Hong Kong's Zorpia: Is This a Real Social Network or Just a Spammer?

zorpiaI first came across Zorpia a couple months ago, when I got an email saying that a friend -- we'll call him Mike -- had "left me a private message" on the service. That seemed unlikely, but I wrote it off as random spam and forgot about it, until last week when I got a similar email, ostensibly with a private message from my wife. My mother got the same email. I checked with my wife, who admitted she'd clicked a link in an email from Zorpia, but denied ever having set up an account, let alone sent any private messages. Something seemed very odd. I vowed to dig deeper. Zorpia, it turns out, is a startup founded and run by Jeffrey Ng and based in Hong Kong. Launched all the way back in the early days of MySpace, Zorpia began as a social network that would facilitate unlimited photo sharing. Over time, Ng says, it has evolved into a service that's more focused on helping people make new friends (he likens it to a digital bar or a town hall). It has also built up a very substantial base of registered users, growing from just 1.5 million users in 2005 to around 28 million users today, although just one million are monthly active users. Most of those users are in Asia, Ng tells me, and the service is especially popular in India, with over ten million registered users. When I asked about user acquisition, Ng told me the site used a variety of techniques, mostly based around people inviting their friends. I explained about the emails I had gotten from my friend and my wife and asked Ng to explain why I was getting messages from people suggesting they had left me private messages on Zorpia when they clearly hadn't. He told me he'd look into it, and but was never able to satisfactorily explain how that had happened. To get to the bottom of things, it was clear that I needed to sign up for a Zorpia account myself. And so I did. As with all test accounts that I create for work, though, I used none of my real information, opened the account via a browser I don't normally use, and registered using a unique email address created specifically for that test account. Things looked bad pretty much immediately. On the account activation page, I noticed that three hyperlinks users might expect would lead to help pages or a "resend email" prompt actually redirect users to sketchy free-survey sites that seem an awful lot like scams. zorpia-activation-page (Ng confirmed that the links are there intentionally as advertising, but said that Zorpia has no control over what the links lead to as it varies based on the user's geographical location). Once I logged in to my new account, I found another surprise: Zorpia was worried about my password security. A banner across the top of the screen blared that my password was "more than six months old." Given that the password is one I'd never used before and had created only moments before, I was not expecting this. (Ng told me the message appeared to be a bug; however, as of this writing it has not been fixed). But I ignored it because as you can see in the screenshots below, I had two new messages. zorpia-says-password-old copy When I opened my messages, one of them was the boilerplate welcome greeting you'd expect from the Zorpia team. The other was an absolute shock. There sitting in my inbox just a minute after I first opened this account, was a message from my real life friend "Mike": what-how-does-it-know-that That's when I started getting goosebumps. That's also when I double-checked with "Mike" to be sure he hadn't somehow sent me a message -- he hadn't -- but frankly, even if he had wanted to, it should have been impossible. I didn't use my real name, my real email, my usual browser, or any real information about myself when setting up either the Zorpia account or the email account it is attached it. I also hadn't told "Mike" I was planning to set up a test account of my own, and we live thousands of miles apart. It would have been nearly impossible for him to find my account even if he had wanted to in a sea of more than 28 million registered accounts. And of course, when that message was sent, he wasn't using Zorpia anyway. He says he has never used Zorpia. Zorpia CEO Jeffrey Ng told me that this was "very odd," and that he'd have his tech team look into it. While I waited, I was thinking about Occam's razor. How likely was it that some convoluted bug could randomly link two people who actually know each other from among the site's nearly 30 million members? How likely was it that "Mike" could have found my account in the first place even if it was really him sending the message? The simplest explanation seemed to be that somehow (possibly through my IP address, which I foolishly forgot to obscure), Zorpia had linked my test account to my real identity, and then confirmed that I knew "Mike" through the access it apparently has to his email contacts list. When Ng got back to me, he confirmed that that was indeed what had happened. Although I was using a separate browser to do everything related to Zorpia, I did load the "confirm account" page with my default browser once by accident because it is what opened when I clicked the account activation link. Previously, I had used the same browser only to unsubscribe from Zorpia emails -- I have no Zorpia account -- but nevertheless Zorpia apparently used the cookies from that interaction to connect my real identity (and thus my friendship with "Mike") to my new test account. Ng told me that when a friend joins, the system automatically sends them a private message from their friends already on Zorpia welcoming them. So, even though my new email couldn't possibly have been listed in "Mike's" contacts, his account automatically sent me a private message without his knowledge simply because I happened to once use a browser that once previously had been associated with unsubscribing from the spam emails Zorpia was sending me on his behalf. After he explained this, even Ng admitted that this was a bit beyond the pale:

We do realize this comes off as creepy and poses a potential security threat to the user. Therefore we have disabled Zorpia from using cookie to store friend relationships already.
But he still wasn't able to explain how Mike's contacts -- and my wife's -- got into Zorpia in the first place. Both deny having intentionally provided them to the service, and while Ng stops short of calling either of them a liar, he doesn't seem to be able to explain how it could have happened otherwise:
From your friends' experience, it seems like they simply do not recall they have added any friends on Zorpia. We will review our process and address this issue.
My friends are not the only ones having a similar experience though. Although PandoDaily covered the startup last year and didn't mention the problems it seems to have with emailing people who aren't signed up for it, there are complaints about this dating back to 2009 at least. Each of the words in the previous sentence links to a different person complaining about being auto-enrolled in Zorpia or having their contacts list spammed by the service, and I found all of these quite easily and quickly via Google (where there are plenty more to be found if you want to go hunting). It seems like an awful lot of people have the same apparent amnesia Ng is suggesting my friends have when it comes to handing their contact list over to Zorpia. Ultimately, though, the only way to be sure was to do another, more complicated test. After deleting all the cookies in both my browsers, I connected to my VPN (to obscure my IP) and opened up two new gmail and Facebook accounts, called 'Zorpia Test1' and 'Zorpia Test2'. I made sure that the two were friends, and had a history of emailing back and forth. Then, I signed Zorpia Test1 up for a Zorpia account. I authenticated this account using both the Zorpia Test1 Facebook and Zorpia Test1 gmail accounts, but I never invited any friends (Ng had told me that all non-user friends needed to be invited manually by the user). I loaded the Zorpia "Add Friends" section once to be sure that the social network saw my connection with the 'Zorpia Test2' account, but I unchecked the name and backed out of the "add friends" dialog. I did not invite the Zorpia Test2 account as a friend or sign it up for a Zorpia account. Then, I waited. And sure enough, within a couple days, the Zorpia Test2 account was getting messages from Zorpia. In fact, the Zorpia Test2 account somehow acquired its own Zorpia account! In the email below, you can see the welcome message I received about an account I never signed up for, using a username that defied the naming conventions I had set up for this test. screen For me, the question of whether Zorpia is a real social network has been more or less put to bed. For a ten-year-old social network, there are simply way too many "bugs" here, and almost all of these "bugs" seem to result in non-users getting messages aimed at tricking them into joining the network. If years of online complaints haven't changed the company's ways, it's unlikely this article will be any different. So, unfortunately, I've got to say this: if you're getting messages from Zorpia, your best bet is to click "mark as spam" and move on with your life. Zorpia, from what I can tell, is less a social network and more a mirage, an illusion designed to cajole and trick you into visiting so it can earn a few cents more from its ubiquitous advertisements. Abandon all hope, ye who enter here. This is social networking hell.
The post Hong Kong's Zorpia: Is This a Real Social Network or Just a Spammer? appeared first on Tech in Asia.
Loading...

Editor’s note:Yahoo Philippines encourages responsible comments that add dimension to the discussion. No bashing or hate speech, please. You can express your opinion without slamming others or making derogatory remarks.

  • Sandigan OKs hospital stay for GMA co-accused
    Sandigan OKs hospital stay for GMA co-accused

    The Sandiganbayan has allowed a government official, accused with plunder along with former President and now Pampanga Rep. Gloria Macapagal-Arroyo to undergo a medical procedure at a hospital tomorrow. The anti-graft court permitted former Philippine Charity Sweepstakes Office (PCSO) board member Benigno Aguas to undergo a cardiopulmonary/endocrine clearance at the St. Luke’s Medical Center in Quezon City. …

  • Sandigan recommends executive clemency for ex-envoy
    Sandigan recommends executive clemency for ex-envoy

    The Sandiganbayan has recommended executive clemency for a former Philippine ambassador to Nigeria who was sentenced to 52 years for malversation of public funds. The Sandiganbayan First Division found Masaranga Umpa guilty of misusing the Assistance-To-Nationals Stand-by Funds totaling $80,478.80 in 2007, but the anti-graft court said the former assemblyman from Lanao del Norte should be pardoned. …

  • Stargazing at the mall highlights Earth Hour
    Stargazing at the mall highlights Earth Hour

    It was a night of stargazing in 58 SM Supermalls all over the country last night as these establishments participated in Earth Hour, an annual worldwide movement encouraging communities and establishments to switch off lights for one hour to raise global awareness of overuse of non-renewable resources. The Philippines has been an active participant of Earth Hour since 2008. Last night, in the province of Bulacan, for instance, all parishes, diocesan institutions, schools and household …

  • Payanig privatization hit
    Payanig privatization hit

    BLEMP Commercial of the Philippines, Inc. (BLEMP) denounced the recent announcement of the Presidential Commission on Good Government (PCGG) to privatize the 18.4-hectare “Payanig sa Pasig” property. In a statement sent to The STAR, BLEMP lawyer Dennis Manalo said the PCGG has no right to auction the property because it has no valid title and is not in possession. The PCGG has not paid a single centavo in real property taxes for the property, he said. He narrated that it was in the early 70s …

  • New species of tarantula found
    New species of tarantula found

    Scientists from the Museum of Natural History (MNH) of the University of the Philippines-Los Baños have discovered a new species of cave-dwelling tarantula on an island off the coast of Quezon. The new species of the spider, Phlogiellus kwebaburdeos, was described in the recent issue of the Philippine Journal of Systematic Biology by MNH curators for spiders Aimee Lynn Dupo and Alberto Barrion along with their former student Joseph Rasalan. The tarantula was discovered by Rasalan during one …

  • Palm Sunday: Do not add to suffering of others
    Palm Sunday: Do not add to suffering of others

    As Christendom enters Holy Week today, Palm Sunday, an official of the Catholic Bishops’ Conference of the Philippines (CBCP) yesterday called on the faithful not to add to the sufferings of their fellowmen. Jerome Secillano, executive secretary of the CBCP-Episcopal Commission on Public Affairs (ECPA), said that while Palm Sunday is oftentimes remembered as the glorious arrival of Jesus Christ in Jerusalem, it also signals the start of the Holy Week that tells of His suffering, death and …

  • Miriam pushes tougher graft law
    Miriam pushes tougher graft law

    Sen. Miriam Defensor-Santiago has filed a bill that would make public officials liable for violations of the Anti-Graft and Corrupt Practices Act even if they are elected to a fresh term or a new position. In filing Senate Bill 2716, Santiago sought to address what she said was the doctrine of condonation in Philippine jurisprudence brought about by the 2010 case of Salumbides vs. Ombudsman. “By merely asserting the doctrine of condonation, erring elective officials are automatically given a …

  • Phl hits back at China over sea infra work
    Phl hits back at China over sea infra work

    The Philippines assailed China yesterday for contesting Manila’s planned repair and maintenance works on some islands in the West Philippine Sea, saying they are “in no way comparable” to the Asian power’s massive reclamation activities which are in violation of international laws. “The Philippines’ possible undertaking of necessary maintenance and repairs on its existing facilities in the West Philippine Sea, over which the Philippines rightfully exercises sovereignty, sovereign rights and …

POLL

Should Aquino be held accountable over the Mamasapano operations?

Loading...
Poll Choice Options