gravatar

Inside Facebook

Inside Facebook

Facebook Roundup: Sandberg, Syria, Underage Users, Promotion Guidelines, LinkedIn, Winklevoss Twins and More

Posted: 13 May 2011 07:37 PM PDT

Facebook COO Sandberg Profiled – Facebook's Chief Operating Office Sheryl Sandberg is profiled this week in Bloomberg Business week. The article describes how her steady leadership has helped Facebook monetize. It also mentions that she may be more conservative towards entering China than CEO Mark Zuckerberg. [Image via Facebook]

Facebook, Syria Butt HeadsFacebook shut down the Syrian military's Page recently because it called for spamming of politically opposing Pages. Then it appeared the Syrian government tried to launch cyber, man-in-the-middle, attacks on Syrian Facebook users.

7.5M Facebook Users Under 13 – Facebook's minimum 13 year age limit is being flaunted by 7.5 million users, according to a survey from Consumer Reports.

Facebook Reiterates How Developers Can Keep Users Safe - Following claims of new security risk, a post to the Facebook Developers Blog explained how developers can assist its efforts to protect users by acquiring an SSL certificate (which will be mandatory starting October 1st), reviewing the updated authentication and OAuth 2.0 guide, and complying with its Platform policies. It also mentioned that the company is working with other web giants including Google, web browser vendors and the National Institute of Standards and Technology on several web security initiatives.

Facebook Patents Info Sharing – A Facebook patent was published recently, the "Controlling Access of User Information Using Social-Networking Information" patent covers the degrees of separation between people controlling whether different social networks can access information from other networks.

LinkedIn to Raise $274M – LinkedIn is set to offer 7.84 million shares to the public to raise an estimated $274.4 million. The shares are priced between $32 and $35 dollars and LinkedIn will take $146.6 million of the money raised.

Facebook Makes Minor Changes to Promotion Guidelines - As of May 11th, promotions, contests, and sweepstakes on Facebook may no longer use the Like button, comments, or other Facebook features as voting mechanisms, impacting some developers such as Offerpop. Also, promotions may only include Facebook’s names, trademarks, etc in disclosures, not in contest instructions.

Winklevoss Twins Get Sued – In a twist of fate, the Winklevoss twins who have been suing Mark Zuckerberg for several years, are being sued by a software developer in Boston. Wayne Change wants a piece of the twins' $65 million Facebook settlement for work he did for the twins' original Facebook rival, ConnectU.

Facebook's User Info Suit Continues – A lawsuit in which Facebook was accused of sharing user information with third-party advertisers was partially dismissed. The plaintiffs still have a chance to sue Facebook.

Airbnb Takes to Facebook – Airbnb, a global home rental service, implemented Facebook Connect, now allowing users to connect with people in their personal network when renting places to stay.

Claritics Raises $1.5M – Claritics, a startup providing self-serve social analytics tools for brands and game developers, raised $1.5 million in series A funding this week, to be used to develop its analytics suite, as well as sales and operational staff, according to TechCrunch.

BitTorrent Releases Personal Social File Sharing Channels – BitTorrent, developers of the popular file transfer protocol for the same name, has released the beta of its Project Chrysalis. It allows users to create a personal file sharing channel to which friends from Facebook can be invited to download files that exceed Facebook’s file size limit, such as home movies that are over 1024 MB.

Facebook Syndicates Personal Messages Sent With Friends Requests to the Inbox

Posted: 13 May 2011 01:20 PM PDT

When users include a personal message with a friend request, that message will now also appear in the Messages inbox of the recipient. Previously, these messages, which allow users to add context to a friend request, only appeared in the Requests channel. This made them easy to miss, especially since once a request was answered, the message was permanently deleted.

By syndicating these friend request personal messages to the Messages inbox, users are much more likely to see them and users will always have a copy, significantly reducing the likelihood of these sometimes important messages being lost.

Since the early days of the site, when users sent a Facebook friend request from the web version of the service, they could click a link in the request confirmation prompt to add a personal message. This could be used to inform the recipient of where they and the sender met, reference a mutual friend, or start a conversation. They weren’t shown in the Messages inbox, and weren’t visible in some native Facebook mobile apps, such as Facebook for iPhone.

Unfortunately, due to their lack of visibility and the fact that they were deleted when a request was answered, they could go unseen, leading the sender to assume the recipient was ignoring them. For example, let’s say two people met at a party and one sent the other a friend request accompanied by a personal message asking them on a date. If the recipient confirmed the request but didn’t see the message and therefore didn’t respond, the sender might think the recipient didn’t want to go on the date.

Now when users receive a friend request that includes a personal message, they’ll see red counters on both their Friend Requests and Messages channels in Facebook’s top navigation bar. They can view the personal message in either channel, and the Message inbox copy won’t be deleted if they answer the friend request.

This functionality change makes the friend request personal message much more useful, especially for those sending requests to people they don’t know as well, such as people they’ve met through social games. It will decrease the likelihood of legitimate friend requests being marked as spam, which can temporarily suspend a sender’s ability to send additional requests. It will also encourage users to accompany friend requests with conversation starters that can strengthen casual friendships and lead to more interaction on Facebook.

With this change to friend requests, the Download Your Information tool, and Facebook Chat exchanges being saved thanks to last year’s the upgrade to Messages, everything users write on Facebook will now be archived somewhere.

Facebook Rolls Out Login Approvals and Security Protections Against Clickjacking and Self-XSS

Posted: 13 May 2011 10:58 AM PDT

Facebook has released several new security features designed to thwart unauthorized logins, cross-site scripting, and clickjacking that trick users into sharing spam to the news feed. Login approvals require suspicious logins to be confirmed with a code texted to a user’s phone, while self-XSS and clickjacking protection  warns users and requires them to confirm their actions when pasting links into their browser or clicking suspicious Like buttons.

These protections should reduce the prevalence of hijacked accounts and highly visible spam in the news feed that perpetuate the public perception of Facebook as less safe than the rest of the internet.

Facebook’s latest internal security efforts were announced alongside a new partnership with Web of Trust, a a crowd-sourced website reputation rating service that will be used to power alerts to Facebook users when they click malicious outbound links. Facebook has previously concentrated on improving security through user education and login protection features such as remote session logout and one-time passwords.

Login Approvals

Now Facebook is rolling out the two-factor authentication it announced last month. Users can visit Account -> Account Settings -> Settings -> Account Security to enable the feature, which will require them to verify their phone number. Once enabled, any time someone attempts to login to the account through a new or unrecognized device, they’ll have to enter a code sent to their phone via SMS. Users will also be notified the next time the successfully login of any suspicious attempts thwarted by the login approvals feature.

Users could be temporarily locked out of their account if they have Login Approvals in the unlikely event that both their phone and their approved Facebook login device were lost or stolen. Still, the feature offers a strong additional layer of security for those who opt in to it. It can also serve to protect users who may share their password with a loved one for use on their regular login device, but who don’t want those people to access their account from elsewhere.

Clickjacking Protection

Clickjacking refers to when a malicious website conceals an active link beneath an image or other disguise to fool a user into clicking a link they didn’t intend to. In the case of Facebook, malicious sites sometimes conceal Like buttons beneath video players or appealing offers, leading users to inadvertently share the spam site to the news feed, drawing in more users to the scam.

Facebook already has automated systems designed to identify and disable uses of the Like button for clickjack, as well as block or remove outbound links to clickjacking sites. Now Facebook as added additional protection against the tactic by requiring users to confirm they wanted to click a Like button that is suspected to be part of a clickjacking scheme. The Like won’t go through and stories won’t be published to the news feed unless the user confirms.

This feature could cut down on one of the most prominent Facebook security threats as of late, which has spread through links that promise videos of racy or gruesome content.

Self-XSS Protection

Self-cross site scripting is a security threat in which a spam news feed story, wall posts, or Message asks users to copy malicious code into their browser, thereby causing a hacker’s message to be posted to additional friends. These threats are becoming increasingly sophisticated over the years (if you want to get deeper into the topic, be sure to check out security researcher Joey Tyson’s Social Hacking blog).

The new security features detects when users attempt to paste malicious code into their browser, displays an alert explaining why the practice of copying code into a browser is dangerous, and prevents the code from being run.


By mixing education in with technical security features, Facebook can protect users now and teach them to protect themselves in the future.

Free Flights, Turkish Videos, Custom Tabs, Cards and More on This Week’s Top 20 Emerging Facebook Apps

Posted: 13 May 2011 09:48 AM PDT

The usual group of Turkish video applications was joined by a couple of custom tab apps, a free flight app in Spanish, a greeting card app, photo app and friend app. The apps grew from between 116,900 and 888,300 monthly active users. The list of top 20 emerging apps was compiled based on AppData, our data tracking service covering traffic growth for apps on Facebook and covers apps that grew the most in the past week, ending at between 100,000 and 1 million monthly active users.

Top Gainers This Week

Name MAU Gain Gain,%
1. PowerVideo 895,884 +888,288 +11,694%
2. Auto Hustle 794,953 +328,530 +70%
3. VideoGezegeni 539,951 +283,558 +111%
4. My Tab 781,791 +234,079 +43%
5. Videohane 235,892 +233,793 +11,138%
6. BandRx 774,200 +227,519 +42%
7. Genç Video 305,338 +182,719 +149%
8. vuelosgratis 238,523 +168,985 +243%
9. Puzzle Saga 928,564 +166,837 +22%
10. UFC Undisputed Fight Nation Game 890,573 +163,732 +23%
11. N.O.V.A. Near Orbit Vanguard Alliance: ELITE 439,000 +143,550 +49%
12. Sohbeti Arkadaşlık 346,545 +143,397 +71%
13. Especially for You 699,313 +142,170 +26%
14. BomBom 189,652 +140,642 +287%
15. Buddy Rush 422,861 +139,443 +49%
16. Hero City 198,041 +135,844 +218%
17. Battle Pirates 400,138 +130,879 +49%
18. My Top Fans 990,906 +120,760 +14%
19. Videolar 2011 233,610 +118,182 +102%
20. Spot The Difference 847,858 +116,938 +16%

Most of the Turkish video apps work the same way, although a few of them are different this week. The basic structure of the app is that each takes the user to a selection of videos, where they can watch, share, Like, or comment upon the videos. This week, several of the apps — notably VideoGezegeni, and Videolar 2011 — automatically post daily videos to your feed if you install the app. Finally, Sohbeti Arkadaşlık is an explicitly sexual app that says it's for "chat" but automatically posts sexually explicit videos to your feed.

All that said, PowerVideo topped our list and grew by 888,300 MAU, VideoGezegeni by 283,600 MAU, VideoHane by 288,800 MAU,  Genç Video by 182,700 MAU, Sohbeti Arkadaşlık by 143,400 MAU and Videolar 2011 by 118,200 MAU.

Custom tabs included My Tab with 234,100 MAU; the app promises to allow Page admins to create customized welcome or other tabs for their pages. BandRx grew by 227,500 MAU and promises to all users, musicians in particular, to create a tab for their MP3s, videos, tour schedules, merchandise, social media content and more.

Vuelosgratis is a sweepstakes app from Air Europe Iluba in Spanish that grew by about 169,000 MAU. The app is something of a sweepstakes for users to invite their friends to the app and win a chance for free flights to Europe. Especially for You grew by 142,200 MAU and allows users to send sparkly greeting cards to their friends and publish to the feed. My Top Fans grew by 120,800 MAU; the app tells you who you "Top 8 Fans" are and then publishes a list to the feed. Last, Spot The Difference with about 117,000 MAU is a timed puzzle games where users have to compare two similar photos and identify the differences.

lørdag den 14. maj 2011 at 07.42