PHOTODUDE.COM

I saw the “invite” this morning as I was ready to head out the door for my Saturday morning coffee with friends and thought, “Hmm, that definitely doesn’t sound like Photodude. Wonder how he got punk’d?” Thanks for the explanation.

Punk’d indeed. Steamed, too. It feels like I’ve spent half my day responding to people to say, “no, I didn’t mean to, I’m sorry, don’t sign up.”

What coder could possibly think it would be a “Good Idea” to allow a user to send an invite to everyone they have ever emailed?!?

And if you are going to do that, make it a Big Red Button that reads Yes, I’m a COMPLETE IDIOT who thinks it would be a good idea to spam everyone I’ve gotten an email from in the past three years with a Spymac invitation.

Glad I read this before I emailed. Okay, I fell for it, but it was real early in the morning, yeah, that’s the ticket, reel early….I figured there must be something good about the site, so I signed up, thinking I would check it out later. But also wondering why I didn’t see lots of Photodude photos up there….hmmmm….

Anyway, I loaded up a photo as requested and as of now, some guy left me a comment pointing to a “It’s Saturday, want to go out?” site and three women who look 30 years younger than me “want to be friends”.

Fortunately, it was too early in the morning for me to check if any of my other gmail contacts were up there. At least I hope so.

I’m glad you had more sense (or more sleep) than I did. I’ve watched in horror today as (so far) 22 people from my contact list have signed up as a result of these spam invites and shown up on my “friends” list. Including a client. The potential trickle down from this is enormous.

Seriously exponential.

In my case, approximately 600 people on my contact list getting spammed invites results in approximately 20 new users in the first 12 hours. Let’s assume a quarter of them were as dumb as I was, and managed to have their contact list spammed as well, ad infinitum.

If we assume similar numbers of contacts/accepts for those who precede and follow me in this chain, Patient Zero generates 600 invites, and five new contact lists to exploit. Patients 1A-1E (the five contact lists from Patient Zero) generate another 3,000 spam invites, and potentially another 25 contact lists. Patients 2A-2Y (including yours truly) generate 15,000 spam invites, and potentially another 125 contact lists to exploit.

In no time at all. That’s how quickly a company can lose it’s reputation, one spam invite at a time.

I got suckered by Spymac’s invite, thinking Reid was trying to share a file with me.

One of the reasons I fell for it was this, in Spymac’s TOS, under “Account closure”:

“You can cancel your account at any time by visiting your Account settings.”

However, this appears not to be the case. The Account settings page has no option for cancelling or deleting an account.

The next graf in the TOS says this:

“If you do not follow these rules and conditions, Spymac reserves the right, if deemed necessary, to delete your account. There is no “banning” in Leapfrog. Account deletion will also remove all of the content uploaded and comments and ratings posted.”

So it appears that the only way to get Spymac to live up to their own promise and delete your account is to deliberately violate their TOS by posting spam, obscene material, etc.

Make of that what you will.

Have I mentioned I’m sorry?

Golly, I’m sorry.

Yes, when I went to the account settings page to turn off the umpteen emails I was getting whenever some German girl wanted to “be my friend,” I though, hey, let’s delete the whole account. And their FAQ clearly says, nope, can’t do that.

I tried changing the email address to a “+” address so I could at least filter it to trash. Sorry, “Not a Valid Email.”

You’re just stuck, like a fly on flypaper, watching your buddies get stuck as well. Sheesh.

Oh, I set up my profile for all my “friends” to read. Maybe that will get my account erased.

Or maybe it will take more. I must squeeze some amusement from this somehow…

Ah – I’m less confused now. But I didn’t see this before signing up. At least I didn’t give it any of my contacts! Thanks for letting me know :-)

Well, that explains it. Thanks. Trust me, you’re not the only one. I got 8 invites from 8 separate people today. Right now, everyone’s probably wondering why they got an email from me out of the blue.

BTW, how do you know if it spammed your contacts or not?

“I got 8 invites from 8 separate people today.”

Like I said, it’s exponential. Before the weekend’s over, these people may clog all the tubes on the InnerWeb.

“how do you know if it spammed your contacts or not?”

Did you give it your Gmail user/pass to “check and see” if any of your contacts are current members? If not, you’re cool. If you did, it used them to send invites.

You’ll be hearing about it, trust me. And watch for your “friend’s list” to grow. What am I supposed to do in response, spam every one of my contacts again to say “don’t sign up!”

And the way Gmail does “contacts” does not help. It just adds every address that’s ever corresponded with you. I have one client who has about seven email addresses she had contacted my by over the past three years. Every one of those addresses got an invite.

Hi Reid –

Cameron from Textdrive here — thanks for the invite, and yes, I did sign up before reading this post. :) I don’t blame you, this site is total crap.

Thankfully I didn’t give any of my GMail (et al) account details to this site. But I almost did. ;(

Sorry this happened to you!

What to do? Now I have gotten 10 emails from Spammac today. Is there no end in sight for deleting an account? I’ll follow this thread for more info.

Cheers,
Cameron

Did you give it your Gmail user/pass to “check and see� if any of your contacts are current members? If not, you’re cool. If you did, it used them to send invites.

I don’t think I did, unless it was checked by default and I didn’t notice it, so I guess I’m cool. I usually uncheck everything as a matter of course whenever I register anything, so I’m thinking I didn’t do it.

“Thankfully I didn’t give any of my GMail (et al) account details to this site. But I almost did.”

I’ve now heard from several people who had the same thing done to them. In fact, I just got an invitation from someone I know is on my contact list. Which means they got an invite, offered up their contact list to be checked, and bam, I was spammed again … since I’m on his contact list.

Sheesh. Have I mentioned I was sorry?

I didn’t use the Gmail “check and see” feature, but I can see how it’d be easy to fall for it. Reid, I certainly don’t blame you here – Spymac are clearly a bunch of lying, slimy Ponzi scammers.

I emailed tech support pointing out the discrepancy between their TOS and account settings, and asking them to cancel my account as per the TOS. We’ll see what happens.

Reid, and anyone else who had Spymac send email to their contacts, I think I’d be inclined to report it to the Gmail folks. I wouldn’t expect a response, but I don’t think they’ll look kindly on Spymac’s behaviour.

I’m reporting Spymac invitations as Gmail spam, others might like to do the same.

Reporting it as spam is an excellent idea, Alex.

You sed a word that made me do a little more looking. Let’s see if we can put some pieces together.

Deep Thought, 1/25: “Recently it was The Unofficial Apple Weblog. It’s been a while since I visited SpyMac last, so when I saw what has happened to the site, I was in shock. Like, claw-my-eyes-out-of-my-head shock. Like, I-want-to-pay-a-visit-to-the-webmaster-and-kick-him-in-the-nuts shock.”

Digg, 2/26: “Established in 2001 as a Macintosh enthusiast site, SpyMac has already made its way through five site overhauls, and now it is no longer even a Mac site! What is it now? Just another Web 2.0 social networking site.”

Finally, from PR Inside 3/15, Earn More Money on Spymac by Inviting Friends: “International Web 2.0 community Spymac pays users for uploading self-produced creative content, and now users can also profit from inviting friends to join the community. Since launching the new site in January 2007, Spymac has paid users almost a quarter-of-a-million dollars. Now Spymac takes the money-making options to the next level by paying users 10% of the monthly earnings made by each new member they recruit.”

Let’s see … popular site with high Page Rank due to former content gets sold/bought/taken over in January. Four days ago they announced that adding new friends makes money. And then, my experience of today.

Ye$, I under$tand this $ocial $ite $pymac much better now.

Thanks for writing this post. It’s been very helpful to me, a fellow Spymac victim.

I don’t know what “help” I had to offer, but you’re welcome to warm yourself at this steam vent any time.

It would appear this spam plague is growing. Let’s see. There’s a blog with no posts since June of last year. Suddenly today there’s a new post today … it’s the body of a Spymac email invitation.

Gee, I wonder how that could have happened? Could someone’s contact list have been spammed with invitations, including the moblog email address they use to send a post to be published on their blog?

Nah…

What other unintended places might these invites show up? I’m sure we’ll find out…

Meanwhile, no response at all from anyone at Spymac. I know it’s the weekend. Unfortunately for those involved, exponential spam progressions don’t take the weekend off.

I got sucked in, unfortunately. I got one email from someone else that I ignored, then yours, and the stupid part of my brain went, “huh, lots of people I know are signing up for this thing. Might as well check it out.”

And then I gave them my Gmail information. Sigh.

Don’t blame yourself, Reid. It’s counterproductive and doesn’t solve a damn thing. Save that energy to use against these bastard spammers.

When it comes to spam, this “steam vent” is more helpful than you may imagine. Usually it’s coming out of my ears and I get a call from the next room, “could you possibly keep the cursing down to a dull roar?”

If it hadn’t been for the early time change, it could just have easily been my gmail address book that was hijacked. Instead I was groggy and wondering how to make the coffee. My previous attitude toward Spymac was that I had heard of it and it sounded a little interesting. Now, I mentally associate it with spyware and the same type of people (people? bots maybe) who post comment spam. And of course there’s every businesses’ favorite, “contact form spam hijacks”. I could vent for awhile on that subject.

Hi! I was suckered by the spam and you now have a new friend. I didn’t allow it to check for friends because I was too impatient to see whatever incredible piece of multimedia it might be that you needed me to see! I should never check my emails when suffering from a St Pat’s hangover!

I have decided to read their TOS and break every rule I can and get thrown off!

Hmmm.. looks like my virus/spam filter is working well- the only one I’ve ever used was my Mark 10 Brain, and so far it’s worked to keep me virus-free since the beginning of digital time.

In my book, this is basically a virus, because it managed to reproduce itself by taking advantage of your system- in this case your Gmail contacts list.

So Reid- I emailed you asking you about it about 7 minutes after I got the SpyMac spam. Was I the first responder? :)

Todd++;

“Was I the first responder?”

Yes, you were. Second responder a few minutes after that was one of my biggest clients. By 11:30am Saturday, I knew I had a problem.

I think I got lucky. I spent my weekend working a gig (playing Irish/Celtic music in an Irish pub on St. Paddy’s Day), and was offline until I got back this evening. Reid, your little ‘invite’ was awaiting me when I signed on, but I decided to come see you first.

Glad I checked it out here; I will go back over to GMail and mark it as spam like the rest of you have done.

Reid,

I was skeptical of this email (and trying to figure out who Photodude was — I emailed you a few times about honeymooning in Charleston).

I didn’t sign up — but I did check out the site and found your site here again. I wanted to note — if you gave them your Gmail account name and PASSWORD — CHANGE your password. With this form of ethics I would definitely not want to entrust my password with them. (or pretty much any site that would ask for it other than google!)

It was weird – I got one of the spymac invites despite the fact that I don’t think you’ve ever e-mailed me or vice-versa. I only know of you (and the fact that this email was a fraud) through a friend. Can you remind me how how your gmail knows me? :)

Karen, I don’t find you in my contacts, certainly not by your current domain. Did the invite specifically say from “photodude”? If so, what email address did it go to (click my name to email it to me rather than post it here)?

I would also note I’m one of perhaps a dozen people I know who got hit by this over the weekend. This could be a “once removed” kind of thing.

I got it from you too. Fell for it (signed up).

Bastards.

Everyone: upload this image as your profile image! This should help.

“Let’s see … popular site with high Page Rank due to former content gets sold/bought/taken over in January.”

Oh, it wasn’t bought or taken over. They did this to themselves on purpose. They parlayed their high page rank and “million” members into increased ad revenues at the expense of everything good that they used to be.

Nick, hope you had a good honeymoon, and yes, I changed my Gmail password shortly after this began.

Mary, I like your graphic. And thanks to your own hard work and that of a cohort, you can simply drop the date-related elements of the URL in that graphic, for brevity’s sake. Just domain and article title will get you there. Um, here.

And while I’m sorry you got conned like I did, I’ve also noticed that many of the people who’ve been hit by this are very web savvy folks. Not the type to usually point and click their way to trouble. That’s why I think they way they do this is particularly insidious. It even sucks in those of us who should know better.

Robbie, I will have to take your word for it that they did this to themselves, rather than via “change of command.” But I don’t doubt it. It’s the type of move the reeks of desperation.

Here is the sole response I got from “The Spymac Team” today:

“The intention of the gmail invite, is to send invite’s to everyone on your gmail, yahoo, etc. contact list. This is done for the referral percentage and simply for you to invite your friends. I am sorry that you thought it was something completely different.”

I responded back in detail, but no need to go into that here right now. That was from “technical support.” I also emailed “community” and their independent PR rep. Nothing from them. But the above gives the impression that’s all I will hear, and they will continue to act as they have.

They don’t even seem to think there’s a problem.

I’ve been a member of Spymac for years – since they were a mac rumours forum. Their history is full of management blunders, but nothing can possibly compare to the current mess which alienated all of their forum members. I was also hit by the GMail address book hijacking, which was truly embarrassing as I also use my mail for work.

Unfortunately I don’t think you will get any further response – to be honest I believe the only reason you got a response at all is because your post was pointed out to members.

They are incredibly bad at communicating as Jan said.

They have been since I went to the site. I only stayed there because of the members who are disappearing fast.

I suggest reading this thread from the forum in which the problem was highlighted by JanMC:
http://classic.spymac.com/forums/showthread.php?threadid=268912&curr=0

I was merely checking the feature after seeing JanMC’s post to see how it happened and ended up sending all my contacts an email to join.

I went to the friends page and it asks if you have Gmail etc.. and asks you to enter your email address and password to check if they are members.

I did this and expected to be taking to:
http://www.spymac.com/details/?1856627
page so I could opt out or whatever but it never appeared and all my friends were emailed.

I don’t know how its implemented but it needs to change. The page said check to see if your friends are on Spymac, not mass email all your contacts!

I recommended that they let you select the friends to invite as most people have contacts they wouldn’t want to invite but didn’t get a reply in the forums.

Also one of my friends did the exact same thing as you when signing up
http://www.spymac.com/people/hoboaudio
His reaction is in the comments of his friend who signed ups profile.

They may well be a valuable site, as some of the people in the Peanut Gallery here are members. Actually, I’m a member too now, as there’s no way to quit. The best I could do was turn off the young girls contact options and set an email address of my domain that I know goes directly to /dev/null at the server without bouncing and using up further cpu cycles. The fact that they were able to hijack the address books of Reid and other very savvy people here give me extreme pause. I’m done with them. Their actions speak louder than words.

You’ll be glad to know I deleted my invite without even opening it, because A) it had the word “spy” in it and B) it said “photodude” instead of “PhotoDude”, and I assumed the name was just a coincidence.

That, and you haven’t e-mailed me for about 2 years (not that you’ve had any reason to). Seemed strange that you would suddenly come out of the woodwork to offer an invite to suspiciously-named site.

I just got the exact same kind of crap from something called tagged dot com — it appears to be the same deal, but for videos instead. And apparently they grab your address list from somewhere (gmail? Outlook? No idea.) and spam the contacts too.

I’m curious about where they grab the addresses from.

And reading up on it Tagged apparently asks people for their Hotmail login information, grabs the address book, and then spams away. Bah, scum of the internet.

Well, Johan, I guess it’s a trend. I read a blurb that Hugh Macleod wrote today that made me think of this: “When somebody asks, ‘How does this social media stuff scale’, they really mean, ‘How do I become a spammer?’”

“And apparently they grab your address list from somewhere (gmail? Outlook? No idea.) and spam the contacts too.

I’m curious about where they grab the addresses from.”

There’s a form. Here’s one from StumbleUpon:

http://img207.imageshack.us/img207/563/sugmailspamnq2.png

Clicking the others brings up a similar username/password prompt.

Sheesh. I guess it is becoming sadly common. And what may be the best way to fight it?

You’re soaking in it (scroll down and you’ll see that after just eight days this page is currently return #10 of about 1,450,000, with a nice summary)

I just got a reply back from Spymac tech support, after I asked them to cancel my account as per their TOS.

Their first response said they won’t cancel the account, and that I should simply leave it inactive. So I asked:

Once again, the TOS document present at the time I signed up said this:

“You can cancel your account at any time by visiting your Account settings.”

Please confirm whether or not that statement is accurate.

Their response:

That statement is not accurate. It is a feature we planned to add, but the implications proved unworkable. It may appear at some point, but it cannot be done at present.

I’m surprised you got a reply at all.

I’ve moved up to #9 on their Google Hit Parade, yet other than their original reply, I’ve heard zip from them.