RE: Gigabit IDS report

[Frank Knobbe <fknobbe () knobbeits com>]

On Sun, 2002-12-01 at 04:38, Bob Walder wrote:
> I am sorry you all feel misled, but we are not charging money for "white
> papers". The equivalent of a "white paper" is indeed up on the site and
> available for free - in other words it is a high level view of the
> technology and the industry, followed by some detailed questionnaires
> covering each of the products we evaluated. That is what I would call a
> white paper.

Bob,

I'm sorry, perhaps I should have read the "white paper" more careful,
but when I read it, it appeared to be a pretty slim 'teaser' for the
real report.

> Yes - if you want our detailed, in-depth, 180 page report we do ask you to
> pay for a CD or hard copy version

You should certainly expect a return on investment. Maybe I'm just used
to that return being in marketing, not actually monetary revenue...

> I would also point out that there are many other analyst and lab sites
> similar to ourselves who will provide even less information up front and
> then expect you to shell out hundreds - even thousands - of dollars for
> their reports - not $50

At the same time there are other analysts and lab sites that provide
information for free. Again, maybe it's just me with an 'freedom of
information' attitude. I'm aware that knowledge is power, and revenue.
There are certainly reports that are worth their money.

Perhaps I was disgruntled by the way your report appeared to me, as a
bait and charge approach. Bait us with something half-baked and lead us
to a page where we can pay to read more.

Perhaps your site could be structured better so that it doesn't appear
that way. Offer a free 'white paper' and the ability for a more
extensive copy for a fee, as opposed to leading through the free report
and ending with 'if you wanna read more, pay up'-type ending.

> If the REAL point of this is
> that I should not have posted something to this mailing list that might
> involve a commercial transaction at some point then I apologise sincerely
> and will not repeat the mistake.

I don't think that is the case if you provide information -- period,
without leading to a sale. We all value contributions free of charge and
as such would welcome your free report. But again, it appeared to be a
hook for a sale...

Perhaps I'm just grumpy...

> PS We DON'T ask for a life history when you register - name, company and
> e-mail is enough. Most people are kind enough to provide valid information
> in response to these - the data is never used by us for any purpose other
> than to determine which are the most popular reports - the most popular ones
> are the ones we will repeat in the future. Invalid information is simply
> discarded and never counted. So, if everyone who registers to download IDS
> provides fake info, and everyone who registers to download DSL provides
> genuine info, IDS will not be repeated, DSL will. It's as simple as that.
> Luckily, most people do not mind registering.

Was that a threat?

I don't see a reason to give you my company information, phone, fax, and
email info. (I'm not paranoid though. You can follow my email domain
name to my website which has all that info on it. I just don't see a
reason to provide that information for downloading something.)

If all your are trying to do is evaluate which is the most downloaded
report, you don't get that information from your email address, company
name, etc anyway. That information you can gather from web logs or
click-through pages which store that info in a database, without user
data.

If you are trying to profile the reader (such as type of business, line
of industry, etc), you can gather that information anonymously. You can
provide of course the *option* of someone leaving his info if they want
to be contacted by you, or third parties. But don't make it a
requirement.

If you have a Chief Privacy Officer in your company, he may need a
dope-slap. If you don't have one, you should consider one. Or at least
appoint someone to ensure that your pages are 'user friendly' in terms
of privacy. The way the pages appeared is that you gather information
for marketing purposes. And no thanks, I get too much stuff as it is. I
rather not take the *risk* of providing information to increase the
marketing stuff I get.


I'm sorry for letting up steam your way, but the way some companies are
trying to make a profit these days just disgusts me. I'm in business to
make money myself, yet my program (Snortsam) is free of charge.
Sourcefire is in business to make money, yet Snort remains free. We
*can* make money while at the same time make our charitable
contributions to the security community. Without those contributions,
the industry would be in much worse shape. I think we have a duty to do
our part (for free) to help the security cause.

Oops, I accidentally stepped on the soap-box again...


Regards,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part