Tuesday, October 16, 2007

Advertlets Round Three: A Flaw With A Spam/Hack/Bot Friendly Disposition

"Go search la. Google" That was the response I get when I asked my friend whether he was kidding after he revealed that my blog ranked third for the search phrase "Advertlets Sucks".

It does sound abit sucky, considering that they are the only local ad provider on my blog at the moment. According to Josh Lim, the previous problems with Advertlets (the login bugs) highlighted in this blog have been dealt with.

However, here am I again bringing ANOTHER bug, this time a much simpler one but no less embarassing bug. Did you know that you can actually register with Advertlets with an invalid email address? You can key in a string of garbage WITHOUT the domain name or @ and still register succesfully.

Normally, any programmer with some common sense would add in a regular expression check to make sure that the e-mail address entered is a well-formed one. And also, any tester with some common sense would make it a habit to actually test the system on whether it checks on badly formed e-mail addresses.

This flaw, coupled with a lack of Captcha, means that it really is an open invitation for anyone with half a brain to create bots to spam Advertlets' registration process. Coincidentally, Nuffnang doesn't employ Captcha as well.. so go figure on the possibilities.

Why am I writting this? Some people might say, don't sweat the small stuff but with taglines such as "Asia's First Blog Advertising Community" and "Asia's Better Blog Advertising Network" (honestly, I think these are borderlining on hyperbole) along with "pioneer" status, it's the small stuff that gets noticed the most.

I believe I'm not the only one asking the following questions and there are other harder questions being asked as well.

Where's the e-mail validation? No Captcha? What about a HTTPS login? When are you going to release your software and DROP the beta moniker? Where are my ads? Why do my bands go up and down and why do they differ in value over a period of time despite being the same band?

More on the beta moniker. I noticed as well that despite claiming that they are in a beta stage Nuffnang includes a "NO WARRANTY" clause in its Advertisers' T&C but leaves out mentioning the BETA part. This is the opposite of the Publishers' T&C whereby in addition to a "No Warranty" clause, there is a Limitations of Liability clause with mention of the program being in BETA stage. Do Nuffnang's advertisers know what they are getting into?

Advertlets has the word beta plastered to its logo, like some sort of badge of pride, they even have version numbers added to it. Almost similar to Nuffnang, I don't see Advertlets stating that "this software is in beta stage, we are still testing it (and you are helping as well) and not a commercial release, use at your own risk but do report the bugs back to us and if it screws up, you are screwed and there's nothing you can do about it..but we'll fix the bugs..kthxbai" prominently... that is what the term beta software is, in a nutshell.

I don't see why is it so hard not to come up with a BETA software agreement or T&C. It's like calling a spade..a spade.

Note: Someone actually suggested that Josh Lim should pay me a fee for testing out Advertlets, or at least contribute to my Xbox 360 fund. I don't mind the latter but I would prefer the money well spent on better testing teams as they are indispensable. This piece of advice goes to BOTH of our local ad providers.