TenthOfMarch Reviews Advertlets From The Inside (Part Two)

(WARNING: This is a lengthy review) — Final Edition

This is the continuation of the first part of my review on Advertlets.

Right after I logged in, I was greeted by the screen below. Bare in mind that I placed high expectations on them after all the hype over “Web 2.0”, gradients and friendliness they said they provided. However, the screen below is just an eye sore.

Ugly looking statistics in Your Stats page

I think that “Imp” means impression, right? Why not write the full word? Since there is enough space anyway.


Next, why after I am logged in, the first page that I see is the “Your Stats” page, and not the “Dashboard“? I don’t have a problem with it, just that in your navigation bar on the left, the “Dashboard” comes first, then only “Your Stats” and the rest. Nothing major, and definitely not a bug.

TenthOfMarch recommends:
I think either displaying the “Dashboard” first or rearrange the navigation bar to show the “Your Stats” first would generate a better ‘flow’.


You have two pages (“Dashboard” and “Your Stats“) that shows statistics. I agree that having some statistics on the dashboard would be great (IF you display “Dashboard” first after log in).

Statistics on dashboard page

Honestly, I am a bit confused which page you intend to come first. But based on my experience using blogger.com, their ‘dashboard’ comes first. Let’s assume your Dashboard comes first, then the statistics provided in the dashboard should be a general overview of all the statistics. While the statistics in “Your Stats” should be a more detailed version of it.

After analyzing your statistics, I can only know today’s impression, total impression from day one (I think) under “Total” and “Your Stats” page, the past 7 days impression, and monthly impression starting from 2 months back. Why I say 2 months back is because there is no statistics that shows impression for the current month (April) and the previous month (March).

TenthOfMarch recommends:
Add statistics for the current and previous months. It would be great if you can provide a daily statistics for at least the past 30 days. Some graphs would visualize the data better.


If you look at the picture below (in their Dashboard), you will notice my account status is “Pending“. There are 3 reasons why it is pending but I want to highlight the 3rd point — Demographics Poll 100 more needed. I am not sure if it is only me, but I haven’t heard anyone complaining about this.

Firstly, they restrict members to have at least 100 unique visitors to their blog before they can join their ad program. Now, after I register an account, they restrict me on an extra ‘requirement’ before I get a chance to see an ad placed in my blog? Is this right? I understand they need to have some ‘data’ before they can target ads on my blog, but they could have at least stated this ‘requirement’ before I joined their program. I think this is wrong but like I said, I don’t see anyone else complaining.

A ‘requirement’ that was not mentioned earlier

The reason why I don’t like the idea of making the users get 100 polls answered before an ad can be served is some (I found two already) of your users have no choice but to ask for answered polls by irrelevant individuals (people that don’t go to their blog but they answered the poll for the sake of ‘helping out’).

Below are two screenshots that I took when I stumbled on Kenny’s blog. (both bloggers’ nicknames are blurred to protect their privacy)

Member begging for poll takers 1 Member begging for poll takers 2

TenthOfMarch recommends:
Inform the users that they are required to get 100 polls answered before ads can be served to them before they register.


My ‘test blog’ is at http://bunnymakemoney.blogspot.com. I notice most of the time that the “Ads Imp” increases together with the “Poll Imp“. Is this a bug or I just don’t understand how it works?

I also notice that a user can repeatedly ‘self-answer’ their own polls. I have done it 5 times just to test it out. All they need to do is refresh the page after each time they answered the poll.

Poll statistics

TenthOfMarch recommends:
After a user has answered the poll, at least store the information into their cookie (or session). That will prevent them from answering it again.


In their “Your Stats” and “Your details” page, there is a note that says:

Please keep in mind that you will not be eligible to view your demographics data, or be eligible for payment until further details about yourself are verified, and further terms & conditions are agreed to. We will contact you shortly regarding additional information needed.

Come to think of it, I have never seen their terms & conditions and privacy policy page before (or did I just missed it?). Is it legal or right to run a website, requesting for users information without a terms & conditions and a privacy policy page? (I am not saying it’s illegal. I have googled and yahoo-ed but found nothing. This is just a question.)

TenthOfMarch recommends:
Change “Your details” to “Your Details”. Add a “terms & conditions” and “privacy policy” page. Ensure the users are aware of your terms and policy by adding a link at the registration form and a checkbox that they have to tick before they are registered.


Next, the “Your details” page.

Your details page 1

Your details page 2

Your details page 3

It is very seldom that I come across a form that looks like this on the Internet. A professional looking form would look more organized and properly arranged. Apart from the outlook of the form, I found that they did not design the database according to the proper industry standards. If you notice, all the inputs that the user has to key-in are in textboxes. That means that they designed the database to store all informations in this form as plain text.

Data such as “Date of birth” should be stored in date format. “Postcode“, “Children” and “No. of blogs” should be stored as integer type. “Race“, “Religion” and “Language Spoken” should be stored in char(1) or enum, or others. Ironically, two informations (gender and blog category) that are dropdownlist from the ‘registration form‘ are also stored as plain text. Those should be stored as ‘char(1)’ or enum, or other more appropriate types.

A properly designed database would create different type of options for the user to select/input such as textbox, dropdownlist and radio buttons. Below is a screenshot of GMail’s settings form.

Example of a professional looking form (GMail)

So, why should a programmer design a database according to the proper industry standards?

1. Rule Seven: User appropriate types and constraints

The structure of a database is crucial to its ability to transform raw data into usable information. Each database should conform to a set of standard rules designed to optimize its utility. These rules make a database a flexible, usable tool, and not just a place to store information.

2. Poor design/planning

Since the database is the cornerstone of pretty much every business project, if you don’t take the time to map out the needs of the project and how the database is going to meet them, then the chances are that the whole project will veer off course and lose direction. Furthermore, if you don’t take the time at the start to get the database design right, then you’ll find that any substantial changes in the database structures that you need to make further down the line could have a huge impact on the whole project, and greatly increase the likelihood of the project timeline slipping.

3. How to Encrypt Passwords in the Database

Realize that the data in your database is not safe. What if the password to the database is compromised? Then your entire user password database will be compromised as well. Even if you are quite certain of the security of your database, your users’ passwords are still accessible to all administrators who work at the Web hosting company where your database is hosted.

As you can see, designing a proper database according to the ‘standard’ is very important. The proper formatting of the data/information given by their users (that is stored in the database) is crucial to a company. So, how could they have possible missed this point? Therefore, combining all the simple mistakes/bugs that I found in the first review together with their lack of effort in designing a proper database, this is why 2 questions popped into my mind:

1. How much time and effort was put into securing the user’s privacy (password)?

2. Are the users’ password encrypted?

TenthOfMarch recommends:
You should spend more time designing a proper database. The longer you wait, the harder it will be.


In the “Your details” page, there is an item, “No. of blogs“. What if I have more than 1 blog? Do I need to register a new account for each blog? Or one account to multiple blogs? In your FAQ, you mentioned “need to install separate tracking code on each site“.

By the way, in your FAQ, this question “How does the RM10,000 for first 200 bloggers program work?” should be changed to “How does the RM15,000 for first 300 bloggers program work?”, no?


To summarize:
The guys behind Advertlets has put a lot of effort at the ‘front-end’ of their website. I love their poll, design and look. However, I personally feel that they should have balanced their time and effort a little more towards the back-end of their website as well. Iron out all the bugs, find more advertisers and you should be good to go.

15 thoughts on “TenthOfMarch Reviews Advertlets From The Inside (Part Two)

  1. aw says:

    Keep it up! In spite of malicious claims by josh, you have been generously objective as any blogger can be. I think as blogger KY said, many people won’t be deceived.

    Since this is the final review (for now until changes are made? 🙂 ), all the best to Advertlets and Nuffnang. But Advertlets obviously has to learn to be more humble and less political/manipulative.

  2. earl-ku says:

    err simple … the programmer and the interface guy are 2 diff people, since now we know that the programmer is kinda professional, so its the interface guy who is screwing things up …

    or if its just a “one-leg-kicking” thingy, then the programmer is blardy lazy, he has this concept in mind … that is “cincai la”

    wahahahha eh uureally that free ar … the amount of effort u put into this, i think they are hiring a hitmen after you … hahahaha

    nice work

  3. mooiness says:

    I should add that there’s also a grammatical mistake:
    “This are your stats” should be “These are your stats”.

    But that’s nit-picking, seeing as how their other problems are way beyond trivial, especially the password retrieval and account creation mechanisms – passwords don’t match also can go through!

    I’ve been watching this thread with much interest. Working in a webhosting environment myself, I must say that a lot of the usability and form implementation problems would have been ironed out if they have had a few web-savvy people (much like yourself) try to use it. Heck, don’t they use other web services themselves?

    The “Your Details” page looks like it was done by a HTML beginner, and definitely not a “Web 2.0” web programmer.

    And to add insult to injury, these issues indicate a very amateurish approach to it all.

    Advertlets have a great idea and so does Nuffnang. However so far, Advertlets’ implementation of that idea leaves a lot to be desired. Their response to your criticism is also very antagonistic as compared to Nuffnang. You’re a potential user and this is how they treat you?

    As many have mentioned previously, a closed beta would have been a lot of help to them. Advertlets should be thankful of your critique since it’s all free.

    Keep up the good fight. 🙂

  4. Boss Lepton says:

    Nah i think arsyan did a great job with the engine of advertlets. It’s just shabby presentation, no offence. It’s like using a windows vista to play a 80s dos game?

  5. TenthOfMarch says:

    I’ll let them continue doing their ‘thing’. They should bare in mind that, as Boss Lepton puts it, “your competitors should be the mainstream media” and not between themselves. There must be hundreds, if not thousands of ‘possible advertisers’ out there. Snatching from each other’s ‘plates’ won’t do any good for either sides.

    @Boss Lepton
    Thanks, boss.

    Final review sounds like ‘the end’, uh? Maybe I’ll do a ‘post-review’ review after 1 or 2 months. As for now, it’s time to move on.

    Hmmm…I wonder who should be my next ‘victim’. Or maybe I should blog about the birds and flowers for a little while.

    Their ‘cincai’ attitude was the one that raised my concerns. I hope they know which part ‘can’ cincai, and which part cannot.

    LOL. “Free” is quite subjective. I guess I’m just utilizing my time.

    If your predictions on the ‘hitman’ is true, please make a police report if you notice me not blogging for more than 48 hours. Thank you.

    I have a feeling that at least 2 programmers are working on the pages I mentioned in this review. I notice some information on different pages are overlapping. Or maybe they just didn’t planned ‘what to have, and where to have it’ properly.

    There is also a big contrast in design (look & feel) between all the pages.

  6. Josh Lim says:

    In creating Advertlets, a system to make money through your blog, we were aware that there are definite data privacy and security concerns, especially when it comes to trusting a third party to keep your personal details and password safe. Well, some bloggers did too – and one even went as far as to invite tech savvy members of the public to test the security of our system, and try to exploit any vulnerabilities they might find.

    We did not expect this to happen – however, we and our system were not unprepared.

    We first heard of the news through our RSS feeds, and 1 phone call from a friend. So, 2 members of the team stayed awake throughout the night to watch what people would do, and react as if needed. We kept track of what was happening – about 16 dummy accounts were created on the system from unique IPs, our hits rose drastically, and intrusions were detected from Malaysia, Indonesia & Singapore.

    From our logs, we could see as various methods were tried: SQL injection, brute force attacks, URL guessing, and social engineering. The last method was a rather interesting, if futile attempt – someone pretended to be one of our more popular bloggers and requested us to reset their password, apparently having forgotten it. The e-mail header was spoofed to make it seem like it was a actual e-mail of that particular blogger, but we noticed that the reply-to address was another address entirely. To be sure, we checked with the blogger in question, and found that it wasn’t an actual request.

    In summary, throughout all the intrusion attempts, no intruder got to do anything further than creating a few fake accounts on our system, which were easily cleared. Our current security system has now been proven effective in a trial by fire – so yes, Advertlets.com is indeed secure, and we can vouch for the protection of your data and password.

    However, we will leave no stone unturned in our quest to take Advertlets further, and look forward to rolling out additional revenue and security features for our users, especially as our user base grows and we get more popular. Do let us know if you have any further questions, and thanks for your support!

  7. ABC says:

    Huh??? explanation can seems more questionable at times… I am not a techie.. but sometimes, i try to understand…

    1. security issues. How secure IS secure? (believe i asked that before)

    2. Vulnerability of the system is not proven otherwise by just conducting a 24 hour manual monitoring and conclude a concrete guarantee..

    I left myself anonymous this time around. I am sure the owner of this blog can find me. Thats because i do not wished to be contacted with regards to this except for the owner of this blog.

  8. TenthOfMarch says:

    @Shireen K
    LOL. No lah. It’s just that as I dig, I found more. And the more I find, the more I want to dig.

    Hahaha. Sorry sifu. You are the second person complaining that.

    Of course the people are concerned. It is their data that is in jeopardy.

    @Josh Lim
    No hard feelings but to be honest, after reading all the explanations from your team, I am still not 100% convinced with the security of your system (before and after my review).

    I’m quoting Firdauz:
    “What’s assumed as laziness and amateurish was in fact; our best decision at that particular time.

    That sounded ‘wrong’ but well, it could be me.

    I missed something that I didn’t mention in my review. According to this and this, the minimum length of a password must be at least 6 or 7 characters to be considered as standard. Shorter passwords are considered WEAK and are more vulnerable.

    However, I have tested and your system allows password as short as ONE character. I have one account’s password which is “a” and another account’s password which is “abc“.

  9. Cikgu Azleen says:

    I’ve changed my password after reading your post.. Hehehe. I am that type of person who are very lazy to remember their passwordS so I used the same password for every account I have.. Unless if the system rejected that password.. TQ for bringing up this issue..

  10. TenthOfMarch says:

    @Cikgu Azleen
    You are welcome. You are not the only one who uses the same password for *all* accounts. I am sure a large number of users does the same. It is advisable to change your passwords (especially those involving sensitive/important issues such as online banking) regularly.

Leave a Reply

Your email address will not be published. Required fields are marked *