigative reporting on the core people behind Grouplyfication of the web’s free groups services.  It’s not just Grouply.  As always, follow the money.  It leads right to their front door.

- UnGrouply Atheist
(no offense whatsoever desired or intended toward adherents of true religions serving the spiritual good)


Owner Control URL Shell Game and Propaganda

February 21, 2008

I suggest you forward a copy of this message to your friends who are Yahoo! Groups users, owners, or moderators, or anyone you know who may be considering using Grouply, or may be interested in this matter.

This message is publicly accessible here:

http://tech.groups.yahoo.com/group/ungrouply/message/88

and here:

http://ungrouply.wordpress.com/2008/02/21/owner-control-url-shell-game-and-propaganda/

Now that the FORMER Grouply owner control page URL has been widely distributed, Grouply has taken advantage of it as an opportunity to publish propaganda to owners who go to that URL.  They have redirected it to another URL.

To find the real (new) owner control page link, you have to scroll all the way to the end of the new propaganda sheet and click an obscure link buried in the last sentence.

The old owner controls page URL
http://www.grouply.com/owner_controls.php

now automatically redirects to the new propaganda page
http://blog.grouply.com/owners

When distributing the link to the REAL page titled “Grouply Owner Controls – Request Authorization Code” (for group owners to block access to grouply.com) use this:

http://www.grouply.com/owner_controls.php?r=1

or:

http://tinyurl.com/2syg93

I suppose they can continue this URL shell game.  I won’t be surprised if they do.

Sample of what they say on their new propaganda page:

“Do you care about what email service your group members use to read their group messages? Does it matter to you if they read their group messages on Hotmail, Gmail, Yahoo Mail, or inbox.com? If not, then you shouldn’t be concerned about Grouply, and you don’t need to do anything. You can simply allow your group members to use the email reader of their choice. All of these systems protect the privacy and confidentiality of your group messages and members. There is no additional risk with Grouply.”

Yes, I do care very much, when the system they are using is NOT just an email service, and does what Grouply does, the way they do it, through a back door without the group owner’s knowledge, without notifying the group owner what their subscribers have let grouply.com do with the group’s archives in a blind-siding end-run around the Yahoo! TOS and moderators’ control.

Grouply does not notify group owners that their message archive has been copied to grouply.com at the behest of one group member who joined grouply.com.  And why not?  It would be very easy to do.

They could automatically send the group -owner address a message with a link to their new propaganda page, immediately as soon as one member hooks their archive mirroring machine to a group.  But they won’t do that, because they must have at least the same reasons I have to believe that most moderators will choose to opt-out of what they have been involuntarily opted-into by one member of their group.

Just like any email service?

None of the email services they mention are designed to do what Grouply does, and none of them require that you give them your Yahoo! ID password to do what they do for you as email service providers (except Yahoo! Mail, if it’s the same Yahoo! ID you use for group membership, but Yahoo! Mail does not use your password the way Grouply does).

None of them — NOT EVEN YAHOO! — display to others a hyperlinked list of the other groups you belong to, BY DEFAULT upon joining, before you have a chance to realize they are doing it.  None of them do as Grouply does in automatically adding group links to such a list with every new group you join, by default, without asking you.  (Every time you join a new group you have to go to your Grouply privacy settings to turn off the display of the new group in your profile if you don’t want to tell others that you joined that group … if they haven’t seen it already.)

None of them display to other users your name and email address BY DEFAULT upon joining, before you ever communicated with them by email.

None of them require you to go to profile privacy settings to TURN OFF such default displays of such confidential information.

None of them are social networking systems anything like Grouply.  These other services Grouply keeps erroneously comparing themselves to are email service providers, not gropely intruders on Yahoo! Groups.

None of them automatically copy the entire archive of groups to another web site for storage and usage contrary to the provisions of the Yahoo! TOS.  None of them have a reason like that to provide a blocking/opt-out mechanism to group owners.

Just another email “reader?”

Apples and oranges.  That’s why I call their new page “propaganda.”

Other than Yahoo! Mail users who use the same Yahoo! account for group membership, none of the email services Grouply calls “readers” ask Yahoo! Groups users to divulge their YID password to enable them to read and send group messages through those email services.

None of them created such risks for groups as to cause a global outcry from group owners demanding a means to block access to them, something they should have provided from the start, before releasing their product to careless people who give their passwords to strangers.

None of them actively prompt and encourage all their users to send spam postings to all their groups, and actively encourage them with a conspicuous link at the top of their web interface to repeat the group posting spam every month.

Yahoo! cannot protect the privacy, safety and security of Grouply’s mirrored copies of our group archives stored on their grouply.com servers.

Grouply’s new propaganda sheet’s claim that there is “no additional risk with Grouply” (comparing, as they do in this claim, with any possible risks of using the email services they mention) has been proved flawed, in security errors they have already made, and moderator controls they have overridden, things publicly admitted by Grouply executives, in the most glaring cases.  Even if they have fixed some of the problems they caused, because of their past errors, and because of the serious nature of some of them (such as granting archive access to non-approved pending members) how are we to know with confidence that they won’t make additional errors, even worse ones?

“No additional risk with Grouply?”

There is ALWAYS a risk associated with giving a password to a stranger.  It is not right to say that there is “no additional risk” when comparing a service requiring your confidential password for another service to one not requiring it.

But who takes the risk?  Not Grouply.  Grouply’s TOS disclaims all responsibility for what may happen as a result of your giving them your password, leaving you liable (under the Yahoo! TOS) for what errors or security breaches or hacking may occur in the Grouply system where your password may be abused or misused, whether intentionally or not.

In other words, as provided for in the Yahoo! TOS, if you give them your password, and they make some error with it, it’s your fault, as it should be.

The Grouply TOS says:

“You are still responsible for maintaining the confidentiality of your password(s) and account(s) and are fully responsible for all activities that occur under your username(s) or account(s). …

“Your access to and use of the Site, the Services or any Content is at your own risk. …

“You agree to defend, indemnify, and hold harmless Grouply, its officers, directors, employees and agents, from and against any claims, liabilities, damages, losses, and expenses, including, without limitation, reasonable legal and accounting fees, arising out of or in any way connected with your access to or use of the Site or the Services …”

[You agree to DEFEND them for what errors they may make "connected with your access" (i.e., the use of your password)!  Are you prepared to defend Grouply groping around in groups with your password?]

Their TOS continues:

“THE SITE AND SERVICES ARE PROVIDED “AS IS”, WITHOUT WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESS OR IMPLIED. WITHOUT LIMITING THE FOREGOING, GROUPLY EXPLICITLY DISCLAIMS ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. GROUPLY MAKES NO WARRANTY THAT THE SITE OR SERVICES WILL MEET YOUR REQUIREMENTS OR BE AVAILABLE ON AN UNINTERRUPTED, SECURE, OR ERROR-FREE BASIS.  GROUPLY MAKES NO WARRANTY REGARDING THE QUALITY OF ANY PRODUCTS, CONTENT, SERVICES, OR INFORMATION PURCHASED OR OBTAINED THROUGH THE SITE OR SERVICES, OR THE ACCURACY, TIMELINESS, TRUTHFULNESS, COMPLETENESS OR RELIABILITY OF ANY INFORMATION OR CONTENT OBTAINED THROUGH THE SITE OR SERVICES. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM GROUPLY OR THROUGH THE SITE OR SERVICES, WILL CREATE ANY WARRANTY NOT EXPRESSLY MADE HEREIN.”

Look closely at that last sentence.

By accepting a subscription to their service, which requires that you accept their Terms of Service, you accept this statement that anything else their people may say outside the TOS is not enforceable as part of your contract with them.

It’s typical TOS or contract language.  But how many people really understand the possible risks and implications?  I’m not sure I do.  I just see red flags with this kind of thing.

A group owner who is not a Grouply subscriber never accepts these terms, and the terms exclude Grouply from liability anyway, even if an owner is a subscriber.

They offer a blocking/opt-out mechanism to group owners, but if they don’t spell it out as part of their Terms of Service or some other formally binding commitment to the opting-out owners, there may be no recourse for group owners if Grouply fails to reliably and safely honor owners’ opt-out decisions, or if Grouply changes their mind about your election to opt-out of their intrusion.

You don’t even have any promises from them about what they will or will not do with their list of all the groups who chose to opt-out, a list that all the opting-out group owners voluntarily give them when they opt-out.  You didn’t sign a TOS agreement with a privacy clause when you gave them that information.

Do they have an enforceable contract with group owners who opt out?  Maybe.  Maybe not.  Are you an expert in contract law?  Have such opt-out arrangements as this one been tested in courts of law for enforceability or related liabilities?

Are you sure that you can safely just take Grouply’s word for it that your opt-out order will be executed reliably and respected indefinitely, even after Grouply changes their system, their procedures, their opt-out mechanism, their TOS, or gets bought by another company, or sells their copy of your message archive (and the formerly password-protected connection to it) to someone else, who then uses it for yet other purposes beyond even Grouply’s control, just like Grouply’s possession of your archive is beyond Yahoo’s control (if Yahoo! continues to allow this)?

They also persist, in this new propaganda sheet, in saying (again) that their “Invite Groups” tool is not a spamming operation, despite the inescapable fact that it is bulk unsolicited commercial email sent as a posting to groups by a commercial company for the purpose of advertising or promoting a commercial product; i.e., classic spam.

Their new group owner propaganda sheet says, “People were not carefully selecting which groups to invite, and so some groups were getting multiple invites. Group members interpreted this as spam being sent by Grouply directly.”

You’re darn right I interpreted it as spam!  And the future spam that will come from your spamming machine will be spam, too!

As their Invite Groups tool is configured to operate as of the time of this writing, Grouply provides their subscribers the ability to use it to spam every one of their groups once every month.

ONE instance of spamming is punishable under federal law by a fine of $11,000, according to the U.S. Federal Trade Commission web site.  Even a first-offense DUI won’t cost you that much.  So is it a serious thing or not?

Grouply is not relieved of complicity in this spamming operation just because a Grouply subscriber asked grouply.com to send Grouply’s pre-written spam for them.  It is bulk unsolicited commercial email SENT BY GROUPLY.COM blindly to unknown parties as a posting to groups.

As someone said to me recently, “If you give me a vial of anthrax powder and ask me to mail it to someone else for you, and I do it, who is guilty OF SENDING IT?”

Does the law say it’s okay to send spam on behalf of someone else?  What does the law say?

At:
http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.shtm
The U.S. Federal Trade Commission says that the CAN-SPAM Act applies to “those who send commercial email.”

THOSE WHO SEND IT.

Grouply.com is sending it, in addition to actually WRITING it, and actively PROMPTING EVERY GROUPLY SUBSCRIBER to pull the trigger on their spam gun, as part of their “Quick Start” subscription procedure.

Imagine if every company did this kind of thing?  We’d be spending more time rejecting spam postings than accepting legitimate ones.

If we don’t take a strong stand against it now, what’s to stop ten or twenty other “archive aggregators” from doing the same thing?  If Grouply gets away with it, why shouldn’t others?  They’ll be encouraged to repeat the creation of archive-swiping spamming machines, and they may not all be quite such nice people as the Grouply folks are.

The FTC says that the law applies to “email whose primary purpose is advertising or promoting a commercial product or service, including content on a Web site.”  Grouply’s “Invite Groups” spam messages have that primary purpose.

The FTC provides a complaint form at:
https://rn.ftc.gov/pls/dod/wsolcq$.startup?Z_ORG_CODE=PU01
It says, “If you have a specific complaint about unsolicited commercial e-mail (spam), use the form below. You can forward spam directly to the Commission at SPAM@UCE.GOV without using the complaint form.”

Be sure to send them the full Internet headers and body of the spam.

And don’t subscribe to Grouply.  And block your groups at:

http://www.grouply.com/owner_controls.php?r=1

or:

http://tinyurl.com/2syg93


Freecycle Finder vs Grouply

February 19, 2008

Groupycans are claiming that there’s no comparison between Grouply’s group invasion and the former Freecycle Finder debacle.  Well, they’re not the same beasts, but there is a comparison.  One is an opt-in scheme, the other is a hijacker who offers a parachute to its victim.

Freecycle Finder was a scheme where The Freecycle Network, Inc. (TFN) coerced group owners to plant a message-harvesting “member” account (finder@freecycle.org) as a member of their Yahoo! Group, set for Individual Emails delivery mode.  TFN collected the messages and published them for public view on their secondary website freecyclefinder.org, where they used Google context-sensitive advertisements triggered by member postings to generate revenue.

After more than a year in operation, it got shut down when Yahoo! declared the scheme to be contrary to their Terms of Service (TOS) and Groups Guidelines (enforced under the TOS).

Grouply says that they will only make Yahoo! (and some day Google) Groups message archives available on their site to existing members of the respective groups they sink their hooks into.  They have said that they intend to use the message traffic to generate revenue with targeted advertising, assuming their product survives beta.

So grouplycans are saying that Grouply’s invasion is not the same as Freecycle’s, and that is true.  It’s not the same.

It’s worse.

Freecycle owner-moderators remained in full control of their groups.  FreecycleFinder could not plant itself as a harvester at the behest of any single non-moderator member.  The moderator had to put it there at TFN’s behest.  Mods who didn’t like it balked, and either walked (disaffiliated their group from TFN) or fought until they convinced Yahoo! to step in, as they did, after a long fight.

Grouply plants itself into a group without the moderator’s knowledge.  If just ONE member of a group subscribes to Grouply, via Grouply’s possession of that member’s Yahoo! ID (YID) and password, Grouply harvests the group’s entire message archive forever, and opens the group to a variety of risks, including security problems already identified and overrides on some moderator controls of archive access, among other problems.

If a moderator did not want to participate in FreecycleFinder, all they had to do was refuse to install the Finder account in their group.  To participate, they had to OPT-IN by intentionally adding the Finder account.  Grouply, in a far more intrusive manner, lets any one member “opt-in” the entire group, without moderator permission or knowledge.

After an outcry from wary moderators alerted to the scheme by Grouply’s spam guns blasting at their back door, Grouply bestowed upon them the gift of opting-out via their new access control for moderators.  Wasn’t that nice of them?


Join Ungrouply Behavior

February 18, 2008

After browsing here, if you want to get into the discussion, click on over to the Ungrouply Behavior Yahoo! Group at:

http://groups.yahoo.com/group/ungrouply

If you want to post to this blog, you can post to our Yahoo! Group with a request that your message be added to the blog.

Or, just send your blog post to:

ungrouply-owner@yahoogroups.com

and let us know how you want your blog post signed.


Winning Mods Hearts and Minds

February 18, 2008
About moderators getting Grouply Owner Authorization Code emails that they did not ask for …

It seems that anybody could go to the opt-out page and sit there all day punching in the group names for lots of groups to get Grouply to send them the OAC.  Probably not a good thing for Grouply, and a good way to annoy moderators, especially those who already opted-out.

Could the opt-out page restrict the same IP address from using it more than once per day?  Maybe twice in case the owner didn’t get the email the first time for some reason beyond Grouply’s control.

A better solution would be for Grouply to block access to any group where the owner had not first opted-IN to grant access to their members.  In my groups, nothing would win over the hearts and minds of members for using a new service better than their own fearless leader promoting it, because I have a long-term trusting relationship with them that Grouply does not have (and probably never will have now).  Of course, first I’d have to be convinced that Grouply was a good idea.  That’s hard to do when Grouply uses spam as a promotional activity.

If Grouply wanted a short-cut to attract members of Y! Groups, they would provide special features and benefits to owners and moderators, to encourage their use of the product, instead of annoying them with spam and unrequested OAC emails and security holes like overrides on archive access restrictions and personal information sharing defaulted to on instead of off, and defaulting to on advertising in member profiles links to groups that are unlisted in the YG directory.

I have found nothing in Grouply that improves my ability to manage my groups, or anything to make it more convenient for me to do so, no tools that make my life any better as a moderator.  On the contrary, I have found that Grouply has caused me more work.

As owner of my groups, I’m not just a YG moderator, I’m the executive director of a club or association (varying according to the nature of the group) that uses YG as its communication venue.  If Grouply wants to offer a service to my club members, shouldn’t it come politely knocking on my front door instead of barging in the back door, spam guns blazing?Yeah, they made an effort to reduce the spamming, but did not eliminate it, and before they reduced it, they effectively tossed up a big global red flag saying, “Don’t trust this company because they use an illegal practice to promote their wares.”  Lowering the flag to half-mast, or shrinking it, is not a fully effective solution to its prior size or presence.  Burning it would be better.

Because of Grouply and the potential for similar services putting me through still more hoop-jumping to avoid their intrusion, I’m considering moving my groups’ communication venue to another service instead of YG, even if it means having to pay for a secure one.  Is that what Grouply wants?  Is that what Yahoo wants?  Is that “improving the experience of Yahoo Groups?”

Since group owners have the power to abolish Grouply access, and began doing it (as I did) even without the opt-out procedure Grouply now provides, aren’t group owners and moderators people whom Grouply needs to attract rather than annoy with illegal spam via their “Invite Groups” postings to groups, something universally objectionable to conscientious moderators of good groups?

Spam once a month or even only once per group lifetime is still spam and illegal under U.S. federal law when it is unsolicited commercial email (the definition used by the Federal Trade Commission), as Grouply’s “Invite Groups” thing certainly is, because it is sent BY THE COMMERCIAL ENTITY.  I checked the headers on their spam; the originating IP is registered to grouply.com, not the Grouply subscriber pulling the trigger on Grouply’s spam gun.  So when I send it to the FTC, I will be careful to point out that it originated from the web site of a commercial entity, not just some Joe Citizen sharing an idea he likes with fellow group members.  The subscriber may be something like an agent for Grouply’s spamming operation, but the message IS SENT BY GROUPLY.COM.  How does Grouply expect to win hearts and minds among owner-moderators when they break the law to advertise their service to their members in spam postings?

Everyone who agrees should send the spam, with full headers displayed, and with a note emphasizing that the originating IP is registered to grouply.com, a commercial entity, to the FTC’s spam reporting center at:
spam@uce.gov
(that’s spam-at-uce.gov)

FTC probably won’t act on one complaint, but they might if lots of citizens file it.  It would be so much better if Grouply acted on it themselves.

Turn off the spam gun.  That would be a very good Grouply Improvement.

Since moderators of YGOG and EL-M seem to like Grouply, and put considerable effort into defending Grouply against criticisms, they could welcome Grouply posting promotional messages about their service in those big groups, which are actively promoted by Yahoo itself via links to them on Yahoo official web pages, and being groups that cater to moderators, people Grouply would seem to have a vested interest in winning over.

Or, instead of allowing access for any group by default on request of any one member of the group (which can be just a Grouply employee who joined the group to get a head start on scraping their archive, which takes time), Grouply could promote their product via the advertising banner in YG to attract moderators to sign up for it, and to attract members to lobby their moderators to sign up.

Yahoo uses YG banner ads to promote their Y! Hotjobs, Y! Personals, Y! Small Business web hosting, Y! Autos, and other services.  T-Mobile uses it to look for customers who want to “Get rockin’ now” with the “Samsung Beat,” and T-Mobile’s $10/month unlimited email.  Disney Cruise Line uses YG banner ads.  Macy’s, University of Phoenix, too.  Right now I’m looking at a banner ad in YG for Waste Management, Inc.  They seem to have the notion that it’s a good idea to advertise to YG users.

I’m no business tycoon, but it seems that Yahoo would have an interest in telling Grouply, “If you want a piece of the Yahoo Groups action, you can use our advertising banner service to target your ads at our YG users,” and come in through the front door instead of the back.  Yep, I suppose it might be expensive.  Cost of doing business with the big boys.


Lawyer-Up

February 18, 2008

Ungrouply Behavior,

I posted this message in the GI group in response to Grouply’s assertion that they “had lawyers review the Yahoo TOS to make sure we would be ok.”

You have my permission to post this in Ungrouply Behavior.  The original is at:
http://tech.groups.yahoo.com/group/GrouplyImprovements/message/722

—————————————–
Enron’s chiefs had lawyers, too, who fought hard to defend them.  Not to compare Grouply’s tiny place in the world to theirs, or Grouply’s activities to theirs, but the argument that lawyers said it is okay means almost nothing to me.

Case in point:

The Freecycle Network, Inc. (TFN), which also has a lawyer reviewing its practices (a respectable law firm, as I understand it), said repeatedly (including directly to me personally) that it had Yahoo’s okay for their YG message aggregation scheme (“Finder”), until Yahoo publicly pronounced the technique involved to be contrary to their TOS.  That came only after an outcry from YG members and moderators, and many complaints filed about it, and even then not before national press media gave attention to the matter.  Prior to that, for a long time (more than a year as I recall), the scheme was in place and operating successfully without visible interference from Yahoo.  Once Yahoo became convinced that it was a problem, and pronounced on the matter, TFN immediately took its revenue-generating freecyclefinder.org off the web, despite all the prior lawyerly claims made by TFN that it did not violate Yahoo’s TOS, operated with Yahoo’s knowledge, and allegedly even with their consent.  Grouply’s similar lawyer-reviewed claim of TOS compliance is unconvincing to me.

In their public statement made recently on third party access issues, so far clearly Yahoo is leaving the matter to the discretion of moderators, advising them to do what they think is best for their groups regarding membership eligibility of YG users connected with or enabling access of third parties.

As a group owner-moderator responsible for working to ensure TOS compliance in and by my group, I find that Grouply subscribers are complicit, whether willfully or not, in at least an end-run around certain provisions of the Yahoo TOS, if not directly violating it.  I find that they participate in enabling iGroup, Inc. to abrogate aspects of the spirit and the letter of the Yahoo TOS.  I find that Grouply encourages behaviors contrary to my understanding of the spirit of the Yahoo TOS.  Access and usage via the Grouply method also infringes on previously established internal policies of my groups.

Therefore, members are not allowed to use the Grouply method to access my groups.  There are so few of them, their not being allowed to use their Grouply account to access my group has no effect on the mission effectiveness of my groups anyway, but the presence of just one of them using Grouply does involve significant risks, in my view.  Grouply subscribers otherwise eligible for membership are welcome to participate in my groups, just not via the Grouply.com service, or any other like it.  Not being allowed to use Grouply does not prevent or inhibit their full participation in the missions of my groups, in well established, reliably convenient ways provided by Yahoo!.


Follow

Get every new post delivered to your Inbox.