broadstuff

I recall someone blogging last week that the bad news buzz about Buzz would be short lived, all Google had to do was wait for the next Facebook violation - well, they were right. Last year a satire called Faceboom was published in Argentina, but then it went European and the Facebook mafia stepped in - VentureBeat:

But in January, Faerman [the author] launched the book in Europe and drew a lot of attention after appearing on Buena Fuente, a popular night-time talk show.

Within days, his profile vanished. The same happened to Guillermo Otero and Fernanda Gaitan Broun, both involved with the book and its’ marketing. In addition, a Facebook group of fans of Faceboom was deleted. The trio claims it had 30,000 members at the time.

I spoke to Faerman and he showed me emails he sent to Facebook going back to January 27, requesting an explanation. Here’s a YouTube video showing him trying to sign in with his old login and receiving the message “cuenta deshabilitada,” which means “account inactivated.”

It has now been restored suddenly, the explanation being it was "an error" after a media uproar in the Hispanic speaking world then started to cross over to the English speaking one. However the Faceboom fan page with its 30,000 members will not be restored, and in fact Facebook have threatened legal action against the author if another is created, as they say the Faceboom logo is too close to their own and breaches the Facebook T&C. Leaving aside that this is probably spurious, since Facebook's T&C's allow them to help themselves to anything on the site into perpetuity, is this little social wrangle:

There’s only one problem – Faerman did not create his fan group. In fact, he says he has never met the creator. So it is unclear how Facebook can take future action against him, or how it would be justified in doing so given he does not control his fans.

This, as they say, can only get better. And Facebook using a "disappearing" strategy for Argentine dissidents - it seems they've learned the lessons from the various South American dictators well then

Post Script - I meant to say that this is not new behaviour for Facebook (our blog's page was "dissapeared" from Facebook years ago, ostensibly because we breached T&C at the time but maybe it was because we too were sometimes critical).

Thing is, what happens to a Facebook if a significant minority of users start to think it is no longer benign? Facebook hasn't IPO'd yet so the VC's, Founders etc have yet to fill their boots and are still on paper valuations. Trade buyers are much more aware now (after Bebo and MySpace) of buying the social boom town just as the tumbleweeds start to roll through it. Remember Friendster!

From BoingBoing:

According to the filings in Blake J Robbins v Lower Merion School District (PA) et al, the laptops issued to high-school students in the well-heeled Philly suburb have webcams that can be covertly activated by the schools' administrators, who have used this facility to spy on students and even their families. The issue came to light when the Robbins's child was disciplined for "improper behavior in his home" and the Vice Principal used a photo taken by the webcam as evidence. The suit is a class action, brought on behalf of all students issued with these machines.

I juxtapose this with the seemingly co-ordinated posts of some of the Silicon Valley Tech Bloggers weighing in today to rubbish those who were concerned about Buzz's privacy issues - Thomas Hawk for example:

Similarly a very small, but vocal, group of individuals are shrieking from the mountain top about the fact that Google Buzz might have allowed people to see who you email alot. Big deal. The story came out quickly. Those privacy zealots could quickly correct this by making their contact list private if they wanted to, while the vast majority of us don’t really care that Buzz lets people know who we follow. Want to know who I follow? It’s right here for the whole world to see, go for it. The whining about these privacy issues (which have now been fixed by the way) is getting old.

The price of freedom, a wise person once said, is eternal vigilance. In the Philadelphia school's case it has been wilfully misapplied, in Mr Hawk's case it has been (at best) forgotten.

Update - the School District has responded, saying it is turning the feature off - but the answer begs more questions:

• How did the security feature work?

Upon a report of a suspected lost, stolen or missing laptop, the feature was activated by the District's security and technology departments. The tracking-security feature was limited to taking a still image of the operator and the operator's screen. This feature has only been used for the limited purpose of locating a lost, stolen or missing laptop. The District has not used the tracking feature or web cam for any other purpose or in any other manner whatsoever.

So, if it was only turned on if the laptop was stolen, then how did it take a photo of a student and why are they now having to de-activate the feature?

As you may know, one of the areas of technology we monitor is online Location Based Services, and one of our hypotheses is that people are massively under-estimating the downsides of these services. For example, the recent Google Buzz service was launched complete with a back door into people's locations that was easily hackable.

Anyway, one of the more obvious applications of Location Based Dis-Service is typified by PleaseRobMe.com, a service that take your utterances on various LBS systems about where you are and aggregates them (see the graphic above).

Bit of fun, you may say, where 's the harm in that. I can already see harrumphing from those who are upset about all those people who didn't like Buzz's privacy issues - such as Louis Gray, who said:

Amidst the din of the pack clustering around the body of Buzz, kicking at it like a group of children at a 6-year-olds' youth soccer match striking at a ball, some folks have seen beyond the tin foil hat nonsense and told people to look forward to something new.

What would you say if I told you that I have seen beyond the Tin Foil Hat and seen something new? Oh yes, I took one of the people on the first PleaseRobMe screen I looked at (its not one of the people in the graphic above by the way), and found their home address via a quick use of Twitter and Google. Took 5 minutes or so (the person was about the 10th I tried). You could fairly quickly build some algorithms to automate that mashup process

So when Louis says that people who worry about social network privacy are:

....the shrill minority [that] has taken its pound of flesh, as Google's momentum with Buzz has taken body blow after body blow, primarily from an older generation of tech bloggers and business journalists unwilling or undesiring to embrace today's world of active sharing and aggregation.

All I would say in response to these arguments is, are you not therefore advocating "Please Rob Me" type services in this race to active sharing and aggregation?

And for whom

(Update - I am told Twitter has disabled PleaseRobMe, but that is irrelevant - this stuff is easy to get)

Interesting article in TechCrunch Europe about the SecretLondon startup, mainly for its exploration of the economics of getting a local B2C service off the ground (see chart above). The issues started when the Facebook group SecretLondon (a sort of crowdsourcing site for Londoners to find and/or report great bits of the Metropolis eg places for coffee) hit 180,000+ members, it became too hard to find what you wanted on the facebook group - so the need emerged to build a proper website. But as Tiffany Philippou, who has moved from being starter of a Facebook group to starter of a startup in under a month notes, it was community built, over a weekend, and the economics were amazing:

Including the domain names for us and future secretcities, catering and all the other out of pocket costs, our total cost for the entire process have been less than £3,000.

When I went round the room on Sunday night and asked all the contributing designers, developers product managers and editors what motivated them to give up their weekend they said it was the feeling of being part of something amazing. They astonished us with their enthusiasm and talent.

secretlondon has shown the power of the community. The group has always been about engaging its members every step of the way. We ran a logo competition to get a logo design, and then asked members on our blog to vote for their favourite. We sought the opinions of the community on the functionality of the site and tried to incorporate as many of the ideas as possible into the launch site.

I must admit to being a great fan of this sort of grassroots development for B2C sites, as by setting up a facebook page you demonstrate that the concept is good, and clearly being able to leverage the community to give a kickstart to the beta-build gives an amazing economic advantage - that looks like a £30k (minimum) project otherwise. To be fair, this would not have happened if it wasn't deemed a worthy thing to do - but its a different sort of worthy to the pious "charitable" plays - this is worthy because its worthwhile, because it adds real value to the participants and to Londoners (and tourists)

However, the issue for these sorts of sites is not the Build phase, its the Operate - as Tiffany is clearly aware - so one approach is to crowdsource ongoing development:

Since this is an ongoing project, anyone who wants to get involved to take the site to the next level – whether that’s helping Tim maintain the code, or making improvements and widgets – is extremely welcome. We’ll be building an API shortly, so if you’re an iPhone developer and want to work on an app to access the thousands of secrets then we want to hear from you. We also want to cluster data for better recommendations and make recommendations based on places your friends have liked. Get in touch if this is something you can help with.

A fascinating experiment. They will get by, they plan, with a little help from their friends......

I'd suggest one lesson from successful Open Source developments such as Linux here though - someone will need to hold the design authority and configuration management keys as it develops, or all hell will break loose over time. Also, the hard part of systems like these is fielding the support calls at 3am on a Sunday morning. This means staff.

In other words, at some point SecretLondon will need a business model that brings in real money - fortunately a site like this is great for sponsorship and other forms of advertising as it would almost be expected - the trick is just not to make it intrusive.

I also like sites like these because to me they get the "Right to Brand" in the Location Based Services space as they offer a service first and foremost, and Location is an added value - whereas so many of the LBS service startups seem to put Location as the core proposition and then trry and find reasons for it to exist. They are also the most user-benign as they fit into the Top Left quadrant of our LBS matrix (see here).

I am also amused that "food" and "pizza" are different line items in the accounts. That's probably right...

Interesting piece on Pingdom about the age demographics of who is on which Social Network (see diagram above). Some corollaries are:

- The average social network user is 37 years old.
- LinkedIn, with its business focus, has a predictably high average user age; 44.
- The average Twitter user is 39 years old.
- The average Facebook user is 38 years old.
- The average MySpace user is 31 years old.
- Bebo has by far the youngest users, as witnessed earlier, with an average age of 28.

As high as 28 for Bebo! Maybe it's bimodal - Teens and Dirty Old Men? )

The mean usage by age groups are fascinating - check out 18 - 24 year olds:

- 0-17 Years - 15%
- 18-24 Years - 9% (The theoretical Facebook Generation?)
- 25-34 Years - 18%
- 35-44 Years - 25%
- 45-54 Years - 19%
- 55-64 Years - 10%
- 65+ Years - 3%

What does this tell me? That Social Media users, far from being "The Youth" are actually more of "The Fogeys" - the key demographics are those in mid-breeding, i.e. those that are stuck at home the most . The pre-kids and post kids demographics are out partying!

When we wrote about the factors that made Buzz into a Slow Motion Train Wreck, one of our hypotheses was that they didn't test it with a representative sample of typical users. We wrote:

Google say Buzz product was user tested, but I suspect it was by the same demographic who built it rather than the people who may use it.

Turns out that they didn't even test it with the standard Google "friends and family" groups either! Its on the BBC.

Many of the firm's new services are tested by the so-called Google Trusted Tester program, a network of friends and family of Google employees who are given confidential access to products before they launch.

Buzz was not tested by this program.

The result has been one of the biggest f*ck-ups Google has ever made, and in an area as sensitive as Social Media Privacy - what with Social Media being an area where Google has been less than stellar to date and Privacy being something they are increasingly in the dock over, that is absolutely incredible.

Various theories have emerged as to the why Google did this, from pure inexperienced hubris to the view that they were racing to get something out before Facebook launched its alternative webmail service, to protect Ad revenues.

In the old days, Kremlin watchers used to look at the fate that befell various apparatchiks, so watching the fate of Buzz Project manager (Todd Jackson) may tell which of these hypotheses is the case.

Of course, one could always shoot an Intern

I will be talking about some of our location based service research next week at Mashup events, and one of the areas I want to talk about is abuse of LBS - one of the issues I see is that people who drink the LBS Kool Aid assume that all participants will have good intentions at all times - ie these systems are woefully inadequately protected, and this is a major risk as history show that when money appears, human motives shift from benign and altruistic to power, greed and fear (to quote Machiavelli).

However, instead of me being boring and banging on about it, excerpts from this brilliant essay on how to pervert Foursquare should both amuse you and make the point. Jim Bumgardner first used the Foursquare API to create lots of new locations to make himself Mayor of:

At some point last week, I devolved into a 12 year old hacker, and I spent many spare hours (and my computer’s spare cycles) abusing the system with a set of scripts operating fake accounts. Not only did I add new venues like the North Pole, but I started persistently checking into coveted landmarks, like the Statue of Liberty.

What can I say? It was fun, and foursquare’s incentives (badges and mayorships) spurred me on. Incentives invite abuse, even from mild-mannered folks like me.

Then he started to use the API and a bit of hacking to bump off other people:

I created five “Java Monkeys” which grabbed about 120 different Starbucks in different regions (east, west, midwest, south, intl). I identified and targeted hotly contested Starbucks by searching Twitter for recent oustings. My script automatically visited those ones, to the consternation of the new mayors.

And then he started creating fake personae:

I created a fake Martha Stewart who checks into dollar stores and pawnshops when not visiting Martha Stewart Omnimedia and the set of her TV Show.

I created a fake Simon Cowell who visits massage parlors and gets lunch at Hotdog on a Stick when not visiting the Kodak theater.

I think you can start to see the potential for the damage that can be done, and he also covers how he started to use algorithms to monitor Foursquare activity to pick up behaviour patterns (he used it to get badges for creating swarms, though you can imagine less benign uses). My favourite abuse was when he started to re-categorise landlocked areas as boats:

Finally, I started giving people free sailboats. I found that if you checked into a venue tagged “boat,” you automatically get the awesome “I’m on a boat” badge; and unlike the other badges, it only requires a single check-in. So I started identifying high-traffic places via the above Twitter search, and then adding the tag “boat”. Suddenly, visitors to metropolitan airports and various sports arenas got free sailboats for Valentine’s Day.

Though its interesting what people value:

The “Java Monkeys” got the biggest reactions. Foursquare users get far more irate when they lose mayorship of a Starbucks, as compared to a Statue of Liberty or Mount Rushmore. People are much more attached to the small places they visit over and over, and have some personal investment in. The smaller the venue, the bigger the value.

Now, think of all that wonderfully funny creativity being used to subvert a service that is using real user data and making transactions. As you can see, just a few of these sort of raids would lead to a Google Buzz level of bad buzz.

Practice is starting to look like theory. When Social Networking started, it was clear that people would use it to find things that way as well as using search engines. Its just that the volumes were small and Social Networks, by and large, had crap comms to share things by. Twitter changed all that, and now Facebook - having implemented far better and simpler comms - is finding the same:

According to Web measurement firm Compete Inc., Facebook has passed search-engine giant Google to become the top source for traffic to major portals like Yahoo and MSN, and is among the leaders for other types of sites.

For what its worth this blog has had more referrals from Twitter than Google for some time, which has made us far less impressed with all the arcania of Google SEO).

But now that its happening in scale, it puts Google's model under pressure as it is simply cruder for Advertising:

David Berkowitz, director of emerging media and client strategy for the digital marketing firm 360i of New York, said the importance of search engines isn't going away.

"But there's always been one downside to search," he said. "Consumers only spend about 5 percent of their time online searching and the other 95 percent of the time at the destination. Social media is quickly accounting for a large percentage of that 95 percent. Google's biggest acquisitions, DoubleClick and YouTube, have been all about playing a big role in the rest of consumers' Web usage."

But Social search just isn't scalable without the Signal to Noise ratio getting unmanageable - so we expect to see a whole raft of Social Algorithms emerge to help automate, speed up and filter the process. How do we know this - because we, and a whole lot of other people we know, are fiddling with them, and they show a lot of early promise.

Steve Rubel hypothesized Buzz was launched half baked and half cocked to get out there before Facebook launched its FBMail service, and that may be so - but to our mind the real Buzz is in the algorithms dealing with the blend of social graph and social data.

The nursery rhyme Solomon Grundy as applied to Google Buzz (if you want to see our more serious analysis of what went wrong, go to Google Buzz - Anatomy of a Trainwreck in Slow Motion):

The Lament of Google Buzz (with apologies to Solomon Grundy)

Google Buzz, hey!
Launched on Tuesday,
Hyped all Wednesday,
Concerns by Thursday
F*ck You on Friday,
Blogstorm Saturday,
Retreat by Sunday,
Buried by Monday?
And that is the Story of Google Buzz, nay?

Well, maybe not buried by tomorrow, but Buzz is probably holed below the waterline now - this is not going to be a mass market service as it has neither the functionality nor the trusted reputation for mass market adoption.

I'd say it was at best a Friendfeed killer, if Friendfeed was alive.

It is quite interesting watching this unfold. As far as I can see, with Buzz, Google made a number of fundamental errors:

- The team that developed Buzz are apparently all young, male, supergeeks - alpha early adopters - who have clearly supped deep of the Kool Aid that is Google approach to Privacy (ie its dead, get used to it), a la Eric Schmidt

- The Google Business Model wants to open up people's data as much as possible (hence the Schmidtian view on Privacy), and thus the service was built to grab and expose all data it sees as the default condition

- Google say Buzz product was user tested, but I suspect it was by the same demographic who built it rather than the people who may use it.

- Older, Wiser heads were clearly either not involved in the product review process, or overruled due to the above points' considerations.

So the stage is set for a service that is built to be massively abusive of user privacy. This is of course despite the mounting evidence out there that:

- Get it wrong and you are in for a blogstorm - see Facebook Beacon.

- There has been a clear hardening of attitudes towards privacy abuse from users overall, in the last 2 months especially

I suspect Google, having the level of self belief it already does, was unable to properly account for these emerging risks in any internal review processes.

And so Buzz launches, and Google, being the biggest gorilla on the block and no slouch at self-promotion, gets 9 million messages in as many minutes, or whatever, and crows this from the rafters - but on Twitter people are saying "Hey, I'm just testing it not a rabid user, and its filling my inbox with sh*t I don't wan and calling that a win" (I paraphrase) and are starting to grumble about the privacy implications.

And then the sh*t hits the fan as all those users start to realise that Buzz is exposing their Gmail addresses to all and sundry. What the Googlers also probably didn't grok is that the email social graph is totally different to the curated, friend based social media one, and that scared a lot of people as all sorts of people who are not safely screened friends start to appear for all their followers to see.

Google's initial approach - as per any extremely self-confident company - was to tell these users not to be silly, that this was the way, the truth and so on, and to get its PR flacks and proxies to blog about how this was no big deal etc etc.

Which was dumb, and again showed the misunderstanding of the difference between email and social networks - it was only a matter of time before something like this happened (they had been warned already by a number of bloggers):

F**k you, Google — I use my private Gmail account to email my boyfriend and my mother. — There's a BIG drop-off between them and my other “most frequent” contacts. — You know who my third most frequent contact is? — My abusive ex-husband. — Which is why it's SO EXCITING

At this point they had started to hit the train buffers, but the Google position was amazingly conceited still (I'm looking at the timeline on Techmeme for all this by the way) - making some basic changes but not addressing the central issue of privacy:

We designed Buzz to make it easy to connect with others and have conversations about things that interest you, and it's great to see millions of you doing this already. It's still early, and we have a long list of improvements on the way. We look forward to hearing more suggestions and will continue to improve the Buzz experience with user transparency and control top of mind.

No worry, no hurry. Belatedly they scurry to start fixing Harriet's issues, but even so its lazy, casual:

We reached out to blogger in question this morning and addressed her concerns with Google Buzz and Google Reader. Some of the concerns were due to confusion the product experience created. Her report also helped us discover one bug and one product issue in Google Reader:

1) If you block people in Buzz, they still show up as following you in Reader. This is a bug, and we're working to fix it. Provided that your Google Reader shared items are protected, only the people you've explicitly allowed to see them can do so -- regardless of who appears to be following you in Reader.

2) Until now, there has not been functionality to block people from following you in Google Reader. We're adding this to the Reader interface.

We are making these two changes as fast as possible and we'll get them live in the next few days.

Next Few Days! Guys, you have got a few hours at most to sort this out - its the weekend, loads of people have now got the time to look at it (like this blog post) and loads of ordinary Gmail users are going to come home from work and discover this happening to them.

It is very clear what Google will have to do in the short term:

- Firstly, disconnect Buzz from GMail until they've sorted all this out. But they will resist it (update - are resisting this) as it destroys their instant market share massive

- Secondly, make the "expose privacy" functionality opt-in, not default. But they will resist this even more strongly as that is no doubt the core internal value proposition.

- Thirdly, Grovel. Admit they got it wrong. Blame an Intern for it all. Just do something to show they understand the errors of their ways.

It will be this grudging retreat to the obvious endgame position that will send tech blogger and user concerns into the stratosphere, and watching it take place is like watching a trainwreck happen in slow motion!.

(Update - first reluctant steps to change as we suggested seen over here - still not any formal heavy duty apology though, I think that's an error. I also don't know if this enough yet - especially given the legal interests that are apparently lining up)