McAfee SiteAdvisor Blog

Each year millions of people enter the U.S. Diversity Visa Lottery (a.k.a. the “Green Card Lottery"), hoping to win one of only 50,000 permanent resident visas (“green cards") that the U.S. awards by random selection among qualified entrants. Implemented by the Immigration Act of 1990 to increase the number of U.S. immigrants from countries exhibiting “disproportionately low" rates of immigration, the program has become increasingly popular as a potential means of obtaining permanent residency status. But the chance of winning is unusually slim: In 2005, only 0.8% of the 6.3 million qualified entrants were awarded the coveted card.

With so much at stake, it’s perhaps no surprise that bad actors seek to take advantage of the Green Card Lottery to line their own pockets. We were tipped off by some SiteAdvisor user comments pointing out the misleading nature of seemingly-“official" green card lottery sites. So we decided to take a closer look.

Participation in the U.S. Diversity Visa Lottery program is free. There is absolutely no charge to download, complete, or submit the electronic entry form through the U.S. Department of State Web site at dvlottery.state.gov. Only the chosen winners are ever subject to processing fees.

But numerous Web sites charge applicants to “process" their entries to this free lottery. Prices range from $39 for a one year registration to $299 for a ten year registration. (This is strikingly similar to our recent discussion of a company charging $37.95 for free software such as Firefox.)

Now, why would anyone pay if they can enter the lottery for free? Most likely, not everyone knows that the lottery is free. And many people probably do not know where to go online to fill out the official entry form.

Search Engines Lead Users Astray

Search engines seem like a logical starting place for residency seekers wanting information about the lottery. But try searching Google for ‘green card lottery.’ The results are worrisome. Here’s what we found on February 8, 2006 on Google:

Performing a Google search for 'Green Card Lottery' resulted in many misleading sites.

1) The first page of results contains only four government sites but 13 non-governmental sites that charge fees to process lottery submissions.
2) Three sponsored sites occupy the prominent space at the top of the page – all three above the first government site.
3) The first government site gives a bare URL, without title or description of any kind, which makes it nearly useless. Few users would realize this is actually the best and most important site in Google’s results – the only site that directly provides free registration in the lottery. In contrast, the non-governmental sites, have inviting descriptions such as “The official US government program" or “Your lifetime chance to win US Visa."
4) Many of the non-governmental sites boast official sounding domain names that contain the words “official", “green card", and “immigration."
5) The second government site can’t actually help a user get a green card. Instead, and more than a bit ironically, this site merely warns users about Green Card lottery scams.
6) In order to find an official government site with an appropriate title and description, a user would have to scroll past 3 ads and 6 organic listings.

Typical users are likely to stumble onto one of these fee-based sites and assume that it offers the standard procedure for entering the visa lottery. Research indicates that users have trouble distinguishing between ads and organic results even under optimal conditions. With these fee-based sites doing everything they can to look official (even putting the word “official" in their domain names), users are at special risk of getting confused here.

Assessing Official-Green-Card.org

The home pages of some of these sites also look remarkably similar to the home page of the U.S. Department of State Web site. Compare the U.S. Department of State Web site to that of Official-Green-Card.org (SiteAdvisor Analysis: official-green-card.org):

U.S. Department of State Web site          Official-Green-Card Web site

The official-green-card.org site looks like it could actually be an official government site. Notice U.S. icons such as an eagle, an American flag, and a picture of the Capital building. The site even copies the standard style of a circulate seal in the upper-left corner. Plus, the word “official" appears in the site’s domain name and six times on its home page alone. Only at the very bottom of the page, in reduced size font, can savvy users find the disclosure “Official-Green-Card is not affiliated with or endorsed by the U.S. Government."

Despite the visual similarities between Official-Green-Card’s Web site and that of the State Department, Official-Green-Card admits differences between using the two sites in an attempt to highlight Official-Green-Card’s “advantages" over the State Department site. Are these “advantages" really worth paying for?

Throughout its site, Official-Green-Card touts the advantage that "*Winners will get FREE Airline ticket to the USA."
Certainly, a free airline ticket would more than offset the site’s entry form processing fee. But the asterisk hides the crucial fine print: not only do you need to first win the Visa lottery, but then you must win a second drawing for the free airline ticket. Although the home page alone mentions this travel reward five times, the second sweepstakes is only disclosed at the bottom of the Terms of Service Agreement:

From Official-Green-Card's Terms of Service Agreement

Hopefully your luck is sustainable.

Official-Green-Card also claims year round registration for their services as another boon to their customers, as the U.S. government only accepts lottery applications during a set two month period each year. (The 2007 application period was October 5, 2005 to December 4, 2005.) But Official-Green-Card must abide by the same timetables that the U.S. government sets for all applicants, so your entry form will not be processed any earlier if you register with them outside of the open application period. Maybe it’s worth something to get to register immediately upon learning about the lottery, rather than having to remember to come back later. But we doubt that’s worth $49 to many people.

Official-Green-Card shares Web site content and a payment engine with usafis.org, which has a surprisingly high Alexa rank of 2,255. Both sites also advertise on Google, Yahoo! and MSN paid search results, taking two of the top three sponsored results on each engine, and paying up to 50 cents per click for qualified leads that may turn into paid customers. In fact, five of the sites on the first page of Google’s search results ultimately drive customers to USAfis.org. These sites are all registered to the same physical address in New York, suggesting that a single organization is likely dominating this market.

Assessing USGreenCard-Immigration.org and Fuzzy Math

Another site, USGreenCard-Immigration.org (SiteAdvisor Analysis: usgreencard-immigration.org), takes a different selling tactic. They claim that 30% of lottery applicants are disqualified due to errors in application formatting and content. The site claims they will “look over your application to make sure information is filled out correctly" which they say “gives [applicants] a 30% better chance of winning." That’s not only illogical math, but it’s incredibly misleading too.
```
Many of these sites also justify their processing charges by claims of providing expert support. But there are many free informational government contacts and Web sites directed at assisting lottery participants. The US Department of State Web site provides contact information to Visa Services and links to embassy and consulate sites in other countries. Lottery instructions are available in seven languages and the unitedstatesvisa.gov website is available in six languages. So there’s help available for applicants who need it. Applicants need not pay USGreenCard-Immigration to get assistance.

We think the photo scanning service (offered by some of these sites) is the only service worth paying for. All entry forms must be submitted to the U.S. government electronically, yet some applicants may not have access to a scanner or digital camera. But other than that, you’re generally just paying the Web site to serve as an intermediary between you and the State Department. We suspect most applicants would be better off applying on their own.

SiteAdvisor’s Evaluation of These Sites

We’re not saying that these sites are not technically providing a service. Individuals pay intermediaries all the time to do things that could be done directly for free, like having an accountant prepare and submit tax returns to the government. But we rate these sites red due to a combination of their aggressive advertising, their potential to mislead typical users, and their risk of providing minimal value to customers.

Some people may not realize that the lottery program is free. Others may think these Web sites are affiliated with the U.S. government – especially when their color schemes, layouts, and even domain names falsely indicate that they’re “official." Still other users may not have read all of the fine print; they may mistakenly believe claims that are subject to more than a few caveats. If we can help some of these people figure out what’s really going on here, we’ll consider that a success.

We’re not the only ones concerned about this issue. The FTC and USCIS both issued alerts warning of “imposter" and “bogus" web sites, and the New York Daily News wrote about this issue too. But beyond blaming the sites for these bogus ads, we like to put the issue in context. Looking back at the Google search results, we see how users can be led astray here – and we see room for the Internet community, and SiteAdvisor, to help make things better.

We want to make sure that visitors to these sites are aware of the alternative, free option, so that they are armed to make informed decisions. As always, if you disagree with our conclusions, let us know by submitting a comment on this entry or by leaving a comment on one of the site report pages mentioned here:
SiteAdvisor Analysis: official-green-card.org
SiteAdvisor Analysis: usgreencard-immigration.org
SiteAdvisor Analysis: usafis.org

Permalink | Comments (7) | TrackBacks (2)

FreeDownloadHQ Responds

I need your help.

Let me explain. Last week, I wrote about FreedownloadHQ, a Web site that charges $37 in exchange for links to other Web sites where you can download software like Firefox for free. I received a lot of correspondence from the company over the last few days which I want to share with you in detail.

Money For Nothing

You'll recall that I paid for a lifetime membership to FDHQ in order to test their service. Here’s their response to 'Shane Keats, individual consumer' requesting a full refund:

OK. A standard 'letter of the law' style brush off sent to a single, insignificant customer.

"because the content we offer is mostly free"

They responded more completely to 'Shane Keats from SiteAdvisor':

Some things about this letter really caught my eye.

"because we provide tutorials as well as full technical support"

FDHQ must have an interesting definition of full technical support. As I showed in last week's entry at least one customer (me) was unable to get any support at all. As for their tutorials, they are nothing more than installation notes and nothing I couldn’t get from Mozilla itself.

"As stated before customer service is our number one priority. We offer our members a toll free number to contact us with all billing questions."

I attempted to get customer service for 12 weeks and with the exception of a single e-mail giving me FDHQ login instructions (which I had not asked for) I received no service at all. And despite looking quite closely, I was unable to find a toll free number anywhere on their site. I also called toll free directory assistance with the same result.

As for billing support, I wanted to ask "other questions concerning your billing or charges" but when I clicked on the link they provided, I was re-directed back to their technical support page. I wanted to “get in touch with one of our customer service representatives" but I couldn’t.

"This is why our site is called freedownloadhq because the content we offer is mostly free."

I’m not sure I know how to describe this comment. Orwellian, maybe.

All's Well That Ends Well?

I wasn't happy about the denial of a refund request, so I sent another e-mail.

I have been attempting to receive customer service for 4 months. To date, I have not received any customer service at all. In fact, not a single one of my customer service questions has been answered. Please issue me a full refund.

Finally, satisfaction:

I could interpret this refund as an expression of genuine remorse about their failure to provide customer service. Or I could interpret it as FDHQ starting to worry about the ire of the Web community they've aroused. Hmmm.

Calling All Questions

Here's where I need your help. I got an e-mail from FDHQ late last week agreeing to answer additional questions by e-mail. The possibilities are so rich, I'm not sure where to begin. Do you have any suggestions? If so, please let me know. I'll select some, add them to a few of my own, and let you know if FDHQ responds.

Permalink | Comments (9) | TrackBacks (1)

As a holiday celebrating love and relationships, Valentine’s Day often puts pressure on single individuals to snag a date for fear of spending the evening alone, in sweats, watching reality tv, and eating greasy take-out. If you’re dateless, dating services love to rub it in with emotionally charged e-mail subject headings such as “Alone on Valentine’s Day?" or “Who will be your Valentine?" The subject headings contrast with pictures of happy couples (presumably, much happier than you) smiling and embracing. With a click of the mouse (and typical payments of $12.99 to $49.99 per month), this could be you!

Filling the marketing funnel with someone else’s dirty work
Subscription fees of $12.99 to $49.99 per month give online matchmaking sites a strong incentive to cast a wide net in search of new users. At the same time, experienced marketers know they can increase their response rates through targeted messages that cater to a particular demographic segment by age, gender, or race.

So how can a matchmaking site cast a wide net and find a way to target? True.com seems to have found a way: by using e-mails collected from an adult site called khans.com (SiteAdvisor analysis: khans.com). After our bots provided an e-mail address on khans.com, we began receiving targeted Valentine’s day e-mail for True.com.

How are True.com’s Valentine’s Day e-mails targeted? Very simply: one version of their e-mail targets black singles, another targets East Indian lonely hearts, and other versions target the Asian and Hispanic loveless. (Our multi-cultural bots were lucky enough to get one of each). There's nothing wrong with that on the surface. But we wondered how True.com could know which version of its e-mails to send to which users?

3 Versions of True.com's Valentine's Day e-mails

Back to the roots and tracing the trail
Let’s trace the True.com e-mails back to the original place we signed up. At the bottom of the khans.com homepage is a link for “Free nude pics by email." Click on that, like our bots did, and you’re taken to a page requesting e-mail addresses under separate sexually explicit banner ads which are customized by race. “Free Asians in your email!" says one banner with an explicit picture and an “enter email" box. “Free hotties in your email" says another from bareblack.com.

A notice at the top of the khans.com e-mail solicitation page caught our eye:

"Almost every day I get email from visitors requesting that I send them nude pictures in their email. Unfortunatly, [sic] for a number of reasons, I just can't do that. However, I have made arrangements with some folks that do. They don't give out your email address so you won't be getting tons of extra spam."

Presumably this helpful message is provided by the site owner of RobRose Net, Inc., who registered khans.com. RobRose’s corporate site explains its purpose: “RobRose is a husband/wife team who excel at helping others use the power of the web to their benefit." Maybe. On average, we’ve been receiving a whopping 422 spammy e-mails per week after signing up on RobRose’s khans.com site. We suppose that’s to someone’s benefit, although we’re not sure who.

The Asian, Black, Hispanic and East Indian-targeted pitches we received from True.com were a direct result of signing up on khans.com. We know this because we provided a unique, one-time use e-mail address when we originally signed up there. We also received duplicate True.com Asian-targeted and Hispanic-targeted e-mails as a result of signing up on a different adult site called OhMyGoodies.com (SiteAdvisor Analysis: OhMyGoodies.com). So it appears that more than one adult site is serving as a source for True.com's targeted marketing funnel.

To trace the trail a little further, we looked at the source code on khans.com, and realized that the site was posting e-mail addresses to another site called ezgreen.com. Type that into a browser and you'll be immediately redirected to another site called adultplex.com, which is "the adult webmaster revenue source," according to their homepage. "We will pay top dollar for your email addresses," they say. Top dollar, according to their FAQs, is $1 for a "verified" e-mail.

Somewhere along the way, our e-mail address was passed to an e-mailer who sent us messages on behalf of True.com. None of the e-mails we received were actually sent from a True.com mailing address. But they all included notices to unsubscribe directly from True.com, and they all included prominent disclosures about “CAN-SPAM" compliance.

True.com's e-mail diclosures

As far as we can tell, the e-mails we received are actually CAN-SPAM compliant. After all, we did sign up somewhere, and there are prominent disclosures about how to unsubscribe. TRUE also includes their mailing address in their e-mail, which is another requirement of the CAN-SPAM act.

Trust me. Please. I have a seal.
True.com goes to great lengths to try to reassure users that it protects personal information and doesn't send spam. True.com prominently publicized its recently-earned TRUSTe Email Privacy Seal “for its dedication to strict privacy and fair email practices." In a press release celebrating it’s TRUSTe privacy seal, True.com CEO and founder Herb Vest emphasizes TRUE’s “industry-leading communication practices" and “the integrity of its email policies."

True.com's Web site certification seals

Before you dismiss True.com as being the victim of a careless media buying agency or a rogue affiliate who secured e-mails from an unauthorized source, have a look at this press release from last June, proudly indicating that the company was bringing media buying in-house. “The move [to manage advertising in-house] is part of a broader marketing initiative at TRUE to best support its sophisticated media tracking and acquisition systems. True.com arguably has the most sophisticated media acquisition tracking system in the industry," according to the company’s SVP of acquisition marketing. With all this sophisticated tracking, we wonder why True.com is not aware that porn sites are being used to seed its e-mail lists.

True.com's media-buying press release also mentioned that the company “spends millions per year in online advertising and promotion." Indeed, buying e-mail isn’t the only way TRUE is marketing online. They also buy paid search, targeting such terms as “teen chat" (where their #2 placed Google ad reads: “Chat & Hook Up w/ 1000's of Teens. 100% Free, Fun & Easy!") Based on this #2 position, a cost per click of about $0.50 (according to Google’s AdWords tool) and an estimated 190 clicks per day, that would come out to about $35,000 annually just for the one search term “teen chat" alone.

Times are tough all over
How and why did True.com’s marketing come to this?

The highly competitive online dating market has recently come under pressure as growth slows and new entrants continue to bombard the space. According to an article published today by eMarketer, TRUE has achieved fourth place in the online dating services arena, capturing almost two million unique visitors in December 2005. Online dating sites must be under tremendous pressure to acquire new customers in order to maintain or grow their share.

At the end of the day, it comes down to this: After we provided two unique e-mail addresses on two separate adult sites, we started receiving Valentine’s Day e-mails from True.com. With all TRUE's talk of sophisticated media tracking, member privacy, certification seals and the integrity of its email practices, we would have expected tighter controls from them to prevent this from happening.

Permalink | Comments (1) | TrackBacks (0)

Last week, I wrote about a site that charges people $37 to be connected to Download.com, where users can then download a copy of Firefox for free.

The article struck a nerve. It got Dugg nearly 2000 times on Digg, generated dozens of comments on our blog, and got more than a few people up in arms. I'll give our fellow warriors some well-deserved recognition at the end of this post. But let me start by revisiting FreeDownloadHQ (FDHQ).

All the Customer Service Money Can Buy

Recall if you will FDHQ's claim of what your $37 really buys you:

The software is free. You are paying for the membership to our site that provides you with location, evaluation and/or recommendation of various file sharing programs as well as utilities, online tutorials, online help and support and other tools and services for the lifetime of the membership.

Last September when Chris Dixon, one of SiteAdvisor’s co-founders, told me about FDHQ, we decided to buy a lifetime membership and keep an eye on these folks. After signing up, I started by downloading eMule, one of my favorite file sharing clients, but one with an ungainly URL. FDHQ offered it. At least, FDHQ had a link to Download.com where I was able to get eMule++ 1.2.3. Close enough for our purposes.

Next, I decided to seek out some of this vaunted customer service. Caution: Extreme sarcasm ahead.

Customer Service Gone Wrong

Here’s the first e-mail I sent FDHQ – intended to present a range of typical novice user questions about P2P filesharing:

The program is asking "allow multiple instances of eMule++?" What does this mean? What do I click? When I start the program, the first thing I see is a bunch of porn sites. I don't want porn. How do I get rid of these? i want my kids to be able to use this. Why are the same black eyed peas songs different sizes? like "don't phunk with my heart." which one should i pick? What is the difference between a file type called audio and one called archives? How do I know which of these files play on my ipod? Is it illegal for me to be downloading these songs? I didn't pay for them? Does the fact that I paid you make it ok for me to download them? Do you pay any of the artists so that they get some of the money?

Now that’s a lot of customer service to request all at once, so I was surprised to get an instantaneous response:

Your recent inquiry has been received by our Support Department. We respond to each inquiry as soon as possible, usually within 12-24 hours.

I waited 12-24 hours and then some. I e-mailed back a week later and included a copy of my previous e-mail. Again, another prompt response. This customer service is fast!

Your recent inquiry has been received by our Support Department. We respond to each inquiry as soon as possible, usually within 12-24 hours.

Another week later, I got mad.

I've been trying to get customer service to answer my emails for 2 weeks. If I don't start getting answers, I will be asking for a full refund.

Instant response:

"Mp3sharingcenter.com" wrote:

Dear Customer,

How can we help you. When sending your questions
please reply to this email....

Thanks,
Freedownloadhq.com Support

For a moment, I thought I was getting somewhere. Except. Except I wasn’t. When I looked more closely at the response, I realized it was coming from MP3SharingCenter, not FDHQ. How did they get my e-mail? Maybe FDHQ was outsourcing their customer service function. I decided to play nice. I sent a brief note with my questions appended.

Note: forwarded message attached.

Hi,

I'm still waiting for some answers to these attached
questions.

Thanks,

I waited another week before contacting them again.

Date: Fri, 21 Oct 2005 08:09:10 -0700 (PDT) From: "xxxxxxx@ yahoo.com Subject: Re: Fwd: Re: Support To: Support@Mp3sharingcenter.com Plain Text Attachment This is getting ridiculous. What did I pay for if not customer service? See below.

I still didn’t get a response. Well, the holidays were upon us and we had a product to finish. So I didn’t try again till the New Year. I asked for a full refund this time and this certainly seemed well within my rights. Here’s their response:

Dear Customer, Access the site at www.freedownloadhq.com/members/logon.asp Enter xxxxxxxxxx@yahoo.com in all lower case letters as your email address. We have verified that this is working properly. You may need to temporarily disable your pop-up blocker depending on your specific computer settings.

You have unlimited access to ALL the programs listed under the categories on the left side of the screen. Feel free to email us back with further questions or if you need specific instructions to download a program.

Thanks,
Support

This was the most customer service I’d ever gotten from Freedownloadhq.com, but it didn’t answer my question. Not even close! Twelve weeks before, I had asked how to avoid P2P porn, whether P2P is legal, and whether my FDHQ membership fee gets shared with musicians. Why did FDHQ’s staff ignore those questions and instead tell me about logins and passwords?

(Note: It appears that FreedownloadHQ no longer provides links to sites that offer file sharing client downloads, though it does still highlight “music downloads� on its home page. Also, Mp3sharingcenter.com appears to no longer be accepting new members.)

Sarcasm Aside

Here’s a church that recommends parishioners listen to sermons by downloading Windows Media Player from FDHQ.

The Kauffman Foundation suggests FDHQ as the place to download RealPlayer, to let aspiring entrepreneurs watch how-to videos.

The fact is, lots of users and legitimate Web sites get tricked by FDHQ, and I think this trickery rises well above 'caveat emptor.' Other sites with similar business models abound in our database.

• bittorent.com will sell you a copy of Bram Cohen’s software. [SiteAdvisor Analysis: bittorent.com]
• PeTSpatrol.com is a part of a related scam that penalizes lousy typists like me and steals business from the good guys at peSTpatrol.com. [SiteAdvisor Analysis: petspatrol.com]
• free-download-center.com promises “Free Unlimited MP3 Downloads, Music, Movies, Games, Software & More!â€? – all for the low, low price of, you guessed it, $37.95. [SiteAdvisor Analysis: free-download-center.com]

Our post last week generated plenty of comments, made the front page of Digg, and ended up on Shoutwire too. John Dvorak helped spread the news. So did Matthew Boedicker. Robert Accettura was outraged. So too, I assume, was Lin Magazine (None of us read Hebrew.) And we return the Google juice to others on the Web working to bring these kinds of scams to light.

Waiting to Exhale?

A lot of the forum and blog commentary focused on whether FDHQ has a legal right to do what they’re doing. We at SiteAdvisor think the issue is less about legality than about transparency. That said, it’s an important issue. I’ve reached out to people who know about these things, people in government, in the law, in corporations, and I’ll post any notable responses. If FDHQ ever sees fit to refund my money, I’ll let you know that too. But don’t hold your breath.

Correction

In an earlier version of this entry, I said that FreeRepublic.com recommended FDHQ. I was wrong. In fact, it was a poster on one of their boards who did so, and the poster was quickly corrected by others on their boards. This mistake was pointed out to me by a commenter on this blog. I regret the error and I have removed the reference.

Permalink | Comments (25) | TrackBacks (0)

Working at SiteAdvisor, we find new surprises every day. There’s always a new scam to discover and new spam filling our in-boxes. As a result of completing thousands of online registration forms that require brick and mortar addresses, we also receive piles of snailmail representing the incredible breadth of the world economy. For this second edition of Mail Call, (read last month's inaugural edition) we've highlighted some of the funniest examples and weaved them together to paint a portrait for the life of a SiteAdvisor alias, who I’ll call Samantha.

Judging by the promotional mail that arrives in the SiteAdvisor loft, Samantha could very well be a hot dog stand owner. How could we come to that conclusion?

Samantha has been receiving promotional flyers from Swine Genetics International (SGI), no doubt targeted to her self-declared interest in pig breeding. Samantha could purchase any one of SGI’s superior show pig sires.

After she found her show pig sire, Samantha would have to bring the creature down. Samantha could figure out how she’d do the deed by using one of the many promotions she receives from weapons vendors. If Samantha doesn’t feel comfortable using a Colt Auto 22 or a Double Shotgun from GunList to slaughter her prized porker, she could use her catalog featuring swords and other medieval armor from The Knights Edge. Porky wouldn’t stand a chance when pitted against Samantha and her Excalibur sword.

After Babe’s crossed over to the great pig pen in the sky, Samantha needs to turn him into a delicious delicacy so he can be used as an ingredient at her Hot Dog shack. She might well turn to her home butcher catalog from Allied Kenco Sales – which promised that it’s “Supplying Everything But The Meat."

Samantha would need to have a hot dog stand so she could take Miss Piggy to market. She could buy a hot dog cart with a full one year warranty from The All American Hot Dog Company. Samantha must work hard to make a living. According to the All American Hot Dog Company, “IF YOU SOLD 100 HOT DOGS PER DAY, YOU WOULD MAKE $26,000 A YEAR. IF YOU SOLD 250 PER DAY, YOU WOULD MAKE $65,000 PER YEAR!� We say, "Go for it, Samantha!"

Unlike SiteAdvisor, whose campaign to warn Internet users about the presence of Web safety threats is uncompromising, Samantha is a woman of many contradictions. Even though she sells hot dogs, the Vegetarian Starter Kit she received from Mercy For Animals may have convinced her to adopt a “healthy and compassionate diet." (Though apparently she still enjoys flipping through the Taxidermy Arts Supply catalog she received.)

If this Web safety thing doesn’t work out for us, perhaps we could join forces with Samantha and form an e-hot dog startup.

We respect the efforts of small businesses who advertise their products through physical mailings and are astonished by the breadth and vitality of global enterprise. We’ll continue to keep you updated on some of the more offbeat promotional mailings, samples, and catalogs we receive as a result of our unending quest to patrol the Web and make it safer for us all.

Permalink | Comments (1) | TrackBacks (2)

We are constantly amazed by the ingenuity of online scammers.

Here's one of our favorite examples. Try typing "Firefox" into the search box on Google, Yahoo! or MSN. Now check out the paid advertisement for “FreeDownloadHQ.com." On Google, you should see something like this:

Most experienced Web users know that the best way to download Firefox is to go to an aggregator like download.com or directly to Mozilla. Furthermore, savvy users know the difference between sponsored links and the main organic results to the left and below.

Not so for the casual user. Blame it on them if you must, but studies show that most users don’t know the difference between paid and natural search results. As far as they’re concerned, the highlighted ad is the “first" result.

Clicking that “first" result for Firefox brings you to this website:

In the Orwellian world of dark-alley Internet marketing, the word “Free" in the site’s title generally means you’ll be paying somehow – either with cash or spam or adware on your computer. After all, this “free" site just paid Google top dollar for my click. As always at SiteAdvisor, we ask how someone makes their money if they're paying to attract our business. Read on.

War is Peace. Freedom is Slavery.

Click on “Download" and you’ll enter a dialogue that quickly turns to money.

Yes, FreeDownloadHQ is anything but free. These guys take FREE software and SELL IT FOR $37.95 and then have the nerve to call themselves FreeDownloadHQ! (By the way, they’ll also sell you Internet Explorer, Opera and Netscape and any number of other free software programs.)

Before you blame the poor victims who fall for this scam, take a look at the next screen.

FreeDownloadHQ makes sure you see their big GoDaddy SSL certificate. How reassuring. Here’s my problem with SSL. Consumers have been trained to look for the seal but they haven’t been taught how to interpret it. I suspect that the average user, if he or she even knows what SSL is, thinks the certification is an indication of overall trustworthiness, rather than SSL’s more limited actual promise of encrypting certain communications (but nothing more.)

Typical Internet users see Super Bowl-advertised GoDaddy and they inevitably conclude, “This site must be safe." So FreeDownloadHQ is free loading on SSL, and plenty of others sites do so too. It’s a problem we in the security community created, and it’s a problem we need to address.

Money Back Guarantees

Another nugget awaits in FreeDownloadHQ’s payment screen.

Click “more," and you’ll see a puzzling definition of 100% guaranteed.

If you are within your first 7 days of our guarantee period - you are eligible for a refund of the unused portion of your membership minus a $5.99 fee, which we keep to cover the costs of processing and handling. Please allow a 10 to 15 day processing delay before the funds are returned to your account. (underlining is theirs)

Obviously these guys get a ton of refund requests, given that they are, we repeat, selling a product that is given away free by the manufacturer.

Caveat Emptor?

We’re not the first to discover the scam. Some folks in the blogosphere have caught on too. Brian Ruppert, for example, does a great job explaining FreeDownloadHQ. But read this comment he posted from someone who “bought" Skype for $52 and you realize how easy it is to fall for the scam:

I tried to get Skype through Google engine and before downloading the program I was requested to insert my personal data and to pay $52 by credit card number. I inserted all data as I supposed was for skype subscription but in reality the data inserted and license agreement was for another operator site http://www.freedownloadhq (dot) com (!) When I contacted the manipulation was too late. I tried to contact them directly but it was impossible.

I can't vouch for the merits of the particular case mentioned above. But when you dig a little, you realize just how many people feel victimized by FreeDownloadHQ. And you realize how many people, even techies, fall for it. On TechVibes, "Vancouver's Technology Community," you can find users suggesting FreeDownloadHQ. Even a moderator on TechSupportForum recommends FreeDownloadHQ. This is not a problem restricted to technical neophytes.

How do I know these aren't isolated examples? Well, a good indication of the extent of the problem is that the Firefox community itself is freaking out about it.

In fact, we wonder why even more people don't fall for the scam. After all, FreeDownloadHQ is everywhere. Type “firefox" into Amazon.com. Along with “Firefox" starring Clint Eastwood, you get a “sponsored" link to our friends at FreeDownloadHQ:

(Side note: It turns out this FreeDownloadHQ ad isn't quite Amazon's fault. Rather, these are ads sold by Google, then syndicated into Amazon's site.)

Where Are the Cops?

When you actually get to the download dialogue, look closely and you’ll see that FreeDownloadHQ is simply directing users to Download.com to get their copy of Firefox, for free of course.

Why hasn’t the FTC shut this site down? And what are users actually paying for? When I first started researching this story, I found this quote on their FAQ:

The software is free. You are paying for the membership to our site that provides you with location, evaluation and/or recommendation of various file sharing programs as well as utilities, online tutorials, online help and support and other tools and services for the lifetime of the membership.

FreeDownloadHQ said it is selling customer service, not software they don’t own. I’m not surprised that Google, Yahoo! and MSN show these ads. They lack the controversial keywords (porn, gambling, pills) that trip the search engines’ best-known filters and rules. As to why the government hasn't done anything, we'll let you draw your own conclusions

(Note: FreeDownloadHQ no longer appears to host a FAQ page. In fact, it appears that they no longer bother to explain what you're paying for at all.)

SiteAdvisor Puts the Red On

Despite the (occasionally available) fine print, users can't and shouldn't reasonably be expected to know about these scams. Nor should users be able to parse the torrent of conflicting messages: “Hey, did you hear about this cool new program? It’s free. Except it’s not really free." “That SSL cert you’re supposed to look for? It doesn’t really mean the product is safe. But don’t download unless the site has one. Why? Don’t ask. Too complicated."

If the government won’t take action, the search engines ignore the issue, and the makers of the software are too busy making real products, where does that leave ordinary users? Well, we know who the winners and losers are:

• Winner: Search engines that get paid for every click on every tricky ad
• Winner: Freedownloadhq, which gets $37.95 selling something they didn’t make
• Loser: Unsuspecting Internet users
• Loser: Creators of great products like Firefox
• Loser: Legitimate Web businesses that suffer when average users lose confidence in the Web

As for SiteAdvisor, we’re adding this scam to our list of practices that will earn a red flag for a Web site. And lest you think this is a small potatoes operation, or limited to a single scam site, try searching for your favorite freeware using our Safe Search annotations. And watch the screen turn red.

Got a new scam you want us to take a look at? Let us know through our feedback link.

Permalink | Comments (45) | TrackBacks (5)

Michael Kearns is a Professor of Computer Science at the University of Pennsylvania and was previously the head of the AI group at AT&T/ Bell Labs. He is also an Advisor to SiteAdvisor and has been an active contributor to the development of some of our core algorithms. One thing we particularly like about Michael is his broad set of interests, ranging from computer security, economics, game theory, and machine learning to fiction and the visual arts. Here we provide a lighthearted interview we recently conducted with him.

Hi Michael. Can you start by telling us a little about yourself and your interests?

I'm a computer science prof at the University of Pennsylvania, generally interested in machine learning and artificial intelligence. In the past few years I've become particularly fascinated with the interactions between economics, game theory and "traditional" computer science problems. I've also always had a left-handed interest in security --- my long-ago PhD dissertation showed a natural connection between "hard" learning problems and the RSA public-key cryptosystem. I guess someone had to do it.

How did you get interested in computer science?

Like many, I suppose it was initially through the power of programming --- the realization that with very little effort, I could get a machine to accomplish things I could never do myself. Once I learned the mathematical foundations of computer science, it seemed incredibly deep and modern at the same time, a hard balance to accomplish. Eventually I became lazy and came to enjoy proving that something could (or could not) be programmed rather than actually doing it --- the polite prefix for this is "meta".

Can you explain your view of what Machine Learning is?

Well, I'll tell you what I like best about it, which is the fact that it spans the range between very practical, powerful and widely used algorithms to fundamental insights about inference, learning and other topics in philosophy. It's not alone in computer science in this regard. But being able to trace a research idea from something as abstract as Occam's Razor --- which asserts a basic connection between learning of any kind and a very general notion of what you might call data compression --- to algorithms as useful as boosting or support vector machines, is very satisfying.

You teach a really interesting undergrad course at Penn on "network analysis" where you talk about the Tipping Point, Small Worlds, and related things. Can you tell us a little about this?

The class is called "Networked Life" and I think one of its most novel features is the fact that it is open to all majors and all levels, despite the fact that we cover fairly technical material. In the beginning we focus on those aspects of network science that are dominated by the metaphor of viral spread --- word-of-mouth marketing, fads, etc. --- and examine the structural properties of networks that aid or hinder such spread. Later in the course we move on to what I call the "dynamics of rationality" on networks --- distributed processes involving economic or strategic behavior. The class is great fun to teach, and we hold lots of experiments with the students as the subjects. I give away a lot of money over the course of the term, which the students seem to enjoy.

A friend of mine said that a good test of the importance of any new technology is whether you could imagine Oprah talking about it on her TV show. The "Oprah test" strikes me as a nice mental exercise for determining whether a technology is just for "digerati" or could ever go mainstream. Should Oprah care about Machine Learning?

Probably not in its pure form, as opposed to being instantiated in an important application. A colleague of mine once said that machine learning is the second best way of solving any problem, by which he meant that it is inevitable that as people understand specific applications, they can gradually replace the "learning" with hard-coded domain knowledge. Its power is in its generality, which is unfortunately not a subtlety I see Oprah jumping on any time soon. Now David Lee Roth on the other hand...

In your opinion, what are the most interesting current research problems related to computer security?

I'm interested in modeling the behavioral aspects of security, which is something I don't see the "mainstream" security community taking seriously yet. They tend to focus more on the technical aspects of security, both the exploits and their defenses. Many security problems have a strong behavioral or even strategic flavor --- my willingness to invest time or money in security measures may depend strongly on the security practices of those I am closely "connected" to, in a variety of senses.

Can you tell us a little bit about why you think economics is relevant to computer science?

When I was an undergrad studying CS at Berkeley in the 80s, networking research tended to focus on highly structured topologies like butterflies, grids, etc. The unspoken premise was that centralized design of centrally managed system was the norm. Today nothing could be further from the truth. At the very least, economics provides the right language to describe the most important properties of complex networks like the Internet: decentralization (in every respect), heterogeneity, incentives, competition... There's a long way to go before it has practical impact but one could argue that, whatever you want to call it, CS has no choice but to adopt "economic" thought going forward.

If you were stuck on a desert island with only 1 algorithm, which one would it be?

Anything by Christos Papadimitriou: algorithm, reduction, novel... For the unfamiliar, he's the man who gave Bill Gates an Erdos number.

Oh yeah -- what's your Erdos number?

Mine is three: Kearns to Mansour to Alon to Erdos.

Gotta work on that, Michael! Ok, now for the big cliché AI question. Do you think computers will ever pass the Turing Test? If so, when?

No, because I don't think humans could pass the Turing Test as it tends to be phrased and administered. Imagine if actual human interaction consisted of us always suspecting each other of being "just machines", and agressively driving every conversation towards the other party's areas of greatest incompetence so as to unmask them, like at the end of a Scooby-Doo epsiode... it's entirely unnatural, and ignores all kinds of social conventions people routinely rely upon. I think the Turing Test is thought-provoking at a cocktail party level but not a productive yardstick for an important research agenda.

But we do need something to replace it --- the currently established metrics of AI tend to be overly specialized.

What books are you reading right now?

A 300-year history of Philadelphia. Don't ask. But did you know that Ben Franklin invented the internet?

Ha ha. Yeah, that guy really seemed to invent everything! Speaking of books, if you recommended one book to our readers, what would it be?

Infinite Jest, by David Foster Wallace. A gripping tale of tennis, addiction, and Matlab.

Been meaning to read that one, but it's more than 1000 pages! Michael, thanks so much for your time and talk to you soon.

-- Chris Dixon

Permalink | TrackBacks (2)