Friendster XSS spam

Over the past couple of weeks, I have been getting some random messages from friends on Friendster (this is probably the first time in over a year). The first three or four, I didn’t think anything of it, but finally a good friend sent me a message, so I logged on and found this:

Friendster XSS hack message

Which is obviously some sort of spam, possibly from a XSS hack. This reminds me of the first effective email worm I ever experienced, where someone I thought highly of (a professor at MIT) sent me a link about photos of Anna Kournikova, and of course I clicked… never again.

Until now. It goes to show how important the sender is in propagating a worm; a really intelligent spammer would take this into account, use the email/social network address book to determine who the likely influenced people are, and message these people first.

Facebook opens registration

facebook logoFacebook has recently been making big changes, such as offering APIs and experimenting with privacy. Some of these changes have been met with positive feedback, and others with hostility, but it is obvious from these recent experiments that they are testing new waters. Probably the biggest change they have proposed though is opening registration to anyone interested in joining (Techcrunch coverage here). Facebook’s message to users makes is sound as though they providing a needed service, but I think their intentions are clear: they want to beat MySpace, and they aren’t going to wait for long.

As with any massively engaged social system it’s extremely hard to predict how the entire community will collectively react to a decision like open registration. In order to think about how this change might affect adoption and usage, let me first introduce a two unique qualities of their current system.

Fresh networks: College students have a unique need for networking software. When a freshman arrives at school, they have few friends, and an overwhelming number of people to interact with. Somehow every year, hundreds of thousands of freshmen figure things out and new networks arise. Facebook provides a service to these newcomers, allowing them to search and locate people with similar tastes in a much more efficient manner.

Natural privacy: The first security model employed by Facebook was extremely restrictive, allowing only those individuals at a given school to see others within the same domain. However, this boundry sits at a natural location: schools are communities with extremely strong ingroup affiliation, and growing or shrinking this boundary does not make the group any more cohesive. Schools have formal systems for dealing with problems that might arise from students, taking the load off of Facebook.

Both of these properties are changing with open registration. First, people signing up from outside a college will not be in the position of looking for an entirely new network of friends. This means growth will be much slower, and will not reach the saturation rates that Facebook sees among college users. Instead of having nearly 100% of college students, they will be selecting for users who have certain demographic profiles.

Second, privacy will no longer be as simple as being in the same email domain as your friends. The site has a host of new privacy features, such as specifying the level of visibility of your profile to each friend. The complexity introduced by this lack of natural boundaries will make it harder for the system to match users’ real lives. Those students that used the system because it was easy might rethink their decision.

Third, the boundaries that created strong ingroup affiliation will no longer be relevant. Even though privacy boundaries will still exist, because users will have more friends from the outside, the distinction between “my college” and the outside world will not be as relevant. Not considered a college tool by users, it might very well stop being used as such.

To restate, it’s hard to predict how massive social systems will change with the introduction of new members, but opening registration to the masses will certainly introduce some sort of catalyst into the system. They were smart to wait until this year’s incoming class had adopted the tool, but we may very well see a different reaction from new students next year.