Grouply Evangelism

February 23, 2008

I guess this whole Grouply thing just means that now owners have two new responsibilities:

(1) constantly watching the group-related message boards for information about invading third party services and other risks, and

(2) educating all their co-owners and co-mods about it.

It’s not enough to just know how to use the Management settings in a group.  And Yahoo’s Moderator Central is weak in reporting things that many of us regard as problems and risks, though not useless.

You know how well that will work.  Many group owners and mods barely know how to use the service, much less become experts in third party issues.

Maybe someday Yahoo! will accommodate us by providing a firewall that by default blocks all third party access, and provide a checklist in Management settings where we can opt-in to third party services we want to offer our groups.

(One can dream, right?)

Otherwise, the whole notion of free online groups is going to go bad in a big way, and serious moderators of serious groups will have to sign up for a paid system that is truly secure.  It shouldn’t be expensive, though, given the continually decreasing costs of running a web service.

Did you know that there is a core team of GrouplyFans calling themselves Grouply EVANGELISTS?

http://finance.groups.yahoo.com/group/grouply_evangelist_program/

I enjoyed noticing that it’s in the FINANCE section of YG.  Should be in the religion category.

The home page says:

“The Grouply Evangelist Program is a select group of Grouply users who help define and select new Grouply features and who broadly communicate the benefits of Grouply in order to expand the Grouply user base.”

That “broadly communicate” thing?  Spammming.  Why don’t they realize that spamming as a promotional tool is self-defeating?  It just arouses the ire of group owners.

Their other tool: propaganda blogs and groups.  But they’re not the only ones who can play that game.

Evangelist?  Hmmm.  Not a bad word for it, really.  When you dig into what it’s all about, and its roots in the history of web-scouring hooking-up for commercial purposes, it does tend to feel sorta like a kind of religion … or like a cultish thing that can give you the willies.

How much ya wanna bet a dollar (as my cousin useta say when we were kids) that these evangelists would scream bloody murder if someone spammed their group and members’ personal email addresses with commmercial messages for a service they don’t want, don’t need, don’t like?  They’d declare something like a jihadist war.

Grouply Evangelist Program group:
Created 11/23/07
14 members
Fairly active, I guess …
Postings:
Nov 07 = 47
Dec 07 = 410 (!!! – no wonder Grouply became such a hot topic recently)
Jan 08 = 181
Feb 08 = 55

Now I guess they’ll move to some other cave.

Given that kind of activity, and Grouply’s spamming machine, and YGOG and EL-M and GrouplyImprovements mods defending and advocating for Grouply, and their activity in the blogosphere, there is a NEED for vocal activism to counter the Grouply propaganda, to protect our groups and members and what integrity is left in the whole idea of free online group services.  If we don’t take a stand now, as other third-party invaders come along YG will never be the same.

Eventually I hope to be able to point to some investigative reporting on the core people behind Grouplyfication of the web’s free groups services.  It’s not just Grouply.  As always, follow the money.  It leads right to their front door.

– UnGrouply Atheist
(no offense whatsoever desired or intended toward adherents of true religions serving the spiritual good)


Owner Control URL Shell Game and Propaganda

February 21, 2008

I suggest you forward a copy of this message to your friends who are Yahoo! Groups users, owners, or moderators, or anyone you know who may be considering using Grouply, or may be interested in this matter.

This message is publicly accessible here:

http://tech.groups.yahoo.com/group/ungrouply/message/88

and here:

https://ungrouply.wordpress.com/2008/02/21/owner-control-url-shell-game-and-propaganda/

Now that the FORMER Grouply owner control page URL has been widely distributed, Grouply has taken advantage of it as an opportunity to publish propaganda to owners who go to that URL.  They have redirected it to another URL.

To find the real (new) owner control page link, you have to scroll all the way to the end of the new propaganda sheet and click an obscure link buried in the last sentence.

The old owner controls page URL
http://www.grouply.com/owner_controls.php

now automatically redirects to the new propaganda page
http://blog.grouply.com/owners

When distributing the link to the REAL page titled “Grouply Owner Controls – Request Authorization Code” (for group owners to block access to grouply.com) use this:

http://www.grouply.com/owner_controls.php?r=1

or:

http://tinyurl.com/2syg93

I suppose they can continue this URL shell game.  I won’t be surprised if they do.

Sample of what they say on their new propaganda page:

“Do you care about what email service your group members use to read their group messages? Does it matter to you if they read their group messages on Hotmail, Gmail, Yahoo Mail, or inbox.com? If not, then you shouldn’t be concerned about Grouply, and you don’t need to do anything. You can simply allow your group members to use the email reader of their choice. All of these systems protect the privacy and confidentiality of your group messages and members. There is no additional risk with Grouply.”

Yes, I do care very much, when the system they are using is NOT just an email service, and does what Grouply does, the way they do it, through a back door without the group owner’s knowledge, without notifying the group owner what their subscribers have let grouply.com do with the group’s archives in a blind-siding end-run around the Yahoo! TOS and moderators’ control.

Grouply does not notify group owners that their message archive has been copied to grouply.com at the behest of one group member who joined grouply.com.  And why not?  It would be very easy to do.

They could automatically send the group -owner address a message with a link to their new propaganda page, immediately as soon as one member hooks their archive mirroring machine to a group.  But they won’t do that, because they must have at least the same reasons I have to believe that most moderators will choose to opt-out of what they have been involuntarily opted-into by one member of their group.

Just like any email service?

None of the email services they mention are designed to do what Grouply does, and none of them require that you give them your Yahoo! ID password to do what they do for you as email service providers (except Yahoo! Mail, if it’s the same Yahoo! ID you use for group membership, but Yahoo! Mail does not use your password the way Grouply does).

None of them — NOT EVEN YAHOO! — display to others a hyperlinked list of the other groups you belong to, BY DEFAULT upon joining, before you have a chance to realize they are doing it.  None of them do as Grouply does in automatically adding group links to such a list with every new group you join, by default, without asking you.  (Every time you join a new group you have to go to your Grouply privacy settings to turn off the display of the new group in your profile if you don’t want to tell others that you joined that group … if they haven’t seen it already.)

None of them display to other users your name and email address BY DEFAULT upon joining, before you ever communicated with them by email.

None of them require you to go to profile privacy settings to TURN OFF such default displays of such confidential information.

None of them are social networking systems anything like Grouply.  These other services Grouply keeps erroneously comparing themselves to are email service providers, not gropely intruders on Yahoo! Groups.

None of them automatically copy the entire archive of groups to another web site for storage and usage contrary to the provisions of the Yahoo! TOS.  None of them have a reason like that to provide a blocking/opt-out mechanism to group owners.

Just another email “reader?”

Apples and oranges.  That’s why I call their new page “propaganda.”

Other than Yahoo! Mail users who use the same Yahoo! account for group membership, none of the email services Grouply calls “readers” ask Yahoo! Groups users to divulge their YID password to enable them to read and send group messages through those email services.

None of them created such risks for groups as to cause a global outcry from group owners demanding a means to block access to them, something they should have provided from the start, before releasing their product to careless people who give their passwords to strangers.

None of them actively prompt and encourage all their users to send spam postings to all their groups, and actively encourage them with a conspicuous link at the top of their web interface to repeat the group posting spam every month.

Yahoo! cannot protect the privacy, safety and security of Grouply’s mirrored copies of our group archives stored on their grouply.com servers.

Grouply’s new propaganda sheet’s claim that there is “no additional risk with Grouply” (comparing, as they do in this claim, with any possible risks of using the email services they mention) has been proved flawed, in security errors they have already made, and moderator controls they have overridden, things publicly admitted by Grouply executives, in the most glaring cases.  Even if they have fixed some of the problems they caused, because of their past errors, and because of the serious nature of some of them (such as granting archive access to non-approved pending members) how are we to know with confidence that they won’t make additional errors, even worse ones?

“No additional risk with Grouply?”

There is ALWAYS a risk associated with giving a password to a stranger.  It is not right to say that there is “no additional risk” when comparing a service requiring your confidential password for another service to one not requiring it.

But who takes the risk?  Not Grouply.  Grouply’s TOS disclaims all responsibility for what may happen as a result of your giving them your password, leaving you liable (under the Yahoo! TOS) for what errors or security breaches or hacking may occur in the Grouply system where your password may be abused or misused, whether intentionally or not.

In other words, as provided for in the Yahoo! TOS, if you give them your password, and they make some error with it, it’s your fault, as it should be.

The Grouply TOS says:

“You are still responsible for maintaining the confidentiality of your password(s) and account(s) and are fully responsible for all activities that occur under your username(s) or account(s). …

“Your access to and use of the Site, the Services or any Content is at your own risk. …

“You agree to defend, indemnify, and hold harmless Grouply, its officers, directors, employees and agents, from and against any claims, liabilities, damages, losses, and expenses, including, without limitation, reasonable legal and accounting fees, arising out of or in any way connected with your access to or use of the Site or the Services …”

[You agree to DEFEND them for what errors they may make “connected with your access” (i.e., the use of your password)!  Are you prepared to defend Grouply groping around in groups with your password?]

Their TOS continues:

“THE SITE AND SERVICES ARE PROVIDED “AS IS”, WITHOUT WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESS OR IMPLIED. WITHOUT LIMITING THE FOREGOING, GROUPLY EXPLICITLY DISCLAIMS ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. GROUPLY MAKES NO WARRANTY THAT THE SITE OR SERVICES WILL MEET YOUR REQUIREMENTS OR BE AVAILABLE ON AN UNINTERRUPTED, SECURE, OR ERROR-FREE BASIS.  GROUPLY MAKES NO WARRANTY REGARDING THE QUALITY OF ANY PRODUCTS, CONTENT, SERVICES, OR INFORMATION PURCHASED OR OBTAINED THROUGH THE SITE OR SERVICES, OR THE ACCURACY, TIMELINESS, TRUTHFULNESS, COMPLETENESS OR RELIABILITY OF ANY INFORMATION OR CONTENT OBTAINED THROUGH THE SITE OR SERVICES. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM GROUPLY OR THROUGH THE SITE OR SERVICES, WILL CREATE ANY WARRANTY NOT EXPRESSLY MADE HEREIN.”

Look closely at that last sentence.

By accepting a subscription to their service, which requires that you accept their Terms of Service, you accept this statement that anything else their people may say outside the TOS is not enforceable as part of your contract with them.

It’s typical TOS or contract language.  But how many people really understand the possible risks and implications?  I’m not sure I do.  I just see red flags with this kind of thing.

A group owner who is not a Grouply subscriber never accepts these terms, and the terms exclude Grouply from liability anyway, even if an owner is a subscriber.

They offer a blocking/opt-out mechanism to group owners, but if they don’t spell it out as part of their Terms of Service or some other formally binding commitment to the opting-out owners, there may be no recourse for group owners if Grouply fails to reliably and safely honor owners’ opt-out decisions, or if Grouply changes their mind about your election to opt-out of their intrusion.

You don’t even have any promises from them about what they will or will not do with their list of all the groups who chose to opt-out, a list that all the opting-out group owners voluntarily give them when they opt-out.  You didn’t sign a TOS agreement with a privacy clause when you gave them that information.

Do they have an enforceable contract with group owners who opt out?  Maybe.  Maybe not.  Are you an expert in contract law?  Have such opt-out arrangements as this one been tested in courts of law for enforceability or related liabilities?

Are you sure that you can safely just take Grouply’s word for it that your opt-out order will be executed reliably and respected indefinitely, even after Grouply changes their system, their procedures, their opt-out mechanism, their TOS, or gets bought by another company, or sells their copy of your message archive (and the formerly password-protected connection to it) to someone else, who then uses it for yet other purposes beyond even Grouply’s control, just like Grouply’s possession of your archive is beyond Yahoo’s control (if Yahoo! continues to allow this)?

They also persist, in this new propaganda sheet, in saying (again) that their “Invite Groups” tool is not a spamming operation, despite the inescapable fact that it is bulk unsolicited commercial email sent as a posting to groups by a commercial company for the purpose of advertising or promoting a commercial product; i.e., classic spam.

Their new group owner propaganda sheet says, “People were not carefully selecting which groups to invite, and so some groups were getting multiple invites. Group members interpreted this as spam being sent by Grouply directly.”

You’re darn right I interpreted it as spam!  And the future spam that will come from your spamming machine will be spam, too!

As their Invite Groups tool is configured to operate as of the time of this writing, Grouply provides their subscribers the ability to use it to spam every one of their groups once every month.

ONE instance of spamming is punishable under federal law by a fine of $11,000, according to the U.S. Federal Trade Commission web site.  Even a first-offense DUI won’t cost you that much.  So is it a serious thing or not?

Grouply is not relieved of complicity in this spamming operation just because a Grouply subscriber asked grouply.com to send Grouply’s pre-written spam for them.  It is bulk unsolicited commercial email SENT BY GROUPLY.COM blindly to unknown parties as a posting to groups.

As someone said to me recently, “If you give me a vial of anthrax powder and ask me to mail it to someone else for you, and I do it, who is guilty OF SENDING IT?”

Does the law say it’s okay to send spam on behalf of someone else?  What does the law say?

At:
http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.shtm
The U.S. Federal Trade Commission says that the CAN-SPAM Act applies to “those who send commercial email.”

THOSE WHO SEND IT.

Grouply.com is sending it, in addition to actually WRITING it, and actively PROMPTING EVERY GROUPLY SUBSCRIBER to pull the trigger on their spam gun, as part of their “Quick Start” subscription procedure.

Imagine if every company did this kind of thing?  We’d be spending more time rejecting spam postings than accepting legitimate ones.

If we don’t take a strong stand against it now, what’s to stop ten or twenty other “archive aggregators” from doing the same thing?  If Grouply gets away with it, why shouldn’t others?  They’ll be encouraged to repeat the creation of archive-swiping spamming machines, and they may not all be quite such nice people as the Grouply folks are.

The FTC says that the law applies to “email whose primary purpose is advertising or promoting a commercial product or service, including content on a Web site.”  Grouply’s “Invite Groups” spam messages have that primary purpose.

The FTC provides a complaint form at:
https://rn.ftc.gov/pls/dod/wsolcq$.startup?Z_ORG_CODE=PU01
It says, “If you have a specific complaint about unsolicited commercial e-mail (spam), use the form below. You can forward spam directly to the Commission at SPAM@UCE.GOV without using the complaint form.”

Be sure to send them the full Internet headers and body of the spam.

And don’t subscribe to Grouply.  And block your groups at:

http://www.grouply.com/owner_controls.php?r=1

or:

http://tinyurl.com/2syg93


Press Conference?

February 18, 2008

Posted here by permission of the author:
——————————————————

In response to Grouply CEO Mark Robins’ announcement of a blog entry he called a “virtual press conference” … but did he actually INVITE THE PRESS?  How can you call something a press conference without inviting the press?

Speaking of a press conference …

It may be past due time the press, especially tech trade journals, and major, popular bloggers, along with mainstream news media, got involved in reporting these Yahoo! Groups owners’ concerns about Grouply.com, because it bears significance for what has been reported here as “100+ million” Yahoo! users.  That makes it a matter of considerable interest to the general public, worldwide.

And it is definitely past due time for Yahoo! to take a publicly broadcast position on the matter.  Until we know exactly where Yahoo! stands on it, I feel like we’re sort of three sheets to the wind, so to speak, in trying to do anything about it.

Tricia wrote, at:
http://tech.groups.yahoo.com/group/EmailList-Managers/message/91033
————————-
<begin quote>
2.  NO “Invite Your Group” capability.  Inviting an entire list at once, even once, never mind once a month, even if the owner doesn’t really care, is spamming the list members who did NOT sign up for the list to receive Grouply unsolicited commercial emails, even if Grouply uses the fingers of their users to send them rather than co-opting the computers of the unknowing to do so.  Same concept – get someone else to send your spam for you.

3.  OPT IN ONLY.  Not “send the list owner a message letting them know that someone on their list is using Grouply and they can opt out if they want to”.  True Opt In means that Grouply doesn’t lay a virtual finger on a list until the list owner says explicitly that they want their list to be made available for Grouply.
<end quote>
————————-

I agree, and intend to maintain this position and present it vociferously to Yahoo!  Thank you, Tricia, for persistently staying on target about the true fundamentals involved.

Spam is spam is spam, and is means is.  The U.S. Federal Trade Commission’s mandate to enforce the CAN SPAM Act of 2003 needs to be applied to this situation, if the spam-encouraging feature of Grouply.com is not eliminated immediately.

Opt-in is necessary, by a group OWNER (not just any mod who may not be owner replying to an opt-out message sent to all the moderators via the group’s -owner address).  I find no opting-out scheme to be a satisfactory substitute for OWNER-chosen opt-IN.


Countering GrouplyFan Propaganda

February 18, 2008

These GrouplyFans yakking it up in the GrouplyImprovements group think that we have no right to “interfere” in Grouply’s business.  Well, Grouply is going to find out that as word continues getting out about what they are doing, there will be many more moderators blocking them and banning their users.  This is just the beginning.  Many people never heard of Grouply.  None of my co-moderators did until I told them about it.  None of my freecycling group members heard of it until I told them not to use it or they will be removed from the group.  As more people find out what it is (a scheme to make money off our private message traffic), many will not participate, and will tell their friends and groups to stay out of it.

Some of these GrouplyFans are not defending Grouply because they truly believe in the product.  I see many of them posting messages to groups every day without using Grouply to do it!  If they like Grouply so much, why aren’t they using it?

Some of them just see dollar signs.  They think that Grouply is going to be the “next big thing,” and they want to get in on the ground floor buying shares when Grouply issues an IPO (becomes a publicly traded company), if they survive that long.  I have seen three of the leading GrouplyFans say things like this.  They think they are going to be the next Google or Microsoft first shareholders.  Nonsense.  Grouply does not stand a chance of ever becoming big, because there is no need for their product.  They will be lucky to get 2% of Yahoo and Google Group users to subscribe, especially with the bad publicity they have caused for themselves.

They’ll get lots of spammers and miscreants to join, because it’s a great tool for spamming and spying on group members.  Stalkers and pedophiles will just love it.  That will just generate more bad publicity for them.

It is not “good business” to barge in and demand that people surrender their private data so some stranger can use it to generate advertising revenue by mining their data to target advertising dollars.  Grouply has only ONE goal: making money.  Their propaganda about “improving your experience of Yahoo! Groups” is nonsense.  If that was their goal, they would include support of all features of Y! Groups, not just aggregation and mining of the message archives.

They don’t care what we think, but they will find out that many good people believe there is more to life than making money, and they don’t believe (as Shal and Srihari and TexasCritter other GrouplyFans do) that Grouply has some “right” to make money on our message traffic.

Grouply shot themselves in the foot when they gave spamming tools to their subscribers.  All it did was raise alarm bells, not generate good publicity for them.  I see it as conspiracy to violate the U.S. CAN SPAM Act of 2003, and the Federal Trade Commission needs to receive lots of complaints about it to get them to act on it.  We need to flood the FTC with email and postal mail about it.

Yahoo management and the public and the Federal Trade Commission are the people we need to be talking to, not groups run by GrouplyFans who suppress opposition to Grouply.

We need to stick to the fundamental principles involved:

(1)  It is dangerous and foolish to give up your password to a stranger.

(2)  Nobody has a “right” to take our private group message traffic and make money by generating advertising revenue with it.

(3)  Yahoo should provide group owners with the ability to block third party “aggregators” from this kind of activity, and to block external domain names from accessing our group content.

(4) The Yahoo! TOS prohibits transmitting group content to another web site.

I think it’s time for Yahoo to give us firewall-style tools to prevent access to our groups by DOMAIN NAME.  In other words, the ability to block any outside web site from accessing our group site, or any email address with a given domain name from joining.  Hotmail allows its users to block not just email addresses, but entire domains.  In my hotmail account, I can block @grouply.com, not just individual email addresses.  Yahoo should allow us to do that, too.  But blocking email addresses with a given domain name is not enough.  We need a firewall-style blocking that prevents external web sites from directly accessing our message archives via web connection (not just harvesting via Individual Emails member settings), even if they do have a member’s password to do it.

But I note with interest that people are not flocking in droves to sign up for Grouply, either.  Less than one percent of the EL-M group are Grouply subscribers.  Only about a dozen of the GrouplyImprovements members are Grouply subscribers, and at least two of them are Grouply staff, and two of them are GrouplyFan moderators.  Grouply hardly has any serious beta testers (which is why they have so many bugs and problems), and very few fans.

It’s a pretty lame product anyway.  I explored it pretty seriously, and found nothing about it that “improved my experience of Yahoo Groups.”

Grouply may end up just dying of natural causes and self-inflicted wounds.  I hope so.