Webware

Twitter is usually the subject of steamy acquisition rumors, but chose perhaps the deadest afternoon of the business year to announce that it has made an acquisition of its own.

Twitter has bought Mixer Labs, the company that created the GeoAPI location service for developers building application atop Twitter. Evan Williams, CEO of Twitter, announced the acquisition on the company's blog, saying "when current location is added to tweets, new and valuable services emerge--everything from breaking news to finding friends or local businesses can be dramatically enhanced."

Financial terms of the deal were not disclosed, but it would appear Twitter is putting some of that money it now gets from Google and Microsoft to work. Elad Gil, the co-founder and CEO of Mixer Labs, is a veteran of Google and McKinsey, saying on his company bio that he co-founded Google's Mobile team. Seven employees are listed on Mixer Labs' "About" page, but that might not be an exhaustive list.

Twitter acquired Summize in July 2008, but the company has made few acquisitions, instead fending off perpetual rumors that Google, Microsoft, or another tech heavyweight is poised to snap up the company. Geo-location is definitely one of the hotter segments among the social-media butterflies, with companies like Foursquare and Gowalla drawing significant attention.

Earlier this week I wrote a post about how I didn't like that I couldn't alter the Facebook Connect privacy settings for updates from Foursquare, an iPhone app that shares my location through a GPS-enabled city directory. It didn't make sense to me that Facebook Connect information was automatically visible to anyone who had access to posts on my "wall," whereas privacy settings on a third-party app embedded directly on my profile were much more fine-tuned, allowing me to restrict them to specific subsets of friends.

I've been e-mailing back and forth with Facebook, and I've gotten some clarification on how the process works. Privacy controls for embedded apps aren't as simple as I'd thought. I can opt to block the "box" for a third-party game like Mafia Wars or Farmville, as the privacy controls indicate, but activity from those apps--i.e. if I just picked up a new weapon in Mafia Wars--will still show up to anyone who can see what I post on my Facebook wall, like status messages and new friend connections. (You can, however, block individual Platform apps from posting to your wall in the first place.)

"Activity from apps and Connect sites are grouped with the activity you take on Facebook (which then appears on your wall), all of which can be blocked from a select group of people using publisher privacy," Facebook representative Malorie Lucich explained to me via e-mail. "So, for example, if you don't want your boss seeing your Mafia Wars activity and your usual Facebook activity, you can block her/him from viewing your wall."

Everything on the wall, therefore, is treated as a single unit. Except not quite: With status messages and content posted directly through Facebook, as part of Facebook's new privacy controls there's now a drop-down menu that lets me choose exactly who can see that message--the public Web, friends of friends, only my friends or "networks," or stratified groups of friends. That's great, because I can post a status message asking for Christmas present suggestions, and opt to block it from my family or other potential gift recipients.

For third-party apps, I'm not so lucky. I'm sure I wasn't the only Facebook member who figured that blocking the Mafia Wars "box" from a certain list of friends would also block activity updates on my wall. According to Facebook, it doesn't.

I'm also sure I'm not the only one who would like to use Facebook Connect with a service like Foursquare that isn't normally public; I liked some of the comments that would appear on "check-ins" pushed to Facebook (when I checked into a restaurant, for example, a few people responded with their favorite menu items, and another asked about the variety of beers on tap). But wanting to keep them restricted to half or a third or a quarter of my Facebook friends is not always just a matter of privacy--the majority of my Facebook friends have no interest whatsoever in which coffee shop I just checked into on the likes of Foursquare or Gowalla, and out of courtesy I don't want to plaster it all over everyone's news feeds. I'd like Foursquare's implementation of Facebook Connect, theoretically, to only be visible to close friends and people who live nearby.

Facebook is, and should be, proud of the wealth of data that gets shared on members' "walls." On Friday morning, I used my status message to solicit tips for an upcoming tropical getaway, and got some terrific suggestions from people in my "social graph" whom I hadn't talked to in ages. This was a great example of something that I'd like to open up to my entire Facebook network. But when it comes to information that's local, sensitive, or otherwise private, I'd like to be able to restrict it. As Facebook Connect grows bigger and more diverse, these instances are likely to come up more often.

So if I had to come up with a most-wished-for new Facebook feature, this might have to be it.

A small update to version 1.2 lets you upload photos from your phone and share favorite businesses with friends.

(Credit: Yelp)

Yelp's first foray on Google's Android phones wasn't much to look at.

The initial feature set of Yelp's business review app for Android, which debuted December 7, was minimalist. It contained enough features--read-only access to Yelp.com, click-to-call, and a hyperlink to get directions from the browser or Google Maps--to avoid a user riot, but one would hardly call it the answer to Yelp's iPhone app.

On Tuesday, Yelp is making good on its promise to quickly pad the app's features. Version 1.2, an update available through the Android Market app on your smartphone, now lets you upload pictures from your Android phone to Yelp's site.

If you're meeting someone at a restaurant, bar, or museum, you can now share Yelp's business listing with others over SMS, e-mail, Facebook, and other third-party apps you may have installed on your phone, like a Twitter service. As a third addition, you're also free to sign in to your Yelp profile from the smartphone.

These changes may seem like small potatoes at first--you still can't add your own rating, write tips, or review a place from the phone--but they reverse two of our complaints. Yelp tells us we should expect to see more interactive features in early 2010, like drafting a review for later publishing, and bookmarking a business.

This one's a surprise. Twitter will have turned a profit in 2009, a BusinessWeek report claims, citing sources. What happened? Search deals with Google and Microsoft brought in a nice chunk of cash for the company, which has raised well over $100 million in venture capital and has a paper valuation floating somewhere around $1 billion.

Considering the company has not yet put forth a long-term revenue strategy, this would be one of those Christmas miracles along the lines of a neurotic mom getting home to her stranded 8-year-old by fortuitously hitching a ride with a polka band fronted by John Candy.

So let's look at the details. Sources told BusinessWeek's Spencer Ante that Twitter's search deals with Google and Microsoft's Bing brought in $15 million and $10 million respectively, and that Twitter has managed to cut some of the high costs related to text-message functionality. (These costs were so exorbitant that Twitter temporarily had to restrict some international SMS codes.) OK, cool. Those numbers are decently plausible, and Twitter's strategic hire of a mobile business-development dude early this year likely had something to do with it. And Ante's article makes it clear that while sources have told him that Twitter will end 2009 on a profitable note, that doesn't mean it's going to be profitable next year.

But there's a difference between being cash-flow positive and being profitable, and it's also not totally clear as to what Twitter's other expenses are, or what they will be next year.

Ante writes:

Now that Twitter has become so popular, it has gained bargaining power with telecom companies and has managed to renegotiate so many deals with carriers that the company pays far less for the services. "Those used to be the biggest line item," says one source. "Generally speaking, those costs have gone away. Now people are the biggest line item."

People. Yes. Like the new office space they just moved into, and their still-expanding payroll, and stuff like that. Also: hardware, and other forms of defensive weaponry against evil whale attacks. The company also sometimes buys stuff, and continues to develop new features--like the current test of "contributors" accounts that it may end up charging for. So even with costs cut via a savvier mobile strategy, there are plenty of other costs that could be escalating simultaneously.

What's good news for Twitter is that getting $25 million out of search deals (if that's indeed true) shows that the company could expand that into a stronger long-term revenue strategy. Critics have been lukewarm on the possibility of Twitter attempting to support itself with advertisements or paid accounts, and nobody's really gone into depth on the question of whether the businesses currently raving about Twitter's power of "conversation" will cough up for more in-depth analytics.

Maybe they read the Yelp review that says Google's headquarters is infested with skunks and raccoons.

Just a few days after reporting that Google was about 80 percent likely to be acquiring business reviews site Yelp for a totally sweet $500 million, TechCrunch has backtracked. Late Sunday, TechCrunch reported that Yelp CEO Jeremy Stoppelman personally walked away from the deal and that company representatives informed Google over the weekend they aren't selling.

Or it might have been the skunks.

(Credit: CC Out at Bob's/Flickr)

That's odd. People seemed to think it was generally a good deal. TechCrunch isn't exactly sure what went wrong but speculates that Yelp may have gotten a better offer for a potential acquisition or strategic partnership that caused it to bail.

What could also have something to do with it: Google does a lot of things very, very well, but one thing it's never nailed is community. (Knol most certainly didn't kill Wikipedia, Orkut was big in Brazil but then faded in the wake of Facebook's growth, and YouTube's commenters seem to come from a very special place somewhere between the sixth and seventh circles of hell.) That's evident from looking at what Yelpers had to say about the potential deal last week. Proudly opinionated and devoted to the Yelp brand, many Yelpers were concerned that a Google buyout would degrade the site's sense of community--something that could, effectively, kill it.

Perhaps Yelp's execs thought the same and figured that strategic partnerships might be a better route for now.

Looks like Facebook will be throwing another big "F8" developer conference in the spring, after taking 2009 off. According to a sparse post on the company's developer blog, the event will be held April 21 and 22 in San Francisco. No more details are currently available.

"F8 has always been about empowering a community of developers to hack, to build and to delight users," the post reads. "We're looking forward to continuing this tradition at our third F8 in San Francisco on April 21-22, 2010. Please save the date!"

This is a big deal because Facebook's past two F8 conferences have marked the debut of some of its biggest products: in 2007, the groundbreaking Facebook developer platform, and in 2008, Facebook Connect. It's likely that the 2010 version will involve some kind of high-profile launch, too.

What could it be? The obvious possibility is Facebook's long-rumored payment platform or virtual currency system, which currently only powers the internal "gift shop" feature along with a few test developer apps and nonprofit partners. This is more or less Facebook's worst-kept secret: it's been in development for quite some time, but appears to have been repeatedly modified internally. Once said to be a straight-up PayPal competitor called "Facebook Wallet," the project has evolved to fall more in line with the meteoric rise in virtual goods-based social gaming, one of the biggest and most profitable runaway hits on Facebook's platform. It could also mean that Facebook starts to make some serious money from transaction fees and become a real power player in the e-commerce space.

Still, we don't know for sure. We'll keep you updated as more details become available about F8 2010 over the coming months.

This post was updated at 11:42 a.m. PST with a link to the post on Facebook's developer blog.

If Google's rumored $500m acquisition of Yelp goes through, the search giant may finally get a solid lock on the "hyperlocal" Web. But it'll also be acquiring a big community site--and those are notoriously hard to wrangle.

Restaurant industry blog Eater might have put it best: "One can only assume that with Google's muscle behind the site, the millions of users who log on to complain about restaurants would be able to say stupid stuff faster, and with more efficiency," editor Amanda Kludt wrote on Friday.

All snark aside, it's the same sort of issue that arose a few years ago amid persistent rumors that Google was going to acquire Digg, another site reliant on heavy participation from a loyal and extremely vocal community. The questions are more or less similar: What would Google change, and how much would they change it? Does Google's massive scope make it untrustworthy?

Yelp's official word: "Yelp is approached frequently by numerous entities to discuss partnerships, investments and more, and the company does not comment on private discussions that may occur."

Truth be told, the state of Yelp's forums on Friday indicated that many were more interested in talking about "Why are NYC apartment brokers such d-bags?" and "The official 'Jersey Shore' on MTV thread" than about whether Yelp might get sucked up by the Google monster. But a few threads did emerge, and the gist seems to be pretty much the same: They better not change too much. And please keep throwing parties.

"I wonder how this will effect Elite parties as well as Yelp Talk?" one Yelper asked in a Bay Area-centric thread about the acquisition. Another said, "So long as it's not Rupert Murdoch buying it." Some Yelpers were optimistic, suggesting that maybe there would be better integration with Google maps or additional technical improvements.

But others were concerned about quality control. "It means more trolls and fake reviews," one Yelper griped.

"Anyone ever look at the comments on YouTube videos?" another asked. "That is what is gonna happen here."

There were a few threats of account deletion, like "If this happens, I'm deleting my profile" and "Yelp is big because of us. Let's demand money or delete our accounts en masse." Generally, those aren't any real indicator of community revolt, but they're a reminder that it's extremely possible for a big buyer of a community site to mess things up big-time. LiveJournal users weren't thrilled about its Six Apart ownership, which ultimately failed. Likewise, when News Corp. acquired social network MySpace, mismanagement and a lack of innovation were likely what led to a drop in traffic and the eventual dominance of Facebook.

Worth a read: Yelpers' reviews of Google HQ in Mountain View, Calif. Choice bits range from "Google has lots of yummy, organic snacks and drinks" to "They have way too many skunks after 7 p.m. nightly and raccoons living on the Google campus."

This post was updated at 10:48 a.m. PT with comment from Yelp.

What Twitter's homepage looked like before it went down on Thursday night.

(Credit: CC u07ch/Flickr)

Twitter stumbled again overnight on Thursday. But this time, it wasn't the work of the "fail whale," the cuddly cartoon personification of the site's excessive technical baggage. Rather, the site was replaced with a foreboding message from "Iranian Cyber Army" before crashing entirely, indicating that it had been the victim of a malicious attack that targeted its internal servers.

Co-founder Biz Stone posted a brief clarification on the issue late on Thursday night. "Twitter's DNS records were temporarily compromised tonight but have now been fixed," he explained. "As some noticed, Twitter.com was redirected for a while but API and platform applications were working. We will update with more information and details once we've investigated more fully."

At the risk of sounding like an evening-news anchor calling attention to exactly how dangerous your treadmill is or how many diseases you can get from the ball pit at Chuck E. Cheese, I think it's time to explore the question: Is it safe to use Twitter?

For one, Twitter's track record with security has been shaky at best. A security flaw this spring exposed the data of a number of employees and allowed a hacker to pilfer some internal documents. Several high-profile accounts, like those of Britney Spears, Ashton Kutcher, and CNN anchor Rick Sanchez, have been targeted individually. Twitter has been the victim of phishing attacks. Other hackers have proved that Twitter accounts can be set up specifically to corral botnets of infected PCs. And in perhaps the biggest incident of all, a politically motivated denial-of-service attack in August that targeted multiple social-media sites managed to cripple Twitter entirely.

Think of it this way: if Facebook, a far bigger and more mainstream site that's had concerns about user privacy splashed all over the news recently, saw its homepage replaced with a nefarious political message, there would probably be a fresh round of calls for CEO Mark Zuckerberg's resignation. Twitter's heavy users are, for better or for worse, accustomed to sporadic downtime and glitches. They're also less likely to ever visit the Twitter.com homepage, considering the service has so many points of entry--text message, as well as third-party apps for mobile, Web, and desktop. Users have become accustomed to logging into third-party applications with their Twitter credentials.

That, perhaps, makes the overnight hack a bigger concern. Even though it's unlikely that user accounts were compromised in this DNS redirect, it's yet another sign that Twitter's security operations have time and again proven weak enough that the service doesn't exactly seem watertight.

A political message, or just plain obnoxious?
On the other hand, we still don't know much about this attack and it may have been less sophisticated than some may fear. One, nobody's exactly sure yet who the hackers were. "Of course, just because a message saying 'This site has been hacked by Iranian Cyber Army' has been posted on a Web page does not necessarily mean that hackers from Iran are responsible for the defacement," Sophos security consultant Graham Cluley wrote on his blog Friday.

Additionally, Cluley said, the aim seems to have been to either get a political message through or to simply be obnoxious. "Fortunately there is no indication at this point that the page was carrying malicious code, and this attack appears to have had political motivations rather than being designed to steal confidential information from users," he wrote.

"It really looks like it was people were redirected to a 'hactivism' site," weighed in fellow Sophos analyst Beth Jones via e-mail. "There was no malicious code on the site claiming to be the 'Iranian Cyber Army' either. It looks like they just hacked the registrar to redirect traffic. So it's quite probable that none of Twitter's own servers were touched."

Another reassurance is the fact that Twitter simply doesn't have the kind of sensitive data that a Facebook or Google does. While it does have millions of mobile phone numbers stored to power its text-message app, not to mention archived private "direct messages" between users, Twitter does not index a whole lot more that isn't otherwise public. Facebook, for example, has many members' credit card numbers on hand (if they've ever used its "gift shop" feature), not to mention extensive personal data in profiles like addresses, birthdays, and family connections. Members who are still concerned about the security of their Twitter accounts can take the obvious step of changing their Twitter passwords to something that they don't use on their e-mail, Facebook accounts, or elsewhere--just in case.

Beth Jones says she has confidence in Twitter. "I wouldn't say their security is second-rate by any means," Jones said via e-mail. "As it stands, they weren't actually compromised, but I can see from a user point of view the questions and concerns. At Sophos we see a new site compromised every 3.6 seconds. That's easily close to 24,000 sites a day, and of those, the vast majority are legitimate sites that get hacked."

That doesn't mean that Twitter shouldn't start making it more clear that it takes security seriously. If the company, which is now beta-testing a "Contributors" feature that may pave the way to paid corporate accounts, begins storing financial information, we can only hope that their security operations are turned up a few notches. Or, ideally, an order of magnitude.

This post was expanded at 6:23 a.m. PT with comment from Sophos' Beth Jones.

A look at the Zune HD Twitter app in action.

(Credit: Screenshot by Donald Bell/CNET)

It has only been available for a day, but already the Zune HD's Twitter app is being updated after it was criticized by users for automatically abbreviating explicit words in users' tweets. It doesn't even give them the option of determining when or which words should be censored.

As you might expect, the Web is overflowing with unhappy users. Commenters on the Slashdot entry discussing the censors were up in arms over the feature. Quite a few of those folks echoed "rocket97's" comments, who said that the "[censors] should be an option, not a requirement." Others took the opportunity to (you guessed it) censor curse words within the comments to voice their protest.

They might have a point. Twitter itself doesn't censor any tweets that contain curse words. Even Twitter clients like TweetDeck don't censor tweets or direct messages from Twitter users.

It didn't take long for Microsoft to respond. After seeing that users were having issues with the application, Microsoft admitted that the app does indeed censor explicit tweets. It also said in an e-mailed statement to CNET News that it plans to rectify the situation soon.

"The recently released Twitter for Zune HD application has been abbreviating some explicit words in tweets when viewed on the device," a Microsoft spokesperson admitted to CNET News. "However, these explicit words do appear in their full text on the Twitter site or on any other Twitter client. We have identified the issue and are taking steps to update the application as soon as possible to ensure Twitter for Zune HD users are able to view tweets in their original state."

If you're interested in learning more about the Zune HD Twitter app, you can check out our hands-on by clicking here.