Google Alerts Drops RSS Delivery Option

Barry Schwartz of Search Engine Land points out that Google Alerts Drops RSS Delivery Option, which is pretty upsetting. The message says that “Google Reader is no longer available,” and says users need to switch to email alerts.

Screen Shot 2013 07 03 at 4 11 08 PM

Seems that Google is either just dumping RSS wholesale or that the feed engine that ran the RSS alerts was part of the Reader infrastructure. (You can still subscribe to Google News alerts by RSS, and news search terms, it seems, so I have no idea what the link is.) 

As commenters point out, this is going to break a lot more than simply Google Alerts. A lot of websites embedded feeds into their sites using Google RSS alerts:

Screen Shot 2013 07 03 at 4 08 11 PM

It’s an odd state of affairs for Google, which either didn’t anticipate the backlash or is so intent on chasing Facebook that it doesn’t care.  

Another option suggested by commenters: Talkwalker Alerts – The best free alternative to Google Alerts. It even looks like Google Alerts: 

Screen Shot 2013 07 03 at 4 10 30 PM

Haven’t tried it but seems to offer the goods. 

Facebook’s Many Faces

The other day I found myself in a restaurant in northern Japan explaining to a South Korean acquaintance of less than a day how I divided my social networks up. LinkedIn, I said, was for people I needed to know, or who felt they need to know me. Facebook was for my friends — people I had known for a long time, family, I keep my Facebook world for my real world friends, I said. He nodded sagely before we were interrupted by two young Japanese from across the table who had just joined the throng. 

I dutifully rummaged round for my business cards for the time-honored ritual of using both hands to exchange cards and study them intently. Our new dinner companions, had no truck with that. We don’t have business cards, one of them said, whipping out his iphone. But give me your name and I’ll add you on Facebook. I wasn’t quite sure what to make of this etiquette-wise, but turning him down was not an option. My Korean friend kindly avoided pointing out my hypocrisy as I dutifully helped my even newer friend add me to Facebook. Within the hour he had tagged me on several photos of diners other than myself, which in turn had been commented upon by at least 60 of his friends. All  of course, in Japanese. 

Welcome to the weird world of Facebook. Foolish people call it a nation, And if you glanced over the shoulder of anyone at an airport, in Starbucks, on a train, in the office, at  the familiar blue ribboned page as they check back in to their portable community, you might be forgiven for thinking they inhabit the same country. But it’s not and they don’t. It’s a reflection, an adaptation of the culture, or subculture, of the people who populate it, And while there’s perhaps more overlap than the physical world between those cultures, there’s still plenty of room for the culture shock of finding yourself in another part of the Facebook planet. Only there are no guidebooks and rules, just people trying to muddle through. Like me in that Sendai restaurant. 

This is of course both good and bad. I actually quite like having some folk on my Facebook page chattering away in a language I need Microsoft or Google to make sense of. But it doesn’t make us friends. And it does somewhat devalue the connection that Facebook builds to my real friends. Their updates get crowded out by the friends who aren’t really my friends. 

But the bigger point is this. Facebook is not homogenizing the world. In fact, it’s a mirror of the cultures from which we come. And by mirror I mean mirror. Take Facebook photos, for example: Researchers have found that Americans, despite being individualistic by nature, prefer to share photos of themselves in groups on Facebook. Compare this with China, or even Namibia, two societies considered group-oriented, where users are much more likely to share photos of themselves standing alone,, smart and polished, often not even against a background which might justify posting the photo. Researchers believe this is because of the desire in such societies to project a good image of themselves to the group. 

Go figure. It might help explain my Japanese friends and their business card etiquette. Perhaps for them the exchange of business cards is an intimate expression of trust, and the most obvious online equivalent of that is the Facebook friending.. I with my Western hypocrisy and shallowness make no such commitment with my business card exchange. Or maybe they’re just a subset of a of subset of a subculture that thinks business cards are silly and Facebook is cool. I have no idea. Facebook it seems, is as interesting and confusing to navigate as the real world. Thank God for that. 

The Real Revolution

This is also a podcast, from my weekly BBC piece. 

While folks at the annual tech show in Vegas are getting all excited about a glass-encased laptop, the world’s thinnest 55″ TV and a washing machine you can control from your phone, they may be forgiven for missing the quiet sound of a milestone being crossed: there are now more smartphones in the world than there are ordinary phones.

According to New York-based ABI Research, 3G and 4G handsets now account for more than half of the total mobile phone market. Those old ‘dumb phones’ and the so-called feature phones–poor relations to the computer-type iPhone or Android device can–are now officially in decline.

This is, in the words of ABI Research’s Jake Saunders, “an historic moment.” While IDC, another analyst company, noticed that this happened in Western Europe in the second quarter of last year, Saunders points out: “It means not just mobile phone users in Developed Markets but also Emerging Market end-users are purchasing 3G handsets.”

So why is this a big issue? Well, a few years back it would have been hard to convince someone in an emerging market to shell out several hundred bucks for a phone. A phone for these folks was good for talking and sending text messages. That was a lot. And enough for most people–especially when the handset cost $20 and the monthly bill was even less.

Now, with prices falling and connectivity improving in the developing world a cellphone is so much more: It’s a computer. It’s an Internet device. It’s a portable office and shop front. It’s a music player. A TV. A video player. A way to stay in touch via Facebook and Twitter.

And for the industry these people in emerging markets are a life saver. For example: The developed world is pretty much saturated with smartphones. People aren’t buying them in the numbers they used to.

But that’s not to say the feature phone is dead. In fact, for some companies it’s still an important part of their business. Visionmobile, a UK based mobile phone research company, says that Nokia–busy launching its new Windows Lumia phones in Vegas–is still the king of feature phones, accounting for more than a quarter of the market.

And they just bought a small company called, confusingly, Smarterphone, which makes a feature phone interface look more like a smartphone interface. So clearly at least one company sees a future in this non-smartphone world. In a place like Indonesia, where the BlackBerry leads the smartphone pack, nearly 90% of phones sold in the third quarter of last year were feature phones, according to IDC.

So companies see a big chance for growth in these parts of the world. But they also need the spectrum. If you’re a mobile operator your biggest problem now is that smartphone users do a lot of downloading. That means bandwidth. The problem is that one piece of spectrum is for that 3G smartphone, and another is for your old-style 2G phone. The sooner you can get all your customers to upgrade their handset to 3G, the sooner you can switch that part of the spectrum you own to 3G.

So this is a big moment. We’re seeing a tipping point in the world’s use of cellphone use, from a simple, dumb communication device to something vastly more useful, vastly more exciting, vastly more lucrative. All those people moving over to smartphones

ABI Research reckons there’ll be 1.67 billion handsets sold this year. That’s one in four people buying a new device. Forget fancy Vegas. The real revolution just started.

Quaintness in Salt Lake

(This is the script for a piece I did for the BBC World Service. Posted here by request. Podcast here.)

Something rather quaint is going on in a Salt Lake City courtroom. A company called Novell, who you’d be forgiven for not having heard of, is suing Microsoft over a product called WordPerfect, which you also may not have heard of, which it says was hobbled from running on something called Windows 95 to protect its own product, called Microsoft Word.

To be honest, you don’t need to know the ins and outs of this Microsoft law suit; nor do you really need to know much about Novell—once a giant in word processing software, and now a subsidiary of a company called The Attachmate Group, which I had never even heard of. Or, for that matter Windows 95—except that once upon a time people used to stay up all night to buy copies. Sound familiar, iPad and iPhone lovers?

It’s weird this case is going on, and I won’t bore you with why. But it’s a useful starting point to look at how the landscape has changed in some ways, and in others not at all. Microsoft is still big, of course, but no-one queues up for their offerings anymore: Indeed nobody even bought Vista, as far as I can work out. But back then, nearly every computer you would ever use ran Windows and you would use Microsoft Office to do your stuff. You couldn’t leave because you probably didn’t have a modem and the Internet was a place where weird hackers lived.

Now, consider this landscape: Apple make most of their money from phones and tablets. Google, which wasn’t around when Windows 95 was, now dominate search, but also own a phone manufacturer, have built an operating system. Amazon, which back then was starting out as a bookseller, is now selling tablets at cost as a kind of access terminal to books, movies, magazines and other things digital. Facebook, which wasn’t even a glint in Mark Zuckerberg’s 11 year old eye at the time, is now the world’s biggest social network, but is really a vast walled garden where everything you do—from what you read, what you listen to, as well as how well you slept and who you had dinner with—is measured and sold to advertisers.

All these companies kind of look different, but they’re actually the same. Back in 1995 the PC was everything, and so therefore was the operating system and the software that ran on it. The web was barely a year old. Phones were big and clunky. So Microsoft used its power to dominate to sell us what made the most money: software.

Now, 15 or 16 years on, look how different it all is. Who cares about the operating system? Or the word processor? Or the PC? Everything is now mobile, hand-held, connected, shared, and what was expensive is now free, more or less. Instead, most of these companies now make their money through eyeballs, and gathering data about our habits, along with micropayments from data plans and apps, online games and magazines.

And to do this they all have to play the same game Microsoft played so well: Dominate the chain: Everything we do, within a Hotel California-like walled garden we won’t ever leave. So my predictions for next year, most of which  have been proved true in recent days : A Facebook phone which does nothing except through Facebook, an Amazon phone which brings everything from Amazon to your eyes and ears, but nothing else, an Apple-controlled telco that drops calls unless they’re on Apple devices. Google will push all its users into a social network, probably called Google+ and will punish those who don’t want to by giving them misleading search results. Oh, and Microsoft. I’m not sure about them. Maybe we’ll find out in Salt Lake City.

Phishy Facebook Emails

Facebook phishes are getting better. Compare this one:

facebook real

and this:

facebook scam

Notice how the key bit, supposedly defining that it’s a legit email, is successfully and convincingly faked: image

The only difference that stands out is the domain: facebookembody.com. Although Google classified it as spam they didn’t warn that it would go to a website that contains malware. So be warned. Notification emails aren’t such a good idea anymore, if they ever were.

Social Media Phishing Hazards

As usual, I feel we’re not being smart enough about the way that scammers improve their skills. We demand everything to be easier, and they just reap the winnings.

What they’re exploiting is the fact that we use a lot of different services (twitter, email, Facebook), and services within services (those which use those primary services as authorisation—in other words, borrowing the login name and password) to make things easier for us or to offer ancillary services (backing twitter, measuring the number of Facebook friends you have in Angola, etc etc).

All of this leaves us vulnerable, because we tend to get overwhelmed by the number and complexity of the services we subscribe to. Scammers exploit this.

I found this message in my inbox the other day:

image

The text reads:

Hello,

You have 2 unread message(s)
For more details, please follow the link below:
http://twitter.com/account/message/20111007/?userid=789837192

The Twitter Team

Needless to say, the link itself goes elsewhere: http://lewit.fr/primitives.html which is, as far as I know, a phishing website (so don’t click on it.)

This scam isn’t new; this website talks about it last year—though they seem to have improved the spelling (it used to be ‘unreaded’).

This is clever, because while Twitter says we won’t send you messages like that, of course they do, all the time:

image

So it’s understandable why people might fall for this trick. (I don’t actually know what the trick is, but I assume that if you visit an infected website they’ll try to get as much malware on your computer as you can, so this is not (just) about grabbing your Twitter details.

What worries me is this: The usual defence against this, if Google or whoever is hosting your email hasn’t caught it, is to inspect the link under the link. In other words, to look at the actual link that the proffered link conceals. In the above case, the twitter.com/account etc link is really going to the lewit.fr page. But you’ll only know that if you mouse over the link and look at the status bar in the bottom of your browser, or paste the link somewhere else. If the link looks dodgy you know not to go there.

Or do you?

Take this email I received at more or less the same time:

image

It’s a request from backupify (an excellent backup service) for my twitter account.

The problem I have with it is this: The Backupify link in Step1 is actually this link:

http://mkto-l0091.com/track?type=click&enid=[etc] (I’ve removed the rest.)

How can I tell this is a legit email? Well it’s addressed to me, but spearphishing is pretty good these days. And chances are I’ve succumbed to backupify’s prodding to tweet to the world that I’m using their service, so an accomplished phisher need only harvest those twitter accounts which have mentioned backupify. Child’s play, in other words, to get into my account.

But the domain looks extremely dodgy. In fact a who is search reveals it belongs to a company called Marketo Inc which is basically an email marketing firm. So that suggests it is legi—or that their site has been infected. I have no way of knowing.

Now everyone uses these third party companies to handle bulk emails; that’s understood. But when you’re asking to ‘reauthorize’ an account this effectively means you’re handing over details of your account to a third party—a step that should be treated in the same way as reentering passwords or other sensitve account details. You shouldn’t be using a third party emailer for that.

I’m going to reach out to backupify and see what they say about this. It’s not the first time I’ve seen this, and I suspect it’s more widespread than one would like to think. For users, I think the lesson is clear: Don’t click on a link if you’re not sure. Go to the actual page of the service in question and check it out that way.

DigiNotar Breach Notes

Some folk have asked me for more details about the DigiNotar breach after my brief appearance on Al Jazeera this morning. So here are the notes I prepared for the segment. Links at the bottom.

Background

web security certificates are digital IDs issued by companies entrusted with making sure they are given to the right company or organisation. It allows a user to set up a secure connection between their computer and the organisation’s website. Browsers will show a little lock or some other icon to signify the certificate has been found and is trusted.

Hackers broke into a Dutch company called DigiNotar, itself owned by US firm Vasco Data Security, in mid June. DigiNotar is one of hundreds of companies around the globe called certificate authorities that issue these authentication certificates. Browsers contain a list of which CAs they can trust.

These hackers would have been able to steal existing certificates or generate their own, meaning they could now, with the help of an Internet Service Provider, launch what are called Man in the Middle Attacks–meaning they could intercept traffic, a bit like tapping a telephone.

DigiNotar noticed that something was amiss in July, but didn’t realise the extent of the breach until late August, by which time more than 500 (531) fake certificates were issued. While some cover domains like the CIA and MI6, these are probably just distractions. The key ones are a dozen issued for domains like Google, Facebook and Skype.

Why do we think this was about Iran?

Studies of the validation requests–browsers pinging DigiNotar to confirm the certificate’s authenticity–showed that during August the bulk–maybe 99%–of the traffic was coming from Iran. When the certificates were eventually revoked, Iranian activity dropped.

Moreover the attackers left some quite obvious clues. They left calling cards: transcribed Farsi which translates into slogans such as  ”I will sacrifice my life for my leader.” “unknown soldier”

Why might Iran be interested?

Well, we now know that a lot of countries like Syria intercept ordinary Internet traffic through something called Deep Packet Inspection. This means that the government is basically snooping on web traffic. But when that traffic passes through these secure connections, it’s much harder. So the holy grail of any internet surveillance is to get a hold  of those certificates, or work around them. This is a brazen attempt to do this.

All Internet traffic in Iran has to go through a government proxy, making this kind of attack much simpler. The government ISP just uses the certificate to pretend to be Google, or whatever, and then passes the traffic on.

Is it the government?

This is harder to confirm. The Dutch government is investigating this. A similar attack took place against an Italian CA in March, and it shows similar fingerprints.

But the fact that the certificates were stolen and then used seems to suggest some official connection.

What could they have discovered?

Quite a lot. All the traffic that was intercepted could be deciphered.. meaning all browsing and emails. But it also may have captured cookies, meaning passwords, which would have made it easy to hack into target accounts and sniff around old emails, dig out other passwords, or hack into associated accounts, such as Google Docs.

Moreover, some of the certificates compromise something called The Onion Router, a service which anonymizes web traffic. Though TOR itself wasn’t compromised the certificates could convince your browser you were talking to TOR, whereas in fact you’d be talking to the attacker.

Should other people be worried?

Yes, Some browser developers have been more forthcoming than others; Google Chrome and Firefox have been quick to respond. Others less so. If you’re in Iran or think you may be targetted, it’s a good idea to change your password, and to check that no one has altered your forwarding details in your email account. You should also upgrade your browser to the latest version, whatever browser you use.

DigiNotar made some horrible mistakes: one Windows domain for all certificate servers, no antivirus, a simple administrator password. There were defaced pages on the website dating back to 2009. One has to wonder what other certificate authorities are similarly compromised. We rely on these companies to know what they’re doing. They’re the top of the food chain, in the words of one analyst.

We should now be looking closely at the previous breaches and looking for others. This is a ratcheting up of the stakes in a cyberwar; this kind of thing has real world impact on those people who thought they were communicating safely and will now fear the knock on their door.

In the future this is likely to lead to a change in the way certificates are issued and checked. I don’t think DigiNotar is going to survive this, but I think a bigger issue is bound to be how this security issue is handled. I think governments which look to the Internet as a tool for democratic change need also to be aware of just how dangerous it is to encourage dissidents to communicate online, whether or not they’re being careful.

News:

BBC News – Fake DigiNotar web certificate risk to Iranians

DigiNotar – Wikipedia, the free encyclopedia

Fake DigiNotar certificates targeting Iranians?

Expert reports/analysis:

DigiNotar Hacked by Black.Spook and Iranian Hackers – F-Secure Weblog : News from the Lab

Operation Black Tulip: Fox-IT’s report on the DigiNotar breach | Naked Security (Sophos)

Fox-IT report, operation Black Tulip (PDF)

VASCO:

Acquisition DigiNotar

VASCO DigiNotar Statement

Comodogate:

Comodo Group – Wikipedia, the free encyclopediaackground

web security certificates are digital IDs issued by companies entrusted with making sure they are given to the right company or organisation. It allows a user to set up a secure connection between their computer and the organisation’s website. Browsers will show a little lock or some other icon to signify the certificate has been found and is trusted.

 

Hackers broke into a Dutch company called DigiNotar, itself owned by US firm Vasco Data Security, in mid June. DigiNotar is one of hundreds of companies around the globe called certificate authorities that issue these authentication certificates. Browsers contain a list of which CAs they can trust.

 

These hackers would have been able to steal existing certificates or generate their own, meaning they could now, with the help of an Internet Service Provider, launch what are called Man in the Middle Attacks–meaning they could intercept traffic, a bit like tapping a telephone.

 

DigiNotar noticed that something was amiss in July, but didn’t realise the extent of the breach until late August, by which time more than 500 (531) fake certificates were issued. While some cover domains like the CIA and MI6, these are probably just distractions. The key ones are a dozen issued for domains like Google, Facebook and Skype.

 

Why do we think this was about Iran?

 

Studies of the validation requests–browsers pinging DigiNotar to confirm the certificate’s authenticity–showed that during August the bulk–maybe 99%–of the traffic was coming from Iran. When the certificates were eventually revoked, Iranian activity dropped.

 

Moreover the attackers left some quite obvious clues. They left calling cards: transcribed Farsi which translates into slogans such as  “I will sacrifice my life for my leader.” “unknown soldier”

 

Why might Iran be interested?

Well, we now know that a lot of countries like Syria intercept ordinary Internet traffic through something called Deep Packet Inspection. This means that the government is basically snooping on web traffic. But when that traffic passes through these secure connections, it’s much harder. So the holy grail of any internet surveillance is to get a hold  of those certificates, or work around them. This is a brazen attempt to do this.

 

All Internet traffic in Iran has to go through a government proxy, making this kind of attack much simpler. The government ISP just uses the certificate to pretend to be Google, or whatever, and then passes the traffic on.

 

Is it the government?

This is harder to confirm. The Dutch government is investigating this. A similar attack took place against an Italian CA in March, and it shows similar fingerprints.

 

What could they have discovered?

Quite a lot. All the traffic that was intercepted could be deciphered.. meaning all browsing and emails. But it also may have captured cookies, meaning passwords, which would have made it easy to hack into target accounts and sniff around old emails, dig out other passwords, or hack into associated accounts, such as Google Docs.

 

Moreover, some of the certificates compromise something called The Onion Router, a service which anonymizes web traffic. Though TOR itself wasn’t compromised the certificates could convince your browser you were talking to TOR, whereas in fact you’d be talking to the attacker.

 

Should other people be worried?

Yes, Some browser developers have been more forthcoming than others; Google Chrome and Firefox have been quick to respond. Others less so. If you’re in Iran or think you may be targetted, it’s a good idea to change your password, and to check that no one has altered your forwarding details in your email account. You should also upgrade your browser to the latest version, whatever browser you use.

 

DigiNotar made some horrible mistakes: one Windows domain for all certificate servers, no antivirus, a simple administrator password. There were defaced pages on the website dating back to 2009. One has to wonder what other certificate authorities are similarly compromised. We rely on these companies to know what they’re doing. They’re the top of the food chain, in the words of one analyst.

 

We should now be looking closely at the previous breaches and looking for others. This is a ratcheting up of the stakes in a cyberwar; this kind of thing has real world impact on those people who thought they were communicating safely and will now fear the knock on their door.

 

In the future this is likely to lead to a change in the way certificates are issued and checked. I don’t think DigiNotar is going to survive this, but I think a bigger issue is bound to be how this security issue is handled. I think governments which look to the Internet as a tool for democratic change need also to be aware of just how dangerous it is to encourage dissidents to communicate online, whether or not they’re being careful.

Getting Paid for Doing Bad Things (12″ version)

This is the extended version of my earlier blog post. The BBC finally ran my commentary so for those of you who want more info, here it is:

Think of it as product placement for the Internet. It’s been around a while, but I just figured out how it works, and it made me realise that the early dreams of a blogging utopia on the web are pretty much dead.

Here’s how this kind of product placement works. On the Internet Google is like a benevolent dictator: it creates great stuff we love, and with which most of the net wouldn’t work. But it also wields great power–at least if you’re someone trying to make money off the web. Because if you don’t show up in Google’s search results, then you’re nobody. It’s the equivalent of exile, or solitary confinement, or something.

A lot of money is spent, therefore, in gaming your website’s position in Google’s rankings. But you have to be careful. Google also spends a lot of money tweaking its algorithms so that the search results you get are not gamed. Threat of exile is usually enough to keep most web players in line.

But because Google doesn’t issue a set of rules, and doesn’t explain why it exiles web sites, the gray area is big. And this is where the money is made.

One of the mini industries is something called link building. Google reckons a site with lots of links to it is a popular site, so it scores highly. So if you can get lots of sites to link to yours, you’re high up in the results.

Now it just so happens that some of the pages on my modest decade-old blog score quite highly here. So I suppose it was inevitable that link building companies would seek me out.

A British company, for example, called More Digital offered me a fixed upfront annual fee for a “small text-based ad” on my website. As intriguing was the blurb at the bottom of the email:

You must not disclose, copy, distribute or take any action in reliance on this e-mail or any attachments. Views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of More Digital.

Clearly these guys mean business, I thought, so I wrote back to Alicia Ross. She was excited to hear from me, and offered two options: one was a simple link in my collection of recommended web sites. The idea would be that I would include a link to their client’s website–whoever it was–alongside my real recommendations.

The other was “one page simple text”:

The advert will be text, not a visual banner It will appear in the content, and only on a single page of your website. Our writers will provide you with a copy that will fit naturally into your existing content.

(I think she means “copy” rather than “a copy”). For this I would earn $200 a year per ad if the client was a poker, casino or bingo site;

Now in Internet terms this is big money. It would take me a month or so to make that kind of dosh on simple Google ads on my website. Now they’re talking about one simple text link and I get the cash in two days!

But hang on a minute. There’s that ethics thing in the back of my mind. I have to listen to it a second.

The first one I’m not crazy about: What’s the point of a collection of recommended links if I don’t actually recommend them myself?

But the second one took some getting my head around. I couldn’t figure out what she had in mind, so I asked her. And this is when I started to get really depressed.

Basically what they’re after is me inserting a sentence into an existing blog post that links to their client. These guys are not interested in a new post. That would take time to rise up through the ranks of Google; they want to tap into my micro-Google fame. And remember this is not an ad. It’s a plug. It’s product placement. In a piece that is supposed to otherwise be straight, authentic and, well, me. I like to think that’s why it has Google juice.

By the time I got back to Alicia the offer was off the table as all the spots had been picked up. Clearly this is a well-oiled business. But then I got another, from a different company. Mayra Alessi was contacting me on behalf of a U.S. company selling identity theft protection, which she wanted me to link to in a piece I wrote two years ago about a privacy problem with Facebook. For $30 a month.

Mayra, if it was she, proposed I add a sentence at the end of a paragraph on how Facebook needs to fix the way they handle friendshipt requests as follows:

Mistakes like these from Facebook, make us more and more vulnerable to identity theft, that is why it is important to understanding identity theft in the USA.

Clearly Mayra hasn’t made her way in the world based on her copyediting, grammar or punctuation skills.  And the irony hasn’t escaped me of a company peddling identity theft protection is at best unaware that companies operating in its name are paying websites to mislead their readers, and Google.

What’s wrong with all this? Well, I guess the first thing is the seediness. A company is basically hiring another company to fiddle its rankings on Google–instead of just producing the kind of kick-ass content that it should be building it leeches off my kick-ass content.

And it’s not just seedy, it’s illegal. Well, as far as Google is concerned. Only the other day someone complained on a Google forum after getting his sites bumped off Google’s index. The reason, he suspects, is that he took $75 from one of the companies that contacted me for linking to a site about bikes. And these companies must know that. I guess that’s why the fees seem quite high for the chicken feed that niche blogs like ours are used to earning.

The point is, that the companies apparently funding this kind of activity–those whose websites benefit from the link love–are not necessarily sleazy gambling sites. I was invited to link to were an Internet security company. Among companies willing to pay me $150 for a link are, according to one of these link building outfits trying to get me aboard, are those selling mobile phones, mobile phones, health and fitness, travel, hotels, fashion, Internet services, insurance, online education and, somewhat incongruously, recycling companies.

To me this is all the more sleazy because these are real companies with offices in the UK and US and they’re clearly proud of what they do. We’re not talking Ukrainian spammers here. But their impact, in a way, is worse, because with every mercenary link sold they devalue the web. I’ve been doing a blog for nearly 10 years now, and the only thing that might make my content valuable is that it’s authentic. It’s me. If I say I like something, I’m answerable for that. Not that people drop by to berate me much, but the principle is exactly the same as a journalistic one: Your byline is your bond.

All in all, a tawdry example of where the blogosphere has gone wrong, I reckon. Keep your money. I’d rather keep the high ground.

Locking Users In the Smart Way

DSC09945

I was directed to this excellent piece, A Victim Treats His Mugger Right : NPR, via Facebook last night.  And it made me realise how publishers don’t make the most of that kind of referral.

There’s plenty of evidence to suggest that nowadays we tend to get more and more of our reading from peer suggestions like this. Navigating News Online from the Project for Excellence in Journalism estimates that while Google still accounts for 30% of traffic to the main U.S. news sites, Facebook is the second or third most important driver of traffic. And yet all news sites do to respond to that is put a Facebook like button on their stories and cross their fingers.

What they should be doing is create what I would call “corners”, but might also be called “series” or “seasons”. The same PEJ report notes that casual visitors to a news website account for the vast majority of visitors–USAToday, for example, a third of users spent between one and five minutes on the paper’s website each month. Power users–those that return more than 10 times a month and spend more than an hour there–account for an average of 7% of total users for the top 25 news sites.

This represents a huge failure on the part of websites to get users back, and spend more time there.

And I don’t see a lot of websites doing much about it. Which is a shame, because it’s relatively easy. You just need to think of your publication as a TV network, and your content as individual brands. Or, to continue the analogy, seasons.

If I start watching Archer, or Secret Millionaire and I enjoy it, chances are I’ll set my TV to record each episode. I like one bite; I want take the whole season. It may not be smart television, but it’s smart branding. But apart from columnists and a few other regular features, we don’t think the same when it comes to our content.

Take the NPR piece. It’s about a New York social worker called Julio Diaz who is mugged. He gives him his wallet, and then, invites the mugger to dinner. It’s a touching tale, and has been tweeted 635 times, shared on Facebook more than 200,000 times and has 92 comments. And, get this: It was published on March 28, 2008. More than three years ago. I didn’t even notice that when I was pointed to the story by a friend on Facebook. And I wouldn’t have cared: Once I started reading the story I was hooked, and listened to the recording all the way through.

This piece comes from a series called StoryCorps, a magnificent oral history project for which NPR is one of the national partners. Through three permanent StoryBooths and a traveling MobileBooth it has recorded more than 35,000 interviews since 2003. It has its own StoryCorps Facebook page, with more than 25,000 followers and a lively feel to it. (I recommend watching some of the animated accounts; they’re very moving.)

My point is this: StoryCorps is like a TV series, Loyalty is built around the brand itself: People know that if they like one item, they’re sure to like the next. And yet we do so little in our media products to make the most of this human desire to hear/read/watch more of something we like. Because we are news people, we think news is enough of a brand, we forget that for most people news is not in itself a reason to visit a news website. We are instead looking for more of what we may have liked before, and if we can’t find it, we won’t come back again.

Hence the dreadful statistics mentioned above.

So how to change this? Well, looking at the NPR page of the Julio Diaz story, we see a lot of the usual efforts to retain interest. There’s the most popular slot on the right, the related stories below, and then below that More From This Series. There are also links to subscribe to the podcast of the series, and to the RSS feed for this series.

This is all good. But it’s just the start. Let’s break down what these elements are:

  • The twitter/facebook like buttons are fine. But these are just ways of driving non-users to  to the same individual piece of content–in other words, this page.
  • The related links are ways of driving casual users to other internal content.
  • The podcast/RSS are ways of converting casual users to regular users of the content.

By defining them like this, it’s clear that only the last one really has any long-term objective to it. If we can get a user to subscribe to the podcast or the RSS feed, then we have actually got a loyal user–someone who is likely to spend more than a few minutes a month on our site, and to actually demonstrate some loyalty to our brand.

(Included in this last section is the Facebook page for a publication too, but I’m not going to go into that here.)

Now it’s probably no accident that RSS and podcasts are in steep decline. (Evidence for the decline is anecdotal, because usage of readers like Google Reader are still rising, but the rate of increase is falling, according to this piece on Quora; besides, a lot of other RSS readers have died off: Bloglines was closed down last September and NetNewsWire was sold earlier this month.)

Searches for the term RSS on Google have been falling steadily since 2006:

And podcasts haven’t fared much better. Their hey day was 2005 and 2006:

I think it’s no accident that both peaked around five years ago. That was the era of Web 2.0, and now we’re into the era of Social Media, which is dominated by Facebook and Twitter. Again, no accident that both use RSS, or used,  but have since moved on, or tried to move on.

The bottom line with both RSS and podcasts is that both have had their day. Both are a little too nerdy for most people: RSS is still way too tricky for ordinary users to master, and podcasts may be relatively easy to grab from iTunes, but still require a degree of managing that clearly doesn’t sit well.

Web 2.0 has moved on, and as social media has become more popular, and the tools for using it more user-friendly, podcasts and RSS have been left behind.

But, and here is the key point, Facebook and Twitter haven’t replaced them. RSS was/is a way for me to get your content to come to me. Facebook doesn’t really offer that, and neither, if you think about it, does Twitter.

For me to see your content I have to go to your Facebook page, or, alternatively, wait for it to pop up in my user feed. The latter is true of Twitter.

RSS allowed me to decide which of your content I liked–assuming you offered more than a single feed–and then to be able to access that on any device I liked. Podcasts were similar, but for audio and video. Now both are more or less dead, and, at least in terms of building loyalty to media channels, we’re not only back at square one, we’ve allowed other platforms–Facebook, Twitter, and now Google+–to place themselves between us and our reader.

I think this illustrates the weak thinking that media has tolerated. We need, somehow, to develop successor tools to RSS and podcasts that help us to build pipes direct to our readers/users.

Some people are trying this with iPhone/iPad/Android apps. It’s a start. But it doesn’t scale particularly well: The more apps there are, the less time people will spend on them.

And, more important, it’s still making a fundamental mistake by assuming that our readers are interested in us as a brand. They’re not. They’re interested in the channels we offer–thinking of them as seasons, I hope makes more sense, because we don’t just watch anything on a channel, we watch shows we like.

So we need to break down our content in this way, and then develop tools–apps, if you like–which cater to this desire and interest in content that is directly related (not automatically selected, or ‘may be related’) to the content that a user is interested in.

This is not that hard. NPR could build an app which helps to make it easier for anyone interested in the StoryCorps series to get all that content in a more straightforward way than RSS or podcast.

But it shouldn’t stop there. Measuring interest in a series should spur imaginative regeneration, repurposing and forking of content. The piece I mentioned, for example, had clearly resonated with the audience and should be paired with follow-up stories. Indeed, the StoryCorps corner of the NPR website should be a brand in itself, a community where editors regularly interact with readers and find ways to turn those casual users into regulars.

This is not rocket science. It’s simple math. At the moment we’re allowing other platforms to determine what people read on our website, and when they do drop by, we rely on HTML code, widgets and buttons to try to keep them.

Worst, we think merely about ‘keeping’ in terms of ‘sticky': distracting the reader by luring other stories in front of their nose until eventually they get bored, or go home, or die, or something. I use the same tricks to entertain my 9-month-old. We need to be smarter than this.

Thinking our content in terms of ‘series’ might be a good place to start.