Quechup

Quechup (kway-chup) was a social networking website that came to prominence in 2007 when it used automatic email invitations for viral marketing to all the e-mail addresses in its members' address books. This was described as a "spam campaign" and raised a great deal of criticism.

Address book harvesting
The automatic invitation of all the contacts in the e-mail address books of people who signed up to their service was controversial for two reasons:


 * 1) Without explaining intentions, Quechup required permission to access the address book.
 * 2) Invites were sent to all addresses in address books without permission of e-mail address owners.

This attracted a great deal of criticism in September 2007.

Reacting to the criticism, Quechup's parent company iDate Corporation made a public statement on 17 September 2007, stating that:

"'Quechup was one of the first social networking sites to include such a feature back in 2005. With its growing popularity (social networks), expectations of what features a service should have and how they should work have emerged. Quechup's address check did not conform to what users now expect as the norm.'"

Much of the criticism focused on misleading users by hiding the nature of the feature in the 'small print' of the site terms and not specifying it in the Quechup privacy policy, which stated only, "You agree that we may use personally identifiable information about you to improve our marketing and promotional efforts, to analyse site usage, improve our content and product offerings, and customize our Site's content, layout, and services.".

While admitting the campaign was misleading, technology blogger Chris Hambly pointed out that text explaining how the feature worked was placed in normal print directly above the feature, raising the question of a user's responsibility to read what they agree to, although he noted that this explanatory text failed to clearly state what would happen. "However you view this, no matter what your opinion is on this the fact of the matter is that you should READ what the page says as it is very clear. In any case there is a link which says 'I don't have an address book'!... I can only say you should READ these things clearly in the future, it’s quite simple."

In their 17 September statement, Glen Finch, Chief Technology Officer stated "'It's important to confirm a few points. That the address book checker has always been an optional feature for members, they are under no obligation to use it and we provide relevant links for members to skip it. The explanatory text as to what it entailed and the terms of its use have always been stated directly on the page. We are well aware that Internet users frequently confirm they have read and agreed to lengthy all-encompassing terms and conditions rarely having actually read them. Therefore we deliberately included the explanation and terms of use directly on the page above the feature itself to avoid confusion.'"

This has raised the issue of users automatically 'opting in' without first understanding what they are accepting, rather than automatically 'opting out' of questionable features.

Response
Quechup responded by changing how it operated its service and belatedly reassuring customers it was not acting maliciously, even if irresponsibly.


 * 1) Quechup changed how its address book check worked within days, clearly giving members the option of which contacts, if any, they wanted to invite.
 * 2) Quechup adopted Windows Live ID Delegated Authentication, enabling Live and Hotmail users to grant limited access by logging in directly on Microsoft's secure servers.
 * 3) Quechup is a member of SenderScore the world's most comprehensive database of email sender reputation.
 * 4) Quechup fully complies with Microsoft's Sender ID Framework for email authentication and uses SPF records.

The Quechup affair encouraged calls for open authentication through an OpenID system such as Yahoo's BBauth, which would allow a user to grant limited access to their data, without providing passwords directly to a website. Indeed, Quechup adopted Windows Live ID Delegated Authentication, an OpenID system for Windows Live and Hotmail users.

Fake invitations
In a more recent development, technology journalist Robert X. Cringely raised the possibility that Quechup may be sending fake dating invitations to subscribers that attempts to get them to sign up to a premium service. In his article, Cringely stated that it was not certain if these fake e-mails were the work of what he called a "rogue Quechup affiliate who gets a commission for sign ups" or a more sophisticated automatic spam operation.