Yesterday I got a friendly email in the iBegin inbox. In a very professional manner, the person informed me of a Cross Site Scripting (XSS). I responded immediately, and a day later popped in the email. It was a simple example - with a certain string, my search page popped a nice JS error saying ‘XSS!’

This was rather bewildering. I have spent a lot of time researching over such holes, and here I was the victim of my own.

The end result was less spectacular than I had been fearing - when adding in the ad-code for Google, I had opted to use the ‘hint’ option. In my rush, I had never filtered the part where I dynamically inserted the keyword the user had searched for. And just like that a nasty nasty XSS hole was borne.

XSS is bloody scary. Basically with that info they can extract a lot of user info, allowing them to effectively take over their behavior. Heck MySpace was literally brought to its knees by a little XSS hack. And protection against XSS is like building a fortress - if your fortress even has one little hole in it, you are in trouble.

I’ve already mentioned how most ‘programmers’ on the web are crap. When you mix JavaScript in, thats like asking to be messed with.

Not going to make any friends this way. But we tried this out, it was fun:

1. Find Digg frontpage stories
2. ‘Blog it’
3. Repeat for every frontpage story [for at least 100 stories]
4. Wait 6 months, voila - PR4-6

Mind you this was an experiment, and we already shut it down. But something to note.

UPDATE March 8: Someone asked me what they could do with such a ’site’. Ideas include:

• Nothing. Leave the pages as they are. Start adding pages about different content. Once in, things become easier.
• 301. Just 301 every single page to whatever site (same domain or not). I know of people who basically get something Dugg once a month, and after 4-6 months, just 301 it somewhere else.
• Make sure you digg only topics relevant to your point. Once you have Digg linking to you, just have that page link to something related to the point. Digg’s article on X -> your post about Digg’s article on X -> your site on X. Relevancy is key.

I’m sure you can come up with other ideas

No ‘niche’ gets as nasty and personal as politics. It seems as time drags on, more and more people are convinced that the only way to co-exist with someone else is to hammer in your beliefs and ideals into them, whether they believe it or not. The idea of intellectual discourse seems almost dead.

So when you take user generated content and mix in politics, what do you get? Digg’s political news, political opinion, and world news. If people thought the tech side easily skewed to topics that were pro-Apple, pro-Ubuntu, or anti-MS, the political/news areas are about who can troll best.

The topics du jour mostly revolve around how evil Islam is and/or how evil Iran is. An occasional story about a US presidential candidate is thrown around.

A few case examples:

http://digg.com/politics/Group_for_former_Muslims_threatened_by_Muslims
The most obvious case of focus groups pushing their agenda is if one reads the comments. As one progresses down the article, you can see that the original comments are all virulently anti-islamic. As you progress down, the entire tone of ‘discussion.’ changes. Users like patriotickiwi and tomcpp continue to fan the flames for as long as they can. The reality of the content was ‘Leader of ex-Muslim group anonymously threatened.’. The sensationalist headline was ‘Group for former Muslims threatened by Muslims’

Unfortunately I cannot find the link right now, but there was a delightful link to the LittleGreenFootballs (one of the most popular right-wing/anti-Muslim website) which talked about the large influx of traffic by working on Digg. There is a post though on where its readers are recommended they report a blog that was on Digg for an anti-LGF post. (mouthful eh?)

Next up we have example users. Included with delightful users like patriotickiwi and tomcpp we have users like copmoore, Robbie Cooper, davenp35, and so forth and so forth. These are people with a specific agenda. In the tech news, the general idea is that people love Apple. So when they see an Apple story, they digg it. But they also digg other stuff. The above subset of people have only one goal - to use Digg as a mouthpiece showing Muslims in a bad light. Every single one of their comments … well, I will let the comments speak for themselves.

The other interesting example is as follows: http://digg.com/politics/Digg_Presidential_Data_Who_s_hot_and_who_s_not. The original poster himself is a Libertarian. So while the 41.6 percent number is bolded (in BIG RED), isn’t it a bit odd how 10 posts still got through to the frontpage? At a ~9% success rate, our fearless Ron Paul has almost 4x the success of Obama (the current media ‘darling’), and over 9x more success than Clinton. Obama, Gulliani, and McCain are all around 2%, and yet Mr. Ron Paul clocks in at 9%? If anything, his numbers show an odd affinity between Ron Paul and Digg’s frontpage.

I could go ahead and showcase the diggers fro Ron Paul, but I leave that as an academic exercise for the readers

Digg’s wordly news sections are fraught with people and agendas. And it is something that needs to be fixed (how? I don’t have a solution in that case).

When the mighty Apple announced its iPhone, Gizmodo got stung. Badly. While Engadget were busy liveblogging, Gizmodo seemed to be updating post by post. Or something like that. And they had promised to liveblog but never did.

The ouch was strong. Calcanis proudly proclaimed about how Engadget did 10 million pageviews and beat down Gizmodo. The graph on that page really tells it all - Gizmodo who?

But lately, in my (getting less frequent) visits to Digg, I have seen Gizmodo linked to more and more. A lot more. Even other Gawker sites like consumerist.com are getting a lot of link-love from Digg. Unfortunately Digg doesn’t let me search by URL, but searching for promoted stories with Gizmodo in it gets you this: clickedy here. Beyond 23 days ago (as of this post), Gizmodo would get dugg here and there. Suddenly on the day of the iPhone announcement, Gizmodo started getting dugg left and right.

The intensity has kept up.

The digg behaviour is questionable. There is the ‘obvious’ user Gizmodonoah (I do love the #1 story). More interesting is user BLONGO. Every single story dugg is a Gawker property, and not all are submitted by him (her?). Of course this leads to user BLAM8, who leads to user diskopo and Blakely, and the chain just repeats and repeats.

Do I have any proof that something is afoot? Nope. Do I find it odd that suddenly I see Gizmodo every day on Digg? Yep. I checked the last 10 pages of promoted (tech) stories with Digg - there were six Gizmodo stories. Two in the last 24 hours. Six in the last three days. Of the six I noticed, all six were submitted by six ‘different’ people, and four of them had a Gizmodo.com story as #1.

Incidentally, when I looked up pages 90-101, I found one story for Gizmodo.

I’m just pointing out the facts - you can make your own conclusions.

UPDATED February 4, 2007 - Evidently I am blind as a bat. engtech pointed out you can search by url - clicky here. 50 promoted stories in the last 25 days (roughly the announcement of the iPhone). 19 stories promoted in the 25 days before that. 32 in the 25 days before that. Evidently Gizmodo’s staff is kicking ass … or something else is up.

After Google’s AdSense had been out for a few months, the complaints started. People were building skeleton sites and throwing on AdSense on the site, trying to milk as much money as possible. These sites were nicknamed ‘Made for Adsense’ (MFA) and were generally frowned on. A Google search for Made for Adsense incidentally has a Wikipedia entry on scraper sites as the #1 result. Definitely not a popular concept.

But MFAs are in the past. The problem is they require too much effort - sure people are still doing it and making money, but there is a better alternative now.

Made for Linkbait (MFL).

I’ve covered shortcomings of user-generated content sites like Digg before. I’ve pointed out how people quickly jump on a bandwagon without checking facts. It seems one of the first things to go with user-generated content is fact-checking.

And so we have sites that spring up overnight with some sensational headline, grab a ton of links, and then a few months later either have ads thrown all over them or are redirected to another site for SEO-benefits (after gaining a few hundred diverse links).

Just today I saw three perfect examples:

http://automen.blogspot.com/index.html
http://iphonesucks.blogspot.com/
http://bestbuyscam.blogspot.com/

This has been happening for a while. But in the last month it has gotten worse, and it is really starting to appear everywhere now. All these sites follow classic linkbaiting hooks. And while the three links I mentioned were all from Digg, Reddit, Delicious, and the rest all suffer from the same problem.

MFA sites were a problem, but they were Google’s (and Yahoo’s and MSN’s and Ask’s) problem. MFL is a problem for all bloggers. And it is only going to get worse.