Friday, September 24, 2010

Twitter Hacked, Facebook Down, What's Next?

As if we haven't had enough news worthy topics for the week, we had two breakdowns of major social networking sites. Twitter had its cross-site scripting (XSS) exploited Monday impacting hundreds of thousands users. Just yesterday Facebook was brought down to its knees because of error-case handling bug in Facebook page.

Even Robert Gibbs, Press Secretary
Fell Victim To Twitter Hack
It's not a surprise to anyone that we are living in increasingly connected world. Just yesterday I wrote about Facebook's sneaky way of encouraging users to connect with more people and share more information. In face of ever increasing connectivity with people around us, what do these major social network site failure mean?

1. Social network is built on implicit trust of system and identity; therefore security cannot be an afterthought when building a social network

As I wrote earlier, social network models the real-life relationships. Underpinning of liberal information sharing and getting connected with new people is the trust. There are two kinds of trust. First is the trust of social networking system. Users are trusting their information with the site admins that the admins will not misuse their information -- I see Facebook has spotty records in this regard. Second is the identity of the person. Users are trusting that users are who they say they are. Twitter has more difficulty with this than Facebook because it is difficult to see because there is no friend relationship. Hence Twitter is addressing this with 'verified accounts'. Without trust, social networking will be impossible.

The recent set of failures demonstrated the potential of erosion of this trust model. In order to ensure that the messages are sent by authentic users, social networking sites must work to reduce their security vulnerability.

2. Users will find ways to share information

Having Facebook or Twitter down doesn't mean the end of social network, however. Need to share information and collaborate remains, and is ever increasing. In fact when Facebook went down, users flocked to Twitter to talk about Facebook outage. This means when one social network is down, people find another way to share information. And there are many alternatives, such as Hi5, Friendfeed, Tumblr, etc.

3. Federation of social networks needs bigger push

When switching to alternate social network, there is one great inconvenience, however. That is your friend list. Think of how annoying it was to re-enter all your friend's information back into your contact list when switching to new mobile phone. Even worse, with social network many times it's not integrated to send messages from one social network to another social network. That's akin to me as Verizon user not being able to call you AT&T subscriber. That's truly bizarre restriction.

In fact there are standards in the works to fix these problems. ostatus.org, identi.ca, elgg, and upcoming Diaspora are open standards and their open source implementations. The goal of these standards are to free users from getting locked into one social network vendor, and allow all these separate islands of social networks to talk to each other. This means if one goes down, users will be able to seamlessly transition to other networks. Well, almost. In future, I expect users to be on multiple purpose-built social networks while using open standards to aggregate them in a single view.


It's safe to assume that we will see further exploits of social networking sites. As user base continues to climb, it will be more attractive for hackers to use Facebook, Twitter and other popular social networking media to reach majority of Internet users.  I'm sure Facebook and Twitter have learned their lessons from these incidents, and improve their security in coming days.

Meanwhile, from social networker's perspective, we should not let our guard down, and use these sites with healthy dose of caution. That includes friending only those whom you know well enough to share posted information, and adopting think-before-share strategy on any posting. Remember that any information that you share can end up with someone you didn't intend.  And yes, that includes your significant other and employers, unless you work for German company.

No comments:

Post a Comment