Thursday, September 11, 2008

Exploring The Tynted Web

Here we go with Tynt, yet another startup trying to socialize the web.

Joy.

Yesterday there was a little bit of a flap about Tynt as they're running a wide open proxy on tynted.net that allows page hijacking in the search engines.

Today Tynt responded on their blog to the SEO community.

First, we understand that Tynt has the potential to impact the major search engines in ways that were detrimental to the sites being Tynted. Our community recommended blocking spiders from crawling Tynts through the use of a Global Robots Exclusion file (robots.txt) as well as other techniques to minimize the problem. We have already implemented the ROBOTS.TXT file and are working on additional solutions.
That's a noble effort but now anyone running AdSense, YPN or any other contextual network ads are shit out of luck because their bot has to visit the page to serve up the ads. This turns out to be a moot point because allowing the bot also makes the ads go to shit for other reasons explored below.

I think Tynt is missing the point that their proxy server is wide open and can be used by scrapers and other online vermin to access your site although they might be blocked by other means.

Here, try it with Google or Yahoo or whatever you want, wide open and works for anyone and is ripe for abuse including phishing expeditions, very nice.

Shouldn't that proxy only work for registered members that are currently logged in?

Just a thought, I know it's beta and you want to demo some pages, but put a unique key in the URI so that only pages requested from actual Tynt members works with the proxy and it can't be randomly exploited.

For instance, instead of allowing the raw path "google.com.tynted.net" maybe it should be "google.com.someuniquekey.tynted.net".

BTW, pass through the actual end user in your HTTP_X_FORWARDED_FOR field as we don't really find the NAT addresses of your internal servers all that useful.

Moving right along...

On their Twitter bio it says:
Tynt lets you put contextual relevance and dialog on web pages for sharing and interaction.
Listen, if I want dialog on my web pages, I'll put a comments section on the bottom of the pages, I don't need or want your help in this matter.

They clarify this further on the Tynt FAQ page:
Q. What kind of 'stuff' can I put on top of a web page?
A. There is a bunch of different things that you can do to a web page ranging from tools for research like sticky notes and highlighting text, to more fun stuff like text, speech bubbles, graphics and animations. Tynt is a fabulous tool for in context editorializing; in other words, Tynt lets you say what you think right on top of the topic you are talking about.
Lets' see, what does putting things on top of a web page mean? Vandalism, grafitti and lampooning quickly come to mind, something every business online welcomes. Several examples on their site actually show exactly this so no thanks, I think I'll keep my site out of your "stuff".

Wait, it gets even better, we get to foot the extra bandwidth bill for the privilege of letting the Tynt users download our pages just to draw horns and funny faces on our site. Fuck that.

Besides, if you Tynt a blog, forum, or twitter you're actually taking away from the value of those social mediums by breaking up and disjointing the conversation into multiple places which adds no value to the original discussion.

Here's another precious gem from the Tynt FAQ page:
Q. Does Tynt steal my traffic and therefore my revenue?
A. All Tynted web pages, including images, ads and other media all load live from the originating web server so every time a Tynt is viewed the Tynted web site get the ad revenue and traffic.
Holy misconception and major bullshit alert Batman!

Anyone using a context sensitive advertising medium like AdSense and YPN will be in trouble. This is because AdSense and YPN doesn't know their context in relationship to the tynted.net domain name and it shows a bunch of off topic garbage which won't interest the person viewing the page whatsoever.

Want proof?

Let's use a Google AdSense case study site called CoolChaser just to see how well the ads work before and after you run the site through Tynt.

The results we saw were priceless:

Gay Bears Chat anyone?

That's just what my visitors crave, they love big hairy men that like other big hairy men and just can't keep their hands off of them - NOT.

As a matter of fact, something like this happening on a family friendly website could cause a huge problem but we won't delve into those issues at the moment.

Sorry, nothing about your Beta causes this problem as this is how AdSense responds over most any proxy and even in their own cache pages so anyone relying on AdSense or YPN revenue that has traffic redirected through Tynt's proxy will probably just lose out.

One of the Tynters tweeted me:
iancheung @IncrediBILL Tynt drives more people to sites and since people make money by ad views, it actually increases revenue.
I don't see how increased revenue is possible since you can't even see the ads because they're covered up with all those goddamn sticky notes!

From the blog:
Second, site owners have requested the ability to opt-out of having their sites publicly Tynted. We’ve given this a great deal of thought...
I gave it 2 seconds of thought and blocked your IP ranges:
Tynt Multimedia Inc. (TYNTM)
204.244.109.240 - 204.244.109.247
204.244.120.176 - 204.244.120.183
Out of site, out of mind, not a problem.

But wait, they have more in store:
The reason for the gateway (and the different looking URL) is to allow us to insert the JavaScript which loads the Tynt engine for the in-context comments and conversations (and hey, if everyone installs the plug in, then there is no need for our gateway and we can save ourselves the bandwidth and effort there too!).
The end users will be doing the page loading and we'll be unable to see them or stop them from fucking with our pages.

Many webmasters take their livelihoods and reputations very seriously and don't like being fucked with so there needs to be a way to detect the use of Tynt and or a way to opt-out of Tynt before this happens or it could get very ugly.

Last but not least, Tynt has made no mention of how they plan to make money.

Do you ultimately plan on using our sites to trigger your ads?

That's when the shit will really hit the fan.

Have a nice week.

9 comments:

Anonymous said...

This very much reminds me of the late-90's Third Voice. But worse.

Anonymous said...

There is a complete database of all dynamic ip's and ip's used for surfing the web, so it simply would be unacceptable for a site like this to cause any problems of having duplicate content issues for any webmaster in major search engines with cached content of users of Tynted on their site.

Banning Tynted ip's would prevent webmasters serving the pages up via Tynted proxy server.

I agree with what your saying Bill but any serving up of duplicate content would be deliberately done by search engines in my opinion not as a result of this site. They already have the tools to stop proxy server abuse, it just seems to me that they are selective on who they implement them on.

Politics are played out in SERPS and thats the bottom line....

And even I won't sign this and won't blame you for not publishing.

Anonymous said...

Of course Bill you also have to understand the bigger picture.

If content theft and copyright theft becomes a "internet" wide problem. Then it becomes a problem for everyone so therefore why should one company suffer the consequence's, how can they control what video there users upload.....

Your be amased what a company will do to save a billion pounds....

Anonymous said...

Correction a billion dollars......

Anonymous said...

Ok, totally off topic.

Connie says you're the "nicest bloke in SEO"? haha, see? Some people really do appreciate an attitude of uhem honesty. ;-) http://www.spam-whackers.com/blog/2007/08/28/opt-in-or-blacklist/

Anonymous said...

I love it when people lack balls and post anonymously.

At 120,000+ downloads a day I wonder how long it will take before enough webmasters have my recommended ban file and effectively get this asshole off the internet?

Keep up the good work Bill. Sorry I haven't been around lately. My health has been poor again.

~gary.

Anonymous said...

On one final note, we have been very publicly accused of being ‘content-thieves’ and scraping content from other sites, storing it in our own systems, and serving it up for our own benefit and revenue. When the Tynt plug-in is used, we only ever visit the original site and all Tynt content is simply layered on top of the existing site. In the case where the viewer is accessing a Tynt through our gateway (no plug-in installed in the browser) the gateway does not access a stored version of the underlying site, but rather loads the original site (including all images, media, advertising, and so on) and displays it to the user. The original site gets the ‘hit’, the ad view and so on. The reason for the gateway (and the different looking URL) is to allow us to insert the JavaScript which loads the Tynt engine for the in-context comments and conversations (and hey, if everyone installs the plug in, then there is no need for our gateway and we can save ourselves the bandwidth and effort there too!). We hope that Tynt can prove valuable to the underlying site by creating more page views and more ad views by encouraging people to share the sites that they feel a desire to comment on. We are very receptive to your feedback on how to make this experience good for the both the user and the site being Tynted, so if you have suggestions, please send them on!

Cheers,
Derek

Zaphod said...

I found they are now using "amazonaws.com" domain names as their input addresses. Since I can't see amazon needing to go out and surf other sites, I have added the domain to ZB Block's signatures. (Updating soon)

If you are interested in GPL freeware php driven website protection, tool on over to www.spambotsecurity.com .

Thanks for the research IncrediBill!

Zap :)

Zaphod said...

Correction, there are two legit services (that I know of so far) that come out of amazonaws.com domains. One is Alexa, as Amazon owns that. The other is Postrank, which is good for driving traffic to blogs.

I have put in bypasses for these services, but ONLY if they come out of amazonaws.

I feel if some other service falsely masks as Alexa, they will be in a world of hurt from their host.