studionashvegas | design and social media

Note:
I’m not agreeing or disagreeing with any of the things I talk about –
this is just me putting information out there to think about, and you
can make your own decisions about it.  You’re not sheep – I won’t treat
you as such.

Isn’t it ironic that we have a bit of a double-sided coin going on the Internet at the moment.  There’s a huge debate going on between Apple and Google, Flash and HTML5, over proprietary software.  People are clamoring for Apple to open up their platforms to allow all types of programming (Flash, specifically) instead of closing their boxes.  So, what do people do?  They tweet about it.

On the flip side, those tweets you’re sending out can now be used (and monetized) by twitter for any purpose whatsoever.  What’s more, is that if you post a tweet on your site, and it causes you to get ad revenue, Twitter is legally entitled to a share of that, because you are re-purposing their content:

In cases where Twitter content is the basis (in whole or in part) of the
advertising sale, we require you to compensate us (recoupable against
any fees payable to Twitter for data licensing).

Scary stuff, eh? Your tweets, open to the free world, can now be used by Twitter for anything, including making money.  Makes you want to read those TOS clauses more closely.

So, I want to know what you think.  Where do you stand on either front?  Sure, Apple makes more money locking it’s hardware down… or does it?  Or, should Twitter really have as much power as it seems to with it’s latest Terms of Use update?

So I had the privilege of testing out the TwitCam service today, and (since I had nothing better to talk about), I decided to do one of my favorite summertime activities: Grill Hamburgers!

Sure, it was a little awkward at first, especially because I’m more accustomed to being behind the camera instead of in front of it.  But I’ve been looking for a great excuse to start recording events, random musings, my speaking, etc.

But, I think it was a huge success.  Can’t wait to keep using it.  Now, I need a widget to show my latest video on my WordPress page (hint, hint!)

If you look to the top right of this post, you’ll see a really cool button.  The service I’m using is called “Tweetmeme”, and you can use it to retweet post titles that sound worth sharing to your friends. 

There was a point when I actually cared enough about Digg to say that digging posts was worthwhile.  But, since gaming Digg is a sport for the high posters, trolls run rampant, and I rarely get enough traffic from Digg to even bother with it, this is a great alternative to be able to get my posts out to other people.  In one day, I’ve seen my twitter traffic go up, and I’m sure that as it continues to gain popularity more and more people will see the potential.

And if you use WordPress, you’re in luck!  Tweetmeme has a nifty plugin that does all of the work for you!

So, if you haven’t been closely following the incident involving TechCrunch, Twitter, and a very astute hacker called Croll, then you’re missing out on a turning point for internet security as we know it.

In case you’re new to the story, here’s what happened in a nutshell, via TechCrunch:

1. HC (Hacker Croll) accessed Gmail for a Twitter employee by using the password recovery feature that sends a reset link to a secondary email. In this case the secondary email was an expired Hotmail account, he simply registered it, clicked the link and reset the password. Gmail was then owned.
2. HC then read emails to guess what the original Gmail password was successfully and reset the password so the Twitter employee would not notice the account had changed.
3. HC then used the same password to access the employee’s Twitter email on Google Apps for your domain, getting access to a gold mine of sensitive company information from emails and, particularly, email attachments.
4. HC then used this information along with additional password guesses and resets to take control of other Twitter employee personal and work emails.
5. HC then used the same username/password combinations and password reset features to access AT&T, MobileMe, Amazon and iTunes, among other services. A security hole in iTunes gave HC access to full credit card information in clear text. HC now also had control of Twitter’s domain names at GoDaddy.
6. Even at this point, Twitter had absolutely no idea they had been compromised.

Whoa.

So, in retrospect, and even while the rest of the story is sorted out, what surface lessons can we learn?  And, maybe a more fitting question, how many of them should we know already?

(Most of these lessons assume people are only working online.  If someone wants your information bad enough, they might be able to use other, offline means to get it.  Make sure to take similar precautions offline as well as online to keep your information safe!)

Lesson 1: Don’t Use the Same Password on Every Site

Most of us are guilty of it, but it goes without saying that you should have different passwords for different sites.  Hacker Croll took advantage of the “human habit” of using the same password to access multiple services from one user (Gmail, Google Apps, iTunes, etc.)  What’s more, is that the victim had no clue that he was hacked because the hacker changed his password back to normal after accessing the account.  The result?  Hacker Croll was in the account, and the victim went about his daily business.

Lesson Learned: use different passwords for different accounts.

Lesson 2: Security Questions are Anything but Secure

Let’s hypothetically say you have signed up for a new social network. You create your password and set your security question is “What is my pet’s name?”  Your answer: “Spot”.  Three days later, you mention Spot’s no-good couch chewing accident on that social network.  Someone has just filled in a piece of the puzzle needed to access that account.

Combined with a password, a security question isn’t necessarily a bad thing.  But an either/or scenario for them is dangerous.  Basically, it boils down to “Either you tell me your randomly generated password, or your pet’s name” – scary to think about in those terms, but it happens everyday.

Lesson Learned: the best way is to falsify or randomize the answers, and keep them in a safe or secure locked location.

If it asks you for “favorite food”, “favorite color”, and “favorite book”, then your answers could be:

• Favorite Food: Red
• Favorite Book: Jackknife
• Favorite Color: Treehouse

Of course they don’t make sense, but that’s why writing them down and securing them is (or not writing them down and just remembering them) will outwit any online hacker.

Lesson 3: Emails from Web Services = Keys to the Kingdom

You sign up for service x, you get an email thanking you for signing up… it’s pretty standard practice.  Some services even send you your password (isn’t that thoughtful of them).  Delete those emails as soon as you can.  Any email that gets archived for later, stored in a folder, or (even worse) kept in your inbox is a prime threat for hackers to access your sensitive information.

Of course, combine that with lesson one, and any email from a service could spell a hack.  If you use the same password for Gmail and Twitter, then finding one password opens you up for attack in every service.

Lesson Learned: Delete emails that have account information, or print them out and keep them in a secure place.

Bonus Lesson: Don’t Use a Hotmail Account as Your Secondary Email

Hacker Croll is a wily one.  When he found out that the Gmail account of “victim zero” was a hotmail account, he quickly hopped over to hotmail to try and access that account.  What he found was nothing short of a gold mine:  after a certain amount of inactivity, a hotmail account deactivates itself.  Hacker Croll simply recreated the account, requested a new password, and gained access to the account.  Shame on Hotmail for trying to cut their bottom line so much they take security into question.  <opinion> Then again, shame on Hotmail for not being more like Gmail.  </opinion>

Basically, they sound like common-sense items, but when it comes to online security, most of us fall into the “human habit”.  Online information is supposed to be quickly accessed, and passwords (honestly) get in the way of that access.  So we take shortcuts, simple solutions, and forgo security for simplicity.  I hope that what happened to Twitter, a big company, can encourage someone smaller (aka, the user) to be a little more careful in their security.

I’ve been following the story out of Chicago about the Bonnen v. Horizon Realty Group (latest post on Mashable is that Horizon is backpedaling) with some keen interest.  Here’s a tenant who says something bad about her (former?) landlord, to 20 people (the number of followers she has) and it ends up leading to a huge social-network-fronted outcry from the company.  It’s the first time that a company has sued someone over a tweet (to my knowledge).

The question is, does this really have any ground?  I can only hope not.  If Horizon wins this one it’ll mean that any company can sue you for anything they deem wrong that you say on Twitter.  It’ll mean that the free speech atmosphere of Twitter will be jeopardized and that we’ll have to constantly be looking over our shoulders to see if what we say will get us in legal trouble.

It’s a bad precedent.  Horizon Realty, I hope you really know what you are doing.  You’re on the verge of opening a very bad can of worms.

Anyone else care to weigh in?

Normally I’m not one to recycle information on the net (I think that we’ve already become a big enough echo chamber without one other voice being added) but I do like this PDF put out by 14 of the best minds in Social Media.  It’s a great read!

Social Media 2009

So, I was looking through a design gallery when I came across “Magpie” – which claims to be able to make you so much money by overtaking your twitter account at random intervals and posting an advertising tweet.  I signed up, but quickly quit after seeing some of the tweets coming out of it:

Hm… three tags right after each other with the same web advertising on it, with seemingly no contextual significance linking the account holders.  Is that a fluke?

Hm again – two magpie sites in the same order one right after another.  This is seeming less and less contextual/random and more and more just random tweeting.

OK, now that’s just getting annoying and frustrating (especially because those people have the option to post that link manually) – but they also can let Magpie do it for them.  Did they? or did they not? I’m not sure.

It’s just so random.  Maybe that’s because there’s only so much contextual advertising they’ve gotten (not sure how new this site is) but until they can better attempt to randomize (or at least fake randomize) their tweets, then I’ve gotta veto it.  And, if anyone starts Magpie tweeting me, I won’t immediately unfollow them – just point them in the right direction.

Your thoughts?

EDIT: GeekMommy is having this same debate as we speak.

I’ve gotten a LOT… a BOATLOAD… a RIDONKULOUS amount of new users from the Nash Mash list (and still getting them).  Don’t worry if you get one of those autogenerated messages from me – I really do want to connect and meet any new people in the Nashville area.  But, since i’ve got you on my list now, I might as well let you know how I roll:

1. I love conversations.  I do not love spammers.  If you spam me, I will delete you. Period.
2. That’s not to say that as a graphic designer I won’t like what you do / sell / use.  BUT, send me a DM to review it or to meet for coffee – don’t blow up my twitterstream (and don’t blow up my @replies or my DM’s either – one is fine)
3. I give out WordPress help quite a bit, but I also DO WordPress design for a living – if you like what I have to say, you’ll like my personal work even more! OK, that was my shameless plug…

That being said, if you are catching this post, and have me on your list due to the NashMash list, please leave me a comment.  I want to get to know some of you nashvillians, and this is a great place to do it (and on twitter too, don’t forget!)

First of all, thanks to Daniel Johnson, Jr for providing a link to the “Fail Whale” origin story.  Read the article, and go support the REAL artist behind the Fail Whale! That being said, when it comes to the original screenshot…

I think it could be spiced up a bit:

And I got to thinking: How funny would it be to have a captioning / photoshop contest to kinda poke fun at Twitter for all its misgivings.

So, here’s the deal.  I’m going to post a high-res version of the twitter maintenance screen below.  The top text is Helvetica Bold, and the bottom text is Helvetica (Arial will also work).  You can edit the words, the captions, the picture itself – anything you want.  The winner will receive their design on an American Apparel shirt free of charge from me, and I will sell their t-shirt in my store. (I’m not going to rip off the original artist by selling her design, so I’m going to respect that wish by not offering it in my store.  If you like the Fail Whale, go support her!).

(By the way, If anyone out there wants to donate some other prizes to the contest, by all means send me an email or use the contact form.)

Post your entries as a link in the comments.  The contest will be open for two weeks (if i’m in the hospital with the baby when it’s done, then I’ll extend the deadline), then we’ll have voting for the same amount of time.  You can only enter twice, and your entries will be subject to verification.

Here’s the file.  Good luck!

EDIT: here’s a link to the file – people said my lightbox was interfering with them downloading it:

http://www.studionashvegas.com/wp-content/uploads/2008/07/failwhale1.jpg

And I know disqus doesn’t allow images – so if you can’t host it on flickr or photobucket, just email it to me and I’ll put it in the thread.