|What should i do?|
Please read this, advice please?
I run my own freelance design company and one of my local competitors, actually wouldnt call him a competitor is a man, about 60 years old and he also designs websites, although hes horrendous at it he does have a lot of clients due to him being a councillor for the town so he has contacts and i think the people he designs them for are not very computer friendly so doesnt know what a good website should really look like.
Anyway...looking around a few of this guys sites and he has on most of them a "private members area" which you need a password to get in to, trouble is the password is in the view source and can be seen by everyone, i clicked it and it has addresses, mobiles, emails of people, depending which site the amount of details varied but still, dodgy thing to have just lying around on the internet im sure youd agree. This guy uses the same password for each private members area site, so you know it and you have access to them all
Then to top it all off he puts Goodle AdWords on each of his websites so he continues to make money for himself after the sites have been completed which i also think is very sly considering some of the sites are for charities or places which are ran by volunteers and funds are provided by the public!
I have a newsletter which goes out to my subscribers each month, some of which are users of his services? Thing is I dont want to sound like a b*tch mentioning it in my newsletter that the average 10yr old kid nowadays knows how to view source let alone anyone trying to commit ID Fraud and should i mention about the AdWords trick hes pulling?
What do you think?
Sorry but it sounds as if there is some personal baggage behind your post.
1. Adsense. That's between him and his clients.
2. Security. If you find a problem on a site, a personal note to the webmaster is the best approach.
no there is no personal baggage at all
i just think its a high security risk, ive tried emailing him and calling him without a response
adsense, fair enough, but these local charities are run by little old ladies who wouldnt even know what Google was let alone adsense
So the best thing you could obtain is a cell number and an email address? This is just a local site and I don't think anyone will care too much.
I believe you're just angry he might make a little bit of money with Adsense on his badly designed sites.
no im not, i dont even use adsense on my sites, i design and sell ads for local businesses and then sell the ad space to them same clients to go with it so why would i be angry?
I just feel that hes been a bit sneaky in regards to placing adsense on these charity and volunteer websites who give up their free time and money just to be conned out of the cash they could have for improving the services that the visitor came on the website to look at in the first place
Call one or two people who are listed in the private area, and anonymously let them know that their details aren't so private after all.
mikem1986, I live in a small N.W. community and this kind of stuff is RAMPANT. It gets back to the same thing, it's who you know that matters, not what or how much.
You can take advice given here or rest assured that karma will catch up to him. You don't need to squeal. What you need to do is approach the current client in such a way that you wish to help. "Here is what I will guarantee I won't allow to happen . . . . "
One of two things will come of this approach: the client will lock up, because no one wants to admit they've made a wrong decision, or they will hire you on the spot and fire Mr. Brown-noser. IMO, this is the Right Thing to Do for all involved.
|ive tried emailing him and calling him without a response |
Why, why why would you want to help someone like this? If he hasn't done his homework, he doesn't deserve help, especially with the lack of an ear for his shortcomings. It's the clients you should be concerned about, not the instrument of their destruction.
I'll take your word that there is no personal baggage now, but you can expect that there will be if you play out the hand.
If it were me, I would document everything, load all of my guns and go in blazing with his biggest clients. Keep it completely professional though. This is what I can do, this is what I will do, this is what is what I would improve, this is why, this is how I will work with it..... Try to keep as far away from being personal as possible. Business only!
1) You may pick up some nice business.
2) He will suddenly have a lot of problems that current customers should expect to see fixed FREE and fast.
3) Small town, connected guy - it will be personal. Make your choices about how to get some of the business, but dot every i and cross every t, because it could get ugly.
|but these local charities are run by little old ladies |
Are the people he has as clients individuals you actually want as customers? Little old ladies doesn't sound like a very profitable niche to me. I find the best thing to do with competitors, large, incompetent, or otherwise is to ignore them. Build up your marketing and brand and win more customers that are profitable and lucrative.
In the town I live in I have web developers that are agencies and much larger than me and freelancers like myself, some better than me some worse. I have never had a problem making a living full time at this for 5 years now because of the skills and connections I built up outside of whatever they are doing.
Sometimes it makes sense to study what a competitor is doing if it is a tactic that is very effective and figure out a way to neutralize it or improve on it.
However it appears to me you might have a bit of sour grapes with this guy because you don't respect his skills, but he keeps picking up customers with his connections that perhaps you might want. I suggest if that is the case, find people he hasn't worked with and win them as customers. Spending too much time worrying about what this guy is doing or not doing is wasting your most valuable resource...time.
I think you sound bitter Mikem. That's ok. I understand. But you have to consider things rationally. Besides that this guy isn't a very good webdesigner it sounds like the only thing you know for sure is that the private data on these sites isn't as private as the users believe.
But that is not your problem except if you are concerned for the good name of the organizations involved or you just want to be a good neighbor to your community. And if either are the case the last thing you want to do is publicize the problem. That would just be an act of bitterness detonating the bomb rather than defusing it, and it would likely boomerang on you with you being blamed as the person responsible for the security breech.
So your options are really limited to privately notifying the webmaster and site owners of the problem. You've already attempted to alert him once without success. I'd email him again with a "perhaps my first message was misplaced" note and blind customized carbons to each of the site owners. Send a different customized email to each site owner so you don't alert them of the possible problem with other sites, although if they are intelligent they'll figure it out. But once you've notified them you've done your due diligence.
You are upset in that you think site owners, and especially community organizations, are being fleeced by your competitor because you believe they don't know any better. But do you know that? Not all websites are built for the posted prices. I can easily imagine the scenario being your competitor offering these organizations free websites in return for the portfolio and publicity value plus his being able to run Adsense on them "to help cover out of pocket expenses." They might not get a great website but the price is right and they've made an informed decision.
Plus there's the councilman factor. Rocknbil is right in that "it's who you know." You recognized that also. But it is also "who they are". No doubt many people who don't value a website won't turn down a councilman professional webdesigner's offer to create them a website, without a lot of concern for quality as long as the price isn't too steep. No illicit coercion implied, it's just the way of things. Even the groups run by volunteers with public funds will understand that.
ok thanks for all the advice guys
i think ill send him an email and bcc in the relevant people and forget about sending a public newsletter.
I hate that i come across bitter as im really not like that at all, i dont want these "little old ladies" to be my clients but i also dont want to see them fleeced by what could potentially be a dodgy doings by this gentleman.
I personally wouldnt normally get involved in anything like this but as i have a "community" website if anything i think im just being a good resident and just doing what any other person may do and think is right if they were in the same situation?
The trouble is Mike that if you start contacting or even BCCing the affected people you will end up burning some bridges somewhere. And given that it is a small town it won't take long for word to go around.
The trick is to come up with a way of placing the idea into the affected peoples' minds that they should review security without actually pointing any fingers. As soon as you start pointing fingers then you have to be ready for the other three that are pointing back at you.
So, how's this for an idea. Do you have a local paper in the town? Would they be interested in an article written by you in general terms about website security in this new online world? Perhaps you could give some case studies (without any details) explaining how easy it is to gain access to private information via poorly design/secured sites. (Without incriminating yourself of course.)
The upshot of this MIGHT be that some of this fellow's clients start questioning their own site's security. You MIGHT gain a bit of a reputation in the town. You MIGHT achieve your objectives without treading on any toes.
But then again, people MIGHT not listen, at which time, you have done your best and you move on with business as usual.
Just an idea.
Thats a good idea woz! Thanks for that. Ill call up the local paper this afternoon and see what they say :-)
ive just spoken to my local newspaper who said theyd be happy to put something in for me as long as i dont mention names or websites or anything that could point to the situation in general.
Would anybody give me some assistance on what to write as im not too good
thanks in advance
Hehe, the ball is in your court now Mike. Think of it as an opportunity to brush up on your writing skills. Good Luck, and let us know the outcome.
thanks! Im sure the editors can "edit" my article as they see fit though haha
The problem with many journos is that if they get a sniff of the wider story, they'll print that without or without your co-operation.
Another problem, is that even if you write it, be prepared for some sub-editor with no clue about the topic in hand to hack your article to pieces until it no longer says what you wanted it to say, and contains numerous technical errors. They always do.
|So, how's this for an idea. Do you have a local paper in the town? Would they be interested in an article written by you in general terms about website security in this new online world? Perhaps you could give some case studies (without any details) explaining how easy it is to gain access to private information via poorly design/secured sites. (Without incriminating yourself of course.) |
Please keep us posted as to how the article works out!
I have one other idea...
I am sure everyone here gets the relentless barage of emails about "free consultations," "trial link campaigns" and offers of free trial periods for services encompassing every facet of their website. However, these are almost always form letters which lack sincerity and individualized approaches.
What if you were to send such an email to the websites' owners? Personalized, of course, with a snippet of the improvements you could/would make to the specific website. Offer a free phone consultation or to meet in person and review their website more in depth.
I don't think this would appear as a personal attack on anyone. Email campaigns are an accepted form of advertising...and free consultations seem to be the industry norm. No ethical boundaries would be toed. No scare tactics would be used -- you'd just be repackaging the investigative work you've already done and be offering to correct the problems you have noticed. Even if you don't get any work out of it, you'd have made inroads with these organizations and potentially earned the opportunity to, if nothing else, inform these people of the security issues they may face.
You can't do much more; you can't make people correct problems, only notify them of the potential issues and hope they make the right decision.
quick update, i managed to contact the gentleman who said he'd take my points on board and change the site! Victory lol!
And i still get to go ahead with my article!
thansk for everyones help! Im off to post another thread about file permissions on my server now!
|is a man, about 60 years old |
Which has what to do with anything?
Note: old_expat is 68 this week.