ITsecurity
twitter facebook rss

Veracode & Marketo – more like Faust & Mephistopheles

Posted by on July 1, 2015.

I have news for you: you can’t trust your friends anymore. Some of them are likely to be unwitting marketing pawns first, and friends second.

This is from the Marketo website:

marketowebsite

With those figures it’s fairly obvious that marketing companies will seek to exploit friendships over and above advertising – or put another way, get your friends to endorse their advertising to better sell to you and others. Facebook and Google have both been in trouble over their methods of doing this – but they are not alone.

One company that has annoyed me in the past is Veracode. Last December, we had this exchange:

veracodetweetsall

I objected to being part of Veracode’s advertising campaign.

Jump forward to today. I came across an article discussing a Veracode whitepaper. It seemed to be a bit confused, saying that CISOs should be concerned that the BOD is taking security seriously yet BODs only think about security when there’s a problem. Clearly time to check the source.

As usual, you need to ‘register’ (that is, provide basic information about yourself) before being able download the document. Fair enough – that’s what this whitepaper costs, and I have the option of paying for it or not. But the registration page offers the option of ‘registering’ via a social media account. This is tempting because it is quick and simple, doesn’t require yet another password, and comprises information that you’ve already put on the internet. I chose to register with Twitter: and up popped the following:

marketoauthorizeLook a bit closer. This isn’t a simple ‘register with your Twitter account’. Accepting this quick and simple option is tantamount to allowing Marketo to pwn your Twitter account.

…and follow new people (Marketo and its clients can make me follow other people? Follow their clients presumably.)

Update your profile (Surely you jest? Marketo is now allowed to change who I am?)

Post Tweets for you (So if I had followed through with this, you could very soon see tweets from me extolling the virtues of Marketo clients’ products)

The problem is, we rarely read the conditions on things we sign. So we don’t know how many of our ‘friends’ have already been subverted by Marketo and others like it.

The moral of this story is simple. Don’t automatically believe that it’s your friend endorsing that product. And if you come across Marketo, move along quickly. Frankly, Veracode, I’m ashamed of you: you should remember Faust and Mephistopheles – your short term gain will lead to long term pain.


Share This:
Facebooktwittergoogle_plusredditpinterestlinkedinmail

One thought on “Veracode & Marketo – more like Faust & Mephistopheles

  1. Hi Kevin,

    Just wanted to reach out and let you know that we agree that those social permissions requested by Marketo seem really invasive. We are going to investigate our options around customizing and removing some if possible. Thanks for bringing your concerns to our attention.

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: Expert Views, Kevin Townsend's opinions, News, News_privacy | Tags: ,