“Quepasa”: an apology

I have unwittingly been instrumental in causing dozens, possibly hundreds, of innocent people, including some complete strangers, to receive messages purporting to contain invitations from me to become my “friend” on a website called Quepasa.  As far as I can make out, this is some kind of predominantly Hispanic dating service.

I have no idea what this is all about.  I received a message purporting to have come from someone I’m working with on an editing project, a colleague whom I am naturally anxious not to upset, which seemed to be inviting me to be a “friend” on Quepasa;  and it seemed churlish to refuse.  The website said it was sending messages to three people I know who appeared to be already members of this Quepasa, so I clicked OK and only then realised, too late, that the damn thing was sending out these invitations to everyone in my (substantial) address list.

I have now been receiving dozens of messages, some from friends and other people whom I know, many from complete strangers, either notifying me that they have accepted my invitation to be a friend on Quepasa, or asking what’s going on, who I am, and how I know their email addresses (which in many cases I didn’t).

This is evidently a tiresome form of spam (but as far as I can discover, not involving a virus and not listed by Hoaxbuster or other similar sites that expose online hoax sites).  I suggest that you do not try to access the Quepasa web page and do not authorise it to access your email account.  If you have already done so, it would be wise to disable the Quepasa access authority in your email web page, and then, but only then, to change your email account password.

I am sorry to have caused you this trouble.  I have now received too many messages about Quepasa, both personal and automatically generated, to be able to reply to them all individually. I hope some of those affected may read this post and accept it as an apology for my action in unintentionally exposing them to these time-wasting and mysterious communications.  I shall not visit this tedious and unscrupulous website again and I shall delete all future messages from it unread.  I have removed Quepasa’s authority to access my email account (which I unwittingly granted) and changed my own password, so I hope the nuisance will now, or soon, stop.

Damn.  Sorry!


16 Responses

  1. Geraldine Walsh says:

    Me too – re Quepasa!

    Brian writes: Thank you for this. I’m afraid a number of good people did as I did and felt that it would seem churlish to turn down what looked like a harmless ‘invitation’. To avoid the risk of finding dozens of invitations being sent out in your name to the email addresses in your address book, it’s apparently necessary to find your email account settings (in your case in Yahoo), find where it lists the programmes or websites that have been given permission to access it and delete or disable or remove Quepasa from it, and then change your password. Tiresome, I know….

  2. Phil says:

    Thanks for posting this. I’m glad you’re on top of it, and particularly glad it wasn’t a virus.

  3. Brian, you wrote “I have no idea what this is all about”.  It is about a common theme in our corporate society; that of companies being quite reckless with our “private data”, in this case e-mail addresses.

    In this regard, I cite the current UK census.  All that private data of ours is being passed to Lockheed Martin, one of the worlds largest private “security” concerns and arms manufacturers, with close links to the CIA.  Due to the requirements of the US Patriot Act, the official assurances of the privacy of our data are not worth the paper they have been printed on.

    I also cite the previous government’s plans to transfer control of our NHS medical records to Google, no less.  We tend to think of Google as an Internet search service but, of course, they do not charge for that “service”.  In fact, Google are a “data mining” company, that is how they make their money.  The Internet searches that Google perform “for us” are logged against our identities, and form the raw material of the highly valuable databases that Google sell to other companies and governments.

    So don’t apologise too much, Brian.  Although this incident has resulted in a lot of needless typing for various people, it did at least have visible effects, whereas thousands of similar distributions of private data pass unnoticed every second.  It has served to illustrate quite graphically our lack of privacy in this corporate world.

    A Glenn Greenwald article on the importance of privacy for anyone interested:


    Brian writes: Thank you very much for this, Clark (and for the immensely helpful advice you have given me privately on how best to deal with the Quepasa nuisance). You make an important point about the numerous threats to our privacy posed by globalised big business with the active help of slavish governments. I also find it chilling to think of all the personal information that everyone travelling to the US (other than US citizens) is forced to disclose to the US authorities as a condition for being allowed to enter the United States. All this, as we know, is held indefinitely in a giant Homeland Security and CIA database. It’s anyone’s guess what percentage of this vast mass of information is accurately recorded.

    My apologies are of course for having unintentionally put a great many people to a lot of unnecessary trouble in dealing with the Quepasa nuisance through the accident of their email addresses having been extracted not only from my own email address book but also from emails going back several years. I accepted what appeared to be a genuine invitation to be a ‘friend’ on Quepasa from someone whom I was anxious not to seem to snub by rejecting the invitation. He of course had no idea that the invitation was going out in his name until he got a message saying that I had accepted it. No-one should ever accept invitations like these without first checking, by private email to the apparent sender, whether it was genuine. Unfortunately I — like thousands of others, alas — failed to do that on this occasion.

  4. Clark says:

    Just so we know who did this, I did a whois lookup:
    Domain Name: QUEPASA.COM
    Administrative Contact, Technical Contact: sysops@quepasacorp.com

    Quepasa Corporation                
    324 Datura St.
    Suite 114
    West Palm Beach, FL 33401
    5613661249 fax: 5616519984

    Quepasa Corporation own about 37 other domains.

    Brian writes: Thank you for this most useful information. I hope that this serial abuser of the internet will now be deluged with complaints addressed to sysops@quepasacorp.com. I shall be looking into the possibility of action to get the corporation’s 38 or so domain addresses barred, although no doubt it would soon be back in its nefarious business even if that could be achieved.

  5. Carl Lundquist says:

     Yup, a spam artist.  I set a twit filter on that domain in my G-mail.   Hopefully, that will handle in on my machine.   One touch of irony:   Their HQ is listed at 324  Datura St.   Datura is the generic name of a group of poisonous weeds.

  6. Clark says:

    Yes, datura.  A dangerous psychoactive weed, know to induce copious vomiting.

    Brian writes: Thanks. How incredibly appropriate! However, Quepasa itself seems from its Wikipedia entry to have been, and presumably still to be, a perfectly reputable organisation despite some financial and management upheavals — also see for example the Wikipedia entry for its founder and twice Chairman and Chief Executive, Jeffrey Paterson, at http://en.wikipedia.org/wiki/Jeffrey_Peterson. 30% of its shares were sold to someone who later became Governor of Florida. These people are hardly spammers. So what is going on?

  7. Clark says:

    Well, there’s spam, and spam, you see.  This spam falls within the letter of the law, and indeed the company directorate has close connections to the lawmakers of the US state in which the company is located, as your research has uncovered.  This is the “revolving door” between the political class and the corporate system, that has so much influence upon our society.

    Alas, Brian, your experience is from an age of greater integrity.  This harks back to the different interpretations of the speech by  Sir John Sawers :
    your interpretation vs. mine and Craig’s.  I described Sawers’ speech as “spin”.  The essence of spin is to exploit the gap between the letter and the spirit of a message to the greatest degree possible.  And the same thing has been exploited here.  The Quepassa enrollment pages are designed to lead you, albeit unwillingly, into giving your consent to the spamming, and thus the spamming is not +technically+ spamming.  At least, not as far as the complicit lawmakers of the State of Florida are concerned, and that is all that matters to the company and the Governor.  People are annoyed and inconvenienced, but Quepassa make their money (via advertising), Florida get the taxes, and the Governor gets his share dividend.  Typical of the modern approach, I’m afraid.

  8. Clark says:

    Probably the most effective complaint that can be made of the Quepasa site is that it will NOT permit one to join UNLESS they give access to at least one web-based e-mail account.  The only ways to join without triggering an avalanche of spam are (1) set up an e-mail account specifically for the purpose of joining, with NO entries in the contact list, or (2) with an existing e-mail account, manually un-tick every contact in the scrollable box on about the 4th page of enrollment.  If you have 100 contacts, you must un-tick 100 times!  Otherwise, you’ve “given them you consent” to contact those people.
    Personally, I’ve never trusted on-line contacts lists.  My only contacts list is stored locally on my own machine, as is all my data.  I’m not going for the new “services” of “Cloud Computing” or “Software as a Service” such as Google Apps, either.

  9. Clark says:

    Sorry to rant, but here’s another point.  On the ‘net, everyone wants your passwords.  When someone gains control of your account, the Geeks say you’ve been PWNed:
    These e-mail providers that “offer” to collect e-mail from your other accounts, what they’re really after are your e-mail passwords, and your visits to their web-mail site.  Your visits increase the value of their advertising space, and decrease that of the rivals they’re collecting from.  Your passwords increase their power-base and give them access to those other contacts lists.  The “maps” of who e-mails whom are valuable stuff.
    Don’t cooperate.  Get yourself an e-mail client program like Mozilla Thunderbird.  Set it to download your e-mail from all your accounts.  Copy your contacts lists and store them on your own machine.  Delete the online copies, or even better, edit them so they’re all wrong.  Change all your passwords, and keep a good supply of tinfoil hats – you’ll be needing them!

  10. Clark says:

    Brian,  I’ve just realised that my last comment above seems rather bossy.  This was not my intention.  I’m used to commenting at Craig Murray’s where comments are addressed to many contributors.  It’s more of a personal conversation here, and I apologise, I was playing to the gallery rather than telling you what to do.  Except the tinfoil hats.  That bit was serious.

    Brian writes: Thank you for all these well-informed and timely warnings and suggestions. I recognise the good sense in everything you say, and in an ideal world I would follow your advice to the letter. I hope many who read your comments will do so. But I have to admit that for whatever reason — lack of confidence in my own technological skill, fear of the unkown, old age, dwindling energy resources, indolence — I’m not going to embark on the adventure that you recommend. I’ll continue to use Windows and a reliable virus and malware checker (in my case ESET), along with Firefox as a better and safer browser than Internet Explorer and Gmail as an extremely user-friendly email client. I accept entirely that this use of Gmail to store all my emails and address lists and some personal details ‘in the clouds’ involves trusting Google not to abuse its access to them and that it lays me open to the kind of confidence trick recently played on me by the unprincipled and unscrupulous scavengers of Quepasa. I hope I have learned my lesson from that and shall not again agree to requests, however polite and seductive, to reveal any of my passwords to unknown organisations or individuals. I shall make an effort to change my passwords much more often and to check regularly for evidence of hacking into my various accounts. But I shall henceforth be doing all these things in the knowledge that it involves real risks as well as convenience, and that ideally one shouldn’t trust Google any more than one should trust any profit-making outfit in the ruthless world of 21st century unregulated capitalism!

  11. Clark says:

    Orwell’s Nineteen Eighty-Four and Huxely’s Brave New World both made strong impressions upon me as a teenager, but they seemed to be opposites.  Isn’t it strange to see them simultaneously materialising before our eyes?  Our PCs and mobile ‘phones are the Telescreens,  shutting down to standby but never quite off, they monitor our contacts and interests, maybe they even watch our every move.  But we voluntarily buy from our own incomes, they are objects of desire, and they lull us with the messages of casual sex and consumerism, “Ending is better than mending…”

    Brian writes: Thanks again. The Guardian report whose link you quote is truly chilling. Is the tiny eye of my laptop’s webcam, which is staring at me as I type, really switched off? Or the external webcam plugged in to my PC? Who is reading my emails? As the old saying goes, just because you’re paranoid it doesn’t mean they aren’t out to get you!

  12. Clark says:

    The school pupils took to putting chewing gum and Blu-Tack on the webcam lenses and microphones.  That case involved spy software deliberately installed by the school, but we never know what closed, proprietary software may be doing as we don’t have access to the source code.  The full, current sources aren’t even in the possession of our (inadequately accountable) governments; they’re the “trade secrets” of powerful corporations, who can modify “our” installed software at will:
    Note the Doublespeak from Microsoft in the Informationweek article – this insecurity is essential, in the interests of security!

  13. Lorna Elliott says:

    Hello Brian
    I’ve just received two duplicate emails from Quepasa, which tell me you’ve sent me a message. Not sure whether you’ve managed to delete your details from this site yet but I just thought I’d mention it!

  14. Brian says:

    I’m sorry to say that the wretched nuisances at Quepasa have sent out another crop of fake “invitations” pretending to have been sent by me once again.  I have of course changed my email password but there’s no way to prevent Quepasa using the email addresses which they copied and evidently stored from my email account a few days ago as often as they like.  It seems that this repellent practice is probably not technically spam (because those who have been tricked into authorising Quepasa to send invitations to their friends have formally given their permission) and it probably doesn’t break any laws.  The only thing you can do if you receive one (or more) of these fake invitations is to take no action whatever on them except promptly to delete them.

  15. Clark says:

    Hello Brian, and all.  Yes, like Lorna, I’ve just received my first follow-up e-mail from QueSpamma, purporting to be a “private message”.  Of course, it isn’t, and QueSpamma’s use of the word “private” is utterly hypocritical.
    The e-mail contains a link, “To prevent from getting anymore email notifications from your friends on Quepasa.com, click here”.  I followed that link, and on the page it lead to I clicked the “No” button.  I shall report back what happens, if anything.  So no news from me will be good news.  If QueSpamma remain true to form, I shouldn’t get any more messages, because one of the rules that enable them to claim they are not spamming is that they must supply an “unsubscribe” system that works.

  16. Clark says:

    Update – unsubscribing from Quepasa messages has had no ill effects for me so far.  From now on I shall post further updates to Brian’s newer Quepasa post: