Because we criticize the claims of others, skeptics are often attacked. In the world of Internet skepticism, these attacks often come in digital form.
I’ve often written about using Web of Trust (and tools like it) to warn unsuspecting users about dangerous misinformation websites. It is inevitable that the owners of these sites will become aware of the negative ratings we’ve given them. But what if they decide to retaliate against skeptics?
It’s not really a question of if. Judging from a few instances I’ll document here, some are not only fighting to repair the reputations of their own sites in Web of Trust, but some are voting against skeptic sites in Web of Trust and other online site rating services as well. (Yes, there are other services that rate websites for end users beyond WoT).
So what’s a skeptic webmaster to do? What’s the best way to become aware of malicious activity like this as quickly as possible? Unfortunately there’s no one silver bullet, but I can recommend a few tips and one site that will let you monitor your site’s reputation in 30+ services in one fell swoop.
Read on for more details…
Some Alt-Med Sites Have Noticed
Starting in April of this year a few alt-med sites ran articles about our Web of Trust efforts with titles like “Quackbusters, Skeptics and the Web of Trust” and “Skeptics Hijack Web of Trust” and others. (Yes, of course those links include the nofollow attribute, why do you ask?)
Like much material written by pseudoscientists, these articles have a small grain of truth (skeptics are in fact active on Web of Trust) but get many details wrong. For instance, they seem to think activist skeptics are only found in North America, which I’m sure will come as surprising news to the many skeptics groups overseas.
These articles all seem to have been cribbed from the same press release, possibly issued by Tim Bolen, a notorious anti-science campaigner who seems to have trouble remembering where he went to school, and also doesn’t seem to understand how the Internet works.
Retaliation Against Me
There does seem to be evidence that some of them are retaliating as a result of these reports. In one case this retaliation hit close to home. Back in June Elyse Anders pointed out on Twitter that my own Twitter profile came up with a red icon in Web of Trust.
I must confess I was not even aware that WoT had a feature to rate individual Twitter profiles. Most WoT ratings are for the domain as a whole, so for instance any page on wikipedia.org gets the same rating. But some time ago the makers of WoT added an experimental feature to rate subsections of shared domains separately. I had never noticed it because around the time I started writing about Web of Trust, Twitter made a change to their URL structure that broke this feature in WoT.
In May, Twitter changed their URL structure back and the Web of Trust feature started working again – revealing the red rating on my profile. After it was pointed out to me I solicited the help of other skeptics to vote it back up into green. (You can help too, just go to this scorecard and vote green).
Since WoT votes are anonymous, I have no way of knowing who voted my profile down, but I can only imagine it was folks angry with my skeptic work, and in particular my articles about WoT.
It was just this sort of retaliatory voting that the now-defunct WOT Project was designed to combat. One hopes their early efforts to build up vote strength will help avoid some issues.
Other Anti-Skeptic Voting
I’ve seen other examples of skeptic sites with negative votes, perhaps created by people with an axe to grind. In early July I happened to visit the home page of the American Freethought podcast and got an unexpected warning screen from WoT. At that time the site scorecard looked like what you see here (at right for most of you).
As you can see this is a very poor rating, and it is clearly malicious and undeserved. For instance the vendor reliability rating makes no sense, because the podcast sells nothing on the site! (They do have a donation page, however).
I always tell skeptics to avoid voting in the Vendor reliability and Privacy categories unless they have specific knowledge of bad actions in those areas by that site. It is only ethical to vote truthfully based on your knowledge of the site, not speculation.
I immediately called this issue to the attention of John C. Snider (one of the hosts of the podcast, who happens to live in my town). He was previously unaware of Web of Trust, and therefore definitely unaware of this rating issue. I put out a call on Twitter for skeptics to fix this, and I think John mentioned it to his listeners. I am pleased to report the ratings showed an immediate upward trend, and as of now the site is rated fully in the green. Whoever had voted it down clearly hadn’t done so with a very large group of people, and their damage is now undone.
Not Just Web of Trust, Either
So you might be thinking, “Big deal, I have Web of Trust installed and I visit my own website often, I’ll notice if the icon changes.” That may be true, but what about the other services that rate web sites and URLs online? There are more than one. In fact, there are quite a few.
Many of them are focused on issues that go beyond the core competency of Web of Trust, such as:
- Computer viruses and other malware
- Phishing attempts
- Spam emails sent by the site
- Presence of third-party advertising cookies
- Pornography and other objectionable content
- Information or tools used by hackers & other criminals
Some of these services are algorithmic – that is they rate the site based on actually testing the content. For instance, Google’s Safe Browsing function (available in Chrome and Firefox) rates sites based on a robotic detection of the presence of malware during Google’s normal data collection for their search engine.
(And, in a bit of circularity, some of these services are actually incorporated into the Web of Trust reports as well — so a bad rating on a malware service can affect your WoT rating too).
Some of these services also incorporate user reports just like Web of Trust does. The nature of spam and phishing is such that they almost have to. (One man’s useful commercial email is another man’s spam). And as a result, some of these results can be influenced (at least temporarily) by malicious reports.
An Example, Courtesy Anti-Vaccine Advocates
Beginning back in June, Reasonable Hank (a pro-vaccine campaigner in Australia) got a report on Twitter that his site (and that of another skeptic blogger) provoked a malware warning for some readers. Oddly enough, the report came from an anti-vaccine campaigner who accused him of trying to infect her computer with malware.
He quickly determined that this was based on a user report to the Internet security company Trend Micro, and that there was a procedure to dispute the report, which he did. After documenting the incident on his blog, he found that a second report with a different service was made in August. He was able to work around that too. He strongly suspects that the anti-vaccine campaigners themselves made these reports, just so they could publicly accuse his site of malfeasance with some (slim) evidence on their side.
Like many aspects of skepticism this situation could turn into something like Whack-a-Mole. Because computer security is a competitive area important to many businesses, there are many competitors in the URL rating game. How can we check them all, or even know which ones to check?
A Partial Solution
Fortunately, one security company saw the need for a centralized URL checker and built it. It’s called URLvoid and it is a free service created by the NoVirusThanks Company for users to scan a web addresses with multiple web reputation engines at once. The main purpose is for end users to check out web sites before they visit them, for safety.
But as the owner of a website, you can certainly use it to check out the reputation of your own site. Here’s an example, part of the URLvoid report for my site What’s the Harm:
And so I can see that my site comes up clean on 30 different services. I work in computer security and even I’ve not heard of a few of these. But it’s good to know they are not giving me a bad rating.
And if they were, I could click the More Details link and explore further. Sometimes the more link drops you at the search screen on that service, but often it will take you right to the report for your domain. Usually from there you can find a way to request a re-evaluation of your rating or suggest a different rating.
Each service is a little different, so I don’t have the space to go into the details of each one. Some have a simple email alias to send requests, others require you create an account to open a ticket and so on. If you are lucky, you won’t have to learn the ropes of very many of them.
You may note that Web of Trust itself (listed as “MYWOT”) as well as Trend Micro and BitDefender (the two services that wrongly accused Reasonable Hank’s site of hosting malware) are included in URLvoid. So the service definitely would have saved Hank some time.
Unfortunately URLvoid doesn’t yet offer any way to get automatic updates of changes in your site’s status. However, you could use a web page change monitoring service like Versionista (which I wrote about here) to automatically monitor your results and get an email when they change.
Also, URLvoid is purely domain based now, so you cannot use it to check your Twitter profile rating in Web of Trust.
Conclusion and Action Items
Clearly in the current Internet environment, skeptics must be wary of attempts to damage their web site reputation. URLvoid provides a good tool for that.
Here are my recommended best practices:
- Scan each domain you control using URLvoid
- Be sure to include any alias domains (“skeptools.com” and “skeptools.wordpress.com”)
- Bookmark the results and return periodically to check
- Optionally use a service like Versionista to monitor changes
- Visit your Twitter profile page(s) periodically with Web of Trust loaded and check status
- Contest bad results as needed
- Ask for help from skeptics when necessary – it works!
By following these practices, you won’t have to rely on others to notice your reputation issue before you do.
Related Issue: Web Surfing Filters
A closely related issue is web filtering products which can block access to your website at companies, schools and other institutions with security or access policies. I know of at least one skeptic site (The Twenty First Floor) that has run afoul of these filters.
Unfortunately URLvoid does not cover these services, and I don’t know of an equivalent way to check your status in several at once. (If you know of one, suggest it in the comments). I’m currently researching this problem and hope to address it in a future post.