Category Archives: Reviews

Online Advertising Killer! Make Money Reading Ads

Posted on by

Online Advertising Killer — another uprising Malaysian advertising website?

As advertised in the website, you can earn money from them with 3 simple steps:

  1. Register an Account
  2. Read Advertisement
  3. Get Paid

Online Advertising Killer is a newly launched website. It started operation mid April 2007. Currently, it has slightly over 10,000 registered members. Not bad for a new company. The website is available in 3 major languages — English, Mandarin and Bahasa Malaysia.

Here’s a sampel of their advertisement. The advertisement will be accompanied by two (or more) questions. The answers can be found from the advertisement itself. This is to ensure that the members look through the advertisment.

Online Advertising Killer’s form of advertising is different compared to other advertising companies like Google Adsense and Nuffnang. With Nuffnang, the advertisement is displayed to a group of readers. Meanwhile with Online Advertising Killer, the advertisement is only displayed to the member. Therefore, the potential buyer for an advertisement at Online Advertising Killer is only the member him/herself.

I don’t think Online Advertising Killer will make it big (I may be wrong). The main reason is that people who joined this program are looking for money, not to spend money. For example, what’s the point (for the member) to earn RM1 for an advertisement but end up paying RM10 for a set meal advertised by KFC? That way, the more advertisements the member views, the more he/she loses.

If you’re thinking that the members will only view the advertisements but will not purchase the products or services advertised, then why should an advertiser even bother to advertise?

These are just my views. Mind to share yours?

Change Your Password ASAP If You Used Blockoo.com

Posted on by

After my review on blockoo.com, I received a feedback that suggests blockoo.com is indeed “not as safe as it should be”. Even the co-founder of the company mentioned that they were approached by two antivirus firms to reveal their source code or risk blacklisted.

It doesn’t matter if they are able to prove (using their source codes) that they do not store user’s passwords in their database. I raised a question to the founder of blockoo.com as to why did they store the user’s email and password in a cookie. That question is left unanswered up to this point.

So far, their arguments are based on trust. They bought an SSL certificate, reveal their source code to the public, boast over their “more than 350,000 users” and proudly declare that “no one saying that their password was stolen”.

I don’t buy it because of two reasons. Firstly, even though they have purchased the SSL certificate, it is not utilized at all. Traffic to their website is not automatically redirected to https://www.blockoo.com. Data transmitted is only encrypted if the user goes through the https part of the website. Therefore, their purpose of buying an SSL certificate but not fully utilizing it at all is a perfect example of Lanpah-pahlan.

Secondly, why do they need to store the user’s password in a cookie? That is simply bad practice. The password in the cookie is not encrypted at all. Therefore, it is vulnerable to outside attacks. Storing the password in the cookie is totally unnecessary. If the user wants to recheck the block list, they can easily re-enter their password.

Based on the reasons above, I join Azmeen and PsyCHZZZ’s call to urge those who have used blockoo.com’s service to change their passwords IMMEDIATELY! I am not saying that they stole your passwords but the way they handled your passwords (ie. storing your password in a cookie) means that it is possible that your password has been stolen by a third party, with or without their knowledge.

Once again I would like to add, blockoo.com is a nice service to have (for some), but has started off on the wrong foot. They should have concentrated more in building a system where user’s vital information (eg. passwords) are safely guarded.

This is not the first system that I reviewed that posses a threat to user’s password security. Well, it ain’t my password that is vulnerable. To change, or not to change, is totally up to you.

Review: blockoo.com, Know Who Blocked Or Deleted You From MSN Messenger

Posted on by

I was asked to check out blockoo.com, which I did. In the process, I found a few interesting points about that website. So, I decided to do a review on it. I would like to caution my readers that blockoo.com is NSFW (not safe for work). You wouldn’t want your boss to catch you viewing a website that has a link that reads, “Meet the sexiest teenagers totally free iclick here!” or pictures of girls wearing nothing but bra and panties.

After some digging around, I found out that a typical message received on MSN Messenger that “promotes” the website looks like this:

hey!! you really have to check this site [website URL] it’s awesome, now you can see who blocked or deleted you :D:D!! try it right now (Y)

In the early days of operation, the [website URL] was inserted as http://www.blockoo.com/en/. However, MSN Messenger must have blocked/banned that URL from appearing in any conversation due to complaints on spamming. The URL was later changed to a TinyURL. Only recently (5th June 2007), the domain name blockadvise.com was purchased to replace the TinyURL (as shown as the screenshot in Freethinker’s blog).

From the screenshot below, you will notice that the website is infested with advertisements that links to an adult website. Considering that teenagers should make up the majority of the users of the website, the advertisements are highly inappropriate. Why I said teenagers should make up the majority of the users, you may ask? Well, who else gives a damn if anybody in their contact list blocked them? đŸ˜‰

blockoo.com main page

After being pressured by potential users claiming the lack of confidence in the services of blockoo.com (due to the fact that it requests user’s username and password without a SSL certificate), a SSL certificate was bought on 5th June 2007.

Even though the SSL certificate is in place, it is not utilized at all. This is evident from the “spammed promotion” messages sent and the fact that accessing the website by entering http://www.blockoo.com does not automatically redirects the user to https://www.blockoo.com. Users need to access the https part of the website in order to have the data transmitted to be encrypted.

I hope this is a mistake and not an attempt to allow users to continue transmitting data without proper encryption.

Another “feature” of the website that I personally feel distasteful (also brought up by PsyCHZZZ) is the “MSN Messenger user signed in alert” advertisement as shown in the screenshot below. That is in fact an advertisement disguised to look and feel the way MSN Messenger alerts the user of a contact that has just signed in. I don’t think it is illegal, just bad karma (or whatever you call it).

There are two items in blockoo.com that I think might infringe the copyright of other companies. The first item is the Yahoo smiley icon beside the text “THIS SITE DOES NOT CHANGE YOUR NICK” as shown in the first screenshot above. The second item is the “MSN Messenger user signed in alert” advertisement as shown in the second screenshot above. Is it legal for blockoo.com to copy those (I assume) without permission from either Yahoo or MSN?

My final thoughts of blockoo.com…

It is a nice service to have. However, it started off on the wrong foot by choosing a wrong method to promote the website (ie. spamming mass sending messages to the user’s contact list on behalf of the user). I believe that the majority of its users should be in their teens. Therefore, advertising adult websites in it is inappropriate.

Is this service really necessary? So what if someone did block you in their contact list? If they did, the problem could be either you or them. So what? Just move on. The world doesn’t end when someone decides to block you on their contact list.

TenthOfMarch Reviews Advertlets From The Inside (Part Two)

Posted on by

(WARNING: This is a lengthy review) — Final Edition

This is the continuation of the first part of my review on Advertlets.

Right after I logged in, I was greeted by the screen below. Bare in mind that I placed high expectations on them after all the hype over “Web 2.0”, gradients and friendliness they said they provided. However, the screen below is just an eye sore.

Ugly looking statistics in Your Stats page

I think that “Imp” means impression, right? Why not write the full word? Since there is enough space anyway.

**********

Next, why after I am logged in, the first page that I see is the “Your Stats” page, and not the “Dashboard“? I don’t have a problem with it, just that in your navigation bar on the left, the “Dashboard” comes first, then only “Your Stats” and the rest. Nothing major, and definitely not a bug.

TenthOfMarch recommends:
I think either displaying the “Dashboard” first or rearrange the navigation bar to show the “Your Stats” first would generate a better ‘flow’.

**********

You have two pages (“Dashboard” and “Your Stats“) that shows statistics. I agree that having some statistics on the dashboard would be great (IF you display “Dashboard” first after log in).

Statistics on dashboard page

Honestly, I am a bit confused which page you intend to come first. But based on my experience using blogger.com, their ‘dashboard’ comes first. Let’s assume your Dashboard comes first, then the statistics provided in the dashboard should be a general overview of all the statistics. While the statistics in “Your Stats” should be a more detailed version of it.

After analyzing your statistics, I can only know today’s impression, total impression from day one (I think) under “Total” and “Your Stats” page, the past 7 days impression, and monthly impression starting from 2 months back. Why I say 2 months back is because there is no statistics that shows impression for the current month (April) and the previous month (March).

TenthOfMarch recommends:
Add statistics for the current and previous months. It would be great if you can provide a daily statistics for at least the past 30 days. Some graphs would visualize the data better.

**********

If you look at the picture below (in their Dashboard), you will notice my account status is “Pending“. There are 3 reasons why it is pending but I want to highlight the 3rd point — Demographics Poll 100 more needed. I am not sure if it is only me, but I haven’t heard anyone complaining about this.

Firstly, they restrict members to have at least 100 unique visitors to their blog before they can join their ad program. Now, after I register an account, they restrict me on an extra ‘requirement’ before I get a chance to see an ad placed in my blog? Is this right? I understand they need to have some ‘data’ before they can target ads on my blog, but they could have at least stated this ‘requirement’ before I joined their program. I think this is wrong but like I said, I don’t see anyone else complaining.

A ‘requirement’ that was not mentioned earlier

The reason why I don’t like the idea of making the users get 100 polls answered before an ad can be served is some (I found two already) of your users have no choice but to ask for answered polls by irrelevant individuals (people that don’t go to their blog but they answered the poll for the sake of ‘helping out’).

Below are two screenshots that I took when I stumbled on Kenny’s blog. (both bloggers’ nicknames are blurred to protect their privacy)

Member begging for poll takers 1 Member begging for poll takers 2

TenthOfMarch recommends:
Inform the users that they are required to get 100 polls answered before ads can be served to them before they register.

**********

My ‘test blog’ is at http://bunnymakemoney.blogspot.com. I notice most of the time that the “Ads Imp” increases together with the “Poll Imp“. Is this a bug or I just don’t understand how it works?

I also notice that a user can repeatedly ‘self-answer’ their own polls. I have done it 5 times just to test it out. All they need to do is refresh the page after each time they answered the poll.

Poll statistics

TenthOfMarch recommends:
After a user has answered the poll, at least store the information into their cookie (or session). That will prevent them from answering it again.

**********

In their “Your Stats” and “Your details” page, there is a note that says:

Please keep in mind that you will not be eligible to view your demographics data, or be eligible for payment until further details about yourself are verified, and further terms & conditions are agreed to. We will contact you shortly regarding additional information needed.

Come to think of it, I have never seen their terms & conditions and privacy policy page before (or did I just missed it?). Is it legal or right to run a website, requesting for users information without a terms & conditions and a privacy policy page? (I am not saying it’s illegal. I have googled and yahoo-ed but found nothing. This is just a question.)

TenthOfMarch recommends:
Change “Your details” to “Your Details”. Add a “terms & conditions” and “privacy policy” page. Ensure the users are aware of your terms and policy by adding a link at the registration form and a checkbox that they have to tick before they are registered.

**********

Next, the “Your details” page.

Your details page 1

Your details page 2

Your details page 3

It is very seldom that I come across a form that looks like this on the Internet. A professional looking form would look more organized and properly arranged. Apart from the outlook of the form, I found that they did not design the database according to the proper industry standards. If you notice, all the inputs that the user has to key-in are in textboxes. That means that they designed the database to store all informations in this form as plain text.

Data such as “Date of birth” should be stored in date format. “Postcode“, “Children” and “No. of blogs” should be stored as integer type. “Race“, “Religion” and “Language Spoken” should be stored in char(1) or enum, or others. Ironically, two informations (gender and blog category) that are dropdownlist from the ‘registration form‘ are also stored as plain text. Those should be stored as ‘char(1)’ or enum, or other more appropriate types.

A properly designed database would create different type of options for the user to select/input such as textbox, dropdownlist and radio buttons. Below is a screenshot of GMail’s settings form.

Example of a professional looking form (GMail)

So, why should a programmer design a database according to the proper industry standards?

1. Rule Seven: User appropriate types and constraints

The structure of a database is crucial to its ability to transform raw data into usable information. Each database should conform to a set of standard rules designed to optimize its utility. These rules make a database a flexible, usable tool, and not just a place to store information.

2. Poor design/planning

Since the database is the cornerstone of pretty much every business project, if you don’t take the time to map out the needs of the project and how the database is going to meet them, then the chances are that the whole project will veer off course and lose direction. Furthermore, if you don’t take the time at the start to get the database design right, then you’ll find that any substantial changes in the database structures that you need to make further down the line could have a huge impact on the whole project, and greatly increase the likelihood of the project timeline slipping.

3. How to Encrypt Passwords in the Database

Realize that the data in your database is not safe. What if the password to the database is compromised? Then your entire user password database will be compromised as well. Even if you are quite certain of the security of your database, your users’ passwords are still accessible to all administrators who work at the Web hosting company where your database is hosted.

As you can see, designing a proper database according to the ‘standard’ is very important. The proper formatting of the data/information given by their users (that is stored in the database) is crucial to a company. So, how could they have possible missed this point? Therefore, combining all the simple mistakes/bugs that I found in the first review together with their lack of effort in designing a proper database, this is why 2 questions popped into my mind:

1. How much time and effort was put into securing the user’s privacy (password)?

2. Are the users’ password encrypted?

TenthOfMarch recommends:
You should spend more time designing a proper database. The longer you wait, the harder it will be.

**********

In the “Your details” page, there is an item, “No. of blogs“. What if I have more than 1 blog? Do I need to register a new account for each blog? Or one account to multiple blogs? In your FAQ, you mentioned “need to install separate tracking code on each site“.

By the way, in your FAQ, this question “How does the RM10,000 for first 200 bloggers program work?” should be changed to “How does the RM15,000 for first 300 bloggers program work?”, no?

**********

To summarize:
The guys behind Advertlets has put a lot of effort at the ‘front-end’ of their website. I love their poll, design and look. However, I personally feel that they should have balanced their time and effort a little more towards the back-end of their website as well. Iron out all the bugs, find more advertisers and you should be good to go.

TenthOfMarch Reviews Advertlets From The Inside (Part One)

Posted on by

I did mentioned that I will be reviewing Advertlets after I am done with Nuffnang. Doing so must have given Advertlets some advantage over Nuffnang. There have been boastful moments where Advertlets proudly show off the ‘front-end’ of their website — state-of-the-art poll, Web 2.0, demographic etc. With all that in mind, I approached the review with high expectations of what lie behind the login page.

Let’s start off by registering an account. As usual, the interface looks nice with all the rounded edges. The only thing that looks “old” is the “Register” button and the dropdownlist. However, what bugs me the most is the way the form is formatted. In Java we call it the “FlowLayout“. What it does is you put an element in the form on the right of the previous element. You repeat the step until there is no space left, then you start with a new line. That’s exactly how they have formatted this form. This is a very lazy way to format the form. Even the length of the textbox for the “Blog Address” is too short.

Registration Form Layout Not Organized

TenthOfMarch recommends:
Rearrange this form to look more organized. The “Password” and “Verify password” textbox should be side-by-side or one on top of the other. The textbox for “Blog Address” must be at least twice longer. Change the “Register” button and maybe the two dropdownlist to look more “Web 2.0”.

**********

After completing the form, I clicked on the “Register” button. To my surprise, I was greeted by nothing but a plain popup that says, “Registration Successful“. Once again, this is very dull, and may I add, LAZY! You could at least redirect me to a proper page with the appropriate messages.

Registration Successful Message

So I checked my mailbox for a confirmation e-mail but there were no new mails. I checked again for the next 5 minutes, but still no new mail. I had a very bad feeling in my stomach. I tried to login with the username and password that I created a while ago, and I was logged in. I was SHOCKED! Few weeks back they said they had a DDOS attack. And now they have an open registration without a verification system? Aren’t they afraid? Anyone with some basic knowledge of HTML can create a script to fill up their database with junk accounts using fake e-mail addresses in 5 minutes.

TenthOfMarch recommends:
Create a better looking confirmation page. A javascript popup is a bit too lazy, don’t you think? Add a layer of registration verification where users have to reply or click on an activation link before their account is created.

**********

I wasn’t satisfied with their registration process. In fact, I had a feeling that there are more things to be discovered in this area. Therefore, I did some further testing. This is when I registered a second account with them. I inserted the same details as the first account (ie. same username, e-mail, blog address, name etc). Again, I was greeted with a dull looking error page that should only be seen by the programmer, and NEVER the end users. Honestly, pages such as these are amateurish. It’s like a shoddy work of an undergrad.

[If there’s any IT undergrad reading this and is offended, I’m sorry. I know most of you can do better than this.]

Duplicate Error

Their system rejected my registration because I inserted the same username. Of course! So I change the username (other details remain the same), and tried registering again. To my surprise, it was accepted. Some of you may ask, “So what?” For those who have some knowledge in IT, you’ll know that it is a good practice to refrain a user from registering two seperate accounts using the same e-mail address and blog URL. This is yet another shoddy work with no effort put into designing a proper system at all. I have just done the same test on Nuffnang’s system and they work as I had suggested.

Invalid Username Or Password Popup

TenthOfMarch recommends:
Change the e-mail and blog URL fields to accept only unique values. There should not be duplicate values for those two fields. Create a proper error page with information and links for the user to retry the registration process if their attempt fails.

**********

Confident that I would find more shoddy works, I tested how their system would react to invalid username and password combinations. Sure enough, I was only greeted with a javascript popup that says, “Invalid Username / Wrong Password“. And after clicking the “OK” button, I was staring at a blank white screen. What the …? You should have redirected me to a page where I can retry to login process. And don’t ask me to use the damn “Back” button. The proper way is to display a page for the user to try again, not a damn blank screen.

TenthOfMarch recommends:
Create a proper error page with information and links for user to retry their login process.

**********

BUG Of The Century

I actually found out this bug right before I published this post. It has to be the bug of the century. I wonder if the programmers behind Advertlets are trying to fool the users or themselves. I tested this twice (I have 4 accounts with Advertlets now), therefore I am very certain it’s a bug.

In the registration form, we are required to insert a password into the “Password” textbox. Then, we need to verify the password by typing it again into the “Verify Password” textbox. What ‘every-normal-system‘ would do is to make sure BOTH the passwords matches before the registration process can be completed. If the user mistype the passwords, an error message must be alerted requesting the user to retype the password.

However, I tried registering an account by inserting passwords that doesn’t match (hoping that the system will reject my registration). To my horror, ADVERTLETS’ SYSTEM ACCEPTED IT! đŸ˜† OMG……I can’t believe this.

TenthOfMarch recommends:
You know what to do.

**********

After successfully logging into their system, I immediately found more amateur works. The basic principle of a website is to show links for a user to login or register before they login into the system. However, after the user has logged in, those two links must be removed and replaced with a logout link. I remember back then, some of my weaker coursemates will make mistakes like these. However, to catch a company with experienced programmers making mistakes like this — priceless.

Parts Of The Page That Should Be Removed

TenthOfMarch recommends:
After a user has logged into the system, remove those links circled in the picture above.

**********

I’m finally logged into their system. So far, my experience using their system has been a lousy one. I don’t believe any company should launch their website if they are not ready. In this case, I believe Advertlets’ website lacks the most basic design and functionality any websites should have. It doesn’t matter if they are still in Beta. These are the basic needs for a website. It’s like going to work without brushing your teeth and combing your hair. You may still produce good results, but you stink and look like crap.

I’ll continue with the part two of my review soon. Without revealing any details of my next review, I suggest to those who have an account with Advertlets to change their password ASAP. You must heed this advice especially if you use the same password for all your accounts (eg. e-mail, Friendster, online banking etc.). I’m not trying to create chaos but after seeing all these shoddy amateurish work, I have reasons to believe there is a TINY / MICRO possibility your password may be vulnerable. I’ll explain later. It’s better to be safe than sorry. Until then…