Trust Is Fragile…Wherein Hootsuite Tests Mine


Hootsuite Hijacks Web Browser

Trust is something that most businesses strive to develop with their customers/users/audience. Readers of  Chris Brogan will know it’s one of his cornerstones and something he’s written extensively about. Trust has to be nurtured and maintained as a value that guides everything you do.When companies gain the trust of their client base it makes for much easier marketing and communication, because you no longer have to prove how awesome you are – your customer already knows. However, this trust shouldn’t be leveraged in questionable ways that take advantage of the customer, nor should it be treated like a bank account from which you can make withdrawals.

For those that don’t know, Hootsuite is a service, with free and paid levels,  that allows you to manage multiple social profiles from one place. It’s a pretty great service that I’ve been using and advocating for several years.

So what has got me all riled up? Well the other evening while browsing the web, I noticed that when I was on a website, I would click on what looked like a link to a Twitter profile, but instead of taking me to Twitter, my Hootsuite dashboard kept opening up . WTF?? I thought perhaps it was just one particular website, but found it happened on other websites too. Not only was it becoming really annoying (I love Hootsuite, but sometimes I want to use Twitter.com) but I began wondering if I might have somehow downloaded some malware that was hijacking my web browser.

Around the same time, I noticed a posting in one of the LinkedIn groups I’m in from Rob Cubbon,a WordPress designer, expressing confusion about the exact same thing. And let me say, both of us are very tech-savvy people, but this had us both confused and a little concerned. I can only imagine how someone not-so-tech-savvy would feel about this.

I eventually realized that the Hootlet Chrome browser extension I use (which lets me quickly Tweet out links while I’m browsing), must have been updated and in doing so, activated WITHOUT MY PERMISSION a secret option that will automatically scan text on a webpage and wherever it sees words prefixed with @ or # (symbols commonly used on Twitter), it would turn them into links that looked like they would take you to Twitter, but that actually took you to Hootsuite. The screenshots below show this in action on Rob’s site (click for full size images).

hootsuite hijacks chrome browser
Hootsuite hijacks chrome browser
HootSuite forces twitter links to open in hootsuite

I’m sure Hootsuite thinks they were being helpful, but it was a really not-smart move and very un-helpful for several reasons:

1) Secretly changing the behaviour of a person’s browser is a no-no because guess what else secretly changes browser behaviour by redirecting links to unexpected places – MALWARE and website HACKS, that’s what! Why would you want your application to act like a spammer or a hacker? Way to seriously freak people out!

2) The way that Hootsuite displays Twitter profiles is not as good as Twitter itself – so why would you change a normal behaviour that is perfectly fine, to something that is worse?

3) If there’s one thing companies can learn from Facebook, it’s that users do not like unnanounced change and sneaky default options. So why would you mimic the behaviour of a company that has no integrity?!?

4) Not ALL text on a website that has a @ or a # is referring to Twitter. In fact, as the screenshots above demonstrate, Rob was seeing it happen on a post he had written in which he is demonstrating code (which also contains @’s and #’s written as plain text, not links) so the behaviour made no sense whatsoever. By the way, check out Rob’s post – it’s a good read on how to make a responsive child theme for WordPress

Eventually I found the option to turn it off this behaviour, but now my opinion of Hootsuite is seriously dinged. Generally I like their product, but this makes me seriously question their judgement and integrity – in fact I’m giving them the side eye as I write this.

If you are having this same problem, you can turn off this option one of two ways. Either right-click on the Hootlet icon itself and click Options, or go to Chrome > Preferences > Extensions and find Hootsuite Hootlet and click Options. Then you will see the ‘off’ switch for the option “Link Twitter status and user profile handles into the HootSuite dashboard.” Phew.

So the moral of the story is that as a business or brand, it can take a while to develop trust, but it may take only one incident to destroy it, so tread carefully. It helps if you are clear on your values as a company (even if your company is you, yourself and you) and you take those into consideration before making any changes or decisions.

So what do you think – would this type of shenanigans give you cause for concern as well?