All Clouds are Not Created Equal

After I read about another Google customer losing all of his Google data when Google decided to delete (or at least suspend) his account, I got to thinking about all of the times that Google has made a mistake and deleted user accounts or deleted email for Gmail users, I thought about how the different approaches of the key players in the emerging world require you to make some choices, some of which may be untenable. So, I thought I'd lay them out in clearer form than you will get from the hard-core technical blogs or the companies themselves. At the Apple Worldwide Developers Conference this year (WWDC 2011), Steve Jobs and the Apple executive team introduced iOS 5 and iCloud. During his iCloud introduction, Jobs said this: "We are going to demote the PC to just be a device. We are going to move the digital hub, the center of your digital life, into the cloud." This is Apple's philosophy: the iCloud is the sync-master for  your digital life. It provides the axle to your devices that are the spokes. However (and this is a vital distinction!), your digital content lives on your devices when you are using it. The iCloud, then, is the master copy, but Apple expects you to have copies on one or more of your devices.

This is in sharp contrast to Google. In Google's world, the cloud is the only place where your data resides. You'll use your browsers (on your PC, your tablet, or your phone) to access, manipulate, create, and use your content. You may even cache some of it locally for performance reasons (for example, caching the first part of a video so you can watch it without "stutters"). However, the content is in the cloud and your devices are simply windows into it from Google's perspective.

...and then there's Microsoft. They want to get in on "this cloud thing," too, but they really aren't sure how to do it. Their business is Windows and Office, so how can they use the cloud and keep those lines humming? What they are doing now is having the cloud be a glorified backup service with some of the capabilities of their apps. The best experience, however, is to use their native apps on a PC and hook them into the cloud for backup and collaboration. This means that Microsoft Office 365 is a different perspective than iCloud (which is personal) and Google (which is all about the data being in the cloud only). It's effectively a hybrid of the two.

Regardless, you will want to make a choice based on these distinctions, because to the cloud you will go, one way or the other.

Facebook's Security Mess

Last week I was sitting in my office working away on a client's iPhone app when my iPhone's text message bell alert rang. I picked up my phone to see my daughter's text message: "Free iPad event?" After an exchange, I learned that my Facebook account had sent her an event request with a link to a rogue quiz site that was offering quizzes for the amazingly low price of $19.99 a month. I also started getting emails from other friends who were getting the invitation from me. So, I got mad.

First, I deleted the event. Then, I posted to my wall about it. And then, I went on the warpath.

You see, I am very careful about my Facebook account. While I explore aspects of Facebook as part of my research for clients, I am aware of the dangers and am diligent in working through the possible issues. But, I got caught. So, I went looking for the source of the issue.

The first thing I learned is that I am not alone. There is even a Facebook group that has grown up to oppose it. But, no one seemed to know how it was done, so I began to investigate.

Given the invitation text and the targets, I figured out that it had to have come from an application with access to my account. I dug through my entire list of applications, eliminating many that were either old or that I don't use. But, it's important to understand that Facebook makes this process far more painful than it needs to be. If only Facebook would make a note on the wall posts, event invites, and other items noting what application was used to create it, we could track down the reprobates who build these cheap cheats. Twitter even does it:

So Twitter, with its informal nature, trumps Facebook in one of the most important aspects of security: transparency.

In my next few posts, I'll outline what you can do to scrub your Facebook account in a way that will make it much more hardened against this kind of attack. However, with the limited transparency of Facebook's system right now, there is only so much you can do.

Being Careful Isn't Enough

"Want a free iPad?" That's an email that my Facebook friends received from me this morning. The problem is, I never sent it. In fact, I never saw it until it had been sent on my behalf. Being careful isn't enough. I wrote here on this very blog last year about the various trojans and other attacks made on and through Facebook.

Today, I was used.

This morning as I was starting work, my daughter sent a text message asking me about a free iPad. I didn't know what she was talking about. Then, after a bit of investigation, I learned that some rogue application that I had approved for access to my Facebook account, had sent an event invitation to everyone on my Friends list.

This is a big deal.

It's a big deal because I cannot even easily send a message to everyone on my friends list. Therefore, my apology email took a while to create, since I had to manually create a list with all of my friends on it.

It's also a big deal because there was no way for me to find out from the invitations which application sent it. Was one of the seemly appropriate applications like Twitter or Foursquare the issue? Or how about that Fast Company Influence Project app that I set up yesterday? I can't tell. The invitation does tell anyone how it was created, and I have no way of working backwards from the invitation to the app and removing its permissions.

This is a Facebook security problem, and Facebook needs to address it. As a result of this issue, I have removed a number of apps from my Facebook page and will remove all of them if it happens again.

In the meantime, I'm committed to doing what I can to track down this rogue app. If you have any insight into how this was done or what app might have done it, I'd love to get your insights. I'll update this post as I discover more.

Kill Flash, Fix Your System

A Facebook conversation this week reminded me that many people do not know how damaging Adobe Flash can be on many systems, especially, it seems, those running Apple's OS X. For many years, I have found Flash more annoying than anything, and so have run various plug-ins to keep Flash from loading in my browsers. There are also an additional mini-application that you may find useful. First, there are a number of Flash blocking plug-ins for the various browsers available. For Firefox, there's FlashBlock. Ffor Safari there's ClickToFlash. For Google Chrome, there's Kill-Flash. All of these plugins do the same thing: they replace the Flash elements on a page with a clickable image. If you don't click, no Flash ever loads. If you do, Flash loads and plays.

One think I especially like about ClickToFlash is that you can adjust the settings to load H.264 videos on YouTube instead of Flash when it is available. Very nice.

In addition to these plug-ins, I also use BashFlash on my Macs. This little application sits quietly in the menubar until one of the Flash processes starts going crazy. Sometimes, a Flash process can cycle up and take over a computer. When one does this, BashFlash wakes up, turns red, and lets you kill the runaway Flash process.

Together, these plugins and app will make your browsing experience much more pleasant. I run ClickToFlash and Kill-Flash on my two most-used browsers, and keep BashFlash on hand, too. Let me know how it goes for you.

More Facebook Phishing

The word "Phishing" is used for sites that steal your identity, and there are more Phishing sites stealing Facebook login information today. First thing this morning, I received a Facebook message with the subject "Hi" and the content "Look at redbuddy dot be". Going to that site gets you the same kind of site as I reported in Facebook Trojan Attack earlier this week. Once again it's obviously a phishing site, with language like, "We helps you connect and share with the people in your life." and yet people are still being sucked in!

Beware! Do not log in to any site that you don't absolutely know is the site you want. Realize that any time you use your login, it can be compromised. I'm putting together a brief video on this that I plan to have ready this weekend.

For more insights on social media, check out my social media programs.