Yesterday, Stern one of germany leading print magazines launched a new website stern-shortlist.de. I guess this was the reason that its chief editor Frank Thomsen was giving a (lengthy) interview (see here), claiming that stern.de is goint to overtake the posterchild of german news sites Spiegel Online.
AFAIR this has already been said by him a couple of thimes. Hence i first wanted to skip the article, but since the teaser said that he was also talking about “bumptious technicians” i managed to read through the whole article.
This reading in turn triggered some “research” that gave further insight into the journalistic values of stern-shortlist and revealed what i deem potential security holes.
First a quick english summary of the relevant parts of the interview. In the first part Thomse is talking about the goals and values at stern.de:
- Asked about his goal Thomsen answered that stern.de is trying become the number one among the “publicistic” sites in germany.
- Asked about sinking journalistic quality, Thomsen claims that at stern.de, sueddeutsche.de and other there is a “serious jounalism”, and actually there is a chance for young talents to get a foothold on journalism joining these companies.
- Asked who is needed then, Thmsen that good journalists are needed that know about how to write/evolve a good story, to provide context etc.
- Asked about his personal resumee after his first year at the helm of stern.de, Thomsen asnwers that he is thrilled about the spped and the immediacy of the user responses, but he is frustrated about the outsized role of technical aspects are playing. He claims that programmers are talking in secret codes that no mere mortal can understand and this is a big problem.
stern-shortlist.de – quality journalism at its best
Then the interview goes on about stern-shortlist.de. Since it is the newest child in the stern.de family it must be an incorporation of theses goals and values, mustn’t it?
So what is Mister Thomsen saying about stern-shortlist? From the interview:
- Asked if sternshortlist is a mere click-generator, he answers that it sure is, because it’s an entertainment portal. The had looked worldwide and did’nt find anything comparable. It’s an offering of entertaining, informative, useful, colourful , .. lists of media products.
- Asked why blogger and chatter should need stern.de when top ten lists and subjective references are already a core element of web2.0,Thosen claims that stern-shortlist is going farther than theses lists, since specialist editors are working on thelists which are experts in this field.
- Asked if the affiliate link (and its revenues) is at the core of the business plan, Thomsen says that the busness plan is based on 95% revenue from ads and sponsoring and that the link to the partnersite is just an indispensible service offering and it would be absurd if the user couldn#t buy the product.
- Asked if they are receiving revenue shares from the sales, Thomsen answered that they would get a normal commision,, but they are not going to be online merchants. Most important to stern is bulding a strong community with lots of interesting lists. If somebody is going to buy something that’s fine, if not that’s too.
BTW.: Why didn#t they just choose shortlist.stern.de or at least made it a redirect to www.stern-shortlist.de? Even the germans now have learned about subdomains. I guess the programmes had that idea but where speaking some strange language that nobody in the stern.de management could understand. But i at least thought that they would have heard about subdomains in one of these expensive “brand building” seminars.
Let’s have a look
So what’s stern-shortlist.? It’s the idea of taking the ever popular (in terms of pageviews) top ten lists to what stern.de thinks is web2.0. It follows on the heels of besten.welt.de and hence is more or less a copycat of the idea. But whereas welt.de is mainly providing journalistic content with no or little links to affiliate sites (in fact i think they should use the content at least for targeted affiliate ads), IMHO, stern-shortlist is what i classify a
dumb affiliate shopping network.
Very little (not so original) teaser content is directly leading to product pages, whose complete content is completely coming from amazon through its AWS webservice.
But even Amazon adds a “Aus der Amazon Redaktion” header before a review and adds a “Dieser Text bezieht sich auf eine vergriffene oder nicht verfügbare Ausgabe dieses Titels.” or other disclaimer to the review when necessary.
stern-shortlists quality journalists doesn’t think that this is necessary. Maybe they even think that their user are to dumb to notice that it’s not stern-shortlists or an other users content. Maybe this is the reason why the chose not to link to the Amazon product page but to only add an add to shopping-basket link.
In order to be web2.0 they then decided that the user should do the work and write the teaser content. This follows the tradition of the popular translation of user-generated content in german publishing houses: “AAL – Andere arbeiten lassen”, meaning: let others do the work. Add to that T & C’s that look ridiculous to me and you get a better understanding of what stren thinks what web2.0 means. O i forgot two very important web2.0 features: Users can rate and comment. can theywrite their own reviews? Nope. Can they add their own product categories etc. Nope.
A closer look at the stern-shortlist content management system
So after reading the interview i did
a little bit of googling large amounts of intense research primarily looking around for other’s opinions on stern-shortlist. Instead i found a result linking to some site that had a quite simlar name, symfony project as title and stern shortlist app in its summary.
Since i’m interested in learning more about symfony (an ajaxy PHP Web framework to those of you who speak these strange languages that mere mortals don’t understand) i followed that link.
What i’ve found is what i interpret as the content management system used by the paid staff of stern-shortlist. As well as an abundance of at least potential loopholes. I was able to register and log-in. Interestingly the registration page has a check box saying “Als Mitarbeiter von Gruner + Jahr texte ich ohne Vergütung” meaning: As an employee of Gruner + Jahr i’m writing without being paid”. Nuff said.
Furthermore i was able to access and edit (it just edited a single character just for testing) not only my own list but arbitrary one just by looking at the url scheme and making (not so) educated guesses. Then i stopped because i don’t want to break havoc. So i didn’t:
- click on the delete links
- publish a modified list (at least they seem to have a double-check mechanism but i’m not sure if they are implementing also when modifying already published content)
- add inappropriate content to existing lists
The possibility of potentially doing so, also caused me not to include the url to that website. I think that this should be at least be on par with the security measures stern-shortlist has taken. I furthermore am going to notice to inform G + J on these potential loopholes, so hopefully this site will be no longer accessible for everybody ASAP.
I’ll include a couple of screenshots showing the login screen, an stats overview screen (how must lists created, edited etc.), list details screen showing that even the data fields for the list items are called ASIN (the name of the Amazon product idea), and an edit screen that shows that besides Amazon stern-shortlist will at least is also planning to cooperate with Jamba, the notorious ringtone giant (Haven’t checked if this is already live. I don’t think so.)