Morisy.com

Social NetworkAbout a week ago, I met up with a former Romanian journalist who'd done a great job mapping political, media and organized crime ties in his country, and the complex relation between the three. It was a great database, but a little hard to wrap your head around because you had to do a search on an official or a company, which meant knowing where to start.

It was also difficult to get a "big picture" look at just how interwoven everything actually was. The month before, I'd been approached to pitch a similar project, that would map the ties between contractors and state officials in a way similar to how Muckety.com graphs political, business and social relationships.

I haven't had a chance to play with many options, but thought I'd collect them here and share my impressions as I get a chance.

• My.Muckety.com is in beta, is free and puts out some nice looking social graphs. You plot out the relationships in a Google Doc, upload it, and they map it for you. As far as I can tell, the free accounts are limited to one graph at a time, with up to a hundred nodes, but there's no option yet to upgrade to a pro account or anything else that would give you more access.
• IBM's Many Eyes project has quickly become the data visualization/crowd sourcing darling: Upload a data set, and let the world play and poke at it. It features social graphs, like this one of Biblical co-occurrences, as one of the many, many options. I believe it's currently free and mostly a way for IBM to show off what their BI tool Cognos can do.
• SocNetV is an open-source social grapher that has some neat tools like a built-in webcrawler.
• UCINET has a free time-expiring demo, and paid rates ranging from $40 to $250 for a full license.
• GraphViz is another open source option. The homepage says it can power web graphs, apparently through the Grappa Java engine
• NodeXL is an Excel template that makes it easy to power social graphing without much out of the ordinary software. It uses an OSI-approved open source license. There's also a free tutorial for it as well.
• Flare is a nice Flash ActionScript library that looks like it could easily create dozens of varieties of social graph visualizations with just a few clicks. The demo is incredibly smooth and impressive, and it's also open source.
• Gephi is another slick network visualization package, but doesn't appear to have a web component.
• Protovis is another open source option that sports in vogue favorites like force-directed diagrams and many, many other options. Here's a guide.

And not technically a software package, but Investigative Reporters and Editors has a social network analysis guide. Any other options I've missed? Add them below in the comments. As I get time to test out the various packages, I'll post my thoughts and link to them from here.

Note: Many of these great suggestions come straight from the NICAR mailing list.

Maybe I'm daft (ok, we all know I am daft), but what new features, really new features does Google Buzz bring to the table? For the end user, it really seems like something that could have been cobbled together with a clever Greasemonkey script, which is an unusually low bar for a Google product.

It just pulls Google Reader into GMail. Oh, sure, there's some location-aware nish-nosh and something about better thumbnails, but the conversations I see on Buzz are identical to the ones I was seeing on Reader. A while back, Reader even let you put up aimless updates, basically creating Buzz without the buzz.

With pre-Buzz Reader and some simple RSS magic, you could even pull in and share you Twitter feed, your Flickr photos, and whatever the hell else they're now trumpeting, and you already saw updates pre-selected by your friends and colleagues. Buzz just pulled together (quite nicely, I might add) a lot of elements that were already there for power users and forced them down the world's unsuspecting throat.

Still, it's not a bad move at all.

Two points, perhaps slightly contradictory:

• Facebook's new privacy rollout is doing users a favor.
• "Free" may be the limit that social networks can, by and large, charge users, but it means the users aren't the customers.

I've been trawling the Internet for quite some time now, but there's something I learned early on, shortly after starting my first blog (we called then web journals back then) in the 8th grade: Privacy on the Internet is as real as that magical glittery unicorn you rode in on. A lot of people, including people who should really know better, don't seem to have that figured out yet.

Gawker's Preferred Facebook Privacy PolicySee Gawker's Ryan Tate:

Its new privacy policy have turned the social network inside out: millions of people have signed up because Facebook offers a sense of safety. For the last five years — as long as you're relatively careful about who you accept as your friends — what you do and say on Facebook for the most part stays on Facebook. Katie Couric's daughter first posted pictures of her famous mom dancing silly in 2006, but it took three years for them to leak to us.

"Privacy is dead, deal with it,” Scott McNealy famously said. As someone who dallied both in college journalism and gossip blogging, I will sadly testify that what privacy has existed on social networks, blogs, and in online life generally was more or less an illusion until someone wanted that information enough, or until another security hole was exposed, or until a friend decided to share your tidbit with the world, innocently intentioned or not.

Just today, the seemingly innocuous Gravatar service has a privacy hole that let one researcher correctly guess flies around the Internet plain as day for God's sake. The fact that Gawker bolsters its privacy argument by saying private photos remained private for three whole years is just icing on the cake.

Facebook's "Great Betrayal" is more of a cession to reality rather than an "anti-privacy plot".

The more their users are aware of reality, the better they'll be equipped to defend themselves against it. By having a glittery magical unicorn approach to privacy concerns, they were just fooling some of the press and anyone who would prefer to live comfortably rather than live with the facts.

If you're not comfortable with it being public, it probably shouldn't be anywhere on any of your social networks.

The second point is that, unless you're paying, you're probably not that important a customer. Facebook's advertisers and, increasingly, search partners are. And you can't search what's mired under privacy constraints.

So if you really want to be in control of your data and privacy, pay for it. Better yet, build it: Kits like Drupal make it easy for those of at least a slightly technical bent, but there are tons of hosting services that support Fantastico which let you set up your very own website, which you control, for about $30 a year. Is that too much to ask? Well, given what you give up in usability, maybe, but I've been doing it, and just recently launched my own galleries where I can fine grain the privacy to my heart's content and never have to worry about changing Terms of Service. I also use Drupal's Activity Stream module to backup (publicly) my Tweets, delicious tags, and Google shared items in one convenient place. I even get a copy of my entire site e-mailed me to daily, so if this hosting provider pisses me off, I can move at a moment's notice.

Try doing that with Facebook.

PS: I can't find any documentation, but I could've sworn for a while that Facebook prevented users from downloading images via some Javascript tomfoolery. It would have been easily bypassable, as such measures always are, but would have made users feel better, maybe. Anyways, I can't find any reference to it, so I may not be remembering correctly.

Author's Note: This post is a work in progress. It is subject to revision, updates and possible deletion, so please, share your thoughts and help me better thing through it.-MM

After a night of Entourage and PBR, we got to talking about Anil Dash's Pushbutton Manifesto (my term, his ideas) which would basically have a Twitter-like server in every home, or at least every home that wanted one, with a distributed, RSS-like real-time status update network.

The essay and ideas fascinated me, and in something of a brainstorming session, I tried to come up with ways to make such a system useful. My first impulse, and the one that's stuck around all night, is a sort of Yahoo! Pipes for the real-time Web.

Both my friends are engineers, and both have Twitter accounts they almost never use. I spent the evening idly sketching out use cases. For example, parsing through:

• A user's current location (city or more specific), local Tweets, local event info and listings, friend's recent Tweets and locations

to get:

• An event recommendation

Then, I figured it would be relatively trivial to take take a CloudRSS OPML, for example, and parse that for popular URLs on a given subject or within a given community, kind of like an automagical niche Digg that is resistant to the dumbness of crowds.

For example, rather than wading through all of the tweets from people Jay Rosen's following (as he suggest in one podcast) to get a pulse of what's going on in the Journalism Twitterverse, you take his Twitter OPML (which doesn't exist currently), use a Pushbutton server to grab all the recent updates, pull out the URLs people are Tweeting, and discover what articles are the most talked about in these categories.

This creates a hand-curated social news feed that avoids the gaming and dumbing down that have hurt Digg as well as Reddit and Slashdot as the communities get more popular (I mean "hurt" quality and utility wise, as traffic has certainly gone up). Since it's a very controlled list of submitters (in this case, people who Jay Rosen thinks carry weight on journalism) I'm getting a very high signal-to-noise ratio. While a few people may post pictures of their cat, kids, or breakfast, few will retweet it so those posts won't make the news feed, and the signal will remain high (the number of RT's required to make the feed would be set in the Pipes-like application).

With this Pushbutton pipes, I could then take, for example, the OPML list of people Jay Rosen is following, people the Boston Globe is following, and people the Boston Herald is following, and then parse out, for example, all the people more than 50 miles away. Then, if I wanted, only allow through Tweets with the word or tag "Boston," to get a local, Boston view from season journalists and sources.

A couple more use cases:

Bargain hunting

User drags a OPML list of Twitter accounts like @BostonTweet or GroupOnBoston. Maybe the list is national.

The user then narrows down the location they interested in, say, within 5 miles of Cambridge. Then, the user sorts for hash tags like #drink or #food from these users. Tweets with other hashtags might even get demoted for being "off topic," then Tweets without tags in the middle, then Tweets with the most tags on top. At the very top, the Pushbutton Pipes setup might sort the output by most times Re-Tweeted.

Apartment hunting

Apartment hunting is a relatively inefficient, horrible process, so this is just a first iteration but there's plenty of potential here. First, perhaps do a local search for #apartmentsforrent metadata, in Tweets, yes, but also Waves, another, more extensive real-time data storage.

The user narrows it down to 4 choices that come up, some Tweets that lead to traditional Craigslist-style advertisements and other that are live, editable Waves. Since a certain amount of real-world relationships are shown, the renter sees he has several mutual connections with 2 of the landlords. He pings them, getting negative feedback on one landlord and positive on the other.

One of the apartments the renter wasn't able to get a reference has a Wave, and so the renter asks some qualifying questions not addressed yet: Are pets allowed? What about parking? The answers are given out in the open, on the Wave, so the community can all see the updated apartment info. The Wave is associated with a showing time, which users can sign up for right on that page.

The fourth apartment, with neither references nor a Wave to ask follow up questions, is left for later consideration if none of the earlier choices work out.

Make sense? Think of other useful cases for a Pushbutton Pipes set up?

Further Reading:

• Anil Dash on Pushbutton ecosystem

Update: The comments have an alternative method that works without installing anything and is retroactive. Unfortunately, that doesn't pull all Facebook chats, just the most recent ones

Finally, users can record and find Facebook chat history, but it requires a bit of a workaround including a Firefox plugin and a Facebook app. Not the most elegant solution, but for those who are just can't seem to keep track of what they're Facebook chatting about, it'll have to do.

First, head over to the Facebook Chat History Manager homepage and install the plugin. It'll prompt you over to the Facebook app after successful installation, where you'll have to register the app and then create a local user account (all the chat history is stored on your own computer, not someone else's servers).

One interesting thing to note: Unlike in GMail's GChat, the chat logging application doesn't notify the person on the other end that your conversation is being logged:

The logs are also not particularly well formatted nor particularly intuitive to access. At any point in Firefox, you can just hit CTRL-ALT-F and the logs will come up, but there's no easy way to click through to the logs inside Facebook itself, short of going to the application's own URL. There's also no way to search for chats, so you're stuck either wading through them by date and name, and the output isn't exactly well styled:

The good news is that these quibbles can probably be fixed with relatively minor updates, and the solutions gets bonus points for offline chat history access. In any case, it's the best that can be done until Facebook unveils a chat history lookup of their own. If today's announcement of improved Facebook inbox searching is any indication, that could be the near future.

Further Reading:

• Find your Facebook message history
• What to do if you get hit by the Facebook brunga.at virus attack
• Facebook virus attacks continues: Check kirgo.at, nutpic.at, and brunga.at continue to lure unwary
• Facebook says "Check 121.im"; Common sense says don't

Brian Morrissey, an editor at AdWeek and, since I joined the service, one of my favorite Twittering journalists (not to mention his homonymical last name to mine!), tackled shortcut-taking Twitter contests in a blog post of his own last week, and unsurprisingly he does a better job than yours truly, when I wrote about the ethics of Pay-per-Tweet and Twitter contests.

Morrissey pretty quickly outlines how much these somewhat tacky contests can save over traditional marketing campaigns, as well as the potential hidden costs (using as a case study the Squarespace iPhone "giveaway"):

Is this effective? I'm not sure. No matter what, it's pretty low cost -- the 30 phones will cost it under $10,000 with no media or creative costs to speak of. It's clear that Twitter will need to crack down on this kind of hashtag gaming (hello, #spymaster) for people to become trending topics. This kind of thing, to me, quickly becomes spam.

$10,000 for absurd amounts of reach, even if it's low-impact reach, is every advertiser's dream. Having worked at an advertising boutique for a few weeks one winter break, I can tell you those numbers blow billboards, radio, and almost all traditional creative out of the water by such a margin it's not even funny.

But how do you qualify the loss of brand equity associated with annoying customers with such a blatant attention grab? Already, one of Morrissey's readers has posted a Mea Culpa for responding to the hash tag scheme.

Follow Brian Morrissey on Twitter. While you're at it, follow me too; I'm much more letter efficient.

More on social marketing:

• The ethics of Pay-per-tweet, Twitter contests, and word-of-mouth marketing
• The Sinister Sibling of Paid Reviews
• Commercial alert on buzz marketing, another term for social marketing
• Marketers Demand Ad Audits
• BusinessWeek on MTVu's Y2M Acquisition

After my posts on how to fix the Facebook virus after an attack, I've noticed a number of searchers looking for information on how to find a particular message in your Facebook message history. I've put together a Facebook message search guide to help just these people, including some bad news about Facebook chat history. Read the full post.

BostonTweet & @Sayagle are giving away 2 dozen Sweet Cupcakes (2 $36 gift cards)! RT to enter - drawing on 6/4 http://bit.ly/ibCHl

--BostonTweet

Seeing more and more sweepstakes offers on Facebook and MySpace lately, and almost all of these sweepstakes comes with the same "cost": Get a chance at a prize X if, and only if, you log yourself as a loyal follower, friend, or fan, virally spreading on the contest to your RealLife™ friends.

There's nothing wrong with these contests per se, unless you factor in how obnoxious and sort of slimy it is for your friends to try and capitalize on your friendship by begging you to sign up for offer X. I recently started receiving Facebook messages with just such a request, and couldn't help but feeling like ...

Read the whole entry here

Yodlee MoneyCenter is apparently considering launching some new features, ranging from a way to gauge your environmental impact based on your purchase history to peer-to-peer financial advice. Since Yodlee also powers Mint Financial Services and BankOfAmerica.com, don't be surprised if the features make there way over there, too.

Read the full post for all the feature details.

To: Microsoft Xbox Team
From: Michael Morisy
Subject Line: Inclusion of Twitter on Xbox 360

Dear Microsoft XBox Team,

	Total Tweets	Tweets/Day
25% of users	0	0
Median	1	.01
75% of users	4	.11
Mean	26.71	.37

[Via Harvard Business' New Twitter Research: Men Follow Men and Nobody Tweets]

Sincerely,

Michael Morisy

Most of my hits lately have been people searching for information on bunga.at or another variant, like kirgo.at, nutpic.at, or 151.im. I've put together bits and pieces of information on the continuing Facebook phishing attack, but here's a quick guide on what to do if you've already fallen for it:

• IMMEDIATELY change your passwords, particularly if you use the same password for Facebook as you do for other sites, like your bank or e-mail. This is the most important thing you can do, and the number one way to protect yourself from further, serious damage.
• Report the breach to Facebook by e-mailing them at privacy@facebook.com. They're likely getting dozens of e-mails on the topic every second, but if they have your info they might be able to scrub any damage done before it gets passed much further.
• Post a link on your wall to articles like this or the Facebook Phishing Scam Awareness group and let your friends know you've been compromised. It happens, but spreading the word about what they can do can minimize the damage.
• Check your sent messages: You might be able to see who you've forwarded the worm to, and if so you can reply to all the people and warn them not to click your link. This won't always work but is worth a try.
• Run anti-virus. Some users who've been hit have reported getting attacked by a Windows executable, and de-activating whatever nasty payload you might have gotten should be your next priority after changing your passwords and trying to prevent the virus from spreading further. If you don't have anti-virus already installed, learn your lesson and at a minimum, go install AVG, which is free. Many, many schools and service providers also give out free anti-virus to their students and customers.

Facebook itself had a few anti-phishing recommendations:

• Use an up-to-date browser that features an anti-phishing black list. Some examples include Internet Explorer 8 or Firefox 3.0.10.
• Use unique logins and passwords for each of the websites you use.
• Check to see that you're logging in from a legitimate Facebook page with the facebook.com domain.
• Be cautious of any message, post or link you find on Facebook that looks suspicious or requires an additional login.

Further Reading:

• Facebook virus attacks continues: Check kirgo.at, nutpic.at, and brunga.at continue to lure unwary
• Facebook says "Check 121.im"; Common sense says don't
• Facebook's blog post on how to Protect Yourself Against Phishing
• Find your Facebook message history

Already hit? Check out this guide of what to do now.

Looks like claims to have cleaned up the the Facebook 151.im worm were a bit premature. I've gotten three more offers to check scam sites in the past few hours, including to Kirgo.at, nutpic.at, and brunga.at. It looks like the phishers have changed from the Isle of Man's .im domain to Austria's .at. I'd still pick the former this time of year.

Most of what I wrote about the Facebook virus previously still applies, although it looks like the bad guys' servers are having trouble handling all the images, which will hopefully slow down the amount of people falling for the trick.

One way to make sure that it's the real Facebook site you're logging in to? Simply put in a made up e-mail and password in the login page. The phishing sites have been putting out a "502 Bad Gateway" error, while the real Facebook would ask you to try again. Note that this is not a 100% fool proof method (check the address bar!), but few phishers, particularly for a scheme like this, are likely to go through the trouble of a complicated input verification scheme.

Further Reading:

• What to do if you get hit by the Facebook brunga.at virus attack
• Facebook virus attacks continues: Check kirgo.at, nutpic.at, and brunga.at continue to lure unwary
• Facebook says "Check 121.im"; Common sense says don't
• Facebook's blog post on how to Protect Yourself Against Phishing
• Find your Facebook message history

Since I've already gotten two of the spam Facebook messages today, I figure other people probably are, too. What sets this phishing attack from others? For one, no obvious misspellings:

John Doe sent you a message.

Subject: Hello

"Check 121.im"

To reply to this message, follow the link below:
http://www.facebook.com/n/?inbox/readmessage.php&t=1146328106860&mid=764a5aG638f2G2a6619cG0

___
This message was intended for morisy@gmail.com. Want to control which emails you receive from Facebook? Go to:
http://www.facebook.com/editaccount.php?notifications&md=bXNnO2Zyb209MjQwMjc0MDt0PTExNDYzMjgxMDY4NjA7dG89NDA3Nzk0
Facebook's offices are located at 156 University Ave., Palo Alto, CA 94301.

Pretty much identical to a regular Facebook message:

John Doe sent you a message.

--------------------
(no subject)

Great to see you the other day. The artist that I was trying to think of was Thomas Barbey:
http://www.facebook.com/l/;https://www.artifactsgallery.com/art.asp?!=A&name=Thomas%2520Barbey%2520Photography&ID=787#LINKS

- John
--------------------

John has shared a link with you. To view it or to reply to the message, follow this link:
http://www.facebook.com/n/?inbox/readmessage.php&t=1099969910945&mid=742ccdG638f2G2a40a06G0

___
This message was intended for morisy@gmail.com. Want to control which emails you receive from Facebook? Go to:
http://www.facebook.com/editaccount.php?notifications&md=bXNnO2Zyb209NDAyMzEwO3Q9MTA5OTk2OTkxMDk0NTt0bz00MDc3OTQ=
Facebook's offices are located at 156 University Ave., Palo Alto, CA 94301.

If you click through the link, even the log in pages are pretty identical (click image to enlarge), mostly differing in that the real one offers "English" as an option below, prompts that you must log in to continue, and has a (very slightly) wider "Sign Up" button. Tricky, particularly since Facebook doesn't automatically use SSL encryption (manually go to the more secure version at https://www.facebook.com, and many browsers will display a green indicator in the address bar to let you know you're at the legit location).

Still, it's a good reminder that avoiding phishing traps is easy: Always, always, always look at the address bar when you enter your password and username for any website, whether it's a bank, social networking site, or e-mail. Even if only a trivial account is compromised, many users use the same passwords across all their logins, meaning big trouble even if it's the most clueless script kiddie who gets your data.

Update: Facebook has acknowledged the virus, and is taking steps to thwart its effects, the L.A. Times reports.

"This is a phishing attack. We’re well aware of it and are already blocking links to these new phishing sites from being shared on Facebook," Facebook e-mailed the LA Times. "We’re also cleaning up phony messages and Wall posts and resetting the passwords of affected users. We think this is related to the fbaction.net/fbstarter.com campaign of a couple weeks ago. "

Facebook has also put a better anti-phishing blog post than mine on preventing attacks, though it would be nice (if expensive to them) to make SSL the default connection.

Update 2: Removed some Real Life (TM) first names I'd accidentally left in, to protect the innocent and guilty.

Further Reading:

• What to do if you get hit by the Facebook brunga.at virus attack
• Facebook virus attacks continues: Check kirgo.at, nutpic.at, and brunga.at continue to lure unwary
• Facebook says "Check 121.im"; Common sense says don't
• Facebook's blog post on how to Protect Yourself Against Phishing
• Find your Facebook message history

BusinessWeek keeps bringing up MySpace and Facebook when discussing the purchase, though no social networking implementation has been (yet) announced.

Other plans are hinted at, however:

The deal is likely to help boost growth at Y2M. The company will have access to mtvU's 120 major advertisers, as well as some new content and Web functionality from MTV. "We're looking forward to supporting them with new tools and advertising opportunities, empowering them to expand their offerings and audience as well as improve their financial performance," said Stephen Friedman, general manager of mtvU.

Streaming MTV video on news sites? Can sponsored headlines be far away as markets seek to reach that vaunted 20s demographic in any way possible?