Kontera's non-existent approach to email security

 by Martin Belam, 18 July 2007

Every now and again I get approached by people wanting to place their advertisements on currybetdotnet. Sometimes these are people targeting getting a text link on one particular page, and at other times these are people wanting me to try out their entire advertising system.

As a general rule I always decline.

The Google AdSense blocks on these pages pay for the hosting here, with enough of a surplus to pay for 'A lemon tree of our own' as well. AdSense isn't so intrusive, and the point of the site overall is not about money making.

However, I do have several pages that generate a lot of traffic, and bandwidth usage, because they feature highly in search engines for search terms not really related to the main thrust of my site - keywords like "konnie huqs knickers", "charley uchea topless" and "sexiest tits", and I have sometimes considered whether I should put extra advertising on these pages.


Recently I was approached by a company called Kontera about putting their in-text advertising on the currybetdotnet site.


On the whole I don't like this kind of advertising on the web as it blurs the distinction between editorial hypertext links and advertising.

However, I decided that as a trial I would put it only on those pages that deliver high amounts of what I consider to be irrelevant traffic to the site - I suspect, after all, that anyone searching for "big brother nipple" and arriving here is unlikely to be at the same time looking to hire me as an internet consultant or information architect.

When I followed up the initial approach, I was asked to fill out Kontera's online form to become a participant in the program, with a promise that they would get back to me within 5 business days. In fact it took a little longer than that, but when I did get my next contact from them, it wasn't the delay which shocked me, but the content of the mail.

I got a welcome mail from my account manager, which included the following details:

  • the javascript code which needed to be placed on my pages to include the advertisements, which included my unique publisher number
  • my username
  • my password in plain text
  • the URL of my control panel

I was astonished that a company that specialises in online business could have such poor practice when it came to privacy and security when using email.

Leaving aside the fact that including snippets of javascript within an email would cause many email clients to reject the mail as a hack attack, for those who aren't so security aware, it meant anyone who had managed to intercept that email would obtain my unique publisher ID, my username, my password, and access to my control panel, all in one fell swoop.

I contacted my new account manager who had sent the email to express my surprise and dismay.

And to point out that if this was the companies attitude to email security, then I wasn't sure that I could feel confident in allowing them to run javascript code that I hadn't seen on pages on currybetdotnet, or trust Kontera enough to enter a secure online financial transaction with them.

The reply to my email did not address my concerns at all, starting with the classic non-apology line "I am sorry to hear that you feel this way" and going on to assure me that Kontera advertising is used by:

"more than 3,000 publishers all over the world, including big networks and sites, that are receiving great support and incremental revenue from our product."

Well, it is being used more than 3,000 publishers who don't seem to care about the way a company looks after their secure details when using email perhaps, but I'm not one of those type of people.

Needless to say, following that exchange of emails, Kontera advertising will not now be appearing on the currybetdotnet site.


But haven't you done exactly that?

I mean, you've typed in all the words that you say give you high traffic, then plonked an advert in the middle of it. If Kontera aren't paying you for this, then you're clearly missing out, even if you do knock their security policy.

Hi minifig, I guess that depends on whether you subscribe to the 'all publicity is good publicity' school of thought. I thought they were shockingly unprofessional and their email to me was contemptuous of my concerns. And you think that is me advertising their service?

In some ways, that's irrelevant.

This post, if popular, might change the mind of people using this product. However, it will also help improve Kontera's search engine standings, especially if lots of people link to your post. You did hand them a delightful link in the middle of your page.

But you're right, they do seem pants, and I don't think I'd use a company with those sorts of policies...

>> You did hand them a delightful link in the middle of your page.

I'm flattered that you think my postings would have that much influence on their search rank. I'm nothing if not pro-active in responding to comments - so the Kontera link in the article above is now the only one on currybetdotnet to have rel="nofollow" on it rendering it useless to search engines.

Wow - that is customer service!

I'm now questioning my geekiness and pedantry to a large degree, but that's probably for the best ;o)

Keep up to date on my new blog