loose wire blog

Accused of spamming: Prerna Gupta, founder of Yaari.com

Look at a social networking site lie Yaari and you can see where the social networking phenomenon may fail, simply by abusing the trust of its users.

Sites like LinkedIn, Plaxo etc rely on expanding quickly by offering a useful service: trawling your address book to find friends and contacts who use the same service. We’ve gotten used to this, and it’s a great way to build a network quickly if you sign up for a new service.

But any service that uses this needs to stress privacy, and put control in the hands of users. Plaxo learned this a few years back. Spam a user’s contact list without them realising and you invite a firestorm of opprobrium on your head.

But surprisingly some services still do it. And in so doing they risk alienating users from what makes Web 2.0 tick: the easy meshing of networks—your address book, your Facebook buddies, your LinkedIn network—to make online useful.

Take Yaari, a network built by two Stanford grads which has for the past two years abused the basic tenets of privacy in an effort to build scale.

What happens is this.

You’ll receive an email from a contact:

It’s an invitation from a “friend” which

• gives you no way to check out the site without signing up. The only two links (apart from an abuse reporting email address at the bottom) take you to the signup page.
• neither link allows you to check out your “friend”  and his details before you sign up.

If you do go to the sign up page you’ll be asked to give your name and email address:

Below the email address is the reassuring message:

Your email is private and will stay that way.

But scroll down to below the create my account button and you’ll see this:

By registering for Yaari and agreeing to the Terms of Use, you authorize Yaari to send an email notification to all the contacts listed in the address book of the email address you provide during registration. The email will notify your friends that you have registered for Yaari and will encourage them to register for the site. Yaari will never store your email password or login to your email account without your consent. If you do not want Yaari to send an email notification to your email contacts, do not register for Yaari.

In short, by signing up for Yaari you’ve committed yourself, and all the people in your address book, to receiving spam from Yaari that appears to come from your email address. (Here’s the bit from the terms: “Invitation emails will be sent on member's behalf, with the 'from' address set as member's email address.”)

You should also expect to receive further spam from Yaari, according to the terms:

MEMBERS CONSENT TO RECEIVE COMMERCIAL E-MAIL MESSAGES FROM YAARI, AND ACKNOWLEDGE AND AGREE THAT THEIR EMAIL ADDRESSES AND OTHER PERSONAL INFORMATION MAY BE USED BY YAARI FOR THE PURPOSE OF INITIATING COMMERCIAL E-MAIL MESSAGES.

In other words, anyone signing up for Yaari is commiting both themselves and everyone else in their address book to receiving at least one item of spam from the company. Users complain that Yaari doesn’t stop at one email; it bombards address books with follow-up emails continually.

Needless to say, all this is pretty appalling. But what’s more surprising is that Yaari has been doing this for a while. I’ve trawled complaints from as far back as 2006. This despite the company being U.S.-based. I’m surprised the FTC hasn’t taken an interest.

So who’s behind the site? This article lists two U.S.-born Indians, Prerna Gupta and Parag Chordia, and quotes Gupta as saying, back in 2006, that to preserve the integrity of the network access is restricted to the right kind of Indian youth. I’m not young, I’m not Indian, and I’m probably not the right kind, so clearly that goal has been abandoned.

Here are some more details of the two founders.

Gupta, who is 26, is an economics major who graduated in 2005, was working for a venture capital firm in Silicon Valley called Summit Partners until 2005. Her facebook profile is here; her LinkedIn profile is here. According to this website she once won the Ms Asia Oklahoma pageant (her hometown is listed as Shawnee in Oklahoma, although she lives in Atlanta.

Chordia, chief technology officer at Yaari, has a PhD in computer music, and is currently assistant professor at the Georgia Institute of Technology, according to his LinkedIn profile. His facebook profile is here.

There’s a video of them here. An interview with Gupta last year indicates that they’re going hell for leather for size:

We are focused on growing our user base and becoming India’s largest social networking site within the next two years. Our goal for the next year is to become one of India’s Top 10 Internet destinations.

What’s interesting is that nearly every site that mentions Yaari and allows comments contains sometimes angry complaints from users. In that sense Web 2.0 is very effective in getting the word out. Unfortunately if Yaari and its founders continue to commit such egregious abuses of privacy, we can’t be sure many people will trust such websites long enough for the power of networking sites to be properly realised.

(I’ve sought comment from Gupta, which I’ll include in this post when received.)

A study of mobile phone data shows that we are extraordinarily consistent about our movements. Mobile phone data, unsurprisingly, provides rich pickings for researchers since we carry one around with us all the time, and, unlike dollar bills, it’s more likely to stick with one person. But some have questioned the ethics of such a study.

The BBC reports that the study, by Albert-László Barabási and two others, shows we are much more predictable in our movements than we might think:

The whereabouts of more than 100,000 mobile phone users have been tracked in an attempt to build a comprehensive picture of human movements.

The study concludes that humans are creatures of habit, mostly visiting the same few spots time and time again.

Most people also move less than 10km on a regular basis, according to the study published in the journal Nature.

This is fascinating stuff, and perhaps not unexpected. But appended to the Nature news article on the study are two signed comments by readers alleging that the authors of the study didn’t follow correct ethical procedure. Someone calling themselves John McHaffie says

What is particularly disturbing about this study is something that the Nature news article failed to reveal: that Barabasi himself said he did not check with any ethics panel. And this for an action that is, in fact illegal in the United States. Disgusting lack of ethics, I'd say. And the statement from his co-author Hidalgo isn't much better: "We're not trying to do evil things. We're trying to make the world a little better". The old "trust me, I know better" argument. Maybe this two should take a basic graduate-level ethics course.

I’ve not yet confirmed it, but it’s likely to be John G. McHaffie of the University of Wake Forest. Another commenter, Dan Williams, calls for a federal investigation of the school involved in the study.

I don’t have access to the original Nature article, so I can’t explore this further right now. But the Nature news item itself says that “Barabási and his colleagues teamed up with a mobile-phone company (unidentified to protect customers' privacy), who provided them with anonymized data on which transmitter towers had handled the calls and texts for 100,000 individuals over the course of 6 months.”

This is clearly gold. The article suggests that others have long sought to get their hands on mobile phone data. It quotes Dirk Brockmann of Northwestern University in Illinois, as saying that he had not been able to expand a study he did using dollar bills because of privacy issues:

Strict data-protection laws prevented Brockmann from carrying out his own version of the mobile-phone study in Germany, where he was based until recently. Mobile-phone data have the potential to reveal information about where individuals live and work. “I’ve been trying to get my hands on mobile-phone data but it isn't possible,” he says.

Privacy issues aside, the study is fascinating, and could be useful in monitoring disease outbreaks or traffic forecasting. (I wrote about one using Bluetooth a couple of days ago.) And how about riots? Unrest? Shoppers?

BBC NEWS | Science/Nature | Mobile phones expose human habits

Research from Purdue University shows that Bluetooth would be a very good way to track travel time. Bluetooth devices give off unique IDs which could be used to measure speed and movement of pedestrians and vehicles.

But why stop there? Wouldn't it be possible to track people via their Bluetooth signal, if you knew one of their device IDs? Anyway, here's the abstract (thanks, Roland.)

Travel time is one of the most intuitive and widely understood performance measures. However, it is also one of the most difficult performance measures to accurately estimate. Toll tag tracking has demonstrated the utility of tracking electronic fingerprints to estimate link travel time. However, these devices have a small penetration outside of areas served by toll facilities, and the proprietary tag reading equipment is not widely available. This paper reports on tracking of a wide variety of consumer electronics that already contain unique digital fingerprints.

Method uses 'Bluetooth' to track travel time for vehicles, pedestrians

I'm puzzled.

I can't understand this quirk in Facebook that means I can't politely brush off someone requesting my friendship without giving them access to all my friends and a lot of my info. 

Receive a friend request and you get this message:

I have a rule that I don't make buddies with people I've not actually met, or know online. Instead I divert them to LinkedIn, a sort of frat house for networking. Facebook is for friends. So I usually try to brush them off with a message.

Only you can't do that anymore.

Click on the Send message button, and you get this text at the bottom of the message window:

It says:

If you send xxxx a message, you will give them permission to view your list of friends, as well as your Basic, Work and Education info for one month.

In other words, you can confirm someone, you can ignore someone, but you can't send them a message that says "do I know you?" or "not sure we've met, how about you email me on LinkedIn?" Well you can, but you've got to give them some of the biggest keys to your little Facebook kingdom first.

Why? What is the point of that? What possible benefit is it to me to allow that to happen? Why would I let someone I haven't met, and who I have no friends in common with, have access to that kind of information? And, more importantly, shouldn't I be a little bit worried that my Facebook friends are allowing this to happen? How many of us actually read those little notes?

I am trying to think of a logical reason for this. Why would Facebook make it impossible for someone to reply to a request with a message that does not commit them to giving access to their information?

The only reason I can assume, perhaps because of my conspiracy-addled mind and limited brain power, is this: If the person requesting the connection has access to that information, so do most of the applications he is using. Facebook doesn't care how long the connections last between users; all it cares is that it has access to the data. Who cares if it's only for one month? That information only needs to be grabbed once. In other words, my theory goes, that data is valuable enough for Facebook to create a sort of trapdoor through which unsuspecting folk might allow their data to be compromised.

Or am I missing something? I must be.

A dear friend was supposed to drop something off around 11 pm last night. I turn in around that time, so I just nodded off. Luckily I didn't hear her SMS come in around 1 am. But I could have. I consider the phone the primary communications device--if someone has an emergency, that's how they're going to reach me--and so you can't really close it off. But how do you filter out stuff like my ditzy friend SMS-ing me at 1 am to tell me that after all she's not going to drop something off?

In short, how can we set up filters on our communications channels so they don't drive us mad?

One is not to give out your phone number. I keep a second prepaid phone around and I give that number, and that number only, to people I do business with. That phone gets turned off on weekends and evenings. I often don't answer a cellphone call if I don't recognise the number; if it's important enough, I figure they'll SMS me first, or else they'll already be on my contact list.

Another is to confine and contain online. I don't accept contacts on Facebook unless I've met them in person (and like them.) Everyone else I point to LinkedIn. I've noticed a lot of people are now following me (and everyone else, it seems; I'm not special) on Twitter so I've scaled that back to 'public' observations.

Indeed, Web 2.0 hasn't quite resolved this issue: We've been campaigning to bring down those walled gardens, but we've failed to understand that garden walls (ok, fences) make good neighbors.

Email is still a burden: I'm still getting a ton of stuff I didn't ask for, including press releases from UPS, just because I once complained to them about something, and stuff from a PR agency touting posts on a client's blog (that's pretty lame, I reckon. What would one call that? "My-Client-Just-Blogged Spam"?)

One way I've tried to limit incoming stuff is through a page dedicated to PR professionals. I then point anyone interested in pitching to me to that page. I'm amazed by how few people who bother to read it, but I'm also amazed at how good the pitches are by those that do. (And of course, I then feel bad that I don't use their painstakingly presented material.)

I like this from Max Barry, author of Jennifer Government, who gives out his email address but says If you put the word "duck" in your subject (e.g. "[duck] Why you're an idiot"), it's less likely to be accidentally junked. What a great idea.

Then there's simple things that help to keep the noise level down: Subscribe to twitter on clients like Google Talk and you can turn it on and off just by typing, well, on or off. (You can also turn on and off individuals, so if scoble is getting a bit too much for you, just type 'off scoble'. I've always wanted to be able to do that.)

I'd like to see more and better filtering so we don't have to succumb to the babble.

Stuff I'd like to see:

• Phones that change ringtone or volume after a certain time unless they're from some key numbers.
• SMS autoreturns, that say "The person you sent this message to is asleep. If you need to wake him/her, please enter this code and resend. Be aware that if the message is not urgent or an offer of money/fame/sexual favors you may face disembowelment by the recipient."
• Oh, and while I'm at it, the ability to opt out of Facebook threads if they lose your interest.

And, finally, a way to turn down friends and contacts from my communication channels without them knowing. A great service, in my view, would be one that appeared to authorise their requests to be your buddies, but didn't. Call it faux-thorising.

It might be time to remove a) all your data and b) all third party apps from your Facebook profile. Here's why.

Add a Facebook app -- SuperPoke, all that kind of stuff -- and you're required to agree to "allow this application to...know who I am and access my information." Disagree and you can't install it.

Now this may be fine for you. But what the application doesn't say is that the application is also now able to access the private data of your friends. To be clear about this, I'm not talking about friends who also agree to install the app; I'm talking about all your friends, period.

And most applications do access this data, without really needing to, according to research by the University of Virginia. In other words, by accepting someone's friendship on Facebook, you're agreeing to allow all the third party apps they install to access your private data.

What is private data? Well, think your name, your profile picture, your gender, your birthday, your hometown location...your current location...your political view, your activities, your interests...your relationship status, your dating interests, your relationship interests, your summer plans, your Facebook user network affiliations, your education history, your work history,...copies of photos in your Facebook Site photo albums...a list of user IDs mapped to your Facebook friends. (from Facebook's Application Terms of Service, via Webware.)

This is not good. Especially when you consider that this data is stored, not on Facebook's computers where you and they might be able to keep an eye on it, but on the computers of the third party apps. And this is where it gets tricky.

Facebook's response to these revelations, detailed and explored by Chris Soghoian over at Webware, is that it's basically up to us users to gauge whether a Facebook app is kosher and going to be careful with our data. But who are these third party developers?

I explored this a bit last November, when I tried to find out who was behind one app called ATTACK! I eventually was able to, but it wasn't easy, and it definitely wasn't just a question of visiting their homepage (they didn't have one, although the developers have since posted a comment there saying they hadn't had time to set one up, and have changed certain features. It still doesn't have a link to any webpage that might give a user any insight about who is behind the app, though the developers do provide links to their Facebook pages.)

The points are twofold:

• Our data is vulnerable to the weakest link in the chain, which will be a friend we've given full access to who installs every third party app there is. Do you know who all your friends are, and can you trust them not to install every app they come across?
• We're endangering our friends' security by installing third party apps.

For me the bigger issue is this. Facebook is already facing investigation in the UK for making it too hard to delete one's personal data. So, if these third party apps are storing our data without our knowledge on their own computers, what happens to that data if we decide to delete our private data from our Facebook account, or our Facebook account entirely? How do we know what is deleted and what isn't?

Exclusive: The next Facebook privacy scandal | Webware : Cool Web apps for everyone

Listening to Mark Anderson's predictions for the coming year on the BBC World Service with Peter Day. A lot of his stuff is spot on, and what I've been thinking (a lot less coherently):

• Small portable computers -- he's talking about the Samsung Q1, but he could also be talking about the Nokia N95 of the Asus Eee PC. He says that there's research showing a 7" x 9" screen is the optimum size for users to absorb and handle information. I haven't seen that, but I think there's definitely a sweet spot there, at least for users on the road (where we tend not to need to handle large amounts of data, instead focusing on what's next up the pipe -- that meeting, that story, whatever. What I think will be most interesting, though, is when the screen can adapt to the situation or environment -- a foldable screen that can fit your seat size, expanding when you need it to something much bigger. 
• Revolt by users over privacy issues. I think ex-Microsoft blogger Robert Scoble, as ever, is through his dabbling with a Plaxo screen-scraping tool, finding out before the rest of us that what we thought was our data, isn't. (This isn't strictly true; Facebook does allow you to export your friends' data via a third party app called FriendCSV.) Anderson's point was that people don't like things like Facebook's Beacon, which monitored users' activity on participating websites, but I think bigger will be people's growing realisation that all the time they've spent on Facebook isn't easily transferable. 
• Pervasive Internet: It won't be a big thing. It'll just be there, a place where we store and find stuff. A key element in this is flat rates for cellular data. It's beginning to happen, but I still get a real shock when I see my cellphone bill. Speed is also an issue.

Of course, he said all this much better, and understands the wider context (oil prices, that kind of thing). But it's good to know someone who charges $600 for a newsletter to the likes of Bill Gates isn't that far off in his thinking from a minnow like me.

Technorati Tags: scoble, plaxo, mark anderson, future, 2008, mobile computing, cellphones, mobile data, pervasive computing, facebook, privacy

Maybe this is commonplace for others, but I've just got my first sex-chat-spam on Skype. It's from someone called Veronica Sexy, whose profile indicates that it's unlikely to be someone I've met and just forgotten about (as if I would):

Just in case you can't read that last bit, it reads:

can't wait to get real nasty and show off :) IM REAL MISS WEB CAM!

Reply to the message and immediately you're asked to share your contact details (a la Skype.) I didn't risk having Veronica spam all my friends (not sure how that would work, but I've got some nice people on my list, and I'd hate for them to be upset.) But I did reply to her message, and her responses were quick, and, dare I say it, felt a trifle automated:

[8:53:55 AM] Veronica sexy says: Hi are U busy?
[9:03:43 AM] Jeremy Wagstaff says: hi
[9:03:50 AM] Veronica sexy says: How are u ?
[9:04:30 AM] Jeremy Wagstaff says: i'm great. who are you?
[9:04:31 AM] Veronica sexy says: I would love to chat with you, come on http://www.SkyperSex.com !!!

[9:04:36 AM] Jeremy Wagstaff says: no thanks
[9:04:37 AM] Veronica sexy says: I would love to chat with you, come on http://www.SkyperSex.com !!!

[9:04:45 AM] Jeremy Wagstaff says: i'm a bit busy. really
[9:04:47 AM] Veronica sexy says: My internet connection  is very bad come on http://www.SkyperSex.com !!!

[9:04:54 AM] Jeremy Wagstaff says: my internet connection is great!

That was the last I head of Veronica, although her scent lingers on.

The web address, by the way, is pretty much what you expect it will be -- lots of alleged clips of ladies cavorting. The administrator of the website is one Alexandrof Tiberiu in Moscow, who also owns www.yourlivecams.com.

I guess what's interesting here is that Skype don't seem to do much policing of this kind of thing. This could be a sex site spam, or it could be something worse.

(If you want to prevent Veronica getting in touch with you, go into Skype options, Privacy settings, and click on the Show Advanced Options button. Make sure the Allow chats from... option is only people in my Contact List:

Chances are Veronica won't come calling. Frankly, your life won't be the poorer for it.

I can't find the original article on the IHT website, but there's a great piece in today's edition on how pharmaceutical companies push their drugs by funding -- I would say bribing -- doctors. It's written by Daniel Carlat, who writes a blog and publishes the Carlat Psychiatry Report.

The most interesting part of the piece is on something called prescription data-mining, where data from pharmacists on prescriptions -- what patients are given what medicines -- are linked to the doctors prescribing said medicines. This allows pharmaceutical companies to target doctors and get them to push their drugs by paying them to make presentations to other doctors.

Carlat himself made $30,000 in a year doing this before he saw the light. He is now a major critic of the practice, and challenges in a recent blog post the absurd industry defense of the practice of prescription data-mining that it's all about transparency:

Today, however (on a tip from PharmaGossip), I read the most absurd argument in its defense yet, reported in yesterday's Philadelphia Inquirer. The reporter, Karl Stark, quoted Jody Fisher, Verispan's vice president of product management, as saying: "Doctors are trying to create a special right of privacy. I can certainly appreciate where they're coming from. But the way the world is going is toward increased transparency of information."

"Transparency of information"! What a wonderful Web 2.0 buzz phrase!

Of course, I'm interested because you can see in it the power of data-mining. The original pharmacist data doesn't include the doctors' names, only their Drug Enforcement Agency registration numbers. It's the American Medical Association that effectively reveals the doctors' names to Big Pharma by licensing its file of U.S. physicians, allowing data-mining companies like IMS Health and Verispan to match the numbers with the names, Carlat writes in today's IHT piece. The AMA makes millions of dollars in this process, by the way.

Are similar things being done with our Internet-based data? Is the anonymous becoming less anonymous? If it's not being done now, assume it will be in the future. It's a great example of how data aren't always valuable until they're linked to other data, and then they're extremely valuable.

The Carlat Psychiatry Blog: September 2007

The best way to keep tabs on who is linking to your Flickr photo album is through Technorati, the blog-tracking service. But it's not as straightforward as it could be, so here's a guide, based almost entirely on that provided by the Technology Evangelist Ed Kohler, for which I offer grateful thanks.

Setting up the Technorati end

Sign up for Technorati if you don't already have an account.

Go to Technorati's start claim page, and click on the Blogs tab:

Scroll to the bottom of the page to the Claim a Blog section and paste in your Flickr.com page into the URL box:

Click on the Begin Claim button:

You'll be taken through a four step process, the next stage of which is to choose your "claim method". Use the Post Claim method if you're offered more than one, by clicking on the blue link, as per below:

In the next screen follow the instructions by selecting the prepared code in the light green box:

Setting up the Flickr end

This is where it gets trickier: open a second browser window, go to your Flickr account and choose a recent photo that's public. Choose the "Edit title, description, and tags" link on the right hand side:

In the description box of the photo delete all existing descriptions (copy them if you like to a text file -- you can always paste them back later.)

Copy the code from the Technorati box into the Description field of your Flickr photo, deleting all the stuff that isn't the link:

(Removing both other descriptions and the HTML code seems to be important. Without it, it might not work.)

Save changes to the photo:

Wrapping it Up

Now go back to the Technorati page you were on before and click on the button "Release the Spiders!" This will instruct Technorati to go look at your Flickr page and look for the code:

When this is complete you should receive a message on the Technorati page saying it's successfully added your Flickr page to your list of monitored blogs. If it's unsuccessful, go back to the Flickr image and check

• the photo is public 
• you've removed all other Description text 
• you've removed the HTML from the link

and try releasing the spiders again.

Monitoring your Flickr photos

So how do you actually keep tabs on the Technorati page?

Once your Flickr page is "claimed" it should appear on your Technorati page (http://technorati.com/people/technorati/[YOURNAME]). Click on the green Authority button below the link to your Flickr page:

You should see a list of those blogs and websites linking to your photos:

Either bookmark this page, or else subscribe to its RSS feed. Either way, you should now be able to keep tabs on who's linking to your Flickr photos.

Still the big players don't get it. Still they drive people like me nuts, and confuse ordinary users, with their sly tactics that confound and bewilder.

Above, for example, Microsoft's Windows Media Player provides a list of files that it will play by default. All are checked automatically, including DVD video, midi files, WAV files and MP3 files. Nowhere is there a button for deselecting all of them. Weirdly, at the top is a message that says

Window Media Player 9 Series will be the default player for the file types that are selected in the following list. You must be logged on as administrator or a member of the Administrators group to change these settings.

Microsoft's way of confusing users who think this is something that they can't control, and intimidating them into not trying. Nowhere does it say "You can uncheck these boxes if you like; of course you'll have to do it one by one, which we're hoping you won't have time to do." (I timed it; it took about 10 seconds. That's ten seconds of my life I'm not going to get back.)

RealPlayer is notorious for this kind of thing. I installed it the other day. The Media Types window, steers the unsuspecting user to signing away all their rights with a big obvious option and one lesser option:

If you are stupid enough to ignore that, you can try figuring out which files you want RealPlayer to deal with, which of course, has everything checked by default:

There is, however, an "Deselect all" button. And alongside each format is a helpful note about what software that file type is currently assigned to. Their sneaky trick, however, is to hide the important one, the reason you presumably installed the player, so that you have to scroll down below the visible list to find the Real file types. There's no button marked "Just let the Player handle the things it's supposed to handle, and leave me alone, OK?"

Actually, this whole thing is a kind of battle, a bit like the default browser battle. Everybody seems to play the same game, with varying degrees of sneakiness/sleaziness. Back in the Preferences window of RealPlayer is a checkbox that lets RealPlayer fight back, in case you've decided against allowing it to play everything. Although in its defence, the first time it notices you've left the reservation, you get a warning, which says "RealPlayer is no longer the default player for some audio and video files:

Still, the wording is sufficiently cheeky to confuse the more casual user: "Do you want to keep RealPlayer," it asks, as the default player for these file types?"

I like the word "keep" instead of "revert" or "return". Most users are conservative. They don't want to change things. RealPlayer execs probably sat in an office all afternoon thinking about the wording to that little message. This message will keep popping up, by the way, each time you change one of these file types until you tell it to stop.

Window Media Player, meanwhile, is a bit weirder. Windows' file system will acknowledge that control of the file type has passed hands, but WMP won't. Instead, in the file types options window, the checkbox will be ticked but "dimmed":

The help file helpfully says:

If a selected check box is dimmed, Windows Media Player has only partial ownership of the file type. Multiple file extensions are assigned to the file type, but the Player only plays some of those extensions by default. To give the Player full ownership of a file type, double-click the dimmed check box.

I've read that second sentence a couple of times, and still don't know what it means. But to me the implication is clear: It's virtually impossible for Windows Media Player to surrender all rights to a file type unless you actually uncheck the right box in the options window. And you may notice that the only way into the options window is through a menu that can only be accessed on the default Windows Media Player skin by a little arrow in the left hand corner:

The bottom line: I can understand that control of media is valuable real estate for these guys, but I really feel for the poor folk who are trying to just play music, or videos or whatever. There must be a better way of doing this.

We're probably being too kind to Facebook, and, in particular, to the third party applications that plug into it. They're abusing user trust and committing sins we castigate others for, so we should be consistent: Many Facebook applications are spam.

Take this one, for example, illustrated above. It's called ATTACK! and upon accepting an invitation from someone the screenshot above (reduced for privacy reasons) is the first page you see. You're encouraged to invite friends:

To make it easier for you, the first 10 friends on your alphabetical list have already been selected (what it must be like to be called something like Adam), and the only button available is the big blue one that says:

There are, as far as I can see, no alternative buttons. No options to just skip the inviting part, or to unselect the existing friends, meaning you've got to unselect the ten manually. If you do that and then click the blue button you get another message:

And the ten are selected again. Hang on a minute; wasn't I invited by someone else to play this game? (Laying aside, for a moment, why I would be playing a game during work hours of dubious intellectual or work-related relevance.) Why can't I just accept his invitation and start playing?

By now I've forgotten who invited me and the invitation has disappeared. So has my enthusiasm for playing the game. Or having anything to do with Facebook applications.

To be fair, quite a few friends seem to love these things. What troubles me is that if these applications are so cavalier with well-established norms of non-spamming etiquette, how cavalier are they with our personal data? Remember every third party application requires the user to select this box:

without ever going into detail about which information. All my information? Just a bit of information? Facebook has a lot of my information -- not as much information as it used to, because I deleted a lot of it in a moment of panic (beware if you remove the fact that you're married from your personal information, as you'll get messages from people as they see in their status feed a broken heart icon and the words "Jeremy Wagstaff is no longer married" broadcast to all your friends. It is, however, a good way to find out what people really think of your marriage.)

So who is behind ATTACK!? Who are we giving that information to? Well, it seems to belong to a company called Presidio Media LLC. I say "seems" because there is no link to a company web page; the copyright sign includes that company's name, which also seems to be responsible for games of Poker, Blackjack and Lotto. The company website, however, is empty, and I can't find any registration information. There are three email addresses on the Facebook page, suggesting from their email addresses that they're behind tribe.net, a social networking site.

Given Facebook has enjoyed huge popularity with what I would call social networking virgins -- those who have not previously explored this online wonderworld of sharing information -- I am, like some party pooper, troubled by the implications, even as we all frolic in this newfound social whirl.

But it's probably just me. Anyway, whoever invited me to play ATTACK!: sorry. Let's do it offline in the pub.

Jaiku, the presence, Twitter-like-but-better tool, has been bought by Google. Great news, I would have thought. But then I thought again. Google? The guys who already know too much about me? With access to all my stream of consciousness? Knowing where I am? So I checked out the Jaiku Privacy Policy. What data would/might Google be interested in? Here's what they would have access to, assuming you're using Jaiku on a phone and a computer:

• the usual cookies
• your mobile number
• your mobile network operator, cell ID, city, country, cell name
• whether you are currently using the phone or whether the phone is idle
• phone's ring profile
• Bluetooth buddy/laptop/desktop count
• the duration and description of current/previous/next calendar event
• an indication of whether a call is currently in progress (3G only)

On top of this Google would have access to any personal information you may have stored with Jaiku in your profile. This could include:

• name and email address
• address
• home town
• birth date
• gender
• biographical information
• instant messaging user names
• personal interests.

Needless to say, there are the usual paragraphs about how your personal information may be shared with a new owner:

In the event Jaiku enters into a joint venture or is acquired by or merged with another business entity, we may disclose your personal Information to our business partners or new owners.

And that things may change, without you being able to do anything about it:

Consequently, we also reserve the right to modify this Privacy Statement at any time in our sole discretion. You agree that such alteration shall be effective upon posting on the Jaiku.com web site and you will be bound to any alterations when you use the Service after such alteration is posted.

Nothing too surprising there. But the thing here is to remember that Jaiku is Google's first real foray into a potentially very lucrative space: Mobile. While there are modest gains to be made from throwing ads at static online (folk accessing Jaiku from their laptop or desktop) the real benefits accrue when users are mobile.

Jaiku's mobile widget fits pretty seamlessly into your address book, enhancing the profiles of fellow Jaiku users with photos, presence messages, their upcoming appointments (I was alerted by a friend that I had inadvertently given permission for Jaiku to access my whole calendar; "have you called your Mum yet?" he asked, cheekily, after seeing that was my next engagement.)

All this information outlined above would be available to Google, to let them fire ads at us. For the first time, as far as I know, an advertising company not only has access to what we're doing (our presence message), they have access to where we're doing it (the cell ID etc), what we're doing next (the calendar), how long we'll be doing it for (the duration of the event), whether we're focused on something else (indication of whether we're on a call), as well as the usual preferences we may have registered in our profile (gender, age, interests, etc.)

The point here is that Jaiku is one of the first of such tools to shift the social web to the mobile social web. (Another is ShoZu, which moves photo uploads, and the communities around them, to mobile.) I love both services and use them a lot. But perhaps now is the time to ponder just how much personal information we either consciously or unconsciously hand over when we use them, and how comfortable we are about it.

It's one thing to feel somewhat stalked at your desk, but another to feel stalked via your mobile.

Scoble makes some good points in a blog posting about why Microsoft, and more specifically his old boss Steve Ballmer, doesn't get Web 2.0. I don't agree with everything Robert says, but he has an understanding of this era of the web born of living and working in its eye the past seven years:

“There can’t be any more deep technology in Facebook than what dozens of people could write in a couple of years. That’s for sure,” Ballmer said.

When I worked at Microsoft I heard this over and over and over again from various engineers and program managers who STILL haven’t competed effectively with WordPress, Flickr, Skype, YouTube, or any of the other things over the years I’ve heard this “we can build that in a few weeks” kind of arrogant attitude attached to.

Why aren’t they succeeding? Because eBay is NOT about the technology. It’s about the community and unless you have something that’ll convince the buyers and sellers all to switch all at one moment you’ll never be able to take eBay’s market away. Translation: it’s too late and eBay has huge defensibility around its business because people won’t move away from it even if you demonstrate 5x better technology.

I think Scoble fuses two different phenomena here, but the point is a valid one. But a marketplace is not quite the same as a community. eBay is not really about the community, it's about the marketplace. As anyone who has tried to move a physical market -- a wet market, say -- from one location to another has found, it's not easy. eBay (and Amazon) are about first mover advantage. If you want to sell or buy something, you go to the place most likely to sell it.

Facebook et al are different. They're definitely about community. But community is maybe the wrong word, because it carries with it connotations of permanence that don't really exist. MySpace, Facebook etc may still be as big in a few years' time, but somehow I doubt it. They're social spaces that open and close like real spaces -- less communities, more campsites. Campsites may be there for years, but the structures are impermanent and can, one day, move or disperse.

I agree with Robert, too, that people who use these services ain't just kids. That's the most interesting thing about Facebook, in my view: the Skype-like opening up to less techie, older users because of the untechie attractions of being able to find and communicate with acquaintances and ex-colleagues with whom they share loose ties.

Social networking has broken out of its narrow confines, and this has huge implications. But we should be careful before we assume that this will evolve in the same way social networking has evolved for the geek community: these new users won't stick around for ever adding apps of less and less consequence and communicating with all their buddies via Facebook.

Eventually, everyone finds everyone they need to find on Facebook and bores of the services designed to keep them there. Then they'll want to export the address book and the creative capital they've invested in Facebook and move it someplace else. If they are blocked from doing that, their interest in such tools will quickly wane. We geeks are happy to populate new social networks by repeating all the data entry necessary to make the sites worthwhile, but non-tech users will be less patient (or actually have lives offline.) For them it's about the people; the apps are just a pleasant distraction.

Then there's the money. Robert is right: Facebook is an advertiser's dream. But it has yet to be proven that Facebook users (and we're talking non-tech users here) are going to tolerate too much intrusiveness. Gmail has scared a lot of non-tech users away, based on anecdotal evidence, because of its intrusive ads. I think Facebook will similarly scare people away if it mines that user data too deeply.

This all said, it is a puzzle as to why Microsoft has ignored this new world. All its tools beg for greater interactivity and sharing, but why is it I use Microsoft only when I'm typing this (the free Windows Live Writer), or when I'm writing a Word document, or emailing it to someone? If I want to discuss the document, or collaborate on a spreadsheet, I turn to Google Docs. Nowhere does Microsoft try to make that process easier or more social. Think of all the opportunities missed in those simple actions.

Steve Ballmer still doesn’t understand social networking « Scobleizer

Ministers' homes at the new capital, Pyinmana

Burma has shown us that we're not as clever, or free, as we thought we are.

It's a sign of how the Burmese generals don't really understand things that it took them so long to cut off the Internet:

Reporters without Borders and the Burma Media Association reported that the government cut off all Internet access in the country on Friday morning and they said that all Internet cafes in the country also have been closed. The Web site of the Myanmar Post & Telecommunications, the government-run telecommunications provider, appears to be down.

The Internet was something we didn't have to help us back in 1988 in covering the uprising. Actually we didn't have very much: a total of about eight international telephone lines into the country, the official radio which would broadcast once or twice a day, and which we'd monitor courtesy of a weird contraption in a special room that also spewed out garbled copies of the official news agency reports.

We'd spend most of the day in the Bangkok office trying to get a line in, cajoling and sweet-talking the female or male (we knew no shame) operators into trying again, and again, to get a line. When we got a connection we'd ask the person who picked up as many questions as we could, whether it was Aung San Suu Kyi or just some guy who happened to have a telephone. Once a day we'd pick up the monitoring by the U.S. embassy of other official radio broadcasts and pore over them as if they were the Dead Sea Scrolls. Occasionally we'd interview someone who managed to get out; my first ever wire service story was the Dutch ambassador going on the record at Don Muang airport about some of the horrors he'd seen. When we did get into Burma all we had in the office was an ancient telex machine.

Nowadays, 19 years on, there's more technology out there than we could dream of back then. Not just the Internet: camera phones, mobile phones, satellites, GPS. But I'm also surprised at how little these really help. Burmese have bravely organized demonstrations via cellphone, and sent out information by Internet, but those channels are largely closed now, leaving us to join a Facebook group, wear red, or turn to satellite to try to glean information.

The American Association for the Advancement of Science has analyzed satellite photos which it says "pinpoints evidence consistent with village destruction, forced relocations, and a growing military presence at 25 sites across eastern Burma where eyewitnesses have reported human rights violations." This is more about the continuing (and long-running) war against insurgents and populations in border areas caught up in those wars. But it's instructive to see their before and after satellite photos, like these ones:

Before-and-after satellite images show the site of an apparent military encampment in Burma on 11 November 2000, (top), and again on 13 December 2006 (bottom), when new bamboo fencing can be seen. The human rights group, Free Burma Rangers, reported a major expansion of this camp in 2006, corroborated by the AAAS analysis of images. (Lat: 18.42 N Long: 97.23 E.)

Credit: Top image: © GeoEye, Inc. Bottom image: © 2007 DigitalGlobe.

The AAAS has a Google Earth layer here to illustrate the before and after. The full report (PDF, big file) is here.

The AAAS is currently collecting satellite images of urban areas to see what it can glean; it reminds me of 1999 in East Timor when satellite imagery showed up some of the destruction cause by the retreating Indonesian army. But such images can do little more than illustrate something that has happened, and not bring to life the actual suffering and abuses on the ground.

Indeed, I'm surprised and a bit disappointed that technology can do so little to pry open a country if its government decides to close it off. We talk about information wanting to be free, but we tend to forget how that information still requires power and a channel in order to escape. Shut off the power, shut off the channel and the information is as much a prisoner as the Burmese people presently are.

AAAS - AAAS News Release

Is business networking site Congoo resorting to spam to build its user base? I suspect it is.

Congoo is on one hand a good idea -- a place to gather and monitor content on your industry, including content that is usually subscription only (like WSJ.com, who publish my weekly Loose Wire column.) But it's also a networking tool -- indeed, its blurb emphasizes that over the content:

But I don't like being spammed, and I think Congoo may be doing that. Of course, they're not alone in being accused of spamming -- the likes of Plaxo, Zorpia and other networking services make it overly easy for a new recruit to send an email blast to everyone in their address book without them realizing it. To me that's spam. Even Facebook isn't entirely blameless: Add any application to your profile and you're usually within a whisker of spamming all your friends unless you're alert and scout around for the "skip" button.

But Congoo seems to be taking a different, and in a way more openly spammy, approach. It's emailing non-subscribers -- apparently at random -- inviting them to join the network -- with no apparent invitation from an existing user, or even a personalized email to indicate the recipient is being chosen for a specific reason. Here's part of what I got this morning, from someone called Rebecca Simpson, identified as "Manager Network Development":

We would like to formally invite you to add your professional profile on Congoo. You may recognize many of the professionals already featured:  Media & Advertising  Healthcare  Internet Finance Technology  Politics  & Law

Rebecca's Congoo profile says she has "specialized in working with press and media outlets to distribute information. I have also organized and executed guerilla marketing campaigns as well as developed proprietary systems and methods for measuring ROI on Web buzz."

That may be so, but frankly I'm not impressed at this particular pitch. No attempt is being made to categorize me, as I've shown only an amateur's interest in healthcare, and my grasp of law goes no further than thinking 'tort' must be in some way related to the word 'retort'. And I've had no prior dealings with Congoo that I can recall aside from several pitches from their (somewhat, er, insistent) PR company, whose own contact database could do with some consolidating.

It appears I'm not alone in thinking this might be a bit too spammy to be decent business practice. The net-abuse mailing list last week collected four examples of an identical message from one Heather Faulkner, who also happens to carry the title of "Manager Network Development" (how many managers of one department are you allowed? I'm not really up to date on that kind of thing), while the spam manager at AKBK Home captured more than 50 in a few hours.

And then there's Congoo's own policy on spam, of which this seems itself to be a transgression:

Congoo is concerned about controlling unsolicited commercial e-mail, or "spam." Congoo has a strict policy prohibiting the use of all Congoo mail accounts to send spam.

I've asked Congoo for more information on this, and on their policy about emailing people. At best, I've got it all wrong and it's all a big mistake. At worst, it's a pretty poor display of a networking site trying to build its base through tactics that make it little different to those of a Viagra salesman. Times may be tough amidst the runaway success of something like Facebook, and the critical mass of LinkedIn, but stoop low and there's no way back to standing straight.

I really hate being asked for lots of private details just to download a product. In short: People shouldn't have to register to try something out. An email address, yes, if absolutely necessary.

But better not: just let the person decide whether they like it. It's the online equivalent of a salesperson shadowing you around the shop so closely that if you stop or turn around quickly they bump into you. (One assistant in Marks & Spencer the other day tailed me so closely I could smell his breath, which wasn't pleasant, and then had the gall to signal to the cashier it was his commission when I did, without his help, choose something to buy.) I nearly put some Marks & Spencer Twiglets up his nose but that branch doesn't sell them.

Anywhere, latest offender in this regard is Laplink, who ask for way too much personal information just to download trial versions of their products, including email address, full name, address, post code, company name. Then they do that annoying thing at the end of trying to trick you into letting them send you spam with the old Three Tick Boxes Only One of Which You Should Tick if You Don't Want To End In Every Spammers List From Here To Kudus Trick:

Rule of thumb there is to tick the third one in the row because it's always the opposite of the other ones. As if we're that stupid.

The other rule of thumb is never to put anything accurate in the fields they do require you to fill out. Not even your gender. Childish? Yes, maybe, but not half as childish as their not trusting you enough to decide whether you like the product on your own terms and not fill their spamming lists.

Of course the better rule of thumb is not to have anything to do with companies that employ such intrusiveness and trickery, but we'd never do anything then.

Young hospital worker using her cellphone in a phone booth, Jakarta, April 2007

Either she uses the phone booth out of habit from her pre-cellphone days, or else she’s making use of a privacy feature of old technology — the sound-proofing booth — her new technology doesn’t offer.