Banning ShoeMoney
Ah-ah. Allow me to make myself unpopular again (I must follow on why I support nofollow) and let me say that MyBlogLog did the right thing in banning ShoeMoney.
If you don't know the story then here's the five second re-cap. An internet markerter, moniker of ShoeMoney, posted the details of a MyBlogLog impersonation exploit and listed details of who to impersonate. MyBlogLog banned him for that added extra. The internet cliché of other SEO and internet marketers bloggers responded with an outcry and began a boycott of MyBlogLog.
I don't think it is wrong to post about exploits - though emailing the details to the effected service is the responsible thing to do. I do think posting the details of who to attack/effect/impersonate through the exploit is wrong.
Let's scale this up to the extreme. I find doing that sometimes helps to bring clarity. I know how credit card fraud works. It's an exploit of the system not of the technology. You, of course, need the details of the person you need to impersonate (one of the reasons I have a shredder at home), the credit card numbers and a list of internet sites that'll deliver to addresses that don't match the credit card billing details. There. It's not wrong to run through that scenario. If I list credit card numbers for "Mr John Smith of 123 Example Street, Exampletown, UK" I am now in the wrong. Even if Mr John Smith's own information security is dreadful and you could easily find out his details yourself - I would still be wrong for posting them here.
We can scale this back down again. Hotmail had a vulnerability which let people log in to any account if they had the URL unique to that account. Posting about that vulnerability isn't wrong. If I posted your Hotmail URL while the exploit was open and made it easily possible for people to log into your Hotmail account - I am wrong.
ShoeMoney shouldn't have posted the MyBlogLog unique IDs for those internet celebrities. I'm sure one of the reasons he did so was as proof of concept. Another reason was also to "ping" these people by mentioning their names and maximize the coverage of his story. Yet another reason was to pick famous names to help sensationalise the story.
It's worth pointing out that MyBlogLog have said they were wrong to keep ShoeMoney banned after they had fixed the exploit. ShoeMoney is no longer banned.
When you have a good story then there is that urge to sensationalise things. Reporters have guidelines and editors. Bloggers only have their sense of responsbility.
If you have a popular blog - and ShoeMoney's blog is popular because it's good - then , in my opinion, you have the extra responsibility that comes with that. I don't feel that ShoeMoney (who I don't know from Adam) was malicious at all. I just think he got this one wrong.
The reaction of the blogosphere is interesting too. It's easier to poke sticks at MyBlogLog now they're part of Yahoo. Even if you're an influential blogger you're unlikely to get any special attention from Yahoo. Why woo them? However, you could enjoy links, support and promotion from ShoeMoney (who's certainly influential) if you side with him. The more dramatic your support for ShoeMoney then the more likely you are to attract ShoeMoney's thanks and to be cited in third party posts (like this one) about the drama. Once again we can see how bloggers benefit from sensationalising things.
I think rather than rounding on popular targets (any of the main search engines) and jockeying to make contacts responsible bloggers should encourage their peers to be responsible. I'm trying to do that here.
Guys; be responsible.
If you don't know the story then here's the five second re-cap. An internet markerter, moniker of ShoeMoney, posted the details of a MyBlogLog impersonation exploit and listed details of who to impersonate. MyBlogLog banned him for that added extra. The internet cliché of other SEO and internet marketers bloggers responded with an outcry and began a boycott of MyBlogLog.
I don't think it is wrong to post about exploits - though emailing the details to the effected service is the responsible thing to do. I do think posting the details of who to attack/effect/impersonate through the exploit is wrong.
Let's scale this up to the extreme. I find doing that sometimes helps to bring clarity. I know how credit card fraud works. It's an exploit of the system not of the technology. You, of course, need the details of the person you need to impersonate (one of the reasons I have a shredder at home), the credit card numbers and a list of internet sites that'll deliver to addresses that don't match the credit card billing details. There. It's not wrong to run through that scenario. If I list credit card numbers for "Mr John Smith of 123 Example Street, Exampletown, UK" I am now in the wrong. Even if Mr John Smith's own information security is dreadful and you could easily find out his details yourself - I would still be wrong for posting them here.
We can scale this back down again. Hotmail had a vulnerability which let people log in to any account if they had the URL unique to that account. Posting about that vulnerability isn't wrong. If I posted your Hotmail URL while the exploit was open and made it easily possible for people to log into your Hotmail account - I am wrong.
ShoeMoney shouldn't have posted the MyBlogLog unique IDs for those internet celebrities. I'm sure one of the reasons he did so was as proof of concept. Another reason was also to "ping" these people by mentioning their names and maximize the coverage of his story. Yet another reason was to pick famous names to help sensationalise the story.
It's worth pointing out that MyBlogLog have said they were wrong to keep ShoeMoney banned after they had fixed the exploit. ShoeMoney is no longer banned.
When you have a good story then there is that urge to sensationalise things. Reporters have guidelines and editors. Bloggers only have their sense of responsbility.
If you have a popular blog - and ShoeMoney's blog is popular because it's good - then , in my opinion, you have the extra responsibility that comes with that. I don't feel that ShoeMoney (who I don't know from Adam) was malicious at all. I just think he got this one wrong.
The reaction of the blogosphere is interesting too. It's easier to poke sticks at MyBlogLog now they're part of Yahoo. Even if you're an influential blogger you're unlikely to get any special attention from Yahoo. Why woo them? However, you could enjoy links, support and promotion from ShoeMoney (who's certainly influential) if you side with him. The more dramatic your support for ShoeMoney then the more likely you are to attract ShoeMoney's thanks and to be cited in third party posts (like this one) about the drama. Once again we can see how bloggers benefit from sensationalising things.
I think rather than rounding on popular targets (any of the main search engines) and jockeying to make contacts responsible bloggers should encourage their peers to be responsible. I'm trying to do that here.
Guys; be responsible.
Comments