Do you know who your Grouply Friends are?

February 29, 2008

Ungrouply Behavior Mod,

Since the message below was censored by the GrouplyImprovements clownmod (volunteer Grouply “public relations officer” Texas Critter), you have my permission to publish it.

Netbud

———————————–
— In
http://tech.groups.yahoo.com/group/GrouplyImprovements/message/856
— “Rich Reimer” <rreimer91@…> wrote:
> I would have posted this, but we were going back and forth
> on changes (which we have made very quickly) so I did not
> want to confuse people.
>
> Per my email to you, we have fixed it yesterday so you can
> delete a friend by going only to the search listing
> page.  Please try it out.

I don’t see where anything I wrote “confused people.”  Nobody asked for a clarification.

You “would have posted” precisely what?  That you added a new feature to delete Friends that did not exist before?  Or a revision to that feature to allow deletion of Friends with closed profiles?  Or a notice to users that they should check their Friends list to see if they were affected by the bug that allowed people to get on a user’s Friends list accidentally, possibly granting them access to private profile data, depending on the individual’s privacy settings?

When I suggested privately to you that you post something about it, you did not respond to that suggestion, so I made it public in the interest of those who may have had their privacy breached by the bug (now fixed, but still could be the cause of the presence of unwanted Friends who gained presence on Friends lists before the bug was fixed, and before you provided the ability to delete entries on the Friends list).

In the interest of protecting privacy of confidential profile data, will you at least publicly acknowledge that there was a programming bug that did allow people to get on a user’s Friends list inadvertently, so that Grouply users will understand from an authority other than me that they really do need to check their Friends list if they have not done so within the past few days, especially if they ever sent out any invites, or responded to one (invites being the source of the bug)?

I also suggested to you privately that you offer Grouply users a place where they can see a list of known bugs that have been reported, and their status (fixed, in progress, etc.), so that they don’t have to depend on unofficial groups like this for such information.  You did not respond to that suggestion, either.

Or is it your intention that to get the latest scoop on the status of solutions to problems in your beta product, all Grouply users must hold membership in this [Grouply Improvements Yahoo!] group?  Is it not enough that they hold membership in Grouply’s public beta test?

People giving you the benefit of their time and labor to participate in your public beta test should have access to some kind of reporting mechanism on what problems have been reported and their status, ESPECIALLY for bugs that affect the security or privacy of their personal information, which they put at risk to participate in your beta.

Frankly, being only a beta, I don’t understand why it deserved TrustE certification, when the product was not sufficiently tested to confirm that there were no bugs in access to private data.  However, as I understand what I read of TrustE’s consumer reporting service, they ask that a consumer report a problem to them only if their licensee company does not address it satisfactorily.  You fixed the bug, but it should be reported to all users who may have been affected by it, when it involves security of privacy.

I think it would be a significant Grouply Improvement if Grouply provided an online source for registered Grouply users to see a list of important bugs that could affect privacy, confidentiality, or security, and progress in fixing them.  I’m disappointed that you did not reply to this suggestion when I made it to you privately.

As I told you in email, I’ve been involved in beta projects before, as a user and as project manager of them.  It is not unusual for the beta project manager to provide registered beta testers with status reporting on issues, at least important ones.  You could easily do that in your blog or on a web page accessible only to registered beta testers, or in a Yahoo! Group.  But leaving it in the hands of an unidentified third-party volunteer (“Texas Critter,” in this case, moderator of this group) hardly seems professional.  I suggested multiple ways for you to approach it, and you did not respond.

I was fair to Grouply in the way I publicly reported the Friends List issue.  Will you at least acknowledge the accuracy of my report?

By the way, I can no longer further test your new Friends deletion routine for people with closed profiles, because I already deleted all the people on my Friends list, the first time you tried to offer a Friends deletion routine that lacked the ability to delete ones who had closed profiles.  You’ll have to get somebody else to test that for you.

———————————————
Prior messages in this thread:
——————————————–

From Grouply COO Rich Reimer:
http://tech.groups.yahoo.com/group/GrouplyImprovements/message/856
——————————————–

From Netbud:
http://tech.groups.yahoo.com/group/GrouplyImprovements/message/852
— In GrouplyImprovements@yahoogroups.com, “netbud” <netbud@…> wrote:
— In GrouplyImprovements@yahoogroups.com, Ben D <netbud@> wrote:
> 2)  When you visit the profile of another Grouply user
> (if they have not closed it with the “only me” privacy
> setting), your visit is recorded and reported to them in the
> “Recent Visitors” box at the lower left corner of their
> profile display … and thus reported to anyone else who
> visits their profile page.  Deleting a friend who
> showed up accidentally or by a bug (or even if you just
> changed your mind about the friendship) should not require
> you to report to them and to others that you visited their
> profile.  Grouply Support has not addressed this
> concern in my dialog with them about the various Friends
> List issues.

Since I posted this prior message, Grouply Support said that they would change the Friends list functioning so that when you click on a Friend they will be displayed as a search listing instead of opening their profile page.  As I understand what Grouply Support told me, on the search listing page there will be a Remove Friend button or link.  When this is accomplished, it should resolve the problem of being unable to delete a Friend whose profile is closed (“only me” visibility), and enable you to delete a Friend without visiting their profile page and having that visit recorded and displayed to all others who visit that person’s profile.

——————————————–

From Netbud:
http://tech.groups.yahoo.com/group/GrouplyImprovements/message/850
— In GrouplyImprovements@yahoogroups.com, Ben D <netbud@…> wrote:

 Heads-up Grouply users:  CHECK YOUR FRIENDS LIST.

After joining Grouply, I discovered that I had “friends” (total strangers to me) on my Friends list that I did not invite to be on my Friends list, and who had not asked me to be their friends.

After some dialog with Grouply Support, it was discovered that they got there through a bug involved with clicking on the link in a group invite I had sent.  It also works the other way: if you click on the join Grouply link in an invitation message, you automatically got added to the Friends list of the person who sent the invitation, and they to yours.

Here’s how it worked until it was fixed a couple days ago:

When you use the group invite routine, the default message created for you by Grouply says, “You can use this link to sign up: http://www.grouply..com/register.php?r=nnnnn,” where “nnnnn” is a number referencing your Grouply account.  If some stranger in the group joined Grouply by clicking on that link in the invitation message you posted to the group, they got automatically added to your Friends list (and you to theirs).  Conversely, if you joined Grouply using such a link in an invitation, the sender of the link became your Friend and you theirs.

Grouply “Friends” can have special access to personal, private information in your profile, depending on your privacy settings.  This opened the door to undesirable and unauthorized access to private, confidential information by surprise “friends.”  Depending on your privacy settings and what information you entered in your profile, this can include access to your name, email address, postal address, phone numbers, group memberships, etc.

It has been fixed so that now when you use one of those invite links, you show up as a Friend *Request* in the privacy settings page of the person who sent out the link, and vice-versa: if someone clicks on that link in an invite you sent out, they then show up as a Friend *Request* in your privacy settings page.  In the list of Friend Requests, you can click Ignore to deny their joining your Friends list and gaining friends-only access to confidential information in your profile.

This problem was fixed a couple days ago, but people who either joined Grouply via an invitation or sent invitations out to their groups prior to a couple days ago should check their profile pages to see if they have unwanted Friends there who came on board prior to the fix.  This can be especially important if they kept the default privacy settings upon joining Grouply, and/or if they put any personal information in their profile, or did not turn off access to things like their email address, postal address, phone numbers, etc.

Deleting a Friend also has some troubles.

When I discovered my unwanted friends, I found there was no facility for deleting them.  While viewing the Friends list on my profile page, there was no button or link for “delete friend.”  After reporting this to Grouply Support, they added it, but not on the Friends list.  To delete a Friend, you have to click into their profile from your Friends list, where you will find a button to remove them from your Friends list (and, reportedly, simultaneously remove yourself from their Friends list).

I have two problems with this:

1)  If a Friend has a closed profile (privacy setting at “only me” visibility), you can’t get to that Remove Friend button in their profile page.  You’re stuck with them.  When you click on the link to a Friend in your Friends list, and that person’s profile is closed (“only me” visibility in their privacy settings), you get only their search listing, not their profile, and no Remove Friend button.  Grouply Support said that they will work on making a Remove Friend button available there in the search listing for those people who have closed profiles.

2)  When you visit the profile of another Grouply user (if they have not closed it with the “only me” privacy setting), your visit is recorded and reported to them in the “Recent Visitors” box at the lower left corner of their profile display … and thus reported to anyone else who visits their profile page.  Deleting a friend who showed up accidentally or by a bug (or even if you just changed your mind about the friendship) should not require you to report to them and to others that you visited their profile.  Grouply Support has not addressed this concern in my dialog with them about the various Friends List issues.

I do not understand why one’s own Friends list in their own profile display cannot or should not have a button for deleting friends right there instead of having to go to their profile to do it.  So far I have not received a satisfactory answer to this from Grouply Support.

All else aside, my main reason for raising this issue here is to alert Grouply users that they should check their Friends list (in the My Profile tab) to see if any unexpected friends showed up, because Friends have special access to confidential data depending on what privacy settings you used, and the default set of privacy settings does grant them that access.

I felt that Grouply should have reported this potentially serious confidential data access control problem and its fix, so that people who joined prior to its fix could be alerted to check their Friends list if they had not visited their Profile page since having sent out invitations, or if they joined from the link in an invitation.  I suggested it to Grouply Support, but they did not respond to the suggestion.  I find that unfortunate.  Users should be notified of an important issue like this.


Grouply Talk 1

February 18, 2008
[Posted here by permission of the author, part of a conversation between two moderators]Before I say anything else, you can probably guess that if you open this topic on-list, it may become very hot and flood the board with OT traffic for a long time.  However, if you feel, as I do, that members should be aware of what’s going on, maybe you could post an announcement but restrict dialog on it, referring people instead to the group links below.  Then again, maybe you’ll like Grouply, too, and welcome their hosting a duplicate of your group’s restricted message archive (which they may already have)!

The message I sent you is a copy of the special notice that I sent the members of my groups.  Actually I first sent a notice just saying we will not permit Grouply users, no explanation.  One person asked why.  So I followed up with what I sent you, just for the record, knowing most of my members are not especially tech savvy and don’t care.  None of my co-mods had heard of Grouply until I told them they could not be mods with a Grouply-subscribed YID (before I decided to abolish Grouply users altogether).  But in the past they have given me nice positive feedback when I did things to protect the group’s integrity, privacy and security, so I know they appreciate the effort.  I have not lost any members over this matter, and would not care if a few left because they like Grouply.  Besides, they can be Grouply subscribers and just not use it to connect to my groups.

It seems to me that the way Grouply gained notoriety and public awareness was through spamming.  When you subscribe, by default you are offered a “tell a friend” box to insert the email addresses of others to receive a Grouply advertisement.  Some people have been using that to enter group -owner addies or group posting addies.  Then they also prompt you to say no to a default list of all the groups you belong to, offering a spamming gun to send an advertisement to the group message board of every group where you hold membership.  Then they also had a contest (not sure if that’s still running … see

http://theprizeblog.com/2007/12/01/featured-contest-the-grouply-nintendo-wii-and-ipod-touch-competition/
for existing Grouply subscribers where they gave away toys like an iPod and Nintendo Wii to members who recruited the most new subscribers.  These tactics generated a mass spamming effort among Y! groups, which aroused lots of interest, of course, though not good PR for iGroup Network, Inc. and its Grouply “service” (apparently incarnated at least partly by the principals of linkedin.com, from what I read in trade reports).On the advice of a friend with more experience in Grouplyfication, I planted a lurking account in Grouply temporarily just to see for sure how many people are using Grouply.  None were in my groups.  In the EmailList-Managers group, with 3322 members, less than 1% were using it, including two Grouply staff and, I believe, two moderators who are Grouply fans.

If you run a search on the word grouply in Management | Memberships, you’ll see address changes to @ grouply.com if any members signed up with them.  That happens instantly as soon as someone subscribes to Grouply.  (Sets them up like Freecycle Finder did … Indy Emails going to their Grouply address, and Grouply archives the “take” indefinitely.  Grouply’s bot — they prefer the word “application” or “service” — does the Yahoo email address verification in the background.)  They can switch to Grouply’s new “web connection” mode once they are signed up, where Grouply’s bot uses their YID and password to simply scrape the group archive instead of getting only new postings by email.  And they DO take the whole archive.  Supposedly their mirroring will eventually keep up to date by removing deleted posts, too, if you trust Grouply to do that.  I don’t.

They claim we should trust them because they have TrustE certification.  Yadda, yadda, yadda.

If a member’s address changed to grouply and back again, there’s no way you’ll know if it’s because they just switched their Grouply account to web connection mode for your group, or they quit Grouply, unless you create a dummy YID and sub it to Grouply to monitor your group.  That exposes your group to whatever risks may be involved, but within Grouply you can turn off the connection to your group for your dummy ID, and turn off visibility of your Grouply profile to other Grouply subscribers.  (It takes them a while to scrape an entire archive … in my testing I found that even for a tiny test group archive with only three postings, they did not pick it up within 15 minutes.)  Then, when you want to check on your group, you can temporarily turn on the connection for a couple minutes just to see how many of your members are using Grouply.  If you’re not inclined to block Grouply access (see below), this dummy lurker method would at least tell you how popular Grouply is among your members.  I doubt you have more than 1% Grouply subscribers right now, and I don’t see it ever having potential to go higher than 10% anywhere.  Not enough advantage in the product for the average YG user.  No doubt attractive only to a very specialized nitch, but its fans think it’s going to be the next Google or Microsoft, of course.

But it only takes ONE member to give them access to mirror your message archive to their server.

I guess you could also issue a poll to see how many of your members want to allow Grouply access, but I think it would be a waste of time.

Grouply claims not to let non-members of your group access your archive, but already they were caught with their pants down (admitted publicly by their CEO Mark Robins) letting a member pending approval in a group see its members-only restricted message archive … not hard to do when you have already scraped the archive using other members’ passwords.  They say they have fixed that problem.  What other problems may arise you can guess.

Another somewhat creepy thing is that Grouply subscribers BY DEFAULT (unless they turn it off) display to other Grouply subscribers a hotlinked list of the home pages of all the groups where they hold membership.  Nice spying tool.

Someone reported that they learned some rather private things about other Grouply subscribers in their group, like membership in a certain type of mental health peer support group, membership in a group for a certain sexual orientation, the member’s non-Grouply email address (because it was not turned off in their Grouply profile privacy settings), their real full name, etc.  People are notoriously careless about combing through all the privacy settings and fine print in “services” like this.  Sharing such things should be defaulted OFF, but Grouply defaults many of them ON.  It’s only a matter of time before a criminal stalker makes use of it.

It was interesting to see some Grouply subscribers belonging to as many as 500 groups, and people holding memberships in scores of Freecycle groups all over the country.  I guess they are doing research?  Stalkers, scammers, con artists, spammers, phishers and pedophiles are known to do research, too.  Grouply may become popular among that crowd.

And then there are those using Grouply’s subscriber spamming tools just to irritate people against Grouply!  Nothing like hurting someone from within their own system, anonymously under an alias.

Due to an uproar among mods/owners, Grouply just came out with a scheme to let group owners “opt out” (gotta love it) of allowing Grouply access to their groups.  It’s pretty simple.  Go to:

http://www.grouply.com/owner_controls.php

… and punch in your group name.  They email your group -owner addy an authorization code.  Go back to that page and paste in the code.  It lets you disable Grouply access, and you can go back and enable it later if you decide Grouply is a good thing after all.  Their “disablement” is not an absolute abolishment of the appearance of your group name in Grouply subscriber profiles, but reportedly they are still working on that.  They say they are going to come up with some other tools for group owners to control Grouply subscriber access, even offer a newsletter to owners with group stats and such.

Of course you have no contractual commitment from them that they won’t change their minds later about letting you opt-out of being invaded, or that a new owner of their company won’t change its rules.  I have not seen it added to their TOS.  Maybe they will get around to that.

If you use that blocking tool, Grouply subscribers in your group will have their email address set back automatically by Grouply’s bot to pre-grouply default (and they screw that up every time by setting the member to their junk free yahoo email address, not the non-yahoo one they had previously set as their primary, but the member can fix than manually … oh, and they don’t remove their grouply address as an alternate posting address in YG “myprefs”), and they’ll still be a member of your group, just won’t be able to access it via the Grouply.com site.

I used my temporary lurking account in Grouply to verify that the block works.  (BTW, I never subscribed that lurker to your group!)

Yahoo has been silent on the matter so far, but plenty of people have griped to them, and got standard “we’re looking into it” form letters.  I assume it’s just a matter of time before they pronounce a decision on it in their Yahoogroups Blog, as they eventually did on the Freecycle Finder issue …
http://www.ygroupsblog.com/blog/

I just don’t like the smell of the whole thing, and my group’s restricted, members-only message traffic is not on the market for them to use to generate targeted and context-based advertising (which they will do when they get out of beta).  I’m never fond of being told, as someone described it, “Guess what?  You’ve been hijacked.  If you don’t want to fly where we’re going, here’s a parachute!”

Besides, in my exploration of the product, I was not impressed, and did not find it gave me any advantage or “improved my experience of YG,” their pitch for why you should give them your password.  And they only grab your message archive, not files, links, databases, or photos.  Grouply CEO Mark Robins announced publicly that they have no interest in those YG features.  No money in it, I guess.

See also:
Anti-Grouply:
http://tech.groups..yahoo.com/group/ungrouply/

http://tech.groups.yahoo.com/group/grouplycomplaints/

Pro-Grouply (including Grouply’s CEO and another Grouply exec posting here):
http://tech.groups.yahoo.com/group/grouplyimprovements/
Even here, where the aim of the group is to help Grouply improve their beta,
less than 10% of the members are actually Grouply subscribers (I checked
from within Grouply), and even far fewer post via the Grouply service.  Most
of the members seem to be there just to keep tabs on what’s going on.

http://tech.groups.yahoo.com/group/yahoo_group_of_groups/

http://tech.groups.yahoo.com/group/EmailList-Managers/
Same moderator as the GrouplyImprovements group above.


Trust me, please?

February 18, 2008
[Posted here by permission of the author.]
Let’s see, so far we have at least these major screw-ups:
– Putting a loaded spam gun into the hands of fans with the enticement of a recruitment contest awarding Nintendo Wii and iPod, and refusing to turn off the spam machine fun-gun, under the silly notion that spam only once per group is not still spam.
– Sending spam with the “tell-a-friend” feature that delivers a message with a corrupted return address.  The “friend” receives not just an advertisement for Grouply, with Grouply’s corporate logo in it, emphasizing that it is commercial email, but also a hotlink to “become my friend” in grouply.com, and the return address is truncated and contains data corruption that makes it unidentifiable and unusable as a valid email address.  I have proof of this happening, courtesy of an actual, real, true friend who received it.  So that spam doesn’t have an identifiable source as being from a “friend.”
– Granting message archive access to non-members while they sit in the pending member queue.  I remember when they “fixed” that security breach, people asked things like, “How do we know you haven’t or won’t create more problems like this with your back door access caused by an irresponsibly premature public beta release promoted by spam?”  Sure enough, there are more …
– Granting message archive access to members in groups where the archive is set to mods only or is even turned off altogether.

– Failing to immediately purge archives of groups that have used their wobbly trial release of an opt-out owner blocking scheme.  This has been verified as fact.  Even a tiny test group that had only ONE message in it did not get purged after the block was turned on.  This was verified by turning the block off and going back in to see what Grouply had in its archive.  A message deleted from the YG archive (the only message in that archive) eight days earlier still existed in Grouply’s mirror archive.  Grouply members in the group are able to edit the subject line of the old message inside Grouply’s archive, comment on it, and send it off to other people both inside and outside of Grouply’s system, even repost it back to the group if they wanted to.

– Rationalizing away the obvious intrusion perpetrated on owner control of their groups by saying it’s just an email aggregator providing members another way to see data they already had access to.

“Trust me, I have TrustE certification.”
“Trust me, my lawyer told me you could.”


Malum Blog Post

February 18, 2008

http://the-malum.livejournal.com/122840.html

Just one of many bloggers pointing out the pros and cons of Grouply.  This one concludes, “Just say no!”


Grouply Access Controls for Group Owners

February 18, 2008

This link should work (the Grouply “group owner opt-out” page):

http://www.grouply.com/owner_controls.php?r=1

I agree with the concern expressed by others that we should not have to give Grouply a list of all our groups (which is a pain in the butt, by the way) in order to get them to stay out of our groups, and to prevent our group members from violating the TOS by granting Grouply.com access where they don’t deserve to have it.

But that’s a risk I’m willing to take in order to prevent Grouply access … IF this is really going to work.  I’m going to try it with just one group at first, and confirm whether it worked, from within Grouply with a dummy account I’ll create there.

That still leaves open the question of whether the block will ALWAYS remain effective, and what hoops we have to jump through to check on it in the future.  Grouply has no contractual commitment with us requiring them to maintain the block forever, nor would such a contract exist with a future owner of the Grouply.com company.

The only really right way I see to handle this is for Yahoo! to give us the ability to block them, at OUR end, not at Grouply’s.


Grouply Subscribers Violate Yahoo! TOS

February 18, 2008
[Posted here by permission of the author.]
Executives, staff and contractors employed by Grouply.com having access to their YG-mirrored archives are not members of any of my groups. 
Grouply is retransmitting content and putting it into the possession of people who are non-members (i.e., Grouply staff), if any one member of my group becomes a Grouply subscriber.
The access connection to my group happens by default when they join Grouply.  If someone in my group joins Grouply, by default Grouply instantly changes their YID primary email address in my group to @ grouply.com and immediately, by default, lists it as a connected group in the Grouply subscriber’s Grouply account and profile, and begins capturing and archiving postings from my group to Grouply.com.By giving Grouply.com their YID passwords, members grant Grouply.com access (and possession of data in their groups’ mirrored archives on Grouply servers) that neither Yahoo! nor I granted as the parties controlling access.  This is where I see a violation of the TOS by the Grouply.com subscriber.

Access (and retransmission to another web site) has been granted to parties who are not members of my groups, at least (if not others) those parties who are employed by Grouply.com and are not members of my group.

Note that the YG Guidelines do not require merely adherence to the “letter of the law” of the TOS.  Yahoo! advisedly reserves the right to terminate the account of any person violating even just the SPIRIT of the TOS and Guidelines.  I quote from the Guidelines page at:
http://groups.yahoo.com/local/guidelines.html

– – – – –
Yahoo! Groups, in its sole discretion, may terminate or remove any content, Group or your Yahoo! ID immediately and without notice if (a) Yahoo! believes that you have acted inconsistently with the *** SPIRIT OR THE LETTER *** of the Yahoo! Terms of Service or the Yahoo! Groups Guidelines, or (b) Yahoo! believes you have violated or tried to violate the rights of others. Please help us keep Yahoo! Groups an enjoyable and positive experience. If you see a Group or content that violates our rules, please let us know by contacting us [hotlinked to
http://help.yahoo.com/l/us/yahoo/groups/abuse.html ].
– – – – –
[emphasis mine]
But the Grouply subscriber’s violation of the TOS is in both spirit and letter.

The TOS does not say that retransmission to another website is prohibited ONLY IF that other website restricts access to YG members of the same group as the violating member (as GrouplyFans have argued to be permissible under the TOS).  It says in YG Guideline #11 (which is enforced under the TOS): “A Groups owner or moderator (or any other user) cannot re-post or re-transmit Groups content to any other site unless the person has the explicit permission of every group member whose content is being re-posted or re-transmitted.”

That phrase “any other site” is plain and clear.  It does not specify, “unless that site restricts access only to members of the group.”  It simply says “ANY OTHER SITE.”  The only condition under which it says such retransmission is allowable is also very clear: i.e., with “the explicit permission of every group member whose content is being re-posted or re-transmitted.”

Therefore, any Grouply subscriber in my group will be removed for TOS violation.  This is not to say that they are evil, only that they have exceeded the terms and conditions controlling their membership in my group, whether innocently or willfully.


Grouply Troubles Easy as 1-2-3

February 18, 2008

The blog comment writer cited below details three main areas of concern that he says he has not seen Grouply.com executives address adequately.  They are (in paraphrased summary):

1.  Impropriety of using private volunteer group activity archives for profit-making purposes.

2.  Risks of surrendering Yahoo! ID password, and possible liability of those who do it.

3.  Inability of Yahoo! to provide security of group archives that have been mirrored to the Grouply.com system in violation of YG Guideline #11 and TOS.

From the Yahoo! Groups Blog …
February 12, 2008 @ 9:30 pm

[begin snippet]
Regardless of what Grouply executives Rich Reimer and Mark Robins say, here are the concerns about Grouply that I have not seen them address to my satisfaction in any of their dialog in the various groups addressing this topic: …
[end snippet]

Read the rest of the blog comment at:

<http://www.ygroupsblog.com/blog/2008/01/24/groups-tip-re-posting-content-from-a-group-without-the-original-poster%e2%80%99s-permission-is-a-violation-of-the-groups-guidelines/>

or

http://tinyurl.com/3cfzbx

(just search for the word grouply on this page to find the comments on Grouply.com)