I need to warn our loyal readers about a rather insidious new social networking site, and not just because it’s Yet Another Annoying social netwoRking sIte. The new site, called Yaari, is more than just annoying. It’s dangerous for you and your privacy, and is more Spam 2.0 than Web 2.0. I found out about Yaari from an e-mail I received the other day from a co-worker of mine, which read:

Jane Roe wants you to join Yaari!

Is Jane your friend?

Yes, Jane is my friend! No, Jane isn’t my friend.

Please respond or Jane may think you said no 😦

The Yaari Team
If you prefer not to receive this email tell us here. If you have any concerns
regarding the content of this message, please email abuse@yaari.com.
Yaari LLC, 358 Angier Ave, Atlanta, GA 30312

Looks pretty legit doesn’t it? I did find it kind of strange, however, that I received two invites each in both of my e-mail accounts. Why would my friend Jane send e-mails to all of my aliases at my work and personal address? This seemed kind of fishy so I asked Jane what the deal was, and she was pretty alarmed, turns out she had never sent me an invite, she had just joined due to an invite from a friend of hers who was equally perplexed, having sent no invites either.

Wanting to get to the bottom of things, I headed on over to Yaari and quickly discovered the likely culprit:

Yaari's Password Theft Page

Yaari's Password Theft Page

Scanning the terms of service, I also came across this little gem:

By registering for the Yaari website, … a member agrees to the Terms of Service and consents to allow Yaari to automatically send an email from the member to member’s contacts

The poor folks who were duped by Yari haven’t been taking it well either, here is what they have had to say:

  • Yaari has spammed all the contacts in my address book. The spam invites all contacts in my address book to join yaari or else I will be sad. Try Yaari at your own peril. (link)
  • This site sent out over 600 emails to my entire contact list… [The owner] needs a quick 101 on business ethics before she tries to become an entrepreneur (link)

If using your e-mail to spam your friends wasn’t enough, despite their supposed privacy policy, Yaari’s TOS clearly states that they will sign you up for spam as well:

Members consent to receive commercial e-mail messages from Yaari, and acknowledge and agree that their e-mail addresses and other personal information may be used by Yaari for the purpose of initiating commercial e-mail messages.”

You read that right! By agreeing to Yaari’s TOS, you give them a blank check to spam you and all of your contacts as much as they want, even from your own e-mail account. The lesson here seems to be that just as the web evolves to “Web 2.0”, the douche bags preying on web users will also be evolving to “Douche Bag 2.0”. Be careful to read the Terms of Service for all sites you join, and if something a site asks you to do seems insecure, err on the side of caution, no matter who supposedly invited you. And never, EVER give your passwords out to anyone.

-Angry Midwesterner