The Golden Pages is an attempt to exploit the popularity of the paper edition of the Irish version of the Yellow Pages. Each of Telecom Eireann's telephone directories has a Yellow Pages section. TE apparently has a majority sharholding of the company. The website is hosted on a Telecom Internet webserver. You don't have to dig too deeply beneath the gaudily designed and graphically intense frontpage to find TE.

The Golden Pages Online site is yet another attempt at a portal. This time it has a few good things going for it such as a number of unique and exploitable data sets. However the aesthetic quality is poor and the overall design is gaudy and reminiscent of the early days of the web. It tries too hard to imitate the paper version of the Golden Pages.

The aim of the Golden Pages site was to provide some kind of portal where people could find out details like phone numbers, addresses, e-mail addresses and websites. There was even a rather colourful TV guide. At the core of the operation were the Golden Pages data set and the Telecom Eireann phone directory. At this stage it should be pointed out that ex-directory numbers were not included.

The main problem with the site, from a security point of view is that the people involved do not seem to have appreciated the situation into which they were putting data. Most online personal telephone directories do not allow bulk retrieval based on areas. The paper form of the directories are indexed alphabetically. The only thing approaching such usability is the Telecom Eireann Phone Directory CD.

The Golden Pages online directory only superficially limits the results to 100 records. Examining the source code of the results frame, the comments explaining how the URL is constructed are plainly visible. These limitations are not hard-coded from the server side and are open to manipulation. It is possible to create an URL that will download the telephone directory for a whole city from the Golden Pages site.

From a web perspective this is an appallingly poor design in that it gives away control over the data to the client side and the control is the only thing that the Golden Pages has going for it. Once people can build the type of directory they want, the Golden Pages site becomes a once a month trip to refresh data.

There is an e-mail address directory on the site. This is a more pressing concern from an internet viewpoint. Unsolcited Commercial E-mail (SPAM) is a major problem on the internet. A few weeks ago there was a post from a Dublin based company offering cash for Irish e-mail lists. The fuel of the spammers is e-mail address lists. The Golden Pages has exposed the e-mail addresses in their directory for harvesting. It is an extraordinarily trivial task for a spammer to harvest the 5580 or so e-mail addresses that the Golden Pages has on it's site.

It is clear that the people behind the Golden Pages site share the same shallow mindset of TE's local.ie venture. Portals are not a case of "if you build it, they will come". Unfortunately the "they" in this case may be the internet's equivalent of sharks attracted to a newly dead corpse oozing it's lifeblood of information into the net.

Responsible sites that deal with Irish e-mail addresses tend to use a blind system where the sender is isolated from the recipient. Esearch is a very good example of this approach and it makes it difficult for a spammer to harvest addresses. However the Golden Pages site has no such technologically sophisticated solution. The result is that they 5880 or so e-mail addresses are potentially vulnerable to spammers.

The discussions of the Golden Pages website on the Irish Internet Association mailing list have even made it as far as being mentioned in that august publication, but with dubious technological accuracy, the Irish Times. The mailing list was described as a chat room on the website. The report in the Irish Times was simplistic as the true nature of the disaster was not perceived. Instead it was represented as being a privacy problem of small proportions. What the Irish Times report did not make clear was that there is absolutely no real protection on the data in the Golden Pages directories. Direct Marketers or spammers could easily harvest the data from them.

The way that the data is made available on the Golden Pages site, without any care for how that data could be used and without any real safeguards from the server side, indicates a complete lack of planning. It would probably be more accurate to say that the people responsible were just ignorant of the threats that the internet holds for unprotected data. It would not be the first time and it will not be the last.

After the article above was posted to the web and a posting concerning the lack of a standard user interface clause in the AUP, staff at Golden Pages modified their AUP to include one. [0010 Hrs 05071999].

It is worrying to think that the people behind the Golden Pages online directory would think that spammers would be detered by such an apparently weak AUP.