Today I had heard of a new Social Networking site (ala Facebook, MySpace, Virb, etc..) called Quechup. So I joined real quick to secure my preferred username just in case it grew in popularity. Well, it offered the option of entering my username and password to my main e-mail account so that they could check if anybody I knew already had accounts… I didn’t enter mine, because I’m really paranoid, and I’m glad that I didn’t!
From Justin Ryan’s Blog:
The blogsphere is abuzz this week about deceptive practices at social networking site Quechup. Apparently, the site is using customer’s propensity to scan and the tendency to rely on similar experiences in order to create a massive spam campaign.
Several dozen bloggers have posted apologies in the last couple of weeks after Quechup scammed them and spammed everyone in their address books. According to reports, the spam scam works like this:
- Someone you know “sends” you an invite to join Quechup. The email contains the comforting line “You received this because [name of contact who is soon to be quite perturbed] knows and agreed to invite you.” (Emphasis mine)
- You, your interest piqued, wander over to the site and, in a moment of weakness, sign up.
- During the sign-up process, you see this message: Forget searching to see if your friends are on Quechup, check your Hotmail, Yahoo, Gmail, AOL, Outlook or Outlook Express address book to see who you know on Quechup. (Users of other social networks will recognize this; you enter your login information, and the service searches for any of your contacts who are on the service.)
- Maybe you find someone you know, maybe you don’t. You go on to do other things, unaware.
- Within minutes, you start receiving out-of-office notices and angry replies from everybody you’ve ever emailed, because Quechup just spammed them all.
Apparently, in addition to using your address book to help you find your friends, Quechup also takes the opportunity to send them all a message, just like the one you received. Even worse, they have the gall to say you agreed to it!
Most social network sites have some sort of address book lookup feature. However, reputable ones report back who is and isn’t on the service, and then give you the choice to email some, all, or none of the contacts that aren’t. Quechup saves you time by skipping that bothersome “obtaining consent” step.
In the strictest possible interpretation, yes, it does say they will invite non-members. Anybody who has used address book search on another social network, though, will be expecting the opportunity to select which addresses are invited. The only way to prevent someone from receiving a message from Quechup is to remove them from your address book before starting the search: That just isn’t kosher, as far as I’m concerned.
As evidenced by the large number of intelligent individuals currently issuing apologies for accidentally spamming everyone they’ve ever known, I’m going to declare this one a deceptive practice. The average user – indeed, even the above average user – is unlikely to interpret the “warning” to mean “We will send an invitation to everyone in your address book without any further action on your part.” It’s deceptive, it takes advantage of users’ good faith, and it’s creating a lot of headaches.
So, dear users, you’ve now been warned. If you receive an invite to Quechup from anyone, delete it. If you’re really outraged, drop them a message (firstname.lastname@example.org or email@example.com). If you’re unlucky enough to have already been scammed, share your experience in the comments.
The moral of the story: Spam sucks, even if you smother it in Quechup.
Spam wall by freezelight (CC-BY-SA)
Happy St. George’s Day! by hugovk (CC-BY-SA)
Composite by Justin Ryan