spokeo spam
Spokeo, a crappy social network aggregator service, spammed my entire address book without my consent—almost 1000 contacts. My apologies if you got hit. Pain...
Once you sign up, if you click any 'friend' email address, instead of seeing a detail page about them, you get the following dialog:
Notice that it insinuates you are a loser unless you click 'yes'. I've never been peer-pressured by a web app before.
All the checkboxes were marked by default. On the original page where you input your webmail details, the site specifically says "we will not send emails to your contacts," so I kinda thought I was covered:
Of course the message itself says that I gave my "explicit approval."
So now people are getting fake invite codes (because you don't actually need an invite to sign up for the site), and my own inbox is full of bounce replies. Seriously... what a disaster.
Plus it seems like a clear violation of CAN-SPAM.
irony
Spokeo is a Rails site:
$ curl --head http://www.spokeo.com ... Server: Mongrel 1.1.3
They used my own codes against me.
March 06, 2008
24 comments
I'm so embarrassed...
It even emailed my girlfriend's cellphone and woke her up.
That is extremely rude of them! I almost did it too.
I have deactivated my account.
Yeh, I never use those things. Even more reason not to now, I guess. :)
The invite email links to a page that immediately asks for my email password. Geez.
I was worried that you, dear Evan, joined the Social 'viral' Networks when I got that...
I think gems like 'blackbook' and others should be banned, spam other users on your behalf are not polite (and worse not state that on the site!).
Maybe it's time to add to the license of the software we write a "you promise to do good, not evil with this piece of software".
Yeah...I had been conditioned to not care and just change my password afterwards.
That didn't even halt delivery in this
case because Spokeo just forges the From:
header. The messages are actually sent from their own SMTP.
I thought you really wanted to keep track on my goings-on over teh intarwehbz. I'm terribly hurt.
chowda: I did...I just didn't want you to know about it.
I saw the one to me then one to PhillyOnRails and thought hrmmm he's really excited about this Spokeo thing or Spokeo is spamming on his behalf.... dang!
Saw this on PoR and also the Rails Business list from someone. Pretty funny if you're not the one to whom it happens. I'll happily learn from your mistake and never visit this site.
That gimmick is how Facebook went to the top of the social networking heap. It's essentially the "I Love You Virus" with a user interface.
So if Facebook can do it, and leave all the items checked, any FB clone can, too!
And FB deserves its 8-billion dollar valuation because..?
Incidentally, these spams seem actionable under CAN-SPAM because they contain materially misleading headers and statements of fact.
That's what lawyers are for, man. Do it.
That sucks. All apps should show you a preview of the outgoing message. I hit this with Yahoo Mash even... they asked me to write my own message for the invite and then they DIDN'T USE MY MESSAGE.
wtf
I would have been happy if it had just told me that there was going to be a message.
I agree with Giles - based on what you said they have misleading terms of service, and asking every user for their email password is crazytalk.
Hmm, a database of name, email, and validated email passwords? How long until they sell that, or it gets hacked and sold? (Or they could do the first but claim that it was a hacker.) Now anyone with that DB can write a bot to mass-signup and then get the email validation messages, then spam spam spam on any "private" social network.
Shutting them down would be doing the world a favor.
I've never been to the Spokeo site.
I made a post about them on my Live Journal, though. Within 60 minutes, a Spokeo rep (LJ user "spokeo") had commented on my post, and "Spokeo the Hedgehog" had left the same message on my Facebook account.
The message was essentially a solicitation, inviting me to copy my OUTLOOK (not webmail) address book to a .csv file and upload it to Spokeo. An Outlook contact file contains real names, addresses and telephone numbers.
No, I'm not kidding. I was floored by the speed and the content of this response to an LJ post. Incredibly alarmed by the personal attention I was receiving, I deleted my Live Journal, Facebook and Hotmail accounts.
This unwanted and bizarre contact from Spokeo convinces me that the contact lists are a resource that they are very actively seeking.
I've sent details of the incident to the US Department of Justice web fraud dept, and other North American criminal investigation organisations.
Draw your own conclusions!
Spokeo is linked to Guy Kawasaki... maybe we can embarrass him into doing something.
I say bring back web 1.0
seriously, that kinda stuff just bothers the hell out of me.
"peer pressuring from a web form" What marketing genius came up with such a brilliant clever idea.
spokeo == pr0neo
Anyone know if B. Spears uses spokeo?
This is the same way that the spammers at Crushlink.com used to operate. Same way. They spam spam spam and entice you in to feed them more email addresses and then they spam spam spam those people, and sell the lists for $$$.
I got this spam last night and was really upset about it. Of course, apparently they've changed the spam (or I got a different one) and it now doesn't "rat out" the friend that caused you to be spammed. I have a screen shot of the email on my blog:
Hey all,
One of our website readers alerted Privacycom (https://www.privacycom.org) of Spokeo and we are currently writing up an extensive article about the Spokeo website and the major privacy and security violations it incurs on its' users.
If you would like to contribute your views and write-up's to our article and help us spread bad word about Spokeo to help get it shut down or secured, then please email me (The Managing Director) at
jenny.hallas@privacycom.organd we can create one large, collaborative articleto spread this information.
I honestly was confused about the 'Want to See More Stuff?' blurb, but I figured it was asking me to invite friends, so I unchecked all contacts except my boyfriend (and that was only to see what message he'd get). I don't know why, but that page didn't come up straight away for me when I clicked on people in my contacts list. First, I could see each contact's social network activity, then a few minutes later, I got the 'Want to See More Stuff? page if I clicked on individual contacts. Because of this, I did figure out that I could already see my contacts' activities, this other option must be to invite them to be actual Spokeo friends. But it was very confusing, and I could have just as easily misunderstood what they meant. That is my main criticism of the site - they need to make this explicit.
I signed up because it was the only social aggregator I could find that supported Last.fm and Multiply and it seemed very convenient. I don't want to see what everyone I've ever emailed is doing, so I'm deleting all but close contacts. But I still don't know whether to trust them.
Thijs van der Vossen says (March 06, 2008):
Apologies accepted. ;)