Owner Control URL Shell Game and Propaganda

February 21, 2008

I suggest you forward a copy of this message to your friends who are Yahoo! Groups users, owners, or moderators, or anyone you know who may be considering using Grouply, or may be interested in this matter.

This message is publicly accessible here:

http://tech.groups.yahoo.com/group/ungrouply/message/88

and here:

https://ungrouply.wordpress.com/2008/02/21/owner-control-url-shell-game-and-propaganda/

Now that the FORMER Grouply owner control page URL has been widely distributed, Grouply has taken advantage of it as an opportunity to publish propaganda to owners who go to that URL.  They have redirected it to another URL.

To find the real (new) owner control page link, you have to scroll all the way to the end of the new propaganda sheet and click an obscure link buried in the last sentence.

The old owner controls page URL
http://www.grouply.com/owner_controls.php

now automatically redirects to the new propaganda page
http://blog.grouply.com/owners

When distributing the link to the REAL page titled “Grouply Owner Controls – Request Authorization Code” (for group owners to block access to grouply.com) use this:

http://www.grouply.com/owner_controls.php?r=1

or:

http://tinyurl.com/2syg93

I suppose they can continue this URL shell game.  I won’t be surprised if they do.

Sample of what they say on their new propaganda page:

“Do you care about what email service your group members use to read their group messages? Does it matter to you if they read their group messages on Hotmail, Gmail, Yahoo Mail, or inbox.com? If not, then you shouldn’t be concerned about Grouply, and you don’t need to do anything. You can simply allow your group members to use the email reader of their choice. All of these systems protect the privacy and confidentiality of your group messages and members. There is no additional risk with Grouply.”

Yes, I do care very much, when the system they are using is NOT just an email service, and does what Grouply does, the way they do it, through a back door without the group owner’s knowledge, without notifying the group owner what their subscribers have let grouply.com do with the group’s archives in a blind-siding end-run around the Yahoo! TOS and moderators’ control.

Grouply does not notify group owners that their message archive has been copied to grouply.com at the behest of one group member who joined grouply.com.  And why not?  It would be very easy to do.

They could automatically send the group -owner address a message with a link to their new propaganda page, immediately as soon as one member hooks their archive mirroring machine to a group.  But they won’t do that, because they must have at least the same reasons I have to believe that most moderators will choose to opt-out of what they have been involuntarily opted-into by one member of their group.

Just like any email service?

None of the email services they mention are designed to do what Grouply does, and none of them require that you give them your Yahoo! ID password to do what they do for you as email service providers (except Yahoo! Mail, if it’s the same Yahoo! ID you use for group membership, but Yahoo! Mail does not use your password the way Grouply does).

None of them — NOT EVEN YAHOO! — display to others a hyperlinked list of the other groups you belong to, BY DEFAULT upon joining, before you have a chance to realize they are doing it.  None of them do as Grouply does in automatically adding group links to such a list with every new group you join, by default, without asking you.  (Every time you join a new group you have to go to your Grouply privacy settings to turn off the display of the new group in your profile if you don’t want to tell others that you joined that group … if they haven’t seen it already.)

None of them display to other users your name and email address BY DEFAULT upon joining, before you ever communicated with them by email.

None of them require you to go to profile privacy settings to TURN OFF such default displays of such confidential information.

None of them are social networking systems anything like Grouply.  These other services Grouply keeps erroneously comparing themselves to are email service providers, not gropely intruders on Yahoo! Groups.

None of them automatically copy the entire archive of groups to another web site for storage and usage contrary to the provisions of the Yahoo! TOS.  None of them have a reason like that to provide a blocking/opt-out mechanism to group owners.

Just another email “reader?”

Apples and oranges.  That’s why I call their new page “propaganda.”

Other than Yahoo! Mail users who use the same Yahoo! account for group membership, none of the email services Grouply calls “readers” ask Yahoo! Groups users to divulge their YID password to enable them to read and send group messages through those email services.

None of them created such risks for groups as to cause a global outcry from group owners demanding a means to block access to them, something they should have provided from the start, before releasing their product to careless people who give their passwords to strangers.

None of them actively prompt and encourage all their users to send spam postings to all their groups, and actively encourage them with a conspicuous link at the top of their web interface to repeat the group posting spam every month.

Yahoo! cannot protect the privacy, safety and security of Grouply’s mirrored copies of our group archives stored on their grouply.com servers.

Grouply’s new propaganda sheet’s claim that there is “no additional risk with Grouply” (comparing, as they do in this claim, with any possible risks of using the email services they mention) has been proved flawed, in security errors they have already made, and moderator controls they have overridden, things publicly admitted by Grouply executives, in the most glaring cases.  Even if they have fixed some of the problems they caused, because of their past errors, and because of the serious nature of some of them (such as granting archive access to non-approved pending members) how are we to know with confidence that they won’t make additional errors, even worse ones?

“No additional risk with Grouply?”

There is ALWAYS a risk associated with giving a password to a stranger.  It is not right to say that there is “no additional risk” when comparing a service requiring your confidential password for another service to one not requiring it.

But who takes the risk?  Not Grouply.  Grouply’s TOS disclaims all responsibility for what may happen as a result of your giving them your password, leaving you liable (under the Yahoo! TOS) for what errors or security breaches or hacking may occur in the Grouply system where your password may be abused or misused, whether intentionally or not.

In other words, as provided for in the Yahoo! TOS, if you give them your password, and they make some error with it, it’s your fault, as it should be.

The Grouply TOS says:

“You are still responsible for maintaining the confidentiality of your password(s) and account(s) and are fully responsible for all activities that occur under your username(s) or account(s). …

“Your access to and use of the Site, the Services or any Content is at your own risk. …

“You agree to defend, indemnify, and hold harmless Grouply, its officers, directors, employees and agents, from and against any claims, liabilities, damages, losses, and expenses, including, without limitation, reasonable legal and accounting fees, arising out of or in any way connected with your access to or use of the Site or the Services …”

[You agree to DEFEND them for what errors they may make “connected with your access” (i.e., the use of your password)!  Are you prepared to defend Grouply groping around in groups with your password?]

Their TOS continues:

“THE SITE AND SERVICES ARE PROVIDED “AS IS”, WITHOUT WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESS OR IMPLIED. WITHOUT LIMITING THE FOREGOING, GROUPLY EXPLICITLY DISCLAIMS ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. GROUPLY MAKES NO WARRANTY THAT THE SITE OR SERVICES WILL MEET YOUR REQUIREMENTS OR BE AVAILABLE ON AN UNINTERRUPTED, SECURE, OR ERROR-FREE BASIS.  GROUPLY MAKES NO WARRANTY REGARDING THE QUALITY OF ANY PRODUCTS, CONTENT, SERVICES, OR INFORMATION PURCHASED OR OBTAINED THROUGH THE SITE OR SERVICES, OR THE ACCURACY, TIMELINESS, TRUTHFULNESS, COMPLETENESS OR RELIABILITY OF ANY INFORMATION OR CONTENT OBTAINED THROUGH THE SITE OR SERVICES. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM GROUPLY OR THROUGH THE SITE OR SERVICES, WILL CREATE ANY WARRANTY NOT EXPRESSLY MADE HEREIN.”

Look closely at that last sentence.

By accepting a subscription to their service, which requires that you accept their Terms of Service, you accept this statement that anything else their people may say outside the TOS is not enforceable as part of your contract with them.

It’s typical TOS or contract language.  But how many people really understand the possible risks and implications?  I’m not sure I do.  I just see red flags with this kind of thing.

A group owner who is not a Grouply subscriber never accepts these terms, and the terms exclude Grouply from liability anyway, even if an owner is a subscriber.

They offer a blocking/opt-out mechanism to group owners, but if they don’t spell it out as part of their Terms of Service or some other formally binding commitment to the opting-out owners, there may be no recourse for group owners if Grouply fails to reliably and safely honor owners’ opt-out decisions, or if Grouply changes their mind about your election to opt-out of their intrusion.

You don’t even have any promises from them about what they will or will not do with their list of all the groups who chose to opt-out, a list that all the opting-out group owners voluntarily give them when they opt-out.  You didn’t sign a TOS agreement with a privacy clause when you gave them that information.

Do they have an enforceable contract with group owners who opt out?  Maybe.  Maybe not.  Are you an expert in contract law?  Have such opt-out arrangements as this one been tested in courts of law for enforceability or related liabilities?

Are you sure that you can safely just take Grouply’s word for it that your opt-out order will be executed reliably and respected indefinitely, even after Grouply changes their system, their procedures, their opt-out mechanism, their TOS, or gets bought by another company, or sells their copy of your message archive (and the formerly password-protected connection to it) to someone else, who then uses it for yet other purposes beyond even Grouply’s control, just like Grouply’s possession of your archive is beyond Yahoo’s control (if Yahoo! continues to allow this)?

They also persist, in this new propaganda sheet, in saying (again) that their “Invite Groups” tool is not a spamming operation, despite the inescapable fact that it is bulk unsolicited commercial email sent as a posting to groups by a commercial company for the purpose of advertising or promoting a commercial product; i.e., classic spam.

Their new group owner propaganda sheet says, “People were not carefully selecting which groups to invite, and so some groups were getting multiple invites. Group members interpreted this as spam being sent by Grouply directly.”

You’re darn right I interpreted it as spam!  And the future spam that will come from your spamming machine will be spam, too!

As their Invite Groups tool is configured to operate as of the time of this writing, Grouply provides their subscribers the ability to use it to spam every one of their groups once every month.

ONE instance of spamming is punishable under federal law by a fine of $11,000, according to the U.S. Federal Trade Commission web site.  Even a first-offense DUI won’t cost you that much.  So is it a serious thing or not?

Grouply is not relieved of complicity in this spamming operation just because a Grouply subscriber asked grouply.com to send Grouply’s pre-written spam for them.  It is bulk unsolicited commercial email SENT BY GROUPLY.COM blindly to unknown parties as a posting to groups.

As someone said to me recently, “If you give me a vial of anthrax powder and ask me to mail it to someone else for you, and I do it, who is guilty OF SENDING IT?”

Does the law say it’s okay to send spam on behalf of someone else?  What does the law say?

At:
http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.shtm
The U.S. Federal Trade Commission says that the CAN-SPAM Act applies to “those who send commercial email.”

THOSE WHO SEND IT.

Grouply.com is sending it, in addition to actually WRITING it, and actively PROMPTING EVERY GROUPLY SUBSCRIBER to pull the trigger on their spam gun, as part of their “Quick Start” subscription procedure.

Imagine if every company did this kind of thing?  We’d be spending more time rejecting spam postings than accepting legitimate ones.

If we don’t take a strong stand against it now, what’s to stop ten or twenty other “archive aggregators” from doing the same thing?  If Grouply gets away with it, why shouldn’t others?  They’ll be encouraged to repeat the creation of archive-swiping spamming machines, and they may not all be quite such nice people as the Grouply folks are.

The FTC says that the law applies to “email whose primary purpose is advertising or promoting a commercial product or service, including content on a Web site.”  Grouply’s “Invite Groups” spam messages have that primary purpose.

The FTC provides a complaint form at:
https://rn.ftc.gov/pls/dod/wsolcq$.startup?Z_ORG_CODE=PU01
It says, “If you have a specific complaint about unsolicited commercial e-mail (spam), use the form below. You can forward spam directly to the Commission at SPAM@UCE.GOV without using the complaint form.”

Be sure to send them the full Internet headers and body of the spam.

And don’t subscribe to Grouply.  And block your groups at:

http://www.grouply.com/owner_controls.php?r=1

or:

http://tinyurl.com/2syg93

Advertisements

Lawyer-Up

February 18, 2008

Ungrouply Behavior,

I posted this message in the GI group in response to Grouply’s assertion that they “had lawyers review the Yahoo TOS to make sure we would be ok.”

You have my permission to post this in Ungrouply Behavior.  The original is at:
http://tech.groups.yahoo.com/group/GrouplyImprovements/message/722

—————————————–
Enron’s chiefs had lawyers, too, who fought hard to defend them.  Not to compare Grouply’s tiny place in the world to theirs, or Grouply’s activities to theirs, but the argument that lawyers said it is okay means almost nothing to me.

Case in point:

The Freecycle Network, Inc. (TFN), which also has a lawyer reviewing its practices (a respectable law firm, as I understand it), said repeatedly (including directly to me personally) that it had Yahoo’s okay for their YG message aggregation scheme (“Finder”), until Yahoo publicly pronounced the technique involved to be contrary to their TOS.  That came only after an outcry from YG members and moderators, and many complaints filed about it, and even then not before national press media gave attention to the matter.  Prior to that, for a long time (more than a year as I recall), the scheme was in place and operating successfully without visible interference from Yahoo.  Once Yahoo became convinced that it was a problem, and pronounced on the matter, TFN immediately took its revenue-generating freecyclefinder.org off the web, despite all the prior lawyerly claims made by TFN that it did not violate Yahoo’s TOS, operated with Yahoo’s knowledge, and allegedly even with their consent.  Grouply’s similar lawyer-reviewed claim of TOS compliance is unconvincing to me.

In their public statement made recently on third party access issues, so far clearly Yahoo is leaving the matter to the discretion of moderators, advising them to do what they think is best for their groups regarding membership eligibility of YG users connected with or enabling access of third parties.

As a group owner-moderator responsible for working to ensure TOS compliance in and by my group, I find that Grouply subscribers are complicit, whether willfully or not, in at least an end-run around certain provisions of the Yahoo TOS, if not directly violating it.  I find that they participate in enabling iGroup, Inc. to abrogate aspects of the spirit and the letter of the Yahoo TOS.  I find that Grouply encourages behaviors contrary to my understanding of the spirit of the Yahoo TOS.  Access and usage via the Grouply method also infringes on previously established internal policies of my groups.

Therefore, members are not allowed to use the Grouply method to access my groups.  There are so few of them, their not being allowed to use their Grouply account to access my group has no effect on the mission effectiveness of my groups anyway, but the presence of just one of them using Grouply does involve significant risks, in my view.  Grouply subscribers otherwise eligible for membership are welcome to participate in my groups, just not via the Grouply.com service, or any other like it.  Not being allowed to use Grouply does not prevent or inhibit their full participation in the missions of my groups, in well established, reliably convenient ways provided by Yahoo!.


Ungrouply Thoughts

February 18, 2008

[Posted here by permission of the author, who asked not to be identified.]

This is not the first time this kind of thing has been done by people trying to cash in on YG message traffic (through back doors, of course, knowing that if they asked Yahoo for permission it would be denied), and it will not be the last.

So far it seems Yahoo is saying that it’s the local moderator’s problem, not theirs.  That stinks, from a user’s or moderator’s perspective.

Still, I have a hunch that if we give Yahoo really solid evidence of a blatant and ongoing TOS violation, especially a broad-scale one that could hurt their reputation if publicized heavily, they may yet act on it, if they don’t see any financial advantage to themselves in Grouply’s success.

From my experience with Yahoo, to get them to act on an abuse complaint, it must be accompanied by detailed specifics of exactly who did what and how it was done, in technical terms.  Sad that they won’t investigate and develop the evidence of it for themselves once tipped off to it, but then ask the FDA why they inspect so little of our food.  Enforcement is expensive, even when it’s relatively easy to do.

There is only one reason for Grouply’s existence: for them to make money when they turn on the data-mining to scour message content so they can target inline message advertisements (inserted at the bottom of every message posted by a Grouply user, riding the forwarding network as messages tend to do) and to target online context-sensitive ads for display to Grouply users while at their site.

It amazes me that advertisers invest so much in online and inline ads, but I guess it really does make money, considering the billions that Google and Yahoo have made over the years.  A penny here and there off each of billions of messages and millions of page views … well, it’s a nice chunk of change.

Consider how Waste Management, Inc., the biggest garbage company in North America, displays online ads in YG … especially in groups having anything even remotely to do with ecology.  One would think, now what do they need an ad there for?  There must be money in it.  If nothing else, just public relations value, which means money, too.

Grouply’s argument that they are providing a useful service to YG users is typical corporate propaganda.  I can see where some very tiny minority of YG users (1 or 2% at the outside over a long time) would like some of the features Grouply offers, but for the other 99%, it’s a pain in the ass and does nothing to improve their experience of YG (and excludes support for anything but YG message archives, I guess because there’s no money in mirroring the photos, files, links and calendars).

But Barnum & Bailey knew what Grouply knows … a sucker is born every minute.  They can be duped by enticements into trying it.  If Grouply can make one dollar per year off each of ten million people (10% of YG users), that’s ten million dollars per year.  That doesn’t count Google Groups users they are also pursuing.  And who knows?  They may be able to secure revenues more like $100 per year off only one million users.  That’s $100 million per year.

Being such a lame product, I really do expect them to fall flat on their faces and go out of business (these days $1.3 million in venture capital is not so “big” relative to the scale of things in their industry) … IF Yahoo or Google doesn’t decide to buy them and make it a “feature.”  Often the best thing that can happen to a startup is to get bought out by a bigger company, and that often means VP desks in the bigger company for the principals of the smaller one bought out.

(The fact that Mark Robins engages directly with us small fry users tells me that he doesn’t have very big guns behind him.  If he did, he would just ignore us.)

The Federal Trade Commission is tasked with enforcing the CAN-SPAM Act.  Unfortunately, under the Bush administration, the FTC is hobbled by understaffing (hard to fund some things while spending a trillion on a war).  I doubt they ever do much prosecuting of spammers unless they are really doing it big-time and make front-page news, or phishers making real progress in stealing credit card or bank account data.  As always, follow the money.  Enforcement activity is probably geared primarily toward situations where real money is at stake, or other kinds of severe criminality.

From things I’ve read here and there it appears that some of the avid Grouply fans are hoping against hope that their being chummy with Grouply CEO Mark Robins will help them get a foot in the door with a startup they think will “go big.”

Every minute of every day all sorts of untoward behavior gets rationalized under the notion that if it means making money, then it’s good, in a world where moral relativism is not just the norm, but the core of the worldview of the dominant belief system … one that many people live by, even though they don’t consciously choose it.  Most core beliefs come from conditioning, not choice.

Highly vocal Grouply fans seem to think that they have hitched their wagons to a rising star.  They see the rest of us as dupes and tools, while they alone see the light.  But it’s a red light, in my view, or at least an orange one, a warning about the possible future for things like YG, and the Internet in general, in a world where Money is God for so many.


YG Abuse Reporting SNAFU

February 18, 2008

I filed a complaint about Grouply.com TOS violation using the YG Abuse Reporting web page, and this is the reply I got (below).

Note that the reply came from “Yahoo! Groups,” but look closely at the subject line and message body.

**GAMES** indeed!!!

—– Original Message —–
From: “Yahoo! Groups” <groups-abuse@…>
Sent: Thursday, February 14, 2008 4:59 PM
Subject: Auto Confirmation – Your Yahoo! Games support request was received

Hello,

This is an automated message regarding your recent request for Yahoo! Games
Customer Care support. Your message was received, and you will hear back
from us within the next 48 hours with an answer.

Thank you for reaching out to us. We look forward to helping you!

Sincerely,

Yahoo! Customer Care
——————————

Oh, well.


Yahoo! Moderator Central

February 18, 2008
Re: Grouply Subscribers Violate Yahoo TOS

http://tech.groups.yahoo.com/group/ungrouply/message/41

This issue has been “taken to the street” in the YG Moderator Central Message Board at:http://messages.groups.yahoo.com/Groups/Moderators/threadview?m=tm&bn=grp-issues&tid=23789&mid=23789&tof=1&frt=2
or
http://tinyurl.com/yrlttg
See also:  their main message boardhttp://messages.groups.yahoo.com/Groups/Moderators/forumview?bn=grp-issues
or
http://tinyurl.com/3d6u2e


Grouply Subscribers Violate Yahoo! TOS

February 18, 2008
[Posted here by permission of the author.]
Executives, staff and contractors employed by Grouply.com having access to their YG-mirrored archives are not members of any of my groups. 
Grouply is retransmitting content and putting it into the possession of people who are non-members (i.e., Grouply staff), if any one member of my group becomes a Grouply subscriber.
The access connection to my group happens by default when they join Grouply.  If someone in my group joins Grouply, by default Grouply instantly changes their YID primary email address in my group to @ grouply.com and immediately, by default, lists it as a connected group in the Grouply subscriber’s Grouply account and profile, and begins capturing and archiving postings from my group to Grouply.com.By giving Grouply.com their YID passwords, members grant Grouply.com access (and possession of data in their groups’ mirrored archives on Grouply servers) that neither Yahoo! nor I granted as the parties controlling access.  This is where I see a violation of the TOS by the Grouply.com subscriber.

Access (and retransmission to another web site) has been granted to parties who are not members of my groups, at least (if not others) those parties who are employed by Grouply.com and are not members of my group.

Note that the YG Guidelines do not require merely adherence to the “letter of the law” of the TOS.  Yahoo! advisedly reserves the right to terminate the account of any person violating even just the SPIRIT of the TOS and Guidelines.  I quote from the Guidelines page at:
http://groups.yahoo.com/local/guidelines.html

– – – – –
Yahoo! Groups, in its sole discretion, may terminate or remove any content, Group or your Yahoo! ID immediately and without notice if (a) Yahoo! believes that you have acted inconsistently with the *** SPIRIT OR THE LETTER *** of the Yahoo! Terms of Service or the Yahoo! Groups Guidelines, or (b) Yahoo! believes you have violated or tried to violate the rights of others. Please help us keep Yahoo! Groups an enjoyable and positive experience. If you see a Group or content that violates our rules, please let us know by contacting us [hotlinked to
http://help.yahoo.com/l/us/yahoo/groups/abuse.html ].
– – – – –
[emphasis mine]
But the Grouply subscriber’s violation of the TOS is in both spirit and letter.

The TOS does not say that retransmission to another website is prohibited ONLY IF that other website restricts access to YG members of the same group as the violating member (as GrouplyFans have argued to be permissible under the TOS).  It says in YG Guideline #11 (which is enforced under the TOS): “A Groups owner or moderator (or any other user) cannot re-post or re-transmit Groups content to any other site unless the person has the explicit permission of every group member whose content is being re-posted or re-transmitted.”

That phrase “any other site” is plain and clear.  It does not specify, “unless that site restricts access only to members of the group.”  It simply says “ANY OTHER SITE.”  The only condition under which it says such retransmission is allowable is also very clear: i.e., with “the explicit permission of every group member whose content is being re-posted or re-transmitted.”

Therefore, any Grouply subscriber in my group will be removed for TOS violation.  This is not to say that they are evil, only that they have exceeded the terms and conditions controlling their membership in my group, whether innocently or willfully.


Grouply Troubles Easy as 1-2-3

February 18, 2008

The blog comment writer cited below details three main areas of concern that he says he has not seen Grouply.com executives address adequately.  They are (in paraphrased summary):

1.  Impropriety of using private volunteer group activity archives for profit-making purposes.

2.  Risks of surrendering Yahoo! ID password, and possible liability of those who do it.

3.  Inability of Yahoo! to provide security of group archives that have been mirrored to the Grouply.com system in violation of YG Guideline #11 and TOS.

From the Yahoo! Groups Blog …
February 12, 2008 @ 9:30 pm

[begin snippet]
Regardless of what Grouply executives Rich Reimer and Mark Robins say, here are the concerns about Grouply that I have not seen them address to my satisfaction in any of their dialog in the various groups addressing this topic: …
[end snippet]

Read the rest of the blog comment at:

<http://www.ygroupsblog.com/blog/2008/01/24/groups-tip-re-posting-content-from-a-group-without-the-original-poster%e2%80%99s-permission-is-a-violation-of-the-groups-guidelines/>

or

http://tinyurl.com/3cfzbx

(just search for the word grouply on this page to find the comments on Grouply.com)