An Open Letter to Shareaholic

[UPDATES] Shareaholic has been making changes. See bottom of this post for ALL updates as I realize them!!

This post is in response to Shareaholic’s VP of Product David Zakur, who posted a “clarification” of things I’ve previously reported here and here. I responded directly to his post, but my comment was deleted. You can read my on-the-fly response to it at Reddit. You can also read my email response to David after he first reached out to talk to me, then opted to ignore what I had to say. Shareaholic is also known as “Sexy Bookmarks”.

Dear Shareaholic:

I understand you want to protect your company, its advisers and its investors. Unfortunately, the “clarification” posted at your blog on Friday is inaccurate.

I’d like to say that I think you miss the point of all the issues reported. However, Shareaholic’s staff and board are not made up of idiots. There is a great deal of talent and business sense in all of them. To think they had no idea users would be upset about their actions is absurd.

Allow me to clarify your “clarifications”.

Your Affiliate Links App does hijack links for anyone who is not aware of the feature, as well as anyone who does not give you permission to rewrite links for monetization.

The definition of hijacking is to take control of something that is not yours to take control of. In respect to people’s websites using your service, you took control of a communication (outbound link) in order to use it for a different purpose (monetization). It matters not if you plan to share the revenue with the owner of the site. If he did not give you permission to do this, you have zero business having that function turned ON by default.

Why does Shareaholic offer affiliate linking? Many publisher sites reference and link to products in the body of their content. Shareaholic is able to leverage partnerships with these merchants that compensates publishers for sending qualified traffic to e-commerce sites, and a user clicks on that link and purchases an item. What do I need to do? You don’t have to do anything. This service is enabled by default, and no new code is required. — Your own site explains that the feature is turned on by default.

By the way, if you just despise the word “hijack”, a reddit user recommended the term “bait and switch”.

It is your own fault you couldn’t notify users. And those users should not have been affected.

Let’s be honest, here. The expectation of people reading a blog or twitter account to find out that a feature you now offer is already active on one’s site is ridiculous. The reason you couldn’t notify your users is because you failed to collect their email addresses. Seriously, if Google, YouTube, Facebook, heck even WordPress itself, can find a means to send email to all their users, so could you.

As for your excuse for not notifying even the majority of your users, it falls short. I can understand making a judgment call on how to get the message to your customers, but certainly not turning that feature on by default. You gave any user not interested in advanced features no reason to give you their email address, because you turned services on without them approving you to do so.

Shareaholic's Plugin Admin Screen as of 09/28/2014 — Plugin Admin Screen (version 7.6.0.1) specifically states that you need to create an account to unlock features like floating buttons and monetization.

The plugin configuration screen tells users to create an account (which requires an email address) in order to unlock monetization. However, users who never created an account still got this feature, ON by default.

The description of your plugin says NOTHING about Affiliate Links.

In fact, the description doesn’t include the words “money” or “monetization” anywhere.

Shareaholic plugin description as of 09/28/14 — Shareaholic plugin description (as of 09/28/14) says nothing about monetization. This is advertised as a social sharing, related content and analytics app. Nothing more.

Your own website, as of 09/28/14, does not tout Shareaholic as a “monetization” service.

Screenshot from Shareaholic's Web Site — As of 09/28/14, monetization isn’t mentioned at your landing page.

Admittedly, if you click to “learn more” about related content, there is a mention of making money there, but that refers to promoted content within the related content grid.

Shareaholic's Related Content Landing Page — Shareaholic’s Related Content Landing Page (as of 09/28/14)

You violate your own Terms of Service, as well as VigLink’s.

Nowhere in your TOS does it even talk about these monetization features. As of 09.28.14, your TOS does not include the terms: revenue, money, monetization, earnings, or link rewriting. Furthermore, the only mention of the term “affiliate” deals with your requirement for users to disclose information to their readers (yet does not say why), and references to users not holding you or your affiliates responsible for certain problems. The only section that covers your permission to “adapt” content is content users post specifically at the Shareaholic blog, message board and site review forums. The TOS does not grant you permission to modify any content on a user’s site, and link rewriting is a modification.

I spoke with Josh Jaffee, VP of Business Development for VigLink, to make sure I understood VigLink’s TOS. Mr. Jaffee confirmed, in respect to whether Shareaholic (or any other system like yours who contract with VigLink) has permission to rewrite links on one’s website, “When we give out the API it is under the assumption they do have the rights.”

The VigLink TOS covers this twice:

You will be solely responsible for all matters related to the content, operation and maintenance of the Website, including, but not limited to: (i) creating and posting Merchant descriptions and links on the Website and linking to Merchant websites; (ii) the accuracy and appropriateness of all materials posted on the Website (including, but not limited to, all information regarding Merchants and Merchants’ products and/or services); (iii) ensuring that all materials posted on the Website do not infringe or misappropriate any third party intellectual property rights; and (iv) ensuring that all materials posted on the Website are not defamatory or otherwise illegal. You represent and warrant that you shall comply with all rules, regulations and guidelines, as well as any applicable Merchant terms and conditions and policies, in each case to the extent applicable to your operation of the Website and use of the Service and Software, including, without limitation, those regarding the disclosure of a material relationship inherent in the links on the Website. — VigLink’s Responsibilities Section

In short, since you don’t even mention the services in any standard location via the admin or your website, and there is no agreement for its use in the TOS, you have zero rights to rewrite links on any of the websites using your service unless the site owner specifically said that you do.

Your Privacy Policy is also inaccurate.

Your Shareaholic account information is protected by a password for your privacy and security. You will need to work to protect against unauthorized access to your password and to your computer by logging off once you have finished using a shared computer. — As of 09/28/14 – However, user accounts are not password-protected via the Shareaholic system. You can use Twitter to sign in, requiring you revoke Twitter authorization to perform the same action as a “log out”.

You fail to tell us what happens to the money that will never be claimed.

This question has been asked several times, and you refuse to answer it. Will it be kept? Will it be donated? Will it be turned over to the state for appropriate disbursement?

[UPDATE] I personally spoke with the Massachusetts Abandoned Property Division. They said even a domain name can be used as an identifier, and that any affiliate earnings not claimed after three years MUST be reported to the state with any possible identifying details. If they do not report it, but a user makes a claim that he thinks he’s due money, they would investigate.

I’ll also add that it is ridiculous to even think that you have no idea how much users will earn. VigLink, by default, takes 25%. Surely you have an idea what you will take? Oh, wait, you said, “We are not stealing or skimming from your affiliate revenue.” Does that mean that users will receive 100% of the money you receive on their behalf?

As for the FTC guidelines, that issue arose out of your own company’s doing. In some locations you say disclosure is required. In other areas, you say it is not. Perhaps you should clarify this on your own website AND in your Terms of Service, which clearly state that “publishers” are required to include a disclosure statement:

From Shareaholic's TOS — From Shareaholic’s TOS as of July 2014 – the latest rendition as of 09/28/14 (Also, note that the above is the only mention of Affiliate Links. Nowhere does it mention that this feature exists, or that the user gives Shareaholic permission to rewrite links.)

Shareaholic CAN give others full control over Shareaholic settings for one’s website.

You can argue this FACT any way you’d like. You do this through the assumption that any time someone gives another access to the WordPress admin that it is an ongoing “client and provider” relationship. I’ve already pointed out via my own blog, and via an unedited video posted on YouTube that this is false. You are correct that only a site admin can give someone access. The point you’re missing is that those settings should not be automatically affiliated with someone else’s account. I will recap the scenario I explained in the video here:

1. User logs into WordPress and installs the Shareaholic plugin.

2. User hires a plugin developer, and pays him a one-time fee to install another plugin.

3. It is now possible for that developer to have the user’s Shareaholic profile associated with his account, giving him complete control over all the settings, including rerouting social followers and appending his own “statement” to the end of tweets.

In this case, the user is not a client of the developer. Giving one temporary access to the WordPress admin should never give that person full access to control any other services.

Shareaholic – please prove to me that I have this above scenario wrong, and I’ll shout from the rooftops that I was ill-informed and provided false information.

In short, the owner of a site should only be able to knowingly give another access to Shareaholic settings.

When did website owners using your service for social sharing icons become your publishers?

I noticed in your post that you call your users “publishers.” This is where more confusion lies. Take a look at your top navigation on your website:

Using the term For Your Website (not Publishers) — Screenshot of top navigation banner as of 09/28/14

In the revenue generated practice, there are advertisers and publishers. Those familiar with using affiliate links to merchants (typically via an affiliate program) understand that when they use these types of links, the merchant is the advertiser, and the one linking to the advertiser is the publisher.

But you’re not calling people publishers when marketing your services via your website. Instead, you use the term “For Your Website”, and that links to the landing page referenced above.

So, what are you doing to fix this?

You’re very vague about this. You explain that you aren’t perfect, but you aren’t evil. You went so far to call me vindictive in my posts and responses in a handful of threads on a few forums. You want to remind us that you are the little guys, and that people like me posted our findings for self-promotion.

I’ll make this clear. I am not a plugin developer. I do not provide a competing service. I do not focus all my attention on WordPress, and I really have nothing to gain by these posts other than knowing that unsuspecting users – albeit, only a small percentage of them who are reachable by little ‘ol me – are fully aware of what has occurred.

For the sake of transparency (which your company often touts), I received a total of 8 email subscribers over a three-day period from the post pages, out of the 3400+ people who visited them. I gained no other work or client requests from those post URLs. And the bounce rate on those pages was rather high, which means the majority of the visitors came in, read the posts, and left.

Here are my questions. I would think a company that claims it’s transparent would have no problem answering them.

1. Are you going to require a full account (email address, password) in order for monetization to be available to each site?

2. Are you going to make the Affiliate Links feature, and any future feature like this, opt-in instead of opt-out? [UPDATE 09/29: It appears Affiliate Links is now opt-in]

3. Are you going to require a full account (email address, password) in order for Shareaholic settings to be changed (for actual site owners to enact the profile/account association)? [UPDATE: An intercepting screen appeared on 09/29 – it asks the admin user if he/she wants the profile associated with any account currently logged in]

4. Are you going to disclose what percentage of revenue Affiliate Links publishers will receive?

5. Are you going to update your TOS, which currently do not grant you permission for the Affiliate Links feature (as well as other features)?

6. Are you going to update the back-end system, so when a user sees a screen like this it’s only because he created an account with an email address? My Twitter verification was enough to create an account, yet I still could configure this screen (which actually did nothing):

My Shareaholic Email Settings - all toggled on — When a user opts to authorize your app to use Twitter, it appears you’ll be able to contact the user via email, though you cannot unless he created an account login with his email address and password.

7. What steps are you taking to better clarify to users what your apps actually do? A transparent business won’t solely rely on “fine print”. Transparency calls for making it very clear, upfront, what a service entails. [UPDATE: As of 09/29 the WordPress plugin description has been changed.]

8. Will you change the description of the Shareaholic plugin (and also that of Sexy Bookmarks) so users do not think they are solely installing a plugin for social sharing and related content links? [UPDATE: As of 09/29 the WordPress plugin description has been changed.]

9. Will you change the plugin description, as well as the admin, to make it clear that the plugin is just a gateway to your service? And that it is not what actually controls the total functionality?

I never had a problem with the Affiliate Links app. I think they’re good for business, and provide a valuable tool for those who want to monetize their web content with the least amount of effort. My issue was that you launched this service with the featured turned ON, without having permission from me to do so. I think many other features you offer are also good, but that they should also give site owners control over who gets access to what. As well, those earning revenue have a right to know what they will earn percentage-wise.

Many of us who’ve worked in other fields like book authoring and filmmaking know that getting paid based on costs often means very little money because so much is taken from the backend it’s not funny. We’ve seen publishers and companies make thousands, all the while cutting us payments for less than $10.

You can say you made attempts to notify everyone, but even on your own site’s “Updates” section, you never really made it clear what it was until you launched the feature and opted everyone into it. The majority of the users who have complained have done so because they were affected by the launch, and some didn’t notice it until they’d already lost revenue via existing links (it doesn’t matter if you didn’t intend for those links to be rewritten, what matters is that ANY links were rewritten).

I close with this: Your lack of communication makes you look bad because you stand to make more money from those who are unaware than you are from those who make decisions on their own. Your rewriting of links affects some people beyond just making them “found money”.

Shareaholic consistently claims it practices transparency. Rather than just admitting you took advantage of what EACH user wanted, you rely on a group of beta testers and a few other companies to tell you that turning features on without notification was a good practice. But it doesn’t matter if it was half your users or just 10 of your users who have a problem with this practice. Your terms don’t cover it, so you had no legal or moral right to make that decision for any of us.

In other words, Shareaholic, in order to practice transparency you have to be transparent. I await your response. As always, I am 100% open to communicate with anyone at Shareholic about these issues.

UPDATES!

As of September 29th, the description of the Shareaholic WordPress plugin has been updated:

Now called: all-in-one content amplification and monetization platform — Shareaholic is now called an all-in-one content amplification and monetization platform.

Plugin version 7.6.0.2 now includes Monetization settings in the first page of the plugin’s admin:

Monetize Settings Button — This button appears below the settings for social sharing buttons and Related Content.

If you opt to modify settings via a Shareaholic.com account, the monetization tab is more clear.

Tabbed area now includes monetization. — It now appears the only setting on by default is Post-Share ads. In three tests on clean sites Affiliate Links was opt-in instead of opt-out.

The auto-association of a profile with an account appears to be gone. Now, when the “unlock” button is clicked within the plugin’s admin, a screen asks to associate or not.

RJ Gazarek

There is one question that Shareaholic cannot be let off the hook with – what happens to money made with automatic affiliate links that does not get claimed by people who don’t add a PayPal account. If I made an account with shareaholic for 3 years, affililate links created, money made, never add a PayPal account – and then close my shareaholic account – where is that money going?

This – above all else – is the really really REALLY sketchy part… especially since this has been implemented, and I BET there is already unclaimed revenue sitting somewhere… Shareaholic stands to gain a lot from this.
- Pamela Hazelton
  
  I agree with you. And I’ve asked them several times and they refuse to answer. I would think those earnings would fall under the unclaimed property law, and their state has one: http://www.bizfilings.com/toolkit/sbg/finance/basic-accounting/unclaimed-property/massachusetts-unclaimed-property-rules.aspx
  
  Hmm, thinking I’ll give that office a call and see if this scenario applies.
  - BicycleHobo
    
    Wow….this is what I meant when I said they should have embraced your findings on reddit. Imagine if they contacted all of their users to inform them they may have a check waiting for them vs. finding out from YOU after they deleted your comment to their cover up post, and implied you were bending the truth.
    
    PR win vs. Complete fail.
    - Pamela Hazelton
      
      Hey, if a company is going to tout transparency and not exercise transparency, I’m happy to help them finish the job. Oh, did I say that out loud?
  - RJ Gazarek
    
    I also emailed them, and received the same sort of “cookie cutter” response – completely dodged my question as to what’s happening with this money. His basic response is that they believe everyone is happy because of the amount of PayPal signups they’ve been getting. I’m just sort of shaking my head at this point – I think, overall, it’s a great service that can add some real value for content creators – I just think they’ve gone about implementing it the wrong way.
    
    Just today, I was combing through some Google Analytics – and found some Event Tracking code that was picking up hits starting September 22nd. I never implemented it, and spent 3 hours today trying to figure out where it was coming from. Where these links could be – found out it was in the Shareaholic code on my site. They had rewritten internal links that have nothing to do with Shareaholic… They added onclick GA tracking for all of these internal links on my site.
    
    I mentioned previously that their “Related Content” part wasn’t working, so I used a different wordpress plugin to show related content – and found out today they rewrote the links on my pages, in that plugin – I can’t say I’m not quite upset over this.
    - Pamela Hazelton
      
      Lots of services do offer this “monetization”. As you say, it can be a great service, but if it’s not covered in your terms of service and you implement it by default with no mention, there’s a huge issue.
      
      Disqus actually uses VigLink for rewriting. Guess what? When they planned to offer the service they notified their users. They notify now not just via email, but via the “comment” system itself. I posted a screenshot of that yesterday, and it is the right way to connect with users to ensure the maximum number see the changes.
      
      I did find many other poor practices in regard to Shareaholic’s tracking. I opted not to post the rest because a) so many other plugins and services do this, too; b) it’s kinda covered in their TOS; and c) I didn’t want to jump from legitimate pointer-outer to nitpicker. 🙂
    - Pamela Hazelton
      
      Oh, and I’m sure they’ve gotten a slew of PayPal signups. What would be interesting to know is how many of the 340K sites they serve actually fall under “accounts” (not profiles). My bet is less than half. And not every account has an email address – mine was created via Twitter oAuth. So, how many could they actually reach?
- Pamela Hazelton
  
  I just got off the phone with the Massachusetts Abandoned Property Division. They said even a domain name can be used as an identifier, and that any affiliate earnings not claimed after three years MUST be reported to the state with any possible identifying details. In short, Shareaholic cannot keep your money. Worst case is you have to “find” it via the Abandonment Division. If they do not report it, but a user makes a claim that he thinks he’s due money, they investigate that as well.
Heather D.

How do I make sure that my links are not being skimmed? I want to delete the plugin altogether but when I deactivate and/or delete, it screws up my site.