Owner Control URL Shell Game and Propaganda

February 21, 2008

I suggest you forward a copy of this message to your friends who are Yahoo! Groups users, owners, or moderators, or anyone you know who may be considering using Grouply, or may be interested in this matter.

This message is publicly accessible here:

http://tech.groups.yahoo.com/group/ungrouply/message/88

and here:

https://ungrouply.wordpress.com/2008/02/21/owner-control-url-shell-game-and-propaganda/

Now that the FORMER Grouply owner control page URL has been widely distributed, Grouply has taken advantage of it as an opportunity to publish propaganda to owners who go to that URL.  They have redirected it to another URL.

To find the real (new) owner control page link, you have to scroll all the way to the end of the new propaganda sheet and click an obscure link buried in the last sentence.

The old owner controls page URL
http://www.grouply.com/owner_controls.php

now automatically redirects to the new propaganda page
http://blog.grouply.com/owners

When distributing the link to the REAL page titled “Grouply Owner Controls – Request Authorization Code” (for group owners to block access to grouply.com) use this:

http://www.grouply.com/owner_controls.php?r=1

or:

http://tinyurl.com/2syg93

I suppose they can continue this URL shell game.  I won’t be surprised if they do.

Sample of what they say on their new propaganda page:

“Do you care about what email service your group members use to read their group messages? Does it matter to you if they read their group messages on Hotmail, Gmail, Yahoo Mail, or inbox.com? If not, then you shouldn’t be concerned about Grouply, and you don’t need to do anything. You can simply allow your group members to use the email reader of their choice. All of these systems protect the privacy and confidentiality of your group messages and members. There is no additional risk with Grouply.”

Yes, I do care very much, when the system they are using is NOT just an email service, and does what Grouply does, the way they do it, through a back door without the group owner’s knowledge, without notifying the group owner what their subscribers have let grouply.com do with the group’s archives in a blind-siding end-run around the Yahoo! TOS and moderators’ control.

Grouply does not notify group owners that their message archive has been copied to grouply.com at the behest of one group member who joined grouply.com.  And why not?  It would be very easy to do.

They could automatically send the group -owner address a message with a link to their new propaganda page, immediately as soon as one member hooks their archive mirroring machine to a group.  But they won’t do that, because they must have at least the same reasons I have to believe that most moderators will choose to opt-out of what they have been involuntarily opted-into by one member of their group.

Just like any email service?

None of the email services they mention are designed to do what Grouply does, and none of them require that you give them your Yahoo! ID password to do what they do for you as email service providers (except Yahoo! Mail, if it’s the same Yahoo! ID you use for group membership, but Yahoo! Mail does not use your password the way Grouply does).

None of them — NOT EVEN YAHOO! — display to others a hyperlinked list of the other groups you belong to, BY DEFAULT upon joining, before you have a chance to realize they are doing it.  None of them do as Grouply does in automatically adding group links to such a list with every new group you join, by default, without asking you.  (Every time you join a new group you have to go to your Grouply privacy settings to turn off the display of the new group in your profile if you don’t want to tell others that you joined that group … if they haven’t seen it already.)

None of them display to other users your name and email address BY DEFAULT upon joining, before you ever communicated with them by email.

None of them require you to go to profile privacy settings to TURN OFF such default displays of such confidential information.

None of them are social networking systems anything like Grouply.  These other services Grouply keeps erroneously comparing themselves to are email service providers, not gropely intruders on Yahoo! Groups.

None of them automatically copy the entire archive of groups to another web site for storage and usage contrary to the provisions of the Yahoo! TOS.  None of them have a reason like that to provide a blocking/opt-out mechanism to group owners.

Just another email “reader?”

Apples and oranges.  That’s why I call their new page “propaganda.”

Other than Yahoo! Mail users who use the same Yahoo! account for group membership, none of the email services Grouply calls “readers” ask Yahoo! Groups users to divulge their YID password to enable them to read and send group messages through those email services.

None of them created such risks for groups as to cause a global outcry from group owners demanding a means to block access to them, something they should have provided from the start, before releasing their product to careless people who give their passwords to strangers.

None of them actively prompt and encourage all their users to send spam postings to all their groups, and actively encourage them with a conspicuous link at the top of their web interface to repeat the group posting spam every month.

Yahoo! cannot protect the privacy, safety and security of Grouply’s mirrored copies of our group archives stored on their grouply.com servers.

Grouply’s new propaganda sheet’s claim that there is “no additional risk with Grouply” (comparing, as they do in this claim, with any possible risks of using the email services they mention) has been proved flawed, in security errors they have already made, and moderator controls they have overridden, things publicly admitted by Grouply executives, in the most glaring cases.  Even if they have fixed some of the problems they caused, because of their past errors, and because of the serious nature of some of them (such as granting archive access to non-approved pending members) how are we to know with confidence that they won’t make additional errors, even worse ones?

“No additional risk with Grouply?”

There is ALWAYS a risk associated with giving a password to a stranger.  It is not right to say that there is “no additional risk” when comparing a service requiring your confidential password for another service to one not requiring it.

But who takes the risk?  Not Grouply.  Grouply’s TOS disclaims all responsibility for what may happen as a result of your giving them your password, leaving you liable (under the Yahoo! TOS) for what errors or security breaches or hacking may occur in the Grouply system where your password may be abused or misused, whether intentionally or not.

In other words, as provided for in the Yahoo! TOS, if you give them your password, and they make some error with it, it’s your fault, as it should be.

The Grouply TOS says:

“You are still responsible for maintaining the confidentiality of your password(s) and account(s) and are fully responsible for all activities that occur under your username(s) or account(s). …

“Your access to and use of the Site, the Services or any Content is at your own risk. …

“You agree to defend, indemnify, and hold harmless Grouply, its officers, directors, employees and agents, from and against any claims, liabilities, damages, losses, and expenses, including, without limitation, reasonable legal and accounting fees, arising out of or in any way connected with your access to or use of the Site or the Services …”

[You agree to DEFEND them for what errors they may make “connected with your access” (i.e., the use of your password)!  Are you prepared to defend Grouply groping around in groups with your password?]

Their TOS continues:

“THE SITE AND SERVICES ARE PROVIDED “AS IS”, WITHOUT WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESS OR IMPLIED. WITHOUT LIMITING THE FOREGOING, GROUPLY EXPLICITLY DISCLAIMS ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. GROUPLY MAKES NO WARRANTY THAT THE SITE OR SERVICES WILL MEET YOUR REQUIREMENTS OR BE AVAILABLE ON AN UNINTERRUPTED, SECURE, OR ERROR-FREE BASIS.  GROUPLY MAKES NO WARRANTY REGARDING THE QUALITY OF ANY PRODUCTS, CONTENT, SERVICES, OR INFORMATION PURCHASED OR OBTAINED THROUGH THE SITE OR SERVICES, OR THE ACCURACY, TIMELINESS, TRUTHFULNESS, COMPLETENESS OR RELIABILITY OF ANY INFORMATION OR CONTENT OBTAINED THROUGH THE SITE OR SERVICES. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM GROUPLY OR THROUGH THE SITE OR SERVICES, WILL CREATE ANY WARRANTY NOT EXPRESSLY MADE HEREIN.”

Look closely at that last sentence.

By accepting a subscription to their service, which requires that you accept their Terms of Service, you accept this statement that anything else their people may say outside the TOS is not enforceable as part of your contract with them.

It’s typical TOS or contract language.  But how many people really understand the possible risks and implications?  I’m not sure I do.  I just see red flags with this kind of thing.

A group owner who is not a Grouply subscriber never accepts these terms, and the terms exclude Grouply from liability anyway, even if an owner is a subscriber.

They offer a blocking/opt-out mechanism to group owners, but if they don’t spell it out as part of their Terms of Service or some other formally binding commitment to the opting-out owners, there may be no recourse for group owners if Grouply fails to reliably and safely honor owners’ opt-out decisions, or if Grouply changes their mind about your election to opt-out of their intrusion.

You don’t even have any promises from them about what they will or will not do with their list of all the groups who chose to opt-out, a list that all the opting-out group owners voluntarily give them when they opt-out.  You didn’t sign a TOS agreement with a privacy clause when you gave them that information.

Do they have an enforceable contract with group owners who opt out?  Maybe.  Maybe not.  Are you an expert in contract law?  Have such opt-out arrangements as this one been tested in courts of law for enforceability or related liabilities?

Are you sure that you can safely just take Grouply’s word for it that your opt-out order will be executed reliably and respected indefinitely, even after Grouply changes their system, their procedures, their opt-out mechanism, their TOS, or gets bought by another company, or sells their copy of your message archive (and the formerly password-protected connection to it) to someone else, who then uses it for yet other purposes beyond even Grouply’s control, just like Grouply’s possession of your archive is beyond Yahoo’s control (if Yahoo! continues to allow this)?

They also persist, in this new propaganda sheet, in saying (again) that their “Invite Groups” tool is not a spamming operation, despite the inescapable fact that it is bulk unsolicited commercial email sent as a posting to groups by a commercial company for the purpose of advertising or promoting a commercial product; i.e., classic spam.

Their new group owner propaganda sheet says, “People were not carefully selecting which groups to invite, and so some groups were getting multiple invites. Group members interpreted this as spam being sent by Grouply directly.”

You’re darn right I interpreted it as spam!  And the future spam that will come from your spamming machine will be spam, too!

As their Invite Groups tool is configured to operate as of the time of this writing, Grouply provides their subscribers the ability to use it to spam every one of their groups once every month.

ONE instance of spamming is punishable under federal law by a fine of $11,000, according to the U.S. Federal Trade Commission web site.  Even a first-offense DUI won’t cost you that much.  So is it a serious thing or not?

Grouply is not relieved of complicity in this spamming operation just because a Grouply subscriber asked grouply.com to send Grouply’s pre-written spam for them.  It is bulk unsolicited commercial email SENT BY GROUPLY.COM blindly to unknown parties as a posting to groups.

As someone said to me recently, “If you give me a vial of anthrax powder and ask me to mail it to someone else for you, and I do it, who is guilty OF SENDING IT?”

Does the law say it’s okay to send spam on behalf of someone else?  What does the law say?

At:
http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.shtm
The U.S. Federal Trade Commission says that the CAN-SPAM Act applies to “those who send commercial email.”

THOSE WHO SEND IT.

Grouply.com is sending it, in addition to actually WRITING it, and actively PROMPTING EVERY GROUPLY SUBSCRIBER to pull the trigger on their spam gun, as part of their “Quick Start” subscription procedure.

Imagine if every company did this kind of thing?  We’d be spending more time rejecting spam postings than accepting legitimate ones.

If we don’t take a strong stand against it now, what’s to stop ten or twenty other “archive aggregators” from doing the same thing?  If Grouply gets away with it, why shouldn’t others?  They’ll be encouraged to repeat the creation of archive-swiping spamming machines, and they may not all be quite such nice people as the Grouply folks are.

The FTC says that the law applies to “email whose primary purpose is advertising or promoting a commercial product or service, including content on a Web site.”  Grouply’s “Invite Groups” spam messages have that primary purpose.

The FTC provides a complaint form at:
https://rn.ftc.gov/pls/dod/wsolcq$.startup?Z_ORG_CODE=PU01
It says, “If you have a specific complaint about unsolicited commercial e-mail (spam), use the form below. You can forward spam directly to the Commission at SPAM@UCE.GOV without using the complaint form.”

Be sure to send them the full Internet headers and body of the spam.

And don’t subscribe to Grouply.  And block your groups at:

http://www.grouply.com/owner_controls.php?r=1

or:

http://tinyurl.com/2syg93

Advertisements

Winning Mods Hearts and Minds

February 18, 2008
About moderators getting Grouply Owner Authorization Code emails that they did not ask for …

It seems that anybody could go to the opt-out page and sit there all day punching in the group names for lots of groups to get Grouply to send them the OAC.  Probably not a good thing for Grouply, and a good way to annoy moderators, especially those who already opted-out.

Could the opt-out page restrict the same IP address from using it more than once per day?  Maybe twice in case the owner didn’t get the email the first time for some reason beyond Grouply’s control.

A better solution would be for Grouply to block access to any group where the owner had not first opted-IN to grant access to their members.  In my groups, nothing would win over the hearts and minds of members for using a new service better than their own fearless leader promoting it, because I have a long-term trusting relationship with them that Grouply does not have (and probably never will have now).  Of course, first I’d have to be convinced that Grouply was a good idea.  That’s hard to do when Grouply uses spam as a promotional activity.

If Grouply wanted a short-cut to attract members of Y! Groups, they would provide special features and benefits to owners and moderators, to encourage their use of the product, instead of annoying them with spam and unrequested OAC emails and security holes like overrides on archive access restrictions and personal information sharing defaulted to on instead of off, and defaulting to on advertising in member profiles links to groups that are unlisted in the YG directory.

I have found nothing in Grouply that improves my ability to manage my groups, or anything to make it more convenient for me to do so, no tools that make my life any better as a moderator.  On the contrary, I have found that Grouply has caused me more work.

As owner of my groups, I’m not just a YG moderator, I’m the executive director of a club or association (varying according to the nature of the group) that uses YG as its communication venue.  If Grouply wants to offer a service to my club members, shouldn’t it come politely knocking on my front door instead of barging in the back door, spam guns blazing?Yeah, they made an effort to reduce the spamming, but did not eliminate it, and before they reduced it, they effectively tossed up a big global red flag saying, “Don’t trust this company because they use an illegal practice to promote their wares.”  Lowering the flag to half-mast, or shrinking it, is not a fully effective solution to its prior size or presence.  Burning it would be better.

Because of Grouply and the potential for similar services putting me through still more hoop-jumping to avoid their intrusion, I’m considering moving my groups’ communication venue to another service instead of YG, even if it means having to pay for a secure one.  Is that what Grouply wants?  Is that what Yahoo wants?  Is that “improving the experience of Yahoo Groups?”

Since group owners have the power to abolish Grouply access, and began doing it (as I did) even without the opt-out procedure Grouply now provides, aren’t group owners and moderators people whom Grouply needs to attract rather than annoy with illegal spam via their “Invite Groups” postings to groups, something universally objectionable to conscientious moderators of good groups?

Spam once a month or even only once per group lifetime is still spam and illegal under U.S. federal law when it is unsolicited commercial email (the definition used by the Federal Trade Commission), as Grouply’s “Invite Groups” thing certainly is, because it is sent BY THE COMMERCIAL ENTITY.  I checked the headers on their spam; the originating IP is registered to grouply.com, not the Grouply subscriber pulling the trigger on Grouply’s spam gun.  So when I send it to the FTC, I will be careful to point out that it originated from the web site of a commercial entity, not just some Joe Citizen sharing an idea he likes with fellow group members.  The subscriber may be something like an agent for Grouply’s spamming operation, but the message IS SENT BY GROUPLY.COM.  How does Grouply expect to win hearts and minds among owner-moderators when they break the law to advertise their service to their members in spam postings?

Everyone who agrees should send the spam, with full headers displayed, and with a note emphasizing that the originating IP is registered to grouply.com, a commercial entity, to the FTC’s spam reporting center at:
spam@uce.gov
(that’s spam-at-uce.gov)

FTC probably won’t act on one complaint, but they might if lots of citizens file it.  It would be so much better if Grouply acted on it themselves.

Turn off the spam gun.  That would be a very good Grouply Improvement.

Since moderators of YGOG and EL-M seem to like Grouply, and put considerable effort into defending Grouply against criticisms, they could welcome Grouply posting promotional messages about their service in those big groups, which are actively promoted by Yahoo itself via links to them on Yahoo official web pages, and being groups that cater to moderators, people Grouply would seem to have a vested interest in winning over.

Or, instead of allowing access for any group by default on request of any one member of the group (which can be just a Grouply employee who joined the group to get a head start on scraping their archive, which takes time), Grouply could promote their product via the advertising banner in YG to attract moderators to sign up for it, and to attract members to lobby their moderators to sign up.

Yahoo uses YG banner ads to promote their Y! Hotjobs, Y! Personals, Y! Small Business web hosting, Y! Autos, and other services.  T-Mobile uses it to look for customers who want to “Get rockin’ now” with the “Samsung Beat,” and T-Mobile’s $10/month unlimited email.  Disney Cruise Line uses YG banner ads.  Macy’s, University of Phoenix, too.  Right now I’m looking at a banner ad in YG for Waste Management, Inc.  They seem to have the notion that it’s a good idea to advertise to YG users.

I’m no business tycoon, but it seems that Yahoo would have an interest in telling Grouply, “If you want a piece of the Yahoo Groups action, you can use our advertising banner service to target your ads at our YG users,” and come in through the front door instead of the back.  Yep, I suppose it might be expensive.  Cost of doing business with the big boys.


Ungrouply Thoughts

February 18, 2008

[Posted here by permission of the author, who asked not to be identified.]

This is not the first time this kind of thing has been done by people trying to cash in on YG message traffic (through back doors, of course, knowing that if they asked Yahoo for permission it would be denied), and it will not be the last.

So far it seems Yahoo is saying that it’s the local moderator’s problem, not theirs.  That stinks, from a user’s or moderator’s perspective.

Still, I have a hunch that if we give Yahoo really solid evidence of a blatant and ongoing TOS violation, especially a broad-scale one that could hurt their reputation if publicized heavily, they may yet act on it, if they don’t see any financial advantage to themselves in Grouply’s success.

From my experience with Yahoo, to get them to act on an abuse complaint, it must be accompanied by detailed specifics of exactly who did what and how it was done, in technical terms.  Sad that they won’t investigate and develop the evidence of it for themselves once tipped off to it, but then ask the FDA why they inspect so little of our food.  Enforcement is expensive, even when it’s relatively easy to do.

There is only one reason for Grouply’s existence: for them to make money when they turn on the data-mining to scour message content so they can target inline message advertisements (inserted at the bottom of every message posted by a Grouply user, riding the forwarding network as messages tend to do) and to target online context-sensitive ads for display to Grouply users while at their site.

It amazes me that advertisers invest so much in online and inline ads, but I guess it really does make money, considering the billions that Google and Yahoo have made over the years.  A penny here and there off each of billions of messages and millions of page views … well, it’s a nice chunk of change.

Consider how Waste Management, Inc., the biggest garbage company in North America, displays online ads in YG … especially in groups having anything even remotely to do with ecology.  One would think, now what do they need an ad there for?  There must be money in it.  If nothing else, just public relations value, which means money, too.

Grouply’s argument that they are providing a useful service to YG users is typical corporate propaganda.  I can see where some very tiny minority of YG users (1 or 2% at the outside over a long time) would like some of the features Grouply offers, but for the other 99%, it’s a pain in the ass and does nothing to improve their experience of YG (and excludes support for anything but YG message archives, I guess because there’s no money in mirroring the photos, files, links and calendars).

But Barnum & Bailey knew what Grouply knows … a sucker is born every minute.  They can be duped by enticements into trying it.  If Grouply can make one dollar per year off each of ten million people (10% of YG users), that’s ten million dollars per year.  That doesn’t count Google Groups users they are also pursuing.  And who knows?  They may be able to secure revenues more like $100 per year off only one million users.  That’s $100 million per year.

Being such a lame product, I really do expect them to fall flat on their faces and go out of business (these days $1.3 million in venture capital is not so “big” relative to the scale of things in their industry) … IF Yahoo or Google doesn’t decide to buy them and make it a “feature.”  Often the best thing that can happen to a startup is to get bought out by a bigger company, and that often means VP desks in the bigger company for the principals of the smaller one bought out.

(The fact that Mark Robins engages directly with us small fry users tells me that he doesn’t have very big guns behind him.  If he did, he would just ignore us.)

The Federal Trade Commission is tasked with enforcing the CAN-SPAM Act.  Unfortunately, under the Bush administration, the FTC is hobbled by understaffing (hard to fund some things while spending a trillion on a war).  I doubt they ever do much prosecuting of spammers unless they are really doing it big-time and make front-page news, or phishers making real progress in stealing credit card or bank account data.  As always, follow the money.  Enforcement activity is probably geared primarily toward situations where real money is at stake, or other kinds of severe criminality.

From things I’ve read here and there it appears that some of the avid Grouply fans are hoping against hope that their being chummy with Grouply CEO Mark Robins will help them get a foot in the door with a startup they think will “go big.”

Every minute of every day all sorts of untoward behavior gets rationalized under the notion that if it means making money, then it’s good, in a world where moral relativism is not just the norm, but the core of the worldview of the dominant belief system … one that many people live by, even though they don’t consciously choose it.  Most core beliefs come from conditioning, not choice.

Highly vocal Grouply fans seem to think that they have hitched their wagons to a rising star.  They see the rest of us as dupes and tools, while they alone see the light.  But it’s a red light, in my view, or at least an orange one, a warning about the possible future for things like YG, and the Internet in general, in a world where Money is God for so many.


Grouply Talk 1

February 18, 2008
[Posted here by permission of the author, part of a conversation between two moderators]Before I say anything else, you can probably guess that if you open this topic on-list, it may become very hot and flood the board with OT traffic for a long time.  However, if you feel, as I do, that members should be aware of what’s going on, maybe you could post an announcement but restrict dialog on it, referring people instead to the group links below.  Then again, maybe you’ll like Grouply, too, and welcome their hosting a duplicate of your group’s restricted message archive (which they may already have)!

The message I sent you is a copy of the special notice that I sent the members of my groups.  Actually I first sent a notice just saying we will not permit Grouply users, no explanation.  One person asked why.  So I followed up with what I sent you, just for the record, knowing most of my members are not especially tech savvy and don’t care.  None of my co-mods had heard of Grouply until I told them they could not be mods with a Grouply-subscribed YID (before I decided to abolish Grouply users altogether).  But in the past they have given me nice positive feedback when I did things to protect the group’s integrity, privacy and security, so I know they appreciate the effort.  I have not lost any members over this matter, and would not care if a few left because they like Grouply.  Besides, they can be Grouply subscribers and just not use it to connect to my groups.

It seems to me that the way Grouply gained notoriety and public awareness was through spamming.  When you subscribe, by default you are offered a “tell a friend” box to insert the email addresses of others to receive a Grouply advertisement.  Some people have been using that to enter group -owner addies or group posting addies.  Then they also prompt you to say no to a default list of all the groups you belong to, offering a spamming gun to send an advertisement to the group message board of every group where you hold membership.  Then they also had a contest (not sure if that’s still running … see

http://theprizeblog.com/2007/12/01/featured-contest-the-grouply-nintendo-wii-and-ipod-touch-competition/
for existing Grouply subscribers where they gave away toys like an iPod and Nintendo Wii to members who recruited the most new subscribers.  These tactics generated a mass spamming effort among Y! groups, which aroused lots of interest, of course, though not good PR for iGroup Network, Inc. and its Grouply “service” (apparently incarnated at least partly by the principals of linkedin.com, from what I read in trade reports).On the advice of a friend with more experience in Grouplyfication, I planted a lurking account in Grouply temporarily just to see for sure how many people are using Grouply.  None were in my groups.  In the EmailList-Managers group, with 3322 members, less than 1% were using it, including two Grouply staff and, I believe, two moderators who are Grouply fans.

If you run a search on the word grouply in Management | Memberships, you’ll see address changes to @ grouply.com if any members signed up with them.  That happens instantly as soon as someone subscribes to Grouply.  (Sets them up like Freecycle Finder did … Indy Emails going to their Grouply address, and Grouply archives the “take” indefinitely.  Grouply’s bot — they prefer the word “application” or “service” — does the Yahoo email address verification in the background.)  They can switch to Grouply’s new “web connection” mode once they are signed up, where Grouply’s bot uses their YID and password to simply scrape the group archive instead of getting only new postings by email.  And they DO take the whole archive.  Supposedly their mirroring will eventually keep up to date by removing deleted posts, too, if you trust Grouply to do that.  I don’t.

They claim we should trust them because they have TrustE certification.  Yadda, yadda, yadda.

If a member’s address changed to grouply and back again, there’s no way you’ll know if it’s because they just switched their Grouply account to web connection mode for your group, or they quit Grouply, unless you create a dummy YID and sub it to Grouply to monitor your group.  That exposes your group to whatever risks may be involved, but within Grouply you can turn off the connection to your group for your dummy ID, and turn off visibility of your Grouply profile to other Grouply subscribers.  (It takes them a while to scrape an entire archive … in my testing I found that even for a tiny test group archive with only three postings, they did not pick it up within 15 minutes.)  Then, when you want to check on your group, you can temporarily turn on the connection for a couple minutes just to see how many of your members are using Grouply.  If you’re not inclined to block Grouply access (see below), this dummy lurker method would at least tell you how popular Grouply is among your members.  I doubt you have more than 1% Grouply subscribers right now, and I don’t see it ever having potential to go higher than 10% anywhere.  Not enough advantage in the product for the average YG user.  No doubt attractive only to a very specialized nitch, but its fans think it’s going to be the next Google or Microsoft, of course.

But it only takes ONE member to give them access to mirror your message archive to their server.

I guess you could also issue a poll to see how many of your members want to allow Grouply access, but I think it would be a waste of time.

Grouply claims not to let non-members of your group access your archive, but already they were caught with their pants down (admitted publicly by their CEO Mark Robins) letting a member pending approval in a group see its members-only restricted message archive … not hard to do when you have already scraped the archive using other members’ passwords.  They say they have fixed that problem.  What other problems may arise you can guess.

Another somewhat creepy thing is that Grouply subscribers BY DEFAULT (unless they turn it off) display to other Grouply subscribers a hotlinked list of the home pages of all the groups where they hold membership.  Nice spying tool.

Someone reported that they learned some rather private things about other Grouply subscribers in their group, like membership in a certain type of mental health peer support group, membership in a group for a certain sexual orientation, the member’s non-Grouply email address (because it was not turned off in their Grouply profile privacy settings), their real full name, etc.  People are notoriously careless about combing through all the privacy settings and fine print in “services” like this.  Sharing such things should be defaulted OFF, but Grouply defaults many of them ON.  It’s only a matter of time before a criminal stalker makes use of it.

It was interesting to see some Grouply subscribers belonging to as many as 500 groups, and people holding memberships in scores of Freecycle groups all over the country.  I guess they are doing research?  Stalkers, scammers, con artists, spammers, phishers and pedophiles are known to do research, too.  Grouply may become popular among that crowd.

And then there are those using Grouply’s subscriber spamming tools just to irritate people against Grouply!  Nothing like hurting someone from within their own system, anonymously under an alias.

Due to an uproar among mods/owners, Grouply just came out with a scheme to let group owners “opt out” (gotta love it) of allowing Grouply access to their groups.  It’s pretty simple.  Go to:

http://www.grouply.com/owner_controls.php

… and punch in your group name.  They email your group -owner addy an authorization code.  Go back to that page and paste in the code.  It lets you disable Grouply access, and you can go back and enable it later if you decide Grouply is a good thing after all.  Their “disablement” is not an absolute abolishment of the appearance of your group name in Grouply subscriber profiles, but reportedly they are still working on that.  They say they are going to come up with some other tools for group owners to control Grouply subscriber access, even offer a newsletter to owners with group stats and such.

Of course you have no contractual commitment from them that they won’t change their minds later about letting you opt-out of being invaded, or that a new owner of their company won’t change its rules.  I have not seen it added to their TOS.  Maybe they will get around to that.

If you use that blocking tool, Grouply subscribers in your group will have their email address set back automatically by Grouply’s bot to pre-grouply default (and they screw that up every time by setting the member to their junk free yahoo email address, not the non-yahoo one they had previously set as their primary, but the member can fix than manually … oh, and they don’t remove their grouply address as an alternate posting address in YG “myprefs”), and they’ll still be a member of your group, just won’t be able to access it via the Grouply.com site.

I used my temporary lurking account in Grouply to verify that the block works.  (BTW, I never subscribed that lurker to your group!)

Yahoo has been silent on the matter so far, but plenty of people have griped to them, and got standard “we’re looking into it” form letters.  I assume it’s just a matter of time before they pronounce a decision on it in their Yahoogroups Blog, as they eventually did on the Freecycle Finder issue …
http://www.ygroupsblog.com/blog/

I just don’t like the smell of the whole thing, and my group’s restricted, members-only message traffic is not on the market for them to use to generate targeted and context-based advertising (which they will do when they get out of beta).  I’m never fond of being told, as someone described it, “Guess what?  You’ve been hijacked.  If you don’t want to fly where we’re going, here’s a parachute!”

Besides, in my exploration of the product, I was not impressed, and did not find it gave me any advantage or “improved my experience of YG,” their pitch for why you should give them your password.  And they only grab your message archive, not files, links, databases, or photos.  Grouply CEO Mark Robins announced publicly that they have no interest in those YG features.  No money in it, I guess.

See also:
Anti-Grouply:
http://tech.groups..yahoo.com/group/ungrouply/

http://tech.groups.yahoo.com/group/grouplycomplaints/

Pro-Grouply (including Grouply’s CEO and another Grouply exec posting here):
http://tech.groups.yahoo.com/group/grouplyimprovements/
Even here, where the aim of the group is to help Grouply improve their beta,
less than 10% of the members are actually Grouply subscribers (I checked
from within Grouply), and even far fewer post via the Grouply service.  Most
of the members seem to be there just to keep tabs on what’s going on.

http://tech.groups.yahoo.com/group/yahoo_group_of_groups/

http://tech.groups.yahoo.com/group/EmailList-Managers/
Same moderator as the GrouplyImprovements group above.


Backfire in Grouply Spam Engine

February 18, 2008

Spam example received from grouply.com by a friend …

—————–
[Grouply graphic logo here]
Presented by Grouply.com

This announcement is sent via the “Invite to Grouply” feature at Grouply.com.

Grouply is offering new tools for freecyclers to improve their experience of Yahoo! Groups.

You can join our discussion group to help with developments, and to talk directly with Grouply CEO Mark Robins and other Grouply staff about your interests and concerns.  Visit the Grouply Improvements group at:
http://tech.groups.yahoo.com/group/GrouplyImprovements/

For another perspective, see:
http://tech.groups.yahoo.com/group/ungrouply/
———————-


Trust me, please?

February 18, 2008
[Posted here by permission of the author.]
Let’s see, so far we have at least these major screw-ups:
– Putting a loaded spam gun into the hands of fans with the enticement of a recruitment contest awarding Nintendo Wii and iPod, and refusing to turn off the spam machine fun-gun, under the silly notion that spam only once per group is not still spam.
– Sending spam with the “tell-a-friend” feature that delivers a message with a corrupted return address.  The “friend” receives not just an advertisement for Grouply, with Grouply’s corporate logo in it, emphasizing that it is commercial email, but also a hotlink to “become my friend” in grouply.com, and the return address is truncated and contains data corruption that makes it unidentifiable and unusable as a valid email address.  I have proof of this happening, courtesy of an actual, real, true friend who received it.  So that spam doesn’t have an identifiable source as being from a “friend.”
– Granting message archive access to non-members while they sit in the pending member queue.  I remember when they “fixed” that security breach, people asked things like, “How do we know you haven’t or won’t create more problems like this with your back door access caused by an irresponsibly premature public beta release promoted by spam?”  Sure enough, there are more …
– Granting message archive access to members in groups where the archive is set to mods only or is even turned off altogether.

– Failing to immediately purge archives of groups that have used their wobbly trial release of an opt-out owner blocking scheme.  This has been verified as fact.  Even a tiny test group that had only ONE message in it did not get purged after the block was turned on.  This was verified by turning the block off and going back in to see what Grouply had in its archive.  A message deleted from the YG archive (the only message in that archive) eight days earlier still existed in Grouply’s mirror archive.  Grouply members in the group are able to edit the subject line of the old message inside Grouply’s archive, comment on it, and send it off to other people both inside and outside of Grouply’s system, even repost it back to the group if they wanted to.

– Rationalizing away the obvious intrusion perpetrated on owner control of their groups by saying it’s just an email aggregator providing members another way to see data they already had access to.

“Trust me, I have TrustE certification.”
“Trust me, my lawyer told me you could.”


Last Spammed By

February 18, 2008

This is interesting.

When a Grouply user goes to their Invite Groups “feature” (spam gun), they are shown a list of all the groups where they hold membership.  Next to each one it says whether the group has been spammed yet.  For those already hit, it says:

“Last told about Grouply by [subscriber personal name] at [time] on [date]”

Too bad it doesn’t provide the sender’s email address.  But that usually can be found on their Grouply profile.