Acro.net – Technology Rants & Raves by Acroplex®

Just four days ago I wrote about how a controversial new indirect taxation would affect thousands of .GR domains and their cash-starved operators; most of them Greek entrepreneurs operating portals, news web sites and forums.

That indirect taxation – called “aggeliosimo” – was meant to be an extension of the current taxation implemented onto press (magazine, newspapers) radio and television advertising.

The good news is, that by some unexplained reasoning that particular article was removed from the massive law up for voting this week at the Greek parliament.

Therefore, aggeliosimo no longer applies to Internet advertising.

Surely the backlash was enough for the law-drafting pencil pushers to realize that the introduction of the aggeliosimo tax was not only unethical, but also impractical to collect: Good luck with collecting that 21.5% aggeliosimo from Google Adwords advertisers.

It’s unfortunate that a lot of things in Greece are done under pressure and without much planning, when it comes down to technological progress. This is a lesson in provisioning laws according to their impact to society and business, not simply to collect a few “drachmas” here and there.

What is worse than having inept leaders?

To answer that question, one has to take a look at the number of anti-social measures stacked together onto a gigantic law up for vote this coming week at the Greek parliament.

Hit by a ballooning debt that was inflated by financial games played upon the back of state-issued bonds, the Greek government – elected under the socialist flag and led by American born George Papandreou, son and grandson of prime ministers – has shocked the Greek social strata by introducing a number of changes Greece hasn’t seen since the era of Dracon, 28 centuries ago.

The introduction of multiple layers of taxation, pension cuts and elimination of benefits for the elderly and women with children is about to alter Greek society for good. Wages in Greece, already at the bottom of the European Union with a monthly 700 euro average, are about to shrink even lower, due to immediate and secondary taxation layers.

Those that accused Greece of “partying” with loaned money need to have their facts checked; Greece is at the bottom of fund-absorbing countries in the EU, due to the sheer amount of red tape and the ever-changing direction of every elected government; the primarily bi-partisan system often leads to changes of power, much like Democrats and Republicans in the US. Debt ballooned primarily through the raising of interest rates and the bidding of international hedge fund managers such as Goldman Sachs against the Greek debt. At the same time, tax-evasion became the national sport thanks to the ineptitude of the government to police its own tax-gathering system.

Surely there is a number of healthy elements in this ongoing chaos, where those working in the public sector – a large, bureaucratic beast – grew, fed and multiplied sapping the energy of the much healthier private sector and the entrepreneurs.

Since its introduction in the early 1990′s, the Greek Internet has remained a relatively untapped territory with regards to government intervention; with the ever-increased globalization of services and the proliferation of web portals serving news and information via blogs, the government is now seizing the opportunity to add yet another level of taxation – simply because they can do so.

Enter, the aggeliosimo.

Starting July 1st, a special taxation of 21.5% referred to as “aggeliosimo” (literally: announcement tax) will apply to all advertising that Greek-based web and Internet portals engage into. In other words, operators of web forums, portals, news or information web sites in the .GR realm will have to collect an additional 21.5% from their advertisers and submit it to a special fund set aside for the Social Security Fund of journalists.

It is not clear which government pencil-pusher is the brilliant inventor of this incredible manifestation of entrepreneurial strangulation. Effectively, the 21.5% taxation will immediately strip thousands of .GR sites that carry advertisements of their source of income, as it will surely lead advertisers to portals outside of Greece.

No entrepreneur or corporation in their right mind would want to spend 21.5% more for the same amount of advertising, just because the Greek government wishes to expand its reach into untapped territory, particularly when the funds collected would benefit a well-established Social Security fund.

At the same time, the same legislation forces web portals that present a constant feed of news and information to insure their personnel under new, more expensive pension groups that would increase the piece of the pie ending into the hands of the Greek IRS.

It is uncertain how this will affect PPC companies that appear on parked .GR web sites along with major other advertising channels, such as Google Adwords. It would be interesting to see how the Greek government would enforce the collection of a 21.5% fee from Google, for ads that are displayed on .GR web sites. The process is clearly impossible and it will lead to the collapse of advertising on .GR web sites.

Overall, the decision to stifle the entrepreneurial spirit and technological investment in Greece is a clear shot in the foot of a government and the nation it’s supposed to represent.

As the Greek Prime Minister, Mr. George Papandreou is clearly incapable of retaining a clear, honest and effective control of the situation and is leading the country into social unrest, financial turmoil and towards the technological Dark Ages.

Today’s lesson is about realizing your limits and restrictions. It’s about knowing when you should zip it and listen instead of talking. It’s also about not letting white noise change your state of mind through some promised magic.

It’s about putting down the domainer ‘crack pipe’.

So you were told you will make a fortune with domains, a killing – unlike in any other market. They sold you the eBooks and the seminars, they gave you free accounts at PPC providers.

You read the eBooks and attended the seminars, then you parked your domains and did your very own mini-sites. Then waited patiently for the golden shower from heavens to arrive.

It never did.

Exactly what is the domainer ‘crack pipe’ and who is smoking it?

There are a lot of domainer ‘crack pipe‘ smokers – they promise to make you rich overnight. Do a simple check about their personal achievements and domain portfolios and think for  a second: if they were as successful as they professed, would they really pass the riches on to you?

What they pass on is the domainer ‘crack pipe‘ – the illusion of success and grandeur. Which is fine, as long as they pull those blinds over people that have nothing better to do with their time.

But your time is valuable and you should be able to be successful without all this noise and second hand smoke. And since I mentioned smoke, beware of the mirrors as well – they go together in a seamless pair.

It’s very easy to fall prey to domainer ‘crack pipe‘ smokers: the promises alone make you stop in your feet, all while you were casually strolling downtown Domain Avenue. And sometimes, while looking around the marketplace with all the peddlers yelling their wares you can lose both your wallet and shirt in mere minutes.

In a nutshell: be vigilant. Don’t put all your eggs in one basket. Take what is promised to you with a pinch of salt. Add your own spices in whatever you do. Acquire chameleon skin.

And most importantly, don’t smoke the domainer ‘crack pipe’.

It’s no secret that when things go wrong with Sedo – or any other service-oriented company – I tend to run my mouth a bit; out of frustration about the things that go wrong. But I’m also the one that praises them when things go right, or when wronged things get fixed pretty painlessly.

In light of this “brand new me” – since it’s a brand new year, 2009 – I decided to post a few tips that have worked for me, when it comes down to ironing things out with Sedo-related issues.

• Respond to each notification email by explaining exactly what you did at that step. E.g. “Domain xxxxx.com was pushed to the Sedo account, abc123, with GoDaddy.” This way there is a tracking record in the transaction agent’s mailbox and yours.
• If you’re the buyer, pay for the domain you won immediately after. If you are the seller, push the domain immediately after you’re asked to do so – don’t put things off! This way, you’ve done your part and you encourage and prompt the other party – and Sedo – to act accordingly.
• Keep a personal, friendly relationship with the Sedo personnel and the agent that handles your transaction. Personalize all communications by signing your emails with your full contact info.
• Call Sedo’s offices on the phone as needed, to ensure a transaction’s status is updated the same day. E.g. if you paid for or pushed a domain, give them a call at the closest location to you. Your agent might be in Germany or the UK but if you are in the US call the US office; they have the ability to sync transactions.
• Give them credit when credit is due; they are people that have jobs like everybody else. This seems to be the most neglected issue on the list.
• For the most part, avoid PMing them on forums, especially for support matters, although they seem to offer this type of feature. Use their support/ticket system, email or phone to resolve matters, in order of importance.

My next blog post will be about a large domain sale that Sedo assisted me with – don’t miss out!

Less than 24 hours after introducing a series of features that exposed seller data to anyone with the will to acquire it and basic scraper-scripting skills, Sedo.com changed the way the “Meet the seller” link functions.

In a dry and short statement issued on DNForum, Sedo’s Customer Relations Associate Monica Ibrahim said:

“As a quick FYI, our tech team has made sure to remove all personally identifiable member ID data from the Seller’s Activity Index. We apologize for the initial issue. Please note that member IDs are not present in the Seller Activity Index or on the Domain Portfolio Links (which can be deactivated if you wish as mentioned earlier)”

Prior to this statement, Sedo vehemently denied that any privacy breach had taken place while maintaining their position that the newly introduced features will benefit the sellers and buyers that use Sedo.com as their domain marketplace.

Indeed, Sedo programmers scrambled to change the database interfacing from using an open sequential id to a hashed (encoded) string unique for the period of time the user clicks on the “Meet the seller” link. Upon my suggestion that Parked.com should offer assistance to the Sedo.com programming team, Donny Simonton exclaimed:

“I wish we could offer some help. As a programmer I do understand what they are trying to do. They are being lazy, been there many times. I would think they could easily change it to a md5 hash of the id + the domain or something similar. Something that can not be reversed.”

Despite the fact that these changes were quickly implemented upon my public announcement of how exposed the seller info has been, Sedo has yet to fix the way their auctions are referenced, using the same non-hashed open id. Currently, all 39,000-something completed and on-going auction pages are exposed to scraping by data miners.

Most importantly, Sedo has not changed the way the new features are utilized under a user’s profile: the user’s country location, seniority at Sedo, arbitrary ratings (zero to five stars) as a seller and a buyer and how long a particular domain has been at Sedo – all these are openly available to any logged-in user, without permitting the account holder to turn these features off.

Sedo has so far kept a low profile on the matter, but the reaction of the serious, active traders has been sharp and full of negative criticism towards the way that Sedo has decided to shove down the throat of users these new features. With offices in the UK and Germany, Sedo is challenging a series of strict laws protecting the privacy of individuals and corporations; stricter than US regulations about personal data safekeeping. Meanwhile, Sedo has stated that if a user decides to leave the Sedo selling platform and delete their user profile, their data remains with Sedo indefinitely. This has serious implications for any potential data breach in the future: user accounts contain a lot of financial and other private information and Sedo’s programming methods reveal a lax approach to security.

Keep contacting Sedo via the email support@sedo.com and their support hotline at (617) 499 – 7200 (keypress 3) to voice your opposition to the lack of an ON/OFF switch for the newly introduced features.

Yesterday, I ate lasagna for dinner. I bought two history books from Barnes & Noble. I applied for a home loan. I played Counter-Strike for the first time after two months. I shaved off my goatee.

These are random, daily functions that pertain to me, the person. They are isolated incidents of my life that occur, more or less often, in various forms. Unless you live with me or you have a view through my home windows, they remain private to me or to whoever I decide to disclose them to.

Privacy, in today’s electronic maelstrom of a society, is a commodity as rare as honesty and loyalty. We have somehow been led to believe that if we buy items at the store using a credit card, it’s okay for the store to call or email us with offers of similar products. We have been led to believe that our eating, drinking and partying habits are okay to be shared, in photographs and videos on MySpace, hi5, Facebook and other “social networking” venues.

We have been shown the wrong way of living.

As if Mondays are not *the* worst days of the week alongside Fridays, today Sedo.com announced that a new set of features will be enabling users to conduct sales and business in an easier, transparent manner.

In all reality, what Sedo created today, is the prelude to doomsday as it pertains to privacy of domain transactions on this marketplace, that boasts millions of domains for sale.

Essentially, Sedo stopped short of announcing a “MySpace” type environment, with options such as seniority of sellers, the geographic location that they trade from, a rating system and a display of their tax options fully displayed via a link to any other person logged in the Sedo platform. Other added features that somehow made it past beta-testing without any concern from the management or the programmers, include displaying how long a domain has been listed for sale on Sedo and the option to link to their entire portfolio via the profile of any other domain they have on sale.

Sedo did one thing right and all of the rest wrong.

What Sedo did right, was the *option* to link to the rest of the domains in one’s portfolio – defaulting it to “No linking”. This, is solid programming concept at work. It’s the well-thought design of the programmer who wants to offer options but also respects people’s choices.

What Sedo did wrong, was the rest of it.

To create a Sedo account one needs a few seconds. It’s like signing up for Gmail or registering with Papa John’s pizza online. Once you create a Sedo account, the fun begins. The newly introduced features allow *anyone* with very basic programming skills to scour the live data of Sedo and scrape it.

It’s as if Sedo allows *anyone* with an account to take a long, satisfying snoop into your lounge while you eat. While you order books from Amazon.  Whether your home loan was approved. How many kills you landed at Counter-Strike. If you’re wearing aftershave or not.

It’s all about offering raw data, easy to be mined by anyone.

Sedo programmers need to be fired for a series of fundamental programming flaws. First off, the same suicidal approach that was used with the identification of the auction system is being used again: sequential numbers, ranging – for example – from 000001 to 99999999 and beyond. In order to view and gather transaction details, all one has to do is increase the number of the parameter describing the auction and store the results in a database. No confirmation needed. No session variables. Just full path variables that are exposed and tweaked to reveal the next in line. No captcha used in order to stop a scraper dead in its feet.

Having fun yet?

Sedo’s new profile features can be exploited to store aggregate data, linking each and every auction on Sedo to the person that made it. It’s not just like NameBio storing domains and sales prices scraped off the front page of Sedo; it’s about storing *every* auction’s info, the seller’s profile, their location, their ratings as seller and buyer, how long they have used the Sedo platform and how long the domain has been offered for sale – all IDENTIFIED by a unique, open (not hashed) id number.

Read further to understand how poorly Sedo thought of this new set of features.

Once our rogue scraper guy has created their Sedo profile, they can scrape the entire database of Sedo’s users – all 1.3+ million of it – including their unique id number and their location. Then, that unique id number can be further looked up and store their seller and buyer profile info. Once a sale occurs, the auction’s information can be stored as well.

The problem lies with the ability to link all these three together. It’d be a database containing identifiable information that can very easily be enriched with WHOIS data to fully pinpoint a seller’s achievements, strategies in pricing and time that these sales occured.

Did I mention that a lot of domains have WHOIS privacy protection but once listed on Sedo the seller’s location is revealed?

I will refrain from creating a proof of concept, at this time. But frankly, it takes $50 to pay a programmer from India that’d rummage through the freely available “features” and safely store it all away, without Sedo even being aware of it happening. To them, these are “features” that enable users to conduct business better. To me, it’s a violation of my privacy rights and an open welcome to data miners.

Programmers take orders from project managers. Whoever managed this project needs to go back to college.

I urge everyone who sells domains on Sedo.com to contact support@sedo.com and raise their strong objection to this set of wide open trapdoors on the domain selling floor.

In my early domaining days I was simply pointing my domains to a web form for visitors with an interest in purchasing, to leave their contact information. This went on for several years and I can easily say I lost several thousand dollars this way. In 2004 I shyly started using the parking service of Sedo.com, slowly adding more names until my account was upgraded to Sedo Pro.

Now, I sometimes have the reputation of an outspoken guy in online forums. That’s true; I will stick to my guns until the battle smoke clears up, but I always strive to be objective and accurate to the circumstances surrounding my point of view.

Sedo’s services and interface have substantially improved over the past four years. They offer a variety of templates with a customizable image and the editing is quick. There are some drawbacks that I should mention first – just to get them out of my system.

• Sedo does not support meta tags, such as description and keywords. It really hurts a domain in the long run, especially one that competes in Google for term relevancy. Sedo made a statement that Google asked them to do that and I simply cannot believe this statement.
• Adding domains is easy as long as the WHOIS info matches that of the account. For the most part, it works well. Sometimes, especially on a Friday afternoon, the domains will be delayed and added to the account the following Monday. Unless that Monday is a public holiday in the US, the UK or Germany.
• Changing the domain keyword is a pain; it takes up to 3 days for that to happen as they are manually approved.
• Google feed. Sometimes payments are extremely low, sometimes they are decent. Fluctuation has earned Sedo the term “yo-yo revenue”.

In mid-2007 I started using Parked.com right at a time that their feature list exploded: Custom templates, full-featured meta tag customization, addition of custom content including images & video. The guys at Parked.com really listen to what domainers need. Did I mention that their keyword parser – the code that splits a domain name into intelligible words – has no close competitor? I fed it the domain NATIONWIDEMORTGAGELICENSINGSYSTEMANDREGISTRY.COM and it properly split it into “Nationwide Mortgage Licensing System And Registry“. By the way, this is my longest domain and it does get type-ins.

Parked.com has some negatives, so I will list them here:

• Yahoo feed seems a bit sketchy after they implemented the “TQ” factor, some oddball quotient that pretends to judge the quality of traffic, awarding accordingly more or less money per click. I branded “TQ” as “Thieving Quotient” and it’s one Yahoo feature I clearly dislike.
• Template flavors seem to alternate unpredictably between single-click and two-click; the former awarding more money per click than the latter.
• Downtime. Sometimes it’s unplanned or with short notice, but it happens more often than necessary. Compensation does occur though.
• Donny’s special attention to all things Parked seems to backfire when criticism reaches a certain critical mass. He just takes things personally and the various such threads, mainly on DNForum.com become true battlefields. Still, he said once he’d buy me a beer so I think he’s a cool guy after all.
• No escrow services.

The things I like about Sedo include their unified approach as a company: nobody takes things personally, they do care about the customers despite certain complaints. They are very cordial on the phone – and trust me, I am not always the most soft-spoken person on a business call. Sedo offers great escrow service that almost never fails to deliver for both parties. Anonymity is implemented but for obvious reasons of not bypassing them, but why would one bypass the security of an affordable escrow service? Once one gets the hang of what keywords work best, it’s easy to change multiple domains via forms. Sedo pages load fast and certain template schemes seem to be really popular with visitors.

The things I like about Parked include the exquisite template customization, ability to add content and images, the intelligent keyword management and the visibility it provides in search engines via the meta tag management. Addition of domains and keyword modification is instant! Customer service is prompt and quick as well.

So, to recap: Sedo or Parked? I use both and it seems that domains that get lots of visits but few clicks at Sedo can be customized and perform well in Parked. One should try both PPC companies and preferably, split their domain portfolio among both. Currently, Sedo has a great geo-auction that will last for a total of 7 days, aptly titled “Around the World in 7 Days”. I have listed two of my domains there, Constantinople.com and Aegean.info – both with a reserve that matches the quality of the domain.

Now let’s go out and make some money!