John Andrews is a Competitive Webmaster and Search Engine Optimization Consultant in Seattle, Washington. This is John Andrews blog on issues of interest to the SEO community and competitive webmasters. Want to know more?

johnon.com  Competitive Web & SEO
February 18th, 2008 by john andrews

Advancing Web 2.0 by Kicking It in the Teeth

Like most approaches to automated anything, as “Web 2.0″ advances, it gets lazy. And as users adopt Web 2.0 “styles” of publishing, they assume the risk associated with that “laziness“. All growth markets suffer periodic “corrections”, but in the case of web publishing and security, a correction can be more like a Kick In The Teeth than a helpful reminder because it comes from security breeches and hacks and attacks. Is Web 2.0 about to get kicked? Take a look at this talk on the agenda for the current Black Hat security conference:

DAjax, Web Services and Rich Internet (Flash) are redefining application security scanning challenges and strategies. We are witnessing some emerging attack vectors like Cross Site Scripting with JSON, Cross Site Request Forgery with XML, WSDL scanning, XPATH injection with XML streams etc. This presentation will cover Web 2.0 attacks, new scanning tools for assessment and approaches for Web 2.0 code analysis with demonstrations. Professionals can apply knowledge in real life to secure Web 2.0 application layer.

This presentation will focus on core Web 2.0 security issues along with assessment toolkit developed by the presenter. 1.) It is imperative to analyze Web 2.0 application architecture with security standpoint. We will evaluate real life vulnerabilities with Google, MySpace and Yahoo. 2.) Web 2.0 technology fingerprinting is very critical step to determine application security posture. 3.) Crawling Ajax driven application is biggest challenge and we will cover approaches to address this critical issue by dynamic DOM event management with Ruby. 4.) Scanning Web 2.0 application for security holes is an emerging issue. It needs lot of JavaScript analysis with DOM context to discover XSS and XSRF vulnerabilities in Ajax and Flash with new attack vectors hidden in payload structures like JSON, XML, JS-Arrays etc. 5.) Addressing assessment methods and tools to discover security lapses for SOAP, REST and XML-RPC based Web Services along with innovative fuzzing.

★★ Click to Share!    Digg this     Create a del.icio.us Bookmark     Add to Newsvine
February 10th, 2008 by john andrews

Domain Management Tools: Asking the Difficult Questions

Why ask the “difficult questions”? Well, quite simply, the difficult questions are the ones that need asking. Pretending something doesn’t exist doesn’t make it go away.

I have seen a number of positive, virtually promotional posts about dnZoom in the domain space over the past few months. Since dnZoom works with domain industry vendors via their APIs, it is understandable that domain industry players would be supportive of the company and it’s efforts. It’s a good, honest try at doing something good. Since all domainers (this one included) could benefit from a feature-rich, centralized management system for domains, the dnZoom concept is very welcomed among individuals, too. And since it seems the dnZoom people are very likeable, again, good reason for positive support. And it is now in public beta, which means it made it out of private beta, which is a very good sign.

But when I went to try the beta service, I came across this in the Terms of Use agreement (I added the bolding and font sizing to make it readable, but the ALL CAPS is how they made this section of the TOS):

LIMITATION OF LIABILITY

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, strong>IN NO EVENT, AND UNDER NO THEORY OF LAW OR EQUITY, WILL DNZOOM, INC. (INCLUDING, WITHOUT LIMITATION, DNZOOM, INC.’S EXECUTIVES, DIRECTORS, OFFICERS, ATTORNEYS, MANAGERS, EMPLOYEES, CONSULTANTS, CONTRACTORS, AGENTS, PARENT COMPANIES, SUBSIDIARIES, AFFILIATES, THIRD-PARTY PROVIDERS, MERCHANTS, LICENSORS, OR THE LIKE) OR ANYONE ELSE INVOLVED IN CREATING, PRODUCING, OR DISTRIBUTING DNZOOM, INC.’S SERVICES, BE LIABLE FOR THE LOSS OF A DOMAIN NAME, OR ANY BUSINESS OR PERSONAL LOSS, REVENUES DECREASE, EXPENSES INCREASE, COSTS OF SUBSTITUTE PRODUCTS AND/OR DNZOOM, INC. SERVICES, OR ANY OTHER LOSS OR DAMAGE WHATSOEVER, OR FOR ANY CONSEQUENTIAL, SPECIAL, INCIDENTAL, PUNITIVE OR INDIRECT DAMAGES OF ANY KIND ARISING OUT OF ANY USE OF, OR ANY INABILITY TO USE, ANY DNZOOM, INC. SERVICES EVEN IF DNZOOM, INC. HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. DNZOOM, INC.’S TOTAL CUMULATIVE LIABILITY, IF ANY, TO CUSTOMER, OR ANY THIRD PARTY, FOR ANY AND ALL DAMAGES, RELATED TO THE TOU OR DNZOOM, INC.’S SERVICES, INCLUDING, WITHOUT LIMITATION, THOSE FROM ANY NEGLIGENCE, ANY ACT OR OMISSION BY DNZOOM, INC. OR DNZOOM, INC.’S REPRESENTATIVES, OR UNDER ANY OTHER THEORY OF LAW OR EQUITY, WILL BE LIMITED TO, AND WILL NOT EXCEED, THE ACTUAL DOLLAR AMOUNT PAID BY THE CUSTOMER FOR THE SERVICES WHICH GAVE RISE TO SUCH DAMAGES, LOSSES AND CAUSES OF ACTIONS DURING THE 3-MONTH PERIOD PRIOR TO THE DATE THE DAMAGE OR LOSS OCCURRED OR THE CAUSE OF ACTION AROSE.

So there’s the clue to the “difficult question” that needs to be asked. In these days of rising domain values and increasing challenges to protecting domain assets from misappropriation, can I afford to “trust” my domains to a third party management system if I have to agree to almost complete indemnity for them in the case of error or loss, even if they knew of the problem and didn’t fix it?

This agreement says that dnZoom will not be held accountable for anything more than the cost of the dnZoom service. I am not a lawyer, but by my read it says if they get hacked or the system screws up or they have a rogue employee and I end up losing a domain, dnZoom is only liable for the cost of the dnZoom service (currently nothing). Ditto if they make a mistake that costs me a domain, or anything at all that might happen, for that matter.

I have to indemnify them completely for all possibilities. Is this the best we can do when providing a centralized management service for domains, and if so, is it ready for prime time adoption?

I have to ask myself, “If there is enough risk associated with such a centralized system that they need to build in that all-capitalized indemnity clause to protect themselves, don’t I as a domainer have an equal obligation to protect myself?”

And how could I do that? Maybe I am missing something. Maybe I should have some other insurance in place, or some other way of covering myself for a problem arising from the use of a central system like this, so do let me know if you have such knowledge. I am only concerned because they built that clause into their agreement… otherwise, I was about to trust it with a free trial.

Unfortunately this post will probably get me dropped from a few blog rolls, and hurt my chances of getting a free pass to the next domaining event (or even an invitation, I imagine), but that’s ok. I’m more comfortable honestly asking difficult questions than keeping quiet when I feel like there’s a problem lurking. I’m really hoping someone can show me it’s just legalease and nothing to actually worry about?

★★ Click to Share!    Digg this     Create a del.icio.us Bookmark     Add to Newsvine
February 10th, 2008 by john andrews

Do You Recognize Today’s (tomorrow’s) Affiliate Marketer?

Yes, I did suggest that affiliate marketing is an upcoming opportunity. No, I am not crazy. But I may have been crazy to assume some of the evolution of affiliate marketing was obvious, because it is apparently not obvious to everyone. What about YOU? Do you, or even can you recognize today’s evolved affiliate marketers?

Affiliate Marketing is the endeavor of partnering with companies to deliver conversions to their commerce engines, whatever those are for that vendor. As an affiliate you assume a responsibility for reaching a market, under a set of guidelines that often includes restrictions. Success is rewarded via a performance model (a commission on sales, a per-signup payment, or a percentage of recurring sales for example). A vendor may decide to bring on affiliates to approach a new untested market, rather than extend its own established marketing efforts in that direction at this time. Those affiliates go after the previously untapped traffic opportunity and deliver it to some engine set up by the vendor to convert (or at least try to convert) it. The affiliate marketing model is very simple, yet not as simple as some might think. There is a lot of business behind that model, and a good deal of opportunity beyond the obvious “get other people to promote our product and send us leads“.

It used to be that affiliate marketers were very simple-minded partners. They signed up and promoted affiliate links, sending traffic to the vendor’s landing page. Each month the vendor tallied up the sales assigned to that traffic, and cut a check to the affiliate for the commission. Networks like Commission Junction and Link Share started with that model, aggregating affiliate marketing opportunities under one management umbrella. Many, many web publishers still follow that model. But that is NOT what I referred to as Today’s Affiliate, and that is not the affiliate marketing model I suggested is evolving and looks like a real opportunity going forward…well, it is, actually, but not exactly. Not as that looks on the face of it. I suppose it USED TO BE, but has evolved. Have you evolved with it?

In case you missed it, the web has grown up. If you are still publishing pages and inserting affiliate product links as a way of existing as an “affiliate marketer”, I suspect you missed a good deal of the business that is the Internet. Time to catch up. To start, let’s see if you can recognize how your affiliate marketing skills fit into a modern monetization effort you may not recognize as affiliate marketing. Take a look at utest.com, currently promoted on TechCrunch and other places as a new startup applying crowd sourcing to the problem of software testing.

UTest.com gathers a social community to test software for “bugs”. Users who find bugs get paid (on a per bug basis) for their efforts. “WHAT A GREAT IDEA!” shouts the over-caffeinated Web Too blogosphere. According to UTest, the market for bug-finding is billions big. According to TechCrunch:

…recruiting a userbase of testers should not be difficult. There are droves of potential testers in countries such as India, China, Russia, Bulgaria, Estonia, etc. Also, getting hired through sites like oDesk, Elance and RentACoder is becoming increasingly difficult due to the growing number of service providers. These same individuals can theoretically provide testing services instead of programming.

Do YOU see the opportunity for affiliate marketing in UTest.com?

Notice the most obvious… payments to bug testers will be made via a “uTest Debit card” which is a fee-based credit card. You pay $10 to get a card, so that you can get paid. That’s right, if you want to get paid, you have to participate in a non-free credit card program. Did you know credit card affiliate programs pay $50, $80, $125 and even as much as $200 per sign up? If you have ever participated in credit card programs you know that there are fees associated with them… per transaction, per deposit, annual renewal, ATM use, virtual card number accounts, the float on the required minimum balance, etc. All opportunities for monetization.

As a credit card affiliate, you would know how those fees can be adjusted over time to impact profitability, right? Payoneer is… get ready for it… an affiliate of MasterCard. Starting to understand? I have one of these online debit cards from an affiliate program I joined years ago. It was free… fee paid by the affiliate program. Now it costs me $35 per year. Transactions were paid by the affiliate program… but now cost me $2.50 each. ATM withdrawals were free up to a daily limit, with a maximum number of allowable withdrawls per month. There is a now an ATM fee, and all of the limits are lower. It used to have a free virtual credit card associated with it, which I could managed on line. That is now available for a separate annual fee, with a separate set of restrictions on use. I still have that account, and I pay all those fees, because this thing is damn convenient. I never would have accepted it initially had I known the expenses associated with the convenience. And the vendors involved know exactly how much money I have been making as a Super Affiliate of the programs that pay out through that card (an amount which, coincidentally I’m sure, has been declining over time as that market has become more competitive). I’m hoping you get the idea.

Less obvious than something like the financial float on the debit card (the interest earned on all of those dollars sitting in the accounts as the “minimum balance required”) is the good will effort float. That is the value of the unpaid activity contributed by participants in the community like uTest. If you have ever developed good software, you know that most “bugs” are discovered in development, because testing is performed at every step of the development process. True software development includes concurrent software test development. While every “bug” found is not necessarily fixable right away, it is addressable. It can be considered for risk management… some need to be fixed immediately, others need to be evaluated for the value of fixing now versus later. Many known “issues” are put off to “the next revision”.

So true unknwon software bugs are not as common as might be believed by those who have not been through that process. And uTest pays for BUGS. In other words, every time you find something wrong, it is not necessrly a bug and won’t necessarily involve a payment. Your discovery of the “glitch” and your reporting of the particulars of your discovery (browser used, conditions to reproduce, entry into bug tracking database, etc) has significant value to the software developer, but doesn’t have any value at all to you because it won’t earn a payment. See the opportunity? You work, they get the value. I can see the testimonials now… “I reported a bug in WebTooSoftwareBeta and got $100! from the uTest program. Sweet!” No mention of the 120 hours spent documenting 47 glitches which in the end were already known, or considered collateral effects of an already known bug, and worthy of zero compensation.

Still less obvious but revealed by the TechCrunch observation is the opportunity for global outsourcing. While the Web Too crowd says “neeto!” and dreams of getting paid to fly the next Firefox alpha on their new Mac (turning their Cinema Display into a tax deduction), the world’s outsourced workforce lines up to turn those dollars into pennies. Numerous affiliate opportunities exist in the outsourcing market as well as the labor market. American’s signing on with dreams of earning money testing software are targets for numerous old-school affiliate marketing offers in the job world, the tech world, the work-from-home world, the education and training markets, etc. Hit them with University of Pheonix offers before they realize they can’t compete with workers in India doing manual software testing, right? But collect those email addresses and demographic data… what kind of computers they have, how often they log in, because the modern affiliate opportunities will value that very much. Seen the latest valuations of Facebook? All because they know about you and have your attention.

Affiliate marketing is not what it used to be. uTest is a real business, and I don’t mean to suggest otherwise, but rather to use it as a (fictitious?) example of what modern affiliate marketing looks like. That TechCrunch promotion of uTest? Affiliate marketing, no? What was that worth? How would that get negotiated, and paid? Business, baby. The Internet? It’s bidness, baby, as my New Joisey friends would say. (Update: the CEO of uTest.com has commented…see below)
I just got an email offering me a 50% discount on a conference registration I would normally go to, if i sign up using the affiliate code. What will that pay out to the marketer? Well, the commission on a $2000 reg fee probably started at $800 and with the 50% discount applied it’s probably now worth $200 or so to the marketer. The old-style affiliate marketers are now touting such “big ticket opportunities” as the way to get rich in affiliate marketing. Truth is, we’ve evolved. The uTest community is just one example of spending a million dollars of other people’s money to build something that will monetize beyond tens of millions as a defensible business, via numerous avenues, using nothing more than the same web technologies, social media, search engine marketing, and clever monetization tactics YOU have been using for years as a small-time affiliate marketer. It doesn’t have to start that big… most of these started small as an earlier incarnation of the same innovative affiliate marketing vision… a modern affiliate marketing vision not concerned with debates about the value of reciprocal links or the potential to sell $49 ebooks, link to 5% payouts from Amazon.com or even $300 last-minute conference registrations.

Perhaps most telling about the future of affiliated marketing is this here post. As I look back and scan for typos, I am cognizant that well-known Internet marketers will gasp at the density of this post. No pictures… tsk tsk. Too long. Too many words and sentences. Too many ideas for one post. Not search optimized; doesn’t prompt the reader to act on a click; too abstract for the common reader; not “diggable”; won’t get bookmarked etc. And I don’t care. I don’t care about any of that old-fashioned stuff, because relative to the bigger mission they don’t matter. I’ve got a different target in mind, and it’s got nothing to do with $0.35 AdSense clicks or $45 affiliate payouts or even $500 sponsored blog post payments. Yes, it involves SEO and search marketing and modern affiliate marketing. And those who are my targets, know exactly what I mean. Which is all that matters, right?

Update: Received a communication from Doron Reuveni, the CEO of uTest, regarding uTest’s status as an affiliate.

Doron Reuveni wrote:

Hi John,

I am the CEO of uTest Inc. A company mentioned in your affiliate marketing article. Wanted to set the record straight and let you know that uTest is focused only on application QA and testing and is not involved in any affiliate program . We chose the debit card approach since this proved to be the most cost effective way to pay our GLOBAL community of testers. Due to the high demand from our testers we will also be offering Paypal as an alternate option for payment in our next release. You should also be aware that we actually subsidize for our testers the loading fees and mailing fees associated with the Payoneer Mastercard debit card.

You can read the exact details on our blog http://blog.utest.com/ I would appreciate if you will mention this comment in your blog.

Thank You
Doron

★★ Click to Share!    Digg this     Create a del.icio.us Bookmark     Add to Newsvine

Competitive Webmaster

Wonder how to be more competitive at some aspect of the web? Submit your thoughts.

SEO Secret

Not Post Secret

Click HERE



about


John Andrews is a mobile web professional and competitive search engine optimzer (SEO). He's been quietly earning top rank for websites since 1997. About John

navigation

blogroll

categories

comments policy

archives

credits

Recent Posts: ★ Do you want to WIN, or just “Be the Winner”? ★ 503: GONE ★ Cloud Storage ★ Identity Poetry for Marketers ★ PR is where the Money Is ★ Google is an Addict ★ When there are no Jobs ★ Google Stifles Innovation, starts Strangling Itself ★ Flying the SEO Helicopter ★ Penguin 2.0 Forewarning Propaganda? ★ Dedicated Class “C” IP addresses for SEO ★ New Domain Extensions (gTLDs) Could Change Everything ★ Kapost Review ★ Aaron Von Frankenstein ★ 2013 is The Year of the Proxy ★ Preparing for the Google Apocalypse ★ Rank #1 in Google for Your Name (for a fee) ★ Pseudo-Random Thoughts on Search ★ Twitter, Facebook, Google Plus, or a Blog ★ The BlueGlass Conference Opportunity ★ Google Execs Take a Break from Marissa Mayer, Lend Her to Yahoo! ★ Google SEO Guidelines ★ Reasons your Post-Penguin Link Building Sucks ★ Painful Example of Google’s Capricious Do Not Care Attitude ★ Seeing the Trees, but Missing the Forest 

Subscribe

☆ about

John Andrews is a mobile web professional and competitive search engine optimzer (SEO). He's been quietly earning top rank for websites since 1997. About John

☆ navigation

  • John Andrews and Competitive Webmastering
  • E-mail Contact Form
  • What does Creativity have to do with SEO?
  • How to Kill Someone Else’s AdSense Account: 10 Steps
  • Invitation to Twitter Followers
  • …unrelated: another good movie “Clean” with Maggie Cheung
  • …unrelated: My Hundred Dollar Mouse
  • Competitive Thinking
  • Free SEO for NYPHP PHP Talk Members
  • Smart People
  • Disclosure Statement
  • Google Sponsored SPAM
  • Blog Post ideas
  • X-Cart SEO: How to SEO the X Cart Shopping Cart
  • IncrediBill.blogspot.com
  • the nastiest bloke in seo
  • Seattle Domainers Conference
  • Import large file into MySQL : use SOURCE command
  • Vanetine’s Day Gift Ideas: Chocolate Fragrance!
  • SEM Rush Keyword Research
  • ☆ blogroll

  • Bellingham SEO
  • Domain Name Consultant
  • Hans Cave Diving in Mexico
  • Healthcare Search Marketing
  • John Andrews
  • John Andrews SEO
  • SEMPDX Interview
  • SEO Quiz
  • SEO Trophy Phrases
  • SMX Search Marketing Expo
  • T.R.A.F.F.I.C. East 2007
  • TOR
  • ☆ categories

    Competition (39)
    Competitive Intelligence (15)
    Competitive Webmastering (546)
    Webmasters to Watch (4)
    domainers (63)
    Oprah (1)
    photography (3)
    Privacy (16)
    Public Relations (187)
    SEO (397)
    Client vs. SEO (2)
    Link Building (3)
    Search Engines vs. SEO (1)
    SEO SECRETS (11)
    SEO vs. SEO (1)
    ThreadWatch Watching (5)
    Silliness (24)
    Social Media (7)
    society (31)
    Uncategorized (23)

    ☆ archives

  • September 2014
  • December 2013
  • October 2013
  • September 2013
  • August 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • November 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • November 2011
  • October 2011
  • September 2011
  • July 2011
  • May 2011
  • April 2011
  • March 2011
  • January 2011
  • December 2010
  • November 2010
  • October 2010
  • September 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • October 2007
  • September 2007
  • August 2007
  • July 2007
  • June 2007
  • May 2007
  • April 2007
  • March 2007
  • February 2007
  • January 2007
  • December 2006
  • November 2006
  • October 2006
  • September 2006
  • August 2006
  • July 2006