Posted February 24, 2007 7:45 pm by with 99 comments

Tweet about this on TwitterShare on LinkedInShare on Google+Share on FacebookBuffer this page

UPDATE: Eric at MyBlogLog has posted about as close as you get to an apology to Shoemoney and reinstated his profile. Clearly the number of bloggers revolting against MBL caused the team to re-think their action. I’m happy to see Shoemoney back on MBL and, in response, will add back to Marketing Pilgrim the code that allows you to see your image on comments. I’m also logging back into MBL, so you’ll see my face popping up on your blog again. 🙂

I still think MBL has some work to do to improve the service, but at least they’re working on it. My advice, create an advisory board of bloggers – not just the influential ones – and get their input on everything from tracking to features, to flaws. Anyway, nice move Eric.


In the next few minutes, I’ll be removing links to MyBlogLog and taking the JavaScript off the site. Why? Yahoo and MBL have decided to ban Jeremy Schoemoney from the service for exposing some security flaws in the product.

While MBL claims that’s not the case…

To be clear — we did not ban shoemoney for posting about exploits. Although we would certainly have appreciated that he email us first, it’s his decision where he would like to publish them. We banned him for publishing other people’s data on the site and urging readers to spoof them. On what planet is that not a bannable offense?

It’s bogus to suggest that publishing MBL data that ANYONE could have looked-up, is a valid reason for kicking him off. And it’s hypocritical to say that Schoe should have emailed them first – where was Jeremy Zawodny’s email to me, before he felt he needed to accuse me of spamming!!!

In support of Jeremy, I’m boycotting MBL until they reinstate his profile. What MBL doesn’t understand is that “community” means more than just a collection of avatars, it means supporting those bloggers who support you.

I’m sorry for all of you who enjoyed seeing your avatar on Marketing Pilgrim. You’re all still very much loved, but MBL hasn’t exactly won the hearts of bloggers (certainly not this one) since being acquired by Yahoo. Good job Yahoo, way to screw-up a good thing.

  • I don’t have any clue on their numbers, but just from a general feel perspective, it seems to me like MBL was a really quick growing fad, that has dropped off just as fast in the last month. Maybe Yahoo jumped on this one too quickly…

  • Hi,

    Do you know why they have banned you?

  • Simon – I hear ya. It was a cool tool to start with, but what does it actually do for me? Not much.

    Vahid – they didn’t ban me, they banned Shoemoney. I’m banning them! 😉

  • Andy,

    I would be with you if Shoemoney hadn’t have released private info. Seems to me that MyBlogLog was looking out for bloggers and not Shoemoney. Am I wrong on this one?

    By not contacting them, didn’t he put us all at risk?

    I think they did the right thing. The right decision for Shoemoney would have been to report the bug and then take credit for it later, after they closed the loop.


  • I got tired of hearing about all of the flaws in the system and Shoemoney’s post tipped the scale against MBL. So I’ve taken the code off of my site too.

    I don’t know that there was any direct benefit to my site from MBL, but it was kind of interesting to have people identify themselves when they visited. Some interesting people stopped by that I would otherwise not have known about.

  • Doug, the information wasn’t private. You could have looked up any ID of any member yourself.

  • These guys are acting like a bunch of 12 year olds. Why not fix the problem instead of going after the people writing about it?

  • Secure — I’m breaking my vow of silence about this, because I can’t stand hearing that question over and over. The flaw he pointed out was fixed within 45 minutes of Shoe originally posting the story, and we posted this on Shoe’s comments. He was too busy updating his post with additional member’s data to notice.

  • Eric – how confident are you that there are no other flaws?

  • Andy —

    That’s like asking Google how confident they are that people can’t game AdSense. I am comfortable saying that no one has ever been able to get to your personal information and that we have instituted a major security improvement to keep people from spoofing cookies. We’re working on reducing spam as explained in our recent blog post and we’re taking steps to reduce the opportunities for clickfraud.

    Are we ever going to keep people from making their avatars voluptuous women for marketing purposes? Probably not.

    Are we always going to be ahead of SEO-types (sorry) who want to game the system for their own gain? Probably not.

    Is this good enough to be on your site? Only you can say. But I respect your decision either way.

  • Eric – it was an open-ended question, but I appreciate you answering.

    So if “SEO-types” can’t use MBL for “their own gain”, what’s in it for them? What’s in it for anyone, if you can’t benefit from MBL? If the users can’t define their use, they’ll go elsewhere.

  • Andy — MyBlogLog was launched a s away for people to connect with each other, whether it’s authors with readers or readers with readers. Immediately we found that people started using us a discovery mechanism and that was awesome. A nice side benefit of that was all the people posting about how much their traffic goes up when they start using us. Yays all around.

    But recently, I’ve seen a load of people complaining about all the “join my community” spam and all the pictures of busty women being used as a lure to bring people to their pages. I’m comfortable saying this is not behavior we want because it’s ultimately a lose / lose game. It will cause people to remove the widgets (reducing your distribution) and these aren’t qualified leads, so why do you want them anyway?

    There’s a big difference between “use MBL” as you put it and “game MBL” as I put it. Are we really that far apart?

  • Eric, mmm, really. Let’s presume that it was fixed, then why did you ban him?

    BTW, I still see the user ID’s when I look up people like greywolf, for example, so is it really fixed?

    There are lots of people out here who think MBL acted like a bunch of 12 year olds, it’s not just me …

  • I say “Yay” to MBL and it’s not getting boycotted by me or any of my clients.

    One fantastic example, Black In Business ( not only put a face to a blog but a race to it as well. Jim’s traffic has skyrocketed because of MBL because it offered what no other community could… a face to a name.

    And “Yay” to MBL for fixing the hole within an hour of Shoemoney’s Link Baiting.

  • Secure — it wasn’t showing the userID that was the problem, it was that our cookies weren’t secure. This was addressed last night.

    As far as why we banned him, I posted that multiple times. And just because a crowd of people were chasing Frankenstein with pitchforks doesn’t mean he was a monster.

  • Eric, my point is that perhaps a better course of action in this case would have been to say “thanks for pointing that out to us” instead of banning a user.

    Next time there is an bug, perhaps, you will get unpleasant surprise instead of a heads up.

    Something to think about …

  • This is unbelievable. Yahoo (owner of MBL) is (was?) a multi billion dollar company. Banning someone instead of immediately addressing and fixing a security flaw is something from amateur hour on an entertainment forum.

  • I read the shoemoney blog entry and was quite amused. I do applaud the quick fix as well. The part I would question through all of this is how good is the code in the first place. If something like cookie security was not considered, what else can be gamed.

  • Umm…

    Not that I’m sticking up for MBL, because I don’t know, nor do I care, what they do, but come on people. The guy didn’t even email them the problem. Instead he went straight to posting proof that he was able to exploit their site.

    Why would they NOT ban him? He’s obviously interested in circumventing their security and trying to make a name for himself. You’ve got to be an absolute f’in moron to not see why they would ban him… be reasonable.

  • I personally would have consulted with the company that just acquired me before venturing on such a task. This may not be a full PR nightmare, but I still personally consider Jeremy as a top and well respected blogger.

    Although as we know, making controversial statements to the blogasphere can have an amazing ability to drive traffic. But I personally would not have made the same decision.

  • Pingback: MyBlogLog Teeters On The Uncool Ledge, Will They Fall? |

  • I’ve never used mybloglog but I’m sure there are some kind of rules in the people agree to when they sign up. Is there anything mentioned in the rules about not allowing what Shoemoney did? If not, then they should take it as a lesson learned and change their rules.

  • Pingback: MyBlogLog Hack? » JaypeeOnline()

  • I’m really torn by this since MLB is really indispensable to me (as a minor blog) but this debacle really diminished my respect for MLB.

    These are the people who stood by MLB during the rough patches and even defended the founder’s integrity against JZ’s faux pas. Just kick them in the nuts. I’m sure they wont mind.

    That’s like arresting a dude for sexual assault because he tapped on the shoulder of a naked woman in public for telling her, “miss, you should wear some clothes because these streets are dangerous”.

    To be frank I no longer see how MLB is even worth a couple million dollars when the app has more security holes than something whipped up by script kiddies.

    Seriously, if you have time to read all these blogs you should have your nose to the grindstone and be cranking away code to address these issues. What harm did Shoemoney do that the legion of spammers still lurking MLB couldn’t do or have already done?

    I think the way you handled this security issue would make Microsoft blush.

  • ddn

    Quote: “Secure — I’m breaking my vow of silence about this, because I can’t stand hearing that question over and over. The flaw he pointed out was fixed within 45 minutes of Shoe originally posting the story, and we posted this on Shoe’s comments. He was too busy updating his post with additional member’s data to notice. ”

    You’re a flat-out liar. The post was never updated with more IDs. The IDs that were posted were FAR from “private” data. In any case, you fixed the exploit, right? So the IDs were irrelevant.

    What a joke.

    Oh and for everyone commenting that Shoe should have contacted MBL privately first, let’s not forget that Jeremy Zawodny publicly called out this site’s own Andy Beal for “spamming MyBlogLog” and later apologized. Where was the private email on that one?

  • DDN — nice of you to join the party. I’ll tell you what. If Shoe agrees with you that he didn’t update the original post within minutes from 3 uIDs to 12 uIDs then I will personally have him reinstated tomorrow and give him a lifetime Pro account.

  • ddn

    It won’t matter whos account you reinstate. No one cares anymore. MBL is the equivalent of a hit counter. We realized those were useless in 1997.

    You’re a bunch of amateurs. And by the way, you still hadn’t fixed it the first time you posted that you did.

    Congratulations on pulling the wool over Yahoo’s eyes, not that it must be hard when they’re imploding.

  • Pingback: MyBlogLog and Exploits - It Is Easy To Pick On Someone Who Doesn't Have Hold Of Your Testicles Financially : Blog Archive Andy Beard()

  • Pingback: MyBlogLog Banning Members » SELaplana()

  • Pingback: Jimmy Daniels » MyBlogLog Bans ShoeMoney()

  • The missing piece was PR from MBL (they do have a blog, right?) that might have gone something like

    “wow… it’s amazing to see so many users adopting our service so fast. We are really excited to see the validation that the MBL platform is capable of so much more, and also how amazingly innovative the blogging community is. We’ll have to fix some of the loop holes of course, and we’ve got great people working on keeping things moving forward, but keep the feedback coming and let us know what we’re doing right and what you need from us…”

    Instead we get “what planet” comments. Yah.

  • Pingback: Last Words On MyBlogLog - ShoeMoney™()

  • This whole post was worth it just for comment 18 (vijay) “…bloggers who support you, This site is very interest for the internet marketing, click on the link to find the similar article internet marketing”

    The way he just changed subject instantly when there’s all this heated debate, made my morning.

    It’s too early for me to have any kind of opinion on this MBL thing, I haven’t even had my tea yet.

  • Pingback: » Mybloglog is evil - no seriously, it must be! Blog Yack Yack()

  • Whether Shoemoney should have contacted MBL or not is a matter of some debate.

    However the move to ban him seems like a bad PR move and it should have been blindingly obvivous to them in advance.

    However given the blogospheres reaction the only thing they can do is bite the bullet and reinstate him.

    It’s seems much like a the techcrunch uk situation where what might seem a reasonable reaction wasn’t seen as reasonable.

    Seeing how reliant MBL is on its community and the current spate of bad press it would make sense to backtrack.

  • MBL sucks. Yahoo wasted their money buying that POS.

  • C’mon…both you nerds have great pocket protectors. There’s no need to keep arguing over it.

  • Not to keep pouring gas on this fire, but it’s funny that MBL expected an email pointing out the exploit, yet didn’t send Jeremy an email to say “hey dude, we’re going to ban you and here’s why…maybe we can resolve this first”. It does make me wonder a) the MBL guys acted without first checking with Yahoo PR, or b)Jeremy Zawodny put them up to this. 😉 Either, it’s going to make a great case-study for my next talk on reputation management. 😉

  • Your going to boycott a service because they banned someone that was trolling them and posting exploits ?

    lol.. you are really to much.

  • Pingback: WebProNews Video Blog » Blog Archive » MyBlogLog Bans ShoeMoney()

  • rcjordan

    Man, I love to wake up mid-morning to the smell of deep-fat fried linkbait.

    From the TW forum:
    Shoemoney: I would have banned me too. lets move on

    Seems authoritative enough, so I agree.

  • Pingback: MyBlogLog Stirs Drama Over A Banning - Internet Insider Report()

  • I maybe the only one in the blogosphere on the side of MBL

    This is vigilantly justice. He could have found the bugs and told them to MBL but instead he made them public for his own benefit.

    I completely agree with what MBL did. Imagine someone finding a hole in MarketingPilgrim or whoevers blog (or site) and posting it to thousands of people who can use it for their own benefit and not telling you. I’d bet you’d be pretty ticked too.

  • Evan – don’t get me wrong,I empathize with the MBL guys – but they totally overreacted, imposed a policy that didn’t exist, and applied a double standard to the way they went about it (they want emails, but don’t email others).

    Also, this isn’t just about Shoemoney. MBL has really gone down the crapper – sorry Eric, it has – it’s not all their fault, but it’s just not providing any value.

    When bloggers are already starting to gripe about your service, you want to pay special attention to those that have the strongest community following. Pissing them off, is not what you do, when you’re weak.

    As I said, my blogging community is more than just a few pretty avatars, maybe the MBL guys missed that.

  • Was there nothing in there TOS about abuse to the system? If not that is a major oversight by there part.

    Assuming there is…

    I do not agree with the fact that Shoemoney deserved an explanation. It is debatable depending on their TOS and it may have been the correct move from a business aspect but I do not think they did anything wrong. You break the law, you get punished. You speed you get a ticket, you rarely get the chance to justify your lead-foot.

    I assume it was a snap reaction to someone embarrassing them in a public arena. I don’t know many sites who will politely email people who abuse their system, Digg doesnt, Myspace doesnt, facebook doesnt. Not that not doing so makes it right but its a commonly accepted practice.

    However, I do agree that the service has gone down the crapper, honestly I never saw the benefit outside of a stats package but thats a story for another day.

  • As I recall, they don’t have a TOS. It’s on their to-do list. 😉

  • Ok, just deleted my account over there as well.

  • The snowball is rolling down the hill, gaining strength.

    What will MBL do? Stop it, control it, fix it, or let it slide?

    I hope this isn’t MBL’s “dell hell”.

  • Pingback: I Smell an Overreaction in the MyBlogLog vs ShoeMoney Debacle()

  • I’m with another commenter that mentioned his clients like it. Mine too. Two of my clients love it and understand it’s an special infant that will grow to become a 7 foot giant.
    Why didn’t the blogger in question just send the MBL guys a quick note instead of exposing the snags by blogging it?
    Sometimes people are chasing the next scoop too hard I think.

  • Pingback: MyBlogLog Boycott()

  • Pingback: Friday Favorites 2/23/07 - Stuntdubl - Search Engine Marketing Consultant()

  • Pingback: MyBlogLog drops shoe and shoots self in foot! | Weird Asia News()

  • Pingback: MyBlogLog Bans Blogger; Backlash Begins()

  • Pingback: Blog Mirrors » MyBlogLog Bans Blogger; Backlash Begins()

  • Pingback: Bye Bye My Blog Log and Thanks For the Heads Up Shoemoney()

  • Pingback: Removing MyBlogLog()

  • Pingback: » MyBlogLog Bans Blogger; Backlash Begins()

  • Pingback: Taking a Break from MyBlogLog « Keeping Up With the Joneses()

  • It’s interesting seeing folks deleting their accounts as none of the players involved in this saga have?

    Is it a temporary boycott or FOREVER? Because it sure looks to be some fence sitting going on.

    Just seeking clarity – it’s what I do

    L8TR Peeps

  • Pingback: TechCrunch Japanese アーカイブ » MyBlogLogが著名ブロガーの出入りを禁止、高まる反発()

  • Gypsy,

    Well by definition a boycott is temporary. I think a lot of people are also realizing how useless MBL is and just deleting their accounts at the same time.

    Also, some of the “players involved” can’t even login to delete their accounts if they wanted to.

  • L. Bait

    Looks like the linkbait worked.

    Shame on MBL for not having a TOS up yet.

    But is anyone really surprised that they deleted Shoemoney’s account? This is the guy that makes a living off of a shadowy places on web. My guess is that they figured he knew for more than he told the world and/or was about to find more holes in MBL.

    He should’ve sent them an email first instead of trying to show the world just how smart he is. 😉

  • There’s probably 5% of blogonauts who are upset by this, and these tend to be the more prolific writers. The original (?)link-bait item has got the attention it deserved. As they say, there’s no bad news and MBL is probably ahead in visibility because of it.

    For the other 95% of us who are slightly less prolific, there’s a good deal of satisfaction with what MBL delivers. Let’s move on.

  • The Gypsy – it’s a boycott. If if they bring Shoemoney back, I may reinstate. Then again, I’m not exactly missing it. 🙂

  • Thanks for that.. I just felt some folks may be dumping accounts ‘for the cause’ and that more backlash could follow should everyone make up and play nice…

    It is the wierdest of Boycotts tho – I see U online now and both Schoe and Micheal were logged in there yesterday (Schoe’s got a proxy goin? he he)

    How does this work? We simply trash them on our blogs? Boycotting the widget? Do tell….

    I always enjoy watching the ‘pack’ go at it ( good humour as in Pasternack/Calacanis goodness).. it does provide some great entertainment.. he he

    Play Safe – David

  • Andy – delete that last one …

    Correction was that Andy BEARD .. not Beal that I saw… DOH…


  • Pingback: I Banned MyBlogLog » TheMadHat()

  • Pingback: AnAesthetic Media » A Pixeled Revolution - By the User, for the User()

  • Sorry to not have read every comment. But I totally agree with Doug on this one:

    # Doug Karr
    February 22nd, 2007 at 9:09 pm


    “I would be with you if Shoemoney hadn’t have released private info. Seems to me that MyBlogLog was looking out for bloggers and not Shoemoney. Am I wrong on this one?

    By not contacting them, didn’t he put us all at risk?

    I think they did the right thing. The right decision for Shoemoney would have been to report the bug and then take credit for it later, after they closed the loop.”


    I don’t see how any injustice was done to shoemoney. I do not intend to boycott mybloglog over a ban shoemoney got whether or not mybloglog is of any use to me. Let shoemoney fight his own battles. Everyones all in arms just because it is shoemoney. Now don’t get me wrong here. I am not against shoemoney and have actually learned some interesting things from him but he isn’t God and it was a mistake err actually in this case I think it was actually an impassible issue. If I owned/operated mybloglog I don’t think I would have done anything different. When the security of the site is threatened I could care less if your President George Bush your out of here till everything is cleared up. I think the whole thing was handled very well.

    And that is my two cents on it. And PLEASE do not send me letters about it. I don’t need that. Feel free to comment here though.

  • Be careful of your Adsense account (the referral unit at the bottom)
    Is this a statement suggesting that the tracking worries were BS? 😉

    It seems hackbait is better than linkbait, maybe I should setup a hackbaiting service here in Poland.

    How much is an exploit scandal in a web 2.0 service worth?

  • he he – so now what??

    An interesting precedent set tho… publicizing exploits for link bait… they couldn’t have set it up better if they planned it … link love all around…

    I wonder how many folks regret jumping the gun and delteing accounts?

    Man, just too many bandwagons for me…

  • Banning shoemoney was not a good thing to do. Perhaps mybloglog thought they were above everything. What they have to understand is that bloggers all over the world have become a powerful force which could bring a flood of bad publicity your way if you rub them the wrong way.

    Perhaps an apology to shoemoney and as andy puts it a reinstatement of his account is the best thing to do.

    Way to go andy.

  • Pingback: Two Knives » Blog Archive » Enough with the boob avatars, or, aren’t there special sites for that on the world wide web?()

  • Pingback: A Day in the Life » Blog Archive » Shoemoney vs. MBL: How to Wrap a Company Around Your Finger()

  • ian

    Yahoo buying something, then turning it to shit? And that’s news? More like their standard MO.

  • Pingback: MyBlogLog Problems and Recent Drama | Wordpress Tutorials And Blogging Tips()

  • Pingback: This Week In SEO - 2/23/07 - TheVanBlog()

  • Pingback: Thanks, Squidoo! (Shoemoney take note) | On Influence and Automation()

  • My head is still a blur from all this… I miss a couple days at my feed reader and here I am trying to unlock what has happened in the past few days. Is everyone else still boycotting MBL, or are they back in “our” good graces?

  • Mate stand on your own two feet. If you think honestly that they did some horrendous deed then you boycott them but don’t boycott because somebody else is. BTW folks if some of you haven’t guessed. This is a linkbait. Thats right. Controversial content linkbait. And it appears to have worked pretty well.

  • I think the whole fiasco IS the story. I have yet to jump on a bandwagon ( Calcainis/Pasternack/MyBlogLog and others) – and I am starting to get concerned about the Pack Mentality of Internet marketers. It was cute at first, but this is verging on the point of potentially giving the industry a black eye, which is disconcerting to say the least.

  • That’s what User Generated Content is all about. Everyone loves a crowd. However the crowd is only of those who are in this neck of the woods. I don’t see the industry getting a black eye over this, since no one else knows or cares.

  • Now here’s an interesting wrinkle. Go to and see which member you see in the featured spot. All day for me it’s been the same gent in a reflective pose…

    Is this their way of getting back in Shoe’s good books?

  • That’s what I see too. How crass. 🙁

  • I have written enough on this afair. Paul however I think expresses the views of many quite well.

  • Simon – that seems a little too much sucking up.

  • Pingback: ::lemonup:: - News, Technology, sports, cars, movie, video, blog, travel, mp3, picture, computer, notebook » MyBlogLog Bans Blogger; Backlash Begins()

  • Pingback: Ground Round Up: Week of February 19, 2007. Cheers! - Tech Mentat()

  • Pingback: SoloSEO Blog » Nobody Logged Into MyBlogLog Anymore?()

  • Pingback: Maineenhallinta netissä | Nettibisnes.Info()

  • Pingback: Ajax Girl()

  • Pingback:   MyBlogLog Rebranding by Charlotte Web Design()

  • Pingback: techcrunch » Blog Archive » MyBlogLog Bans Blogger; Backlash Begins()

  • He argues that anyone could have looked up the MBL data and that it was hypocritical to expect an email from Shoemoney first (pointing out that notable Yahoo! blogger Jeremy Zawodny didn’t email Andy prior to publicly accusing Andy of being a spammer).

  • Simon – that seems a little too much sucking up.

  • I do not understand what that is about it but I know I do online marketing very well:)

  • Pingback: Thanks, Squidoo! (Shoemoney take note) | Marketing Technology()

  • Pingback: Nobody Logged Into MyBlogLog Anymore? - SoloSEO DIY SEO Tools Blog()