Are we 'dumb' for trusting Facebook?

Business Insider is reporting that when Facebook CEO Mark Zuckerberg was 19 and started the site at Harvard, he sent the following IM convo to a friend:

Zuck Zuckerberg: Yeah so if you ever need info about anyone at Harvard

Zuckerberg: Just ask.

Zuckerberg: I have over 4,000 emails, pictures, addresses, SNS

[Redacted Friend's Name]: What? How'd you manage that one?

Zuckerberg: People just submitted it.

Zuckerberg: I don't know why.

Zuckerberg: They "trust me"

Zuckerberg: Dumb fucks.

If we assume this information is true, should we care? On one hand, he was 19 when he wrote it and probably just saying it in jest. But it sure doesn't help recent feelings swelling up about Facebook's privacy changes.

Have the changes in Facebook's tools and settings making you rethink how you use Facebook? Or is it not that big of a deal for you?

Posted by Bridget Carey on | | Comments (0) | TrackBack (0)

Facebook protests growing

We've already blogged a bit about the increasing amount of people who are getting sick of Facebook's privacy issues and canceling their accounts. Anecdotally, through Twitter and personal requests, I'm seeing a lot of AntiFacebook people at least publicly contemplating the step.

Now, there's a formal movement, started by Alana Joy. On June 6, they're asking people to stay off Facebook as a protest of the privacy changes. There's a Twitter account for it, (so far, about 400 followers) and even, yes, a Facebook group.

PR and social media consultant Sarah Evans has a detailed blog post with a pithy title (telling Facebook founder Mark Zuckerberg that he can go "Zuck" it) about why she and others have joined this movement. It also has some quick links to other stories done by PCWorld and the like about the changes.

Are you thinking of dumping Facebook, or joining the protest? Let us know!

Updated: as of 1 p.m.

Posted by Niala Boodhoo on | | Comments (2) | TrackBack (0)

Sarah K. Noonan: The fake Facebook 'friend' that duped hundreds

Noonan_pic Meet Sarah K. Noonan: She's attractive. She's 27. She lives in Miami and is in a complicated relationship. She's a Democrat with more than 480 friends on Facebook.

And she doesn't exist.

Sarah K. Noonan was a fake account on Facebook that duped 48 friends in my network who added her as a friend. Dozens of her "friends" have told me they added her because they assumed they met the smokey-eyed, dark-haired girl from somewhere before. And they trusted her because they had friends in common with the phony account.

Her profile was created in February as a marketing experiment by the Canadian advertising agency RPCGROUP, and had been friending an average of 20 people a day for the past few weeks. It was removed
from Facebook around 2 p.m. Monday after I interviewed the agency's chief executive, Rod Ponce, about the account.

Ponce said a group of RPCGROUP interns created the Noonan account to explore what makes a trendsetter and how users react to different types of posts. He stressed it was not used in a commercial
way to promote anything and has apologized for any confusion this may have caused.

"We don't want to offend anybody," Ponce said. "It's really to see how people socialized."

In fact, it was so easy for Noonan to get friends, Ponce said it freaked out one of his interns who unfriended anyone he didn't know on his profile. Between 30 to 40 percent of the people Noonan friended accepted the request.

"You accept people and sometimes you don't really know why you're accepting people,'' Ponce said.

Ponce hopes this helps shed light on the value of paying for advertising on Facebook.

"At the end of the day, is it really an effective tool for our clients or is it just a lot of smoke and mirrors?'' Ponce said. "It's about opening up a major can of worms with Facebook and saying, 'How many of
your people are real?' Is it really fair to those that pay for cost-per-impression?''

Ponce sent me this via e-mail Monday afternoon after we chatted over the phone:

Since our conversation we have disabled Sarah K. Noonan's profile and apologize for any confusion this may have caused.

Our Asset Project was in no way malicious in intent, but rather it took shape in the spirit of learning about the nature behind building social networks and in particular evaluating the effectiveness of Facebook as a tool for clients to commercialize their products/services.  Our experiment was initiated at the beginning of the year and stemmed from the lack of a standard ROI formula for our clients. 

There are way too many people who claim to be experts in the social media camp. We don't claim to be experts, but rather built our research through old fashioned collection of empirical data.  Since its inception we have not commercialized, nor have gained any revenues through this project.  We have been accumulating data in regards to evaluating interactions through engagement statements, the role of common interests in building social networks and how easily people create relationships through Facebook.

RPCGROUP's experiment may have been intended as innocent marketing research, but more than 480 people just gave a false account access to their information by adding her as a friend.

It rattled a few of my friends to know they had added a phony account. I contacted everyone listed as a mutual friend between Noonan and me, and every person who responded said they didn't know who she was.

Moments like this reveal that we can be too trusting of a simple profile with a pretty face. Luckily for these people, Noonan wasn't a cyber criminal.

Using a fake name or operation under a false identity is a violation of Facebook's policy. The site also has systems in place to flag or block potential fake accounts, according to Facebook spokesman Simon Axten.

"Users who send lots of messages to non-friends, for example, or whose friend requests are rejected at a high rate, are marked as suspect,'' Axten wrote in an e-mail. "We've built extensive greylists that prevent users from signing up with names commonly associated with fake accounts. There's always room for improvement, which is why we have teams of security experts and engineers working on these systems and developing new ones.''

But Facebook didn't catch ``Noonan'' -- and neither did more than 480 people.

When you consider how "she'' operated, it's easy to see why.

"Noonan'' sent a friend request to practically everyone in The Miami Herald's Business section Facebook page with the message: "Hi, I came across your profile in The Miami Herald Business section page. I am currently expanding my network base and wanted to reach out and say hi.''

Sweet girl sending out a sweet message. What fake account would do that? But the account didn't respond to follow-up messages my co-workers or I sent. Red flag No. 1.

A closer look at her profile raised more eyebrows. Noonan never made a status update or shared a link from the Facebook website. She posted via a paid application used by marketers called Sendible, but a Facebook application was created to disguise the Sendible feature, calling itself ``Mobile Phone.'' So all her time stamps ended with "via Mobile Phone.'' You wouldn't know something was weird unless you clicked on those words. Sendible's CEO, Gavin Hammar, told me the paid service used by Noonan was tied to RPCGROUP.

The third red flag: Not one post on "Sarah's'' wall was from a friend, nor did the account ever interact with friends. The posts were meaningless -- such as a music clip from YouTube, a link to a story from another publication or innocuous thought. ("Long day ... calling it a night.'')

Noonan_large David Clarke, CEO of interactive marketing agency BGT Partners in Aventura, saw Noonan's account and said he's seen more marketers use Facebook accounts to promote material.

"In many instances it is better and easier to get friends than fans -- there is very little difference,'' Clarke said. "It is just too easy to scam Facebook and create a fake person -- especially when you use a young, cute girl as your profile picture.''

Cyber criminals and spammers typically won't waste their time putting that much effort into a profile. Kevin Haley, director at Symantec Security Response, said the bad guys usually "hit and run'' on Facebook by breaking into a real account, spreading malicious links and spam until they get caught. It's not profitable to waste time building a fake account and adding friends.

Haley wrote about The Ghosts of Facebook last week when a fake account posing as a Jacksonville University student got 562 friends without even trying to look as real as Noonan did.

Dave Marcus, director of security research at McAfee, said McAfee partners with Facebook's security team. He's found that as long as there's some friend in common, people will trust and accept a friendship.

"It's amazing how many people 'friend' something,'' Marcus said. ``It's that transient trust thing.''

As in the "real'' world, it's wise to check someone out before you add them as a friend. Do a quick Google search on their name. Or send a nice message asking how they know you or where you met.

It's your profile -- protect it. Facebook can block outsiders from seeing your stuff, but it can't stop the people you let in.


Posted by Bridget Carey on | | Comments (16) | TrackBack (0)

Growing Google term: how to delete FB account?

Facebook_Badge_02_24_2009 I actually had a friend say to me this morning that she wanted to delete her Facebook account - a sentiment that seems to be growing in popularity.

ReadWriteWeb's done an interesting query on the growing amount of people who are at least asking if they should delete their Facebook account.

Even more interesting is what happens when people actually start the process of deleting their account.

Posted by Niala Boodhoo on | | Comments (0) | TrackBack (0)

McDonald's, FB close to location-sharing deal?

McDonalds Honestly, when I go to McDonald's, I order a Happy Meal. Or the 49 cent hamburger. But maybe I would go even less if all my friends knew I was going there!

That's the idea behind a new deal McDonald's is working on with Facebook, AdAge is reporting. You can read the full story here.

Posted by Niala Boodhoo on | | Comments (0) | TrackBack (0)

How strong are your passwords?

Think malware is just something annoying, but not costly?

A study out today from Consumer Reports calculates Americans have lost $4.5 billion over the past two years, including replacing more than two million computers, because of malicious programs. (They're livestreaming an event today at 12:30 p.m. to talk about the report)

Something as simple as a better password can help.

I'm the first to admit that I fail at the password protection test. Unlike my super techie friends, my passwords are pretty lame because of my fear of forgetting them.

Bridget and I have realized that it would be easy for the two of us to figure each other's passwords out -- and if that's the case, it's probably not that hard for someone else to do that, too.

This week we're changing that. We're taking control of our passwords and creating a system that makes it easy for us to remember them, but really difficult for others to figure out.

I've probably missed the window for calling this spring cleaning, so maybe think of this as a May e-Cleaning.

To avoid the disaster of forgetting all these passwords once you've created them, come up with a system. Find an odd combination of numbers and or symbols. Don't use your birthdate, or your kid's birthdates, or an anniversary. If you can't deal with a random number combination you make up and memorize, use something like your dog's birthdate, your best friend's birthday -- combinations others can't figure out.

Yes, this is a pain. I've already created several passwords that I've forgotten, but it's just the hassle of clicking "forget password" and waiting for the email to come. This helps you remember your password, and, it's worth it.

Consumer Reports recommends inserting a random symbol into a password as well. To make it easier to remember, find one you like and use the same one each time.

Now that you've gone through the trouble of creating better passwords, be aware of phishing scams that try to steal your login data. If you click on a link that someone's shared with you, and it asks for your user name and password, stop and think before you fill it in: Is this legitimate? If the URL looks complicated for a sign in page, it should raise a red flag.

Do you have a system for managing your passwords?

Posted by Niala Boodhoo on | | Comments (3) | TrackBack (0)

Time to review your Facebook privacy settings again

SkynetAs a sci-fi geek, when I heard of Facebook's changes, the first thing that came to mind was how it's becoming like Skynet -- and I wasn't the only one to think that.

All right, maybe it's an exaggeration to compare Facebook to the artificial intelligence software that tried to destroy mankind in the Terminator movies. But like the ubiquitous Skynet, it is integrating itself into many major websites in new ways.

Facebook is giving outside websites access to the information you make public. You should take the time to go back into your privacy settings and see what new ways it has attached itself to your online life.

For example, go on and you'll see a widget that shows which CNN stories have been shared by people who are your Facebook friends. If you're not logged in to Facebook, it just shows what stories are popular with all Facebook users.

Some of these changes are cool and make sharing quicker -- such as being able to mark that you "like" a website without ever going to Facebook.

Or if you listen to music on , it can recommend playlists based on the artists you like on Facebook.

Your friends on Facebook can also share details about you via the websites they go to -- as long as you make that info available to everyone. The example Facebook uses is when a friend goes to a greeting card website, that site may prompt the friend that your birthday is coming up (if your birthday isn't private).

Here's how to control what is being shared on these sites:

Control what your friends share: Under Privacy settings, click ``Applications and Websites.'' You'll see the option to control what info websites can tap into from your friends' accounts and share (as long as that info is public).

Control what sites automatically personalize: Under the same ``Applications and Websites'' area, the last option is to control ``Instant Personalization.'' Here you can turn it off completely. If you want it to be used for some sites and not others, each site has a way to opt out.

If you come across a site that uses instant personalization, such as, you can click "No, thanks,'' at a Facebook prompt on the top of the page and it won't connect.

Posted by Bridget Carey on | | Comments (1) | TrackBack (0)

Looking for a job? Expand your network online

In one of my other roles at the Herald, I do a weekly web business show - this week, we featured an interview with Roy Krause, the president and CEO of SFN Group, formerly known as Spherion. They're one of the largest staffing companies in the country and Krause spent quite a bit of time talking about how important expanding your network is - if you didn't catch the interview, here it is:

For those who need a refresher on social media sites like LinkedIn that deal specifically with the professional world, here are a few videos we did a while back with LinkedIn CEO Reid Hoffman about his site.

Some more practical tips: Bridget did a post last year about how to link people to your LinkedIn or Facebook profile - it's a good reminder as well to check yourself out online and see what comes up, as all potential employers do these days.

Finally, another tip: how to connect your Twitter account to LinkedIn - staying active on both networks and saving time!

What tips do you have to increase your network, especially in the face of job hunting?

Posted by Niala Boodhoo on | | Comments (0) | TrackBack (0)

Please tell me how you'd like me to talk to you

A friend in Dubai recently e-mailed me with the subject line: "a note about the e-mail I owe you."

In the message, which she sent to practically everyone she knows, she said she needed to own up to how bad she is at returning e-mails.

I e-mailed her to say Bravo! and asked what was the response from our other friends. She said it felt great to have the in-box albatross off her neck -- and this was her way of not just reaching out, but also getting more organized.

When there are a variety of ways to communicate with people -- text, instant messages, Twitter, etc. -- shouldn't it also be a part of netiquette to learn what form of communication people prefer?

EcardEmail In other words, if a person hates voice mail, don't use it. If someone only wants to be contacted via e-mail, respect that.

In the case of my Dubai friend, she's not bad at communicating: she uses Facebook daily, chats with people via Skype and Google instant messaging, and still uses old-school devices like the phone and even writes actual letters. What I thought was great was that she articulated all of her communication preferences to her friends.

I think this is even more important in professional situations, because it gives you a chance to distinguish yourself. Everyone's got the e-mail signature that lists the variety of ways they can be contacted (Follow me on Twitter! Read my Blog!).

But I think in the rush to be available to everyone on all platforms, we've failed to indicate the way we prefer to be contacted.

This goes both ways: It's not just about asking people how they would like to communicate, but also about making your own preferences clear.

Anyone who has ever called my work phone knows that for years, my voice mail has contained a message asking public relations professionals to e-mail me (if they don't have it, I spell out my e-mail address.)

There are a few reasons, but mostly, it's because I like to store things via e-mail so I can go back -- even if months later, to retrieve what was sent. I'm not opposed to picking up the phone: sometimes, that's the fastest and most efficient way to communicate. It just seems, though, like SUCH a waste of time to retrieve voice mails when it's just easier to have that email as a record. (And for those who ask, no, the Herald doesn't have any type of automatic transcriptions of voice mails, or then I wouldn't be so picky about this.)

And that's my point, as well. It's not just about courtesy, it's about efficiency. These days, couldn't we all use a bit more of both?

What's your preference, or pet peeve on this matter? Weigh in below, please:

Posted by Niala Boodhoo on | | Comments (3) | TrackBack (0)

The Nestlé Facebook lesson: When being attacked, show that you're listening -- but don't sass back

Nestle If you can't say anything nice, don't say anything at all.

That's the lesson a Nestlé social media administrator learned the hard way last week, after getting snippy with Greenpeace protesters who were repeatedly attacking the company's Facebook page.

Here's the breakdown: Greenpeace is protesting Nestlé's use of palm oil, an ingredient used in many of its products, saying it hurts the rainforests when not gathered in an environmentally sensitive way.

Protesters soon began to fill Nestlé's Facebook fan page with comments -- and many of those protesters changed their personal profile photos to be negatively altered logos, like changing KitKat to Killer and Nestlé to Nosale.

Nestlé then made a status update saying that they welcome the comments, but request that people not post with altered images of the Nestlé logos. It said any comments made by users with altered logos would be deleted.

But as the protesters cried that Nestlé doesn't support freedom of speech and they were "Big Brotherish,'' the Nestlé voice showed its annoyance, saying, "Oh please, it's not like we're censoring everything to allow only positive comments.''

Social media voices need to have personality to engage with users -- but NOT in this situation. When being attacked, show that you're listening and keep it professional. But don't sass back. Nestlé's Facebook administrator made the mistake of showing snark at multiple times, and now social media blogs are buzzing about how Nestlé handled it wrong.

Nestlé hasn't responded to our request for a comment. On Friday afternoon, the Nestlé Facebook administrator wrote that deleting comments with altered logos "was one in a series of mistakes for which I would like to apologize. And for being rude. We've stopped deleting posts, and I have stopped being rude."

The Nestlé page has also posted statements about the company's plan to use sustainable palm oil by 2015.

Greenpeace isn't just targeting Nestlé. They also are going after Dove. But businesses can learn a lesson from Dove's Facebook Page. When a user first goes to the page, they don't see a massive list of Wall posts from various users. They are defaulted to a "Home Page'' graphic tab.

On that screen, Dove, in a calm, professional manner, makes it clear that this is a place for fans of Dove -- but it also lets visitors know it has the right to remove comments on anyone being offensive or violating intellectual property rights.

The point is the tone. Companies use social media to present a voice. When people are screaming at you, it's best not to scream back.

As Nestlé sits by for days and lets negative comments take over its Facebook page, it's turning into quite the social media mess. If you were Nestlé, how would you use social media to respond?

Posted by Bridget Carey on | | Comments (2) | TrackBack (0)

Terms of Service | Privacy Policy | Copyright | About The Miami Herald | Advertise