Designed For Good, Used For Evil
I started noticing recently a few web sites in my referrer logs that mentioned Surf Junky. I had no idea what Surf Junky was so I opened the sites to see what they were talking about and why they were linking to chrispederick.com. It turns out that Surf Junky is a service that pays you to surf the web. It works by popping up advertisements every 30 seconds and you can earn up to 75 cents an hour.
Now 75 cents an hour does not seem like much, but if you use the service 24 hours a day, seven days a week it can total over $500 a month. This, however, would require closing the popup ads every 30 seconds and so people have been looking for ways to scam the system and this is where my site comes in.
Apparently, the Surf Junky popup ads can be blocked using Firefox and because of this Surf Junky now block this browser. However, with my User Agent Switcher extension you can fool them into thinking that you are browsing with Internet Explorer. Combine this with an extension that reloads the page on a regular basis and you have a pretty efficient way of abusing the Surf Junky system.
Let me make it clear that I am not condoning or recommending the use of this technique in any way, but it does raise a couple of interesting points.
Firstly, there has already been an article about the possibility of the Web Developer extension getting me into trouble by “inducing” people to reverse-engineer a website’s functionality. If anything the Surf Junky situation appears more serious, as in this case it is directly taking revenue from the company. Is it beyond the realm of possibility that Surf Junky may look not only to take action against the individuals that are trying to abuse their system, but also against the software that is helping those individuals?
And what about the role that extensions are going to play as Firefox becomes more and more popular. There are already extensions that change specific web sites—such as BetterSearch that “enhances search engines”—as well as extensions that allow the changing of any web site—such as GreaseMonkey that allows “you to add user scripts to any web page to change it’s behavior”. We have already seen strong opinions—both for and against—about the AutoLink feature in Google’s new toolbar. How will companies feel as they hear more and more about extensions that allow everything from the design to the behavior of their web sites to be changed?
Judging by the numbers in my referrer logs it does not take much for people to look for ways to exploit the revenue model of a web site. Of course, this is nothing new as there have always been programs designed to exploit systems, but the ease with which Firefox extensions can be created and the growing popularity of the browser could make unethical extensions easier to both create and distribute.
Extensions that are designed purely for “evil” purposes should be simple enough to target and the authors prosecuted, but what about those—such as User Agent Switcher—that are designed for legitimate uses and are then used (possibly in conjunction with other genuine extensions) to exploit a web site? Will we begin to see companies apply legal pressure to the authors of such honest extensions?
Only time will tell.
Update: CNET News.com discusses this topic focusing on the GreaseMonkey extension and the possibility of malicious scripts.