imran*

Category: Social Software

  • Your Social Graph Is Autistic

    Much has been made of social graphs as filters for discovering new content, to the extent that many are now challenging the view that a social filter is even remotely indicative of interest – "…who you know doesn't always translate into what you like"

    I'm not convinced that there's such a thing as an "interest graph" – as suggested in the recent Social Graphs Vs. Interest Graphs – but I do believe there are useful intent or interest models, that can be extrapolated from an individual's behaviour.

    Flipboard, ShowYou and others aggregate media based on your friends' articulated sharing; this can result in many false positives, with inferences drawn from a semi-autistic social model; our articualted social graphs are driven by liquid affinities and etiquettes.

    What's perhaps more insightful is the notion of aggregating media, based on what you own and use… collected artefacts thoroughly riddled with your tastes, memories, aesthetic choices and emotions.  

    The recently launched Bandito for iOS is an useful illustration of this – Bandito examines the content of your iTunes collection and suggests news items based on your tastes. Curiously, Bandito is a collaboration between a music licensing marketplace and music data provider - suggesting some novel, emerging value chains for the music industry.

    Bandito       image from www.blogcdn.com

    Conversley, the wonderfully serendepitous and sublime Shuffler.fm aggregates music from curated news sources into musical genres which also present the news item in its original context along with each track. "Playing" music blogs as continuous mixes implies a kind of social graph, but that's a contrivance – it's simply a collection of editorial and an act of curation. Curation is a little more deliberate than shotgun sharing.

    Whether acquired though piracy, digital stores or signals rippling through your social graph, what you collect - not who you know - defines your media genome. Your social graph – as it stands today – is autistic, lacking the subtlety, nuance and fidelty to articulate what you like; indeed, it simply broadcasts what others like.

    I have a hypothesis that time and place can be as influential as a collection… but more on that another time 😉

  • FriendFade

    Socialfabric
    A pair of recent articles – Scott Brown's Facebook Friendonomics and Mashable's 12 Great Tales of De-Friending – have raised some interesting questions on the longevity and sustainability of relationships established within social networks.

    Brown speculates around the problematic notion of never losing touch with anyone in environments such as Facebook. Most notably losing the 'right to lose touch' and maintaining the convenience of a clever address book albeit the inanity of one that constantly talks back at you…

    Over a half decade into the life of the social web, services still represent 'friending' autistically, preventing us from ascribing the subtlety and meaning of real relationships to their digital counterparts. The dynamic and changing semantics of a relationship are intrinsic to our existence and yet most services are content to flatten them all into a simple 'friend soup', diminishing them all and stripping each of its unique values.

    Services should understand that certain people are more important to me that others, based on the history of a relationship – whether that's proximity, temporal distance, frequency of contact, family connections or shared work histories. Right now, users have to do that heavy-lifting themselves, but Brown's notion of a Fade Utility for digital relationships isn't so far fetched…

    Stevenn Blyth's Social Fabric project began to explore how to represent the decay of a relationship over time and distance by visualising the relative 'healthiness' of your relationships. The emotional representation of a friend's avatar would subtley signal whether that relationship needed your care and attention.

    Perhaps in the age of iPhones and the emergence of federated social networks its now possible to concieve of a user experience that not as rich as Social Fabric, but one that can understand your actual activity – email, phone calls, messages, events, travel plans – and make some guesses about whom in your social networks you're neglecting,  which relationships need some attention and let others face into the background with less prominence.

    FriendFade?

  • Making Web Services Personal

    Ben Trott, co-founder of Six Apart and its current CTO, led an all-too-brief session (20 minutes!!) on where blogging platforms are driving innovation in services and formats and the direction this may take in the future.

    Blogs are beginning to evolve from simple journals to automated aggregators or personal content – effectively inverting the role of tradtional Yahoo!/MSN style portals, by placing the blog owner as the brand.

    Trott described how the current generation of blogging services enable authors to combine data in interesting ways, aggregating data across multiple sites to form connections and articulate a rich personal identity…also hinting at mechanisms for creating location-based services. The bulk of the sesssion explored three service scenarios where blogs and open data formats are being orchestrated and wired together to create interesting new services.

    The Personal Friends Aggregator is best descibed as an equivalent to the LiveJournal Friends that lists recent posts from a network of friend’s blogs. This service utilises open data and is therefore not tied to a particular service. This services interrogates your own FOAF social network description data for each friend, automatically discovers their syndication feeds and formats new entries into an aggregated list of links.

    Trott’s Feed Splicer is similar to services offered by Feedburner‘s in that it takes, as inputs, all the syndication feeds that represent your online presence and splices them into a into a single feed.

    The final service, a Blog Metadata Database, utilises the blo.gs directory to ‘listen’ for new content from the blogosphere, fetch new each newly posted blog entry and extract metadata into a local database.

    While none of the services described by Trott are innovative or shifts in thinking, they do represent the increasing simplicity required in synchronising and orchestrating data from multiple services into a new application; delivering on the promise of web services, but with much lower barriers to entry.

    Many of the services and components described by Trott are available from Six Apart’s Professional Network Power Tools site here…

  • Rendezvous

    Itunes ETech is a perrennial nexus of Powerbooks and iBooks – firing up iTunes and seeing how many users have enabled the Share My Music option much music is being shared over the local wifi network is always a novelty.

    In this screenshot you can see the music collections of the EFF’s Cory Doctorow and the BBC’s Matt Webb.

  • Trust Me: Adventures in Social Engineering

    Jon Oliver, MailFrontier‘s Director Of Research, describes social engineering as the means by which identity thieves extract passwords and account data from unwitting users. Oliver’s session outlines how criminals are using progressively more sophisticated techniques as users awareness increases.

    • 51m adults were ‘phished in 2004’; a 1126% increase from 2003.
    • In a survey, around 30% of users incorrectly identified a genuine or ‘phish’ email message.
    • Only 9% of users identified all ten messages correctly.
    • 5% of phished users, will click on an enclosed link.
    • Interestingly, demographic analysis shows that the supposedly Internet-savvy 18-25 age group is most gullible.

    In many cases, ‘harvesting’ sites are unwittingly hosted on computers where the owner is unaware of illicit activity. Oliver cited the cases of an eBay phishing site hosted on the PCs in a South Korean Internet cafe; the cafe owner was horrified to discover that a counterfeit eBay site was being served from his PCs. Interestingly, personalised phishing is a new trend – where a user experiences a definite uptick in phishing attempts following the sale of an item on eBay.

    Phishing attacks tend to follow an established pattern of presentation:

    • Build credibility by spoofing a real company with authentic sender addresses, and links to the company’s official site.
    • Create a reason to act through a plausible and urgent premise, requiring a quick response from the user.
    • Have a call to action combining an authentic visual URL with a hidden URL for the phishing site. For example, messages come from ‘www3.fashion.sony.com’ rather than ‘user@sony.com’.

    Phishers can openly purchase mailing lists list on eBay, as well as packages of template messages from leading sites. All that remains is to develop an attack email and the ‘fake’ website and locate servers from which to send the phishing messages.

    In examining the motivations of phishers, Oliver illustrated the high return on investment for phishers:

    • 2m emails are sent
    • Assume only 5% of messages (100’000 people) will be successfully delivered; phishing messages are more likely than spam to get through filtering algorithms
    • Assume only 5% (5’000 people) of recipients click through
    • Assume only 2% (100 people) of users who click through enter sensitive data
    • The FBI estimates that, those that reach this stage of a phishing attack, lose an average of $1200
    • Hence, the phishers can potentially earn $120’000 within a very short period of time. A good return on their investment.

    Interestingly, Oliver describes corporate phishing attacks as a recent growth area, whereby a corporate infrastructure comes under attack through Differential Harvest Attacks (DHAs) that seek to identify new employees through messages describing ‘essential security upgrades’ and ‘registration reminders’. The outsourced services of corporates (accounting, finances, CRM, remote meeting, credit cards, IT systems, DNS records) are invariably vulnerable points of attack. even a simple message to HR@company.com! Indeed the harm is far greater than individual phishing attacks.

    There are a number of methods for identifying phishing attacks, though there is no silver bullet or ‘catch-all’ method:

    • Identifying the sending server
    • Identifying links to the fake web server
    • Identifying that the email does not originate from who it purports to come from (authentication)
    • Identifying suspicious content; through statistical analysis of text
    • Identifying attempts to exploit browser security

    One audience member suggested that ‘white-hat’ phishing attacks could help to identify weaknesses and sensitise users to exert greater care. Another suggested that the falling trust in email would lead to more communication through an RSS-like medium.

    Oliver concluded that phishing and other email security threats are real, malicious and eroding trust in the use of email as a communications medium. Solutions must use multiple techniques to be effective, but in essence the best solutions require widespread change in user behavior – such as the use of PGP and S/MIME.