And what about the app providers themselves

Kristen Nicole asked: “When Did Facebook Get More Spammy than MySpace?” It’s all the buzz since the BBC reported that a widget third-party application can be used to gather personal data on its users - Facebook security.

Why there is an expectation that social network abuse wouldn’t grow inline with network expansion itself I cannot answer. Maybe it’s the morass of privacy settings available to the user - kind of like a security blanket even if you don’t have the time or the inclination to work through them all. Could it be the consistent public relations byline coming out of the organizations themselves? Or maybe it’s the constant buzz from the blogosphere and media. Personally, I expected the spam.

Nonetheless, I’m first to point fingers at the buzz. Quick and dirty searches for the two kings, associated with the word “spam,” produced the following results:

• ‘Facebook spam‘ - 7,330,000 hits
• ‘MySpace spam‘ - 6,560,000 hits

Not really much of a winner here. While even my own search results show Facebook in the lead, 10 hits to 2 hits, those figures are statistically insignificant. As is, I believe, the concept of spammers doing measurable damage inside the networks.

What I’d be more concerned about is this…

Facebook (and I’m sure MySpace) has the resources to put the kibosh on these issues (and Facebook is already claiming they pay careful attention to potential problems, although some of effort is aligned with natural attrition). But what about the application providers themselves?

The prevalent business model for the apps seems to be new media targeted marketing (i.e. internet advertising) - the apps/providers are collecting data…right? How good is their security? And how long before malcreants start mugging them instead of chasing their tails inside the fortresses?

Bruce Schneier, cryptography king, keeps his home network open. And despite what Tim Lee wrote in support of the idea, please don’t listen.

The justification is that the risk of someone using your network for illegal means is very low, while the risk of you getting hacked at the local coffee shop is potentially higher. Hence, worry about your machine, not your home connection.

I say BLAH! This piss poor argument ignores two significant points:

1) There is little or no benefit to you from opening your network; and

2) It takes minimal effort to secure your network with a password.

The risks may be low, but meanwhile you have nothing to gain. Meanwhile, the effort necessary to provide that little extra layer of protection likely outweighs the cost of that single long tail incident - one that could potential cause you tons of legal hassles.

If you are hell bent on providing web access to home visitors, I’ll take for granted that you trust them. Give them the key, like I do. Or if you’re wearing a tinfoil hat as you hand them their coffee, ask them to allow you to type it in yourself.

UPDATE: Being open can cause hassles (unless you don’t consider having your computer confiscated by less than technology savvy law enforcement officers a hassle).

Just a couple of points on OpenID security - may be redundant to those who have already thought through this stuff.

More security problems for Facebook. Add it to this previous post and roundup - it almost seems a pattern is emerging. First you open up, and everyone raves. Then you start putting out fires. Nevertheless, I truly hope Facebook gets these problems ironed out.

Meanwhile, the Facebook fanboys are so quiet you can hear crickets chirping. scratch that

UPDATE: Google has now removed the Blogspot blog that was displaying the stolen code (probably for the same reason I refused to link to it). You can probably assume it is not in the search index either, and if Google is on a nice-kick, they’ll hopefully remove other site pages showing the code as well.

Still, I’m always a bit skeptical of using browser plug-ins to enhance privacy/security.

In the last few days I’ve heard the death knell being rung for email, that people are abandoning their proven business networking applications, and that Digg will soon be dead.

All this at the hands of a social networking application that less than a year ago was the happy-go-lucky Saturday morning venue of hung over college students?

I see things differently…

The beauty of email is its ubiquity. If Facebook was going to supplant email, that would mean a billion Facebook accounts. Otherwise, people are going to find themselves out of touch at the hands of a closed network. The scenario: I move all my communication to Facebook. You email me and it either bounces, I don’t accept it, or I ignore it. You call me and ask me what gives. I tell you to join Facebook as that is the only way to communicate with me online. You tell me to piss off, because nobody tells you what to do. I miss the message, thereafter.

The same goes for business contacts, particularly when it comes to the sales-minded folks. They are not going to move because you move, and they are not going to move unless all their customers and prospects have already moved. Many of them haven’t even moved online yet - they like their paper rolodex and/or ACT!

I’m hard pressed to find something to say about the whole yummy/Digg bit, because A) I can’t look at the Google Reader/Facebook example Scoble pointed out without looking him up on Facebook, adding him to my friends list, and waiting for approval, B) can’t conceptualize it in my head because I don’t have a Ph.D. in theoretical physics, C) because I am too busy returning email messages from this morning, picking up the fricken phone, writing this blog entry, and consuming a tuna/spinach salad with tasty vine ripened tomatoes, to try reconstructing what Scoble did on my own Facebook page, and D) because I’ve visited Digg roughly four times in my life and don’t care if something “kills” it, particularly if that death requires some effort on my part.

I think Facebook is headed in a different direction anyway. They don’t need to stay closed, risk user over-reliance, or start killing off the competition. AOL already tried this. The app this and app that is just a stepping stone, lifted by others. It’s a proving grounds for truly useful tools, yet to be delivered but likely to come from the brick and mortar world. Wrapped in the privacy and security Facebook already offers, attracting the mainstream userbase Facebook can leverage into a valuation that is less loft and more foundation.

UPDATE: Are those piling on the Facebook ad performance issue simply doing so because they’ve become so attuned to advertising as the sole revenue driver of the web that they can’t think beyond it?

“I am shipping antivirus software for the platform anyway.” - Kapersky (another security company not worried about Vista security).

After a Russian hacker released a proof of concept flaw for Vista, security firm Determina validated the issue, and notified Microsoft of even five more.

No wonder security firms were unconcerned about losing business as a result of Vista. I wonder why they aren’t keeping quiet and just going about their business too, unless they think they will get some favors in return. Will they?

UPDATE: No matter - Microsoft is still supremely confident.

Information Week says you don’t have to wait for Vista to get its enhanced security - you can do it all now with Windows XP.

That tells me two things:

1) Vista’s security enhancements can’t be particularly mindblowing if you can replicate most of the behaviour now; and

2) Before you get started, you should ask yourself whether you can make the process less of a hassle than a top-shelf security guy could.

I’m not holding my breath.

***UPDATE***

Your best bet would probably be to attend the BlackHat get-together, and watch as Microsoft shows you how it is all done. I just hope the power doesn’t go out.

First people wondered whether the “enhanced security” of Windows Vista would plunder the multi-billion dollar computer security market. The talk there has quieted, as there is really no telling when the software might be released (and since you need a quad processor with 8 gigs of ram to run it, the uptake won’t be quick when it does).

So lets point the finger at the Microsoft OneCare program, and see if it raises any ire. Can it kill the Symantecs and McAfees of the world?

Alex Eckelberry seems to think so, but not because he is unconfident about his own Sunbelt products. Mr. Eckelberry thinks predatory pricing for Microsoft OneCare is the issue.

My notion is this: as long as folks are running Windows, viruses and spyware are going to run rampant. And as long as pests persist, security firms have a business model. As much as Microsoft wants to be in the security business, the more they push it the more people are going to wonder why the company is selling security protection for their own operating systems. In other words, I think there is going to be some level of rebellion at the notion.

If everyone ran Linux or OS X, security firms would have something to worry about.

***UPDATE***

Victor Godinez of the Dallas Morning News says using Microsoft OneCare is like “asking the fox to guard the henhouse.” I concur.