Well, it looks like MBL has done the right thing, and re-instated Shoemoney, and have created that TOS to boot. I’ll echo Mat Ingram’s sentiments on this one: these guys may have goofed, but they’ve acknowledged it, and they’re trying to make it right — and in a timely fashion.
So good for them.
Sometimes you screw up, but when you do, you’ve got to meet these things head on, make your public mea culpa, and (hackneyed phrase ALERT) nip it in the bud as early as possible.
Which is what Eric and his crew seemed to have done. Good for them.
What I’d like to see as well, as I’ve mentioned, is for MBL create a process where they invite bloggers like Shoemoney into the fold and get them to work *with* MBL to find exploits — and get public recognition for their efforts.
After all, it would be nice for a process to be in place when the *next* exploit is found — because like any system, weaknesses do abound, and as its popularity grows, more and more, over time, will inevitably be found.
February 24th, 2007 at 7:19 pm | Permalink
[…] Pamela Heywood puts some nice perspective on the tracking situation after examining the Google terms of service. I would like to point out to Tony Hung that he doesn't have a comments policy on the Blog Herald or on Deep Jive Interests. You really shouldn't block people from comment spamming you without some kind of ToS or policy. I wonder if he realises that it is almost impossible to use any tracking service without some conflict of interest or insecurity, and he will need something if he is going to monetize his blog. In fact I don't personally know of any tracking service or script that doesn't represent some risk or conflict. Mathew Ingram has made a fairly balanced post, but I think he like others might not be aware that Shoemoney was specifically asked not to post another exploit without giving a heads up. I would love to know what Thomas Hawk would do if someone was attacking his servers with a denial of service attack… maybe block their IP? What happens if someone was trying to hack into private data? Block their IP? Would he send them an email first asking them to kindly notify him before revealing whatever exploit the hackers discovered. I wonder how much it would cost to pay an East European programmer to come up with some Zooomer hacks and exploits, or maybe Indian would be slightly cheaper. It seems that as long as you are not looking to change the data on Zooomr, then any hacking is allowed, and providing information on how to change data or tools would also be within the ToS. Unauthorized attempts to infiltrate the Web Site electronically for the purposes of changing some part of the service are actively monitored and are prohibited. This includes, but is not limited to, 'cross-site scripting,' 'worms,' 'viruses,' and 'trojan horses.' […]