I like StumbleUpon, I think the concept is great and the idea of guided, accidental discovery is a worthwhile journey each time. But I am considering uninstalling it. The reason is: the thing that makes it great I don’t like because of where I might end up. It makes me a nervous wreck!
While this great extension for Firefox and now Internet Explorer is fun and is actually useful. I don’t like the fact that you can end up anywhere and be potentially infected with spy-ware, viruses and other nasties. The only sites and content that are addressed as far as I can tell from both the StumbleUpon Homepage and the Unofficial StumbleUpon FAQ are those of spam and adult content. Although on the Privacy page there is this statement:
“The sites that StumbleUpon recommends are entirely out of our control. As such, StumbleUpon takes no responsibility for them, or their content. These other sites may send their own cookies to users, collect data, or solicit personal information.”
[added emphasis]
There is also this warning in the Terms and Conditions:
“…nor may you use StumbleUpon Toolbar and Website in any manner that could interfere with any other party’s use and enjoyment of StumbleUpon’s recommendation services.”
This is a rather ambiguous statement but might cover the malicious user that might recommend a tainted website, or an ignorant, unaware user that does so unknowingly.
Spam can be reported and I assume is addressed by the admins. Adult content can be filtered out by the users’ personal account settings. In my opinion this does not go far enough. In addition I am sure that the terms of use disclaim any responsibility by the publisher of the software. This is not a criticism rather what I would expect. I am not a lawyer and I am not going to attempt to interpret the user agreement or the terms of use.
What about security in general as well as adult content? I don’t want to be taken to a website that has viruses, worms, spy-ware, ad-ware, cross-scripting vulnerabilities, or any thing else that might cause a disaster on my system. People should know that you no longer need to actually download and run a program that is infected with a virus to get one. Visiting the wrong web-page can cause problems, big ones! That is to say nothing of spy-ware which in my opinion is no different to a virus. I found this out the hard way earlier this year when my home PC was infected with a zero-day virus and I lost everything. The damn thing even wrote itself to the boot sector, very nasty. There is no mention of just how StumbleUpon handles this type of threat, or if in fact users of the extension are at risk at all. I certainly hope that it is not out of ignorance or failing to disclose the threat. As I see it now, it is a very real one.
Perhaps my paranoia is seeded in my virus experience earlier in the year. However a greater reason for it is my use of the McAfee Site Advisor extension. I rely heavily on this extension to let me know if where I am and where I am going is safe and that the files and content on the site is safe. If it is not a green site I don’t go there, period. Sure, I also use a good dose of common sense as well but the safe site extension is excellent peace of mind and so far has not let me down at all. I see it as an essential part of “safe-surfing” for any user. I don’t go to sites that I think have high risk content (regardless of the site advisor status), such as warez sites. It is not a risk I am willing to take and it is a pain in the arse building the PC again!
So I had a thought, why not make it an integrated option in the StumbleUpon Extension? For those users of StumbleUpon that also use Site Advisor; have an option for StumbleUpon to only take you to identified green sites. Theoretically this would be possible and Firefox is a relatively easy platform to modify in this regard due to it’s open source nature. I am sure it is a bigger ask for Internet Explorer. But that said I think it is a good idea. It sure would make me feel a lot better about using the application. Plus if adult content can be filtered then so can sites that are not green in Site Advisor.
If that would not be possible I would like to know how StumbleUpon handle the security issue and what measures they have in place to protect users. Should they make a website that is a risk to users available as a “stumble” then potentially they could have a legal issue on their hands as they may be accused of delivering viruses or spy-ware to their user base. Albeit unintentionally, it would still be an interesting test of the terms of use. The screen-shot shown may also be regarded as miss-leading if this were or has happen. In all honesty though I am sure this refers to the extension and toolbar itself not where you are taken by it.
If the idea of the extension being incorporated into the Site Advisor extension it would make me a far more willing user and I would feel better using it knowing that I was safe to do so. As far as uninstalling it I am still undecided.
September 4, 2006 at 4:32 pm
Are you really sure about this? I have one installed and I think it’s ok. But if you have those sort of observations and doubts. Then maybe I should uninstall mine too. Better be careful than be sorry.
September 11, 2006 at 1:44 am
The thing that annoys me about the stumbleupon toolbar is that it adds *.stumbleupon.com as a safe site in internet explorer. But if users can edit their own pages, then surely its not safe as it could have anything on it!
December 16, 2006 at 8:52 pm
[...] StumbleUpon is approaching 1.6 million users, most are fans. Although I have had my reservations. Now they are sure to add more to this number with the addition of video. You can log into the video page using your StumbleUpon log-in. Logging in means that your history is remembered just like with the original and the results get more in tune with your taste over the time you use the service. Although you do not have to log in to use the service, once you clear your cookies your results are reset. [...]
November 3, 2007 at 2:09 am
i am using vista hp. after installing stumbleupon. i scanned my explorer.exe using shell analyzer. i was surprised to find that stumble upon has installed CSS elements in my explorer.exe.
what i make out from other forums and websites is that stumbleupon is not safe as it sounds
November 25, 2007 at 5:48 am
After using Stumbleupon for less than one month I received a nasty virus that took days to get rid of. It’s unfortunate because I really liked the concept. I have to rely on my own devices to find what I want instead of channel surfing. :0(
January 24, 2008 at 7:14 am
You can use a program like sandboxie to sandbox your browser while using stumbleupon (or, better yet, just always sandbox the browser).
August 27, 2008 at 6:46 am
I can tell you from experience that stumble will get you a virus sooner or later peeps. I have two clients infected with nasty ass viruses that totally fucked their comps up. I had to re-install windows to get them back online. Needless to say neither will ever trust stumble ever again. Just be safe and wait until stumble does something about this huge lack of security on their users.
November 9, 2008 at 1:37 pm
You are all idiots. That’s why you run Stumble Upon via Firefox on Linux
December 2, 2008 at 9:25 am
Two days using StumbleUpon I ended up with Trojans, malware all that garbage that makes being online and off NO fun. Was it StumbleUpon ? This was the the only new site I visited[+ visiting some sites that SU users reccomended] I really enjoyed the site …but my trash had to come from there. Seem Likley ? ? (Yea i use IE)
December 13, 2008 at 11:34 am
After a few weeks of using the site I wound up with two viruses. One was pretty bad but I was able to get rid of it and delete it from the registry. This last one required a total reformat. F stumble upon, it’s not worth it.
December 20, 2008 at 12:43 pm
Firefox doesnt stop stumbleupon viruses. I’m currently cleaning up the third virus I’ve received via firefox from stumbleupon.
January 17, 2009 at 5:54 pm
i’m cleaning up a virus from stumble right now. and uninstalling stumble. fantastically fun concept, but all the jerks out there just ruin it. not worth the risk.
January 18, 2009 at 10:58 pm
My days of Stumbling are over. I didn’t learn my lesson the first time I got a virus using Stumbleupon. The second time was shame on me. I am also using NoScript now to keep some of that to a low. It is really a shem becuse I loved to Stumble, but hate the garbage that comes along with it. I really wished I stopped here and read all these posts before I had make the mistake a second time.