Internet Marketing Monitor
February 23, 2007
I Smell an Overreaction in the MyBlogLog vs ShoeMoney Debacle
Filed Under (Opinion, Bad Calls) by Derick on 02-23-2007

You've heard that whole "kicking a dead horse" phrase before, right?  Well I'm not typically a fan of that kind of behavior.  But after spending nearly an hour this morning reading various posts, comments, and general bitching from a number of other sites, I've decided to give the dead horse one more kick.  Because I think I have a different perspective than a lot of the other folks talking about the issue.

Yesterday I mentioned the fact that MyBlogLog had banned Jeremy Schoemaker of ShoeMoney.com from using their service.  A quick rundown looks something like this:

  • Schoemaker published a post detailing how easy it was to find a MBL user's ID
  • Using that ID, anyone (even non-MBL users) could impersonate MBL users as they surfed the web
  • In addition to posting how it could be done, Schoemaker included a list of names and ID numbers from some prominent bloggers (and at least one MBL employee)
  • In response, MBL fixed the exploit and banned Schoemaker for posting other user's information

There are a couple of givens here, too.  The ID numbers were easy to find so he didn't technically hack their system or anything.  As I said yesterday in my response to the original ShoeMoney post, it's a very insecure system and the flaw needed to be pointed out.  I went home last night amused by the whole thing… but not really of an opinion either way.

This morning I discovered that there had been a huge uproar in the blogosphere about it.  Marketing Pilgrim's Andy Beal is boycotting MBL until ShoeMoney's account is reinstated.   Loren Baker at Search Engine Journal still doesn't see why Schoemaker was banned.  Jim Kukral says the action could push MBL into the "uncool" territory.  And literally dozens of other blogs are talking about the "childish" or "stupid" or "amateur" reaction of MyBlogLog to the situation.  This doesn't include the comments left on numerous blogs that basically reiterate the points being made by the bloggers themselves.

I said that I went home last night without an opinion.  But after seeing all of this in my feed reader this morning, I do.  As I said earlier, I'm pretty sure my perspective on the whole situation is different.  Most of these folks are blogging buddies.  I don't know any of them.  And I can look at the situation without having personal feelings about the way some company is dealing with one of my "friends".

I think MyBlogLog did the right thing.

I know… I know… I've done my fair share of MBL-bashing in the past.  But one of the goals upon which Matt started The Internet Marketing Monitor was balance.  When someone does something right, you should commend them and support them for it.  When someone does wrong, you should call them out on it.  And interestingly enough, Matt and I don't agree on most of the details of this situation.  But one of the fundamental flaws of a lot of blogs is the imbalance of their writing.  A lot of bloggers have a hard time stepping outside of their box of thought.

I think MyBlogLog has made some mistakes along the way.  I think their system needs a lot of work.  And I think their customer service is horrible (I've emailed them twice and never once received a reply).  That being said, I would have done the exact same thing that they did in this situation.  And here's why.

It's true that ShoeMoney's exploitation of their system has helped them fix a number of flaws in the past.  I'm sure they'd rather him have discussed the issues with them in private.  But unfortunately, the Internet doesn't operate like that most of the time.

The difference between this last post and other ShoeMoney posts is that he crossed a line this time.  He posted (and continued to add to) a list of prominent bloggers and their MBL user IDs to go along with his post.  He didn't just tell people what the flaw was or how it could be exploited.  He told them what it was, how to do it, and gave them a list of people to impersonate.

Too much info.

I don't care if the user IDs were easy for anyone to find.  There's a difference in telling people how the trick is done and passing out personally identifiable information about other users without their permission.  Several of the folks exposed on the list are the very same ones who are now crying foul at MBL.  Maybe they don't care.  They should.  But whether they do or not is irrelevant.  Someone on that list might.  Or someone on the next list of IDs for another service that ShoeMoney might publish.  If he wanted to post his own ID, that's his business.

Just because something can be done doesn't mean it should be done.  There are billions of illegal MP3s, movies, and warez floating around out there.  It's all available for any Joe Schmoe to go and get.  But the simple fact that it's there doesn't mean it's right to go out and steal all of that stuff.  ShoeMoney could have made his point just as effectively without posting those people's IDs.  And that's the line that he crossed.  There was absolutely no added benefit achieved by providing that list other than to stir things up (which I must say worked out very well).    The explanation of the exploit was just as effective without the list as it was with it.

By providing that list for the entire world to see, ShoeMoney, in effect, became a trafficker of stolen identities.  I don't even know why he would want to do that (except for the obvious linkbait purposes).  Granted, MBL isn't your credit report or your bank account.  But I know I personally wouldn't want my face being plastered up all over the web on who knows how many sites I'd never actually go to.  And these bloggers, who arguably owe a lot of their success to their reputations, shouldn't be cool with that either.  There's nothing to stop me from hijacking a MyBlogLog ID number from any of them and spending the rest of the day leaving spoofed comments (since that's so easy, too) with their names and MBL faces.

Seriously, people.  Why doesn't that bother you more?

I think a lot of this reaction has to do with friendships and blogging circles.  "Oh that stupid MyBlogLog… they can't do that to ShoeMoney!  He's my friend so I think they're all amateur idiots for banning him" (even though he exposed several of you to the world).  It's hard to react appropriately when it's a friend that does something.  Things that we'd normally get mad about seem funny or inconsequential when our friends do them.  And if we were truly friends with those people we'd be able to call them out just the same.. .and say "hey… that's not cool.."  If I, who am a complete stranger to all of those people, had posted that list… if I'd been the one telling people how to imitate these other bloggers… do you think they'd react the same way when I got banned?  Of course not.

MyBlogLog has it's flaws.  It, like most fairly new products, is far from a finished deal.  And I'll admit that their track record on a couple of things has been sketchy lately.  If they really are selling information, which their privacy policy says doesn't happen, they need to be called out on it.

But this is one instance when I think they reacted just like any other company would have (and should have).  If people are allowed to push the limits once… they'll do it again… and again (as ShoeMoney has done numerous other times).  Next time it might not be something as harmless as a MBL user ID.  The next time it could be something that actually does matter.  And companies just can't take that risk.

So regardless of what the ShoeMoney circle of bloggers is saying, I don't think MyBlogLog did anything that warrants a boycott.  And if that's the way some people want to react when companies respond to security threats, that's fine.  But it sets a bad example for other companies in future.  To avoid negative press some other company might not react in a similar way, even though it really is the best course of action for them to take.

So enjoy your boycott, folks.  Great show! 

Related Posts & Pages Recent Posts

Permalink   


Comments:
7 Comments posted on "I Smell an Overreaction in the MyBlogLog vs ShoeMoney Debacle"
Eric Marcoullier on February 23rd, 2007 at 11:58 am #

Thanks for the post.

You are right in that we need to improve our customer service. That’s why the Community Manager is the first new person that will be added to the team.

We also need to continue improving our code. We have promptly patched every flaw that’s been alerted to us (minus the emails that we never saw for various reasons) and we now have four guys working round the clock upgrading the entire code base.

The one thing I really wanted to reinforce was your last paragraph. We are working on setting up a solid Terms of Service, but honestly, I’m not sure what the point is. What I’ve learned form this (and have had several prominent marketers, and even my wife, tell me in the last 24 hours) is that it doesn’t matter whether Shoe was wrong or right. All that matters is that he’s popular. And with popular people, we’re supposed to just look the other way.


Derick on February 23rd, 2007 at 1:16 pm #

I guess you could look the other way when people exploit your system. But what would that say about your company? It’s a tough decision to make, especially when you’ve got marketers and spouses telling you one thing.

But I think there’s still something to be said for integrity. And not just on a personal level. I think it says a lot about a company that holds everyone to same standard. Especially when you’re talking about something like this that could potentially affect other, unrelated customers.

I’m also realistic, though. And I know that sometimes companies do bend the rules for numerous reasons. PR folks will tell you to make the popular, vocal folks happy. But I still think that if your reasoning is sound, and you tell your side of the story, you’ve made the best decision. In this case, I think your reasoning was definitely sound.

I don’t envy your situation. It’s hard to balance what’s best for business and the potential reaction from a select group of vocal users.

But does what’s best for a small subset of your population outweigh what’s best for the rest?


Li Evans on February 23rd, 2007 at 3:31 pm #

“All that matters is that he’s popular. And with popular people, we’re supposed to just look the other way.”

See that’s where I think the thought process is wrong, it should actually be reversed. Because he is a popular blogger he should be more responsible with his blogging.

Where is comes into play - is that MBL needs to acknowledge, that yes he is a popular blogger, but you aren’t “punishing” him or “making and example” of him because he’s so visible. Efforts should be made to engage him in the conversation, and then let the cards fall where they may.

If you (MBL) make the effort, and don’t turn this into the he said/MBL said, that it could turn into, this could turn into a win/win for you both.

I agree - Shoe was wrong with his approach. But, there are a ton of your users out there that disagree with me and Derick - that’s what you really need to look at too.

~Li


Bartek Krzemień on February 23rd, 2007 at 3:45 pm #

I fully agree with you. This is a great post, thanks a lot :).


When You Walk the Fine Link Bait Line, You’ve Got to Be Prepared To Cross It on February 23rd, 2007 at 4:30 pm #

[…] Well… I've given the whole MyBlogLog issue a lot of thought.  As Derick pointed out, we didn't agree on the finer points of the debate.  But I've got a few thoughts to share on the general issue of link baiting (which I think was the real issue here). When you engage in link baiting tactics, you have to be sure that you're ready and willing to accept the consequences of those actions.  ShoeMoney is no stranger to link baiting, either.  A few other examples of Shoe's previous link baits:  […]


MyBlogLog Bends… And Now a Little Clarification is in Order on February 26th, 2007 at 11:20 am #

[…] MyBlogLog Bends… And Now a Little Clarification is in Order Posted by Derick on February 26th, 2007 Last week the blogosphere erupted over the banning of ShoeMoney from the MyBlogLog service.  You can read the basics of what happened here.  Well… I thought it was all over and done with.  But I guess I was wrong.  And I guess enough people made enough noise to cause MBL to change their mind about the whole thing.  But not only did they change their mind, they also issued an apology and have turned ShoeMoney into a MBL celebrity on their site.   I'm keeping my personal feelings on the whole thing to myself this go around.  But I think you could easily figure them out after reading the previous post on the issue.  That being said, I would like to request a little clarification from MBL on exactly what this whole thing means for their service.   We now know that popular bloggers can do whatever they want and not only get away with it, but also be made into MBL celebrities. We know that MBL will "look the other way" when someone like ShoeMoney violates the company's terms of service.  But where does that leave smaller blogs like The Internet Marketing Monitor?   MyBlogLog has no terms of service of it's own.  Instead, there's a link to Yahoo's terms of service in the footer area of the site (Yahoo is the parent company of MBL).  I don't think the Yahoo TOS were there before this all happened, though.  At any rate, according to those TOS, users of all Yahoo services are bound to the following terms (emphasis is mine).   Users may not:  […]


Headlines of Note for May 25, 2007 on May 25th, 2007 at 3:14 pm #

[…] to the work of SMOs would say something like that. Oh well. Not surprised. The folks at MBL have made a habit of putting their feet in their […]


Post a comment
Name: 
Email: 
URL: 
Comments: