Maybe I am being a little paranoid, but it seems to me that bloggers in general are a little too trusting with strange code they place on their blog. TNX.net is paying for reviews throughout the blogosphere and it seems a little fishy to me. Paranoid or not, I thought this post might help raise a little awareness and at least make you think twice before publishing something you're not sure about.
The Bottom Line
You should guard your blog like you guard your house. You wouldn't just give any stranger on the street a key to your house, would you? Of course not. But for some reason bloggers have no problem letting strange people execute code on their blog. Running someone else's code on your blog is like giving them their own window into your home - a window they can climb into anytime they want and take stuff, move stuff around, or add some really bad decorations.
So what exactly do I mean by "running strange code"? Every time you ad a new widget, gadget, whose-it, or whats-it, you have to follow directions to download a snippet of code and paste it into your blog's template. With that done, every single time your blog is loaded in someone's browser, that code will execute to add whatever exciting feature its supposed to do. It is important for you to realize that piece of code you added to your template now has complete and total access to the remaining content of your blog. If you execute some untrustworthy code the consequences could be unimaginable. Here are just a few things that some unscrupulous code might do:
-
Hijack Your Affiliate Links. When you are getting paid to endorse a product on your blog, a company will give you a special link to use so they know potential customers came from your site. Untrustworthy code on your blog could very easily search your blog for those referral links and replace them with their own. Now THEY will get credit every time YOU refer a customer.
-
Affect Your Google PageRank. Google awards blogs with relevant topics and lots of inbound links by giving them a high PageRank (see
this post for more on PageRank). Google has also been know to punish blogs that pay for links or use other embedded code that attempts to trick the Google algorithms (which is often mistaken as Search Engine Optimization or SEO). If your blog runs code from a source they do not consider legit, they will definitely lower your PageRank, which in the long run, could cost a lot more than the few bucks you made in the latest link exchange scam.
-
Severely Slow Down the Load Time Of Your Blog which can piss your readers off enough to keep them from ever returning. How many times have you visited a blog that took an hour to load only to find that it had widgets a mile long in their sidebar flashing and animating and practically giving you a seizure. Do you ever go back? I don't. Every time your blog runs another piece of code or widget that you pasted into your template, it is practically like making a whole new request for another web page. If you have 10 different widgets, it is like going to 10 different blogs and waiting for them all to finish loading. Now you see why some blogs take forever to load!
Helpful Tip! If you are interesting in learning all that your blog is really loading behind the scenes (or any blog for that matter), I strongly suggest the LiveHTTPHeaders PlugIn for FireFox. You can use it to see all the requests and responses coming in and out of a single web page. You would not believe the amount data some blogs make you download that is nothing more than useless junk.
Am I saying that every piece of code you run on your blog is dangerous? Of course not. Take Google AdSense, for example. You certainly have nothing to worry about there. But notice how all the ads somehow magically match your content. Its proof that those code snippets have access to the rest of your blog. Its okay to run code from Google AdSense and other reputable services because they are trustworthy companies who can be held accountable for any wrong doing. Plus the code was written by Google Engineers (who have replaced NASA Rocket Scientists as the smartest people alive) so you know it is optimized to limit the impact on your blog.
All I am suggesting is that you be vigilant. If something smells fishy, it probably is.
A Perfect Example
Raise your hand if you've been contacted by TNX.net to try out their service and do a paid review for it. Sorry to burst your bubble, but they didn't scout you out specifically because they love your blog. They (whoever they are) have been busy asking thousands of blogs to review their service for cold hard cash. Most people are excited at the chance to make their first $40.00 that they gladly accept without considering just what the service is actually doing. And what they are doing is not cool in the eyes of Google.
Before you start getting too nervous, don't worry. They aren't doing anything super dangerous. If you have signed up for the service you know that they give you a boat load of code to download and paste into your template [RED FLAG #1 - a lot of code could be doing a lot of bad stuff!]. What this code is doing is using raw TCP sockets to have your server contact their server to download the links they want to display on your page. They do this behind the scenes so the links appear in your blog as content you actually put there yourself. It is an attempt to fool the search engine algorithms that penalize those that attempt to cheat the system. They even claim right on their home page that they can improve your Google PageRank [RED FLAG #2 - Google keeps the PageRank algorithm a closely guarded secret]. By the way...your blog will not finish loading until it has contacted TNX servers somewhere in Germany [RED FLAG #3 - a private DNS registered to an IP address in Germany? Come on! Red flag city!]. So you are now at the mercy of their servers.
Good ole' Vlad from TNX contacted me as well, but something just didn't feel right to me. Here is an excerpt of our dialog:
Vlad:
Hello, we would like to pay you to review TNX.NET on BuzzMyBlog.com. Please send me your PayPal address. [RED FLAG #4 - if their services is so great, why are they paying everyone?]
Jeff:
Hi, I would be happy to do a review. Does it have to be a positive one?
Vlad:
It can be a neutral review. We will pay you $40. What is your PayPal address [RED FLAG #5 - why won't they let me write my honest opinion? If its a good service they have nothing to worry about.]
Jeff:
Paid reviews on my blog cost $500.00. Since there is a risk of it affecting my PageRank, it has to be worth more than $40.00.
Vlad:
You can use nofollow.
Jeff:
Ok, I will.
Vlad:
So do you agree for $40 for the review with nofollow? Please provide us with your PayPal email.
Jeff:
No, I agreed to use nofollow. Reviews on my blog are $500.00
No further response from Vlad...
As I said in the very beginning, maybe I am just being a little paranoid. But there are definitely a lot of shady people out there so a little paranoia might be a good thing. Who knows, maybe TNX.NET is a good service. If anyone out there thinks so, leave a comment and let us know. What I do know is that it will definitely slow down your blog and it is definitely something Google will not tolerate. That, along with all the other RED FLAGS I pointed out, didn't make it worth it to me to give them an open window into my blog.
I encourage you to be more vigilant on your blog as well. Before you post that code, check it out and see what it is doing. If you can't figure it out, drop me a line. I'd be happy to check it out and let you know what I think. You can never be too careful.
Jeff
ps - Vlad...here is your honest review. I'll be expecting my $500.00
