Because it’s New Years Eve, and I’m kind of a morbid asshole, I thought I’d harsh your alcohol-induced buzz with some grim reality by asking the question: What happens to your online content when die?

Sure, there are online memorials through which your family can set up a memorial site that will be hosted until the end of time (or until the company hosting it goes out of business), but what about the online content you yourself have created? For some of you, “online content” might only mean your Facebook, FriendFeed, Twitter or (God forbid) Myspace accounts. For others who are more tech savvy and prolific, this could mean literally dozens of websites with hundreds or thousands of blog posts, tutorials, e-books (hah!), photos, slideshows, and so on.

Because I am not aging gracefully, and because what I would consider my life’s work lives almost entirely online in the ether, I think about this a lot. Probably more than is healthy, but that’s what booze is for.

This question is more complex than it seems, and becomes increasingly complicated if you have your own independent websites, as I’ll discuss later in this post.

Social Networking Sites

In the case of social networking sites, in most cases, your account will simply linger online with no new posts unless you have given a friend or family member your login information through which they could post a death notice and/or delete your account. In the case of MySpace, there are websites such as MyDeathSpace that allows you to memorialize a recently deceased friend or family member’s MySpace account.

The exception to this (so far) is Facebook. When you join the choir invisible, friends or family can fill out a form to report a profile as deceased, which requires knowledge of the person’s date of birth, email address used for the account, network, and full name. Once a profile has been set to ‘deceased’, friends may continue to post memorial notes on your wall, but you will not (or should not, anyway – I have found this to be buggy) show up in Facebook application invites, etc.

If you have a paid account of any kind, for example with Flickr or LiveJournal, your account will obviously revert to unpaid when the yearly renewal fee is not paid. Even so, unless you have provided instructions and your login information to someone still alive, the accounts will remain available and untouched unless a family member petitions to have them deleted.

Emails from Beyond the Grave

If you’re the kind of control freak that wants to have a say in who gets notified about your death and what that message says (no shame in it – I *am* that freak), services such as GreatGoodbye.Com or MyLastEmail will let you prepare a message (including photos and video) and recipients in advance. A code is generated that you give to a trusted friend or family member, and when you finally lay down for your eternal dirtnap, that person activates the code and the emails get sent.

I’m a little torn on this. While I want to make sure that I get a chance (even if posthumously) to tell the people I love how much I loved them, not all of my loved ones have email, and frankly, it still comes off a little creepy to me.

Of course, if you’re a passive-aggressive dick, you could use a service like this to get the final digs in on someone you weren’t very fond of. You will absolutely have the last word, although honestly, if that kind of thing is worth the cash to you, the world is probably better off without you.

Dead Man’s Switch

A digital dead man’s switch works exactly like the dead man’s switches in movies, only instead of blowing yourself and the hostages up if your finger comes off the button, your carefully crafted post-death plan is triggered.

As Tony Geis explains in an interesting article from NPR entitled Dead Man’s Switch: CC Me From The Other Side:

“I concocted the idea one day when I was almost hit by a car. A program running on a couple of my servers supervises my online presence in various ways. It notices if I post on Facebook, Twitter, my blog, etc., log into any of my servers, send an e-mail, etc. Things like that. If it becomes apparent that I haven’t been around in quite some time, it ‘unlocks’ and a trusted individual can activate it. When it is activated, various trusted individuals will be sent e-mails explaining the situation and be granted access to my accounts.”

Geis rigged his own system as an alternative to using a service like GreatGoodbye, but not everyone will have that level of technical skill, so perhaps a service like GreatGoodbye (or others) would be a good idea if only to email your selected, trusted contacts your login information and instructions in the event of your passing.

According to Forbes magazine, if you’re serious about keeping your online presence going you should appoint an executor, somebody who’ll handle your affairs when you’re gone. Leave him or her your logins and other key information, and if there’s stuff you’d rather the family didn’t see you can arrange for the executor to delete specific content from your computer or online accounts.

Speaking of deleting your social media profiles, website SuicideMachine helps you do just that. It was recently featured on Lifehacker.Com, so if it’s not responding quickly – or at all – that’s why. Just give it a little time and check back when the crushing force of the Lifehacker effect has subsided.

Incidentally, although we’re discussing the topic of actual IRL death it should be noted that SuicideMachine’s name refers to killing off on your social networking profiles. It’s not advocating suicide (that I know of) and isn’t positioned to be a tool to delete your profiles after you’ve passed on, but the combination of SuicideMachine and the Dead Man’s Switch might work in a will to make it easier for your family to delete your online presence if that is your final wish. It works with most of the popular social networks, and can really cut down the time it takes to nuke them all. Sadly, Facebook is being douchey and blocking their IP, so the Facebook integration aspect isn’t functioning right now.

Challenges

As I mentioned, I’ve thought about this a lot. While some of the solutions mentioned above are better than nothing, I think they overlook some less-obvious issues – or at least issues that come up when your online presence is a little more complicated.

Multiple-Personalities

In my case, I have a robust online “persona” on Twitter and other social networks (even this blog) that are very true to my personality. I’m snarky, occasionally funny and mean, and I see my interaction online as a bit of a performance art. I also, however, run a very serious non-profit organization that I founded 8 years ago. Clearly, the messaging I might wish to send to my Twitter friends would likely be different than the messaging I would send to my colleagues through my non-profit work. (Probably slightly less swearing. Probably.) In short, I maintain a professional appearance for the benefit of my organization, as one would expect of the President of any serious company. Trying to sort out the nuances of which group gets what messaging would be complicated and challenging, and the very last thing I would want would be to screw that up and send a message intended for my personal friends to my organization’s list. I can see it now: “See you in hell, bitches! I’ve brought the beer, you bring the hookers and blow!”

Real-Life Friends? Online Friends?

Another interesting challenge is that with social networks evolving to the point where they are used to connect with people you didn’t know before, the lines between “real life friends” and “online friends” becomes more and more blurred. Twitter is a great example of this. The followers on Twitter that I interact with frequently have become as much a part of my life (if not more so) as the “real life” friends I have known for decades but to whom I rarely manage to talk. I don’t even have most of their email addresses, and who knows if we’ll still be in touch by the time I actually kick the bucket. I certainly hope we will, but lives change, priorities change – the same things that make people spend less time with each other in real life get in the way of people spending time with their online friends.

Honestly, I wonder if the terms “online friends” and “real life friends” are even valid anymore. They’re friends. However, because we know each other through a venue that doesn’t provide email addresses, a simple email solution just won’t work if I want to include those friends in my final messages.

But because I know people from all of these different online communities and networks, many of whom are not in my address book, the solution here isn’t necessarily a technical one. Sure, I could create a Facebook/Twitter/MySpace application that allows a trusted family member to trigger your last wishes messaging to your friends in those communities, but what about the Godsmack forums, of which I have been a moderator for 8 years. Or the stone carving listserv I’m on, or the forums for my martial arts school? You get the picture. I would certainly want to include an announcement to them, but those systems don’t have an API that can be tapped into.

Parts of this process would still have to be very manual, which means putting that responsibility on someone I care about, just hours or days after I’ve died.

Passwords and Friends Change

The biggest challenge I see in the automated services solutions is that I change my password often, and use distinct passwords for just about every website I join. I also add new contacts to my address book, friends groups (and friends lists) weekly. Using the automated email workflow concept, I would have to manually update these contact lists every week for the rest of my life. Even as morbid as I am, I don’t want to be reminded of my own mortality that precisely every week for the rest of my life. Even setting website logins aside, the FTP account information for the dozens of websites I run or manage are frequently changed. Which brings me to the most difficult challenge for me, personally.

Non-Technical Friends and Family

As I mentioned, I’m a prolific (one might say habitual) website developer and writer. I can think of at least 10 websites I run that have content that requires constant curating, and probably 15 more that are static that I don’t want to disappear after I’m gone.

FTP login information could be granted to a trusted person by firing off an email with the login to my computer, and then instructions on how to login to my KeePass application that contains the usernames and passwords to my FTP and MySQL sites. But then what? I do not have any close friends or family that even know what FTP is, let alone how to handle creating a new post/page/whatever on each of the proprietary apps I’ve built. It certainly could be done, but that’s a metric assload of work to generate that much documentation, especially when you consider that I may well end up completely changing the software that powers these sites several times before I die. I don’t know about you, but I just don’t have that kind of time.

Moar Monies!

Naturally, hosting costs money. In order for my vast, craptacular works to live on beyond me, someone would have to be paying for it. I currently have it stated in my will that I wish for x amount of money to be allocated towards hosting fees to keep them alive for a specified amount of time.

Relevance and After Life Lifetime

This is less of a challenge than just something to consider while you’re making these types of plans. As much blood, sweat and tears as I’ve devoted to Snipe.Net over the past decade, will it really be relevant enough to keep alive 10 years from now? My tech tips, programing snippets and observations on social media will most likely not be relevant anymore. Keeping that in mind, if I died tomorrow, how long would be appropriate to keep this site alive? A few years maybe? Technology changes so quickly, it’s likely that anything I’ve written here will become obsolete within 6 months, let alone 10 years.

Privacy

In the example I gave above, I would be giving my laptop password to a trusted friend or family member (either informally, or formally by way of an executor), with instructions to access my KeePass file to unlock my other accounts. This also inherently means that the person I entrust with this information has access to all of my files, all of my past emails, all of my social networking private messages, and all of my pr0n. Uhm.. did I say pr0n? I meant banking information. Right.

So short of encrypting large sections of your drive, handing someone the keys to your hard drive is effectively handing them the keys to your entire life, including the bits you may not want to be made available to people you love. Speaking as someone whose step-father once asked her to help him cancel his porn account and remove the malware he got from a porn site, I can tell you there are parts of your private life that really, really, really should follow you to your grave.

Hmmm

As upcoming generations rely more and more on online services and communities and become closer to friends they only know from online who may have no connection to their “real life” friends, I think we’ll see more of this kind of thinking.

Perhaps more importantly, the generation of people whose entire life’s work is purely digital is starting to get older (like me), we will need a more organized, integrated way to handle our online legacies. The most significant, important things I have accomplished in my life so far will disappear if I don’t have a system in place – and right now, that system is kludgey at best, impossible to execute by the technically challenged people I love most at worst.

I do not have children (thank God), and do not want children. My digital creations, self-indulgent and rambling though they may be, are my legacy. They are the only thing I have that has a chance of living on beyond me.

As I’m writing this, I realize that there is currently no solution that does exactly what I need and want. Anyone with some VC capital want to start a company? I’ve already got a plan. Drop me an email if you’ve got some cash to blow.

Your Responsibility?

Is it weird to think about this? I don’t think so. I personally feel that just as it is responsible to have a will, it is responsible to leave your last wishes and instructions for your social networking profiles. Having had a few friends pass away in this digital age, I wish they had considered their social networking profiles in their last wishes. To your friends and family, it can be heartbreaking (and more than a little creepy) to see haunted by your profile on their friends list after you’ve passed. I lost a friend to suicide this time last year, and it took 4 months for Facebook to finally get the memorial status of his profile set up correctly. It was a painful daily reminder to say the very least. Not to mention that neglecting to make formal plans for your eventual death puts the burden of deciding what to do with your social networking accounts on the very people who are already grieving.

Happy New Year to you all. Stay safe, and consider adding a posthumous persona management plan to your resolutions list. What are your thoughts on this? Is it going too far? Not far enough? Do you already have a plan in place, or a pre-recorded “screw you, world!” video set to be published when you kick it? I’d love to hear about it in the comments.

Possibly related posts:

1. New Facebook Phishing Attempts Looks like a new round of phishing attacks are well...
2. My favorite blogging tools With all the social networks out there, how do you...
3. What Exactly is the Point of Twitter? Since this question has come up at least three times...

Those of us who eat, sleep (and occasionally — oh nevermind) on Twitter have noticed an increase in the Twitter “RT Contests” being promoted by companies in an effort to leverage folks who want free shwag to whore out their promotion.

When it was only a few companies, it didn’t seem so bad, but now that all the cool kids are doing it, has it become just another kind of Twitter spam?

This has been a bug up my ass for a while, but I let it go, since it seemed like there were really only a handful of companies pushing them. Now that the trend seems to be spreading like social media herpes, I decided to share a few thoughts.

If you were the FIRST person to come up with this idea, you *might* have been clever. But you weren’t. Odds are, you weren’t even in the first thousand to try it. You jumped on the bandwagon after you saw people you follow mindlessly posting contests and promotional tweets in the desperate hope of winning a donkeypunch, or a unicorn or whatever it is the company was hawking.

Fundamental Misunderstanding of Twitter

I can see the allure. It’s free, and has the potential to spread like wildfire, as many things do on Twitter. And it’s ZOMGSOCIALMEDIABBQFTW!!

The problem is that as this technique gains popularity, it begins taking over user’s Twitter streams, especially when it’s being used by a popular company.

Okay, I lied. That’s not the only problem.

The second problem is that it demonstrates once again a fundamental misunderstanding by companies about how Twitter should be used – or rather, how Twitter users expect and want it to be used. I have said this a hundred times, and will likely say it a hundred more – Twitter is about conversation. It is a two-way street. If you’re looking for a way to broadcast promotions, use an email newsletter list, targeted ads, or another more appropriate advertising vehicle.

Another facet to this is the fact that many companies don’t grok that Twitter isn’t Facebook. Twitter isn’t just a place where you connect with people you already know – trusted friends and colleagues. Twitter, by it’s very nature, encourages you to connect with people you have never met, and with whom you may share *some* common interests, but I can tell you my own list of Twitter followers are as varied as colorful as can be imagined. A good many of them classify themselves as geeks in one way or another, but even with that seemingly clear delineation, some are math geeks, some are science geeks, some are literature geeks, and so on. Some are Mac users, some are Linux/BSD or Windows users. Even out of the smaller subset of people on Twitter that I interact with every single day (my Twitter BFFs?), they’re not going to have the same interests.

Encouraging your Twitter followers to spam their friends with contests and promotions that they very likely may not even be interested in will only result in their followers resenting you *and* unfollowing the original tweeter. I treat RT contests very much like the recent syphilitic plague of Twitter-based games such as Mafia Wars. If I get an @reply or DM that was generated by a Twitter game, that is an instantaneous unfollow, no backsies.

I have marginally more patience for RT contests than Twitter games, only because I still see them less often, but anyone who knows me knows patience isn’t one of my many, many virtues, so if this trend continues, I could easily see my stance getting a little more aggressive on it.

Worst of the Worst

The worst offenders are folks like MacHeist, who offers free Mac software for download, but only if you tweet an ad for them. Their system actually checks to see if you have tweeted this message, and only then will allow you to download the software. Fucking lame.

They’ll call it a clever promotional tool, I call it blackmail. Somehow requiring a user to tweet something in order to enter a contest feels less awful to me than their approach – perhaps because contests already come with the sense that your chances of winning are limited, so a user is more likely to opt not to tweet and enter because they have decided that their slim chance of winning is not worth pissing off their followers.

Incidentally, I have spoken to a few groups that have used Twitter Tweet/RT contest promotions before, and according to them, their success rate wasn’t even very good, according to whatever metric by which they gauge this sort of thing. That is, of course, entirely anecdotal, since I made no effort to solicit this information from many of the larger companies using it because I don’t *care* how successful it is. It’s still obnoxious.

I was curious what my own Twitter followers thought, so I posted an (unscientific) poll:

Only *one* user voted that they felt this was “clever marketing” (and that vote followed me remarking that I found it interesting that no one selected that option yet, so there’s a good chance the voter was just being a wiseass.) Almost 25% answered that they felt it was flat-out SPAM, and over 60% said it depends how it’s executed, but it feels mostly spammy to them.

The Secret

Here’s the big secret these companies seem to be missing – if your contest doesn’t suck, many of your users will retweet it because they *want* to, not because they have to.

Make it easy for them to tweet it – set up a pre-filled Twitter message so they only have to click “tweet” (but always always ALWAYS give them the chance to alter or add to the message) after they’ve signed up for the promotion and they probably will! If the prize or promotion is good enough on it’s own merit, people will talk about it. You don’t need to strong-arm them into doing it.

It comes down to part of the psychology of Twitter users. Being the first to tell their followers about something they think is awesome, and they think their followers will find awesome, is one of the most rewarding aspects of Twitter. It helps establish them as an authority on all things awesome, and shows their followers that they have something of value to offer. In return, their announcement gets Retweeted, and they feel good knowing they have sent a message that resonates with many of their followers. It is a win-win for the original tweeter, and for their followers.

Let this social dynamic of Twitter work on it’s own. This organic way of spreading information is exactly what made Twitter popular – not by companies forcing users to shill for them.

What are your thoughts? Am I over-reacting? Let me know in the comments.

Possibly related posts:

1. There is NO SUCH THING as a Social Media Marketer That’s right. I said it. If your job title is...
2. Twitter Gets Down to Business Twitter has taken the first steps of what will no...
3. Using Twitter for Business? Two interesting articles have come out recently, discussing tips and...

Twitter has taken the first steps of what will no doubt be a long journey towards providing more native support for businesses using their micro-blogging platform by introducing the new (beta) Contributors feature.

Back in 2008, I posted some initial thoughts about companies using Twitter for business. This past year has shown that companies have taken hold of Twitter and are making it part of their business plan. Some have done it well, while some clearly still don’t get that Twitter is about conversation, not advertising, but more and more brands are using Twitter and that’s not about to change any time soon.

Twitter “Contributors”

Yesterday, Twitter announced the very limited beta release of a new feature they’re calling “Contributors”. From their company blog post:

The feature we are beta testing is called ‘Contributors’ – it enables users to engage in more authentic conversations with businesses by allowing those organizations to manage multiple contributors to their account. The feature appends the contributor’s username to the tweet byline, making the business to consumer communication more personal; e.g. if @Twitter invites @Biz to tweet on its behalf, then a tweet from @Twitter would include @Biz in the byline so that users know more about the real people behind organizations.

Before this feature was introduced, enterprise-level Twitter apps that focused on facilitating a team of people servicing a single account – services like CoTweet and HootSuite – encouraged team members to “sign” their tweets with an initial, such such as “^S” to indicate which team member posted.

This new API feature, in addition to the launch of Twitter’s Business site, shows that supporting and cultivating business interaction on the platform is clearly something on Twitter’s long-term agenda.

I, for one, am pleased to see Twitter going in this direction. Whether or not you agree that businesses should be on Twitter, the fact is they’re here to stay- and by adding this functionality to the API, they are encouraging something I have felt was important for as long as social media has been in the mainstream: personalizing your public face.

As I mentioned in a previous post, the companies that seem to be doing things right with regard to Twitter seem to be the ones that grok the concept of the ‘conversation’, and allow the personalities of their Twitter representatives shine through.

To put a finer point on it, several studies have been done that show that doctors who have poor beside-manner or come across as uninterested in their patients have a higher risk of being sued for malpractice, regardless of their technical skill as a physician. [more] In short, patients don’t sue the doctor’s they like.

Customers have a harder time getting angry or frustrated with companies when they get to know the employees as human beings. I felt the full impact of this myself just a week and a half ago at the Microsoft Web Developer’s Summit, and have often referenced Rackspace’s presence on Twitter as being a good example of this.

Conversely, if you have a bunch of assholes handling your Twitter account, expect to feel the backlash of “social media malpractice”.

Is it risky to let customers or potential customers get to know your company employees on a more personal level? Absolutely. But if you’re not prepared to handle that risk, you should probably rule out social media as a service, support. or pre-sales tool. Stick with your static Facebook fan page with your carefully crafted and copy-edited status updates.

Like everything else in this world, you need to evaluate the risk-to-reward ratio, and determine whether or not you’re willing to give up a little bit of the structure and control of traditional media for a chance to really connect with your customers and establish brand loyalty on a deeper level. If you’re not, that’s totally fine. But if you’re going to do it, you damn sure better do it right, because if you don’t, the spotlight will be on you, and it gets hot as Hell. I’m talking to you, Dell, HabitatUK and countless others.

Obviously, if you’re going to take advantage of this new feature, you will want to set up some corporate guidelines for what is – and is not – appropriate for a personal Twitter account that is effectively endorsed by your brand, but remember not to hold the reigns too tightly. Just as you would hire the outgoing, friendly, charming associate with the dynamite personality to be your public sales face, choose your brightest, wittiest and most interesting employees to be your Twitter face.

If your company is just starting to (or starting to consider) venturing into the Twitter depths, be sure to take a cruise through Twitter’s Business site, which features a breakdown of how Twitter works, business best practices, Twitter lingo, case studies and a slideshow for download that is tailored just for you.

Additional Links

• DigitalBeat – Twitter has made Dell $1Million in Revenue
• Social Media: The Best and Worst of 2009

Blog photo credit: Tom Hoffarth, InsideSocal.

Possibly related posts:

1. Using Twitter for Business? Two interesting articles have come out recently, discussing tips and...
2. There is NO SUCH THING as a Social Media Marketer That’s right. I said it. If your job title is...
3. Twitter Retweet Contests: Viral Marketing or Social Media Spam? Those of us who eat, sleep (and occasionally — oh...

Last night, during a webcast, Facebook announced some upcoming significant changes to the Facebook platform. Most are good, a few may be frustrating, but here they are. These changes will start to be rolled out in November & December and will continue into the first and second quarter of 2010.

If you develop Facebook applications, I strongly encourage you to check out their new Facebook Developer Roadmap, which breaks down upcoming changes in detail and let’s you know when to expect these changes to roll out.

I for one am thrilled to see Facebook finally trying to work with developers to give them a clear idea of what to expect and when. As someone who has spent the past two years writing Facebook applications and being frustrated by surprise platform changes, this is a giant step in the right direction from my point of view. Previously, it was not uncommon to get only a day or two’s notice – or no notice at all – regarding critical application functionality. If you’re the developer for one application, that’s inconvenient and annoying at best, if you’re obligated to maintain a dozen or so applications it can be utterly traumatizing.

From the look of things, Facebook is trying to streamline the way applications communicate with users, and is adding some features specifically designed to improve the flow of turn-based gaming and make it easier for users to find games amid the sea of applications in the app directory.

Overall, these changes bring new features to the application developer’s toolbelt, but changes to the newsfeed and Stream API also mean that several of the ways you were previously able to send messages to a user’s newsfeed/stream (the one you just updated in April to comply with their last round of newsfeed changes) will no longer be supported.

To put a finer point on it, if you don’t feel like extending your current applications to take advantage of the new features, you will still need to update them to get them to function as they currently do. If you do not update your application to use the Stream API, your application will NO LONGER send any messages to your users’ stream. More on this down below.

So here’s a quick run-down of what to expect in the next few months – I’m covering the issues that will affect current applications first, and then we’ll get into the good stuff that talks about new features and functionality, so you know what you have to update to keep your existing functionality before worrying about extending it.

Big changes to the Stream, old API not supported, templates disappear, new format

As I mentioned above, if you don’t care enough (or your clients are not paying you enough) to update your current applications with the new functionality these updates bring, you’re still going to have to spend some time in the code just to get them not to break.

As of December 20, 2009, when Facebook.showFeedDialog and feed templates are discontinued, if your application hasn’t been updated to use Stream.publish, Facebook.streamPublish, or FB.Connect.streamPublish, your application will no longer be able to send newsfeed messages.

These Stream API functions will be the only way to send messages to users’ streams and they are available right now, so I encourage you to start making the switch now so you have plenty of time to test and troubleshoot any issues that come up.

But wait – there’s more!

Stream stories will be rendered slightly differently, with only one image and few lines of text. Only the first image and first few lines of text will be rendered by default. A user can choose to expose the rest of the images and text by clicking a “See More” link.

Only one action link will be rendered, and it must be 25 characters long or less. “Formatting”-style characters (like “|”, “[", "]“, and others) will not be rendered.

Key Policy Change: In order to encourage intentional behavior, you will no longer be able to automatically pop up a Feed form for a user unless that user has explicitly indicated that he or she wishes to share this information. According to Facebook, “a user should never be surprised by a Feed form”. You can continue to render Feed forms through FB.Connect.streamPublish and Facebook.streamPublish.

In the Stream Roadmap page, they outline when it is appropriate to open a feed form:

• When the user has clicked a button that says “Share this”.
• When a user has indicated via your user interface that they want to share. For example, if a user wrote a review within your application, and they checked a box that said “Share with friends” next to your “Publish this review” button. If you pre-checked a “Share with friends” box and they unchecked it, a Feed form should not pop up.

Perhaps more importantly, they also outline when you should NOT prompt the user with a feed form (and therefore NOT allow your user to post the action to their stream):

• When a user takes an action that is a normal part of using your application, for example, achieving a new high score.
• When you present a user with a result or new information, for example, completing a quiz.

These last two will directly impact how a LOT of Facebook apps and games currently function. While it will no doubt have an adverse impact on monthly active users for the applications that currently trigger stream entries on these actions, it is most likely a response of Facebook users complaining about the tremendous influx of stupid quizzes that have been flooding their newsfeeds for the past several months.

Hopefully, the other changes detailed below will offset the impact of apps not appearing in the stream as often and will more than compensate for any loss in virality.

Check out the Stream Roadmap page on the Facebook Developers site for full details.

No more Profile boxes or Boxes tab

That’s right. Poof. Going forward (in the short term) application tabs will be the only way applications can integrate into Profiles. We will be removing profile boxes, application info sections, and the Boxes tab. Facebook says they are exploring additional ways to enable developers to integrate into Profiles.

Please note that it does NOT appear that Facebook will be moving application content currently in Profile boxes or the Boxes tab into Profile tabs for you. From the Profile Roadmap page on the Facebook Developer’s Wiki:

Where will users’ profile boxes go?
Profile boxes will not exist in the near future. Application tabs will be the only way developers can integrate into the profile. If integrations on the profile are an important part of your application, we encourage you to focus development and transition to application tabs.

(Timing: Late 2009/Early 2010)

So it looks like if you don’t make this change to your application yourself and you rely on Profile boxes or Boxes tab boxes for your application to work, your app will effectively just disappear from user profiles when this change goes live.

Application tabs will shrink from 760 pixels wide (today) to 510 pixels 520 pixels wide to accommodate a slightly revised design. Boxes, info sections, and the Boxes tab will be removed in the near future. This kind of sucks, in my opinion, but I assume they’re doing it to accommodate a new design with either larger ads or some sort of right-rail navigation. Still, that’s a 250 240 pixel loss of real estate. Bummer.

Update as of Dec 15, 2009: According to a recently updated roadmap page, they will be shrinking the tabs down to 520 instead of 510. This, along with other profile changes, is set to roll out early 2010 by their last estimate.

Slight Application Canvas page layout change. In order to make it clearer to users when they are using an application created by a third party developer, Facebook is going to slightly modify how the top-navigation is rendered on canvas pages:

Looks like they’re still tinkering with ideas on the new layout of Application Canvas pages, but overall this shouldn’t impact most applications too much. They encourage developers to periodically check the Canvas Roadmap page for updated designs.

Now then – we’ve covered all of the stuff that impacts your current applications as they are now. Let’s look ahead to some of the great new functionality ahead.

Email

Developers will be able to ask users to share their primary email addresses. This is a big deal because it was previously verboten to collect a user’s email address without specifically asking them to type it into a form and submit it. (Timing: Nov 2009)

New Application Counter (woot!)

The application counter is one of my favorite improvements laid out in this roadmap and is just one of many steps Facebook is taking to position itself as a gaming platform.

You will have the opportunity to increment your count to indicate to a user that they should take an action in your application, for example, take their turn in a game, or see a comment from another user on content they created within that application.

The count can be incremented by your application, and when a user clicks through to the application, the count will be reset to zero.

As we continue to see an influx applications leveraging Facebook as a platform for RPG and turn-based gaming, it seems Facebook is getting behind the idea and beginning to provide specific features to encourage growth in this area. (Timing: November/December 2009)

Games/Applications Dashboards

In fact, apps that are games will be separated by category from apps that are… well, applications. Plus, users have access to two different Dashboards, one for Games and one for Applications.

The Games dashboard will have a number of features that encourage users to find games their friends and playing, and to stay active in games they’ve started, including:

Recent games: Facebook will prominently display games that a user has recently played, showing the application icon and application name. Clicking on a game will take the user to the game’s canvas page.

Game News: There will be a text field next to each game on the dashboard where developers can set Game News. This area is free form and targetable by user, e.g. “You are ranked 17th among your friends. Austin’s score is the next highest at 28,400. Can you beat him?” or, “Your pumpkins are wilting – water them soon!”

Your friends are playing: Facebook will display some of the games that your friends are playing along with information about relevant activities in the game.

According to Facebook, an app cannot appear in both the Games directory and the Applications directory, and they’ll be reviewing Games listed in the Games directory to make sure they belong there.

All non-game applications will have similar functionality (your recent applications, application news messages, and applications your friends are using) in the Application Dashboard.

Application Notifications

Facebook is removing application-to-user notifications and user-to-user notifications. Instead, they encourage you to use other channels to communicate directly with your users, and to enable them to communicate with each other about your application.

Communication between you and your users:

They encourage you to use Email (once the user has opted to share their email address with you) for things like product announcements, newsletters, or billing and transactional communication.

If you want to notify users about an action they should take with your application (like taking their turn in a game), incrementing the Application Counter will be a good way to notify them.

The application news in the Application Dashboard will be a great way to share a brief message with a user while they’re exploring the Dashboards. You’ll be able to target these on a per-user basis.

Communication between your users and their friends:

The stream is the most powerful way to enable users to share their experiences with all of their friends.

The new Share flow will give your users the ability to send messages directly to their friends’ Inboxes, with attachments predetermined by you. This will be the best way to encourage one-to-one and one-to-few messages between users, and is intended to replace requests.

Users will still be able to invite their friends to check out your application.

The estimated timing on this is approximately 30 days after you are able to start requesting a user’s email address. (Latest estimate: November/December 2009)

Open Graph API: Incredible potential, or not at all?

The info on Facebook’s Developer page for this is a little vague at best. They state:

The Open Graph API will allow any page on the Web to have all the features of a Facebook Page. Once implemented, developers can include a number of Facebook Widgets, like the Fan Box, or leverage any API, which enable the transformation of any Web page so it functions similar to a Facebook Page.

For example, AwesomeTees might decide that strategically they would like to locate their brand identity at www.awesometees.com. AwesomeTees will install the Fan Box widget, which will allow any Facebook user to “Become a Fan” of AwesomeTees, thereby establishing an official connection to AwesomeTees. The user will then have AwesomeTees listed in their list of connections on their profile as Pages are represented today.

This isn’t that different than how it currently works, so that’s not really news. What is interesting is this one line n their description, further down:

Additionally, any content that AwesomeTees publishes on AwesomeTees.com will show up in the stream on Facebook like it normally would.

Wait, say what? It sounds like they’re saying that news updates that would normally appear on a website, and would have to be manually cross-posted to a brand’s Facebook fan page will somehow automagically appear. I would have to assume they will require some sort of XML or JSON standardized format that website news announcements will have to be published in, but there’s little detail out on this just yet. This feature is a ways off though, with initial versions not expected until the second quarter of 2010.

And finally – Verification goes away as a brand, becomes universal for all apps

According to the Principles, Policies and Verification roadmap, Facebook is doing away with paid Verification and is extending it out to all applications.

On December 1st, 2009 we’ll retire the Verification brand, as we scale what was a voluntary program into a universal requirement. There is no longer a submission process or fee, and there won’t be distribution boosts as the product will move towards more intentional user sharing. Starting today, we will suspend the processing of Verification submissions. All apps must meet Verification Checklist expectations and will be subject to review at any time.

So this means while you no longer have to shell out big bucks for your app to be verified, it also means that Facebook will probably be more aggressive about making sure all developer applications do meet their verification criteria, and will yank your app with ir without notice if it feels like your app isn’t up to snuff.

Full Timeline

To give you a little more perspective, here is the timeline of the upcoming Platform changes, based on Facebook’s Developer Roadmap and originally compiled by InsideFacebook.Com:

Late October 2009

• Simplified policies posted, verification program ended, and “extending verification standards to all applications”
• Platform Live Status tool launching, which will show “updates on platform stability and load”

November 2009

• New email permission API (developers can ask users to share their email address)
• Access point to invites will be moved “to either a filter in Inbox or surfaced in the Application and Games Dashboards”
• User-to-user Inbox APIs will be launched
• Stream story formatting changes (1 image shown by default, few lines of text, 1 action link)
• New “add bookmark” button

November/December 2009

• Notifications API (both app-to-user and user-to-user) will be removed (note: Facebook says this will happen “30 days after email permission is available”)
• Feed forms cannot be popped open without “explicit user intent” (note: this is a new Facebook policy)
• Application bookmarks moving from the bottom menu bar to the left side of the home page
• Counter API launching (counts can appear on home page application bookmarks)
• Applications and Games dashboards launching
• New application branding on canvas pages launching

December 2009

• All stream publishing APIs beside Stream.publish, Facebook.streamPublish, and FB.Connect.streamPublish will no longer be supported (December 20)
• Revamped developer site launching

Late 2009 / Early 2010

• Requests API will be removed (note: Facebook says this will happen “30 days after launching new Inbox sharing”
• Profile boxes will be removed (application tabs will be the only way to integrate into the profile page at that point)
• Improved analytics and APIs launching

Early 2010

• Open Graph API launching

Conclusion

So it feels like Facebook might finally, really be getting their shit together. This is arguably one of the biggest rounds of changes to the platform that we’ve seen in quite some time, and for the first time, they’re actually giving developers a head’s up and being very transparent about timing and impact.

All in all, the vast majority of these changes are great news for application developers. We’re getting tons of new features, new integration points and opportunities for viral engagement. The trade-off in what we’re losing seems to be well worth it, if all of these improvements come to fruition.

Possibly related posts:

1. %$#^%$* Facebook Application Tabs So this is new. And by new I mean painfully...
2. Changes to Facebook’s Newsfeed/Wall With the most recent API changes, specifically the one that...
3. Planning Your Facebook Application This is part one of a series – the technical...

I’ve decided to move the comment system on Snipe.Net over to Disqus. I like it so far, but I’ve run into a few glitches and challenges that I thought I’d share with you. (Also, it explains why things may look funny here for a few days while I work out the display kinks.)

What’s Disqus?

Disqus is a commenting system that you can apply to any website. If you’ve got a static site that you want to enable comments on without mucking around with databases and scripting languages, Disqus might be something you want to look into. Disqus can also be used (as in this case) as a replacement for a standard commenting system like WordPress’ native comments. Oh, and did I mention it’s free?

I’d like to be very clear here with regard to what Disqus is NOT. Disqus is not a content management/blogging platform. It would not replace your WordPress or Movable Type installation, and the way by which you post new content. It handles only the comments, and is basically agnostic to your actual site content.

I’ve known about Disqus for years, but normal WordPress commenting was enough to do the job for me, so I never bothered investigating it much, but with the emergence of third-party login connections like Facebook Connect, Twitter’s OAuth, OpenID, and so on, I realized I wanted to offer these ways of authenticating to my site users. Hacking WordPress (or using several clunky and sometimes conflicting plugins) for each one of these authentication methods wasn’t something I had the energy to do, plus Disqus offers a few additional features I really liked, such as tracking “reactions” and the ability for users to upload a video response.

Disqus isn’t the only one doing this. IntenseDebate.Com offers very similar services and an almost comparable feature set. I set up an IntenseDebate account and even set up the WordPress plugin, but ended up a little underwhelmed, for reasons that are outside the scope of this article. If you’re interested in comparing the two, check out this wiki page by deuts.org.

Why Disqus?

What really convinced me that Disqus was stable and strong enough to give it a shot is the fact that Mashable.Com uses Disqus exclusively to handle their site comments, and that’s kind of a big deal. As a frequent visitor to Mashable, I always love being able to one-click login to reply, and seeing the “reactions” is always interesting to me.

I’ve already mentioned a few of the things I really like about Disqus – and for a full feature set, visit their website and click on the “This is why you should too” link on their homepage – but these were the key factors for me:

Ability for a commenter to use Facebook, Twitter, OpenID, Yahoo and other networks to authenticate and post. This was probably the most important factor. I had previously hacked together some Facebook Connection functionality, but it was a massive pain in the ass, and would cause the page to reload itself once on every page load in Firefox. Really annoying. Plus, I wanted to widen the net to OpenID and Twitter, without a lot of extra work. Logging in is still optional, but more features are available if the user logs in using one of the methods offered.

Facebook Newsfeeds. This was part of the reason I had originally hooked up Facebook Connect to the site in the first place – the ability to allow the user to post a notification to Facebook that they have just commented on my site. I am intimately, painfully aware of the effectiveness of the Facebook news feed in spreading content because of my extensive work developing Facebook applications, so this was a feature I definitely wanted.

Incidentally, when you sign up for Disqus, they give you an API key based off of Facebook’s new fourth-party functionality that lets services like Disqus create an application on the fly. IntenseDebate, on the other hand, asks you to manually create an application in Facebook and then enter your API key.

Ability to track Reactions. As I’ve mentioned, this is a feature I really like about Disqus. Reactions are similar to trackbacks, although my WordPress has never been great about capturing all of the places one of my posts might have been mentioned, especially social networks. Reactions let you mine social comments and mentions from places such as Twitter, FriendFeed, Digg, and YouTube, then display them with your comments:

“Record a video” option. While I absolutely do not expect anyone who visits this blog regularly to ever record a video response (and frankly it would probably be a little creepy if they did), this was interesting to me for another project I’m working on where that type of thing would totally make sense, so I figured I’d include it and see how it worked.

Response rating. The “like” functionality is something I think is useful to get an idea of who the people are who are contributing the most valuable comment content to the site.

Email notifications of follow-up comments. This is something I have had for a while on Snipe.Net by way of a WordPress Plugin called Subscribe to Comments – and it is such essential functionality, it actually surprises me that WordPress hasn’t made this part of the core yet. The Subscribe to Comments plugin worked fine, although it was a little on the clunky side to customize the look+feel.

So that’s what I was looking for. All of the functions above work as advertised, from what I can see so far, so I’m happy about that.

The Challenges

Everything was not exactly smooth sailing to start off with though, and I’m still trying to deal with some frustrations that come with Disqus. Depending on how customized your look and feel is, these may not even be issues for you, but since my site design is heavily stylized, it’s actually giving me some headaches. I’ll get into more detail in this section.

Import didn’t work. Disqus lets you import your existing blog comments from a variety of blogging platforms, including self-hosted WordPress installs, Blogger, Drupal, Joomla, Movable Type, Tumblr, Sandvox, chi.mp, Squarespace and more. I apparently was one of a handful of people affected by a temporary bug in their importer, and while it was frustrating at the time, they got it sorted the same day. I had emailed support, left a few blog comments on their blog and didn’t hear back, but they did eventually tag me back on Twitter. (Annoying that they didn’t respond with an acknowledgment of the issue before it had been fixed though. A “we’re looking into it” would have been nice, rather than leaving me wondering if anyone was there.)

Pain in the ass to style. The documentation on the styles used in Disqus is not exactly extensive. They basically tell you which CSS ids are used for a small handful of the elements in the Disqus thread block, but everything else you have to figure out on your own using Firebug.

Not a lot of flexibility in layout. This may not affect you at all if you’re using a pretty standard blog template. Mine was written from scratch, and although I still use a lot of the typical WordPress conventions (the HTML/CSS ids for the sidebar, for example), since you cannot actually modify the HTML that is output from the javascript calls, it can be limiting.

I had to take down my “Latest Comments” widget from the sidebar, since that was based on WordPress comments and it wouldn’t see any Disqus comments – but the Disqus javascript they provide to display most recent comments looked like braised ass in Marsala sauce when I tossed it into the sidebar. I may be able to work with it a little more, forcing my will through CSS alone, but this is time-consuming and even more annoying since there is no documentation on the styles being used there. I’ll keep plugging away at it, but if they let me define my own HTML containers for, say, the avatar and the text separately, it would be a lot easier.

Also, the “x comments” text that I usually have on the label over the blog image in both the blog post itself and on the category, homepage and tag pages is now basically sorta busted. Disqus uses javascript to fill in these areas, but you cannot customize the text from what I can see. Since my blog was designed with room for only “x comments”, not “x comments and y reactions”, this is making things look a little weird. I may have to actually redesign some of the sections to accommodate this issue, which makes me cranky.

In the Disqus admin, you only have three basic templates to pick from for your comments area display, none of which really rocked my socks. I picked the one that was the least weird-looking with my heavily stylized blog design, but as you can see, it still looks weird and amorphous. I’ll have to spend some time combing through the styles manually with Firebug to see how much I can improve that.

Also, protip: If your comment counts are not displaying properly on your index/category pages, be sure to check the box in the WordPress Disqus Advanced Options in your WordPress admin:

They don’t make it abundantly clear what checking that box does, but my comment count wasn’t being displayed on my homepage until I checked that box.

Some features a little buggy. For example, default avatar upload isn’t working. I expect this is a temporary issue, but it’s frustrating having a brandy new comment system and seeing the shitty gray default Disqus icon all over the place. It’s great that you can upload your own default icon for your site, but it’s only great if it actually works.

Also, in the custom CSS section of the Disqus.Com admin area, they suggest you use @import to import an externally hosted style sheet. Only that didn’t work at all.

And finally, for some reason, the comment count at the top of the blog posts pages isn’t working at all, which is why you just see “comments” in the masking tape area above the blog image, instead of “x comments.” Not sure what’s up with that, but I’ll be pestering them about it later.

Standard paranoia. Since the blog comments no longer live on my server, if something were to happen to Disqus, temporarily or forever (DDoS, network outage, bankruptcy, etc), I’d be shit outta luck, same as happens any time you rely on a third-party system to host your content. Again, my concerns are slightly assuaged by the fact that Mashable trusts them.

The API

If you’re feeling ambitious, Disqus has a rudimentary API set up, however their documentation on this is arguably worse than any I’ve seen, and I’ve wrangled some gnarly APIs in my day. I should rephrase that – the API function documentation is adequate, but they leave out some really important details. Every request you make using their API requires either a forum API key or a user API key – only they don’t tell you WHERE you’re supposed to find your API keys in the first place.

So you’ve got a shiny new car, and an operators manual – but no freaking keys. NO WHERE in your dashboard does it tell you what your user API key is, and without that, you cannot find out your forum API key, forum id numbers, or anything else at all.

If you’re a standard site/blog owner who just wants to add comments to your site, you will probably never need to even look at the API, but in the off chance you actually end up tinkering with the API, here’s how you find out ALL of your API key and forum id information. Hopefully it will spare you the frustration and headache I went through to figure it out.

If you were writing a script to access the API, you might use something like cURL in PHP. To test these functions out, you can just use a command line terminal or ssh terminal using cURL as long as the machine you’re logged into via shell has cURL installed. The API responses are in JSON format.

You need to perform these in order, since each step relies on the information you obtained in the previous step.

1. To get your Disqus User API key (which you need to obtain your Forum API key and everything else):
Login to Disqus.Com, and go to this url – http://disqus.com/api/get_my_key/

2. To get your Disqus Forum ID:
Via command line, type:

curl -0 -L "http://disqus.com/api/get_forum_list?user_api_key=_USER_API_KEY_"

You’ll get a JSON response that looks like this:

{"message": [{"created_at": "2009-10-22 10:05:15.657635",
"shortname": "snipenet", "id": "123456", "name": "Snipe.Net"}], "code": "ok",
"succeeded": true}

3. To get your Disqus Forum API Key for the Forum ID:
Via command line, type:

curl -0 -L "http://disqus.com/api/get_forum_api_key?user_api_key=_USER_API_KEY_&forum_id=123456"

where the Disqus Forum IS you obtained from step 2 is ’123456′. The message field in the JSON response should contain your API key, so you’ll see something like this:

{"message": "LONG_STRING_OF_LETTERS_AND_NUMBERS", "code": "ok", "succeeded": true}

Now that you’ve got all THAT, you can actually move forward with interacting with the API, as per the documentation.

Conclusion

It’s a little early in the game to know whether or not making the switch to Disqus was the right one. Fortunately, reverting it back to WordPress comments will take a lot less work than switching it to Disqus did, if it comes down to that.

I think Disqus will work out very well, and I’m excited about the new features it brings to my site, even if some of the styling and layout limitations are frustrating.

But hey, if you actually made it through this long, drawn-out post, leave me a comment so I can test how well Disqus is working

Possibly related posts:

1. Fixing Comment Count Bug in Disqus on WordPress My final post for 2009 should probably have been more...
2. Final Fail of the Year This is just a quickie to let you know that...
3. Trying out Facebook Connect After much deliberation, I have decided to give Facebook Connect...

In a recent post, you learned a little more about what it’s like to follow me on Twitter, warnings and all. In this post – one that I hope will be the last Twitter-related post for a while – I’m going to tell you why I didn’t – and won’t – follow you back, if I didn’t return-follow.

As I’ve said on Twitter, I ain’t no follow-back girl. Everyone’s follow policy is different. Some people automatically return-follow everyone who follows them. Those people have no standards. Whenever I get a new follower notification, I check out your profile and decide whether to follow back.

Prior to being named one of Wired Magazine’s Top 100 Geeks to Follow on Twitter, I probably wouldn’t have bothered with this post – but as my daily follower count continues to climb, I thought it was only fair.

Without any further ado, here are the reasons I didn’t – or won’t – follow you back on Twitter.

Social Media/Affiliate Marketing

The general rule here is that if I sense that you’re a SMD (Social Media Douchebag) or affiliate marketer, I will not follow you back. But because I believe in playing fair, here are the specifics.

If you are following hundreds of people, and have less than 5 posts, I will not follow you back.
The only way by which I can judge whether or not you’re someone I will find interesting enough to follow is by reading what you’ve already posted. If you have nothing posted, I have nothing to go on, and will not be following you back. The fact that you are following hundreds of people but not posting makes me suspicious that you are a douchebag spammer. If you’re not a douchebag spammer,  and are genuinely just new to Twitter, take the time to @reply me and say hello – there’s a good chance I’ll give you a shot once I know you’re a real person.

If you auto-DM me after I follow you back, there is an excellent chance I will immediately unfollow you or possibly block you.
Even if your auto-DM isn’t trying to sell me something (if it is, you will definitely be blocked), DMs go to my cell phone, and it’s annoying to get fifty “thank you” text messages a day, especially when they are robotic, empty sentiments. You don’t know me well enough yet to know whether or not you’re truly glad I’m following you. In fact, my following you might be the worst thing to ever happen to you.

Skip the meaningless DM and convey your thanks by being interesting enough for me to be glad I followed you.

If I see the words “guru”, “social media expert”, “Twitter coach” or “affiliate marketer” ANYWHERE in your bio, I will not be following you back.
In fact, there’s a good chance I will publicly ridicule you. Odds are, you’re just another Social Media Douchebag, and I don’t need anymore of those. Also, please die in a fire. But before you do, check out this site I made just for you. And this one. Your days are numbered.

If I see any tweets about “growing your twitter followers”
or any retweets about how @garymccaffrey (and his spammy, scammy tweetergetter) “has a crazy idea” to increase your followers by eleventy-billion in 3 seconds, I will not be following you on Twitter, and will most likely block you right off the bat. If you don’t actually suck in real life, I’m sorry about that (you may find this site helpful, though.) If you do, than you, too, can die in a fire.

If every one of your tweets ends with with a link back to your own bullshit affiliate marketing website, I will not be following you.
Even if your tweets are not spammy themselves, that’s an asshole thing to do.

In fact, if your website link takes me to an affiliate-anything landing page, or if your twitter username contains the words “cash”, “money”, or “rich”, I will not be following you back.
I’m not buying whatever bullshit you’re selling, and since I know you’re only following me to artificially inflate your follower count with people that follow back and don’t give a damn about anything I’m actually saying, I expect you’ll be unfollowing me soon enough. Maybe that crap works on noobs, but I’ve been working in the tech industry for 15 years. You can suck it. Suck it dry.

If your Twitter avatar is either the default avatar, or some absurdly gorgeous model that obviously isn’t you, I probably won’t be following you back. It just feels suspicious to me. Prove me wrong – show me you’re a real person.

Everyone Else

If your tweet stream is nothing but inspirational quotes (or god forbid, bible verses), I will not be following you back.
No offense – I genuinely appreciate your efforts in trying to make the world and the people in it less miserable, but if your communication is only one-way, that’s not a dialog, and that’s not what I want out of Twitter.

If I see a reference to the #tcot (“top conservatives on twitter”) hashtag, or if I see the word Christian or “conservative” in your bio, I may not follow you back.
My rationale here isn’t that conservatives or Christians have nothing to offer – just that if being a conservative or a Christian is important enough to you for you to use your precious 140 character bio space to identify yourself with it, chances are good that a fair percentage of your tweets will be conservative or religious in nature.

If your tweet stream isn’t all liberal-bashing or bible-thumping, I may actually give you a chance. But if you get preachy, or if I start to see the majority of your posts tagged with #tcot, I’ll probably be unfollowing. I am a bra-burning, liberal democrat and am damned proud of it. I will generally keep my religious and political beliefs off Twitter, and if you can too, we can still be friends. I will forgive you the occasional exception, and I expect to forgive mine – and understand that no one’s political or religious views will be changed on Twitter, so spare me the arguing.

If your website link takes me to a MySpace page… ’nuff said.

If you never, ever reply to people, I will probably not follow you back. As I’ve said before, Twitter is about conversation. Unless you are one of the extremely rare people (like @ainsleyofattack) who don’t ever reply but are just that damned entertaining, you’re not cultivating the spirit of connections in Twitter, so I’ll pass.  You don’t even need to reply to me personally – but I expect to see a few @replies somewhere in your tweet stream.

Conversely, if all you do is post links and/or retweet other people’s links, I won’t be following you back. If you’re not capable of forming an original thought once in a while, I’m just not interested. I already have my news sources, and I don’t need another one.

If none of your tweets are in English (or another language I can at least read, if not speak fluently), I will probably not follow you back. No offense intended – I’m not being an elitist American jackhole. There’s just not much point to following someone if I can’t understand anything they say. If you @reply to me in English, I’ll happily chat with you, though.

So, why should you care?

Honestly? You probably shouldn’t lose a lot of sleep if I don’t follow you back. Who the hell am I, anyway? These are just my personal criteria, and in the big scheme of things, I’m utterly unimportant. But if someone as morally questionable as myself won’t follow you back, you might want to re-evaluate your tactics. It probably means there are a lot of people with far higher standards that think you’re a dick as well.

The Caveat

If you’re not actually a wanker and I haven’t followed you back, there is always the chance that your follow got lost in the shuffle, or I might not have been sure based on what I saw on your profile. It happens. Just say hello and I’ll make sure I’m following you.

Oh, and:

Since tweeting this, a few of you have pointed out that I have a “Hire Me” link on my blog, which (somehow?) seems hypocritical to you. Big difference between what I’m talking about here and having a contact/hire link. My content doesn’t pitch my services, and never will.  I’m a professional web developer, and my personal blog (this one) does occasionally inspire people to ask if I’m available for contract work. Truth is, I don’t really have much time for it these days anyway, but the real issue is that the content of my tweets and the content of my blog are not designed to sell you anything.

Anyway:

I think that’s all of them. Bear in mind, me not following you back doesn’t mean I’ve written you off entirely. It just means I don’t have enough information about you to bother with. If you reach out to me, I just might change my mind. Assuming you care enough about me following you to bother, which is weird and sad in its own way.

Did I miss any? Leave your own in the comments. And I promise to blog about something other than Twitter again soon.

Possibly related posts:

1. Following Me on Twitter If you’re following me on Twitter, or if you’re thinking...
2. Twitter Gets Down to Business Twitter has taken the first steps of what will no...
3. What Exactly is the Point of Twitter? Since this question has come up at least three times...

Looks like a new round of phishing attacks are well underway, targeting Facebook users. There are a few going around, and they seem to work slightly differently (although same principle) to the previous round of virus/phishing attacks from last year, featuring the Bolivar23.exe virus and the Koobface virus.

These phishing links ask the users to put in their Facebook Login credentials. Once the mistake of entering Facebook credentials is done, the attack changes the password and sends same phishing link to victim’s contacts. This attack doesn’t install malware and is presumed to be in stage of collecting user credentials for a larger damage in the future.

Please note – for the Mac/Linux users, the fact that it doesn’t install malware means YOU are also vulnerable. Instead of using virus installations to send out these messages, they are are relying simply on the fact that people don’t always pay attention, and have conditioned responses to login prompts. That means everyone on every operating system and every browser are at risk.

Don’t “Look at This”

I’ve received several Facebook messages from friends with either no subject to the message at all, or the subject “Look at this”. The messages contain a note telling me to visit one of a few phishing sites, and the url has been obfuscated so that it’s not clickable in the Facebook message.

The domains I’ve seen so far:

• goldbase.be
• greenbuddy.be
• silvertag.be
• picoband.be
• nudz.ru
• simplemart.be

ALL of the above domains are phishing websites, and you should not under any circumstances click on them. It seems that Facebook has already deleted the harmful messages from my actual Facebook account inbox, but a copy was already sent to me via email notification, so be mindful of what you’re clicking on.

So far, Facebook has been very good about being proactive to protect users, by deleting these phishing scam messages from user accounts, and perhaps even more importantly, notifying Markmonitor. If you’re using FireFox, IE8 or other modern browser that tries to warn you against phishing sites, you should be presented with a big fat warning if you do accidentally click on the urls – however new domain names seem to keep popping up, so you should ALWAYS remember to check the actual url bar to make sure whatever site you’re logging into is the real thing.

Fbaction.Net

Another recent phishing attempt is one that sends messages from an infected account that asks that you click on a url that looks an awful lot like a real Facebook url, but really redirects back to a website called fbaction.net, which is a phishing site. A message would look something like this:

This url redirects to fbaction.net, and prompts the user to enter their Facebook credentials. The page looks exactly like a standard Facebook login, but the url is clearly not Facebook:

Screenshot by TechCrunch

According to an excellent TechCrunch article, Facebook has already taken steps to protect users from falling victim to this scam. Facebook told them:

We are aware of this phishing domain and have already begun to take action. Specifically, we have passed the domain on to Markmonitor who pushes the domain to the browsers for blacklisting. They will also actively try to disable the site at the server/domain level for people who don’t have updated browsers. Our user operations team has blocked the domain from being shared on Facebook and is removing the content retroactively from any messages. They will also be resetting passwords of senders to remove access from an attacker. We’re also reaching out to the ISPs to get information and will attempt to build a civil and/or criminal case against the owners.

This behavior is very similar to the recent attacks tricking users to go to domains like apreps.at (more at TechCrunch), and 151.im (more at TechCrunch).

Keeping yourself safe

One might wonder what the end goal is for collecting millions of Facebook user logins – however many people use the same login credentials for many of their online accounts – even email accounts – which means a malicious website that has obtained the login for a user’s Facebook account could theoretically obtain access to any online account the user has that uses a relatively standard “I forgot my password” emailed password reminder system.

At the risk of overstating the obvious, this means that if a user uses the same login credentials for a social network and for anything else, if they become a victim in one of these phishing attempts, their email, online financial accounts and banking accounts, and so on are vulnerable to being hacked. Plus, if you use Facebook Connect to access any websites, once your Facebook account has been compromised, the malicious sites will have access to those websites under your account as well.

• Always check the url of a site prompting you for a login. Always. Every time. No matter how legit it looks.
• Always use unique passwords for every single website you have an account with. Programs like 1Password for Mac make this very easy to do, generating unique passwords for every sign-up, and storing them in the Mac OSX keychain. If you’re on a PC, consider KeePass or Roboform.
• Switch over or upgrade to a browser (like Firefox, IE8, etc) that supports warning users when they are about to enter a site known for phishing activity.
• Don’t get cocky. The people I have seen fall prey to these phishing attempts are not noobs, and not the type who blindly click on anything. These are reasonably tech savvy people who have become less careful than they should be.

Possibly related posts:

1. Facebook and MySpace Users, Beware! I have received two virus emails from two unrelated friends,...
2. Use Your Own Domain for OpenID Logins I’m a big fan of OpenID, and the concept of...
3. Advertising on Facebook – Part Two In part one of this series, we talked about your...

Part three of this series will deal specifically with an important issue that had come up in part one: Some users, albeit a tiny percentage of overall users, were encountering a malware warning on pages where SocialCash ads are being served.

This is, of course, a BFD. As I mentioned in section one, while I was not going to assume that SocialCash was knowingly running any kind of malware, the mere appearance of impropriety can do irreparable damage to the reputation of both an application and the developers associated with it.

The back and forth on this is a little lengthy, but I thought it might be valuable for you to to see how this played out. The short version – after running some tests, they feel that the malware alerts are false alarms triggered by overly aggressive heuristic detection algorithms. They then went on to suggest that I might want to find a new ad network.

*blink*

So here’s the long version, starting from the very beginning…

Email from app user: Feb 1, 2009 11:05AM

I like the app or at least a lot of my friends do.

However, in the last two days my anti-virus has been flagging up a malicious link on your start page. It appears to be a script that, if allowed to run, will capture key strokes and other info. I re-checked using Norton anti-virus (I use Avira anti-virus normally) and it also flagged the same script.

Avira warns me that ” functionalities include – but are not limited to – downloading trojans, link to other infected pages, spy the user or spoof the content of a banking site. ”

Would you please check the page and remove this?

I immediately replied back to the user, asking if they could possibly provide any more information on what antivirus they’re running, whether it was the top ad or the bottom ad that triggered it (since I use SocialCash on top, SocialMedia on the bottom, and I needed to know whose ass to chew off), etc. They quickly replied:

Reply from app user: Feb 1, 2009 – 12:59PM

It happened in two different apps on FB who have the same ad server as you have at the top of your page – socialcash I think?

Okay, so it looked like SocialCash was potentially the issue. I sent an email to SocialCash at 2:03PM that same day, just moments after receiving the application user’s reply:

Email from me to SocialCash:  Feb 1, 2009 – 2:03PM

I received this notification from one of our users today. After discussing this with him further, he says it was happening on two other apps that were being served by SocialCash. When I removed the SocialCash ad code and stuck only with SocialMedia, the alert went away.

This is absolutely unacceptable. I don’t know whether this was a legitimate threat or not, but even if it was erroneously triggering this warning, this type of thing could do serious damage to the reputation of this application and any other applications associated with my name.

I would like an explanation of what happened here.

Maybe I came off a little too strong – I don’t think so. Malware alerts are, as I mentioned, a BFD, and to find out about this from a user sucks.

SocialCash replied, over 24 hours later – an admittedly longer response time than I would have hoped for in a situation where users think my application has a virus.

Email from SocialCash to me: Feb 2, 2009 – 4:53PM

We would never serve intentionally serve anything infectious or damaging, so this is definitely news to us.  What ad was it?  I see the users information below, so we will sync up with our tech side to see what we can find out.  I’m sorry that this has happened.  The more information you’re able to pass on, the quicker we can identify the issue.

I replied back that I was asking for more information from the users:

Email from me to SocialCash: Feb 2, 2009 – 4:57PM

I wish I knew which ad it was – I’d have sent a screenshot and explanation. Problem is, I naturally had to yank the SocialCash ads, lest my app get a reputation for distributing malware – so unless the reporting party happens to remember what the ads is, the only way for me to reproduce it is to turn those ads back on, which I don’t want to do until the situation is resolved.  I replied to him the day he emailed me [yesterday], asking if he could describe the ad, etc – but he hasn’t replied yet.

Days passed with no reply from SocialCash. I was hoping the issue was perhaps transient, so I decided to enable SocialCash ads again. Shortly afterwards, I received anotger malware complaint, this time from a totally different user. I sent another email to SocialCash, since I hadn’t heard from them.

Email from me to SocialCash: Feb 5, 2009 – 4:01PM

Any progress on this? I received another complaint today. We are going to lose users if this situation doesn’t get resolved quickly.

“everytime i click on to this add on my antivirus avira throws up a malware issue at least twice per page why is this are you infected???”

At this point, I reached out to some Windows users on Twitter. I created one page with only a SocialCash ad, and one page with only a SocialMedia ad, that way I could be 100% positive that SocialCash was the issue. I had 5 friends using Windows refresh each page upwards of 60 times, and their antivirus never triggered an alert. While I was relieved to know that most windows users were apparently not seeing this alert, it naturally made troubleshooting much harder.

Luckily, both of the reporting users had gotten back to me at this point, and both reported that the alert only popped up on the SocialCash page. SocialMedia was off the hook for sure. After doing a little more digging, I sent SocialCash an update with what I had found:

Email from me to SocialCash: Feb 5, 2009 – 5:33PM

It looks like both people who reported a problem were running Mozilla/5.0 (Windows; Windows NT 6.0;rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 – one with US-english as default language and one with en-GB as default language. Both reporting the problem with Avira, and one confirmed the same alert with Norton.

The next day, one of the Facebook application users was kind enough to email me back with more specifics and a screenshot of the alert they’re receiving. I forwarded this on to SocialCash:

Email from me to SocialCash: Feb 6, 2009 – 1:38PM

Here is more information – the best so far. Steven says its occurring on every page load of the SocialCash test page, and sometimes pops up several alerts on a single page load. See the attached screenshot of the virus alert.

Perhaps you should get in touch with Avira?

SocialCash replied later that day with their conclusion:

Email from SocialCash to me: Feb 6, 4:38PM

We’ve done some testing, and have confirmed that there is no malware inside of our advertisements.  Please know that no other users or publishers have reported positive hits with antivirus software.

The alert is caused by Javascript compression being flagged as potentially malicious by heuristic detection algorithms.  It’s a false positive that happens only when users enable heuristic detection in their anti-virus software.  There are many frequently used script libraries available on the web that cause a similar false alerts to be thrown.  We believe that the benefit of a much smaller download, and hence faster ad rendering and better performance, outweighs the smaller number of tech-savvy users who will surf the web with these controls enabled.  Since we’ve confirmed that our advertisements do not contain malware, and because that this is the first report we’ve received (amongst billions of impressions), we feel that this is the right approach to take to provide maximum value to the largest population of our users.

Given that you have sophisticated users who are raising these concerns to you, the last thing we want is for your use of SocialCash to impact your user base.  We don’t think there is a way to remove this behaviour from the subset of your users who see these errors.  This all being said, it may make sense for you to discontinue the use of our advertisements if you think this will have a negative impact on your overall user population.  We obviously take this type of feedback very seriously, and wanted to thank you for bringing this issue to our attention.

Please let us know if you would like any further information, and let us know your if you intend to continue to use our product.

This is the first report they have received, among billions of impressions? It seems statistically impossible that my application has received two reports of this problem, with only 100k monthly active users. Out of their billions of impresions, my puny 100k monthly active users make up only a tiny fraction of those impressions, so what are the the odds that not one but two of my users brought up a problem that no one else brought up.

The application is not one that appeals to particularly sophisticated people. It’s an absurdly simple application that lets people blow kises to each other – not exactly rocket surgery. The two users who reported it were clearly more savvy than an average user, which is probably why they actually contacted me about it, rather than freaking out and closing their browser window, convinced my application would steal their identity, email their grandmother all of their porn, make their ipod play only Jethro Tull and make their TV record “Gigli”. (Thanks, Weird Al!)

Conclusion

I’m glad SocialCash claims to take these reports very seriously, but deciding their advertisment loading time is more important than the reputation of my application is not acceptable to me. “We take this sort of thing very seriously, and we appreciate you reporting it to us so we could completely ignore it and keep doing what we’re doing.”

It would be different if something in their ad code was causing a weird display issue for users of certain browsers and operating systems. But this isn’t some flaky display quirk. This isn’t something harmless that no one will notice. People visiting my application think I am trying to do them harm. Even if the percentage of people experiencing this issue is very small, that message is not one I am willing to live with.

Maybe I’m being too hard on SocialCash – but I take my reputation seriously. It’s a shame they don’t. The impression I get from my email exchange is that I am a pain in the ass client to them, and not worth the hassle to them for the paltry 100k mau I bring to the table. At this point, they don’t seem to want my business, and I care more about my reputation than the $15 a day I make them from. So I’ll be exploring one of the alternate ad networks, replacing SocialCash with whichever seems to be the best. Stay tuned!

Possibly related posts:

1. Advertising on Facebook – Part One I have a Facebook application that seems to be doing...
2. Advertising on Facebook – Part Two In part one of this series, we talked about your...
3. New Facebook Phishing Attempts Looks like a new round of phishing attacks are well...

In part one of this series, we talked about your options – and possible concessions you may have to make if you opt to advertise on Facebook applications. Part two will discuss the returns I have seen so far based on my own applications, and the ad network’s payout schedule.

If you wandered in from Google and haven’t yet read the first article in the series, I strongly recommend it. There are some significant concerns discussed there that you may want to be aware of before implementing ads on your Facebook application.

A note on ad-blockers

For some reason, perhaps the url of the ad network sites themselves, the admin/reporting areas of SocialMedia (and Cubics, although I didn’t implement their ads) appear broken if you’re using AdBlock Pro for Firefox. The header images, and even some of your reporting tools, are being interpreted as advertisements, so they won’t display properly. The easiest way to deal with this is just to disable AdBlock Pro for the network domains giving you trouble.

Disable AdBlock Pro per site

A Note on AdBlockers & Your Reporting Console

Of SocialCash and SocialMedia, SocialCash definitely has a better reporting console – at least for my purposes here, since they let you see a daily performance breakdown  at a glance, where SocialMedia only gives you a graph view overview, and you have to select specific dates from a single dropdown menu.

Again, if you’re using AdBlock Pro, the flash performance graph may not appear for you until you allow ads on the SocialMedia domain.

Day-by-day reporting may not be important to you, and I suspect it will be less important to me as time goes on and I have more overall data.

The Revenue Model

Neither SocialCash nor SocialMedia do a stellar job of explaining exactly what your ad revenue is based (per impressions, per click, etc.), however I sent an email to SocialCash, asking about the rather dramatic fluctuation in revenue from day to say. They replied back:

Many of our advertisers take several days to report sales. This means that for the first few we days, we don’t know how much your app is earning. The flip side to this lag is that if you stop running ads with us, you will continue to earn money as sales are reported to us.

Reliable data is only reached looking across a minimum number of impressions rather than days. This is typically over 150,000 impressions, but also depends largely on the placement of the ad, how the ads fit in the flow of your application, and your audience’s general engagement patterns. The same ad can yield widely varying click through rates and conversions based on these factors. We’re currently putting together some knowledge documents for developers on this front, so let us know if you’d like any guidance on these areas.

This simply means that it will take a couple of days to see a reliable eCPM reading. You’ll find this to be the case with all other performance networks as well. (This is not true with “brand” networks that pay a fixed amount for every impression.)

This leads me to believe that the revenue model is not based on impressions or even click-throughs, but instead based on user buy-in. The user adds the advertised application, subscribes to the advertiser’s service, etc – and you earn money. It’s been my experience that although you end up with fewer revenue points (since you’re requiring the user to buy-in, not just click), however the payoff is higher than a simple click-through based model.

Basically, since they’ve actually made a sale, they’ll pay higher per buy-in than they would for a simple click-through, which gives them no guarantee of actual revenue for their money spent.

I cannot find the model on the SocialMedia website, however I will confirm how their ad revenue is determined over the next few days and update this section. I suspect it is a similar model to SocialCash, based on the fluctuations in earnings.

Payouts

Both SocialCash and SocialMedia offer PayPal and a mailed check as a way to pay you your earnings.

According to an email reply from SocialCash, payouts happen mid-month and end-of-month, give or take a day or two. Payments are allegedly made automatically, once you have earned over $50. I say allegedly only because I haven’t been with them long enough to say for sure – guess I’ll find out this week.)

For SocialMedia, developers have the option of being paid on a weekly basis though PayPal or by check. This process can be automated. All payment requests must be made by 10pm Wednesday night to be paid out that coming Friday. All requests made after Weds 10pm will be paid out Friday of the next week. The minimum PayPal payout amount is $25.

My Results So Far

I set up ads on my Facebook application on January 5, and as of end of day February 1 – just over three weeks – I have made $404.97 – 206.26 from SocialCash, and $198.71 from SocialMedia. While these numbers seem close, there are two details that should be noted: I started with SocialMedia a few days after I started with SocialCash – and the SocialCash ad has the top banner position, while the SocialMedia ad is a footer banner.

Three weeks isn’t long enough to make any decisions written in stone, however the fact that SocialMedia is basically keeping pace with SocialCash, given the fact it had a later start and has an arguably much less prominent position on the page. Given the fact that their ads seem (slightly) less deceptive – and I haven’t had anyone reporting them for virus alerts on the application as I have with SocialCash (see previous article), I am strongly favoring SocialMedia over SocialCash at the moment.

At the beginning of January, when I first added advertisements, I had approximately 54k monthly active users. As of February 1, I have 103k monthly active users. I was expecting a sharp drop in engagement once advertisements were implemented, figuring a lot of people would opt to use a similar application that didn’t have advertisements – however that is clearly not the case.

Here are my Facebook Insights report for the application from the beginning of the application launch:

Monthly Stats Graph for Facebook Application from Dec

Notice there is no significant drop in user engagement during the week of January 6, just after advertisements were added.

And here are the stats starting when the advertisements were added:

Facebook Stats starting from January 7

One would think that the ad revenue graphs would be at least somewhat similar to the engagement graph, however I have found that this isn’t the case at all.

Here are my stats from SocialCash, by week:

SocialCash stats by week

At the week level, you can’t see exactly how volatile the ups and downs are, so here are the past two weeks:

SocialCash by week

SocialCash by week

Because the reporting options for SocialMedia are not as robust, I can’t provide the same overviews as easily, but this is my performance over time for SocialMedia.

SocialMedia stats since inception

Conclusion

This experiment continues – three weeks is definitely not long enough to speak definitively about advertisements on Facebook, which ad network is the right fit, and which one will give you the most bang for your application buck. So far, I’m leaning towards SocialMedia, for the reasons detailed in the first article and this one – and the fact that they seem to be able to hold their own with regard to revenue is a big plus.

I’ll keep you posted on future progress and statistics – and SocialCash got back to me regarding the virus alert some users were reporting – check out part three in the series to learn more about it, and why I won’t be using SocialCash anymore.

Possibly related posts:

1. Advertising on Facebook – Part One I have a Facebook application that seems to be doing...
2. Advertising on Facebook – Part Three Part three of this series will deal specifically with an...
3. Advertising on Facebook Applications – An Experiment This article has been deprecated, and has been replaced by...

I have a Facebook application that seems to be doing rather well – over 100k monthly active users after just two months, and gaining by about 1.5k every day. I’ve been toying with trying to monetize that in some way, and the most obvious way (that requires the least amount of effort) is to add banner advertisements.

This article series replaces my previous article, Advertising on Facebook – An Experiment, published in January. The information provided in the previous article will be provided in this series, but in a more organized, informative manner. That article is deprecated.

Social Media Advertising Networks

There are a handful of advertising networks that seem to be the top options available:

• SocialCash
• SocialMedia
• RockYou
• Cubics
• Offerpal (points-based offers)
• AdParlor

As of now, I have only experimented with SocialCash and SocialMedia, although I may expand the experiment to include others soon. SocialCash and SocialMedia seem to be the most popular choices of the above four, and SocialMedia has just raised an additional $6million in venture capital after coming out strong in 2008.

According to an article in Venture Beat, Social Media says it brought in between $15 and $20 million in revenue last year, mainly due to successful sales in the last six months.

A note about the ads

The types of ads offered by both SocialCash and SocialMedia tend to be what I consider a little deceptive. By that I mean many of them are engineered specifically to look like part of the application, and often use the application user’s name, photo and friend’s photos in the ad itself. SocialCash seems to be more guilty of this than SocialMedia, but both rely on similar tactics.

Ad by SocialCash

Some of the images in the above ad are profile photos from my friends Facebook profiles. This ad links to a mysterious Facebook app called Jamster Mobile Screensaver. I have no idea if this application is legit, and am not willing to sign-up and give it my mobile number to find out, but it feels fishy to me. Sort of reminds me of those “text L-O-S-E-R to shortcode 666666 for texts from hot girls” type of thing you see on TV at oh-my-god-o’clock in the morning.

Another sample ad by SocialCash

And in this ad, also by SocialCash, the ad pulls in my profile photo and my name. The advertiser site you get to when you click on seems to be some sort of Scrabble-type game, which requires the user to download an Active-X component to play. While I have no justified reason to believe this is suspect, an ad linking to a site that requires a download rubs me the wrong way, big time.

Another ad-type I have seen from SocialCash is a similar-style ad that leads you to a “quiz” website. At the end of the “quiz”, the website asks for your mobile phone number (without really explaining why), and in small text at the bottom, informs the user that they will be billed $19.95 per month for this service – when they are not even particularly clear on what the service actually is.

Still another ad style I have seen from them is one that leads you to a website that when you try to leave, a javascript alertbox pops up informing the user that they are going to miss out if they close the window, and sometimes even spawns a new popup window after the user has confirmed they want the window to close. I have a real problem with these kinds of ads. They feel a lot like the malware sites that try to convince (windows) users that their computer is infected, and they have to download this software to clean it. The software is, of course, malware and will subject the installer to a variety of ills from keylogging to unpromoted ads.

I am absolutely not implying that the advertisers with SocialCash are promoting malware - just making the comparison in how that type of ad feels to me, someone who’s been around the Internet block for 15 years. That said, I received a troubling message from one of my application users today, which I will address later in this article.

In the SocialMedia ad below, you can see they’re not pulling in as many user details, but a less savvy application user might not recognize this as an ad, and may actually think that this “Valentines Cards” thing is somehow related to the application itself. On the possible upside, the destination website, MyFunCards.Com, does not seem to be a paid service and seems harmless enough, although I certainly cannot speak to their SPAM policies or what they do with people’s email addresses when you send or receive a card from them.

Ad by SocialMedia

The Conundrum

My own personal feelings are that these types of ads are not entirely ethical. The problem is, they work – and their somewhat sneaky tactics are exactly why they work. Facebook users suffer from banner-blindness as much as any other web user, so your standard, run-of-the-mill banner ads just won’t get as high of a click-through rate. So before you begin, you need to ask yourself whether or not you can deal with your name being associated with advertisements that may not reflect your own ethics.

Ads that trick a user into clicking on them by making it seem like its part of the application functionality (“you have 1 new message!”) are deceptive. Offers that throw a javascript window alertbox when a user tries to close the advertisement page, asking if they are really sure they want to leave and miss out on xyz implements the same tactics that malware sites use. It just doesn’t feel right to me.

What SocialCash Had to Say

When I first signed up in January, I emailed SocialCash, expressing some concern over the types of ads being run. They replied with the following via email (in two separate emails, condensed for clarity):

Types of ads/offers.  One quick point on terminology:  “Ads” are the banners themselves; “offers” are what the user sees after clicking on an ad.  Your question seems to be on the offers.  We’ve been in the online marketing business since 2000 (on Facebook since early 2007) and advertisers range from large brands vying for app installs to tourism companies advertising discounted trips to Paris.   We display ads over 100+ countries.  In this range of advertisers is also mobile content, which provides users scheduled content on their mobile phone for a monthly fee.   This is a service many users enjoy worldwide[...]

[...]We’re in the process of upgrading our ads and you’ll see a change-over in the near term.  And like we said before, we have a wide mix of both ads and offers.  To fully understand the available options with advertising, we’d encourage you to do what most developers do and try multiple ad networks at once.  This is really the best way to learn the ins and outs of optimizing and monetization.  That experience also enables a great deal of choice for you on the whos, whats, wheres, etc. of advertisements within your applications.   There are tons of great resources out there!

An Additional Concern

As I mentioned earlier in the article, I received a troubling message from one of my application users today. I have emailed SocialCash about this, and expect to hear back from them tomorrow, but this situation was drastic enough for me to pull their ads from my application today. This is the message I received:

I like the app or at least a lot of my friends do.

However, in the last two days my anti-virus has been flagging up a malicious link on your start page. It appears to be a script that, if allowed to run, will capture key strokes and other info. I re-checked using Norton anti-virus (I use Avira anti-virus normally) and it also flagged the same script.

Avira warns me that ” functionalities include – but are not limited to – downloading trojans, link to other infected pages, spy the user or spoof the content of a banking site.

I replied back to this user immediately (for obvious reasons), and they replied again:

It happened in two different apps on FB who have the same ad server as you have at the top of your page – socialcash I think?

This, my friends, is a deal-breaker. If they do not have an adequate explanation for what happened, I will no longer be using SocialCash. Even if the advertiser/advertisement is not actually malware and was erroneously labeled as such, it is their responsibility to make sure something like this NEVER happens. With all the actual virus activity on Facebook, sometimes like this can ruin the reputation of an application – and once you lose the user’s trust, you WILL NOT GET IT BACK.

UPDATE: For more information on this issue, click here to read Part Three.

In the next article in the series, I show you my performance stats. Click here to go to Part Two!

Possibly related posts:

1. Advertising on Facebook – Part Three Part three of this series will deal specifically with an...
2. Advertising on Facebook – Part Two In part one of this series, we talked about your...
3. Advertising on Facebook Applications – An Experiment This article has been deprecated, and has been replaced by...