Historically as a webmaster it’s been inefficient dealing with the invite-only system many of these new websites are employing.

You write about a service that’s in invite-only status and have a few invites to pass around. After your friends and family what do you do with the leftover invites? If you post that you have invites on your blog then inevitably the comments area will fill up with people stopping by and saying they want one. That’s cool, that’s the web working.

But.

Most of these people from my experience only stop by for the invite and then are seen nevermore. In one case the number of “send me an invite” comments after it was stated several times the invites were gone got so bad that comments needed to be closed altogether. I love sharing and that makes up a great part of this blog, but having to tell people who stop by so briefly that they can’t even read the post and comments that we don’t have any more invites to share is a time waster for both of us. More importantly, it puts the burden of distributing and thus promoting a site on the webmaster, not on the site/service. At least if a site is going to make us part of their marketing department, they could make it an affiliate program and pay us for the work.

The existing process makes me feel like we’re being used.

Some people might not have a problem feeling or being used, but I do. Frankly, my enthusiasm in a new website / service wanes considerably these days if it’s setup as an invite-only deal. I’m not talking about private invite-only situations, I’m talking about public invite only distributions. I realize there are some legitimate reasons a site might want to go invite-only, but that doesn’t seem to be what’s happening in too many cases. I’ve seen a disturbing trend develop, what about you?

This morning Thatedeguy was first to tip me off to the service InviteShare, followed by TechCrunch. That’s just the order of how the posts came in my RSS reader but maybe Techcrunch was first. I gave them both links for writing about the topic, but no link for InviteShare after I learned that they are already trying to auction away their site on Sitepoint (picture above). A number of TechCrunch commenters are annoyed as well. What’s the deal, guys, are you just using Techcrunch (and other bloggers) to pump up the sale price of your service and then dump on the highest bidder?

After seeing this, I don’t care how useful this service is or isn’t, this gives me a very sour taste in my mouth.

If you’re site/service is so new that it’s in invite-only, why are you auctioning your site? Or even thinking about selling your site, if that’s the story here? You haven’t even launched yet. I’m surprised that Arrington hasn’t updated his post to point out the site is trying to pimp itself and using a “front page listing on TechCrunch” to increase its value. Talk about leading your readers down a potential dark path, Mike. Shane does tell his readers that it can be bought in a “by the way…” at the post end but doesn’t seem to have any problem with this concept. I can understand being duped and writing a post about the site before you learned these details, but now that you know what they are doing at least update your posts and make readers aware of this important sidestory and how you feel about what this means for how your reader’s information might be used.

Unless of course you want your readers to sign up for something and then have their emails sold to the highest bidder. I’m not saying InviteShare are spammers or intend to do anything nefarious with your information, but that doesn’t mean whomever buys their service won’t be. A lot of ifs, ands and buts here, but I’ve been around the web too long not to be more cynical than the average bear. Just what we all need, more spam.

Unless InviteShare drops the auction and plans to be around a month from now, I’ll continue searching for a service without baggage like this to better deal with the invite situation, which I still believe is a scheme in and of itself, no thanks to Google and others.

Update July 21, 2007 5:02pm PST: TechCrunch ended up buying InviteShare in the auction for (the rumored?) price of $25,000. So they contributed to making the price even more expensive, Mike admits. At least TechCrunch won’t be putting this one up on the auction block write away and it already has more buzz than Edgeio.

Head of webspam for 6 years Matt Cutts responds to an Information Week article by Thomas Claburn asking if Google’s spam fight is a sham. Matt tried to respond in the IW comment system, but it swallowed his comment and didn’t publish, so he blogged it instead adding that he wished Mr. Claburn had tried to email somebody on the team with his concerns. As someone who has emailed Matt before, I can tell you that at least he does personally respond to emails over there. Still, I don’t email someone at Google every time I write a critical piece about them either so I don’t think that matters that much.

Coincidentally yesterday I received an email from Blogcritics editor Eric Olsen sent to all the blogcritics requesting any blog posts created appear at blogcritics.org first before appearing on blogger’s sites, and his reasoning:

Ironically, due to an aspect of their algorithms set up to catch splogs and other content stealing sites, because a higher percentage than normal of our stories appear elsewhere first, namely home blogs, we keep getting caught in their net. Although they have assured us that they understand our operation and value us as an integral part
of the Internet, it is clear we are going to have to resolve the issue on our end.

Last time I checked Blogcritics.org was a group blog site doing in excess of 50,000 unique visitors a day with over 1,000 contributors and the fact that they are getting caught in the net of Google tells me that Google’s spam efforts aren’t a “sham.”

Splogs are a huge problem and if the secret anti-spam sauce for Google is going after the pages that post them later, that’s fine with me.

Claburn makes a good point about the domain parking page being mostly spam that Matt pretty much says isn’t his department. I’m unable to point to a single parked domain page that was valuable to me as a surfer, but I can see why webmasters and Google would be interested in them.

This might be old news to some, but I’m just getting up to speed on this one. I’ve used Site Meter on most of the blogs I contribute to but somehow missed the whole discussion about them allegedly being paid to plant third party cookies like specificclick in visitor’s browsers.

Eric Odom quotes a long response from Site Meter on the issue where they essentially say the specificclick cookie is harmless, the company is reputable, they check out any company before doing business with them.

I just inspected the Site Meter privacy policy to see if it specifically mentions or addresses planting third party cookies as part of their stats service but the closest I could find was this (emphasis mine):

“Site Meter does not share any customer Personal Information with any third party other than those business partners which are directly involved in managing our day to day business operations, such as, without limitation, our billing and payment processes.”

In Site Meter’s detailed comment response to Eric (hey Eric Otom, the code that turns my cursor into crosshairs isn’t cute it’s annoying) they also indicate that in order to provide the comprehensive stats they offer they require the specificclick cookie that has caused Eric, Todd Cochrane, Davis Freeberg and several others to remove Site Meter from their blogs.

Debbie makes some good points that Site Meter should have sent their customers an email before they started planting third party cookies. Site Meter competitor Statcounter says they were offered money to plant the (same?) cookie and said no.

Though I like third party stats primarily for advertiser and reader transparency — if I say we did X number of visitors, readers can go to a page and verify — I have no problem showing Site Meter (or any other service this site is using) the door if the service starts slowing the site down or doing anything unethical. The Site Meter service has been sketchy lately since they upgraded the features and we have been thinking about removing them anyway.

As for the unethical part? What little information I’ve gleaned about Specific Click thus far (website is 404, that’s not good) hasn’t proved as damaging as them being proven true “spyware.” A lot of people throw around the word ’spyware’ too easily these days. It’s like yelling fire in a movie theater for netizens.

I’m digging but haven’t found anything unethical about Specific Click yet and being that it’s been a little while, has anybody else? NetWizard inspected the Site Meter code and shows the calls back specificclick.net writing:

While this is not true spyware per se - there is not physical software installed, nevertheless it is a tracking cookie which is being installed without permission.

There it is again, it’s not spyware “per se.” Look, something is either spyware or not, there isn’t such a thing as almost spyware.

Let’s not forget that anti-spyware services profits (in a big way) from people buying into Fear, Uncertainty and Doubt and the one linked at the top of this post for specificclick is no different. Many of these services will give you a computer risk assessment and yet want $39.99 to get rid of anything. The services I’ve seen so far list the specific click cookie as “low risk” which seems like a reasonable threshold for a service that provides statistical information.

Beyond the fact that Site Meter didn’t use good judgement in properly notifying its customers they were doing this — and that alone is damning — where is the skullduggery with Specific Click?

While investigating this issue further and as an act of good faith to Hmm readers Site Meter has been removed until further notice. While on the topic, I’ve been thinking about removing Google Analytics too. In this day and age being able to advertise less third party JavaScript usage and faster loading pages is advantageous.

I’ve grown somewhat weary of third party JavaScript code impacting reader experience. Provide the tools to hook into an API and let’s do this stuff server side. Enough of all this third party Javascript baggage.

You’ve seen CAPTCHAs before, it’s where you type characters in a picture to prove you are human.

The two major issues I’ve experienced with CAPTCHA implementations are:

1. garbled characters
2. image only CAPTCHAs aren’t accessible to sight-impaired

The latter can be resolved by offering a clear text to speech voice option. Unfortunately most created CAPTCHAs don’t (myself included with Form Sentinel) offer voice functionality. On my someday to-do list is adding voice capability to Form Sentinel.

There have been some creative CAPTCHA options like the hotornot CAPTCHA and there’s a new one called reCAPTCHA from Carnegie Mellon University which uses the CAPTCHA to fix OCR (optical character recognition) problems digitizing books:

reCAPTCHA improves the process of digitizing books by sending words that cannot be read by computers to the Web in the form of CAPTCHAs for humans to decipher. More specifically, each word that cannot be read correctly by OCR is placed on an image and used as a CAPTCHA. This is possible because most OCR programs alert you when a word cannot be read correctly.

This is not planned to be a permanent change (if you don’t like this please speak up below) but I’ve reimplemented a CAPTCHA on the comments using reCAPTCHA. It’s already running and working in the comments below. Fellow bloggers with Wordpress can snag the Wordpress plugin here. Note: you’ll need to register at reCAPTCHA to get a public and private key.

We tried CAPTCHA in the comments here once before and I took it away after receiving some complaints from sight-impaired readers. As someone with sight that is getting progressively worse as the years pile on, I can sympathize with these readers. If any sight-impaired readers are disappointed that I’ve readded CAPTCHA, you’ll be delighted to know that this reCAPTCHA offers a voice challenge, woohoo!

I want to help this digitizing books project and would also like sight-impaired readers to be able to leave comments. Readers please let me know what you think of this project and the CAPTCHA being re-enabled in the comments area.

Will this cause you to leave less comments? Do you mind typing in the extra two words or not? Hmm doesn’t require registration to leave comments (to me that’s worse than a CAPTCHA) and it will remember your details in a cookie if you allow them, so all you’d need to type is your comment and two extra words. I’m particularly interested in those who feel this will make them leave less comments than they would without a CAPTCHA in use. The last time I tried CAPTCHA here it didn’t have any negative impact on the number of comments being left and significantly reduced the amount of comment spam. I removed it because of the valid accessibility complaints.

Personally, I don’t mind using CAPTCHA as long as I can read it. I despise CAPTCHAs that I can’t read and won’t keep refreshing the page to get a better looking one, I’ll just pass on leaving a comment.

I like using my Sony PS3 to help find cures and this seems like a good use of the comment feature to help accurately digitize more books and help reduce the growing onslaught of mechanized comment spam. Agree? Disagree? Sight impaired people will benefit from having more digitized books that their text-to-speech readers can read too.

Paul wonders if comment spam is down lately:

Did the spammers take Easter off? Have they lost interest in this blog considering none of their spam’s get through? Is it simply a lull in the storm?

I decided to check the comment spam numbers for this blog over the last nine days:

Doesn’t appear to be much difference in the overall comment spam flow here, Paul.

Tracking spam and creating spam art
One of my recent weird science experiments in the Hmm Labs has been to take all the comment spam this blog receives each day and computer generate 16×16 icons based on the spam. It’s a completely automated program that runs via cronjob nightly. I’m also tracking some other statistics about the spam partly in an attempt to understand and analyze different patterns and the overall spam DNA. Here are the spam art generated icons since I started the experiment:

I realize it kind of looks like nonsense but I’m thinking that 100 or more days together might form some type of spam art mosaic. I’m definitely not the first person to try and make spam art, but I couldn’t find anybody else out there making comment spam icons. If this project is something that would be of interest to you, let me know in the comments below.

Maybe a social spam art mosaic? If you are wondering why, then ask yourself why not? Maybe we can turn something ugly into art.

Wired reporter Annalee Newitz created an intentionally bogus blog and then bought around $100 worth of diggs through the service user/submitter and proved she could get dugg to “being popular” status.

When I woke up in the morning, my story had been awarded the “became popular” tag and had 121 diggs. U/S had done what it promised: The company had helped me buy my way into Digg popularity, and my site traffic had gone way up — overnight, I’d been hammered with so many hits that the diggers had to set up a mirror. The results of my experience also undermined Digg CEO Adelson’s claim that U/S didn’t work. Adelson could not be reached for comment after the experiment was complete.

People have been debating whether it is right or wrong to buy into popularity for ages. The answer clearly is whether it is right or wrong, it continues to happen. Perhaps the most interesting part of this story is the last paragraph where user/submitter explains how Digg could effectively put them out of business. It’s almost like they are taunting Digg to pull the feature which allows viewing what other people have dugg.

The Second Life search results can and are being abused by a search ranking based on traffic. Recently the ReviewMe service allowed bloggers to set their own prices and break away from the auto-assigned prices that were set based on an estimation of RSS subscribers, Alexa traffic and Technorati rank. This has led to two out of five star blogs with substantially less traffic which formerly were priced around $50-100 like Richi Jennings ($750 per review) charging more than Lifehacker and Boing Boing ($500 per review). I’ve left the prices for reviews here unchanged ($250). I thought about making it something different like $252 or $248, just to be a little different but there’s no way I’d raise the prices primarily to game the search as some folks are doing.

Bloggers en masse should not be raising prices anyway in ReviewMe, we should be lowering them to invite more advertisers into the system which benefits the group as a whole. I think that was the general hope/idea from ReviewMe when they made the prices flexible, not so advertisers could be gouged and the search results gamed.

BTW, ReviewMe could fix their system by ranking sites for advertisers based on blogger actual production, not prices. That means ranking based on successful transactions between advertisers and bloggers. This way prospective advertisers could see what blogs actually were working to provide quality reviews at a fair price versus those who want to overcharge advertisers. I shouldn’t be surprised by guys like Richi Jennings who was the same guy who couldn’t get my name right in a byline awhile back, but go right ahead advertisers and pay him $250 more than Lifehacker! Crazy.

These examples are provided primarily to illustrate that gaming happens all over the place, not only at Digg. Sometimes more obvious than others. The solution is to be wary of packaging online and before investing time and/or money in anything look closer at who is actually working vs. giving the impression that they are working. The two don’t always jive.

Shoemoney is being met with the old 403 forbidden notice when he tries to use MyBlogLog service, yes, he’s been banned. While he claims to have been given no specific reason it might have something to do with him writing blog posts showing how to masquerade as other uses (cookie file hack) and exploit other spammer-friendly holes in MyBlogLog. Did Shoemoney tell the developers these things privately and give them a chance to fix the issues? My guess is no which is the same sorry game a number of security vulnerability sites play.

Scott Rafer showed up in Shoemoney’s comments to confirm there would be a refund for his pro subscription.

I’ve complained before about the lopsided way security vulnerability sites work. It’s extremely easy to report a bug but it’s a lot harder for the patch to get the same kind of press/exposure. There is one security vulnerability site that has been carrying a notice on a program I wrote that’s over five years outdated now. I gave up trying to contact them and get an update to the page with where the patch was available. It must invite more eyeballs sharing vulnerabilities (bad) and is less interesting sharing the solutions (good).

With this in mind I sure hope even though Shoemoney is banned that he’ll give MyBlogLog the same type of press when/if the MyBlogLog team fixes the problems he’s identified and exposed.

I’m all for honest, detailed reviews of products but when it comes down to something that leaves a service open to spammers and can impact other users negatively, one should at least try to get the company’s help through direct contact. I’m not sure if Shoemoney was in contact with them privately or not.

In this case MyBlogLog, er Yahoo, takes a hit. Even if Shoemoney was in the wrong here, Scott Rafer, you guys didn’t handle this situation right. Fix the bugs and thank those who report them to you, no matter if they embarass you/your company in the process or not. Do not ban customers who blog negatively about your product.

In light of these problems, I’ve removed the MyBlogLog sidebar panel from our VTOR group blog and I will not be adding it to any other blogs. I’m glad I didn’t bother using it here. Those who are using MyBlogLog might want to read Jeremy’s posts and think twice.

eBay style rating service at ReviewMe good or bad idea?
While talking about negativity, it seems ReviewMe, the service I’ve used roughly a dozen times, that pays for reviews is adding an eBay style rating service. I like the concept of allowing advertisers to rate the quality of a review I write but am concerned that it will be used as a weapon against negative reviews written.

If that’s starts happening I’ll be out of there.

Advertisers are paying me to look at something and give my honest opinion and I don’t want or need some rating vengeance scheme messing with the process. I don’t mind getting rated down if I write a lousy quality review, heck I like the idea of the advertiser being able to rate the quality of my reviews. In eBay you are rating whether the item was as advertised and delivered promptly, that makes sense. In a paid for review scenario, an advertiser could positively rate positive reviews of their product/services and rate negatively the converse. That’s problematic if that starts happening.

Will advertisers rate reviews on quality? Can they? Or will they be biased against negative reviews?

I would be more than happy to compare the reviews I’ve written against any other reviewer in the ReviewMe system as my reviews currently average around 1,500 words (more than seven times the minimum 200 word requirement), contain images and details of my experiences good, bad and indifferent.

When it’s released I hope advertisers will not use this rating tool vindictively. I try to provide everybody that I review helpful information that will improve their site/product/service and do so without any agenda. Every product/service I’ve reviewed through the system has been either brand new or relatively new to me. I don’t use NOFOLLOW so a good review and bad review get the same kind of link treatment. That leaves the quality criteria to the actual information provided in the reviews.

I would like to see every legitimate company sell more products/service on the web, but the whole point of getting an unbiased review means that sometimes there will be negative feedback that needs addressing. Banning customers like MyBlogLog did to Shoemoney or rating a reviewer negatively because of a negative review isn’t right.

To reiterate, this hasn’t happened to me or anybody else yet, the rating service isn’t even live, but I just wanted to share a concern for the rating system and felt like the comments area of the ReviewMe post wasn’t good enough. Think I still have Patrick Gavin’s email address so I’m going to send along a link to this post as well. Maybe he’ll respond in kind below.

The comments area on all the reviews I’ve done is wide open and would encourage the advertisers to stop by and dispute, update and/or challenge anything I’ve written. If I make any mistakes I’ll be happy to update the review and credit accordingly.

I hope the ReviewMe folks make it very clear to advertisers that they should be making their rating based on the quality of the reviews and not the overall rating and also that reviewers understand they do have an obligation to write a thorough honest review of a service and not just skate by with the 200 word minimum and disclaimer.

Update 2/25/07 6:31pm PST: MyBlogLog has unbanned, apologized and are now actually promoting Shoemoney on the front page. I think it’s wonderful that they’ve done the right thing (after peer pressure set in) but I’m going to hold off on reinstating their code. I believe in second chances, but would like to see what other skeletons, if any, shake out of the code closet first.

With postage rates inching closer to 50 cents marketing via traditional mail caused many marketers to move to email. Junk mail in our mailboxes has noticeably decreased. In our offline business my preference remains to market with snail mail, despite the increased postage. Apparently we aren’t the only ones according to an article in the Seattle PI.

“The amount of direct mail has increased,” partly because of reduced telemarketing calls and because the industry feels it’s effective, he said.

“It’s a huge irritant,” Watson said, “and it’s a waste of time for people. It uses a huge amount of time sorting through unwanted mail. … It’s something that almost everybody has a problem with.”

I’m biased, but really, how much time does it take to wade through the junk mail? At our local post office they have huge garbage bins and counters. You can pull out the junk and deposit it before leaving the post office. I think the longest it has ever taken me to wade through a stack of junk mail is 60 seconds and that was with a full box.

At our PMB for the online business we get maybe a dozen or so junk mails a month. Yeah, that’s a real drain on my time to go through that. Dell is one of the biggest junk mailers sending along their full color catalogs. Maybe it’s just me, but I don’t mind junk mail. Certainly not like spam. The amount of spam I received in the few minutes I spent writing this post is more bothersome than the junk mail we receive all year.

How has your snail mail load been over the last five years? Increased? Decreased?

Cue Antony Mayfield, another disappointed TypePad customer having trouble receiving comments on his TypePad hosted blog:

If you’ve tried to leave a comment on this blog and been unsuccessful you could try being more anonymous, according to Six Apart’s support team … The work around suggested to me by the helpdesk was to use a proxy service - they recommended unipeak.com.

Sadly, these problems aren’t anything new. I couldn’t leave comments on my own TypePad blog because of their overzealous anti-spam filters two years ago.

Ironically I learned of Antony’s troubles from TypePad competitor Mr. AutoMattic, who took this opportunity to shamelessly recommend his service instead:

Akismet is platform-agnostic, and it already works great for all self-hosted systems, why shouldn’t it be available to people on Typepad? (Or Blogger.) If the folks on Fourth street don’t want to pay for an Akismet site license (though I’m sure we could work out a discount for their volume) they could just make it an option for users to specify an API endpoint.

Unfortunately, Akismet still erroneously flags MakeYouGoHmm.com trackbacks as spam even after Matt stopped by here when I last complained in great detail about the problem. See Nathan’s comment here. I’m still happy to troubleshoot this issue with anybody from the Akismet team that wants to contact me directly. I don’t use Akismet here, but I’m happy to work though this if they actually give a damn.

My advice with blog antispam is to roll your own solution and not spend money on anybody else’s filters. If you use one of the many free filtering solutions be very careful that you aren’t filtering out sources that will help you (like Googlebot). Some of the solutions out there will filter out the good bots. At least with your own filtering solution you’ll understand what is and isn’t getting through and why. Services like Akismet and TypePad’s baked in solution are black boxes.

I’m not saying you or I can do any better ourselves, but we can hardly do worse. At least we know who to blame when nobody can leave comments on our own blog, including ourselves.

As for diverting your customers to use a proxy to get around your own craptacular filters? Assuming Antony isn’t making this TypePad help desk story up that’s the most ridculous thing I’ve heard in awhile. People keep investing in Six Apart … because?

Update 1/18/07 4:34am PST: And here’s Darren Rowse from Problogger expressing concern over Akismet’s spam filtering (emphasis mine):

I use Akismet and have noticed this happening a little more than normal lately. I’ve talked to the team at Akismet and they have told me that my blog is in the top few in terms of quantities of comment spam and that as a result there have been a few more false positives than normal.

Update 1/22/07 7:12am PST: Freevlog:

Well it turns out that the Askimet spam filter not only caught 30,000 + spam comments (thanks!) it also caught the last 40 or so legit comments.

If you are using the default database configuration of Wordpress, then here’s a command line MYSQL query — also works in programs like PHPMyAdmin — to see what the breakdown is of approved, spam and waiting comments:

This will return a query that looks like what’s pictured and highlighted at the top of this post. These are the codes:

0 = pending comments
1 = approved comments
spam = comments you’ve marked as ’spam’ or deleted.

For some strange reason comments aren’t actually deleted in the Wordpress database when marked ‘delete’. I didn’t look in the code to see why this is being done this way, but to me when you delete something that means it actually gets deleted, not saved in the database in the spam bin. Perhaps there is a good reason why the Wordpress team is doing this but you don’t need to keep these deleted/spam comments unless you want to use them to detect spam patterns or abuse.

Assuming you don’t want to keep those comments, here is the code to clean out the spam comments from the wp_comments table in Wordpress:

Voila. You will now have a Wordpress-powered blog clean of spam/deleted comments. The busier your blog, the more these comments will start adding up so might want to set some sort of cron job that wipes out these comments once a week, month, whatever.