PDA

View Full Version : Roar.com assessed as a threat



Roar.com
2005-11-17, 03:10
Hello,

It has been brought to our attention that our website at http://www.roar.com and our privacy policy webpage at http://www.roar.com/legal/privacy.htm have been reported to you and subsequently included on your list of websites constituting potential privacy/security threats.

The record of this is located at http://www.safer-networking.org/en/threats/53.html

We wish to advise that the reporting of the above website as a potential privacy and/or security threat was misconceived and incorrect.

We are a public company operating an established and reputable paid placement advertising directory website and we are well aware of our security and privacy obligations regarding the use of personal information that we collect and store.

We have tried on numerous occasions to contact Spybot via email, but have not yet received a response.

What steps need to be taken to remove us from your security threats list?

Regards

Bill Vanderent
Manager, IT Services
Roar.com

Roar.com
2005-11-22, 02:13
I still haven't heard anything back about this. Can someone from Spybot please contact me as soon as possible?

Thanks

Bill

el cpu
2005-11-22, 06:31
Let me make sure that this is clear. I am not speaking for Spybot S&D as I am in no way connected with them. I am simply an individual that visits this forum and would like to keep personal information all to myself. Based on your privacy statement what did you expect? :confused:

md usa spybot fan
2005-11-22, 14:50
Is there a reason that the following link buttons on the bottom of your www.roar.com home page all link to www.roar.com/#, which also the home page, rather than to the indicated subject matter?
Advertiser Information (http://www.roar.com/#)
Legal Information (http://www.roar.com/#)
Privacy Policy (http://www.roar.com/#)
© 2002-2004 ROAR.com (http://www.roar.com/#)

mikey
2005-11-22, 15:57
I wonder why every block list I know of contains roar.com & darkblue.com

I just can't understand why anyone would want to block access to an outfit responsible for some really great wares. :sarcasm: One might get the idea that roar folk were responsible for some nasty malware propagation like highjackers and such. Surely that's not the case. :more sarcasm:

Roar.com
2005-11-23, 03:30
Let me make sure that this is clear. I am not speaking for Spybot S&D as I am in no way connected with them. I am simply an individual that visits this forum and would like to keep personal information all to myself. Based on your privacy statement what did you expect? :confused:

Hi el_cpu,

The reference in our privacy policy to "personal information" such as names, email address is only collected from our customers/advertisers and not individual surfers who view the website. This is for our customers who wish to engage in a business relationship with us. (eg. Advertise their sites on Roar.com)

Any marketing material that is sent using such personal information also strictly complies with the relevant anti-spam legislation enforced in Australia. Again, this is for our business clients, not web surfers.

Personal information collected by us is not disclosed to any other third parties and is protected against unauthorized access by such third parties.

The only information that is collected from individuals viewing the said website is their IP address (for fraud detection)

The only tracking devices used by us are cookies and web-bugs. The use of these basic tracking devices is clearly disclosed in the privacy policy. More importantly, these tracking devices are standard tools used in the online advertising industry and in no way compromise the security of, or allow unauthorised access to users computers.

Thanks,

Bill

Roar.com
2005-11-23, 03:34
Is there a reason that the following link buttons on the bottom of your www.roar.com home page all link to www.roar.com/#, which also the home page, rather than to the indicated subject matter?
Advertiser Information (http://www.roar.com/#)
Legal Information (http://www.roar.com/#)
Privacy Policy (http://www.roar.com/#)
© 2002-2004 ROAR.com (http://www.roar.com/#)

md, maybe you've got javascript turned off? The links on the page (not the ones listed above) launch a popup window containing the relevant information

Roar.com
2005-11-23, 04:02
I wonder why every block list I know of contains roar.com & darkblue.com

I just can't understand why anyone would want to block access to an outfit responsible for some really great wares. :sarcasm: One might get the idea that roar folk were responsible for some nasty malware propagation like highjackers and such. Surely that's not the case. :more sarcasm:

Hi Mikey,

Thanks for your honesty. You're right, it's not the case. We don't use spyware/malware/*ware. RE the block lists, we are a search engine (roar.com), and an affiliate program (darkblue.com). I've seen both of those in some "ad" block lists, because that's what they do, display ads for our customers. That in mind, I've also seen cj.com, googleadservices.com and cnet.com (to name a few) in these same lists.

RE the inclusion in the Spybot "threat" list, and what I've said above, does that warrant our inclusion? It would be good to hear from someone who administers the threat list.

Thanks

Bill

mikey
2005-11-23, 05:08
Hey Bill, thx for the response and sorry about the sarcasm. If you aren't too put off by my previous sarcasm, perhaps you wouldn't mind discussing what may be the reason in part or in whole for your being targeted by most of the block lists. I can try to compile a list of those who block your sites if you like. The ones I'm familiar with do so.

Anyway, as I Google my way around looking for refs related to darkblue & roar, I note a bit of discussion about the use of those all too hated popunders...we all know about popunders...some are even known to use browser vulnerabilities/exploits to load unwanted wares. I know you wish to speak to someone on staff here but would this issue be worth a comment even tho I am not a SSD admin?

I think perhaps I should ask the others who publish the lists why they target your domains. I might find a more encompassing view of things that way. Now that I'm more curious, I wonder what else I can find...off to find out.

EDIT: BTW Those links at the bottom of your page don't work here either in multiple boxes(IE). I think the prob is on your end.

bitman
2005-11-23, 06:57
Is there a reason that the following link buttons on the bottom of your www.roar.com home page all link to www.roar.com/#, which also the home page, rather than to the indicated subject matter?


md, maybe you've got javascript turned off? The links on the page (not the ones listed above) launch a popup window containing the relevant information


EDIT: BTW Those links at the bottom of your page don't work here either in multiple boxes(IE). I think the prob is on your end.

The issue is that since Roar.com is in Restricted Sites, Active Scripting (Java) is disabled by default, so the links fail and return to the main page. It would probably be best to make these important links simple HTML that open other pages rather then popup windows using Java. :shrug:

Luis.Help
2005-11-23, 07:34
It would probably be best to make these important links simple HTML that open other pages rather then popup windows using Java. :shrug:

It would improve accessibility, also. I highly recommend to do it.

Roar.com
2005-11-23, 09:15
Hi Mikey, no problem about the sarcasm ;) Would be happy to discuss how to get off the Spybot lists, and what we need to do to achieve this.

As for the block lists, that would be great if you could pm me any information you find.

Regarding popunders, it is a configurable option for our customers to use popunders, however we never install spyware/malware/*ware, exploit or not. As part of our vetting processes, we check that after our customers have signed up that the target sites do not attempt exploits or vulnerabilities. Should our affiliates attempt to do so during the course of our relationship, our 24hr customer care team immediately disable any directed traffic, and further action is taken against the affiliate (as per our affiliate terms and conditions - http://darkblue.com/index.htm?mainPage_new=1&section=aff_tc)

I checked the links on the bottom of the roar.com page, and it worked fine for me. You don't have Spybot installed by any chance do you? Looks like bitman is right. Seems that when I tested on another box here with spybot installed, the popup didn't work. You see my problem :)

We've taken your suggestion and changed those links at the bottom of roar.com to simple links instead of popups.

Thanks!

Bill

bitman
2005-11-23, 10:07
I checked the links on the bottom of the roar.com page, and it worked fine for me. You don't have Spybot installed by any chance do you? Looks like bitman is right. Seems that when I tested on another box here with spybot installed, the popup didn't work. You see my problem :)

We've taken your suggestion and changed those links at the bottom of roar.com to simple links instead of popups.

Thanks!

Bill
As expected, the simple links work fine now even with Roar.com in Restricted Sites.

Also, please realize that just installing Spybot S&D doesn't add Roar.com to Restricted Sites, this is done by performing the 'Immunize' function. As Mikey stated, Roar.com is likely on several such block lists since they tend to be common to several products.

Roar.com
2005-11-23, 10:18
Also, please realize that just installing Spybot S&D doesn't add Roar.com to Restricted Sites, this is done by performing the 'Immunize' function.

Agreed, but I would have to assume that people using Spybot would immunize? (why wouldn't you?) Thus why I would like to see roar.com removed from the threats list.

Spybot admins? Anyone?

captain_gut
2005-11-23, 14:31
Hey Bill,

just PMed you.


Flo

Roar.com
2006-01-10, 08:17
Hello,

I have tried contacting Spybot since the 2nd December on numerous occasions, and have yet to hear a response.

I don't know what else to do other than post in the forums to get your attention.

Please PM me or email as soon as possible so that we can move forward and have our entry removed from your threats database

Bill

Roar.com
2006-02-03, 02:31
Hello,

It has now been well over 2 months since we first contacted Spybot to have our entry removed from your threats database. Time and time again we’ve emailed, and we still have yet to receive a response.

We have done all that you have asked. We have taken your suggestions and made changes to our privacy policy to clarify any points which may have been interpreted incorrectly. We have done this in a timely and efficient manner. Despite this, you choose to ignore our emails and refuse to remove us from your threats database.

It should be noted that our privacy policy has been drafted to comply with the National Privacy Principles outlined in the Australian Privacy Act 1998. (Cth). More information about the Privacy Act is available on the Australian Privacy Commissioner's website at http://www.privacy.gov.au.

We have also respected your wishes, and responded to your questions and concerns via email, rather than enter into a public discussion on your forums. Despite this, you have refused to reply to these emails.

We again ask for you to please contact us so that we can have our entry removed from your threats database.

Regards, Bill

PepiMK
2006-02-03, 12:00
What you are doing is that you spam my private address. Any email going into SNL inboxes that is directed at my private email address as well gets filtered automatically, since I regard that as malpractice :p

Roar.com
2006-02-07, 02:28
Hello PepiMK,

FYI I re-sent the email to your reviews department on Friday. If you could check that it's been received I would appreicate it. Apologies for sending to your personal address, but I was concerned my responses weren't being received

Thanks

Bill

Roar.com
2006-02-17, 08:35
Hello Spybot Team,

I haven't received a response, could someone please get in touch with me.

Thanks

Bill

Buster
2006-02-17, 11:09
Hello Bill,

let me tell you some reasons why Spybot will not remove roar.com.

http://www.siteadvisor.com/sites/roar.com

roar.com
When we tested this site we found links to winantivirus.com, which our analysis found to be deceptive or fraudulent.

http://www.pageseeker.com/results.htm?start=0&shareid=1&domainid=&directory=&ppsid=&search=spybot&imageField.x=0&imageField.y=0
Many of our users complained about such search results.

hotsearch.com#|roar.com
Is blocked in IESPYADS:

http://forums.spybot.info/showpost.php?p=1746&postcount=3

Protecting Your Privacy & Security on a Home PC. Eric Howes
Bookmark it.
http://www.spywarewarrior.com/uiuc/


IE-SPYAD (Internet Explorer Restricted sites list)
AGNIS (for AtGuard/NIS/NPF)
AGNIS for Outpost
AGNIS for AdShield
You can download all of these versions at:
www.spywarewarrior.com/uiuc/resource.htm


We have to protect our users and will not remove roar.com from detection.

MisterW
2006-02-17, 17:40
We checked the website roar.com and decided to not remove it from our detection because we found roar.com on most of the host-lists. In addition to that we checked the privacy of roar.com and found several vague statements:

"Roar.com does not normally link IP addresses to any personal information, which means that a Visitor's session will be logged, but the Visitor otherwise remains anonymous."

What means normally? Are the Ip addresses stored or not? In the next passage they say:

"Roar.com can and will use IP addresses to identify a Visitor when it is necessary to enforce compliance with our terms of service or to protect the integrity of our services and websites, as well as to protect our interests and those of our Customers."

Hm, how is it possible to identify visitors when IP adresses normally not get stored or linked to personal informations?


In one of the next parts it is said:

"there may be times when Roar.com may be required to disclose personal information of a Customer or Visitor without their consent. This may occur where we have reason to believe that disclosing the information is:

necessary to identify, contact or bring legal action against the Customer, Visitor or another person who may be causing injury to or interference with (either intentionally or unintentionally) the rights or property of Roar.com or its subsidiaries, other Customers or anyone else that could be harmed by such activities; or
required by law."

In what case it could be necessary to contact customers or visitors without their consent????? And how you will do it without storing personal information?

In addition to this reasons we recognized that the search results of the website are often malicious and dangerous and many of our customers complained about your search results. So we think we have to protect our customers and will not remove roar.com from our detections

Best regards,

MisterW
Team-Spybot

Roar.com
2006-02-23, 01:32
Hello Spybot team,

Thank you for your response.


http://www.siteadvisor.com/sites/roar.com
Quote:
roar.com
When we tested this site we found links to winantivirus.com, which our analysis found to be deceptive or fraudulent.


Roar.com is a commercial advertising network. While we screen our advertisers when they apply to be part of our network, we cannot take responsibility for actions that are out of our control. We can however remove them from our network should we have sufficient proof that they have breached our terms and conditions. We are investigating the winantivirus software concerns that you have raised, but so far have only found speculation rather than proof that this package contains spyware. As I am sure you can appreciate, any breach of a contractual obligation must be proven, rather than speculated against on a forum. While we will continue to investigate, any information you can provide to help us bring light to this case would be appreciated.



http://www.pageseeker.com/results.ht...imageField.y=0
Many of our users complained about such search results.


When you say “complain”, could you please explain exactly what you mean? As an advertising network, customers can bid on keyterms to have results displayed. For example, PCTools.com advertises on the keyterm “Spybot” at both Lycos (http://search.lycos.com/?src=sf&loc=sem&query=spybot) and Google (http://www.google.com/search?q=spybot). It should also be noted that our 24 hour customer care department is available to review any complaints from any visitor to our sites.



hotsearch.com#|roar.com
Is blocked in IESPYADS:

(http://www.spywarewarrior.com/uiuc/resource.htm)

These block lists are based in part on info from:
discussions in the SpywareInfo Forums, Spyware Warrior, CastleCops,
and other forums that specialize in crapware removal


After looking in those forums, the only references to roar.com I could find were to sites that were removed from the roar.com network long ago. It should also be noted that there have been no discussions about roar.com in Castlecops or the Spybot forums, other than this thread.

In response to MisterW’s questions:


"Roar.com does not normally link IP addresses to any personal information, which means that a Visitor's session will be logged, but the Visitor otherwise remains anonymous."

What means normally? Are the Ip addresses stored or not?


There are two different types of people that visit our sites, Surfers (anonymous visitors) and Advertisers that wish to promote their site through Roar.com. For surfers, IP addresses are stored, but without any personally identifiable information. This is for fraud detection purposes. To protect our advertisers, we proactively monitor the streams of traffic to search terms to ensure the traffic is of a high standard. We monitor such things as duplicate requests to advertisers. A way to identify duplicate clicks for example would be to use the request and the IP address of its origin. This protects our advertisers and ensures they are not paying for false clicks or poor traffic. This is common in the pay-per-click industry. For advertisers, we store personally identifiable information because they have a financial relationship with us. We may need to link IP addresses and personal information to ensure the security of the account has been maintained, for example, logging in from two geographically disperse places at the same time.


"Roar.com can and will use IP addresses to identify a Visitor when it is necessary to enforce compliance with our terms of service or to protect the integrity of our services and websites, as well as to protect our interests and those of our Customers."

Hm, how is it possible to identify visitors when IP adresses normally not get stored or linked to personal informations?


As mentioned previously, we can only identify advertisers, not surfers. We do this for reasons explained above.


"there may be times when Roar.com may be required to disclose personal information of a Customer or Visitor without their consent. This may occur where we have reason to believe that disclosing the information is:

necessary to identify, contact or bring legal action against the Customer, Visitor or another person who may be causing injury to or interference with (either intentionally or unintentionally) the rights or property of Roar.com or its subsidiaries, other Customers or anyone else that could be harmed by such activities; or required by law."

In what case it could be necessary to contact customers or visitors without their consent????? And how you will do it without storing personal information?


If a client or host performed a DoS attack, or some other form of malicious activity, and the investigation was able to identify the culprit based on personal information that they had submitted previously (ie, when they signed up for an advertiser account), then there may be a requirement to report their personal information to the relevant authorities for prosecution.

It should be noted that the “personal information” that is referred to in the terms and conditions is that of our customers who have signed up to advertise with roar.com.

I appreciate your response, however we are, and have done all that you have asked in the past. We have been pro-active in amending our terms and conditions based on your recommendations, and our policies are very similar to others in the industry. We will continue to work with you regarding the winantivirus.com case. We are a search engine with many of the terms and conditions no different to other major search engines in the industry. My concern is that every time we have done what you ask, we have simply been provided with another reason why we cannot be removed from your lists. Our original placement in your lists was based on terms and conditions that were taken out of context. This was explained in a private message to your reviews department. We then took your suggestions and revised our privacy policy taking your recommendations into consideration.

We will continue to work with you on being removed from your lists, however I would like to hear some sort of assurance that what we are doing is being recognized as a positive step toward the removal from your block lists.

Thank you

Bill

Roar.com
2006-03-21, 02:06
Could someone at Spybot please respond? It's been nearly a month since my last post.

Thanks

Bill

Ya Disgruntled Neighbour
2006-04-26, 19:08
Hi Bill,

I just registered but found this thread to be quite interesting. :) Anyway, I feel the reason that the spybot team are reluctant to remove roar.com off their website threat database is because roar.com has had past bad links related to spyware. As the contents of websites can change at any time it may be a bad idea to remove websites which were threats in the past.

I can see how hard you've been trying, and by the looks of things you've been very patient. But the fact of the matter is Spybot is to protect users, the last thing people would want to know is that websites are being removed from the block list because they are no-longer a threat. The thing is, people at Spybot can't check the website in the future to check that it is clean, so the safest course of action is to leave it blocked due to its malicious past.

It is a matter of trust, but who on the internet can you trust these days?

YDN.

theCaptain
2006-04-27, 21:27
Interesting topic indeed. So let me get this straight, if you have links to a known malware site on your site, that's cause for being blacklisted?

What about Google, Yahoo, or any of the main search engines? They link to malware sites. Not just in search results, but also in paid listings. I can see why you might want to block certain domains that have CWS or other devious malware. But I can't see that the Roar.com site itself can be held responsible for the conduct of advertisers any more than any other paid listing source.

I don't know Roar.com or how their site actually operates other than from what I have witnessed as a user in the last couple of minutes (it appears to be a directory of sponsored listings from what I can tell), but the logic of the Spybot argument is flawed.

Ok, let's flip the coin now. I notice on Roar.com that the sites listed are for "Best Sites for: ------ Category". I'm definitely seeing links from Azoogle redirects in the results listing so they are paid listings... but no where do you disclose that they are paid listings. If I'm not mistaken, it looks like you're passing off paid listings as an edited directory of sites. Can you tell me whether relevance is dictated by an editor, or a keyword bid amount? That is certainly cause for concern.

WinAntiVirus Pro is certainly a known "rogue" and I'd recommend kicking them off your network. And for what it's worth, I searched the site and couldn't find any reference to them anymore.

tC

DaveLister
2007-05-08, 04:44
Hello. I just installed Spybot on this work PC as one of the many things I am trying in order to stop Roar.com for apparently hijacking access to our homepage @ Austco.com. Whenever I attempt to view our site I instead have a classified ads page displayed. Upon viewing the page source I see this right at the top;

<BASE href="http://www.austco.com/common/roar/landing/rpos/">

I do not want this occuring as I require access to our site for various reasons.

DaveLister
2007-05-13, 23:45
Oi!
Mr Roar.com sycophant, I am still dealing with this problem thanks to your company, now it's another site I need to get at and can't.
F you very much.