Monday, 12 March 2007

First Gazzag, now Tagged & Facebox

The site www.tagged.com is a new social networking site. I haven't been tracking on its popularity, but the site claims to be the fastest growing teen social community on the Internet. From the corporate information available on the site,
Tagged.com is the premier social networking destination for the Millennial Generation and an ideal place for advertisers who are trying to reach the teen market.
OK, so that tells me (and my friends) to stay away from the site.. we've not been teen-agers for quite some time now. But there are bigger problems with this site than that.

A few months back, I had written the articles de-gazzaging my inbox and more on gazzag about a popular web nuisance that called itself Gazzag. I think tagged.com is just another example of such Internet annoyances. Let's walk through tagged.com's registration process to see why:

Step 1
OK, here's the website. It does look a whole lot uglier on Internet Explorer with some nasty banner advertisements. Anyway, let's create a new account on this.

Step 2
Yep, filled in my details. But take a look at something that I've done - I specified my date of birth as the 31st of February, 1978. Not only did the website allow the non-existent date, it didn't reject me because even though I am not a teenager. I'm wondering what happened to their tagline of being a teen social community.

Step 3

Whoa! Give me a minute.. why does Tagged.com want my hotmail password?!? Yep, one reason only - to get my addressbook, so that it can spam all of my friends with invitations to Tagged.com. Another example of viral marketing in which the existing users don't get a say in who gets contacted. What's more, there doesn't seem to be a straightforward way to get around this screen. I guess the naïve user would not look to bypass this screen and simply provide their hotmail password. While I didn't check if the tagged.com guys have devised mechanism to import contacts from yahoo and gmail, I won't be surprised if they have.

The same problem exists on the website facebox.com, another social networking site. When you register on this, there does not appear to be any way to create your account without importing contacts from your e-mail address books.


But if you click on the "by email address" option, you'd get the option to bypass this step:

Nasty, isn't it?

Let me re-iterate what I had written earlier about gazzag and other sites that ask for e-mail passwords:
... The tool that allows one to import contacts from yahoomail & orkut requires one to enter the username and password of those sites. And a lot of my friends, including a few tech savvy ones, have done exactly that. My question is why??

Would you trust me with your yahoomail password? I think not, I hope not. Then why would one trust gazzag or any other site asking for your yahoomail password? ...
Tagged & facebox are just a few more site that are trapping users into sharing their addressbooks. But the point is that it could get worse.. what if someone in Tagged.com's office is reading your e-mail? Their privacy policy will probably mention that they won't - but how do you know they're going to stand by that? Anyways, the next time a site asks you for your hotmail/gmail password, please think about if you'd like to share your password with me.

If you've sent me a tagged or a facebox or a gazzag invitation recently, I hope you'll understand why I've not responded.

17 comments:

pratima said...

Whoa! now I know the secret behind the zillion Tagged.com invitations that I have received from my friends! Was wondering how ppl have so much spare time to keep sending the invites :)

And the password thing was a revelation to me! If not for this post, I would have probably, sometime in the future, provided my password during registration!

chiranth said...

@pratima

welcome to web 2.0 ;-)

Anonymous said...

On Facebox you can skip this step by clicking the link on the right (skip).

educatedunemployed said...

I want to thank you for the information you have painstakingly put up on your blog regarding these sites.

They are a real nuisance.

chiranth said...

@anon
yep, very true.

But the "skip this step" option is not visible at first attempt. An uneducated user would find it more convenient to give up his password than to hunt around for the "skip this step" button. And that is what causes problems for people in their addressbook.

@EU
you're welcome :-)

priyanka said...

interesting stuff! would often wonder when sites like facebook and snapfish would ask for gmail/hotmail password!
impressive work!:)

Sangeetha said...

hehe....jus like with gazzag, i didnt Tag anyone! i can understand wat a nuisance it is....with all the XYZ Tagged You :)

i hate that stupid smiley after the msg :X

chiranth said...

@priyanka
thanks

@sangeetha
my tagged.com spam count is now at 22 emails, much lesser than the what gazzag ran up to though.

But then, this spam wave will die out pretty fast. once your entire friends' circle has subscribed to tagged.com and sent you an invitation, there will be no more spam mails. That's the light at the end of the tunnel :-)

Anonymous said...

wait a sec, could i comment anonymously now... yoohoo!! Anyway, you wrote exactly what i needed to write to my friends who send the tagged.com invitation my way. I cannot believe they pass out their passwords like that. Thanks.

chiranth said...

@anon

I'm glad I could be of help :)

Paul said...

GOD!! u noobs DO REALIZE that the password is just passed on thru the server and stored or probably disposed of there... and an employee would have to hack into it to get access to it as ne hacker would... :S
besides how else r u gonna find hundreds of ur friends on the website w/o letting the site check thru ur address book???
u wanna send a personal invitation to everysingle one of them?? :S
and u should realize that u CAN pick and choose who u wanna send an invite to... if u do at all...
tagged goes thru ur addressbook and lets u choose who to send invites to.. and finds ur friends who r already on the network...

i suggest u do ur research b4 posting such a baloney of an arguement...

chiranth said...

@Paul

First, don't you call me or any other reader here a newbie without knowing how long we've been working on computers.

Second, no we don't know for certain that Tagged.com is purging our password. The Terms of Service on Tagged.com's website does not even mention the collection of our email's password. And I, as a user, don't know how Tagged.com's systems have been programmed - I don't know how easy or difficult it is for Tagged.com's employees to snoop in on my password. And I'm definitely not going to take your word that it is difficult.

u wanna send a personal invitation to everysingle one of them?? :S
Yes, I would rather.


tagged goes thru ur addressbook and lets u choose who to send invites to.. and finds ur friends who r already on the network...
Okay, this part is new information. I never did give Tagged.com my email password so I never got till this step. In any case, I'd still rather not have Tagged.com rummage through my personal addressbook. I don't know why anyone would.

i suggest u do ur research b4 posting such a baloney of an arguement...
Why don't you give me your e-mail address and it's password? I shall offer you to select some friends from your contact book, so that we can have an extended discussion as to whether my argument has any merit.

queenfarhana said...

This is one of the worst sites on the net. Tricking people out of their contact list is illegal.This jerk at abuse
makes it voluntary on your part if you click "yes" . You gave them the right to take you contacts list without your knowledge...Yeh, that sound like stealing all right!

Should a stranger be asking you for your email login? Most of you know you should not do that, but slick
trickery can fool some.

Read on:

First I want to say, I did not click on yes or no....

I complained to abuse@above.net on behalf of someone else "victim " # ?(who knows)

and hope you all will to. The problem is the above.net person seemed to be defensive of this site, which is unusual. In every case I am aware of, they are trying to "protect" the consumer, but in this case, I was threatened with legal action when I called it "stealing" when it is in fact just that, and I am gathering information from this site as well as others, and may contact people to get declarations if this group of scammers try to threaten me again..Here is the text of the message I received from so called "abuse" see if this sounds like the position someone takes, who is trying to be on the side of you and others who have been scammed by this site.

their position:

Dear Farhana,

"Steal" is a very strong term and carrying possible severe penalties. In every instance that I've investigated to date, the email address and specifically the password for the email account was provided freely by the complainant.

Please provide any evidence that you may have, not just the accusation, that your email password was obtained by means other than by you providing it to them.

Sincerely,

Larry McDonald
Policy Enforcement
AboveNet Communications, Inc.
http://www.above.net/corporate/acceptableuse.html
http://www.above.net/corporate/antispam.html

Caroline said...

Chiranth - thank you for your detailed information. Was curious, I had given my password, even though I know better. Anyway, I had created an account, but deleted it immediately. Did not get to the site where they had you choose names of people you knew, etc. Anyway, I also changed my password on my email account - immediately as well. How quickly do they take your contact list? I am literally sick to my stomach that some people may get this tagged spam email from me. I am hoping they did not get access, but was curious as to how specifically they can access.

chiranth said...

@Farhana - well, I think the legally the site may be well covered. Especially considering that:
1)You're not obligated to use their services
2)You voluntarily gave them your account details

But I would agree that the site has got a trust (rather mistrust) issue, and isn't being customer-friendly.

@Caroline
I'm not sure of the time lag between the user providing the password, and its usage by the site.

Paul (read his comment above) seems to suggest that the password is never retained by their servers. I'm skeptical of that, but if it is indeed true, you may have been lucky.

caroline said...

I am still confused, so bear with me. I logged in to that #$%*&^% tagged website, but never got to this area where the addresses from your contact list show up. I have read a variety of information regarding this. One person told me it does not matter if they have your password, they can access your email immediately. And then I have heard that they would need to actually get into my email account. I AM TOTALLY CONFUSED! I am not tech savvy. so can anyone clarify things for me? How does tagged EXACTLY get my contact list? Thanks so very much!! C.

Anonymous said...

Your blog, http://chiranth.blogspot.com/2007/03/first-gazzag-now-tagged-facebox.html, posts information that tagged.com is on AboveNet's network. Tagged.com is not on AboveNet's network.

The email referenced was dated March 2007 and is no longer valid.

You can use any one of the free resources below to determine current network provider of tagged.com/taggedmail.com:

http://www.dnstrouble.com/
http://thednsreport.com/
http://mydnstools.info/
http://dnsbench.com/
http://www.domaintools.com/
http://www.trimmail.com/news/tools/
http://www.iptools.biz/
http://www.robtex.com/
http://who.is/
https://ws.arin.net/whois
http://www.senderbase.org
http://www.spamhaus.org/sbl
http://www.trimmail.com/news/tools/
http://network-tools.com/

There are dozens of other similar sites available as well.

Please remove your reference to AboveNet and abuse@above.net and report tagged.com complaints to the appropriate network provider.

AboveNet Communications, Inc.
Policy Enforcement
http://www.above.net/corporate/acceptableuse.html
http://www.above.net/corporate/antispam.html