Hong Kong's Zorpia: Is This a Real Social Network or Just a Spammer?

zorpiaI first came across Zorpia a couple months ago, when I got an email saying that a friend -- we'll call him Mike -- had "left me a private message" on the service. That seemed unlikely, but I wrote it off as random spam and forgot about it, until last week when I got a similar email, ostensibly with a private message from my wife. My mother got the same email. I checked with my wife, who admitted she'd clicked a link in an email from Zorpia, but denied ever having set up an account, let alone sent any private messages. Something seemed very odd. I vowed to dig deeper. Zorpia, it turns out, is a startup founded and run by Jeffrey Ng and based in Hong Kong. Launched all the way back in the early days of MySpace, Zorpia began as a social network that would facilitate unlimited photo sharing. Over time, Ng says, it has evolved into a service that's more focused on helping people make new friends (he likens it to a digital bar or a town hall). It has also built up a very substantial base of registered users, growing from just 1.5 million users in 2005 to around 28 million users today, although just one million are monthly active users. Most of those users are in Asia, Ng tells me, and the service is especially popular in India, with over ten million registered users. When I asked about user acquisition, Ng told me the site used a variety of techniques, mostly based around people inviting their friends. I explained about the emails I had gotten from my friend and my wife and asked Ng to explain why I was getting messages from people suggesting they had left me private messages on Zorpia when they clearly hadn't. He told me he'd look into it, and but was never able to satisfactorily explain how that had happened. To get to the bottom of things, it was clear that I needed to sign up for a Zorpia account myself. And so I did. As with all test accounts that I create for work, though, I used none of my real information, opened the account via a browser I don't normally use, and registered using a unique email address created specifically for that test account. Things looked bad pretty much immediately. On the account activation page, I noticed that three hyperlinks users might expect would lead to help pages or a "resend email" prompt actually redirect users to sketchy free-survey sites that seem an awful lot like scams. zorpia-activation-page (Ng confirmed that the links are there intentionally as advertising, but said that Zorpia has no control over what the links lead to as it varies based on the user's geographical location). Once I logged in to my new account, I found another surprise: Zorpia was worried about my password security. A banner across the top of the screen blared that my password was "more than six months old." Given that the password is one I'd never used before and had created only moments before, I was not expecting this. (Ng told me the message appeared to be a bug; however, as of this writing it has not been fixed). But I ignored it because as you can see in the screenshots below, I had two new messages. zorpia-says-password-old copy When I opened my messages, one of them was the boilerplate welcome greeting you'd expect from the Zorpia team. The other was an absolute shock. There sitting in my inbox just a minute after I first opened this account, was a message from my real life friend "Mike": what-how-does-it-know-that That's when I started getting goosebumps. That's also when I double-checked with "Mike" to be sure he hadn't somehow sent me a message -- he hadn't -- but frankly, even if he had wanted to, it should have been impossible. I didn't use my real name, my real email, my usual browser, or any real information about myself when setting up either the Zorpia account or the email account it is attached it. I also hadn't told "Mike" I was planning to set up a test account of my own, and we live thousands of miles apart. It would have been nearly impossible for him to find my account even if he had wanted to in a sea of more than 28 million registered accounts. And of course, when that message was sent, he wasn't using Zorpia anyway. He says he has never used Zorpia. Zorpia CEO Jeffrey Ng told me that this was "very odd," and that he'd have his tech team look into it. While I waited, I was thinking about Occam's razor. How likely was it that some convoluted bug could randomly link two people who actually know each other from among the site's nearly 30 million members? How likely was it that "Mike" could have found my account in the first place even if it was really him sending the message? The simplest explanation seemed to be that somehow (possibly through my IP address, which I foolishly forgot to obscure), Zorpia had linked my test account to my real identity, and then confirmed that I knew "Mike" through the access it apparently has to his email contacts list. When Ng got back to me, he confirmed that that was indeed what had happened. Although I was using a separate browser to do everything related to Zorpia, I did load the "confirm account" page with my default browser once by accident because it is what opened when I clicked the account activation link. Previously, I had used the same browser only to unsubscribe from Zorpia emails -- I have no Zorpia account -- but nevertheless Zorpia apparently used the cookies from that interaction to connect my real identity (and thus my friendship with "Mike") to my new test account. Ng told me that when a friend joins, the system automatically sends them a private message from their friends already on Zorpia welcoming them. So, even though my new email couldn't possibly have been listed in "Mike's" contacts, his account automatically sent me a private message without his knowledge simply because I happened to once use a browser that once previously had been associated with unsubscribing from the spam emails Zorpia was sending me on his behalf. After he explained this, even Ng admitted that this was a bit beyond the pale:

We do realize this comes off as creepy and poses a potential security threat to the user. Therefore we have disabled Zorpia from using cookie to store friend relationships already.
But he still wasn't able to explain how Mike's contacts -- and my wife's -- got into Zorpia in the first place. Both deny having intentionally provided them to the service, and while Ng stops short of calling either of them a liar, he doesn't seem to be able to explain how it could have happened otherwise:
From your friends' experience, it seems like they simply do not recall they have added any friends on Zorpia. We will review our process and address this issue.
My friends are not the only ones having a similar experience though. Although PandoDaily covered the startup last year and didn't mention the problems it seems to have with emailing people who aren't signed up for it, there are complaints about this dating back to 2009 at least. Each of the words in the previous sentence links to a different person complaining about being auto-enrolled in Zorpia or having their contacts list spammed by the service, and I found all of these quite easily and quickly via Google (where there are plenty more to be found if you want to go hunting). It seems like an awful lot of people have the same apparent amnesia Ng is suggesting my friends have when it comes to handing their contact list over to Zorpia. Ultimately, though, the only way to be sure was to do another, more complicated test. After deleting all the cookies in both my browsers, I connected to my VPN (to obscure my IP) and opened up two new gmail and Facebook accounts, called 'Zorpia Test1' and 'Zorpia Test2'. I made sure that the two were friends, and had a history of emailing back and forth. Then, I signed Zorpia Test1 up for a Zorpia account. I authenticated this account using both the Zorpia Test1 Facebook and Zorpia Test1 gmail accounts, but I never invited any friends (Ng had told me that all non-user friends needed to be invited manually by the user). I loaded the Zorpia "Add Friends" section once to be sure that the social network saw my connection with the 'Zorpia Test2' account, but I unchecked the name and backed out of the "add friends" dialog. I did not invite the Zorpia Test2 account as a friend or sign it up for a Zorpia account. Then, I waited. And sure enough, within a couple days, the Zorpia Test2 account was getting messages from Zorpia. In fact, the Zorpia Test2 account somehow acquired its own Zorpia account! In the email below, you can see the welcome message I received about an account I never signed up for, using a username that defied the naming conventions I had set up for this test. screen For me, the question of whether Zorpia is a real social network has been more or less put to bed. For a ten-year-old social network, there are simply way too many "bugs" here, and almost all of these "bugs" seem to result in non-users getting messages aimed at tricking them into joining the network. If years of online complaints haven't changed the company's ways, it's unlikely this article will be any different. So, unfortunately, I've got to say this: if you're getting messages from Zorpia, your best bet is to click "mark as spam" and move on with your life. Zorpia, from what I can tell, is less a social network and more a mirage, an illusion designed to cajole and trick you into visiting so it can earn a few cents more from its ubiquitous advertisements. Abandon all hope, ye who enter here. This is social networking hell.
The post Hong Kong's Zorpia: Is This a Real Social Network or Just a Spammer? appeared first on Tech in Asia.

Editor’s note:Yahoo Philippines encourages responsible comments that add dimension to the discussion. No bashing or hate speech, please. You can express your opinion without slamming others or making derogatory remarks.

  • Philippines to fly over disputed South China Sea: Aquino
    Philippines to fly over disputed South China Sea: Aquino

    Philippine military and commercial aircraft will keep flying over disputed areas in the South China Sea despite Chinese warnings over the airspace, President Benigno Aquino said on Monday. "We will still fly the routes that we fly based on the international law from the various conventions we entered into," Aquino told reporters when asked whether the Philippines accepted China's position. The Chinese military last week ordered a US Navy P-8 Poseidon surveillance plane away from airspace …

  • Mitsubishi reaches out to far-flung Batad community
    Mitsubishi reaches out to far-flung Batad community

    A “Dadbod” is a newly coined term now trending in media. It was introduced to the world by Clemson University sophomore Mackenzie Pearson as she refers to any man—father or bachelor—with a physique that’s a “nice balance between a beer gut and working out.” “It’s more human, natural, and attractive,” she adds. For this writer, […] The post Mitsubishi reaches out to far-flung Batad community appeared first on Carmudi Philippines. …

  • Aquino: Philippines to fly usual routes over disputed reefs

    MANILA, Philippines (AP) — Philippine aircraft will continue to fly their usual routes over disputed reefs in the South China Sea, the country's president said Monday, defying China's challenges to its planes and those of the United States. …

  • A weekend of premium cars
    A weekend of premium cars

    Good news to all luxury car fanatics as PGA Cars, the exclusive importer and distributor of Audi, Porsche, Lamborghini and Bentley cars in the country, will be holding the PGA Cars Premium Festival from May 29 to May 31 at the PGA Center in Global City in Taguig. The 3-day event will showcase PGA’s latest […] The post A weekend of premium cars appeared first on Carmudi Philippines. …

  • APEC ministers to endorse Boracay Action Agenda
    APEC ministers to endorse Boracay Action Agenda

    Trade ministers at the Asia-Pacific Economic Cooperation (APEC) meeting in Boracay, Aklan agreed yesterday to endorse the proposed Boracay Action Agenda to the member countries’ leaders, presenting opportunities for global trade for micro, small and medium enterprises (MSMEs). In a press conference following the conclusion of the APEC Ministers Responsible for Trade Meeting, Trade Secretary Gregory Domingo, who also served as chairman, said ministers agreed to recommend the adoption of the …

  • Talks with China over sea row urged
    Talks with China over sea row urged

    The Philippines should engage China in bilateral talks in its efforts to maintain peace and order at the disputed West Philippine Sea, Sen. Francis Escudero said yesterday. Escudero supports the government’s move to bring the issue before international arbitration but also stressed the need for the Philippines to pursue talks with China. Escudero made the statement after UN Secretary General Ban Ki-moon on Friday called for a peaceful solution to territorial disputes in the South China Sea. …

  • House panel tackles bill on regular disaster drills
    House panel tackles bill on regular disaster drills

    The House committee on national defense is deliberating on a measure mandating the regular conduct of disaster risk reduction drills in educational institutions nationwide. Authored by Camarines Sur Rep. Rolando Andaya Jr., the bill mandates that risk reduction drills be held annually in all educational institutions throughout the country in coordination with the schools’ respective local government units. “The Philippines’ location along the Pacific Ring of Fire and close to the equator …

  • PCSO running out of funds
    PCSO running out of funds

    Philippine Charity Sweepstakes Office (PCSO) chairman Ireneo Maliksi has admitted that the revenue-generating agency is running out of funds as it continues with its mandate to provide financial assistance to indigent Filipinos. Aside from providing financial help to individual recipients, Maliksi cited at least 13 laws that mandates the PCSO to provide mandatory contribution to different government agencies. Just last week, PCSO released P100 million to the Commission on Higher Education as …


Should Aquino be held accountable over the Mamasapano operations?

Poll Choice Options