This weekend I was startled by some obvious blog comment spam… the destination URL was actually a Squidoo lens. If there’s one person on this continent that can’t stand Spam, it’s probably Seth Godin, author of Permission Marketing and founder of Squidoo.
Note to Spammers: Squidoo is probably not the best place to set up shop.
Anyways, I simply dropped Squidoo a nice note that I reviewed the lens in question and felt there was a spammer on board. Today (it’s Monday), I received a kind note from the team at Squidoo that they took a look at the members’ lenses and it was obvious it was setup as a front for affiliate marketing gained by Spam. They disabled the account. I verified and it’s gone.
Last week, you probably heard the big “to do” about Shoemoney being dropped from MyBlogLog after he posted the User IDs of other members on his site… a flaw in MBL’s privacy model. Shoemoney has since been reinstated after a note from MBL on their blog about the incident and the backlash.
Here’s my take. I don’t have anything against Shoemoney and I certainly don’t have anything against MyBlogLog. MyBlogLog has been a blessing to my blog and others for the exposure it’s gained us. However, I would say this… I honestly believe that when Shoemoney was dropped, it was because MBL was concerned about other bloggers’ privacy as Shoemoney first posted 3 IDs and then added some more.
I don’t believe that MBL had a choice… how far was Shoemoney going to go? Was he going to put one hundred out there? A thousand? Had he written some kind of SQL injection script where he was downloading the database of IDs? MBL surely didn’t know so they cut him off… quickly. That was good for all of us.
It wasn’t about punishing Shoemoney, it was about protecting us. Isn’t that a good thing? Isn’t that what we want? Within one hour, a vendor initiated a defense that may have thwarted a security attack.
… back to Squidoo, Shoemoney – please take note:
I reported an issue to a company and I gave them time to respond and react. I received a confirmation email that thanked me for bringing it to their attention, they investigated the issue, and they promised to resolve it in a timely manner. When I got home today, I checked and the user and their lenses were gone.
With that in mind, when you find a security hole or issue with a product, you owe it to your fellow users to report the information in a timely manner and give them time to react. Hindsight is 20/20, but I would have respected Shoemoney much more had I read on the Marketing Pilgrim blog that Shoemoney had worked with MyBlogLog to plug a security hole the night before.
Shoemoney could have reported the breakthrough, as could MBL and they could have both mentioned that from the time of report to the time of correction was less than one hour. If they don’t react, then absolutely grill them! But don’t post the loophole, grill them, and wait to see what happens. That’s terrible for everyone.
By reporting the issue and waiting on the response, it would have caused much less of a disturbance, avoided a boycott, avoided a gazillion comments across multiple blogs, and would have saved those users from their ID’s being displayed… a win for everyone. I would have thanked Shoemoney and I would have thanked MBL. It would have shown that they were both looking out for you and me.
Oh yea… thanks, Gil (from Squidoo). Thanks, Seth! I appreciate you taking the time out to correct this issue and looking out for all of us.
PS: I’m not looking for a flame war to begin. I respect Shoemoney – he’s a superpower of a blogger with an incredible following. He’s talented and has been very successful. I hope to have half the exposure that he’s had one day. I just want to put my view out there and hope he rethinks the approach when something like this happens in the future. No doubt he will find additional issues with other applications… I look forward to him assisting in protecting all of us!