The Business Web 2.0
As CEO of business-based social networking site WeCanDo.BIZ, read my take on the role Web 2.0 technologies can play helping businesses to grow.
Saturday 6 December 2008, 1:57 PM
Google Friend Connect increases spam risk
It's too easy to send unsolicited messages using Google Friend Connect without knowing it.
We added a test page to our website this week so I could try out Google Friend Connect, as I wanted to see for myself what the implications were for webmasters and users as the GFC "gadgets" gradually rolling out across the web. If you aren't aware of GFC, it is Google's attempt to "socialise" the web by enabling social networking type features to be easily added to existing websites, whether they have existing communities or not.
If you want to take a look at our test page you can find it at http://www.wecando.biz/googlefc.php.
Here's what it enables you to do:
- "log in" to our website so that your identify can be seen to all others using GFC to log in; and you can see the identities of all those who have also logged in using the method
- "friend" other GFC users on our website, which will add them as friends on other websites supporting GFC
- engage in using other "gadgets" (what everyone else calls widgets) which currently allow Facebook-like "wall" comments, ratings and basic games (we have only the ratings one active)
- associate identities you have on other OpenID sites with your GFC account (which is, in fact, based on your membership of Google for Mail, Analytics, or whatever; or your Orkut or OpenID memberships)
- invite your other contacts in other GFC associated networks (e.g. Plaxo) to come and connect with you on that site
- post details of that site to a contact or e-mail list or back to MySpace, Facebook and a few other social networks
All fairly useful. But the thing that concerns me is that when you send invitations or links to websites back to the connections you have on Plaxo, for example, rather than them getting a message in Plaxo they receive an e-mail; and the e-mail doesn't make the source apparent, so it can't be seen why or how they've been selected to get your e-mail. It looks just like a random e-mail inviting them to a website.
I have used this feature of Google Friend Conenct only once to let my Plaxo connections know they can take a look at our GFC implementation. Many are interested in social media so I thought they'd like a peep. But I had no idea they'd get a random e-mail from me, without it apparent I was using GFC to send it, or that I had selected them from a Plaxo connections list.
What difference does this make? Well, I have some connections on Plaxo that are a little tenuous and to those guys this looked like spam. In fact, one of those contacts reacted badly because it looked to them just like I had dug out their e-mail address and sent an entirely random e-mail to look at my website, the "context" in which I had sent it not being apparent.
And to be fair to myself, I wasn't aware they'd be getting an e-mail with no reference points in it when I sent it.
I hate unsolicited mail messages as much as the next man, but GFC makes it easy to send messages and links to website with just a few clicks, without the implications of what you are doing being very apparent.
Of course, I get invitations to try this and that all the time on facebook and it that community it doesn't bother me as much as e-mails doing the same thing. But without a central network to post messages back to, as facebook has for Facebook Connect, Google is (I am assuming) unwittingly helping to contribute to a surge in in spam e-mails out without the sender really being aware of the implications of their simple actions.
If this can happen to me, I am sure it can easily happen to others. Expect other people playing with or finding their feet in Google Friend Connect to start generating a level of unsolicited e-mails that they have no idea about; and for it to get worse as more and more websites add and support GFC.
This is something for users, webmasters and IT departments to watch out for!
Ian Hendry
CEO, WeCanDo.BIZ
http://www.wecando.biz
We added a test page to our website this week so I could try out Google Friend Connect, as I wanted to see for myself what the implications were for webmasters and users as the GFC "gadgets" gradually rolling out across the web. If you aren't aware of GFC, it is Google's attempt to "socialise" the web by enabling social networking type features to be easily added to existing websites, whether they have existing communities or not.
If you want to take a look at our test page you can find it at http://www.wecando.biz/googlefc.php.
Here's what it enables you to do:
- "log in" to our website so that your identify can be seen to all others using GFC to log in; and you can see the identities of all those who have also logged in using the method
- "friend" other GFC users on our website, which will add them as friends on other websites supporting GFC
- engage in using other "gadgets" (what everyone else calls widgets) which currently allow Facebook-like "wall" comments, ratings and basic games (we have only the ratings one active)
- associate identities you have on other OpenID sites with your GFC account (which is, in fact, based on your membership of Google for Mail, Analytics, or whatever; or your Orkut or OpenID memberships)
- invite your other contacts in other GFC associated networks (e.g. Plaxo) to come and connect with you on that site
- post details of that site to a contact or e-mail list or back to MySpace, Facebook and a few other social networks
All fairly useful. But the thing that concerns me is that when you send invitations or links to websites back to the connections you have on Plaxo, for example, rather than them getting a message in Plaxo they receive an e-mail; and the e-mail doesn't make the source apparent, so it can't be seen why or how they've been selected to get your e-mail. It looks just like a random e-mail inviting them to a website.
I have used this feature of Google Friend Conenct only once to let my Plaxo connections know they can take a look at our GFC implementation. Many are interested in social media so I thought they'd like a peep. But I had no idea they'd get a random e-mail from me, without it apparent I was using GFC to send it, or that I had selected them from a Plaxo connections list.
What difference does this make? Well, I have some connections on Plaxo that are a little tenuous and to those guys this looked like spam. In fact, one of those contacts reacted badly because it looked to them just like I had dug out their e-mail address and sent an entirely random e-mail to look at my website, the "context" in which I had sent it not being apparent.
And to be fair to myself, I wasn't aware they'd be getting an e-mail with no reference points in it when I sent it.
I hate unsolicited mail messages as much as the next man, but GFC makes it easy to send messages and links to website with just a few clicks, without the implications of what you are doing being very apparent.
Of course, I get invitations to try this and that all the time on facebook and it that community it doesn't bother me as much as e-mails doing the same thing. But without a central network to post messages back to, as facebook has for Facebook Connect, Google is (I am assuming) unwittingly helping to contribute to a surge in in spam e-mails out without the sender really being aware of the implications of their simple actions.
If this can happen to me, I am sure it can easily happen to others. Expect other people playing with or finding their feet in Google Friend Connect to start generating a level of unsolicited e-mails that they have no idea about; and for it to get worse as more and more websites add and support GFC.
This is something for users, webmasters and IT departments to watch out for!
Ian Hendry
CEO, WeCanDo.BIZ
http://www.wecando.biz
Tuesday 2 December 2008, 12:09 PM
Facebook Connect squares up to Google, OpenID and OpenSocial (again)
It was May when Facebook Connect was first announced with the aim of "socialising" any website. With launch only a few weeks away, does it create more risks than benefits for social media users?
I've written about Facebook Connect and Google's rival Friend Connect before, shortly after they were announced and then by mention a few months ago at how little progress either had made. Well now it seems the first of these is almost ready to roll. And it seems the time spent has ensured it will do a little more than first anticipated.
Facebook Connect will now enable Facebook users to log in to remote participating sites using a Facebook ID, connect with friends on that site and share updates of activity back on their Facebook updates. Third party sites already signed up include Twitter and Plaxo (Plaxo also supports OpenID by the way), but all stand to gain from easy access to the 120 million Facebook users; who, in turn, stand to gain from easy access through their Facebook IDs to a whole array of interesting third party sites without needing to registera new identity and build a friends list from scratch.
Of course, the proprietary nature of Facebook's technology for doing this has sentt various observers into a whirl, all of whom are voicing concerns about the "walled garden" approach; users and website owners being locked in; that anyone is not using open standards in 2008; and just how trustworthy Facebook will prove to be with the new information on web usage it will be collecting.
But here's the thing: there is no real rival to the initiative even though everyone is crying out for one. In spite of the Data Portability crowd advocating OpenID, OpenAuth and OpenSocial, it has hardly moved at all in the last year and what implementations there are suffer from clunkiness that puts it beyond the use of the average man in the street, who just wants to be able to log into a website easily.
There are a few sites I use that utilise OpenID, but in spite of having spent 5 years heading information security companies specialising in web Single Sign On (PKI based since you ask...), my heart sinks when I can see I have to use one of my OpenID identities. It is all just too clumsy. Give me something easier.
Like Facebook Connect for example. OK, you can never delete a Facebook profile; and there are frequent concerns voiced about whether they are on top of security as people's pictures get leaked. And it is, of course, all proprietary technology rather than Open Source. But with 120 million people using Facebook without too many of these concerns at the front of their mind, who cares?
Speaking as both a user and the owner of a website that I'd love to see made easier for new visitors to register and use fully, the Facebook option excites me more. Or at least it will until the Data Portability supporters of OpenSocial and OpenID stop building it for techies and arguing about branding and start getting serious.
Ian Hendry
CEO, WeCanDo.BIZ
http://www.wecando.biz
I've written about Facebook Connect and Google's rival Friend Connect before, shortly after they were announced and then by mention a few months ago at how little progress either had made. Well now it seems the first of these is almost ready to roll. And it seems the time spent has ensured it will do a little more than first anticipated.
Facebook Connect will now enable Facebook users to log in to remote participating sites using a Facebook ID, connect with friends on that site and share updates of activity back on their Facebook updates. Third party sites already signed up include Twitter and Plaxo (Plaxo also supports OpenID by the way), but all stand to gain from easy access to the 120 million Facebook users; who, in turn, stand to gain from easy access through their Facebook IDs to a whole array of interesting third party sites without needing to registera new identity and build a friends list from scratch.
Of course, the proprietary nature of Facebook's technology for doing this has sentt various observers into a whirl, all of whom are voicing concerns about the "walled garden" approach; users and website owners being locked in; that anyone is not using open standards in 2008; and just how trustworthy Facebook will prove to be with the new information on web usage it will be collecting.
But here's the thing: there is no real rival to the initiative even though everyone is crying out for one. In spite of the Data Portability crowd advocating OpenID, OpenAuth and OpenSocial, it has hardly moved at all in the last year and what implementations there are suffer from clunkiness that puts it beyond the use of the average man in the street, who just wants to be able to log into a website easily.
There are a few sites I use that utilise OpenID, but in spite of having spent 5 years heading information security companies specialising in web Single Sign On (PKI based since you ask...), my heart sinks when I can see I have to use one of my OpenID identities. It is all just too clumsy. Give me something easier.
Like Facebook Connect for example. OK, you can never delete a Facebook profile; and there are frequent concerns voiced about whether they are on top of security as people's pictures get leaked. And it is, of course, all proprietary technology rather than Open Source. But with 120 million people using Facebook without too many of these concerns at the front of their mind, who cares?
Speaking as both a user and the owner of a website that I'd love to see made easier for new visitors to register and use fully, the Facebook option excites me more. Or at least it will until the Data Portability supporters of OpenSocial and OpenID stop building it for techies and arguing about branding and start getting serious.
Ian Hendry
CEO, WeCanDo.BIZ
http://www.wecando.biz
