Sock(-puppet)ing it to Apple’s iPhone App Store

Sometimes Apple is not to blame for everything, though I would like to think there is a way they can put a sock in this problem.

Gagan Biyani writing for MobileCrunch reports on the latest problem to hit Apple’s iPhone App Store: completely fake reviews planted there by PR firms.

Reverb Communications is a PR firm retained by some of the companies which sell iPhone applications in the App Store. The firm touts “first party” and “personal” relationships with Apple. Those claims, of course, are spun so much, most of us mere mortals that don’t work in PR risk nausea from the resulting dizziness embodied therein. Because what Reverb actually means is that they have a bunch of fake identities that can log into the App Store and post fake reviews. Yeah, that’s not exactly what comes to mind when I hear of “first party” and “personal” relationships.

How did we finally find out that Reverb lacks scruples and decency? Through an anonymous developer referred to in the article as only “Developer Y” (assumably because “Publisher X” had just been used in the preceding paragraph). From a document sent from Reverb to Developer Y (quoted in the original article):

Reverb employs a small team of interns who are focused on managing online message boards, writing influential game reviews, and keeping a gauge on the online communities. Reverb uses the interns as a sounding board to understand the new mediums where consumers are learning about products, hearing about hot new games and listen to the thoughts of our targeted audience. Reverb will use these interns on Developer Y products to post game reviews (written by Reverb staff members) ensuring the majority of the reviews will have the key messaging and talking points developed by the Reverb PR/marketing team.

But it gets even better. Reverb actually works with Apple, having done at least one TV commercial for them. Further, at least one of Reverb’s referrals actually came from an Apple employee.

Reverb’s official statement when confronted with this? Hang on tight, because the Tilt-a-Whirl is starting up again. Doug Kennedy wrote back to MobileCrunch in essence fingering a “disgruntled former employee who is violating his confidentiality agreement.”

I’m pretty sure confidentiality agreements don’t cover illegal activity, and what Reverb is doing here at least borders on fraud. At the very least it’s patently devoid of any scruples, honesty, and ethics. And PR firms and the people that work for them wonder why they are sometimes viewed as less trustworthy.

Shame on Reverb. If you work in PR, please don’t do what they did. The world, and the reputation of your profession, will be much better off.

The exposure of a weasel, part 2

This entry is part 2 of 3 in the series The exposure of a weasel

Recap: In our last episode, I had just revealed how Jason Hoeffer used an offsite Javascript link to fool naive potential customers into thinking he was from the same city they were living in.

I continued posing as a potential customer, and clicked the “click here” link that purports to be available for only the $2.95 shipping. Having my previous skepticism thoroughly validated, I carefully looked at the terms and conditions. I was not surprised at what I found:

Upon submitting a request for Membership, a Member ID and Password are assigned to you and can be used to gain access to googletreasurechest.com. The initial shipping and handling charge of one dollars and ninety seven cents, includes the google treasure chest kit as well as seven days worth of access to the online directories and training. After seven days, if you choose not to cancel, you will be billed your first monthly membership fee of seventy two dollars and twenty one cents for the membership fee for the googletreasurechest.com membership.

Okay, the initial shipping and handling charge as listed here is a dollar lower. Someone forgot to update the T&C document with the new one. So a week later you get hit for $72.21, spelled out in words to make it much less obvious.

Membership fees will be charged to the credit card used by you to complete the transaction. You have also unlocked a fourteen-day trial and twenty one-day trial to the Fraud SafeLockID and GrantSpring for just $38.84 and $24.87 a month thereafter (shows as “SafeLockID” and “GrantSpring”) should you choose not to cancel.

These bring the total up to $135.92 if you don’t cancel in time.

Prior charges for all programs are non-refundable but bonus subscriptions can be cancelled and future charges stopped at any time by calling toll-free 866.951.1406 Monday – Friday 9am – 5pm. All offers come with a monthly newsletter.

Translation: Not only are we going to bilk you for almost $140, we’re going to spam you.

Skipping down further:

We handle all charge backs and reversals as potential cases of fraudulent use of our services and/or theft of services.

The nerve! The hypocrisy! The absolute, unmitigated audacity! After luring people in with what is arguably fraud itself, Jason Hoeffer turns around and says “if you ask for a chargeback, you’re a fraudster.”

After this, I decided the privacy policy was only worth a quick skim. I uncovered this little gem:

THE COMPANY MAY SELL OR TRANSFER INDIVIDUAL INFORMATION TO AFFILIATES OR THIRD-PARTIES FOR ANY PURPOSE IN COMPANY’S SOLE DISCRETION.

That speaks for itself.

More to come…

The exposure of a weasel, part 1

This entry is part 1 of 3 in the series The exposure of a weasel

On a recent visit to Facebook, I stumbled across an ad which links to a Web site jasongetsrich.com showing a $5000 check from Google, and the opening line “Get paid $5 to $30 for every website link that you post on Google.”

The most obvious item I found, however, was that the paragraph after the check said “Thank you for visiting my site. This is Jason Hoeffer from .” Exactly as so, without the city name. It made me wonder what was going on.

I browse on Firefox (and another similar browser, Iceweasel) with NoScript. Allowing Javascript temporarily to all the sites using Javascript from this page filled in that blank space with “Houston.” Well, I’m in Houston. I wonder if that’s coincidence? Could Jason Hoeffer really be from my hometown?

Looking in the HTML source code revealed that the city name was inserted with a bit of off-site Javascript. My skepticism that this Jason Hoeffer guy is really from Houston just grew tremendously. Someone legitimate should not need to use Javascript to insert the city where he or she is from.

Retreiving the script (by itself) via Tor a few times confirmed what I thought. I got Vienna, Paris, and Columbus on three separate attempts. Someone from outside Houston has confirmed that indeed, for her Jason is from a city near where she lives.

The ad may well be off Facebook by now, as I reported this to them.

Morals: don’t take everything at face value, and browse with Javascript off by default. Sometimes, it’s best to assume someone is a pathological liar until you have hard evidence otherwise.

But there’s even more. (To be continued in part 2…)