Quechup

Quechup (kway-chup) was a social networking website that came to prominence in 2007 when it used automatic email invitations for viral marketing to all the e-mail addresses in its members' address books.^[1] This was described as a "spam campaign" and raised a great deal of criticism.

Address book harvesting

The automatic invitation of all the contacts in the e-mail address books of people who signed up to their service was controversial for two reasons:

1. Without explaining intentions, Quechup required permission to access the address book.^[2]
2. Invites were sent to all addresses in address books without permission of e-mail address owners.

This attracted a great deal of criticism^[3] in September 2007.

Reacting to the criticism, Quechup's parent company iDate Corporation made a public statement on 17 September 2007,^[4] stating that:

"Quechup was one of the first social networking sites to include such a feature back in 2005. With its growing popularity (social networks), expectations of what features a service should have and how they should work have emerged. Quechup's address check did not conform to what users now expect as the norm."

Much of the criticism focused on misleading users by hiding the nature of the feature in the 'small print' of the site terms^[5] and not specifying it in the Quechup privacy policy, which stated only, "You agree that we may use personally identifiable information about you to improve our marketing and promotional efforts, to analyse site usage, improve our content and product offerings, and customize our Site's content, layout, and services.".^[6]

While admitting the campaign was misleading, technology blogger Chris Hambly pointed out that text explaining how the feature worked was placed in normal print directly above the feature, raising the question of a user's responsibility to read what they agree to, although he noted that this explanatory text failed to clearly state what would happen.^[7]

However you view this, no matter what your opinion is on this the fact of the matter is that you should READ what the page says as it is very clear. In any case there is a link which says "I don't have an address book"!... I can only say you should READ these things clearly in the future, it’s quite simple.

In their 17 September statement, Glen Finch, Chief Technology Officer stated

"It's important to confirm a few points. That the address book checker has always been an optional feature for members, they are under no obligation to use it and we provide relevant links for members to skip it. The explanatory text as to what it entailed and the terms of its use have always been stated directly on the page. We are well aware that Internet users frequently confirm they have read and agreed to lengthy all-encompassing terms and conditions rarely having actually read them. Therefore we deliberately included the explanation and terms of use directly on the page above the feature itself to avoid confusion."

This has raised the issue of users automatically 'opting in' without first understanding what they are accepting, rather than automatically 'opting out' of questionable features.

Response

Quechup responded by changing how it operated its service and belatedly reassuring customers it was not acting maliciously, even if irresponsibly.

1. Quechup changed how its address book check worked within days,^[8] clearly giving members the option of which contacts, if any, they wanted to invite.
2. Quechup adopted Windows Live ID Delegated Authentication, enabling Live and Hotmail users to grant limited access by logging in directly on Microsoft's secure servers.^[9]
3. Quechup is a member of SenderScore^[10] the world's most comprehensive database of email sender reputation.
4. Quechup fully complies with Microsoft's Sender ID Framework for email authentication and uses SPF records.^[11]

The Quechup affair encouraged calls for open authentication through an OpenID system such as Yahoo's BBauth, which would allow a user to grant limited access to their data, without providing passwords directly to a website.^[12] Indeed, Quechup adopted Windows Live ID Delegated Authentication, an OpenID system for Windows Live and Hotmail users.

Fake invitations

In a more recent development, technology journalist Robert X. Cringely raised the possibility that Quechup may be sending fake dating invitations to subscribers that attempts to get them to sign up to a premium service. In his article, Cringely stated that it was not certain if these fake e-mails were the work of what he called a "rogue Quechup affiliate who gets a commission for sign ups" or a more sophisticated automatic spam operation.^[13]

See also

• Viral marketing
• Social networking spam
• Forum spam
• Blog spam

References

1. Saul Hansell Social network launches worldwide spam campaign The New York Times, 13 September 2007
2. Cashmore, Pete (2 September 2007). "Are You Getting Quechup Spammed?". Social Media. Mashable. Retrieved 3 March 2010.
3. Had an invite from Quechup? Jemima Kiss Digital Digest Monday 10 September 2007 GuardianUnlimited, retrieved 23 June 2008
4. The Quechup Social Networking Platform: IDate Corporation Updates Quechup's Address Book Feature Archived 1 January 2008 at the Wayback Machine Press release, Newbury – Berks – UK – 18 September 2007
5. Quetchup = Kvetchup Archived 14 October 2007 at the Wayback Machine Saturday, 1 September 2007 Digital Flotsam, Digitalflotsam.com.
6. Privacy policy quechup.com, retrieved 10 September 2007
7. Quechup And Mass Hysteria Archived 5 October 2007 at the Wayback Machine – Chrishambly.com, 2 September 2007
8. Do social network sites genuinely care about privacy? Charles Arthur The Guardian Thursday 13 September 2007, retrieved 13 September 2007
9. Windows Live ID Delegated Authentication grants limited access to users data without providing passwords directly to a website.
10. Lookup for Quechup.com SenderScore reputation database covering email senders
11. The Sender ID Framework is an e-mail authentication technology Archived 11 December 2008 at the Wayback Machine – Microsoft Sender ID, retrieved 9 December 2008
12. OAuth: Open Authentication Comes Closer to Reality Archived 11 October 2007 at the Wayback Machine O'Reilly Radar Tuesday 09.25.07
13. Robert X. Cringely Oops, you just spilled Quechup on your pants Archived 12 December 2008 at the Wayback Machine, InfoWorld, 7 April 2008

External links

• Quechup is rotten: don't accept invites – An article on Boing Boing.
• Quechup? No, Thanks – An article on Blogcritics.
• Quechup – An early blog complaint about Quechup's registration process from March 2006.