Hong Kong's Zorpia: Is This a Real Social Network or Just a Spammer?

zorpiaI first came across Zorpia a couple months ago, when I got an email saying that a friend -- we'll call him Mike -- had "left me a private message" on the service. That seemed unlikely, but I wrote it off as random spam and forgot about it, until last week when I got a similar email, ostensibly with a private message from my wife. My mother got the same email. I checked with my wife, who admitted she'd clicked a link in an email from Zorpia, but denied ever having set up an account, let alone sent any private messages. Something seemed very odd. I vowed to dig deeper. Zorpia, it turns out, is a startup founded and run by Jeffrey Ng and based in Hong Kong. Launched all the way back in the early days of MySpace, Zorpia began as a social network that would facilitate unlimited photo sharing. Over time, Ng says, it has evolved into a service that's more focused on helping people make new friends (he likens it to a digital bar or a town hall). It has also built up a very substantial base of registered users, growing from just 1.5 million users in 2005 to around 28 million users today, although just one million are monthly active users. Most of those users are in Asia, Ng tells me, and the service is especially popular in India, with over ten million registered users. When I asked about user acquisition, Ng told me the site used a variety of techniques, mostly based around people inviting their friends. I explained about the emails I had gotten from my friend and my wife and asked Ng to explain why I was getting messages from people suggesting they had left me private messages on Zorpia when they clearly hadn't. He told me he'd look into it, and but was never able to satisfactorily explain how that had happened. To get to the bottom of things, it was clear that I needed to sign up for a Zorpia account myself. And so I did. As with all test accounts that I create for work, though, I used none of my real information, opened the account via a browser I don't normally use, and registered using a unique email address created specifically for that test account. Things looked bad pretty much immediately. On the account activation page, I noticed that three hyperlinks users might expect would lead to help pages or a "resend email" prompt actually redirect users to sketchy free-survey sites that seem an awful lot like scams. zorpia-activation-page (Ng confirmed that the links are there intentionally as advertising, but said that Zorpia has no control over what the links lead to as it varies based on the user's geographical location). Once I logged in to my new account, I found another surprise: Zorpia was worried about my password security. A banner across the top of the screen blared that my password was "more than six months old." Given that the password is one I'd never used before and had created only moments before, I was not expecting this. (Ng told me the message appeared to be a bug; however, as of this writing it has not been fixed). But I ignored it because as you can see in the screenshots below, I had two new messages. zorpia-says-password-old copy When I opened my messages, one of them was the boilerplate welcome greeting you'd expect from the Zorpia team. The other was an absolute shock. There sitting in my inbox just a minute after I first opened this account, was a message from my real life friend "Mike": what-how-does-it-know-that That's when I started getting goosebumps. That's also when I double-checked with "Mike" to be sure he hadn't somehow sent me a message -- he hadn't -- but frankly, even if he had wanted to, it should have been impossible. I didn't use my real name, my real email, my usual browser, or any real information about myself when setting up either the Zorpia account or the email account it is attached it. I also hadn't told "Mike" I was planning to set up a test account of my own, and we live thousands of miles apart. It would have been nearly impossible for him to find my account even if he had wanted to in a sea of more than 28 million registered accounts. And of course, when that message was sent, he wasn't using Zorpia anyway. He says he has never used Zorpia. Zorpia CEO Jeffrey Ng told me that this was "very odd," and that he'd have his tech team look into it. While I waited, I was thinking about Occam's razor. How likely was it that some convoluted bug could randomly link two people who actually know each other from among the site's nearly 30 million members? How likely was it that "Mike" could have found my account in the first place even if it was really him sending the message? The simplest explanation seemed to be that somehow (possibly through my IP address, which I foolishly forgot to obscure), Zorpia had linked my test account to my real identity, and then confirmed that I knew "Mike" through the access it apparently has to his email contacts list. When Ng got back to me, he confirmed that that was indeed what had happened. Although I was using a separate browser to do everything related to Zorpia, I did load the "confirm account" page with my default browser once by accident because it is what opened when I clicked the account activation link. Previously, I had used the same browser only to unsubscribe from Zorpia emails -- I have no Zorpia account -- but nevertheless Zorpia apparently used the cookies from that interaction to connect my real identity (and thus my friendship with "Mike") to my new test account. Ng told me that when a friend joins, the system automatically sends them a private message from their friends already on Zorpia welcoming them. So, even though my new email couldn't possibly have been listed in "Mike's" contacts, his account automatically sent me a private message without his knowledge simply because I happened to once use a browser that once previously had been associated with unsubscribing from the spam emails Zorpia was sending me on his behalf. After he explained this, even Ng admitted that this was a bit beyond the pale:

We do realize this comes off as creepy and poses a potential security threat to the user. Therefore we have disabled Zorpia from using cookie to store friend relationships already.
But he still wasn't able to explain how Mike's contacts -- and my wife's -- got into Zorpia in the first place. Both deny having intentionally provided them to the service, and while Ng stops short of calling either of them a liar, he doesn't seem to be able to explain how it could have happened otherwise:
From your friends' experience, it seems like they simply do not recall they have added any friends on Zorpia. We will review our process and address this issue.
My friends are not the only ones having a similar experience though. Although PandoDaily covered the startup last year and didn't mention the problems it seems to have with emailing people who aren't signed up for it, there are complaints about this dating back to 2009 at least. Each of the words in the previous sentence links to a different person complaining about being auto-enrolled in Zorpia or having their contacts list spammed by the service, and I found all of these quite easily and quickly via Google (where there are plenty more to be found if you want to go hunting). It seems like an awful lot of people have the same apparent amnesia Ng is suggesting my friends have when it comes to handing their contact list over to Zorpia. Ultimately, though, the only way to be sure was to do another, more complicated test. After deleting all the cookies in both my browsers, I connected to my VPN (to obscure my IP) and opened up two new gmail and Facebook accounts, called 'Zorpia Test1' and 'Zorpia Test2'. I made sure that the two were friends, and had a history of emailing back and forth. Then, I signed Zorpia Test1 up for a Zorpia account. I authenticated this account using both the Zorpia Test1 Facebook and Zorpia Test1 gmail accounts, but I never invited any friends (Ng had told me that all non-user friends needed to be invited manually by the user). I loaded the Zorpia "Add Friends" section once to be sure that the social network saw my connection with the 'Zorpia Test2' account, but I unchecked the name and backed out of the "add friends" dialog. I did not invite the Zorpia Test2 account as a friend or sign it up for a Zorpia account. Then, I waited. And sure enough, within a couple days, the Zorpia Test2 account was getting messages from Zorpia. In fact, the Zorpia Test2 account somehow acquired its own Zorpia account! In the email below, you can see the welcome message I received about an account I never signed up for, using a username that defied the naming conventions I had set up for this test. screen For me, the question of whether Zorpia is a real social network has been more or less put to bed. For a ten-year-old social network, there are simply way too many "bugs" here, and almost all of these "bugs" seem to result in non-users getting messages aimed at tricking them into joining the network. If years of online complaints haven't changed the company's ways, it's unlikely this article will be any different. So, unfortunately, I've got to say this: if you're getting messages from Zorpia, your best bet is to click "mark as spam" and move on with your life. Zorpia, from what I can tell, is less a social network and more a mirage, an illusion designed to cajole and trick you into visiting so it can earn a few cents more from its ubiquitous advertisements. Abandon all hope, ye who enter here. This is social networking hell.
The post Hong Kong's Zorpia: Is This a Real Social Network or Just a Spammer? appeared first on Tech in Asia.

Editor’s note:Yahoo Philippines encourages responsible comments that add dimension to the discussion. No bashing or hate speech, please. You can express your opinion without slamming others or making derogatory remarks.

  • New law to allow Japan to supply U.S. military in South China Sea, say officials
    New law to allow Japan to supply U.S. military in South China Sea, say officials

    By Nobuhiro Kubo and Tim Kelly TOKYO (Reuters) - Prime Minister Shinzo Abe's plans to expand Japan's non-combat role in armed conflicts beyond "areas around Japan" could see Tokyo becoming dragged into action in the South China Sea in support of U.S. forces, government and ruling party sources say. Abe will send legislation to parliament next month - with the backing of his coalition partners virtually assuring its passage - allowing Japan to ship fuel and ammunition to American units …

  • Philippines accuses China of turning water cannon on its fishing boats

    Filipino activists denounced China's coast guard on Tuesday for turning water cannon on Philippine fishing boats in disputed waters, near where hundreds of Filipino and American Marines landed on a beach in a mock assault. The presidential palace in Manila said China's coast guard used water cannon on Monday to drive away a group of Filipino fishermen at Scarborough Shoal, damaging some of their wooden boats. …

  • U.S. says if China used water cannons on Philippine boats, would be provocative'

    The U.S. State Department said on Tuesday that if reports that China used water cannon son Philippine fishing boats in disputed waters are accurate, it would be a provocative step. Filipino activists have accused China's coast guard of turning water cannons on civilian boats in the disputed area on Monday. …

  • Pacmania sweeps Philippines ahead of Mayweather clash
    Pacmania sweeps Philippines ahead of Mayweather clash

    Manny Pacquiao's face is on shirts, dolls and postage stamps, his life story is playing in movie houses and millions are getting ready to party as the Philippine boxing hero's "fight of the century" nears. Pacmania is sweeping the Southeast Asian nation of 100 million people ahead of the May 2 Las Vegas bout against unbeaten Floyd Mayweather to decide who is the best boxer of their generation. Of course, it's the fight of the century," Manila film producer Lucky Blanco told AFP. …

  • ‘Racist remark vs Pinays not reflective of HK sentiment’
    ‘Racist remark vs Pinays not reflective of HK sentiment’

    The Philippine consulate general in Hong Kong believes that the “racist” statement of legislator Regina Ip against Filipina domestic helpers in Hong Kong is not reflective of the general sentiments of the Hong Kong community. Hong Kong is home to more than 173,00 Filipinos working mostly as household service workers. “They have left their loved ones back home to earn a decent living taking care of Hong Kong families. This, in turn, has engendered positive impact on both the quality of life …

  • SWS: Gov’t rating sinks to record low
    SWS: Gov’t rating sinks to record low

    “The Aquino administration is firmly determined to carry on and complete priority programs in all five pillars of the Philippine development plan, to ensure that reforms will be sustained by strengthened public institutions, to tread the righteous path and ensure that good governance becomes the norm at all levels of government, and to sustain and make permanent the gains from the transformation of mindsets and institutions,” Coloma added. Lawmakers expressed belief yesterday that the Aquino …

  • ‘Pacmania’ sweeping the nation
    ‘Pacmania’ sweeping the nation

    Manny Pacquiao’s face is on shirts, dolls and postage stamps, his life story is playing in movie houses, and millions are getting ready to party as the Philippine boxing hero’s “fight of the century” nears. Pacmania is sweeping the nation of 100 million people ahead of the May 2 Las Vegas bout against unbeaten Floyd Mayweather Jr. to decide who is the best boxer of their generation. …

  • House committee to put Bangsamoro police under PNP
    House committee to put Bangsamoro police under PNP

    The House ad hoc committee on the proposed Bangsamoro Basic Law (BBL) will put police forces in the envisioned new autonomous Muslim region under the Philippine National Police (PNP), and not under the regional chief minister. “We will delete the provision in the draft BBL giving the chief minister operational, administrative and disciplinary control over police forces in the region,” Cagayan de Oro City Rep. Rufus Rodriguez, committee chairman, said in a television interview. He said under …


Should Aquino be held accountable over the Mamasapano operations?

Poll Choice Options