Owner Control URL Shell Game and Propaganda

February 21, 2008

I suggest you forward a copy of this message to your friends who are Yahoo! Groups users, owners, or moderators, or anyone you know who may be considering using Grouply, or may be interested in this matter.

This message is publicly accessible here:

http://tech.groups.yahoo.com/group/ungrouply/message/88

and here:

https://ungrouply.wordpress.com/2008/02/21/owner-control-url-shell-game-and-propaganda/

Now that the FORMER Grouply owner control page URL has been widely distributed, Grouply has taken advantage of it as an opportunity to publish propaganda to owners who go to that URL.  They have redirected it to another URL.

To find the real (new) owner control page link, you have to scroll all the way to the end of the new propaganda sheet and click an obscure link buried in the last sentence.

The old owner controls page URL
http://www.grouply.com/owner_controls.php

now automatically redirects to the new propaganda page
http://blog.grouply.com/owners

When distributing the link to the REAL page titled “Grouply Owner Controls – Request Authorization Code” (for group owners to block access to grouply.com) use this:

http://www.grouply.com/owner_controls.php?r=1

or:

http://tinyurl.com/2syg93

I suppose they can continue this URL shell game.  I won’t be surprised if they do.

Sample of what they say on their new propaganda page:

“Do you care about what email service your group members use to read their group messages? Does it matter to you if they read their group messages on Hotmail, Gmail, Yahoo Mail, or inbox.com? If not, then you shouldn’t be concerned about Grouply, and you don’t need to do anything. You can simply allow your group members to use the email reader of their choice. All of these systems protect the privacy and confidentiality of your group messages and members. There is no additional risk with Grouply.”

Yes, I do care very much, when the system they are using is NOT just an email service, and does what Grouply does, the way they do it, through a back door without the group owner’s knowledge, without notifying the group owner what their subscribers have let grouply.com do with the group’s archives in a blind-siding end-run around the Yahoo! TOS and moderators’ control.

Grouply does not notify group owners that their message archive has been copied to grouply.com at the behest of one group member who joined grouply.com.  And why not?  It would be very easy to do.

They could automatically send the group -owner address a message with a link to their new propaganda page, immediately as soon as one member hooks their archive mirroring machine to a group.  But they won’t do that, because they must have at least the same reasons I have to believe that most moderators will choose to opt-out of what they have been involuntarily opted-into by one member of their group.

Just like any email service?

None of the email services they mention are designed to do what Grouply does, and none of them require that you give them your Yahoo! ID password to do what they do for you as email service providers (except Yahoo! Mail, if it’s the same Yahoo! ID you use for group membership, but Yahoo! Mail does not use your password the way Grouply does).

None of them — NOT EVEN YAHOO! — display to others a hyperlinked list of the other groups you belong to, BY DEFAULT upon joining, before you have a chance to realize they are doing it.  None of them do as Grouply does in automatically adding group links to such a list with every new group you join, by default, without asking you.  (Every time you join a new group you have to go to your Grouply privacy settings to turn off the display of the new group in your profile if you don’t want to tell others that you joined that group … if they haven’t seen it already.)

None of them display to other users your name and email address BY DEFAULT upon joining, before you ever communicated with them by email.

None of them require you to go to profile privacy settings to TURN OFF such default displays of such confidential information.

None of them are social networking systems anything like Grouply.  These other services Grouply keeps erroneously comparing themselves to are email service providers, not gropely intruders on Yahoo! Groups.

None of them automatically copy the entire archive of groups to another web site for storage and usage contrary to the provisions of the Yahoo! TOS.  None of them have a reason like that to provide a blocking/opt-out mechanism to group owners.

Just another email “reader?”

Apples and oranges.  That’s why I call their new page “propaganda.”

Other than Yahoo! Mail users who use the same Yahoo! account for group membership, none of the email services Grouply calls “readers” ask Yahoo! Groups users to divulge their YID password to enable them to read and send group messages through those email services.

None of them created such risks for groups as to cause a global outcry from group owners demanding a means to block access to them, something they should have provided from the start, before releasing their product to careless people who give their passwords to strangers.

None of them actively prompt and encourage all their users to send spam postings to all their groups, and actively encourage them with a conspicuous link at the top of their web interface to repeat the group posting spam every month.

Yahoo! cannot protect the privacy, safety and security of Grouply’s mirrored copies of our group archives stored on their grouply.com servers.

Grouply’s new propaganda sheet’s claim that there is “no additional risk with Grouply” (comparing, as they do in this claim, with any possible risks of using the email services they mention) has been proved flawed, in security errors they have already made, and moderator controls they have overridden, things publicly admitted by Grouply executives, in the most glaring cases.  Even if they have fixed some of the problems they caused, because of their past errors, and because of the serious nature of some of them (such as granting archive access to non-approved pending members) how are we to know with confidence that they won’t make additional errors, even worse ones?

“No additional risk with Grouply?”

There is ALWAYS a risk associated with giving a password to a stranger.  It is not right to say that there is “no additional risk” when comparing a service requiring your confidential password for another service to one not requiring it.

But who takes the risk?  Not Grouply.  Grouply’s TOS disclaims all responsibility for what may happen as a result of your giving them your password, leaving you liable (under the Yahoo! TOS) for what errors or security breaches or hacking may occur in the Grouply system where your password may be abused or misused, whether intentionally or not.

In other words, as provided for in the Yahoo! TOS, if you give them your password, and they make some error with it, it’s your fault, as it should be.

The Grouply TOS says:

“You are still responsible for maintaining the confidentiality of your password(s) and account(s) and are fully responsible for all activities that occur under your username(s) or account(s). …

“Your access to and use of the Site, the Services or any Content is at your own risk. …

“You agree to defend, indemnify, and hold harmless Grouply, its officers, directors, employees and agents, from and against any claims, liabilities, damages, losses, and expenses, including, without limitation, reasonable legal and accounting fees, arising out of or in any way connected with your access to or use of the Site or the Services …”

[You agree to DEFEND them for what errors they may make “connected with your access” (i.e., the use of your password)!  Are you prepared to defend Grouply groping around in groups with your password?]

Their TOS continues:

“THE SITE AND SERVICES ARE PROVIDED “AS IS”, WITHOUT WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESS OR IMPLIED. WITHOUT LIMITING THE FOREGOING, GROUPLY EXPLICITLY DISCLAIMS ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. GROUPLY MAKES NO WARRANTY THAT THE SITE OR SERVICES WILL MEET YOUR REQUIREMENTS OR BE AVAILABLE ON AN UNINTERRUPTED, SECURE, OR ERROR-FREE BASIS.  GROUPLY MAKES NO WARRANTY REGARDING THE QUALITY OF ANY PRODUCTS, CONTENT, SERVICES, OR INFORMATION PURCHASED OR OBTAINED THROUGH THE SITE OR SERVICES, OR THE ACCURACY, TIMELINESS, TRUTHFULNESS, COMPLETENESS OR RELIABILITY OF ANY INFORMATION OR CONTENT OBTAINED THROUGH THE SITE OR SERVICES. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM GROUPLY OR THROUGH THE SITE OR SERVICES, WILL CREATE ANY WARRANTY NOT EXPRESSLY MADE HEREIN.”

Look closely at that last sentence.

By accepting a subscription to their service, which requires that you accept their Terms of Service, you accept this statement that anything else their people may say outside the TOS is not enforceable as part of your contract with them.

It’s typical TOS or contract language.  But how many people really understand the possible risks and implications?  I’m not sure I do.  I just see red flags with this kind of thing.

A group owner who is not a Grouply subscriber never accepts these terms, and the terms exclude Grouply from liability anyway, even if an owner is a subscriber.

They offer a blocking/opt-out mechanism to group owners, but if they don’t spell it out as part of their Terms of Service or some other formally binding commitment to the opting-out owners, there may be no recourse for group owners if Grouply fails to reliably and safely honor owners’ opt-out decisions, or if Grouply changes their mind about your election to opt-out of their intrusion.

You don’t even have any promises from them about what they will or will not do with their list of all the groups who chose to opt-out, a list that all the opting-out group owners voluntarily give them when they opt-out.  You didn’t sign a TOS agreement with a privacy clause when you gave them that information.

Do they have an enforceable contract with group owners who opt out?  Maybe.  Maybe not.  Are you an expert in contract law?  Have such opt-out arrangements as this one been tested in courts of law for enforceability or related liabilities?

Are you sure that you can safely just take Grouply’s word for it that your opt-out order will be executed reliably and respected indefinitely, even after Grouply changes their system, their procedures, their opt-out mechanism, their TOS, or gets bought by another company, or sells their copy of your message archive (and the formerly password-protected connection to it) to someone else, who then uses it for yet other purposes beyond even Grouply’s control, just like Grouply’s possession of your archive is beyond Yahoo’s control (if Yahoo! continues to allow this)?

They also persist, in this new propaganda sheet, in saying (again) that their “Invite Groups” tool is not a spamming operation, despite the inescapable fact that it is bulk unsolicited commercial email sent as a posting to groups by a commercial company for the purpose of advertising or promoting a commercial product; i.e., classic spam.

Their new group owner propaganda sheet says, “People were not carefully selecting which groups to invite, and so some groups were getting multiple invites. Group members interpreted this as spam being sent by Grouply directly.”

You’re darn right I interpreted it as spam!  And the future spam that will come from your spamming machine will be spam, too!

As their Invite Groups tool is configured to operate as of the time of this writing, Grouply provides their subscribers the ability to use it to spam every one of their groups once every month.

ONE instance of spamming is punishable under federal law by a fine of $11,000, according to the U.S. Federal Trade Commission web site.  Even a first-offense DUI won’t cost you that much.  So is it a serious thing or not?

Grouply is not relieved of complicity in this spamming operation just because a Grouply subscriber asked grouply.com to send Grouply’s pre-written spam for them.  It is bulk unsolicited commercial email SENT BY GROUPLY.COM blindly to unknown parties as a posting to groups.

As someone said to me recently, “If you give me a vial of anthrax powder and ask me to mail it to someone else for you, and I do it, who is guilty OF SENDING IT?”

Does the law say it’s okay to send spam on behalf of someone else?  What does the law say?

At:
http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.shtm
The U.S. Federal Trade Commission says that the CAN-SPAM Act applies to “those who send commercial email.”

THOSE WHO SEND IT.

Grouply.com is sending it, in addition to actually WRITING it, and actively PROMPTING EVERY GROUPLY SUBSCRIBER to pull the trigger on their spam gun, as part of their “Quick Start” subscription procedure.

Imagine if every company did this kind of thing?  We’d be spending more time rejecting spam postings than accepting legitimate ones.

If we don’t take a strong stand against it now, what’s to stop ten or twenty other “archive aggregators” from doing the same thing?  If Grouply gets away with it, why shouldn’t others?  They’ll be encouraged to repeat the creation of archive-swiping spamming machines, and they may not all be quite such nice people as the Grouply folks are.

The FTC says that the law applies to “email whose primary purpose is advertising or promoting a commercial product or service, including content on a Web site.”  Grouply’s “Invite Groups” spam messages have that primary purpose.

The FTC provides a complaint form at:
https://rn.ftc.gov/pls/dod/wsolcq$.startup?Z_ORG_CODE=PU01
It says, “If you have a specific complaint about unsolicited commercial e-mail (spam), use the form below. You can forward spam directly to the Commission at SPAM@UCE.GOV without using the complaint form.”

Be sure to send them the full Internet headers and body of the spam.

And don’t subscribe to Grouply.  And block your groups at:

http://www.grouply.com/owner_controls.php?r=1

or:

http://tinyurl.com/2syg93

Advertisements

Grouply Subscribers Violate Yahoo! TOS

February 18, 2008
[Posted here by permission of the author.]
Executives, staff and contractors employed by Grouply.com having access to their YG-mirrored archives are not members of any of my groups. 
Grouply is retransmitting content and putting it into the possession of people who are non-members (i.e., Grouply staff), if any one member of my group becomes a Grouply subscriber.
The access connection to my group happens by default when they join Grouply.  If someone in my group joins Grouply, by default Grouply instantly changes their YID primary email address in my group to @ grouply.com and immediately, by default, lists it as a connected group in the Grouply subscriber’s Grouply account and profile, and begins capturing and archiving postings from my group to Grouply.com.By giving Grouply.com their YID passwords, members grant Grouply.com access (and possession of data in their groups’ mirrored archives on Grouply servers) that neither Yahoo! nor I granted as the parties controlling access.  This is where I see a violation of the TOS by the Grouply.com subscriber.

Access (and retransmission to another web site) has been granted to parties who are not members of my groups, at least (if not others) those parties who are employed by Grouply.com and are not members of my group.

Note that the YG Guidelines do not require merely adherence to the “letter of the law” of the TOS.  Yahoo! advisedly reserves the right to terminate the account of any person violating even just the SPIRIT of the TOS and Guidelines.  I quote from the Guidelines page at:
http://groups.yahoo.com/local/guidelines.html

– – – – –
Yahoo! Groups, in its sole discretion, may terminate or remove any content, Group or your Yahoo! ID immediately and without notice if (a) Yahoo! believes that you have acted inconsistently with the *** SPIRIT OR THE LETTER *** of the Yahoo! Terms of Service or the Yahoo! Groups Guidelines, or (b) Yahoo! believes you have violated or tried to violate the rights of others. Please help us keep Yahoo! Groups an enjoyable and positive experience. If you see a Group or content that violates our rules, please let us know by contacting us [hotlinked to
http://help.yahoo.com/l/us/yahoo/groups/abuse.html ].
– – – – –
[emphasis mine]
But the Grouply subscriber’s violation of the TOS is in both spirit and letter.

The TOS does not say that retransmission to another website is prohibited ONLY IF that other website restricts access to YG members of the same group as the violating member (as GrouplyFans have argued to be permissible under the TOS).  It says in YG Guideline #11 (which is enforced under the TOS): “A Groups owner or moderator (or any other user) cannot re-post or re-transmit Groups content to any other site unless the person has the explicit permission of every group member whose content is being re-posted or re-transmitted.”

That phrase “any other site” is plain and clear.  It does not specify, “unless that site restricts access only to members of the group.”  It simply says “ANY OTHER SITE.”  The only condition under which it says such retransmission is allowable is also very clear: i.e., with “the explicit permission of every group member whose content is being re-posted or re-transmitted.”

Therefore, any Grouply subscriber in my group will be removed for TOS violation.  This is not to say that they are evil, only that they have exceeded the terms and conditions controlling their membership in my group, whether innocently or willfully.