Book Snails Book Group discussion

[Update, late 2021: GR is starting to block links to outside websites in some parts of this site, such as direct messages and some comment areas]

Goodreads currently is allowing (fake) authors to send friend requests to some GR users. These requests usually include a URL (web page link) which may lead to malicious/infected websites or files, or to pirated copies of e-books.

You can usually recognize these dangerous author-friend requests by one or more of these:

1. The "author" with 0 book reviews and 0 books (as seen under their name in the friend request).
2. The account is usually but not always from a non-USA country.
3. Includes a request to read or review a book, or offers a 'free' book to you.
4. The friend request includes a URL (web site link) to the 'free' book, or to something weird (like home improvement offers or stuff that has nothing to do with books).

Do NOT add these fake authors as friends.
Do NOT click on any URL (link) in their message.

Use the 'report' or 'block' feature to get rid of this request and alert Goodreads.

In my opinion, these friend requests are likely sent by automated bots, criminals, or idiots posing as authors. They hope you'll click on the link in the friend request and get their malicious payload, or be tempted to download illegal copies of books.

► TIP: To reduce the likelihood of receiving these dangerous requests, go to :

Account Settings --> Settings,
Scroll down to 'Friend Request' area,
Add a Challenge Question and (one word) answer

It can be something simple, such as "What is 10 plus 10?" Or "What season comes after spring?"

(most bots won't be able to answer, and most criminals won't bother).

Goodreads is well aware of this security loophole. It has been around for years, and there are current discusssions devoted to it. To date, GR has, for reasons I can't fathom, chosen not to plug this security flaw. It could be fixed with a simple filter (block all friend requests that include a URL, and/or block author-friend requests from authors we have not specificially followed).

Thanks! I had a friend request like that today.

Thanks for letting us know!!! Get on it, Goodreads, what’s wrong with you?!

Thanks Starman! I've received a couple of these myself and was suspicious enough to ignore their request as well as block them.

Also, I've been following the Goodreads Feedback thread and there is another issue related to privacy that everyone should know about....it is currently the subject of raging debate over in that thread and users are frustrated that GR doesn't seem to be taking things seriously...

Apparently, there is a glitch in the GR website where users who marked "show email to no one" in their profiles are still having their emails "accidentally revealed" to others whenever they send friend requests. This happens sporadically and there doesn't seem to be rhyme or reason as to whose email gets seen and whose doesn't. GR has been giving generic responses claiming that they are "working on" the issue but so far there is no resolution and very little in terms of updates.

Not sure when or if this issue is going to be fixed, but many users are concerned enough to either not send friend requests anymore or change their email to one that is not their main email address and/or doesn't reveal their true identities.

This one is definitely scary...makes me wonder what else GR is making public that we may have marked as private. Might want to be careful about putting too much personal information on this site, as it's obvious their security and privacy protocols are quite lax....

Thanks, Bkwlmee! Excellent suggestions (don't use your main/real email address or name, etc.).

I should also warn you that GR allows zillions of FAKE or dangerous groups as well. They usually have 1 member (the scammer), and are basically just a way for idiots to put in links to websites that try to sell you something, or get you to click on a malicious link.

WHY does GR do nothing about such?

It's also useless to report (flag) these to GR. They do nothing about it.
Surprise, surprise: GR finally deleted a particular fake group that I reported. Too bad they didn't remove the OTHER 23 fake groups the same user has created on GR.

I informed GR about several specific friend requests I've received from fake authors (0 books, 0 friends, 0 reviews, message is basically advertising spam with dangerous web links).

Here is GR's response:

"Hi there,

Thank you for contacting us, though we're sorry to hear about this situation. We've looked into this for you and can confirm that your account settings are set as private. If you do receive another unwanted message or email notification, you can flag the message to our attention directly from your Goodreads inbox. Alternatively, feel free to email us with direct links or screenshots, and we'll take care of it. If you have any additional questions or concerns, please don't hesitate let us know.

Sincerely, The Goodreads Team"

StarMan wrote: "I informed GR about several specific friend requests I've received from fake authors (0 books, 0 friends, 0 reviews, message is basically advertising spam with dangerous web links).

Here is GR's ..."

That’s not much of a response unfortunately...and isn’t reassuring given all the recent privacy and security related issues recently :-(

Hopefully GR truly prioritizes and fixes these issues soon (though I can understand why some users have lost confidence, as it seems that cosmetic tweaks to the site are being rolled out constantly, yet the functionality issues / bugs that have been brought up to staff for weeks/months/years seem to hang in limbo with no resolution)...

Thanks for the warning. Such warnings are so important.

Here is the GR group discussion I've been following concerning these fake friend requests:

[the group below has been deleted]


https://www.goodreads.com/topic/show/...

Thanks for the info and warnings.
To day i got a notification from a "Nicky" asking for sex and "I am following your reviews"...yikes!

I now have a private profile, but i am concerned that he is going to bug me on my email - i don´t know if he went through my profile and copied my mail. Idiot.

Yep, setting everything to private is a good idea. Lot of weirdos out there, unfortunately. 😕

Thank you so much

In some comments or parts of Goodreads (such as your user Profile, or direct messages), the Powers That Be have started blocking web links (URLs) to outside websites.

I guess that's a good thing, safety-wise.

Of course there are legitmate reasons to use links to a non-GR website, so it may be a bit aggravating to some nice folks here.

Some official GR info:

https://help.goodreads.com/s/announce...

and a discussion of the changes here:

https://www.goodreads.com/topic/show/...

What do members think about someone with not much of a profile (having only four friends and apparently not having read any books last year) offering to beta-read my novel manuscript? She seems friendly and chatty and has given me her email address so I think it will be fine. But I'm just a bit nervous about sending the whole thing to someone I don't know.

Jane wrote: "What do members think about someone with not much of a profile (having only four friends and apparently not having read any books last year) offering to beta-read my novel manuscript? She seems fri..."

😏 Personally, I wouldn’t do it… It seems pretty sketchy.

Erin wrote: "Jane wrote: "What do members think about someone with not much of a profile (having only four friends and apparently not having read any books last year) offering to beta-read my novel manuscript? ..."

Thank you, Erin. It certainly sounds sketchy. I should add that I posted in a group for authors seeking beta readers, which she responded to. But I think you've just helped me make my mind up.

Jane wrote: "What do members think about someone with not much of a profile (having only four friends and apparently not having read any books last year) offering to beta-read my novel manuscript? She seems fri..."

I probably wouldn't take the risk -- but I'm more paranoid overly cautious than most people.

It's ultimately up to you, but I would avoid anyone who doesn't appear to be an avid reader or writer. And I certainly wouldn't send a complete stranger more than a chapter of my work, at least initially.

Good luck on your manuscript!

More thoughts / paranoid ramblings: (view spoiler)[

Scammers are usually lazy, but remember this:   anyone can edit your document and upload it to Amazon etc. to have it published (at no cost to them) as a print-on-demand eBook; it would be up to you to prove plagiarism/theft.

However, if you want to simply send a stranger 2 or 3 pages of your work to see what kind of reply & input you get, that coud be elucidating, and relatively safe. Most GR beta readers are probably honest and well-meaning, but there are also scammers, or those who might attempt identity theft.

You can Google "how to find professional beta readers" for all sorts of advice from authors or writing-centered websites. -- but ultimately it's up to you how to proceed.

Some suggestions (not mine, and opinions will vary widely!):
https://rootedinwriting.com/how-to-fi...

If you want to go local, you might also consider asking at the library or college to see if there are local writing or reading groups who like to do beta reads (for free, or cheap). Ideally, you'd want some type of written feedback/suggestions (perhaps 1/2 to 2 pages). I'm part of a local group that sometimes has guests visit us to read parts of their work for critique.

Friends of friends interested in your genre are also a possibility, and are less likely to be afraid of hurting your feelings than family or close friends.

Many published authors seem to employ a combination of resources -- often a spouse or adult child, a first or second-level friend or two, and perhaps professional or hobbyist beta readers later.
(hide spoiler)]

StarMan wrote: "Jane wrote: "What do members think about someone with not much of a profile (having only four friends and apparently not having read any books last year) offering to beta-read my novel manuscript? ..."

Hi Starman,
Thank you very much for such a comprehensive reply - it's much appreciated.
And gosh - I hadn't thought about the possibility of the whole manuscript being plagiarised and passed off. What a terrifying thought. You might well have just saved me from falling off a cliff.
I wasn't aware of the Rooted in Writing site, and that's all good advice, so thanks.
I've also come across Reedsy, where you can get quotes from professional and semi-professional editors.
I'm in touch with a few other writers I was on a course with so might ask them to be involved, or as you say some second-level friends (first might be too embarrassing).
Thank you again and good luck with your own writing.

It's a new year, and here's your reminder to consider changing your Goodreads PASSWORD.

► GR instructions on changing password: https://help.goodreads.com/s/article/...

Reminder: please don't use the same password for multiple accounts. Thieves often try stolen email addresses and passwords on common websites (Facebook, Equifax, Amazon, Twitter, Instagram, credit card sites, etc) in efforts to steal even more information.

To see a list of recent data breaches, or to check if your email address may have been stolen, you can visit: https://haveibeenpwned.com/ and scroll down to see the list.