Social Networking

Over my project in the last semester, I have learned a good bit about social networking security. I did a project on Facebook exploring various ways that someone can infer data about another user even if they are not able to see that user’s profile. If you are interested you can read it here.

I’m actually going to be learning a lot more about them in the future though as it seems that I am doing my thesis on secure social networking. The idea behind secure social networking is to fullfill two conflicting goals. Others need to be able to find users to make initial connections while at the same time, all private information about the user needs to not be discoverable through any method. Beyond the technical aspects, there needs to be user education to help users understand what types of people may be able to see his or her data. Hopefully this can be acheived by modelling the actions on a social network and building every function based upon these models.

I’m pretty excited to be working on this stuff since it is a pretty hot and definitely relevant topic with lots of practical application. Facebook is also a good network to study when doing these sorts of models because they actually have some decent privacy settings unlike Myspace. Jeez, the security on MySpace is so primative since there are exactly two choices: 1. Everyone in the world can see me. 2. Only my “friends” can see me.

I really have a lot of problems with MySpace the more I have looked in depth about it. I am sure that most of these have been enumerated on greatly, but hey… I’m going to go there.

1. It’s slow.
Seriously, MySpace is always slow, pages always fail to load, and random “Unexpected Errors” happen way too often.

2. The layouts.
Ok, I think it is kind of cool they really let you make it “your” space by allowing user created layouts. Obviously, most of these suck complete ass from a design perspective, but it is cool they at least give you a sandbox to suck in, and it really isn’t much worse than Geocities pages in the late 90s. The problem I have with their layouts are that the page code is *so* bad that you have to write some of the most hackney CSS to get anything done. See, the page is laid out with tables in tables in tables instead of something intelligent as styled divs or something like that. Oh yeah, also, nearly all of the tags do not have classes and you can’t reference ids because MySpace parses off the necessary CSS (one website says this is to help protect the ad from removal, though there are other ways to remove the ad). Also, it doesn’t matter because most of the things do not have ids even. Anyway, as a result of all this crap, you have to write some weird hackney CSS to get things working right and you cannot freely move modules around. For example, I wanted to seperate my top 8 friends from my comment board. To do this, I would have to manually code my top 8 friends and then hide the ‘real’ ones. Obviously, that wouldn’t update dynamically either. I probably could have wrote some Flash that called some PHP backend on my server that loaded my profile, analyzed the hidden HTML and then displayed my friends in the flash window in some cool way, but man that would be a lot of work! I have a theory though. I think that the people who code for MySpace probably recognize that this way sucks a lot, but they *cannot* change it. The reason is because all the crappy layouts that people use *depend* on this horrible HTML code. By fixing the HTML code, every layout on the site would break. One possibility for fixing this would be to transition to a Profile 2.0 and make the upgrade optional with a warning that it would break existing styles.

3. Spam
Man, MySpace spam is rough. I sometimes get hit with 8 spam friend requests in one day advertising a variety of web sites. The funny part is that there are sometimes a lot of comments on these spam pages saying “Thanks for the add” or otherwise commenting on the pages. I have been unable to figure out if these are people who are dumb enough to not realize the user is a bot or maybe they have bot “rings” which talk to each other to try to make them look more legitimate.

4. Profile Hijacking
The same thing as spam but even worse because it makes your friends start sending you spam comments and spam messages as well as redoing their profile with tons of spam. Thankfully, MySpace now requires human interaction if there is a lot of CSS/HTML changes on a profile. The downside is that this is annoying when trying to write a good layout 🙂

I think that is all of my complaining for now. I am going to do some other stuff, but expect more articles about social networking theory, guaranteed to put you to sleep! 😉