Quechup (kway-chup) is a social networking website that came to prominence in 2007 when it used automatic email invitations for viral marketing to all the e-mail addresses in its members' address books. This was described as a "spam campaign" and raised a great deal of criticism.
Address book harvesting
The automatic invitation of all the contacts in the e-mail address books of people who signed up to their service was controversial for two reasons:
- Without explaining intentions, Quechup required permission to access the address book.
- Invites were sent to all addresses in address books without permission of e-mail address owners.
This attracted a great deal of criticism in September 2007.
Quechup was one of the first social networking sites to include such a feature back in 2005. With its growing popularity (social networks), expectations of what features a service should have and how they should work have emerged. Quechup's address check did not conform to what users now expect as the norm.
While admitting the campaign was misleading, technology blogger Chris Hambly pointed out that text explaining how the feature worked was placed in normal print directly above the feature, raising the question of a user's responsibility to read what they agree to, although he noted that this explanatory text failed to clearly state what would happen.
However you view this, no matter what your opinion is on this the fact of the matter is that you should READ what the page says as it is very clear. In any case there is a link which says "I don't have an address book"!... I can only say you should READ these things clearly in the future, it’s quite simple.
In their 17 September statement, Glen Finch, Chief Technology Officer stated
This has raised the issue of users automatically 'opting in' without first understanding what they are accepting, rather than automatically 'opting out' of questionable features.
Quechup responded by changing how it operated its service and belatedly reassuring customers it was not acting maliciously, even if irresponsibly.
- Quechup changed how its address book check worked within days, clearly giving members the option of which contacts, if any, they wanted to invite.
- Quechup adopted Windows Live ID Delegated Authentication, enabling Live and Hotmail users to grant limited access by logging in directly on Microsoft's secure servers.
- Quechup is a member of SenderScore the world's most comprehensive database of email sender reputation.
- Quechup fully complies with Microsoft's Sender ID Framework for email authentication and uses SPF records.
The Quechup affair encouraged calls for open authentication through an OpenID system such as Yahoo's BBauth, which would allow a user to grant limited access to their data, without providing passwords directly to a website. Indeed Quechup adopted Windows Live ID Delegated Authentication, an OpenID system for Windows Live and Hotmail users.
In a more recent development, technology journalist Robert X. Cringely raised the possibility that Quechup may be sending fake dating invitations to subscribers that attempts to get them to sign up to a premium service. In his article, Cringely stated that it was not certain if these fake e-mails were the work of what he called a "rogue Quechup affiliate who gets a commission for sign ups" or a more sophisticated automatic spam operation.
- Saul Hansell Social network launches worldwide spam campaign New York Times, 13 September 2007
- Cashmore, Pete (2 September 2007). "Are You Getting Quechup Spammed?". Social Media. Mashable. Retrieved 3 March 2010.
- Had an invite from Quechup? Jemima Kiss Digital Digest Monday 10 September 2007 GuardianUnlimited, Accessed 23 June 2008
- The Quechup Social Networking Platform: IDate Corporation Updates Quechup's Address Book Feature Archived 1 January 2008 at the Wayback Machine Press release, Newbury - Berks - UK - 18 September 2007
- Quetchup = Kvetchup Archived 14 October 2007 at the Wayback Machine Saturday, 1 September 2007 Digital Flotsam, Digitalflotsam.com.
- Quechup And Mass Hysteria - Chrishambly.com, 2 September 2007
- Do social network sites genuinely care about privacy? Charles Arthur The Guardian Thursday 13 September 2007, Accessed 13 September 2007
- Windows Live ID Delegated Authentication grants limited access to users data without providing passwords directly to a website.
- Lookup for Quechup.com SenderScore reputation database covering email senders
- The Sender ID Framework is an e-mail authentication technology Archived 11 December 2008 at the Wayback Machine - Microsoft Sender ID, Accessed 9 December 2008
- OAuth: Open Authentication Comes Closer to Reality Archived 11 October 2007 at the Wayback Machine O'Reilly Radar Tuesday 09.25.07
- Robert X. Cringely Oops, you just spilled Quechup on your pants Archived 12 December 2008 at the Wayback Machine, InfoWorld, 7 April 2008