The Wall Street Journal had an enlightening article a couple days ago about “The Web’s New Gold Mine: Your Secrets”.  Enlightening indeed.  And after reading this interesting piece (with a few more to come out in this series) the “lightbulb” lit up…  How many Affiliate Programs are planting beacons, etc. for the specific purpose of tracking your site visitors/audience/customers?  So I did a little experiment.

I built out a new OS load on an ancient computer.  Then visited a few known sites that are nothing more than lists of affiliate advertisements.  Nearly every network had programs on these sites (Coupon/Deal/Bargain listings w/o much content).  And what I found was shocking.  100% of the sites planted tracking cookies and beacons that didn’t come from the network or the site.  They were from the advertisers!

And the other shocking finding is that there were more pixels, beacons, and cookies set than there were advertisements!  Accounting for simple innocuous tracking (the affiliate program tracker, password save cookies, session cookies, etc.) the numbers still leave no doubt.  Some advertisers were setting multiple ways to track with a single advert.

And where does this data go?  Why, to tracking companies who accumulate specific data about specific computers and then sell the data for around $0.001/identity.  Now let’s add these numbers up.  Your average small to midsized network is displaying 5 million adverts / day (more or less, depending on the network).  Which means 5mil * .001 = $5,000.00 / day in potential revenue for doing nothing more than selling the data on open exchanges to other advertisers.  And where is the Network’s and Affiliates share in this?  Why, it doesn’t exist!  The Network is paid a retainer and a percentage of sales, and the Affiliate is paid a percentage of sales.  Neither are being paid for distributing tracking pixels/beacons of other companies.  But they’re being set.

$5,000.00/day = $150,000.00/month.  That’s alot of money.  Divided out it isn’t much money per affiliate/network.  But given that most networks have hundreds of programs and most affiliates do too.  It adds up.  And right now Performance Marketers arn’t getting paid for it.

Now, don’t get me wrong.  I don’t much care for the concept of aggregated tracking beacons.  It’s a little creepy when I look up something and then every advert I see is about that subject.  Give me the “creepy willies” when that happens.  But I also don’t like it when I work hard to promote affiliate offers on my sites and am not paid for it.  Like when an offer is setting a tracking mechanism that the advertiser is either using, or selling, without getting my fair share of it for my efforts.

I’ve started tracking my sites with TrackerWatcher and if I find an advertiser that has anything more than the network tracking set…  They’re gone.

What are you going to do?

Ever have one of “those” days?  A lot of people (Including the New York Times Co. CEO, Diane Sawyer of ABC News, New York Mayor Michael Bloomberg and White House Chief of Staff Rahm Emanuel) are waking up to discover that their iPad data was compromised.

Yup, a Gawker Article this morning is reporting that AT&T has made a mistake and up to 114000 “early adopter” iPad users data (and possibly EVERY iPad 3G users data) has been compromised.  This is big.  And every time something like this happens, I cringe.  Because somewhere, someone, who hasn’t a clue, is gonna blame Affiliate Marketers.

The Gawker article doesn’t do this.  Although, they point out that email addresses could be used for spamming.  But high profile issues like the AT&T iPad Security Breach somehow always brings out the people that have a vested interest in damaging our industry.  I can almost hear them now.  “Blackhat Affiliate Marketers are using this data to defraud people”, “Here we go, those Affiliate Marketers are gonna make a ton of money on this one”, and the like.

And yes, this damages our industry.  And it damages you.  I’ve been hearing rumblings (actually, outright calls for action) to regulate our industry.  The people who are already defrauding consumers, networks, etc., with bogus offers, willfully damaging the very programs they participate in to make a few extra bucks, use spamming techniques, etc. are going to get our industry bogged down in red tape and government oversight.

Unless we change our ways as Performance Marketing Affiliates.   I’ve always thought it odd that some Affiliates want the entire earth to see their sites except the Affiliate Managers of the programs they promote.  Just as I think it’s strange thats some Affiliates believe that they should be accepted into every Network and Program without exception or condition.

And it’s just as odd that Networks put so little information about themselves out there with the notable exception of every offer they have is “High Paying” and has “Highly Converting” associated with it.  The key to ridding ourselves of the frauds and exploitation scams that are being associated to us is to get transparent.  Share information, share knowledge, share (privately when needed) nearly everything with each other.  That way the fraudsters will be weeded out while the rest of us will have a clearer, more level, and less competitive playing field.

Just as it would have been much better if AT&T had discovered this problem first, contacted iPad owners first, and tackled it head on before Gawker disclosed it.

UPDATE – MacWorld is reporting that Google has fixed their error.  The examples I tried today are indeed invalid now.  Pretty fast action on Googles part.  And as much as I like Google it befuddles me as to how this type of error could have gone unnoticed.

http://www.macworld.com/article/143383/2009/10/googlevoice.html?lsrc=rss_main#via-feedly

I saw a disturbing twitter from @graywolf this morning.  Michael Gray (www.wolf-howl.com) let loose with the discovery that the Voicemails in Google Voice are indexed.  That is to say, you can find peoples voicemails and listen to them.

This isn’t pretty.  I know of at least 100+ Affiliate Marketers that are using Google Voice as their primary public business phone number.

Don’t believe me?  Well, I’m not going to teach you how to eavesdrop on others.  But here’s a screenshot of a Google search that shows Voicemails.  I’ve wiped out segments that give away how to do the search.  You wouldn’t want me to give away how to listen in on your voicemails now, would you?

So, what to do?  If you have a Google Voice account go delete all the voicemails you don’t need anymore.  If they’re gone, noone can listen to them.  And keep up with the news on Google Voice.  Check your account online a couple times a day and take care of any voicemails you receive.  And when leaving a voicemail yourself, don’t put any information in it that you wouldn’t want the world to know about.

This is bad for Google.  If they don’t handle this fast they could risk all the good news about the Droid phone (which uses Google Android) that is getting ready to go more than viral.  Let alone having people listen to a voicemail from your doctor telling you that test was positive (yes, I went there).

Affiliates Beware…  If your using a Thawte “Web of Trust” email certificate November 16th is the last day.  Thawte is discontinuing their “Web of Trust”. But that’s not all.

Loads of Java applications use the Thawte Web of Trust.  Which I would imagine (and have only found two examples, but hey, Google it yourself) could include a large number of feed tools, widgets and the like.  And these are exactly the kinds of applications Affiliate Marketers use an awful lot of.

The “be aware” part of this is that you may be using a Thawte Web of Trust item and not even know it.  For example, if the developer/provider of that data feed widget was using a Thawte Web of Trust certificate and they don’t read this blog (or Slashdot, it’s the only two sources I’ve found so far).  November 16th could roll around and the widget may just stop working.  Not good.

So, if your using a Thawte Web of Trust personal/email/etc Certificate you need to read the FAQ about it (that link is a Google Cache BTW…  Thawte’s site is being hammered from Slashdot right now).

Is this the end of the world..  No.  It’s just time to be a little bit careful and check things out.  You’d hate to have features of your affiliate sites go down because of a Thawte Web of Trust Certificate failure on November 16th.

BTW…  If you have a Thawte Web of Trust Certificate read that FAQ!  You can get a free Verisign Certificate to replace it (looks like it’s good for a year).

Slashdot Article about Thawte discontinuing Web of Trust

In my normal weekend I don’t blog…  I research for the blog.  Which generally consists of reading 50-60 newspaper indexes, a fair amount of Google News, and visiting a big list of research sites.  This week it was the news that got my attention.  So much so I’m blogging on a Sunday morning.

The Government is targeting you if you are an Ebay seller or Ebay affiliate.  And no, not for income taxes (everyone is targeted for that, and if your not paying your taxes, you deserve what you get).  No, I’m reading about the Consumer Product Safety Commission.  I’ll explain.

A new law was passed after all those lead bearing toys came into the US from China.  I know you know about that.  The 2008 Consumer Product Safety Improvement Act was passed in response with tough regulations governing the sales of new and USED toys.  The CPSC has implemented a program called the “Resale Round-up” which is intended to stop the sale of used products that could contain anything prohibited under the new law. Resellers caught selling anything on a huge list of identified products face fines of up to $100,000 per infraction and up to $15 million for a related series of infractions.

Now, according to the CPSC these rules are intended for large resellers.  And one of the largest I would think would be Ebay.  And in turn, who do you think Ebay is going to put pressure on…  That’s right, sellors and affiliates (EPN).

So, if your selling a toy from the mid 70’s that’s on the list, you’ve committed a crime.  And how are you going to know what is and isn’t on the list?  Well, the CPSC has made that easier.  You can download a PDF guide titled “Handbook for Resale Stores and Product Resellers” and an online section as well at www.cpsc.gov.

Admittedly, this isn’t “black helicopter” or “men in black” kinda stuff.  But if your selling collectibles and toys and your not paying attention to what your selling..  well, you could end up in trouble.  And the last thing an Ebay Seller or Affiliate needs is trouble.

Word to the wise…  Visit that CPSC site and do your homework.  We’d hate to hear your in trouble for selling a Barbie on Ebay.

(primary ref – New Government Policy Imposes Strict Standards on Garage Sales Nationwide )

If your processing your sales on PayPal and using that same account for personal matters, your next statement may be a shocker.

Personal accounts are now charged a 2.9% fee + 30 cents to receive payments for “Goods” or “Services”, something that was free. And there wasn’t a stand alone announcement of this change either.

But it gets better! Somehow, paying fees for something that was free makes PayPal a more “useful experience”. No, really, just see what Charlotte Hill, PayPal PR Manager had to say about it:

“We didn’t want to make a huge formal communication out of this pricing change, because we weren’t really adding any fees, and we were hoping it would be a more useful experience for people.” — Charlotte Hill, PayPal PR Manager

They didn’t announce the change because it would be a more useful experience. PayPal’s director of product marketing, Heinz Waelchli was also doing his best imitation of Xavion Glover on the PayPal blog about it too. It seems that the thought never occured to PayPal that affiliate marketers are generally sole proprietorship businesses. Meaning that there isn’t a seperate checking account, business entitiy, etc. That both personal and business transactions occur on an affiliate marketers PayPal account. Which is both easy (given downloads to Quicken) and makes alot of sense for those affiliate marketers who are keeping things simple and building their business up to the point where they will not only need to seperate the business as an entity, but will be able to afford it as well.

The charging both sellers and receivers for transactions will bring in alot of cash for eBay Inc. which owns PayPal. But it can also backfire mightily if affiliate marketers decide to shop around and choose Google Checkout, Amazon Payments, or any number of other transaction processors.

There’s a good blogpost about it all HERE:

“There’s a sucker born every minute” PT Barnum……

A press release has been circulating about a SEO company offering free basic eval and optimization for a single keyword. It all sounds like an altruistic way to develop relationships with potential customers, etc. They even have a fairly cool domain name (www.mastergoogle.com)..

I would have tried this out on a junk site… I would have communicated with them just to see what they’re about. I would have… I would have…

BUT! (you knew this was coming, didn’t you??) To enter an inquiry about their services you MUST give them full ftp access to your website! FTP user/pass is a REQUIRED FIELD on their online contact form.

They may be completely legit, they may be well meaning, they may be nice people… But they also have created the single stupidest submission form in the history of the Internet.

Full FTP Access or we won’t talk with you????? Where (if you were not so honest) you could put in your own adsense codes, change my affiliate id’s to your own, mess with the site and possibly access my site email and control panel?

Do you think we’re NUTS!?!?

Here’s a tip… Communicate with those interested in your offer. Work through their basic needs. Develop a relationship and build a long lasting business with your prospects. Don’t just ask us to hand over control of an entire website just to get a “freebie”.

I found this first on Slashdot.. Then looking into my own Amazon AWS tracks I was even in this AWS discussion a couple days ago wondering the same thing.

The short of it is that if your running Amazon AWS with a shopping cart.. You’d better not be storing customer credit card data on it.

Jason posed the question “Is Amazon AWS PCI Compliant?” and he received two honest and to the point answers from Amazon. Which reveals yet another reason shy Amazon Payments, Google Payments, or PayPal should be used when your using AWS.

Here’s what Amazon has to say about it:

Thank you for contacting Amazon Web Services. Our payment system is PCI compliant and it is an “alternative payment processing service” meaning your users re-direct to our platform to conduct the payment event using their credit cards or bank accounts. The benefit for you is that we handle all the sensitive customer data so you don’t have to. If you haven’t looked at it, I highly suggest you check out the features and functions of our Flexible Payment Service and our Payment Widgets ( http://aws.amazon.com/fps).

As for PCI level 2 compliance, that requires external scanning via a 3rd party, PCI-approved vendor. It is possible for you to build a PCI level 2 compliant app in our AWS cloud using EC2 and S3, but you cannot achieve level 1 compliance. And you have to provide the appropriate encryption mechanisms and key management processes. If you have a data breach, you automatically need to become level 1 compliant which requires on-site auditing; that is something we cannot extend to our customers. This seems like a risk that could challenge your business; as a best practice, I recommend businesses always plan for level 1 compliance. So, from a compliance and risk management perspective, we recommend that you do not store sensitive credit card payment information in our EC2/S3 system because it is not inherently PCI level 1 compliant. It is quite feasible for you to run your entire app in our cloud but keep the credit card data stored on your own local servers which are available for auditing, scanning, and on-site review at any time.