Diigo Annotations – A Tool For Spammers

Diigo, a powerful social bookmarking site, is a favorite app
for most of us here in Cloud Ave. Ever since I started using Diigo
after reluctantly converting from Delicious, I have started doing
evangelism for their service. I have been trying to impress as many
friends and colleagues to go with Diigo, showing some of the exciting
features like annotations, easy sharing, groups and lists, etc..

I still love Diigo but, off late, I am getting frustrated with the amount of spam in their service. The biggest reason for my switch from Delicious to Diigo was the ease with which we can highlight part or full webpage and add our own comments. This annotation feature has turned out to be a very convenient tool for collaborative research. By installing Diigo toolbar, it is easy to do the annotations on any site. The annotations can be public (seen by the whole world) or private (seen only by you) or shared to a group.

Every thing was going great till I noticed some spammy annotations on the main pages of some of the popular sites like Twitter, MSNBC, etc.. Initially, I was not worried because I thought I can turn them off by using the option in Diigo toolbar. The toolbar is supposed to allow us to either select the option of showing annotations shared with us by our friends or just our own annotations. There is also an option to turn off annotations completely. I, initially, turned off all public annotations and kept only the private ones. When I selected this option, all the spam went away (as these spams are public annotations anyway) and I was relieved. It appears I celebrated a bit too early. When I restarted the browser, the settings went to default and the spam annotations were showing up again. Today, I saw these spam annotations when I was viewing a message sent by my friend on Facebook. This really freaked me out.

Having the spam annotations on the public web pages are normal. The spammers might be using Diigo to bookmark these public websites and add the spam annotations. How did it enter the facebook page that was showing a personal message in my inbox. I suppose the URL for the message is unique. Now I am wondering is these spams are much more sophisticated that simple bookmark and annotate spams. Are the spammers using some kind of injection techniques to send these spams? If it is the case, I will be worried about the security of my data with Diigo. In fact, I will be worried to even have the Diigo toolbar installed on my browser. The situation has gone beyond the irritation phase and requires some serious action from the Diigo side and fast. If they fail to stop this spam, my days with Diigo are numbered and I am going back to Delicious or tap one of the URL shorter services to act as my bookmarking site.

This is an open call to Diigo to respond publicly on this topic and add a fix. When I first wrote about Diigo here, they responded immediately about one of the cons in my Living In The Clouds post. Once, when I complained on Twitter about a person sending me spam through their service, they acted instantaneously and blocked the person. Few weeks back, I tweeted about Diigo service being unreliable and there was no response in the Twitter. I even tweeted about this spam on Twitter and there is no response. I just hope they take this post seriously and act on the issue. Spam sucks big time. They should take a leaf out of Twitter play book and go after spam in full force. Just as I finished writing this post, I saw Dan’s post on a topic
similar to this one. He has highlighted how the tagging system can be
used by spammers to their advantage. The very fact that two of us could
think about the spam in social networks at the same time means that it
is getting serious and unless the social networks pull their act
together to get rid of the spam, we are in for a real frustration in
the days to come.