Technology, Reviews, Tutorials, Make Money Online
At first, it was DevilsAdvocate. Then it became Amateur. Soon after, it transformed itself into Reaymond.
I thought it has disappeared for good but I guess I might be wrong.
Did the devil came out from its hiding place and is doing his monkey business again?
After my review on blockoo.com, I received a feedback that suggests blockoo.com is indeed “not as safe as it should be”. Even the co-founder of the company mentioned that they were approached by two antivirus firms to reveal their source code or risk blacklisted.
It doesn’t matter if they are able to prove (using their source codes) that they do not store user’s passwords in their database. I raised a question to the founder of blockoo.com as to why did they store the user’s email and password in a cookie. That question is left unanswered up to this point.
So far, their arguments are based on trust. They bought an SSL certificate, reveal their source code to the public, boast over their “more than 350,000 users” and proudly declare that “no one saying that their password was stolen”.
I don’t buy it because of two reasons. Firstly, even though they have purchased the SSL certificate, it is not utilized at all. Traffic to their website is not automatically redirected to https://www.blockoo.com. Data transmitted is only encrypted if the user goes through the https part of the website. Therefore, their purpose of buying an SSL certificate but not fully utilizing it at all is a perfect example of Lanpah-pahlan.
Secondly, why do they need to store the user’s password in a cookie? That is simply bad practice. The password in the cookie is not encrypted at all. Therefore, it is vulnerable to outside attacks. Storing the password in the cookie is totally unnecessary. If the user wants to recheck the block list, they can easily re-enter their password.
Based on the reasons above, I join Azmeen and PsyCHZZZ’s call to urge those who have used blockoo.com’s service to change their passwords IMMEDIATELY! I am not saying that they stole your passwords but the way they handled your passwords (ie. storing your password in a cookie) means that it is possible that your password has been stolen by a third party, with or without their knowledge.
Once again I would like to add, blockoo.com is a nice service to have (for some), but has started off on the wrong foot. They should have concentrated more in building a system where user’s vital information (eg. passwords) are safely guarded.
This is not the first system that I reviewed that posses a threat to user’s password security. Well, it ain’t my password that is vulnerable. To change, or not to change, is totally up to you.
Recently, Nuffnang and Advertlets started serving CPC ads to their publishers. Unlike CPM ads, CPC ads poses a new challenge to both companies — click fraud. Detecting click frauds is not a simple task. Building an effective system that recognizes and/or prevents click frauds is even harder. They are dealing with hundreds, if not thousands of possible click fraud cases. Therefore, “manual auditing” is definitely not an option.
Since the launch of CPC ads by Nuffnang, I noticed difficulty in differentiating between a CPM and CPC ad myself. There is simply no indication on the banner ad itself or even in the email notification sent by Nuffnang. This was also felt by a slightly frustrated chic.
Suet Li from Nuffnang explained:
The reason why we didn’t notify you prior to adding the ad is because the advertisers feel that if bloggers are told beforehand, then there will be a lot of faulty clicks. Some bloggers may themselves or through their friends click their own ads which will end up driving advertising costs unjustifiably.
After some discussion with another fellow blogger, I came to realize one thing. Does it really matter if I am served CPC or CPM ads? I might be disappointed after the week old campaign has ended only to find out that I have earned less than what I thought I would (ie. I received less clicks, thus less earning compared to CPM ads). Apart from that, what other reasons would I be frustrated for? Maybe if I knew that it was a CPC ad campaign, that I would have “done things differently”?
Both Nuffnang and Advertlets’ “fraud detection system” (if any) are merely few weeks old. pikey, who are publishers of Nuffnang and Advertlets has something to say (13/6/2007 08:15:29):
In terms of CPC, there’s better transparency in Nuffnang because it lists out the ad campaign you were involved, type of campaign, CPC and the rate for it. At the moment, Advertlets is still working on the Stat page and I’m still clueles. Am I running for CPC or Cost/unique campaign? and what are the CPC rates?
Sometimes, being first doesn’t mean better.
I was asked to check out blockoo.com, which I did. In the process, I found a few interesting points about that website. So, I decided to do a review on it. I would like to caution my readers that blockoo.com is NSFW (not safe for work). You wouldn’t want your boss to catch you viewing a website that has a link that reads, “Meet the sexiest teenagers totally free iclick here!” or pictures of girls wearing nothing but bra and panties.
After some digging around, I found out that a typical message received on MSN Messenger that “promotes” the website looks like this:
hey!! you really have to check this site [website URL] it’s awesome, now you can see who blocked or deleted you :D:D!! try it right now (Y)
In the early days of operation, the [website URL] was inserted as http://www.blockoo.com/en/. However, MSN Messenger must have blocked/banned that URL from appearing in any conversation due to complaints on spamming. The URL was later changed to a TinyURL. Only recently (5th June 2007), the domain name blockadvise.com was purchased to replace the TinyURL (as shown as the screenshot in Freethinker’s blog).
From the screenshot below, you will notice that the website is infested with advertisements that links to an adult website. Considering that teenagers should make up the majority of the users of the website, the advertisements are highly inappropriate. Why I said teenagers should make up the majority of the users, you may ask? Well, who else gives a damn if anybody in their contact list blocked them? 
After being pressured by potential users claiming the lack of confidence in the services of blockoo.com (due to the fact that it requests user’s username and password without a SSL certificate), a SSL certificate was bought on 5th June 2007.
Even though the SSL certificate is in place, it is not utilized at all. This is evident from the “spammed promotion” messages sent and the fact that accessing the website by entering http://www.blockoo.com does not automatically redirects the user to https://www.blockoo.com. Users need to access the https part of the website in order to have the data transmitted to be encrypted.
I hope this is a mistake and not an attempt to allow users to continue transmitting data without proper encryption.
Another “feature” of the website that I personally feel distasteful (also brought up by PsyCHZZZ) is the “MSN Messenger user signed in alert” advertisement as shown in the screenshot below. That is in fact an advertisement disguised to look and feel the way MSN Messenger alerts the user of a contact that has just signed in. I don’t think it is illegal, just bad karma (or whatever you call it).
There are two items in blockoo.com that I think might infringe the copyright of other companies. The first item is the Yahoo smiley icon beside the text “THIS SITE DOES NOT CHANGE YOUR NICK” as shown in the first screenshot above. The second item is the “MSN Messenger user signed in alert” advertisement as shown in the second screenshot above. Is it legal for blockoo.com to copy those (I assume) without permission from either Yahoo or MSN?
My final thoughts of blockoo.com…
It is a nice service to have. However, it started off on the wrong foot by choosing a wrong method to promote the website (ie. spamming mass sending messages to the user’s contact list on behalf of the user). I believe that the majority of its users should be in their teens. Therefore, advertising adult websites in it is inappropriate.
Is this service really necessary? So what if someone did block you in their contact list? If they did, the problem could be either you or them. So what? Just move on. The world doesn’t end when someone decides to block you on their contact list.
Are you still managing your emails using email clients like Microsoft Office Outlook, Thunderbird, or Eudora? Why not switch to GMail and let it handle your emails instead? If you are ready to give GMail a go, below are the steps required to setup GMail to manage your POP3 accounts.
Firstly, sign in to your GMail account. If you don’t have an account yet, you will need to sign up first. Click on the “Settings” link as shown in the screenshot below labelled “A”. Click on the “Accounts” tab labelled “B”. Then, click on the “Add another mail account” link labelled “C”.
Insert your email address into the textfield provided and click on the “Next Step” button. Do note that you can only manage up to 5 POP3 accounts using a single GMail account.
On the next screen, you will need to modify the settings for your email account. Input the username and password for your email account. It is important to check the “Label incoming messages:” checkbox. This step ensures that each emails from different accounts are labelled accordingly. Click the “Add Account” button to proceed.
Your GMail account is now setup to receive emails from the email address you inserted earlier. If you would like to send emails using the same email account, you will need to select the option “Yes, I want to be able to send mail as …” as in the screen below.
Insert the name that you want to display whenever you send an email using this account and click on the “Next Step” button.
Before you can start sending emails using this account, GMail requires you to verify that the email address provided does belong to you. You can do so by clicking on the “Send Verification” button. Google will send you a verification email that contains a verification code and a verification link.
You can either click on the verification link, or copy the verification code and insert it into the textfield below. Click the “Verify” button to verify your account.
After completing these steps, your GMail account is configured to send and receive emails from the account you provided earlier. If you want to allow GMail to manage multiple accounts, just repeat the steps again. Keep in mind that the maximum accounts you can add is 5. If you need to add more than that, just create a new GMail account 
I’ll do a review on the pros and cons of using GMail as a POP3 mail client shortly. Stay tuned.
Stumble it!
Subscribe to my feed
Recent Comments