Update (Arrington): MyBlogLog has responded, apologized and reinstated Shoemoney. Caterina Fake of Yahoo (MyBlogLog’s parent company) has written her thoughts as well. It’s time to move on – and Shoemoney should accept this apology.
Yahoo!’s recent addition MyBlogLog is making news again — and not for another security exploit (that was last weekend) or spammer gaming. Well, it is related to those two topics — Shoemoney, a notable blogger in the affiliate marketing world with a fairly large following of readers that like his insight on all things related to online marketing, has been banned from MyBlogLog.
The real funny thing is that the security hole Shoemoney blogged about had been discovered and posted publicly (in French language — translation here) over a month ago by eMich — yet as of this writing, that user hasn’t been banned. Founder Eric Marcoullier responded to this:
That is truly amazing and embarrassing that someone sent us details of this hack a month ago. I’ve checked my historical email (I receive all the incoming emails) and cannot find it, so it either got spam filtered or lost during my transition to a new laptop. Neither is really no excuse. As you may have heard, we’re hiring a community manager who will help ensure that this sort of oversight will not happen in the future.
There is no policy on MyBlogLog’s website to state when they would ban a member — ironically they stated earlier this week that they plan to create a Terms of Service (TOS), so that users would be accountable for breaking the rules.
Shoemoney has posted various exploits in the past, but it wasn’t til this latest one that Yahoo! decided enough was enough. The exploit he posted about was how you could surf the web acting as another user. Thus, you could change some code on your computer and visit a website with the MyBlogLog recent reader widget installed, and the avatar/profile of any MyBlogLog user you want to be, would appear in that widget. Shoemoney posted the IDs of some notables such as MyBlogLog CEO Scott Rafer, Jason Calacanis, and TechCrunch. By doing this, you could continue surfing your own website using Jason Calacanis, and then after 10 visits to your community (if that default option was still set in the user’s account), Jason Calacanis would be joined to your community — and that would give you some clout.
Getting the IDs isn’t hard — it’s referenced in every user’s avatar image filename (note: this was changed within hours of the Shoemoney post). However, MyBlogLog felt Shoemoney was exposing people’s data and then “urging readers to spoof them.” I wouldn’t say he was urging them, but more that he was showing off.
Shoemoney has been a fan of MyBlogLog — supporting the service with their widget on his website and recently posting a list of 10 things he wanted to see that would help improve MyBlogLog and reduce spam. A couple of these ideas have been implemented as a result of this past weekend’s exploits. Shoemoney isn’t the only user to publicly exploit flaws in MyBlogLog — Michael Jensen showed how easy it was to keep your avatar (which could easily be a marketing message or your logo) on webpages of a website — he did this to TechCrunch (we have since removed the MyBlogLog widget). Jensen wasn’t banned.
The backlash has begun with Internet marketing consultant Andy Beal boycotting MyBlogLog until they reinstate Shoemoney’s profile. He argues that anyone could have looked up the MBL data and that it was hypocritical to expect an email from Shoemoney first (pointing out that notable Yahoo! blogger Jeremy Zawodny didn’t email Andy prior to publicly accusing Andy of being a spammer). Photographer and CEO of Flickr competitor Zooomr Thomas Hawk and SEO blogger Graywolf have both removed their accounts in boycott as well.
Since being acquired by Yahoo!, the once loved independent darling of the blogosphere has been feeling the heat — and now gets lumped with any Yahoo! angst. MyBlogLog is no longer the independent underdog start-up it once was — that role has shifted to the new blood in competitors OthersOnline and Explode.
Editor’s Note: Post by Steve Poland, whose blog Techquila Shots brainstorms web start-up ideas.