Smart Football is one of my favorite blogs. If you’re a football fan at all, you should check it out. Unfortunately, the site’s owner has run into a problem. Some person (whose name is supposedly Anil Jayanna) has registered the domain name smartfootball.net and put up an exact copy of his Web site, apparently to make money on ads (but potentially to distribute malware).
From the whois results, I can see that the registrar is Melbourne IT and that the DNS for the domain appears to be handled by Yahoo. A lookup on the site’s IP address reveals that it’s hosted in Russia.
The obvious steps are to email the registrar to report the abuse in homes of getting the domain name revoked and to email Yahoo in an attempt to get the DNS turned off. Maybe I’m cynical, but I don’t believe that emailing the hosting company in Russia is going to do a lot of good.
What else should Chris do? I hear about content theft fairly regularly, but I haven’t seen too many instances of an entire site being copied in this fashion. For all the horrible misuses of the DMCA, this is the sort of thing it was actually designed to prevent. This incident demonstrates its ineffectiveness, though, because the registrar and the hosting company are overseas and are thus out of reach. I guess if SOPA were in effect the Web site could be blacklisted — but in a thankfully SOPA-free world what recourse does the content owner have?
Jim Bumgardner explains how he used the command line tool curl and a bit of clever thinking to cheat at foursquare on a massive scale:
At some point last week, I devolved into a 12 year old hacker, and I spent many spare hours (and my computer’s spare cycles) abusing the system with a set of scripts operating fake accounts. Not only did I add new venues like the North Pole, but I started persistently checking into coveted landmarks, like the Statue of Liberty.
What can I say? It was fun, and foursquare’s incentives (badges and mayorships) spurred me on. Incentives invite abuse, even from mild-mannered folks like me.
I wonder if anyone has ever tried to calculate a percentage of the engineering budget that should be allocated in advance to fighting fraud and abuse? The folks at Glitch probably need to figure out what that number is.
Update: Speaking of the incentives to game systems, what happens when you create a system where teacher performance is evaluated based on how students do on standardized tests? Some teachers cheat on the tests on behalf of their students. Testing companies have developed a system that can detect this kind of cheating by evaluating erased answers.
Today a Senate staff report prepared for Jay Rockefeller was released that details how “loyalty programs” harvest subscribers by purchasing ads on the “thank you” pages that are displayed after you complete a transaction with various online merchants, many of which you’ve heard of.
These Web loyalty programs, run by Affinion, Webloyalty, and Vertrue, have hauled in $1.4 billion in revenue and paid about $800 billion of that back out for ad placement. The Consumerist has a list of the 88 companies that have earned at least $1 million in this fashion.
Felix Salmon has more on the numbers and the ownership of the firms that are doing the scamming.
Xconomy has a page that illustrates changes Webloyalty made to comply with a settlement in a lawsuit filed against them. You can see how the scams work from the illustration. Basically, when you’re done with your transaction an add is displayed offering you a coupon or a special offer. I’ve seen them many times, but never clicked. When you agree to accept the special offer, you’re enrolled in a “loyalty program” that charges you a monthly fee after 30 days. Because of agreements the merchants have with these other companies, your credit card number is automatically given to the “loyalty” vendor. So people are accepting these offers without reading the fine print and subscribing to a service they don’t want or need. The next thing you now, weird charges are showing up on their credit card bills.
There are other scams, too. For example, Ben Stein makes ads for a “free” credit score reporting service that secretly signs you up for a $29.95 monthly subscription in exchange for accessing the free report. Felix Salmon has been all over this for a few months.
There are active comment threads about this at Hacker News and Metafilter.
Update: For a somewhat unfiltered look at what WebLoyalty promises, check out this page at the Americart site. Americart is a third party shopping cart provider, and one of the “benefits” they offer is free WebLoyalty integration. If you add it, they’ll give you $100 for every 1000 transactions they process, which isn’t a very good deal compared to what you’re getting. Your customers get a $10 discount coupon so long as they sign up for one of WebLoyalty’s insurance programs. I feel gross just having read about it.
David Pogue has blown the whistle on unethical billing practices at wireless carriers before, and he does it again today, this time calling them out for making it difficult for customers to avoid getting tagged with excess data charges every month. Here’s a quote from an unnamed Verizon employee:
The phone is designed in such a way that you can almost never avoid getting $1.99 charge on the bill. Around the OK button on a typical flip phone are the up, down, left, right arrows. If you open the flip and accidentally press the up arrow key, you see that the phone starts to connect to the web. So you hit END right away. Well, too late. You will be charged $1.99 for that 0.02 kilobytes of data. NOT COOL. I’ve had phones for years, and I sometimes do that mistake to this day, as I’m sure you have. Legal, yes; ethical, NO.
AT&T pulls exactly the same stunt. (Via Daring Fireball.)
It looks like the increasing unwillingness of ISPs to just return a “host not found” response to the browser is starting to cause problems. ISPs have figured out that it’s easy to make money by intercepting DNS errors and redirecting browsers to ads. The ISPs justify this by saying that the DNS errors aren’t helpful and that they’re adding value, but it’s a transparent money grab.
As is so often the case with these kinds of schemes, the people who implemented it did an awful job, and opened a huge exploitable hole that enabled malicious sites to hijack real domains and impersonate their owners. I can’t help but wonder if the reason so many of these boneheaded money making schemes are rife with security holes is that the companies can’t find any decent programmers who are willing to build them.
I expect to see a lot more of this thing happening as ISPs continue to try to exploit their position between users and the sites they’re trying to reach.
© rc3.org. Powered by WordPress using the DePo Skinny Theme.