I’ve just uncovered what could be a serious issue for some AWeber users. Let’s be clear that it’s not an issue with AWeber itself, it’s how some people choose to use their autoresponders that’s the problem.
Whilst I may not be the first to identify the issue, I’ve not seen or heard anyone else mention it before so I could be the first to take it to the masses.
The net effect of the problem is that thieves could be walking away with thousands of dollars worth of digital products without their owners noticing a thing.
I don’t want to reveal too much about what I’ve found because it could have significant consequences for some people. I’ve seen evidence that a well-known Internet marketer is susceptible to this issue and I know there are others that could be being ripped off without realising.
My dilema is how I should go about telling people about this problem. It’s easy enough to prevent, once you know the implications, but not knowing could cause a marketer to lose a heap of money.
I could inform the people whom I know or suspect to be affected before posting the info somewhere public like on the Warrior Forum or I could create a very small report (it’s probably less than 1-page of content) and sell it for profit.
Is it morally right to profit in this way? Is it just another case of peddling information much like thousands have done before me?
Technorati Tags: AWeber
Update
Although I clarified where the issue lies early on, the previous title of this blog post, “I’ve Found An AWeber Security Hole”, wasn’t entirely accurate as the issue could be common across other autoresponders operating in a similar fashion. However, the problem I’ve seen is a security hole and I saw it happening specifically with an AWeber user.
Let me reiterate that it’s not a problem with AWeber itself, but with a particular way in which such autoresponders are used.
You can email those few marketers who you know you can help. After that, just post the problem publicly in this blog and notify http://www.imnewswatch.com so they can publicize it. The word will be out in a couple days among all internet marketers.
Your post title is really misleading here. If it’s not an AWeber security hole, then that’s not what the post title should be.
I know exactly what you’re referring to and it’s a matter of implementation and usage of the service. Users know full well that the subsequent thank you page URL is plainly visible in the HTML source of any of their web forms. Every email service provider operates in a similiar manner. The problem arises when people try to use the services in a manner that it’s not intended.
Tom,
I’ve edited the title and added further clarification to avoid any confusion.
You’re correct in that the issue is in the user’s implementation of the service, but it’s not what you’ve referred to.
There has been no issue with the AWeber system itself and the same problem may well be occurring with other autoresponder systems that operate in a similar fashion.
I hope that clears that up. I’m currently trying to contact the person who I know to be affected by their particular (mis)use of the AWeber system.
Will, good you raised this issue here. This is the first time I heard of such problem with email service providers like Aweber. I feel if the companies like Aweber are aware of the problem, it is their ethical responsibility to improve their system or give way to third party solutions which can improve the service. For example, PayPal is a good way of accepting credit cards – but if we use the default PayPal buttons, anybody can steal digital products by visiting the Thank you page which is easily visible in the source code. But using some third party solutions, we can encryt the source code to stop the thefts. Does any solution exisit in case of Awber like ESPs to stop the internet thieves?
You’ve made a good point, GS; if PayPal can encrypt our buy buttons, why can’t AWeber (and other providers) encrypt their forms?
There is the option of encrypting (or obfuscating) the code yourself by using a tool such as Code Lock.
The issue, in this case, isn’t the fault of AWeber; it’s how (at least) one particular user has chosen to use their features in a certain way that is the problem. It’s like if someone decides to drive their Ford car from New York to Las Vegas in reverse and they get into an accident by doing so, it’s hardly Ford’s fault.