Webware

Facebook is completely dominating the rest of the social-media world when it comes to page views, according to these numbers.

(Credit: Pingdom/Google Ad Planner)

Wow. Numbers crunched by traffic and uptime firm Pingdom indicate that Facebook is absolutely crushing the rest of the social Web in terms of monthly page views. With about 260 billion page views, the sprawling social network's page view count is 11 times bigger than the second-place entry, News Corp.-owned MySpace. It's also 59 times higher than Twitter's, which comes in fourth. (Social network and gaming site Hi5 is third; Friendster, which was recently sold to a Malaysian tech company, is in fifth.)

These numbers are a testament to Facebook's phenomenal growth: remember, as late as June 2008, MySpace was still bigger than Facebook worldwide (and stayed bigger in the U.S. for several months more). And Facebook, at the time, was largely unsearchable and protected behind a log-in wall, keeping a damper on page views juiced by search engine optimization (SEO).

The catch with Twitter's placement here, it should be said, is that page views tend to be a very erroneous take on the microblogging service's actual reach, because so many of its users access it through third-party clients on both desktop and mobile devices, as well as through text messages.

In social news, Digg pulls in twice as many page views as Conde Nast-owned competitor Reddit (which is actually a smaller gap than I would have expected), and seven times as many as nerd-news hub Slashdot.

Here's what I find interesting: I wonder how much of this page view dominance on Facebook's part was achieved when Facebook got the SEO bump from letting users and brands' "fan pages" reserve unique URLs, hence making the Web address of an individual Facebook page much more search-result-friendly than a string of numbers. It's also potentially driving more traffic indirectly through Facebook Connect, which lets the users of 80,000 (and counting) third-party sites log in with their Facebook credentials--in effect, spreading the Facebook brand all over the Web.

Most importantly for page views, Facebook also has been gradually encouraging members to make more profile content public, starting with limited search-engine listings and then finally completely public personal profiles in accordance with a new set of privacy controls late last year.

TechCrunch writer Erick Schonfeld analyzed graphs from ComScore last summer that showed unique visitors to Facebook versus Twitter, and noted an uptick in Facebook's growth that coincided with the social network's introduction of an option to make individual pieces of shared content on profiles--status messages, links, videos, etc.--wholly public.

Some of these shifts in privacy policies haven't gone over so smoothly with privacy-conscious Facebook users. But if you look at traffic, the "opening up" has been a massive boon for the ad-revenue-reliant Facebook.

Attention, suburbanites: You, too, can be the mayor of your local Home Depot.

That's because New York-based mobile location-sharing service Foursquare has made a subtle but big improvement. It's no longer restricted to a list of a few dozen cities in North America and Europe, which means that people anywhere in the world can use their mobile phones to "check in" through the service. (Foursquare currently has applications for the iPhone, Palm Pre, and Google Android, as well as a BlackBerry app in development and a mobile Web site.) The new feature is considered to currently be in a soft-launch phase; in new locations, Foursquare will have to rely on users to add venues to build the directory of local spots themselves.

You no longer select your Foursquare 'city' from a drop-down menu--it can be set to anywhere in the world.

(Credit: Foursquare)

This is a big deal for Foursquare as it continues to compete with Gowalla, an Austin, Texas-based app with a slicker design, a bigger treasure chest of venture capital, and the ability to "check in" anywhere in the world. Both services also feature a game-like interface, with Gowalla stashing virtual items that you can "pick up" when you check into places, and Foursquare encouraging members to earn "badges" based on habits and become the "mayor" of venues where you've checked in more often than any other users.

Play-by-play between the user interface and functionality of the two apps tend to end in a toss-up. There are also plenty of other companies in the space, like Brightkite and Loopt, so it's still a hotly contested market.

As for your Foursquare friends list, which used to only display friends who were also signed on in the same designated Foursquare-approved city, the service now displays friends who have checked into locations in the same metropolitan area as determined by a given radius. Badges that are specific to location, like New York's "Animal House" badge for checking into too many NYU beer-pong bars, remain city-centric, but badges that are awarded for general check-in habits (like the "Crunked" badge for checking in four times in a night) are now available everywhere.

Foursquare, co-founded by Dennis Crowley and Naveen Selvadurai, launched last year at the South by Southwest Interactive Festival, a few months after Google shut down its predecessor Dodgeball, which Crowley had built as a grad-school project and sold to the company in 2005.

Earlier this week I wrote a post about how I didn't like that I couldn't alter the Facebook Connect privacy settings for updates from Foursquare, an iPhone app that shares my location through a GPS-enabled city directory. It didn't make sense to me that Facebook Connect information was automatically visible to anyone who had access to posts on my "wall," whereas privacy settings on a third-party app embedded directly on my profile were much more fine-tuned, allowing me to restrict them to specific subsets of friends.

I've been e-mailing back and forth with Facebook, and I've gotten some clarification on how the process works. Privacy controls for embedded apps aren't as simple as I'd thought. I can opt to block the "box" for a third-party game like Mafia Wars or Farmville, as the privacy controls indicate, but activity from those apps--i.e. if I just picked up a new weapon in Mafia Wars--will still show up to anyone who can see what I post on my Facebook wall, like status messages and new friend connections. (You can, however, block individual Platform apps from posting to your wall in the first place.)

"Activity from apps and Connect sites are grouped with the activity you take on Facebook (which then appears on your wall), all of which can be blocked from a select group of people using publisher privacy," Facebook representative Malorie Lucich explained to me via e-mail. "So, for example, if you don't want your boss seeing your Mafia Wars activity and your usual Facebook activity, you can block her/him from viewing your wall."

Everything on the wall, therefore, is treated as a single unit. Except not quite: With status messages and content posted directly through Facebook, as part of Facebook's new privacy controls there's now a drop-down menu that lets me choose exactly who can see that message--the public Web, friends of friends, only my friends or "networks," or stratified groups of friends. That's great, because I can post a status message asking for Christmas present suggestions, and opt to block it from my family or other potential gift recipients.

For third-party apps, I'm not so lucky. I'm sure I wasn't the only Facebook member who figured that blocking the Mafia Wars "box" from a certain list of friends would also block activity updates on my wall. According to Facebook, it doesn't.

I'm also sure I'm not the only one who would like to use Facebook Connect with a service like Foursquare that isn't normally public; I liked some of the comments that would appear on "check-ins" pushed to Facebook (when I checked into a restaurant, for example, a few people responded with their favorite menu items, and another asked about the variety of beers on tap). But wanting to keep them restricted to half or a third or a quarter of my Facebook friends is not always just a matter of privacy--the majority of my Facebook friends have no interest whatsoever in which coffee shop I just checked into on the likes of Foursquare or Gowalla, and out of courtesy I don't want to plaster it all over everyone's news feeds. I'd like Foursquare's implementation of Facebook Connect, theoretically, to only be visible to close friends and people who live nearby.

Facebook is, and should be, proud of the wealth of data that gets shared on members' "walls." On Friday morning, I used my status message to solicit tips for an upcoming tropical getaway, and got some terrific suggestions from people in my "social graph" whom I hadn't talked to in ages. This was a great example of something that I'd like to open up to my entire Facebook network. But when it comes to information that's local, sensitive, or otherwise private, I'd like to be able to restrict it. As Facebook Connect grows bigger and more diverse, these instances are likely to come up more often.

So if I had to come up with a most-wished-for new Facebook feature, this might have to be it.

This one's a surprise. Twitter will have turned a profit in 2009, a BusinessWeek report claims, citing sources. What happened? Search deals with Google and Microsoft brought in a nice chunk of cash for the company, which has raised well over $100 million in venture capital and has a paper valuation floating somewhere around $1 billion.

Considering the company has not yet put forth a long-term revenue strategy, this would be one of those Christmas miracles along the lines of a neurotic mom getting home to her stranded 8-year-old by fortuitously hitching a ride with a polka band fronted by John Candy.

So let's look at the details. Sources told BusinessWeek's Spencer Ante that Twitter's search deals with Google and Microsoft's Bing brought in $15 million and $10 million respectively, and that Twitter has managed to cut some of the high costs related to text-message functionality. (These costs were so exorbitant that Twitter temporarily had to restrict some international SMS codes.) OK, cool. Those numbers are decently plausible, and Twitter's strategic hire of a mobile business-development dude early this year likely had something to do with it. And Ante's article makes it clear that while sources have told him that Twitter will end 2009 on a profitable note, that doesn't mean it's going to be profitable next year.

But there's a difference between being cash-flow positive and being profitable, and it's also not totally clear as to what Twitter's other expenses are, or what they will be next year.

Ante writes:

Now that Twitter has become so popular, it has gained bargaining power with telecom companies and has managed to renegotiate so many deals with carriers that the company pays far less for the services. "Those used to be the biggest line item," says one source. "Generally speaking, those costs have gone away. Now people are the biggest line item."

People. Yes. Like the new office space they just moved into, and their still-expanding payroll, and stuff like that. Also: hardware, and other forms of defensive weaponry against evil whale attacks. The company also sometimes buys stuff, and continues to develop new features--like the current test of "contributors" accounts that it may end up charging for. So even with costs cut via a savvier mobile strategy, there are plenty of other costs that could be escalating simultaneously.

What's good news for Twitter is that getting $25 million out of search deals (if that's indeed true) shows that the company could expand that into a stronger long-term revenue strategy. Critics have been lukewarm on the possibility of Twitter attempting to support itself with advertisements or paid accounts, and nobody's really gone into depth on the question of whether the businesses currently raving about Twitter's power of "conversation" will cough up for more in-depth analytics.

Maybe they read the Yelp review that says Google's headquarters is infested with skunks and raccoons.

Just a few days after reporting that Google was about 80 percent likely to be acquiring business reviews site Yelp for a totally sweet $500 million, TechCrunch has backtracked. Late Sunday, TechCrunch reported that Yelp CEO Jeremy Stoppelman personally walked away from the deal and that company representatives informed Google over the weekend they aren't selling.

Or it might have been the skunks.

(Credit: CC Out at Bob's/Flickr)

That's odd. People seemed to think it was generally a good deal. TechCrunch isn't exactly sure what went wrong but speculates that Yelp may have gotten a better offer for a potential acquisition or strategic partnership that caused it to bail.

What could also have something to do with it: Google does a lot of things very, very well, but one thing it's never nailed is community. (Knol most certainly didn't kill Wikipedia, Orkut was big in Brazil but then faded in the wake of Facebook's growth, and YouTube's commenters seem to come from a very special place somewhere between the sixth and seventh circles of hell.) That's evident from looking at what Yelpers had to say about the potential deal last week. Proudly opinionated and devoted to the Yelp brand, many Yelpers were concerned that a Google buyout would degrade the site's sense of community--something that could, effectively, kill it.

Perhaps Yelp's execs thought the same and figured that strategic partnerships might be a better route for now.

Looks like Facebook will be throwing another big "F8" developer conference in the spring, after taking 2009 off. According to a sparse post on the company's developer blog, the event will be held April 21 and 22 in San Francisco. No more details are currently available.

"F8 has always been about empowering a community of developers to hack, to build and to delight users," the post reads. "We're looking forward to continuing this tradition at our third F8 in San Francisco on April 21-22, 2010. Please save the date!"

This is a big deal because Facebook's past two F8 conferences have marked the debut of some of its biggest products: in 2007, the groundbreaking Facebook developer platform, and in 2008, Facebook Connect. It's likely that the 2010 version will involve some kind of high-profile launch, too.

What could it be? The obvious possibility is Facebook's long-rumored payment platform or virtual currency system, which currently only powers the internal "gift shop" feature along with a few test developer apps and nonprofit partners. This is more or less Facebook's worst-kept secret: it's been in development for quite some time, but appears to have been repeatedly modified internally. Once said to be a straight-up PayPal competitor called "Facebook Wallet," the project has evolved to fall more in line with the meteoric rise in virtual goods-based social gaming, one of the biggest and most profitable runaway hits on Facebook's platform. It could also mean that Facebook starts to make some serious money from transaction fees and become a real power player in the e-commerce space.

Still, we don't know for sure. We'll keep you updated as more details become available about F8 2010 over the coming months.

This post was updated at 11:42 a.m. PST with a link to the post on Facebook's developer blog.

If Google's rumored $500m acquisition of Yelp goes through, the search giant may finally get a solid lock on the "hyperlocal" Web. But it'll also be acquiring a big community site--and those are notoriously hard to wrangle.

Restaurant industry blog Eater might have put it best: "One can only assume that with Google's muscle behind the site, the millions of users who log on to complain about restaurants would be able to say stupid stuff faster, and with more efficiency," editor Amanda Kludt wrote on Friday.

All snark aside, it's the same sort of issue that arose a few years ago amid persistent rumors that Google was going to acquire Digg, another site reliant on heavy participation from a loyal and extremely vocal community. The questions are more or less similar: What would Google change, and how much would they change it? Does Google's massive scope make it untrustworthy?

Yelp's official word: "Yelp is approached frequently by numerous entities to discuss partnerships, investments and more, and the company does not comment on private discussions that may occur."

Truth be told, the state of Yelp's forums on Friday indicated that many were more interested in talking about "Why are NYC apartment brokers such d-bags?" and "The official 'Jersey Shore' on MTV thread" than about whether Yelp might get sucked up by the Google monster. But a few threads did emerge, and the gist seems to be pretty much the same: They better not change too much. And please keep throwing parties.

"I wonder how this will effect Elite parties as well as Yelp Talk?" one Yelper asked in a Bay Area-centric thread about the acquisition. Another said, "So long as it's not Rupert Murdoch buying it." Some Yelpers were optimistic, suggesting that maybe there would be better integration with Google maps or additional technical improvements.

But others were concerned about quality control. "It means more trolls and fake reviews," one Yelper griped.

"Anyone ever look at the comments on YouTube videos?" another asked. "That is what is gonna happen here."

There were a few threats of account deletion, like "If this happens, I'm deleting my profile" and "Yelp is big because of us. Let's demand money or delete our accounts en masse." Generally, those aren't any real indicator of community revolt, but they're a reminder that it's extremely possible for a big buyer of a community site to mess things up big-time. LiveJournal users weren't thrilled about its Six Apart ownership, which ultimately failed. Likewise, when News Corp. acquired social network MySpace, mismanagement and a lack of innovation were likely what led to a drop in traffic and the eventual dominance of Facebook.

Worth a read: Yelpers' reviews of Google HQ in Mountain View, Calif. Choice bits range from "Google has lots of yummy, organic snacks and drinks" to "They have way too many skunks after 7 p.m. nightly and raccoons living on the Google campus."

This post was updated at 10:48 a.m. PT with comment from Yelp.

What Twitter's homepage looked like before it went down on Thursday night.

(Credit: CC u07ch/Flickr)

Twitter stumbled again overnight on Thursday. But this time, it wasn't the work of the "fail whale," the cuddly cartoon personification of the site's excessive technical baggage. Rather, the site was replaced with a foreboding message from "Iranian Cyber Army" before crashing entirely, indicating that it had been the victim of a malicious attack that targeted its internal servers.

Co-founder Biz Stone posted a brief clarification on the issue late on Thursday night. "Twitter's DNS records were temporarily compromised tonight but have now been fixed," he explained. "As some noticed, Twitter.com was redirected for a while but API and platform applications were working. We will update with more information and details once we've investigated more fully."

At the risk of sounding like an evening-news anchor calling attention to exactly how dangerous your treadmill is or how many diseases you can get from the ball pit at Chuck E. Cheese, I think it's time to explore the question: Is it safe to use Twitter?

For one, Twitter's track record with security has been shaky at best. A security flaw this spring exposed the data of a number of employees and allowed a hacker to pilfer some internal documents. Several high-profile accounts, like those of Britney Spears, Ashton Kutcher, and CNN anchor Rick Sanchez, have been targeted individually. Twitter has been the victim of phishing attacks. Other hackers have proved that Twitter accounts can be set up specifically to corral botnets of infected PCs. And in perhaps the biggest incident of all, a politically motivated denial-of-service attack in August that targeted multiple social-media sites managed to cripple Twitter entirely.

Think of it this way: if Facebook, a far bigger and more mainstream site that's had concerns about user privacy splashed all over the news recently, saw its homepage replaced with a nefarious political message, there would probably be a fresh round of calls for CEO Mark Zuckerberg's resignation. Twitter's heavy users are, for better or for worse, accustomed to sporadic downtime and glitches. They're also less likely to ever visit the Twitter.com homepage, considering the service has so many points of entry--text message, as well as third-party apps for mobile, Web, and desktop. Users have become accustomed to logging into third-party applications with their Twitter credentials.

That, perhaps, makes the overnight hack a bigger concern. Even though it's unlikely that user accounts were compromised in this DNS redirect, it's yet another sign that Twitter's security operations have time and again proven weak enough that the service doesn't exactly seem watertight.

A political message, or just plain obnoxious?
On the other hand, we still don't know much about this attack and it may have been less sophisticated than some may fear. One, nobody's exactly sure yet who the hackers were. "Of course, just because a message saying 'This site has been hacked by Iranian Cyber Army' has been posted on a Web page does not necessarily mean that hackers from Iran are responsible for the defacement," Sophos security consultant Graham Cluley wrote on his blog Friday.

Additionally, Cluley said, the aim seems to have been to either get a political message through or to simply be obnoxious. "Fortunately there is no indication at this point that the page was carrying malicious code, and this attack appears to have had political motivations rather than being designed to steal confidential information from users," he wrote.

"It really looks like it was people were redirected to a 'hactivism' site," weighed in fellow Sophos analyst Beth Jones via e-mail. "There was no malicious code on the site claiming to be the 'Iranian Cyber Army' either. It looks like they just hacked the registrar to redirect traffic. So it's quite probable that none of Twitter's own servers were touched."

Another reassurance is the fact that Twitter simply doesn't have the kind of sensitive data that a Facebook or Google does. While it does have millions of mobile phone numbers stored to power its text-message app, not to mention archived private "direct messages" between users, Twitter does not index a whole lot more that isn't otherwise public. Facebook, for example, has many members' credit card numbers on hand (if they've ever used its "gift shop" feature), not to mention extensive personal data in profiles like addresses, birthdays, and family connections. Members who are still concerned about the security of their Twitter accounts can take the obvious step of changing their Twitter passwords to something that they don't use on their e-mail, Facebook accounts, or elsewhere--just in case.

Beth Jones says she has confidence in Twitter. "I wouldn't say their security is second-rate by any means," Jones said via e-mail. "As it stands, they weren't actually compromised, but I can see from a user point of view the questions and concerns. At Sophos we see a new site compromised every 3.6 seconds. That's easily close to 24,000 sites a day, and of those, the vast majority are legitimate sites that get hacked."

That doesn't mean that Twitter shouldn't start making it more clear that it takes security seriously. If the company, which is now beta-testing a "Contributors" feature that may pave the way to paid corporate accounts, begins storing financial information, we can only hope that their security operations are turned up a few notches. Or, ideally, an order of magnitude.

This post was expanded at 6:23 a.m. PT with comment from Sophos' Beth Jones.

Privacy advocates opposed to new privacy regulations at Facebook are attempting to get the attention of the U.S. Federal Trade Commission, according to a complaint filed Thursday on behalf of the Electronic Privacy Information Center and several allied groups.

"These changes violate user expectations, diminish user privacy, and contradict Facebook's own representations," the complaint says of Facebook's new regulations, which push more content public, and make even more data available to third-party applications and advertisers. EPIC's goal is to force Facebook to restore the old settings and add additional controls for members.

"We've had productive discussions with dozens of organizations around the world about the recent changes, and we're disappointed that EPIC has chosen to share their concerns with the FTC while refusing to talk to us about them," a retaliatory statement from Facebook read. "We're pleased that so many users have already gone through the process of reviewing and updating their privacy settings, and are impressed that so many have chosen to customize their settings, demonstrating the effectiveness of Facebook's user empowerment and transparency efforts. Of course, the new tools offer users the opportunity to decide on privacy with every photo, link, or status update they wish to post, so the process of personalizing privacy on Facebook will continue."

It's one thing when Facebook users start complaining about new features that they deem excessively creepy--just look at the outrage that surrounded the News Feed, now a mainstay of the site, when it launched in 2006.

It's a bigger fish entirely when government regulatory bodies get involved, particularly the FTC, which has major sway over the advertising and marketing industries. It was only when privacy groups flagged concerns about Facebook's Beacon advertising program two years ago that participating advertisers started to pull out amid bad publicity. A class action settlement over the Beacon program was resolved recently.

Since then, Facebook hasn't had a privacy-related debacle on the same scale. Much of the philosophy behind Beacon was baked into its Facebook Connect universal log-in tool, which shares information from third-party sites on Facebook profiles and lets users log into other sites with their Facebook credentials. But with the public-relations pitch geared toward making the entire online experience easier for users (fewer passwords to remember, no more registration headaches) rather than helping advertisers exploit social-networking channels, the debut of Facebook Connect wasn't subject to the same scrutiny.

The controversial new privacy standards at Facebook have been a long time coming, considering the fact that the social network started to publicly set the groundwork nearly six months ago with a series of announcements about modified privacy controls. It's clear that the company was trying to avoid the sort of press bloodbath that came after the debut of Beacon.

That didn't happen. Facebook has already backtracked on one component of its new privacy regulations, one which made users' friends lists publicly available. It's unclear as to how much EPIC's coalition, not to mention the FTC, will prioritize this most recent controversy.

Behind Facebook's traditional willingness to make tweaks and modifications to new features and products, if they spark some kind of concern among government regulatory bodies or marketers, is a fight that the company will not give up easily. What it all comes down to is that Facebook's once-watertight log-in wall--remember the time that representatives mulled banning a blogger who'd posted Facebook-hosted photos publicly?--is getting in the way of the social network's potentially central role in one of the digital world's crazes du jour, searchable real-time information.

Search companies have been announcing big deals to pull Facebook status messages and Twitter tweets into results, and the media business has gone nuts over the potential to harness the "real-time Web."

Facebook, dependent on advertising revenues and still looking to expand its base of more than 350 million users, obviously wants in on this. But if it doesn't have enough status messages, shared links, and other information pulled into search results, it stands a chance at losing ground to the much-smaller Twitter--already the top name, in terms of a massive, searchable clearinghouse for up-to-the-minute information.

Plus, there are marketers and advertisers for Facebook to consider: more search results equals more page views and more ad revenue, and more public information on users' profiles means more ways for the advertising industry to reach them. But if those same marketers and advertisers are the ones pressuring Facebook to change course, in terms of user privacy, it could cause some friction between the social network and the businesses that have finally begun to accept it as a choice destination for their ad dollars.

Now EPIC is alleging to the FTC that Facebook's new regulations can be outright dangerous: "Dozens of American Facebook users, who posted political messages critical of Iran, have reported that Iranian authorities subsequently questioned and detained their relatives," an item in the complaint reads. "Under the revised privacy settings, Facebook makes such users' friends lists publicly available."

That's not good PR for Facebook, which has repeatedly pitched itself as a destination for open dialogue and grassroots organization across zones of political and ethnic conflict.