Shame on you Straight Dope! What you're doing is illegal!

About This Message Board
41

Which could be because other forums aren’t using Rubicon. This could be the equivalent of a fast food restaurant claiming their food is safe after a bunch of people come down with food poisoning, because no other places have sick customers… except they source their beef from completely different places.

If other forums *are *using them, why is it the SDMB that’s the magic malware magnet?

And I am telling you that I *know *differently. I also note that you haven’t bothered to ask me who it is I know, because that allows you to cling firmly to the notion that it’s “CafePress or whatever” in a “board run out of somebody’s basement.” The site is *bigger *than this one, and I’m very sure that it pulls down a *hell *of a lot more revenue, since it supports quite a few full-time staff members (plus interns), a metric shitload of hosted videos, and a large community on a custom site.

No, my proof that you are uniquely at fault is that I *literally cannot find a single other major community *that has users making regular complaints about malware for over a year. If you go back and read the threads I linked, you will see that a year ago, people were already making claims that the SDMB is full of malware and that’s just the way it is. Note, I am not saying that is accurate, simply that the issue had already reached that level of public perception.

The point is not about general intrusion and isolated breakouts. The problem is that the SDMB’s ad servers have had a pattern of repeatedly and consistently letting through malicious content that harms the people who enjoy your site.

Other sites are clearly able to operate successfully without making this compromise, while you simultaneously claim that you have no choice but to continue to accept ads that you have no way of guaranteeing are safe. Do you understand how that is seen as being incredibly disingenuous? When I make an offer to reach out to friends who operate a larger site than this to find out how they do their advertising and merchandise and you don’t even acknowledge it, do you see how that gives a very bad impression of the level of effort you are putting into solving this problem?

And so, for the nth time, I will *again *ask you the questions you keep completely ignoring:

If you don’t yet think this is a dangerous level of contamination, can you put a solid number on how many more infected users or outbreaks you will consider acceptable before you would consider that Rubicon can’t or won’t screen their ads to keep your users safe?

If this is such a common problem, can you show me even one other site that depends on ad revenue that has had repeated waves of complaints from its users?

This site, and your column, is dedicated to fighting ignorance. I just want you to act like it. Put concrete evidence in front of us, and start taking advantage of the experience and connections of the wide range of people you’ve attracted to this community.

Yes, because it’s relevant, i.e., I’ve had experience with what I’m talking about. You may notice, for example, that **Qadgop **will mention he’s a doctor when he’s talking about medical things. If you’re really curious, since you seem to bring this up a lot, you can PM me and I’d be happy to tell you where I used to moderate and provide you with a link to my profile there.

42

Do you have any non-circular evidence to support this?

43

For my money, this is one of the most poorly managed messageboards I frequent, and I’m pretty generally appalled at the magnitude of some of your technical problems.

That’s aside the point though-I’m mainly posting because this seemed as good a place as any to mention that, having several days ago caught my third major virus infestation from the SDMB, which ultimately forced me to reformat my computer and wasted a good 5-6 hours rebooting it, I’m finished- the hell with this place you guys can have it.

Goodbye!

44

No, please, wait! You forgot your umbrella.

45

Coming from a person who pays nothing for the privilege of posting here, this is pretty funny.

46

Did you literally stop reading my post after that sentence? It feels like you must have. There are two possibilities:

1.) Other communities are not using Rubicon. In which case, the fact that they aren’t getting infections from Rubicon is meaningless.

2.) Other communities are using Rubicon. In which case, why aren’t their users being infected at the same rate as the SDMB’s?

Technically, there’s also a third option:

3.) Other communities are using Rubicon, but they’re the sort of unsavory sites where people expect to get infected anyway, so they don’t complain about it when it happens (e.g., free porn sites). In which case, is that really the level that **Ed **would like the SDMB to be included in?

47

Have you shown any evidence that Rubicon-served forums are not being infected at the same rate?

48

That’s exactly my point–we don’t *know *who these mythical forums are. We’re just being told, “Everyone has this problem.” Except that the “evidence” for this is just vague articles about there being more malvertising now.

So I am asking for concrete evidence that other communities *are *having these same problems, like is being *claimed *as an excuse for why the SDMB continues to use ad servers that demonstrably can’t keep out malware. So far, we have had a lot of claims that this is a “common” problem in communities like this, with zero direct evidence of that (i.e., threads, blogs, or articles about repeated infections in specific communities and how they’ve been dealt with). Instead, we have a handful of articles about the generally increasing prevalence of malvertising, and a lot of people like me who are pointing out that none of the other communities where we’re active are having these problems. You don’t find it at all interesting that not one single person, AFAIK, has come forward to say, “Oh yeah, I post over at Big Site X, and they have this problem, too”?

Imagine there’s a restaurant you like a lot. One day, you find a hair in your soup. When you mention this to your friends, you find out that some of them have been finding hair in *their *soups, too. When you talk to the manager, he apologizes, and says he’ll talk to the cooks about keeping their hair tied back. You go back for dinner, and again there’s hair in your soup. The manager says he’s working with the kitchen, but he also tells you that people shed an average of 100 hairs per day, and that all kinds of other restaurants have a lot of hair in their soup, too. When you point out that you and your friends don’t find hair in your soup at other restaurants, the manager gets all huffy and says that it’s your job to prove that every other restaurant doesn’t have hair in its soup, not his job to prove that they do. You repeatedly ask him how many more hairs patrons have to find in their soups before he’ll consider finding a new cook to replace the one who can’t figure out how to operate a rubberband, and he sticks his finger in his ears and hopes you’ll go away.

Does that sound like a restaurant you want to keep eating at?

49

So it is your position that, out of all the forums served by Rubicon, the SDMB is the only one getting hit by spyware? Do you have a theory for why this would be so?

50

I’m not sure who claimed that “everyone has this problem.” You asserted that the problems were unique to the SDMB and I asked on what basis you were claiming that to be the case.

51

The following may be of interest:

http://boards.straightdope.com/sdmb/showpost.php?p=13229984&postcount=9

52

Wow. It’s like you’re not even reading anything I’m writing.

For over a year, the SDMB has been hit by a string of malvertisements. Every few months, there is a new wave. It seems to all be coming from one source (Rubicon). We are told:

1.) They are working with the ad provider to resolve the issue. (True.)

2.) Malvertising is an increasing concern on the internet. (True.)

3.) Everybody else (presumably meaning: other large communities who we’d like to be associated with; not things like free porn sites) is having the same problems, i.e., the same level of infections. (Absolutely unsupported.)

4.) This particular set of ad servers is the SDMB’s only option for income. (Absolutely unsupported.)

It’s like watching someone in an abusive relationship. “He promised that this time, he wouldn’t ever hit me again. And everybody gets into fights with their SO sometimes. Some people just get mad easier.” If this ad provider were a boyfriend, we’d all be telling the SDMB to DTMFA.

Here’s a chain of logic for you, Fear.

1.) Has the SDMB been getting hit with waves of malvertising for over a year? (This is a gimme: I posted the links to prove it earlier in the thread.)

2.) If so, is this experience typical of other large communities on the internet or not? If you think it is, please provide evidence of any other community with users reporting malvertising on a regular basis.

3.) If this experience is not typical of other communities, why do you think that is?

3a.) Is it because there’s something about the SDMB that magically attracts malvertising from the same ad servers other communities use without incident?

3b.) Is it because the SDMB uses different ad servers from the other communities, or relies more on advertising than other sources of income like merchandise?

My suspicion is that it’s 3b. We’re using shitty, low-rent ad servers that pump out trash and don’t properly screen their ads. But instead of considering moving to another model, we just keep being told that this is the only option, and we shouldn’t worry, because it happens to everyone else, so this is nothing that we wouldn’t be seeing with any other site, anyway.

**Ed **is claiming that the constant malvertising is not unique to the SDMB. I.e., there is no need to change their ad providers or even reconsider the way they generate revenue, because it’s just as bad everywhere else.

My point, conversely, is that other major communities online are staying afloat–and even raking in money–without subjecting their users to wave after wave of malvertising. I have asked for even a single example of another community that is seeing the same level of attacks, and I have been rebuffed. I have asked to be allowed help connect the staff here to the staff of another, larger, more successful site, so that they might have the opportunity to learn about another model that could better serve all of our needs, and I have been ignored.

It’s hard to feel that the message is anything but, “We are too stubborn and prideful to admit that we might be wrong and there might be a better way of doing things, and if takes going down with the ship to prove it, so be it.”

Good. However…

What if this *doesn’t *fix it? Are you ever going to put your money where your mouth is and put a *solid number *on X more outbreaks in Y period of time where you’d drop Rubicon as a provider? Or are you willing to admit that you are absolutely unwilling to consider any alternative methods for making money to support this site, even if it means constantly infecting your users?

It doesn’t even have to be a *reasonable *number. I would just like to know that you have given some consideration to the idea of what criteria you’d use to evaluate whether an ad provider really was doing more harm than good. How much malware *would *any single provider have to dump on your users for you to drop them permanently?

53

Wow. It’s like you really don’t want to answer the question I asked.

Do all the other forums using Rubicon for ad serving have the same problem? if not, why not?

54

**THAT’S WHAT l’M ASKING.

We’re being told that this is happening to everybody else. I see no evidence of that. So, I’ve asked repeatedly for one other example of a community that’s getting hit with malware like this; or for evidence that other communities are using the same ad servers but avoiding the malware, which ideas as to what makes us unique in being affected.

55

Outside observer here noticing valid points on both sides, so I will pose questions to both sides:

Disclaimer: I have not had problems personally with malware on this site or any other except for those sites that fall into a particular category where I know I will be exposed to all kinds of WTD’s (web transmitted diseases) but my protection has kept me clean.
SFG:
If Rubicon is the problem, then it seems logical that one of these is true:
a) Other communities do have problems also
b) Other communities do not have problems because within Rubicon there are choices that can be made regarding the specific types of advertising, and this choice is effectively blocking the ones with malware
c) Other communities do not have problems because they have safeguards in place to detect and block ads from specific sources they have found to contain malware

Which of these do you believe is true (or other?) and do you have any data to support your position?

Also, if you can find the converse of the question posed below, sites with much lower visitor to malware complaint ratio than the SDMB, then it is a step in the direction of supporting your point.
Fear, Dewey, Ed:
If SDMB is not experiencing a larger problem than other sites in general, then there should be a site with a similar ratio of visitors to complaints, are you aware of any?

56

RaftPeople, my guess is that the reason other sites don’t have the same level of malware complaints is that they’re *not using *Rubicon or other low-rent ad servers who can’t screen their content properly. Which is more or less my point–other communities can survive and even thrive without depending on potentially malware-laden ads, yet **Ed **refuses to even consider the possibility of moving to a different system.

That’s why I keep asking for even one example of another large community that’s having the same problems and why I think it’s so telling that no one can provide one. Because if they aren’t having the same problems, then the issue really is what we’ve been saying all along–these specific ad servers. In which case, it would seem to me that the best move would be to start talking to people at those other sites to see how they generate revenue.

57

Rubicon isn’t small (I assume based on number of google hits), so someone is using them. So to add data to your position, it seems that you would want to find communities that you can show are not using Rubicon and that don’t have problems, which we can compare/contrast with the communities that are found to have problems and whether they are using Rubicon or not.

58

My contention is that the burden of proof is on the people claiming that everybody else is having the same level of problems with malvertising, since it’s a lot harder (impossible) to prove a negative. When someone says, “Everyone else is having this problem,” and I say, “Who?” and they respond, “Uhhhhh…” that suggests to me that there really aren’t any examples.

59

Who is “claiming that everybody else is having the same level of problems with malvertising?”

60

58 replies, and no one mentions the use of “your” in the title?