Kickstarter’s success has made a lot of people pay attention to the concept of crowdfunding. At it’s best, crowdfunding investment allows fans of an artist to send her money to directly support her work, and get something special out of it. At it’s worst, it’s photoshopped fake products, dubious consumer electronics and videogame projects from the implausible to outright scams.
Crowdfunding sites provide a fairly simple service: they allow people to list products on their website, provide a discussion forum and allow people interested in the project to pay money (after the crowdfunding site skims 5-10% off the top) to the project backers. The project backers promise something in return for the payment – from one or more of the actual product being developed, if it’s every released, down to a simple “thanks!’ on a website. That’s something that makes perfect sense in the original KickStarter artist fan-club world, but also allows attempts to fund tech startups to avoid SEC requirements on both the startup and the crowdfunding company. Those SEC requirements were put in place many years ago to make it more difficult for scam-artists to swindle people in the guise of investing in a worthless company…
What does this have to do with spam? Well, if you’re going to set up a spam campaign of some sort – whether it’s for a real product, or an outright scam – there are several things that are very useful to have: A website that looks plausible, and won’t be taken down by the webhost. A way to accept money, ideally via online credit card payments. And a way to control discussion about your product, so that you can maintain an appearance of legitimacy and build buzz, while keeping naysayers from dissuading potential customers would be perfect.
That’s exactly what the crowdfunding sites offer. Some of them – KickStarter, for one – are very aware of the potential for abuse. Not only do they do some basic checks potential projects for legitimacy, but they have – and enforce – acceptable use policies to deter bad behaviour. Others, like IndieGoGo, don’t.
I got this spam out of the blue:
From: “Scott Edwards” <ScottSamuelJamesEdwards@stanford.edu>
Subject: Amazing! Even better than Google Glass
Social video glasses record your life handsfree!
Look at this fun IndieGoGo crowd-funded project!
Social video sharing glasses capture your life:
I have backed the project and you should too!
To unsubscribe: http://pastebin.com/raw.php?i=pNcfyRP9
A couple of things leaped out at me about this. The first was that the “unsubscribe” link was a link to a pastebin. Pastebins are websites that allow you to enter some plain text into a web form and get a link back that will allow anyone to see that text – they’re commonly used on IRC to share fragments of text for discussion. And they don’t have any interactivity, they just show people the plain text. So someone is misusing pastebin.com to create a bogus link that just displays “You have been successfully unsubscribed.” without actually doing anything else. That’s so blatantly a scam that it’s almost offensive.
The second was that not only did the email claim to come from a Stanford email address , it really did come from Stanford’s main smarthost. The suspicious looking email address is bogus (no such user) but the spam was created and sent from myth16.stanford.edu, a machine in one of their shared computer-science labs. Given it’s a unix workstation, it’s pretty unlikely that it’s a compromised machine, rather that the spam was sent by someone with an account on the Stanford network – a student or faculty member. A student sending falsified spam that violates CAN-SPAM and California state law from the Stanford University network would be clearly violating Stanford’s network policies (PDF).
All of this was odd enough that I started to look a little more deeply at SocialVideoGlasses, “Vengeance Labs” and IndieGoGo.
It turns out that the project had been kicked off KickStarter the previous week. Speculation is that it’s because they were sending email spam – from “Sergey Grin” and “Tristan Newland”, both at Stanford – and maybe comment spamming blogs that mention Google’s smart glasses product, and sending a huge volume of twitter spam.
The project appears to consist of just two people
One of them, Erick Miller, when asked about the email spam they were sending, seemed to think the spam is a good thing:
the apparent email that went out to some Stanford students from someone named Sergey ‘Grin’ — lol — we are not making any public statements about this because we’re unclear what this was about, but we had a chuckle about it, and a grin — at least we see this as an indicator that we’re gaining some visibility and interest w/ what we’re working on.
The other, Jon Rodriguez, is a computer-science student at Stanford, with access to the Stanford network. The dots are pretty easy to join.
IndieGoGo tell me this about Social Video Glasses
… at this time the campaign is not in violation of any of our Terms of Service.
Which does seem to be true. Hopefully they’ll fix their AUP to prohibit this sort of illegal behaviour, and then enforce it.
(DigitalTrends look at other aspects of this, including the changes in the description that change it from wi-fi enabled social media smart glasses to a simple camera that’s much the same spec as the 808 cameras that can be had for $20 or so in bulk and the similarity to a previous kickstarter project).