Category: Social Networking

Biz Vision: Social Engineering Prevention

Mask Social engineering is the act of manipulating people into performing actions or divulging confidential information. It is usually committed using technology.

Unlike hacking, which only uses technology to seek the weak points in a system, social engineering uses both technology and people. The belief is that people are the weak points in a system. And in many cases, that assertion is correct.

Two common examples of social engineering are phishing (the use of fraudulent emails or websites to acquire private information such as passwords or credit card details) and the Facebook Western Union scam (where someone chats you via Facebook saying they are in London and asks you to wire them some money).

Last year, Thomas Ryan, co-founder of Provide Security, was able to get a fair bit of sensitive information from information security, military and intelligence personnel using a fake profile of an attractive & flirty young woman named Robin Sage. Although a few people realized her profiles (on Facebook, LinkedIn and Twitter) were fake, there was no central place for them to warn others.

More recently, the hacker group Anonymous made headlines by breaking into the HBGary Federal website and (now former) CEO Aaron Barr’s email account. They did this using a combination of social engineering and hacking. Despite HBGary’s high profile in the security industry, they were undermined by fairly basic psychological and technical exploits. If a professional security firm had such leaks, imagine how many security vulnerabilities exist with the average Internet user.

In this age of social media, I can only imagine this kind of social engineering occurring more and more frequently. Anyone armed with Robert Cialdini’s book Influence, an Internet connection, a little ingenuity, a lot of time, and an insidious motive could craft a social media scam nowadays. People are falling for them all the time.

This tells me the need for social engineering prevention is going to emerge and grow. How such prevention will take place, I don’t know. Here are some preliminary ideas:

  • Formal classes held at schools and education centers
  • A central website (Snopes for social media, perhaps?)
  • A new breed of social media security consultants
  • Social media security software that verifies websites & people to you

The last option could be turned into a viable business too (wink wink), if implemented reliably. That’s perhaps easier written than done though.

There’s no question that social media is becoming more pervasive. In such an open society, there will certainly be people who will try to take advantage of others. And hopefully, there will be organizations (for- and not-for-profit) that will protect the people from such predators.

Photo by: Ben Fredericson

How to Market on Quora

I don’t really want to write this post, because I don’t want to see this happen. But I’m kind of surprised no one’s talked about it yet.

Quora, if you aren’t familiar with it already, is a questions & answers site similar to Yahoo! Answers. Except Quora has a much more limited audience of mostly movers & shakers in the high-tech world, while Yahoo! Answers has a wide, general audience. Quora’s long-term goal is to be more general, but they happened to gain a lot of usage & buzz within the Silicon Valley world.

And speaking of buzz, Quora strikes me as a place where a tech & industry-savvy marketer could ignite (or at least fuel) the buzz for a particular startup.

There are already several questions that highlight buzz-worthy companies and people are using them to gently promote their startups. A more concerted effort could possibly work too. Journalists and bloggers (and possibly, angels & VCs) appear to be monitoring Quora to some extent too.

It wouldn’t be easy though. Quora has many quality measures, such as requiring real names and having a reputation system. If you come off too self-promotional or spammy, you can get down-voted to oblivion.

So how could you effectively market on Quora? Some suggestions:

  • Nominate several individuals to be your Quora team. They all should be good writers, very knowledgable about your field, and understand social media well. With several people answering questions, your visibility, and perhaps, credibility, increases.
  • Establish yourselves as experts in your field. Write good, meaningful answers.
  • Ask good questions. These questions should allow you to continue highlighting your expertise in some way. Or, they can be used as market research and/or to answer a genuine question you have.
  • Answer questions in tangential fields and topics as well. This broadens your reach.
  • Avoid being overly promotional, but make sure to mention your company once in a while. When you link to your company, use the full URL. When you do this, Quora turns it into a clickable link. There’s no SEO value though; the link has a nofollows attribute.
  • Select questions that have high visibility. Being one of the first answerers tends to increase your chances of up-votes, and visibility can be measured in how many followers a question has. This means there’s a bit guesswork involved in choosing the right questions, since new questions give you a chance to be first, but tend to have few followers. Occasionally, questions are featured on highly-visible blogs too.
  • Monitor Quora for industry trends and competitive intelligence. Follow industry leaders and competitors. There’s a gold mine of qualitative data here. Seek it out and use it.
  • Monitor other answerers too. They may make great hires or contacts.
  • Above all else, be a good citizen of Quora. They’ve built a great, though niche community here. If you play nice and give back generously, people will respect your answers even more.

Biz Vision: Phone Numbers are Archaic

I’m surprised more people haven’t seen the insight in Nikhyl Singhal’s post. Back in August of 2010, he wrote the controversial post “Phone Numbers Are Dead, They Just Don’t Know It Yet” on TechCrunch. I say “controversial” because most of the commenters attacked his article. Not that TechCrunch’s comments are really that intelligent; sometimes far from it. The overwhelming criticism was still startling though.

In his article, Singhal asserts that phone numbers will go away because of these facts:

  1. No control. Anyone can dial your 10 digits, including your ex-girlfriend, a political campaign worker, or a solicitor. Unlisted numbers, Caller ID and do-not-call lists all tried to solve this problem, but these solutions still don’t prevent unwanted calls.
  2. Phone numbers are tied to a device, not to you. Everyone has multiple numbers, yet your home line is shared, leaving callers guessing the best way to reach you.
  3. User experience is very limited. The phone was designed as a utility—dial a number, have a conversation. It’s remained this way since its inception. It’s not optimized for other experiences, which is why voicemail and conference calls are tedious, and why checking flight status is worse than a root canal.

He sees them being replaced with social networks such as Facebook. “If given a choice between Ma Bell and Zuckerbell as our operator, we should choose Zuck,” he writes.

Perhaps he came across too “sensationalistic” as one commenter criticized. Though I agree with Singhal’s prediction, I would frame it differently. Here is the core reason why I believe phone numbers will lose their utility:

Phone numbers are a poor unique identifier

This seemingly random string of numbers is meant to represent you – or specifically, one of your devices, as Singhal points out. It is a holdover from the telecommunications industry and is a viable solution if you:

  1. only need to call a handful of people often
  2. those people don’t change their numbers often

The cognitive load of a handful of numbers is adequate for some people. However, many people need to be in contact with a wider number. And many change their numbers several times in their lifetime.

If you’ve ever kept a manual phonebook, you’ll know what I’m talking about. Ever try calling an old friend, only to discover their number has been disconnected? That’s what I mean.

I don’t know if Facebook is the appropriate solution, but conceptually, there is a definite need for a way to uniquely identify a person, so he/she can be contacted by friends easily. What are some other ways to uniquely identify a person?

Unique identifier alternatives

There are quite a few ways to uniquely identify a person:

  • Real name
  • Username
  • Email address
  • OpenID
  • Social security number
  • Driver’s license
  • Passport
  • License plate number
  • Fingerprints
  • DNA

Real name

A name is the simplest real-world identifier. That’s how you identify your friends & family in a crowded room. There’s more here too, which I’ll get to after I go over the others.

Username & email address

Usernames & email addresses are both are common in the Internet. They are used on social media sites, community forums, instant messengers, etc. They are not a great solution, however, because they have limited namespaces.

For instance, there can only be one person who uses the username “mikelee.” This leads to usernames like “mikelee13” and “mikelee2010.” The meaningfulness of “mikelee12345” is small. Did you mean to contact “mikelee12345” or “mikelee12346?” Same goes for email addresses too.

And, for phone numbers as well. New area codes are created all the time to address the growing population, but conceivably, we will run out of available numbers one day. That’s a huge, obvious problem, if you ask me.

Usernames & email addresses have the benefit of nearly unlimited lengths, while phone numbers are limited. That’s a slight advantage with the former two, but because it’s easier to remember shorter identifiers, namespace conflicts still exist. Long identifiers aren’t just more difficult to remember, they are more difficult to display too. Imagine trying to display “mikelee-from-newyork-now-in-sanfrancisco” on your communications device. Jeepers.

OpenID

OpenID is a technical protocol that is used in user authentication. It’s more for an individual to log into a website, than for you to contact and connect with that individual. So it wouldn’t help in this context.

Social security number

This number is a little too important to be used casually. As a government-issued unique identifier, it can lead to identity fraud if used maliciously.

It’s arguably a poor unique identifier as well. I would love to see the government use a different one. But there are few viable alternatives for them. Facebook sure wouldn’t work. Maybe something biological? I don’t know. That’s a tougher problem to solve.

Driver’s license & passport

Being physical items, it would be difficult to use these in a communications context. Their numbers – which are really alphanumeric – are more portable than the physical items themselves. Being of a limited length, these numbers suffer from namespace issues as well, though the use of alphabetic characters extends them a bit.

But who’s realistically going to memorize or write down their friends’ driver’s license and/or passport numbers? They aren’t even as good as usernames and email addresses. People can select their own usernames & email addresses; driver’s license & passport numbers are issued seemingly at random.

License plate number

I included this one just to highlight its absurdity. A license plate number is a unique identifier for a vehicle, not a person. It’s about as helpful as a phone number, which is really a unique identifier for a mobile device, not a person. The only difference is portability; it’s easier to bring a mobile device with you than, well, a vehicle.

Fingerprints & DNA

There are a whole host of biometric unique identifiers, from physiological (fingerprints, DNA, retinal patterns) to behavioral (voice, gait, typing rhythm). Sure, these can uniquely identify a friend, but how would you realistically use a friend’s retinal pattern to send them a message? Keep a copy of your friend’s eyeball on your keychain? Gross.

Ideal unique identification traits

Obviously, most of the unique identifiers listed above wouldn’t work in a communication context. What would work? The perfect identifier would be:

  • Unique
  • Meaningful
  • Scalable
  • Portable

It’s got to be unique, of course.

It should also be meaningful. “mikelee12345” isn’t terribly meaningful, but it’s possible to achieve some kind of meaning in such an alphanumeric string. “mikelee-from-newyork” perhaps? Long and unwieldy, but more meaningful.

It should be scalable. Limited-length strings have a, you know, limit. The only way to scale those is to increase the limit – which has its pitfalls (the constraints of limits, I mean). Think Y2K. Someday, we’ll have a Y10K problem.

It should be portable. Some unique identifiers, like physical items and biometrics, aren’t portable. That’s why alphanumeric strings have been used in the past. It’s easy to store such an identifier in a communications device.

With these limitations, it’s easy to see why phone numbers and usernames have been in use. But is there a better way?

Contextual real-world unique identification

I briefly touched on how real names are the simplest real-world identifier. In a crowded room, you can use a person’s first name to identify him/her. For a common name like “Mike,” a last name is necessary. And for a common name like “Mike Lee,” you need to add an extra layer of context, because by themselves, real names aren’t unique enough.

What is a useful layer of context? There are several kinds. You can say, “Mike Lee from New York,” “Mike Lee, who used to work at Yahoo,” or “Mike Lee, that hairy Chinese American guy.” Current location and hometown are common contextual items. Vocation and employment is another, especially in the US. A physical or personality-based description is another.

Some social networks realize this. LinkedIn uses a real name, photo, current employment, and a self-chosen tagline. Facebook uses a real name, photo and a network. On a mobile device, both default to the simplest pair: a real name & a photo.

That, to me, is the key. A real name & a photo. The real name is a natural identifier, and the photo adds context. Together, these are unique, meaningful, scalable (a photo is rich visual representation with a nearly infinite set of pixel combinations), and portal (a photo image file is also small enough to be stored on a mobile device).

Phone numbers vs real names & photos

I consider myself a humanistic technologist. I believe that technology should be centered around the interests, needs, and behavior of human beings. Technology is a tool and shouldn’t be a hinderance, as it often is.

This is what Singhal was trying to convey. Phone numbers surface technical constraints. They are an unnatural way to reach your friends. We’ve put up with it because realistic alternatives haven’t existed. The advent of social networks and mobile devices may finally be offering a viable solution.

Within the code of a LinkedIn or Facebook account, each individual is represented by a numeric (or perhaps alphanumeric) unique identifier. And that’s okay. That’s how programming languages can most efficiently handle a unique entity. But the presentation of that information should not reflect technology’s constraints. It should reflect your actual mental mode of that individual. Such as a real name & a photo.

Biz Vision: Mobile Will Have Social 4D Awareness

Mobile Phones in Tokyo's Subways Raise your hand if you carry your mobile phone with you everywhere you go.

Wow, look at all those hands. Not a big surprise though. On a planet with 6.8B people, it is estimated that there will be 5B mobile phone subscriptions by the end of 2010. That’s more than 70% of the world’s population.

Most even carry their phones everywhere they go. It’s not just a virtual connection to friends & family, but an entertainment center and lifesaving device. I’ll bet most people even find it hard to imagine a time before mobile phones.

Essentially, mobile phones have become anytime, anywhere devices.

And not just a simple mobile phone. A smartphone. As computing power increases and technology costs decrease, smartphones will become commodities. Someday soon, everyone will have a one. That means everyone will be carrying a lot of computing power in their pockets.

Sure, there will be hardware advances such as finger recognition, improved resolutions, brain wave controls, etc. But the basic features of smartphones, the features that make a smartphone what it is today (mobile operating system, keyboard, ability to install third-party apps) will be commoditized and ubiquitous.

What will this mean? Lots of things, though there’s one I want to focus on today:

Social 4D Awareness

Mobile devices will offer a social 4D view of a person.

With a mobile device, we already know:

  • Where they are in 3D space (latitude, longitude, and altitude)
  • When they were there in time

With mobile software, we also know:

  • Who they communicate with in their social network
  • How they are connected to each person in their social network
  • How frequently they interact with each connection

Knowing a person’s latitude, longitude and altitude gives us a 3D view of their location. Adding time to this equation gives us a 4D view of their travels. We can tell where a person is and has been, much as Google Latitude’s Location History (GOOG) currently offers.

Every person has several stores of social graphs: their email’s address book, their mobile phone’s address book, their social networks, and their connections on other social media sites. The one device that could harness all of those stores is a mobile device, especially a smartphone that offers email and third-party app capabilities.

This has many applications:

Velocity

If we watch a person’s location over time, we can determine that person’s velocity. Plot that movement against a street and public transit map and it will be possible to determine the mode of transportation, be it by walking, car, bus, train, or boat. It wouldn’t make sense to get a notification of a nearby sale if you’re on a train, right?

History

A history of visited locations can offer a detailed view of your preferences and behaviors. Also, how long you’ve been at someplace is just as, if not more important than where you’ve been. Will you be dining at your favorite restaurant? Or just picking up some take-out? Were you at an event (assuming we can get event data), or just using the bathroom at a convention center? An always-on location tracking service doesn’t have the benefit of a conscious check-in, so determining a location’s relevance may be a factor of time.

True Social Network

A utility that is aware of who you email, call, text, and interact with on various social media sites – and how often – would have a vary accurate model of your true social network. Couple that with who you interact with offline, judging by who is in your same location for some length of time, and the accuracy improves significantly.

Proximity

There may be times when you want to run into friends and acquaintances, such as at a concert, during an industry conference, when you’re traveling, etc. A mobile device that is location-aware and socially-aware can offer this, as evident in the large number of services already doing this. The same could be done for a customer’s favorite locations or chains too, of course.

Personalization

People are too complexed and nuanced for a one-size-fits-all model. Products that are customizable are generally preferred. However, not everyone will take the time or know how to customize a product. That’s where products with intelligent automatic personalization will win, provided they offer the ability to adjust, refine, and opt-out. Having a social 4D awareness of a person will equip a product with the intelligence for such features.

Suggestions

Having this depth of knowledge means preferences can be inferred. If you travel to a new city that has your favorite restaurant, we can suggest it to you. Or if friends with similar tastes have frequented a restaurant in that new city, we can suggest that too. Same goes for movies, hotels, products, etc. In addition to external suggestions, internal suggestions of features within a product or service can also be made.

Predictions

This depth of knowledge doesn’t only offer preference inferences, but behavioral predictions as well. If you tend to attend sci-fi movie premieres, we can offer a range of related activities based on that predictive inference, such as upcoming sci-fi movies, nearby restaurants, nearby friends with similar interests, etc. Or a nearby landmark that was used in the movie, if you’ve visited landmark sights in the past.

Privacy

As you can imagine, any device or business entity holding this much intimate data about a person raises serious privacy concerns. Can you trust that entity to treat this data with respect? Will they offer reliable ways to opt-out and erase this data if you so choose?

Although some companies have mismanaged their privacy controls, I believe there is tremendous value to be had with predictive features. This assumes we handle your data with respect, offer total transparency, maintain crystal-clear communications, provide opt-out and deletion controls, and follow the Bill of Privacy Rights for Social Network Users.

P.S. The scientific side of me knows the label 4D isn’t entirely accurate because time isn’t considered the 4th dimension anymore. The marketing side of me realizes that most people don’t know this and still consider the 4th dimension as time, however. So for ease of understanding, I opted for the older definition of 4D.

Facebook Like Fraud and Like Farms

It was only a matter of time. Give spammers an easy way to reach millions, and they’ll do it.

It is already pretty easy for a motivated spammer to commit Like Fraud: the act of creating a Facebook Like button for a URL other than the one on which users click.

In a similar manner, spammers have created sites that carry little else other than Google ads and funny phrases that users can “like” and share on their Facebook profiles. These sites are known as Like Farms. Many aren’t necessarily substituting a different URL, but theoretically, they could. This would give the target URL a lot of attention.

Seem like harmless fun? Sorry, it’s not. Here are some of the potential consequences of “liking” random messages from spammers:

  • Google (GOOG) has already flagged at least one as potentially carrying malware that may harm your computer. Be careful of clicking on the URLs of these funny messages. They may lead you to harmful sites.
  • You may be inundated with Facebook spam. By “liking” a spammer’s message, you are giving that spammer permission to start sending you Facebook updates. Lots and lots of them.
  • Although this doesn’t hurt you directly, these “likes” may make the spammer’s site seem more important to Google. Therefore, the next time you do a Google search, you may see that spammer’s site listed higher than a legitimate one with real information. I’m sure Google will correct this someday though.
  • Similar to gaming Google’s search results, this can game Facebook’s search results too.

It doesn’t surprise me at all that Like Farms have sprouted; it was only a matter of time. Now that they’ve blossomed, be careful where you tread and what you Like, for not all Likes are created equal.

Entire Facebook Staff Laughs As Man Tightens Privacy Settings

Now for some Friday fun.

This just in: Entire Facebook Staff Laughs As Man Tightens Privacy Settings, reports The Onion.

“Look, he’s clicking ‘Friends Only’ for his e-mail address. Like that’s going to make a difference!” howled infrastructure manager Evan Hollingsworth, tears streaming down his face, to several of his doubled-over coworkers.

Oh, the humanity.

Zuckerberg’s Law

It’s being referred to enough by the media that I think it will become a commonly-known adage. Facebook founder Mark Zuckerberg’s Law, I mean. And I don’t mean the “Once every hundred years media changes” statement he made. The other one:

I would expect that next year, people will share twice as much information as they share this year, and next year, they will be sharing twice as much as they did the year before.

Not only have I been hearing & seeing it in the press, but even industry movers, shakers, and funders are mentioning it. Most recently, Yuri Milner, the CEO and founder of the Russian Internet holding company Digital Sky Technologies, referred to it during his interview at the 2010 TechCrunch Disrupt conference. DST is also an investor of Facebook.

Zuckerberg’s Law hasn’t been proven yet, so it’s tough to compare it against a golden standard like Moore’s Law. But it certainly feels intuitively true. Will it become a golden standard too? Only time will tell.

The Fourth Wave

When venture capitalist John Doerr has a theory, people sit up and listen. Over at the TechCrunch Disrupt 2010 conference (happening today), he’s presenting what he calls the Third Wave. As reported by TechCrunch yesterday:

The First Wave was personal computers and the wave of disruption that caused. The second wave was the Internet, ditto. We are now, says Doerr, in the Third Wave.

What exactly is the Third Wave? It’s the tectonic shifts we’re seeing in mobile platforms (read his post here about the iPad), the social graph (particularly Facebook), and online commerce. All of these things are related and being accelerated by each other (Facebook is the largest mobile application, Zynga leverages Facebook and also stokes Facebook growth, Groupon is social/flash commerce, etc.).

John Doerr’s Waves of Disruptive Technologies

To summarize, it sounds to me like Doerr is saying:

  1. The First Wave is personal computing
  2. The Second Wave is the internet
  3. The Third Wave is social media & mobile devices

Common Traits of Disruptive Technologies

When I look at these waves, I see several common traits. Each subsequent wave builds upon one another. Also, each wave:

  • Increases the level of communication the previous technology affords. These advances, to some extent, mirror real-world interactivity, and extend beyond it. For instance, real-world interactivity only happens at a specific time, a specific location, and by the specific people who are present. Online interactivity can do this, and be at any time, at any place, and by multiple people in real-time or delayed-time. Additional information about the other person can also be shared, such as location, work history, and favorite restaurants, providing a context that real-world interactivity may not.

  • Decreases the distance & friction between two or more parties, consumer-to-consumer, business-to-consumer, consumer-to-business, and business-to-business. Each of those entities can be plural as well. This means the velocity of communication has gone from weeks to minutes to immediate. This also means traditional layers of hierarchy have broken down. A grade school student can contact a CEO or the President of the United States, for example. Or a fast food franchise can send a coupon to your phone if you walk by one of their restaurants.

  • Increases the utility of the previous technology for the user. The personal computer allows a person to write reports, spreadsheets, and presentations. The internet allows a person to conduct research on any topic in the world. Social media allows a person to communicate with friends, family, customers, and more. Mobile devices allow a person to conduct any of these operations wherever that person is located. It is becoming easier, faster, and in some ways, more effective & efficient, to accomplish all the tasks you need to accomplish.

  • Increases the level of intimacy of the technology, while conversely decreasing the level of privacy. A personal computer enables a person to publish print newsletters and reach a limited, yet known audience. The internet enables a person to publish websites and reach a vast, yet unknown audience. Social media enables people to publish thoughts, opinions, and self-expressions, and reach a vast, yet selective audience. Mobile devices enable people to publish anywhere, not just at their laptops, but on a train, plane, or even the toilet. The Third Wave allows you to share your intimate thoughts during potentially intimate moments, though the services are still struggling with the appropriate levels of privacy.

  • Increases the relevancy & clarity of the message. As the intimacy level increases with each wave, the sender is able to know more and more about the receiver. This enables the sender to customize and personalize each message, making it more relevant and useful to the receiver. A skilled sender will also know how to use the latest technologies to send a clear message that can prompt action and be measurable. There is still value to broadcasting a common message to the masses, though sending customized messages to targeted individuals will yield a higher conversion rate & return on investment.

Predicting the Fourth Wave

When placed in this light, I think it’s possible to draw tentative conclusions on what the Fourth Wave may look like. Some trends that I foresee are:

  • Predictive computing. Communications have sped up to real-time now. How much faster can you get than that? How about happening before it even happens? There are indications that predictive computing may already be here, so perhaps this will be just another trait of the Third Wave. Facebook already has a data science team that may know who you may hook up with. Ferreals.

  • Life action streams. Foursquare allows you to publish where you are when you are there, though it’s just a single message and not an exact note of when you arrive and when you leave. Miso allows you to publish what you are watching when you watch it, though it doesn’t let anyone know if you are tuning into the commercials or channel-surfing. The Fourth Wave may offer a continuous stream of all your actions. It’s a bit scary, but I could see its usefulness in ethnographic studies, television ratings, and perhaps tracking your children when they are at Disneyland with you, in case they get lost (mobile phones with GPS can already do this though).

  • Bio-sharing. Devices could be implanted into us to provide someone with immediate information about our bodies. To some extent, this is already being being done in the medical community, like the pacemakers that transmit a heart’s condition in real-time. But how about a device that monitors how well the body is holding up to chemotherapy? Or how happy or angry you are at a game? Could be a good predictor of riots. I suppose some enterprising individual could foresee social media uses too, like sharing when you’re hungry and when you’re sleeping.

What do you think may be in the Fourth Wave?

Photo via: cliff1066™