The News – 11/2/01
|
In
this Issue:
|
Recommended
Reading
|
|
|
I
realize this is the only newsletter you’ll ever need, but if you want more
in-depth detail, check out:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
How
Many Search Engines Are There?
Recently I decided to try one of those search engine
submission services that claim to submit your Web site to dozens, hundreds, or thousands
of search engines. Many of these companies offer premium services that purport
to be able to increase your ranking in target search engines, and sometimes
these services are quite expensive. After years of ignoring the spam offering
search engine submission, one caught my eye because of its low price: $2.50
(normally $9.95!!!!!!!). I figured, what the heck, for $2.50, I’d see what this
search engine submission thing was all about.
The service I selected was INeedHits.com. Their Submit Pro service
submits your site to 300 search engines, and, incredibly, they were having a
sale that ended 10/31. Even more incredibly, it seems they’ve extended the
sale, and it now ends 11/30. The company claims, “Our professional team will
review and adjust your web site code to increase your Search Engine position.
We will then submit your adjusted web site to 300+ major Search Engines
including: Yahoo, Excite, Lycos, WebCrawler, Hotbot and Google.” This sounds
like a tremendous deal: Actual humans would consult with me to “adjust” my Web
site code to maximize my search engine position, all for $2.50.
As I constantly tell my children, “If it seems to be too
good to be true, it is.” And sure enough, I got no personal review and
adjustment of my Web site code. When you click to order the service, no mention
is made on the next page of code review as part of the Submit Pro package. You
have the opportunity to order additional services like the Keyword Analysis
Report (normally $45, now $15!) and the Website Code analysis (normally $50,
now $20!). These extra cost options are such a good deal the company preselects
them on your order form for you. I wasn’t really surprised at this sleazy
sleight of hand, of course. The search engine placement world seems to be full
of hype and promises.
What was really interesting, however, was what happened when
my submission actually ran (I didn’t fall for the extra cost extras and took
the base package). One cool thing INeedHits does is give you a free email
account and then submits your search engine requests using this email account.
This turns out to be a very good idea because the act of submitting to some of
these “search engines” generates a stream of spam selling everything from
3,368,420 free Web page hits to roses and garlic (I think that’s the title of
my next album). The come-on that most interested me, however, was a site that
offered to submit your Web site to 600,000 search engines.
Now I was willing to believe that there were 300 search
engines as claimed by INeedHits. I didn’t believe that there were 300 major
search engines, but it wouldn’t surprise me to find that number of credible
engines filling various Internet niches. But 600,000? How could that be? Turns
out there’s a whole network of Free For All search engines (the acronym is FFA,
which means something different to those of us in the Midwest). And it
resembles a huge pyramid or Ponzi scheme. As best as I can figure, FFA search
engines make money off advertising on the “search engine” sites and through
spam email the sites send to people who submit to them. The services are
created by sites like RateSaver.com
and BigMailBox.com. A good explanation
of the methodology can be found on the RateSaver site of Matt
Perdeck, who claims to be, “a regular guy. Not super smart. Not well
connected. Just average.” Yet somehow Matt has been able to generate thousands
of dollars even while he sleeps using a “hits tree.”
The hits tree concept apparently combines the labyrinthine
and convoluted Free For All search engine phenomenon with affiliate programs.
An affiliate program is a way to get other people to market something for you,
for example a book. Amazon runs an affiliate program enabling people to embed a
link on their Web sites that takes visitors to Amazon. If the visitor buys, the
affiliate gets a commission. The world of affiliate
programs is easily as convoluted as the FFA search engine world, and will
have to be the subject of another article.
The hits tree concept is immediately recognizable to anyone
who’s made it out of the 8th grade: It’s basically an electronic chain letter.
Your hits tree page contains
boxes with six Web links in positions one through six. These links are to pages
of other hits tree members’ Web pages, where they undoubtedly sell something.
According to the explanation that is also posted on your hits tree page, “Your
own hits page has a link to your website (or any website you like) in position
#1. When people sign up (for free), they get their own hits page, with their
own link in position #1. Your link is copied onto the new page and goes into
position #2. All other links are also shifted back. This means that if 20
people sign up from your hits page, your link winds up on 20 new pages, in
position #2.” You do the math. Actually,
you don’t need to; it’s provided for you:
|
|
|
Pages with your link
|
|
|
1: 20 people visit your page and get
their own page:
|
20
|
|
|
2: Those 20 pages each get 20
visitors themselves, producing 20 * 20 = 400 pages:
|
400
|
|
|
3: Those 400 pages each get 20
visitors themselves, producing 20 * 400 = 8000 pages:
|
8000
|
|
|
4: Those 8000 pages each get 20
visitors themselves, producing 20 * 8000 = 160,000 pages:
|
160,000
|
|
|
5: Those 160,000 pages each get 20 visitors
themselves, producing 20 * 160,000 = 3,200,000 pages:
|
3,200,000
|
|
|
|
------------------------
|
|
|
Total
pages with your link:
|
3,368,420
|
Wow! Three million pages that point to my Web site! But
wait, there’s more! You can also put banners on your hit tree pages and earn
easy money! Plus you can automatically email (Not spam! They asked for it!)
people who visit your page! You can also include access to free ebooks! And the
best part: It’s all only $45!
Despite the breathless hype, you may be wondering if anyone
falls for this stuff, and if they’re making money. All I can say is that plenty
of people are falling for it. But the only folks making serious coin are those
who collect the $45 for creating a new hits tree. As in any pyramid scheme,
only those in at the top are likely to be making any money. Regular Guy Matt
Perdeck must be making some money selling his eBook, Living Off the Net,
for between $29.95 and $39.95. Try a Google
search for his name and see how many sites are flogging his book.
So how many search engines are there really? I can’t say,
although one site lists a
thousand of them. But when I tried to find several of the engines listed on
that site, all I got from Google was links to other lists of search engines. I
could never find a real site! Another list of
search engines included links, and did appear to include valid search engines,
many of which were simply “meta” search engines. (A meta search engine submits your
query to several established search engines and collates the results. My
favorite is MetaCrawler, although
it’s gone downhill recently.) So it appears that there really are 1,000 search
engines out there.
The bottom line is: Don’t waste your time with search engine
submission services. You’ll get the most traffic out of getting the major
search engines to list you. Then you can engage the services of a reputable search engine ranking specialist to help
you achieve a favorable search engine position. If you want to learn more about
search engines and search engine placement, check out Search Engine Watch. As for me, I
decided in the name of journalism to drop 45 bucks on the hits tree concept. I’ll let you
know how it turns out.
Search Engine Watch
Briefly
Noted
- Shameless Self-Promotion
Dept.: Look for a new
directory, debuting this week: Nanotechnology Resources. Frankly, I was
overwhelmed at the amount of information on the Net about this technology and
thus didn’t get the directory finished in time for the article in the last SNS. It will
feature commercial and academic resources along with pointers to other
directories and link pages.
StratVantage
Directories
- A Foolish Security: Renowned
computer security expert Bruce Schneier examined the new changes in airline
security in his email newsletter last month. He puts into words better than I
can the problems, dangers, and false sense of security half-baked security
measures provide:
Computer security experts have a lot of expertise
that can be applied to the real world.
First and foremost, we have well-developed senses of what security looks
like. We can tell the difference between real security and snake oil. And the
new airport security rules, put in place after September 11, look and smell a
whole lot like snake oil.
All the warning signs are there: new and unproven
security measures, no real threat analysis, unsubstantiated security claims.
The ban on cutting instruments is a perfect example. It's a knee-jerk reaction:
the terrorists used small knives and box cutters, so we must ban them. And nail clippers, nail files, cigarette
lighters, scissors (even small ones), tweezers, etc. But why isn't anyone
asking the real questions: what is the threat, and how does turning an airplane
into a kindergarten classroom reduce the threat? If the threat is hijacking, then the countermeasure doesn't
protect against all the myriad of ways people can subdue the pilot and
crew. Hasn't anyone heard of karate? Or
broken bottles? Think about hiding
small blades inside luggage. Or composite knives that don't show up on metal
detectors.
Parked cars now must be 300 feet from airport
gates. Why? What security problem does this solve? Why doesn't the same problem
imply that passenger drop-off and pick-up should also be that far away?
Curbside check-in has been eliminated. [Note: it’s been reinstated since this
was written.] What's the threat that
this security measure has solved? Why,
if the new threat is hijacking, are we suddenly worried about bombs?
Cryptogram
- Face Recognition Again: Schneier also eloquently punctures the
idea of using face recognition on crowds to separate out the known bad guys.
His analysis is much longer, and I refer you to his newsletter for it, but
here’s the gist:
Biometrics is an effective authentication tool, and
I've written about it before. There are three basic kinds of authentication:
something you know (password, PIN code, secret handshake), something you have
(door key, physical ticket into a concert, signet ring), and something you are
(biometrics). Good security uses at
least two different authentication types: an ATM card and a PIN code, computer access
using both a password and a fingerprint reader, a security badge that includes
a picture that a guard looks at.
Implemented properly, biometrics can be an effective part of an access
control system.
I think it would be a great addition to airport
security: identifying airline and airport personnel such as pilots, maintenance
workers, etc. That's a problem
biometrics can help solve. Using
biometrics to pick terrorists out of crowds is a different kettle of fish.
In the first case (employee identification), the
biometric system has a straightforward problem: does this biometric belong to
the person
it claims to belong to? In the latter case (picking terrorists out of crowds), the system
needs to solve a much harder problem: does this biometric belong to anyone in
this large database of people? The difficulty of the latter problem increases
the complexity of the identification, and leads to identification failures.
Getting reference biometrics is different,
too. In the first case, you can initialize
the system with a known, good biometric. If the biometric is face recognition,
you can take good pictures of new employees when they are hired and enter them
into the system. Terrorists are unlikely to pose for photo shoots. You might have a grainy picture of a
terrorist, taken five years ago from 1000 yards away when he had a beard. Not nearly as useful.
Schneier goes on to point out that thousands of false
positives would be generated even if the system were 99.99 percent accurate. In
fact, current
systems aren’t anywhere near that accurate. The US Department of Defense
(DoD) Defense Advanced Research Projects Agency (DARPA) sponsored the Facial
Recognition Vendor Test (FRVT) 2000 test, which concluded that the best false
detection rate (FDR) was 33 percent, with a false acceptance rate (FAR) of ten
percent. Are you willing to take a one in three chance of being detained as a
terrorist the next time you fly?
Cryptogram
- Wireless
Data and Terrorism: Wireless Internet and Mobile Computing
published a six-part Wireless Data and Terrorism report. The
report takes a look at both the failures and value of wireless data in critical
situations. It provides emergency wireless data checklists, and examines the
industry's economic outlook in the aftermath of the terrorist attacks. The
most notable failure of the wireless industry during the aftermath of the
attacks was a marketing one, according to the report. Because wireless data is
treated not so much as a “’second fiddle’ to voice, [but] more like a ‘third
piccolo,’” many people who could have benefited either did not know about
wireless data services, or did not know how to use them.
Wireless Internet & Mobile Computing
- Blinding
Flash of the Obvious: OK, am I the last one to figure out the significance
of the date chosen for the terrorist attacks: 9-11 or 911 – call for help?
- Gov Favors Limiting FOIA Disclosure of
Computer Attacks: To encourage corporate victims of crackers to report crimes, the White
House said it will support proposals to withhold details about electronic
attacks against the nation's most important computer networks, according to an
Associated Press story. The Cyber
Security Information Act, originally introduced last year and then again
this past July, would restrict government agencies' disclosures about attacks
under the Freedom of Information Act (FOIA). The bill has languished in
committee since July. I don’t know quite what to think about this one. On the
one hand, it’s a given that computer intrusions are under-reported due to fears
of liability, competition, and embarrassment. On the other hand, restricting
FOIA in this case may lead to the proverbial slippery slope. Perhaps disclosing
these attacks to an industry ombudsman would be a good compromise.
Security Focus
.