SYSSEC: February 2009 Archives


February 28, 2009

This East Bay Express article claims that Yelp manipulates rankings in order to extract advertising revenue. For instance:
A San Francisco wedding photographer relayed a similar story. About two years ago, a Yelp sales rep contacted her to advertise. The photographer -- we'll call her "Mary" -- declined the offer. But the sales rep was pushy; Mary said she received about three phone calls and as many as ten e-mails per week asking her to advertise. Still, she declined. "All of a sudden my reviews started disappearing," she said. "I called them up and said, 'I'm a little curious why my reviews are disappearing.' They said, 'Well, people stop reviewing, we take them down.' ... I talked to the clients -- they're still actively reviewing."

"Ellen," who only agreed to be interviewed if not identified by name, owns an Oakland business with more than twenty Yelp reviews, and averages a 4.5-star rating. She says she began to receive solicitations to advertise soon after her business began receiving positive customer reviews. But she declined. "The prices were cost-prohibitive," she recalled telling the sales rep. "I can't pay $300 a month when I pay $90 for Google AdWords. After that, reviews started to disappear."

When Ellen questioned her sales rep as to why some reviews had disappeared, the rep told her reviews can be taken down based on the company's algorithm. Reviewers must follow certain guidelines to post a legitimate review, the rep replied. "They had to have pictures, friends, be part of the community," Ellen recalled the rep telling her. But Ellen says the reviews that were removed fit the profile of acceptable reviews. Ellen turned down the offer again, and more reviews disappeared. She says she's now down to 50 percent of her original reviews. "Just today I got three more e-mails from Yelp. They're aggressive. ... But it's blackmail."

Yelp denies this:

"There is irrefutable evidence that we do not do that," Stoppelman told CNET News on Thursday when asked whether the placement of some reviews is determined by advertising deals. "It's absolutely ridiculous that somebody would say we are going to write a review and call a business (to sell advertising). That's not how you build a sustainable business...Trust and integrity are key to staying in business."

The problem, according to Stoppelman, lies in the company's secret sauce for filtering out reviews.

Basically, merchants are at the mercy of a computer algorithm just like Web sites are at the mercy of what is known as the "Google Dance"--the monthly update of the Google search engine's index. One tweak of the Google index can potentially make or break a business.


Asked to explain why Estelle's negative reviews of the moving company were repeatedly removed, Ichinose said she could not go into specifics or risk revealing information that people could use to game the system.

Really, there are two issues here that you need to think of separately:

  • Creation and removal of reviews.
  • Ordering of reviews on the site.

Creation and removal of reviews are a real problem for any reputation system like Yelp. The basic problem is that it's trivial for people to generate fake reviews to benefit or damage a given merchant. The problem then becomes how to exclude (or at least downrate) such fake reviews. There are a bunch of possible techniques here, for instance: weight by how many reviews the reviewer has done/how long they've been on the system; meta-reviews where you ask people to rate the usefulness quality of other reviews; forensics to try to detect reviews which look like they've been all been generated by the same party; requiring real user authentication, etc.) but ultimately, if you're going to allow quasi-anonymous reviews, as Yelp does, then there's only a limited amount you can do, and it's likely to involve some heuristics and human judgement. In that case, it's not completely nuts for Yelp to want to keep their procedures secret to make gaming the system more difficult.

Of course, the flip side of such mechanisms is that they leave the system operator very open to charges of gaming the system by removing positive reviews as a form of extortion; reviews just disappear and you end up saying "we think this is fake", but you generally can't prove it. Of course, you can mount the opposite type of extortion ("pay up or I'll publish a bad review") without collusion from the site operator, but it helps if the site operator colludes since that makes it harder for the victim to get your negative reviews removed.

This brings us to the topic of reordering. One way to deal with concerns about unfair removal is never to remove posts but simply to attempt to prioritize them by whatever estimates of veracity you're using. This avoids making sharp distinctions between real and (suspected) fake posts, you just push the (suspected) fake posts down towards the end of the reviews for a given merchant, but now justifying this exact order gets even harder. One natural choice is to use deterministic orderings (most recent, highest first, etc.). That's pretty clearly undesirable for a system like Google where you have to sort an enormous number of candidate choices, but actually it seems pretty suitable for a review site like Yelp where I doubt their ordering algorithms actually add that much value over simple orderings like these. Obviously, this isn't a perfect answer, since it doesn't really let you discriminate against fake reviews (though you can make posting fake reviews harder by, for instance, prioritizing frequent reviewers), but on the other hand if people don't trust your site's objectivity that diminishes the value of the site as well.


February 13, 2009

NYT reports on Hughes Telematics' plans to provide networked access to various aspects of your vehicle's operations:
Hughes Telematics, which is behind the communications systems in Chrysler and Mercedes-Benz vehicles that are to make their debuts this summer, is headed in that direction. Its next-generation technology, expected to appear in 2010, would allow drivers to install software in their cars, just as iPhones let users download applications to their handsets.


Other applications proposed by Hughes include remotely starting a car, resetting its alarm or unlocking the doors with an iPhone. Unlike wireless key fobs, commands could be sent to the car over the Internet.

I hate to sound like the stereotypical computer security guy, but the risks here seem pretty obvious: it's one thing to have your car stereo Internet accessible, after all if you're driving your car stereo from your iPhone, you already have that. It's quite another to have your engine be remotely controllable, which is obviously necessary for a remote start. One has to wonder what other parts of the car's operational electronics are accessible from the same computer. It's bad enough that someone could potentially steal your car remotely, though key fob to car protocols are often pretty insecure anyway; you really don't want someone turning off your car remotely. You might think that this problem could be solved with adequate comsec measures and firewalls to prevent remote penetration of the car computer. That's a hard problem in and of itself, but as soon as you start adding communications-style apps you need to worry about remote malware infection.

Obviously, what you really want here is to have the operational electronics airgap isolated from anything that you can install new software on. Ordinarily I would expect the people designing this kind of system to do that (No, really, I've met some of them and they're cautious), but if you're going to have remote start, you need some kind of integration, so I wonder how this is expected to work.