Frostmourne Cavern

This movie records one of the many lore-related events in World of Warcraft’s upcoming expansion, Wrath of the Lich King. It’s a vision of Arthas and Muradin Bronzebeard discovering the sword, and in doing so, changing the “world” forever. The event is part of a single-player quest in Northrend, the expansion’s new continent. Previously events like this were found at the end of dungeons so hard that most players never saw them.

The aim of the game is changing. Previously the aim for a lot of players was to get to “the end”: To obtain the highest possible level, at which point they could embark on challenging group dungeons or player-vs-player battles. But Northrend is full of reasons to play the game in the middle. Not just this. There is a lot of high quality, fun, even inventive content coming with the new expansion. From aircraft combat and mass-slaughter shoot-em ups, to peace, love and harmony: Saving baby murlocs is enough to bring a tear to the eye, which is quite an achievement for any game.

Infecting the Ad Pool

Malicious Advertising (Malvertising) is becoming a problem. This is the practice of purchasing advertising space on unsuspecting websites, then using that space to run adverts which automatically redirect the user’s browser to a malware site – a site that distributes viruses, spyware, and other computer nasties.

The practice first emerged in 2006. Already 2008 has seen may large publishers (website operators) attacked, including Classmates, USA Today, Photobucket, and MySpace.

Late last night I visited one of my own websites and got immediately redirected off to a domain already blacklisted by Google, which in turn redirected to another site that was intent on installing a scareware “virus checker”. ZAM (a gaming network), already plagued by “XP Online Scanner” adverts earlier this year, had again been hit by malicious adverts. The timing, just after midnight UTC Saturday, was impeccable: Advertising networks tend to work sensible business hours, ensuring 48 hours of infestation before anyone starts to investigate it. [Although I should add that in this case I did get a positive resolution within 24 hours.]

My response was to temporarily abandon the advertising network that had delivered the “malvert”, and switch to affiliate advertising I control.

This article explains why publishers have a very low tolerance of malverts, and consequently why it is in the best interests of advertising networks to deal with malvertising before it becomes widespread.

Valuing Users

The cost to a malware writer of placing a single malvert is in the order of $0.001, with the publisher receiving somewhat less than that. The pricing model assumes a high volume of advertising is ignored by users: An advertiser might need to screen thousands of adverts to get any referrals (click-throughs). It does not assume that the adverts will immediately refer every user to the advertiser’s site, without user interaction.

For malware writers this is both cheap and highly effective: Quantcast and Compete suggest (a recent case of malicious advertising) attracted 1-2% of all US internet users in May: A dominance achieved by less than 500 other sites worldwide. Something advertising agencies can only dream about. Quantcast’s demographic analysis also indicates that the old, poor or poorly educated are more likely than other internet users to be caught by malware.

The publisher got a fraction of a cent, and may have lost 1 or more customers forever:

New visitors essentially bounce straight into “virus hell”. They are never coming back; not after “what you did to their computers”. Regular visitors assume your site was “hacked” (a security breach on your servers), and loose confidence. Even if they stay, they’ll think twice about typing their credit card number in again. If the site relies on viral traffic, they will be sure to tell their friends not to visit as well.

So Block the Advert!

Unless the publisher has a very strong community, they might never realise why their users are leaving: Malverts may be targeted by location or time of day, such that the publisher never sees them.

Assuming the publisher knows about the malvertising, finding the source transpires to be exceptionally hard. Malicious adverts may be embedded in an advert that looks perfectly normal, but only triggers an automatic redirect under certain circumstances. So even in simple cases, where the publisher has a direct relationship to advertisers, finding malware requires the advert to be tested.

But adverts are increasingly run via networks, who increasingly rely on advertising exchanges. So a large publisher could be running practically any advertising campaign in existence. I was running over 2,000 different campaigns (many of which have multiple adverts), and my site is small fry.

So once a malicious advert enters the system, it can spread like a virus throughout online advertising networks, almost unchecked.


Publishers who care about their customers (and consequently also tend to have the most valuable advertising inventory) are likely to avoid any advertising network that delivers malvertising:

  • They might establish direct relationships with reputable advertisers, which cuts the networks out of the loop completely. Only viable for large publishers or those in specific niches.
  • Or perhaps they will change to text or non-interactive adverts? Advertisers that rely on being able to communicate using imagary will have problems: The only publishers to remain with malware-infested networks will be those that do not care about their users. Precisely the sites that were probably not good places to advertise anyway.

Users will gradually grow more paranoid. Pop-up advertising is a perfect example: Browsers gave too much control to scripts, and not enough control to the user. The result was that pop-up blocking features became commonplace, and pop-ups became a redundant technology.

What are users’ “solutions” to malvertising? Completely blocking all adverts and disabling all scripting. How does that help advertisers, networks or publishers? It doesn’t.

Sadly users’ solutions will not include disabling Flash, the poor design of which seems to be at the heart of the malicious advertising (something countered by Adobe). Flash is so critical for online video most users cannot browse the internet without it.


There still seems to be a lack of appreciation of the damage potential of malicious advertising. But there are solutions available to the industry collectively, as many of the authors below demonstrate:


WeeMee. WeeWorld is a teen-orientated social network, best known for their customized avatars, “WeeMees”. WeeWorld has evolved into an eclectic mix of community, casual games, and virtual goods. Steve Young, creative director, spoke to a small group in Edinburgh. Steve discussed the motivations and behaviour of WeeWorld’s users, and explored the challenges of working with 2D WeeMees, particularly as they move into WeeWorld’s new virtual (synchronous) world.


WeeWorld’s core market are teenagers, mostly in North America. Average age 16 (minimum 13, although younger users may simply lie about their age). 60% are female. The dominant market segment was characterised as “spoilt rich kids” – typically those with their own computers. Of the 23 million registered users, about a million visit the WeeWorld site each month, and 80,000 login each day.

Usage differs from other teen social networks, such as Gaia Online: Only 6% of logged-in users visit the site’s forums, while 80% alter their WeeMee. Teen worlds are evidently not generic.

WeeMees (from the Glaswegian, “little me”) can be placed within personalised 2D rooms (in the style of “cardboard theatre”), used as characters within casual games, or rendered as avatars in a new virtual world called, simply enough, “World”. WeeMees are also used on third party websites and services, including messenger services, such as AIM or Live. Initial ideas for WeeMees had resulted in a lot of avatars simply being copied. APIs now provide some control over how WeeMees are reused.

Users’ main aim is “to gather as many friends as possible”. And to chat in a variant of the English language that even JeffK would find almost unintelligible: $iNG-UL?

Virtual Goods

WeeMees can be customized for free: Body, clothes and accessories. However users can also buy “Points”, which can be spent on specific items.

Points can be purchased via PayPal transactions or pre-paid cards, which are sold in US stores. Kids tend to regard these mechanisms like free credit cards: They are not seen as real money.

People pay for “uniqueness”. However, items need not be complex: The most popular item sold is a simple Alice band.

The most fascinating revelation was that the introduction of the new synchronous (virtual) world doubled the sales of virtual goods. This “World” is not even out of beta testing yet. “World” places WeeMees in the same interactive space as one another. This contrasts to the other areas of the site, where WeeMees are not competing for space. I think that implies the more an avatar needs to stand out from the crowd, the more virtual “Bling” is worth to that avatar’s owner.

WeeWorld is keen to avoid its Points being traded as a virtual currency. Money can only be converted into Points, not back again.


The key to WeeWorld’s success is “immersion”. The key to its revenue is “engagement”. These concepts guide development.

Although WeeMees are cartoon-like (in the style associated with South Park), customizations still need to reflect what people would wear in “real life”. For example, T-shirts branding needs to be subtle – a small logo on part of the garment.

The goal for user-generated content (customizations of WeeMees and rooms) is to make it hard for the user to create something that looks bad. For example, MySpace customisations can (and in my opinion, sadly often do) look terrible.

WeeWorld has adjusted to match conservative US culture. The cannabis plants created in early experiments are long gone. There are no alcoholic drinks. Negotiations with Walmart even forced WeeWorld to disable the customization of boob (brest) size.

The development of “World” posed an interest problem: How should WeeMees move? All the artwork and customizations had been designed for static display, without movement animations. The World uses embedded Flash objects to display information to users, so the amount of data transferred about other users’ movements needs to be minimal.

The solution was to make WeeMees hop. Users can also select a trajectory and fire their WeeMees in a particular direction. Navigating World’s 2D platform-ed environment is quite cereal, but strangely fun!


Social networks are becoming more like virtual worlds, while virtual worlds are becoming more like social networks. WeeWorld is trying to steer a path down the middle. Like all the businesses involved, they are still “feeling their way”, finding out what works.

Development time-scales for WeeWorld (and similar products) are very short. Steve was somewhat frustrated that development of the “World” had taken a whole quarter (3 months). The contrast to video-game style virtual worlds is stark: Those typically take 3 years to construct.

WeeWorld use a Scrum/agile development process (which suits the constantly evolving product). Casual games (a commonly requested feature) are often out-sourced to other developers.

The ability to develop content quickly makes it very easy for good ideas to be copied by competitors. For example, Zwinky might seem remarkably similar…

Pro-Auctioneering, the New eSport

Electronic Sport (eSport) is the competitive play of video games, often professionally, for prize money. In South Korea contests are so popular they are broadcast on dedicated television channels. E-sports generate less enthusiasm in the rest of the world, but their popularity seems to be growing.

There are parallels to traditional physical sports: The games played are accessible to the general public, but require huge dedication, skill, training and coordination to be “the best”. Many football (soccer) fans enjoy “kicking a ball about” in the street, but don’t expect to be playing at Old Trafford. Likewise there is a huge difference between beating Quake‘s single player mode and competing against top players. Probably the biggest difference is that eSports focus on the screen (what the player is doing), rather than on the player themselves (as tends to be the case with physical sports). This, combined with the traditional “geekiness” of video games, helps explain why most eSports professionals are rather devoid of charisma. Not that that stops tournament organisers putting these people on stage…

Traditionally eSports have favoured fast-paced games, either played individually or as small teams. Contests take place in short bouts. Examples include Starcraft and Counter-Strike. While these games require a degree of strategy, exceptional hand-eye coordination and reflexes are key to winning.

There have been attempts to promote casual games eSport, but tournaments remain biased towards fast-paced games. In the case of World of Warcraft’s (WoW) arena tournament, the core of the original game (the massively multiplayer part, where players are expected to invest time developing characters) was systematically removed to create a platform for traditional eSports. Missed opportunity. And here’s why:

This article proposes a rather curious “eSport”. One that is entirely dependant on the core facet of Massively Multiplayer Online Games (MMOGs) – the other players. An E-Sport that is played over days, rather than minutes. A game within a game, that tests abilities beyond simply clicking the mouse faster than your opponent. Allow me to introduce, Pro-Auctioneering. Read More

Social Reconstruction of Public Transportation Information

The UK‘s local public transport data is effectively a closed dataset. The situation in the US seems similar: In spite of the benefits only a handful of agencies have released raw data freely (such as BART and TriMet on the west coast of America).

That hasn’t stopped “screen-scraping” of data or simply typing in paper timetables (from Urban Mapping to many listed here). Unfortunately, the legal basis for scraping is complex, which creates significant risks for anyone building a business. For example, earlier this year, airline Ryanair requested the removal of all their data from Skyscanner, a flight price comparison site that gathers data by scraping airlines’ websites. How many airlines would need to object to their data being scraped before a “price comparison” service becomes unusable?

User-generated mapping content is evolving, often to circumvent restrictive distribution of national mapping. Services include OpenStreetMap and the recently announced Google Map Maker.

Micro-blogging, primarily through Twitter, has started to show the potential of individual travellers to report information about their journeys: Ron Whitman‘s Commuter Feed is a good example. Tom Morris has also experimented with London Twitter feeds.

This article outlines why the “social web”/tech-entrepreneur sector may wish to stop trying to use official sources of data, and instead apply the technology it understands best: People. Read More

Peeking Into Blizzard’s Development Process

Initial concept plan for Lake Wintergrasp. Basic... Blizzard Entertainment have a reputation for being “tight lipped”, and not announcing details about the games they develop. And since Blizzard have a lot more freedom than the developers that are closely regulated by their publishers, they should be able to talk openly.

But having listened to many of their senior developers talk during the recent Paris “WorldWide Invitational“, I suspect actually, they just don’t know yet.

Increasingly publisher-driven games tend to be heavily pre-produced, then implemented by programmers who work for hire: The details are known a long time before release, and the only reason not to talk about them is competitive. But if you don’t have such a precise battle-plan, you can’t release information with any real certainty. So you either get a reputation for saying little, or get a reputation for producing games that ultimately exclude many “expected” features.

Blizzard are one of the most successful game developers, so they must be doing something right. It is interesting to try and understand how they develop games. Read More