Category Archives: Facebook

Who’s the rube?

There is an old saying that when you sit down to a poker game if you can’t spot the rube, you’re the rube.

Given the recent news that Instagram has announced that they now have the rights to sell your photos, perhaps that should be good advice for online services. Here is a good hint; if you aren’t paying for a service, then at a minimum you aren’t a “customer”. Oh the service has customers all right, you’re just not in their number.

Update: of course XKCD nails this one better than I ever could.

I thought xauth was a Unix command…

Axel Nennker is calling out Google and Meebo for the privacy aspects of the new XAuth spec.

Peter Yarid has some thoughts here, but criticizes it more from a business than privacy standpoint.

Techie-buzz has this candidate for the understatement award:

There are of course privacy implications because not every user would want every website in the world to know what social networks it uses.

Gee, you think?

Living and dying in reputation time

Microsoft has done an interesting study that finds %70 of hr professionals surveyed had rejected applicants due to online reputation. Clearly people need to be more careful about not putting things out there that will hurt their reputation.

But why stop with just hiding the bad? How about accentuating the good? How about inventing the good?

Perhaps there is a great opportunity for a start up that would “puff” people’s online reputations for a small fee. If your prospective employer if browsing your Facebook page, wouldn’t it be great if Reverend Smith was thanking you for your great work you did at the homeless shelter last weekend, or kudos from your kids school for getting their library book fair organized? How about posts from one of your friends about how you helped him move into his new house? A reputation buffing service could plant this kind of reputation to really make you look like the kind of person that employers would want on their team.

Or you could go out and actually do those things… nah, that’s just crazy.

School bullies

Here is a story about a school district that is being sued for punishing students based on information gleaned from Facebook after demanding the students login credentials:

In what may be the latest example, a suit was filed in Mississippi that alleges a school official—more specifically a teacher acting in her capacity as a cheerleading coach—demanded that members of her squad hand over their Facebook login information. According to the suit, the teacher used it to access a student’s account, which included a heated discussion of some of the cheerleading squad’s internal politics. That information was then shared widely among school administrators, which resulted in the student receiving various sanctions.

As we noted when Bozeman, Montana attempted to obtain login credentials from anyone applying for a municipal job, it’s easy for anyone to view pictures and text that a Facebook user has chosen to make public simply by signing up for an account with the service. By demanding login credentials, authorities gain access to materials that users have chosen to keep private. Whether this is done because people intend to get access to private data or because they are simply unfamiliar with how Facebook operates isn’t always obvious, and probably varies from case to case.

Here is a hint to school officials everywhere: anytime you undertake a course of action that involves demanding login credentials for a service unrelated to school activities, it will ultimately end badly for you. Although you have been granted the power by the supreme court to regular violate student’s privacy (unwisely in my opinion) there are limits. Even if the school wins ultimately wins this case the damage to its relationship with the students and parents is not worth whatever you think you are accomplishing. Which in this case seems to be punishing a student for gossiping.

Students are going to insult you behind your back. Get over it. Grow up or find another profession.

Vigilante privacy audits

Ian Glazer of the Burton Group has created a Facebook app called Privacy Mirror that explores Facebook app privacy behavior. His results are quite interesting:

Imagine that Alice and Bob are friends in Facebook. Alice decides to add a new application, called App X, to her profile in Facebook. (For clarity’s sake, by “add”, I mean that she authorizes the application to see her profile. Examples of Facebook applications include Polls, Friend Wheel, Movies, etc.) At this point, App X can see information in Alice’s profile. App X can also see that Alice is friends with Bob; in fact, App X can see information in Bob’s profile. Bob can limit how much information about him is available to applications that his friends add to their profiles through the Application Privacy settings. In this case, let’s imaging that Bob has only allowed 3rd party applications to see his profile picture and profile status.

After a while, Alice tells Bob about App X. He thinks it sounds cool and adds it to his profile. At this point if App X, via Alice’s profile, looks at Bob’s profile it will see not only his profile picture and status but also his education history, hometown info, activities and movies. That is significantly more than what he authorized in his Application privacy settings. What is going here?

It’s well worth reading the whole thing. In summary, Ian makes the point that there is no way a normal user of Facebook would understand what privacy policy is being applied to applications in this scenario.

Facebook needs to clarify their privacy policies. Or fix them.

An OpenID game changer

One theme I have harped over the last year of so is that it means little for the big content providers to become OpenID providers if they don’t also become relying parties. You can’t build a highway with nothing but on ramps.

So far the vast majority of OpenID announcements by the big players have been to be yet another OP, or just signing up for the OpenID Foundation. It looks like the game is finally changing. Apparently Facebook is getting ready to become an OpenID Relying Party. From Inside Facebook:

Less than three months after joining the OpenID Foundation’s board as a sustaining corporate member (i.e. putting its weight and financial support behind OpenID), Facebook has just announced at the “technology tasting” event this afternoon at its Palo Alto headquarters that users will soon be able to log in to Facebook with their OpenID.

This could be huge for OpenID adoption, if it really happens.

A whole lot of I don’t understand it is running the scary headline of the day:

Social Networking Linked To ‘Infantilized Lifestyle’

The gist of the article is that social networking will make us “infantilized” or “autistic” or “something”:

In case you’ve run out of things to worry about, a British scientist has raised concerns about whether social-networking sites could be harmful to your social health. But other reports indicate new ways that social networking can expand relationships.

Oxford University neuroscientist Susan Greenfield, in a debate in the House of Lords, asked if such pastimes are changing the way brains function, shortening attention spans, and possibly even contributing to the rise of autism. Greenfield is a member of the House of Lords, where she holds the title of baroness.

I suppose pointing out that serious autism is diagnosed before age 5 would have any impact on the thinking here would be too much to hope for.

But perhaps the Baroness of Scary Headlines has a mountain of hard scientific research to back this up. Not so much:

“Perhaps given the brain is so impressionable,” Greenfield said, it’s possible that “screen life” is creating a more “infantilized lifestyle,” adding that Facebook and similar sites might create short attention spans. She acknowledged, however, that she did not possess any scientific research to back up her musings, and that it was “based on a little bit of neuroscience, observations, a bit of clinical evidence.”

Greenfield noted that “there is no one single or conclusive killer fact,” although she did report that a teacher acquaintance has noticed a decline in her students’ ability to relate to others.

In other words a little bit of pseudo science, a little bit of folklore, a pinch of something a friend told her, and a whole lot of I don’t understand this whole social networking thing.

Update – from an EA spokesman:

Electronic Arts, the major video game maker, says it has heard arguments like Ms. Greenfield’s before. “It seems like a new entertainment medium hasn’t really arrived until a scientist jumps up and says it’s making us all crazy. Balancing this are studies from equally credentialed researchers that show media like videogames actually enhance problem solving and other complex brain activity,” said spokesman Jeff Brown.

He added: “I’ll wait to read her study on her Facebook page.”

A different view on OpenID branding

Nico Popp has his new year’s wishes for OpenID here. There are a lot of good suggestions, but there is one I would be beg to differ with:

Everyone agrees that OpenID needs to emerge as a brand that consumers can recognize.

Clearly Nico’s definition of “Everyone” is slightly different from mine. At the very minimum it doesn’t include me. But putting semantics aside Nico continues:

Similarly to Visa for payment, Dolby for music and Gore-Tex for rainwear, OpenID ought to become the “ingredient brand” for identity. The reason the OpenID brand needs to emerge is that we need a “network mark” that transcends all the identity silos. Very much like consumers know that their bank card will work when they see the Cirrus network logo on an ATM machine, consumers need to know that their identity will work on a Web site that carries the OpenID network logo. A network mark has a simple yet powerful meaning. It does not matter whether the card is from Bank of America, Wells Fargo or WAMU, it just works with this ATM machine. It does not matter whether the identity is from Google, Yahoo! or MySpace, it just works with this Web site.

In the OpenID brand lies the one big problem. Although a strong OpenID brand will prove to be good for everyone in the long run (by creating ubiquitous interoperability, Visa helped card issuing banks make more money than they would made on their own), at this time, none of the large consumer companies involved in the OpenID foundation have any incentive to promote another brand than their own. Therefore, the foundation needs to create a forcing function. My recommendation would be to leverage its ownership of the OpenID intellectual property to enforce the network mark. Let us keep OpenID free to all, but let us require everyone who uses the technology and benefit from the free IP to display the OpenID logo.

I don’t think this is a very promising strategy. Rather than OpenID being branded, I believe the important branding is the Identity providers that would enable OpenID. In other words the brand should be Yahoo, Google, and other big identity providers, not OpenID. In the same way the brand the Facebook users care about is Facebook, not Facebook Connect.

Trying to push the OpenID branding above the identity provider branding will inhibit OpenID adoption, not enhance it.  You are then asking identity providers to do something not in thier own best interest.

The average user doesn’t care about OpenID. What they care about (if they care about such things  at all) is that by using OpenID they can use the identity provider they already have a relationship with to explore new and interesting services that would automatically know who they are, without them having to register at every page.

The comparison to Visa is a bit off the mark. People care about Visa because it is an enabling service. OpenID is not. It is a means by which an identity provider becomes an enabling service.

Just my two cents.

The difference between Facebook and Passport

Paul Madsen points out an unflattering comparison between Facebook Connect and Microsoft Passport:

It seems FaceBook Connect is the new Passport.

There is a lot to this comparison, but there is one important distinction. But first a disclosure; I have in the past developed implementations of SAML, Liberty, InformationCards, and WS-Federation specifications. I am a big fan of standards and open specifications. But I have also written integration code to authenticate using Microsoft Passport because I have to make a living.

The main distinction between the two is that there are a whole lot of people who don’t mind Facebook being in the middle. Microsoft never had a site that drew the kind of devotion levels that Facebook enjoys.

Will that ultimately make a difference and allow Facebook Connect to succeed where Passport failed? I’m not sure, but I wouldn’t bet against it.

When Open Source Software Makes a Political Statement

An interesting case of an OS drop down widget that made a very political statement. And not one that the web site operator shared (from Instapundit). The social networking angle in this story is also fascinating.