The exposure of a weasel, part 1

On a recent visit to Facebook, I stumbled across an ad which links to a Web site jasongetsrich.com showing a $5000 check from Google, and the opening line “Get paid $5 to $30 for every website link that you post on Google.”

The most obvious item I found, however, was that the paragraph after the check said “Thank you for visiting my site. This is Jason Hoeffer from .” Exactly as so, without the city name. It made me wonder what was going on.

I browse on Firefox (and another similar browser, Iceweasel) with NoScript. Allowing Javascript temporarily to all the sites using Javascript from this page filled in that blank space with “Houston.” Well, I’m in Houston. I wonder if that’s coincidence? Could Jason Hoeffer really be from my hometown?

Looking in the HTML source code revealed that the city name was inserted with a bit of off-site Javascript. My skepticism that this Jason Hoeffer guy is really from Houston just grew tremendously. Someone legitimate should not need to use Javascript to insert the city where he or she is from.

Retreiving the script (by itself) via Tor a few times confirmed what I thought. I got Vienna, Paris, and Columbus on three separate attempts. Someone from outside Houston has confirmed that indeed, for her Jason is from a city near where she lives.

The ad may well be off Facebook by now, as I reported this to them.

Morals: don’t take everything at face value, and browse with Javascript off by default. Sometimes, it’s best to assume someone is a pathological liar until you have hard evidence otherwise.

But there’s even more. (To be continued in part 2…)