WhenU Spams Google, Breaks Google "No Cloaking" Rules
Benjamin Edelman - Spyware Research, Legislation, and Suits

[ Background - Findings - WhenU Is Responsible - Copyright Violations - Responses - Disclosures ]

Abstract: Web site "cloaking" is the practice of providing different web content to users than to search engines. Through cloaking, WhenU elevates the visibility of sites it selects, while pushing critics' sites lower in search engine rankings. This article documents my finding that WhenU has used cloaking on at least eleven web sites, and that WhenU has linked to its cloaked sites with hidden code on www.whenu.com. Upon learning of these behaviors, search engines Google and Yahoo removed from their indexes the WhenU sites involved in the scheme (including www.whenu.com).


Related Projects

WhenU Violates Own Privacy Policy

Advertisers Using WhenU

WhenU Security Hole

WhenU Copies 26+ Articles from 20+ News Sites

WhenU.com, Inc., v. The State of Utah

A Close Reading of Utah's Spyware Control Act

Documentation of Gator Advertisements and Targeting

"Spyware": Research, Testing, Legislation, Suits

Other Research by Ben Edelman


Among the various characteristics of spyware are programs whose methods and intentions are less than clear. Some providers of spyware intentionally lurk in the shadows -- providing little or no information about their products or their products' effects. (For example, there is no official web site for CoolWebSearch, a class of browser hijackers found to be particularly difficult to uninstall.)

Other spyware providers take a different approach to shaping public perception of their products. For example, both WhenU and Claria offer public web sites that describe their products, services, and methods -- thereby telling their side of the story as to what their companies do and why, in their view, their companies are ethical, honorable, and legal. Claria has also taken a more active approach by suing one company critical of its methods, claiming libel when PC Pitstop called Claria "spyware," explained what Claria does, and told users how to remove Claria software. (See Claria Inc. v. PC Pitstop - c|net coverage, PC Pitstop statement.)

Beyond its ordinary public web site, WhenU has taken steps to attempt to alter search engine results as to WhenU's product name: Using techniques often called "cloaking" and "search engine spamming," WhenU (or a firm acting on WhenU's behalf) has posted at least thirteen sites, most of dubious contents and with prohibited methods (all described below), in an attempt to hold multiple positions in search engine results bearing WhenU's name. When successful, these methods push critics' sites to lower positions in search engine rankings and give additional exposure to pages favorable to WhenU. The details of these behaviors are described in Specific findings, below, while the evidence for attributing these behaviors to WhenU is set out in Confirming WhenU's responsibility for the cloaked sites.

WhenU's "cloaking" technique is prohibited by search engine rules because cloaking prevents a search engine from properly indexing what users actually will see: If WhenU's web servers intentionally give Google something different from what they give users, then Google cannot properly select the pages actually relevant to users' searches. In particular, Google might give users the cloaked WhenU page because the page's server told Google the page's content was relevant, when in fact the page's content is unrelated or otherwise, in Google's estimation, less than relevant.

See also Google's discussion of cloaking in its Information for Webmasters FAQ:

"The term 'cloaking' is used to describe a website that returns altered webpages to search engines crawling the site. In other words, the webserver is programmed to return different content to Google than it returns to regular users, usually in an attempt to distort search engine rankings. This can mislead users about what they'll find when they click on a search result. To preserve the accuracy and quality of our search results, Google may permanently ban from our index any sites or site authors that engage in cloaking to distort their search rankings."


Return to top

Specific Findings

This section proceeds in seven parts. First, I begin with a walk-through of cloaking practices. I then list WhenU cloaking sites, examine effects on rankings, and document WhenU's chosen redirect destinations. I conclude this section by presenting the gibberish text used by WhenU in cloaking sites, analyzing the invalid Whois data and other suspicious registration practices associated with the cloaking sites, and examining the evidence as to the likely duration of these practices.


Introduction to Cloaking

Consider a Google search for the phrase "whenu clickthrough." As shown in the screenshot to the right, the first result for this search (when conducted in early May 2004) was a site called whenu-advertising.com.

However, clicking on this link in Google search results does not take the user to the content described in the Google result snippet. Indeed, the Google link takes the user to a story on fortune.com, favorable to WhenU, entitled Flowers That Pop.

That whenu-advertising.com provides a "redirect" to another site is not, in and of itself, evidence of search engine spamming or cloaking. But a look in Google's Cache indicates that, at least when Google's spiders last viewed the whenu-advertising.com site, the site actually provided web content. See the screenshot to the left, showing Google's cached version of the page.

So, the page as it stands (as it is shown to users) is different from the page that Google remembers recently indexing. What to make of this divergence? Conceivably, WhenU might have simply changed the page since the last time Google indexed it. But a bit more browsing shows that this is not what happened. In particular, viewing the whenu-advertising.com site directly, by typing in its address rather than by clicking through Google's links, shows content matching the Google cache. See the screenshot to the right.

Testing with a manual web browser shows why users see different results from search engines. When the cloaking web server sees that a user is reaching whenu-advertising.com with a "HTTP Referrer" tag that indicates that the user came from Google (or, testing confirms, Yahoo, Altavista, and other search engines), the web server redirects the user to the Fortune article linked above. In contrast, when the user's HTTP request lacks such a header, the user gets the site shown immediately above. In this way, the cloaking webs server can provide different results to the Google spider than to users -- making Google think the whenu-advertising.com site will give the user the site shown immediately above, when in fact whenu-advertising.com merely redirects users to the Fortune article.

To confirm these findings, compare the following two HTTP transaction logs, made on May 9, 2004 using the Sam Spade manual HTTP client:

Request for whenu-advertising.com with a Google referrer header:

note referrer header

GET / HTTP/1.1
Host: www.whenu-advertising.com
Connection: close
Referer: http://www.google.com/search?q=whenu+clickthrough
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; (R1 1.3); .NET CLR 1.1.4322)

note HTTP redirect response

HTTP/1.1 302 Found
Date: Sun, 09 May 2004 20:41:33 GMT
Server: Apache/1.3.26-Fil (Unix) PHP/4.0.6
X-Powered-By: PHP/4.0.6
Location: http://www.fortune.com/fortune/smallbusiness/technology/articles/0,15114,554407,00.html?&engine=www.google.com&search=whenu+clickthrough
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


Request for whenu-advertising.com with no referrer header:

note lack of referrer header

GET / HTTP/1.1
Host: www.whenu-advertising.com
Connection: close
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; (R1 1.3); .NET CLR 1.1.4322)

note HTTP content header

HTTP/1.1 200 OK
Date: Sun, 09 May 2004 20:46:54 GMT
Server: Apache/1.3.26-Fil (Unix) PHP/4.0.6
X-Powered-By: PHP/4.0.6
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html

<META NAME="keywords" CONTENT="WhenU, WHENU, WhenU">

[rest of web page omitted]

Notice the single small difference between the two requests (the first has a Referer line; the second does not, as flagged in green highlighting) and the substantial resulting difference between the two responses (the first gives a HTTP 302 redirect to fortune.com; the second gives a full web page, as flagged in yellow highlighting). This is precisely cloaking, of the sort Google prohibits per the definition above. This cloaking method precisely explains why what users see on the whenu-advertising.com site is different from what search engines have indexed.

In short, when a visitor reaches whenu-advertising.com, the web server checks whether the visitor arrived at the site from a search engine, or is merely visiting the site randomly as a search engine spider might do. If the visitor is (or seems to be) a spider, the site provides a web site that looks, to the spider, like a "real" web site. (However, see discussion below of the gibberish and nonsensical text that makes up most of these sites.) But if the user came from a search engine, the web server redirects the user to other content, namely content favorable to WhenU.

See details in the following section, Specific sites affected, as to which sites WhenU configures in this way. See Confirming WhenU's responsibility for the cloaked sites as to why it is clear that WhenU is responsible for these registrations. See Whois data and Copyright violations as to other notable behaviors associated with the registration and operation of these sites.


Specific sites affected

Additional testing shows that whenu-advertising.com is not the only domain that shares the characteristics described above, e.g. cloaking to send users to content favorable to WhenU. Cloaking includes at least the eleven sites listed below:


I found the bulk of these sites in approximately ten minutes of searching, and I believe there may be many more such sites. Send additional examples to me by email.

I have also found at least three WhenU web sites that provide copies of copyrighted articles from the New York Times and other publications -- extended or complete, but unattributed and seemingly unlicensed. These sites are whenu-advertising-info.com, whenu-info-resource.com, and whenu-legal-info.com. (Note that whenu-legal-info.com both uses cloaking and provides copies of copyrighted articles, so it is present in both listings.) See details in Related bad behaviors: Copyright violations and unattributed copying of media publications, below.

Site rankings

As of May 9, various of the thirteen sites listed above appeared high in many searches for WhenU and for WhenU products at Google and other search engines.

For example, whenu-advertising.com came up as Google results one and two for "whenu effective," and number two for "whenu survey." Whenu-pop-ads.com took the first and second positions for "whenu contextually," and the fifth and sixth positions for "whenu contextual." Whenushop-space.com took the third result for "whenushop," while whenushop-advertising-central.com took fourth, whenushop-popup-ads.com took fifth, and whenushop-pop-ads.com took ninth. Screenshots of these findings are available: effective, survey, contextually, contextual, whenushop.

Google designs its search engines to attempt to be robust even against web site cloaking, and on other search engines, WhenU's cloaking efforts seem to have been even more successful. Consider the Looksmart results for a search on "savenow," conducted the last time Google's spiders crawled Looksmart. According to this screenshot from the Google cache (screenshot made May 12), WhenU's cloaking sites (namely savenow-pop-ads.com, savenow-advertising.com, and savenow-popup-ads.com) took positions one through three in Looksmart, pushing sites critical of SaveNow down to positions four and six. Were it not for WhenU's cloaking, these critics' sites would have appeared in positions one and three in the "savenow" search. Furthermore, according to this screenshot, WhenU's whenu-legal-info.com and whenu-advertising-info.com were the first and third most highly ranked WhenU sites for a Yahoo! search on "whenu" even after www.whenu.com was removed (after I notified Yahoo! staff of its cloaking behaviors - see Responses section).

Accordingly, there is ample evidence to conclude that WhenU's cloaking efforts were, on the whole, successful at spreading positive information about WhenU and at pushing critics lower in search engine rankings for key WhenU search strings.

Redirect destinations

As of May 9, the cloaking sites redirect users to Flowers That Pop (Fortune Magazine), Judge Rules in Favor of Pop-up Purveyor (c|net news.com), Judge Dismisses Wells Fargo's Motion to Block Pop-Up Ads (Computerworld), and WhenU Can Keep On Popping Up (ClickZ News).

Of course, WhenU can change the destinations of these sites at any time, merely by reconfiguring its cloaking web servers.

Gibberish text

Beyond the cloaking shown above and the bogus Whois data described below, the cloaking sites at issue also largely share the characteristic that they contain text that is, in large part, gibberish, nonsensical, or irrelevant to WhenU's business.

This nonsensical gibberish text is fully consistent with the sites' cloaking strategy. The sites' text serves purely to make search engines think that the sites' content is relevant to users seeking information about WhenU and its products. Users are never intended to actually see this text, because the cloaking web servers will redirect them to articles hosted elsewhere. So the cloaking servers' text need not be well-organized or even grammatically correct.

Consider the following texts, taken from http://www.whenu-advertising.com/WhenU_Points.html and from http://www.whenushop-space.com/Legal.html, respectively:

"WhenU - Advertiser renewal rate topping 90%. Performance-based contextual marketing campaigns. Already in Belgium, the Proton cash card is a great success; one can add cash to it and spend such e-cash most anywhere in Belgium. WhenU - 16 million users and growing. 15 million unique visitors and growing." (screenshot)

"Yes, Amphibian. Lover.com is available, but it doesn't have the ring of truth, the same kind of rhythm as Frog. Lover.com. internet consulting firm source. 27 Ways to Promote Your Website" (The Guaranteed security sitewilsonweb.com/articles/checklist.htm). You may find some bargains here, especially if you are purchasing a large enough number of impressions at a time. WhenUShop - Our software protects user privacy 100% - while delivering unprecedented results for advertisers. 9 billion monthly advertising opportunities." (screenshot)

Why include this gibberish text? It turns out that pages with excessively "dense" keywords (too many keywords and too little other text) are penalized by many search engines. Filler text, like the Belgium and amphibian references quoted above, is one way that search engine optimizers attempt to avoid search engines' excess-density penalties. (See e.g. "Keyword Stuffing" in "Are Your Search Engine Rankings At Risk?")

Site characteristics, suspicious Whois data, and resulting inferences.

Of the eleven cloaking sites listed above, all sites at issue share the characteristics that 1) they include WhenU marks in their domain name, 2) they use search engine cloaking to provide different responses depending on whether users reach the sites via search engines or directly, and 3) they all provide content favorable to WhenU.

These facts give rise to a strong inference that WhenU sponsors or commissions the sites' operation, because it is hard to imagine any other entity with so strong an interest in portraying WhenU in a positive light. However, the domains' Whois data reflect registration to entities other than WhenU itself. See the sites' Whois details. Solely on the basis of these facts, I would reach the conclusion that these domains are overwhelmingly likely to have been registered by WhenU or by an individual or firm acting on WhenU's behalf. However, as a result of findings in the subsequent section (Confirming WhenU's responsibility for the cloaked sites), there is no need to rely on this inference, because even more compelling evidence is also available.

The domains' Whois details are also notable because they give rise to a strong inference of intentionally invalid registration in violation of registrars' rules:

Ten domains were registered on the same date, through the same registrar (Stargate), but using five different names with five different addresses in four different states. All but one of the names used free email services (Yahoo Mail, Hotmail, etc.), and most of the names are gibberish (e.g. sdfsdkfj@mail.com and sfsdlfkj@hotmail.com). None of the names is listed in Yahoo White Pages at the address or phone number given, and none of the phone numbers is listed in Infospace Reverse Lookup. To date, I have not attempted to contact any of the individuals listed in Whois details.

The other three domains were listed in Whois details were all registered on the same day through the same registrar (GoDaddy). The registrants specified three different names, along with three different addresses (in three different states), phone numbers, and email addresses. However, two of these three registrants specified the same name servers, both of which overlapped with nameservers used by several of the domains from the batch of ten described immediately above.

Duration of WhenU cloaking

The duration of WhenU's cloaking efforts can be inferred from at least two independent sources:

1) As early as August 2002, archive.org reports that www.whenu.com contained hidden links to the sites that, at least in 2003-2004, used cloaking. See screenshot of www.whenu.com HTML code from August 2002, as archived by archive.org.

2) The cloaking domains' Whois data gives a bound on when the domains were registered. Most were registered no later than July 2002, and archive.org confirms that, as early as August 2002 and perhaps earlier, the domains contained giberish text and other characteristics consistent with the cloaking bait characteristics described above. See e.g. archive.org records, screenshot.

Archive.org's records of gibberish text and other similar characteristics suggest that WhenU used cloaking since the dates of registration of these domains -- for gibberish text would not be typical on any site actually intended for publicviewing. However, my personal observations do not prove that WhenU used cloaking prior to the fall of 2003. It was not until fall 2003 that I first noticed Whenu's cloaking efforts, and even then I did not immediately understand the full scope of the efforts. Nor did I then have proof that the cloaking sites operated with WhenU's knowledge and approval.


Return to top

Confirming WhenU's responsibility for the cloaked sites

In the root web page on WhenU's main www.whenu.com site, and on other major authorized WhenU sites, WhenU includes links to ten distinct sites that largely use the cloaking method described above. These references strongly support the inference that WhenU provided or commissioned the cloaking sites: Since WhenU links to the sites, they cannot be mere rogue sites operated by some third party without WhenU's knowledge or consent. Instead, the presence of the cloaking site references within WhenU's main site indicates that WhenU is aware of the cloaking sites and approves of them.

The links on www.whenu.com to the cloaking sites are hidden in ways intended to be visible to search engines but not visible to ordinary web users. WhenU uses two methods to make the links visible to search engines but not to users:

1. WhenU links to the sites using an imagemap associated with a transparent graphic. Since the underlying graphic is transparent, users would never click on the graphic. (However, a user who knows the graphic's approximate location can highlight it. See screenshot, highlighting the graphic and circling it for emphasis.) In the HTML snippet below, yellow highlighting marks the transparent imagemap.

2. WhenU places links inside comment tags that are dynamically generated by client-side JavaScript code. Web browsers run this JavaScript code, receive the comment tags, and therefore ignore the text and links that fall between the comment tags. In contrast, search engines read the HTML without running the JavaScript, so they ignore the instructions (in this case, comment tags) that would result from running the JavaScript. So, to search engines, the text and links remain a part of the page, and they get indexed and followed accordingly. In the HTML snippet below, green highlighting marks the JavaScript code that prevents users from seeing the hidden links.

These two methods are both clearly visible in the HTML source code of WhenU's www.whenu.com default web page.

I provide four methods of viewing the www.whenu.com source code at issue. My recommended method is to view the code as embedded in this article (immediately below), along with highlighted comments that facilitate inspection and analysis. Alternatively, users who wish to see the full code on their own PCs can go to www.whenu.com and choose View-Source, or use this shortcut link [IE only - directly opens Notepad window of the source code]. Finally, see also this screenshot of the relevant HTML code.

reference to imagemap

<div align="center"><img src="http://spweb.whenu.com/images/spacer.gif" width="100" height="20" alt="" border="0" usemap="#seolinks"></div>


begin imagemap for transparent image
reference to "SEO"

<map name="seolinks">

<area shape="rect" coords="0,0,33,20" href="http://www.Whenu-info-resource.com">
<area shape="rect" coords="34,0,66,20" href="http://www.Whenu-advertising-info.com">


begin JavaScript start-comment tag generation

<script language="javascript">
<!-- hide from older browsers
var ostr = '<' + '!' + '-'+'- displaying these links:';
var cstr = ' -' + '-' + '>';
// -->


hidden links visible to
search engines but not users

Save Now How? Pages:<br>
<A href="http://www.savenow-advertising.com">SaveNow Adverising</a><br>
<A HREF="http://www.savenow-pop-ads.com/SaveNow_Answers.html">SaveNow Pop Answers</A><br>
<A HREF="http://www.savenow-popup-ads.com">Savenow Pop Ads</A> - unprecedented results<br>
<A HREF="http://www.savenow-pop-ads.com">Savenow - targeting online users contextually</A><br>

<a href="http://whenushop-advertising-central.com">whenushop-advertising-central.com</a><br>
<a href="http://whenushop-popup-ads.com">whenushop-popup-ads.com</a><br>
<a href="http://whenushop-pop-ads.com">whenushop-pop-ads.com</a><br>
<a href="http://whenushop-space.com">whenushop-space.com</a>

begin JavaScript end-comment tag generation

<script language="javascript">
<!-- hide from older browsers
// --></script>

Note also the inclusion within WhenU's HTML code of a reference to "seo" (pink highlight marking above). "SEO" is an industry abbreviation for "search engine optimization" -- a general term describing the class of behavior of which these hidden links and cloaking are a part. (However, not all search engine optimization is contrary to search engine rules. See Google's recommendations as to SEO practices.)

The use of the "SEO" term in the HTML code of www.whenu.com reflects that WhenU staff knew what they were doing when they linked to the cloaking sites. When WhenU added links to these sites to its front page, it was not merely offering links to sites that users might find helpful. (Indeed, the hidden form of the links guarantees that users will never see the links; only search engines see the hidden code.) Rather, WhenU added these links to its front page precisely in an attempt to optimize its listings in search engine results.

Beyond www.whenu.com, the HTML code quoted above is also found in the index pages on www.whenushop.com and www.whenurelax.com (screenshot), two other official WhenU sites giving WhenU content clearly authorized by WhenU, and registered to WhenU according to Whois data (screenshot). WhenU has since removed these hidden links (see Responses, below), making it difficult to determine what other official WhenU sites (if any) offered hidden links. But archive.org records indicate that hidden links were also present on whenyou.com (screenshot) and whenusearch.com (screenshot). Unfortunately, archive.org, the Google Cache, and the Yahoo Cache have retained no information on whenubuild.com, whenuchat.com, whenyoucook.com, whenusleuth.com, whenyouinvest.com, and the various other official WhenU domains on which the hidden links might or might not have appeared in the past.


Return to top

Related bad behaviors: Copyright violations and unattributed copying of media publications

Beyond the eleven cloaking sites described above, WhenU's main web site also offers hidden links (in its transparent imagemap) to the domains whenu-advertising-info.com and whenu-info-resource.com. These sites do not use the cloaking method common to the other eleven sites listed above. Instead, they provides a variety of news articles and other miscellaneous content favorable to WhenU. In addition, whenu-legal-info.com shares the cloaking characteristics of the other ten cloaking sites, but nonetheless provides news articles much like whenu-advertising-info.com and whenu-info-resource.com.

The contents of these sites are particularly notable because of at least seven pages that provide extended (often complete), unattributed quotes of New York Times, Financial Times, Marketing News, and c|net news.com articles. Some of these articles are partially favorable to WhenU; others primarily criticize WhenU. But their contents are of reduced importance since they primarily serve as search engine "bait" for the cloaking methods described above.

1. A page that whenu-advertising-info.com calls "The Other Side of the Coin" (http://www.whenu-advertising-info.com/other.html) is in fact the full text of a June 2002 New York Times article entitled "Gnat or Parasite? Angst Over Adware" by John Biggs. This article is provided without the title, byline, copyright notice, attribution, or statement of license expected on a full copy of a New York Times article. (screenshot)

2. "Cool Deals, Hot Sales" (http://www.whenu-advertising-info.com/cool.html) is actually "Deal Hunting For Holidays Pushes Sales Into High Gear" by Constance Hays, New York Times, December 2002. (However, this Cool Deals page begins with four paragraphs taken from Tedeschi's January 2003 article [#3, below], and it removes four paragraphs from the end of Hays's article.) This article is provided without the title, byline, copyright notice, attribution, or statement of license expected on a nearly complete copy of one New York Times article and an extended quote from another. (screenshot)

3. "Goings On" (http://www.whenu-info-resource.com/going.html) is actually "A Truce Between the Small Web Publishers who Refer Shoppers and Those Who May Intervene" by Bob Tedeschi, New York Times, January 2003. This article is provided without the title, byline, copyright notice, attribution, or statement of license expected on a full copy of a New York Times article. (screenshot)

4. "About Pop-Up Advertising" (http://www.whenu-info-resource.com/about.html) at whenu-info-resource.com is actually "Pop go plans to wipe out unwanted ads - Internet users hoping to kill pop-up adverts have met a legal setback" by Scott Morrison, Financial Times, September 2003. This article is provided without the title, byline, copyright notice, attribution, or statement of license expected on an extended copy (all but the title and first paragraph) of a Financial Times article. (screenshot)

5. "Commerce and Morality" (http://www.whenu-legal-info.com/commerce.htm) at whenu-legal-info.com is actually "New Software Quietly Diverts Sales Commissions" by John Schwartz and Bob Tedeschi, New York Times, September 2002. This article is provided without the title, byline, copyright notice, attribution, or statement of license expected on a full copy of a New York Times article. (screenshot)

6. "The Decision" (http://www.whenu-legal-info.com/decision.htm) at whenu-legal-info.com begins with one paragraph of text of undetermined origin, but continues with eight paragraphs from "Symbiotic or parasitic?: Pop life: Future of pop-up ads looks uncertain" by Catherine Arnold, American Marketing Association Marketing News, September 2003. This article is provided without the title, byline, copyright notice, attribution, or statement of license expected on an extended quote from a Marketing News article. (screenshot)

7. "The Aftermath" (http://www.whenu-legal-info.com/aftermath.htm) at whenu-legal-info.com consists of all but the first and last paragraphs of "Court: Pop-ups Burden of Using Net" by Stephanie Olsen, c|net news.com, September 2003. This article is provided without the title, byline, copyright notice, attribution, or statement of license expected on a quote of substantially all of a c|net news.com article. (screenshot)

Such copying is in violation of copyright law as I understand it. It is also more egregious than typical article copying on the web, because the copies bear no title, byline, or copyright notice to let readers even identify the underlying content. (To identify the texts referenced above, I had to conduct multiple searches on LexisNexis and Google.)

The URLs above (on whenu-advertising-info.com, whenu-info-resource.com, and whenu-legal-info.com) are no longer operational because on May 13, WhenU removed all content from these servers. See details in Responses section. However, screenshots remain available (via links, above) to show these sites as they stood through May 13.

WhenU's cloaking web sites are not the only web sites on which WhenU distributes full copies of news articles about its business, without any mention of authorization from the authors of the respective articles. On at least twelve domains, WhenU posts copies of at least 26 distinct articles from at least 20 publications. Details in WhenU Copies 26+ Articles from 20+ News Sites.



Return to top

Responses by Search Engines, Registrars, and WhenU

Search engines

On May 9, I contacted staff in Google's "Quality" team to report the cloaking sites listed above, which I believed to violate Google's prohibition on cloaking. The sites at issue were removed from Google within one business day.

On May 11, I contacted Google staff to report the analysis above showing WhenU's knowledge of and responsibility for the cloaking sites. The next day, I observed that a Google search for "whenu" no longer yielded the main www.whenu.com site among search results, whereas whenu.com was previously the number one result for this search term. See screenshot.

On May 12, I submitted the cloaking sites and associated findings to Yahoo! using Yahoo!'s Search Spam Report form. Within hours, Yahoo! removed www.whenu.com as well as some, although so far not all, of the cloaking sites.

On May 13, I observed that WhenU sites were already absent from the top MSN Search results for "whenu" -- without my having submitted any notification to MSN staff. (screenshot) I have no information as to the cause of this omission -- whether 1) MSN staff saw my report shortly after its release and took exclusionary measures on their own, 2) MSN staff had noticed this problem long ago and had long ago excluded whenu.com on this basis, 3) MSN staff or systems had omitted whenu.com from search results for some other reason (perhaps merely by accident), 4) MSN receives search results or omission suggestions from other search engines that I had already notified, or 5) some other cause.

On May 28, Yahoo results for "whenu" again began to link to www.whenu.com -- an end to the exclusion that began on May 12. Yahoo's exclusion of whenu.com lasted 16 days.

On June 21, Google results for "whenu" again began to link to www.whenu.com -- an end to the exclusion that began on May 11. Google's exclusion of whenu.com lasted 42 days.

I am surprised by these brief exclusions -- 16 to 42 days of removal, as punishment for cloaking that lasted roughly 22 months. Google's Information for Webmasters FAQ threatens to "permanently ban" sites as punishment for cloaking. In contrast, such brief punishments set incentives that encourage cloaking: A possible 16 to 42 day expulsion from search engines might be thought a reasonable price to pay for the boost in rankings that cloaking offers.


On May 13, I submitted Whois Data Problem Reports via the Whois Data Problem Report System. I submitted one report as to the ten domains registered through Stargate, and another as to the three registered through GoDaddy. I received prompt automated confirmation that my reports had been received, but I have yet to receive a response.

As of June 22, the invalid Whois data remained in place for all thirteen domains. No changes had been made during the 41 days since I first reported the false Whois data through ICANN's problem report system.


On May 13, WhenU disabled the cloaking behaviors of its web servers, as well as the copyright violations described below. WhenU disabled these sites by removing all content and scripts from the servers -- causing all requests for the servers to yield HTTP 404 error messages. (screenshot)

Also on May 13, WhenU removed the hidden links to the cloaking sites, as previously posted to whenu.com, whenushop.com, and whenurelax.com.

Also on May 13, Avi Naider, CEO of WhenU, wrote to me to request that I include the following statement:

"WhenU hired an outside Search Engine Optimization firm to legitimately enhance our search engine rankings. The issues raised by Mr. Edelman were brought to our attention today, and we immediately addressed them and instructed the outside firm to reverse their actions pending further investigation."

My research gives me no basis to disagree with this statement: The facts I have observed are as consistent with WhenU hiring an outside SEO as with WhenU conducting the search engine optimization internally. Furthermore, WhenU's SEO could well have used tactics prohibited by search engine rules even if WhenU instructed the use of only legitimate methods. Seemingly anticipating such disputes, Google's SEO recommendations suggest that web sites employ written contracts requiring SEOs to stay within the guidelines recommended by search engines, contracts that WhenU's SEO would necessarily have violated in the course of the actions described above.

New: WhenU's statement of hiring an "outside" SEO immediately gives rise to the question of which outside SEO WhenU hired. See new research: Which SEO Did WhenU Use? The Best Inference: Synergy6.



Return to top


My interest in spyware originally arose in part from a prior consulting engagement in which I served as an expert to parties adverse to Gator in litigation. See Washingtonpost.Newsweek Interactive Company, LLC, et al. v. the Gator Corporation. More recently, I have served as an expert or consultant to other parties adverse to spyware companies in litigation or contemplated litigation, including 1-800 Contacts, Quicken Loans, and Wells Fargo, all companies adverse to WhenU.

This page is my own work - created on my own, without approval by any client, without payment from any client.

This page resulted in part from a suggestion by Eric Howes, who directed my attention to the initial page at whenu-advertising-info.com that caused me to discover the additional behaviors described in this article.

Last Updated: June 22, 2004 - Sign up for notification of major updates and related work.