Webware

Earlier this week I wrote a post about how I didn't like that I couldn't alter the Facebook Connect privacy settings for updates from Foursquare, an iPhone app that shares my location through a GPS-enabled city directory. It didn't make sense to me that Facebook Connect information was automatically visible to anyone who had access to posts on my "wall," whereas privacy settings on a third-party app embedded directly on my profile were much more fine-tuned, allowing me to restrict them to specific subsets of friends.

I've been e-mailing back and forth with Facebook, and I've gotten some clarification on how the process works. Privacy controls for embedded apps aren't as simple as I'd thought. I can opt to block the "box" for a third-party game like Mafia Wars or Farmville, as the privacy controls indicate, but activity from those apps--i.e. if I just picked up a new weapon in Mafia Wars--will still show up to anyone who can see what I post on my Facebook wall, like status messages and new friend connections. (You can, however, block individual Platform apps from posting to your wall in the first place.)

"Activity from apps and Connect sites are grouped with the activity you take on Facebook (which then appears on your wall), all of which can be blocked from a select group of people using publisher privacy," Facebook representative Malorie Lucich explained to me via e-mail. "So, for example, if you don't want your boss seeing your Mafia Wars activity and your usual Facebook activity, you can block her/him from viewing your wall."

Everything on the wall, therefore, is treated as a single unit. Except not quite: With status messages and content posted directly through Facebook, as part of Facebook's new privacy controls there's now a drop-down menu that lets me choose exactly who can see that message--the public Web, friends of friends, only my friends or "networks," or stratified groups of friends. That's great, because I can post a status message asking for Christmas present suggestions, and opt to block it from my family or other potential gift recipients.

For third-party apps, I'm not so lucky. I'm sure I wasn't the only Facebook member who figured that blocking the Mafia Wars "box" from a certain list of friends would also block activity updates on my wall. According to Facebook, it doesn't.

I'm also sure I'm not the only one who would like to use Facebook Connect with a service like Foursquare that isn't normally public; I liked some of the comments that would appear on "check-ins" pushed to Facebook (when I checked into a restaurant, for example, a few people responded with their favorite menu items, and another asked about the variety of beers on tap). But wanting to keep them restricted to half or a third or a quarter of my Facebook friends is not always just a matter of privacy--the majority of my Facebook friends have no interest whatsoever in which coffee shop I just checked into on the likes of Foursquare or Gowalla, and out of courtesy I don't want to plaster it all over everyone's news feeds. I'd like Foursquare's implementation of Facebook Connect, theoretically, to only be visible to close friends and people who live nearby.

Facebook is, and should be, proud of the wealth of data that gets shared on members' "walls." On Friday morning, I used my status message to solicit tips for an upcoming tropical getaway, and got some terrific suggestions from people in my "social graph" whom I hadn't talked to in ages. This was a great example of something that I'd like to open up to my entire Facebook network. But when it comes to information that's local, sensitive, or otherwise private, I'd like to be able to restrict it. As Facebook Connect grows bigger and more diverse, these instances are likely to come up more often.

So if I had to come up with a most-wished-for new Facebook feature, this might have to be it.

A small update to version 1.2 lets you upload photos from your phone and share favorite businesses with friends.

(Credit: Yelp)

Yelp's first foray on Google's Android phones wasn't much to look at.

The initial feature set of Yelp's business review app for Android, which debuted December 7, was minimalist. It contained enough features--read-only access to Yelp.com, click-to-call, and a hyperlink to get directions from the browser or Google Maps--to avoid a user riot, but one would hardly call it the answer to Yelp's iPhone app.

On Tuesday, Yelp is making good on its promise to quickly pad the app's features. Version 1.2, an update available through the Android Market app on your smartphone, now lets you upload pictures from your Android phone to Yelp's site.

If you're meeting someone at a restaurant, bar, or museum, you can now share Yelp's business listing with others over SMS, e-mail, Facebook, and other third-party apps you may have installed on your phone, like a Twitter service. As a third addition, you're also free to sign in to your Yelp profile from the smartphone.

These changes may seem like small potatoes at first--you still can't add your own rating, write tips, or review a place from the phone--but they reverse two of our complaints. Yelp tells us we should expect to see more interactive features in early 2010, like drafting a review for later publishing, and bookmarking a business.

Over the last few months, you may have noticed the Meebo Bar gracing the bottom of some Web sites, mostly large blogs, or other similar big content sites. That's because previously, the Meebo Bar was only available to select partners, so the little guys were mostly shut out. Now, Meebo is making the Meebo Bar available for all Web sites, with a specific focus on blogs.

For those of you who are unfamiliar with the Meebo Bar, it's a JavaScript plug-in that sits at the bottom of Web pages. It enables a lot of different social interaction and sharing features, such as displaying a specific stream of tweets, promoting a Facebook fan page, as well as Stumbling or Digging the page. The Meebo Bar also allows users to chat with their friends through the IM platform that made Meebo famous. Additionally, the Meebo Bar enables easy sharing of content on the page through its very slick Meebo Share Dock.

The bar is extremely easy to set up on blogs, especially TypePad, self-hosted Wordpress, Blogger, and Moveable Type, all of which have preconfigured solutions, built by Meebo. For those with other setups, the installation just consists of inserting a code snippit, something to which we have become very accustomed. Users can customize which features appear on their Meebo Bar all on Bar.meebo.com. The changes are then pushed out to the installation on your site in a matter of minutes.

Users can customize the Meebo Bar for their site with a variety of buttons.

(Credit: Screenshot by Harrison Hoffman/CNET)

This version of the Meebo Bar, for everyone, includes all of the same features that it offers to its partner sites, which is something that they were really shooting for with this release, Daniel Bernstein, Meebo's director of business development tells CNET. Meebo Bar users get all of the features of the bar, as well as detailed sharing analytics to see how people are using it, all for the low, low price of...free.

The Meebo Bar is a really great way of enabling a lot of different types of sharing and content interaction very quickly and easily. The sharing that results could, potentially, be a big driver of traffic back to sites. It's really great to see this rich functionality being adapted into to a "self-serve" type of system. With so many more possible installs out there, the Meebo Bar should see a huge explosion in growth.

Meebo's Share Dock pops out when you drag a piece of content on an enabled site.

(Credit: Screenshot by Harrison Hoffman/CNET)

Maybe they read the Yelp review that says Google's headquarters is infested with skunks and raccoons.

Just a few days after reporting that Google was about 80 percent likely to be acquiring business reviews site Yelp for a totally sweet $500 million, TechCrunch has backtracked. Late Sunday, TechCrunch reported that Yelp CEO Jeremy Stoppelman personally walked away from the deal and that company representatives informed Google over the weekend they aren't selling.

Or it might have been the skunks.

(Credit: CC Out at Bob's/Flickr)

That's odd. People seemed to think it was generally a good deal. TechCrunch isn't exactly sure what went wrong but speculates that Yelp may have gotten a better offer for a potential acquisition or strategic partnership that caused it to bail.

What could also have something to do with it: Google does a lot of things very, very well, but one thing it's never nailed is community. (Knol most certainly didn't kill Wikipedia, Orkut was big in Brazil but then faded in the wake of Facebook's growth, and YouTube's commenters seem to come from a very special place somewhere between the sixth and seventh circles of hell.) That's evident from looking at what Yelpers had to say about the potential deal last week. Proudly opinionated and devoted to the Yelp brand, many Yelpers were concerned that a Google buyout would degrade the site's sense of community--something that could, effectively, kill it.

Perhaps Yelp's execs thought the same and figured that strategic partnerships might be a better route for now.

YouTube is pushing its Facebook Connect integration further by allowing its users to see the videos that their friends share on Facebook. YouTube users had previously been able to find their Facebook friends on YouTube as well as update their Facebook profile with their various actions from the site.

While it's nice to see YouTube embracing Facebook more and more, it stops a bit short of being an impressive Connect implementation. YouTube is getting there, but seems to be lagging behind a little in this department. An implementation that shares, on Facebook, what you are watching, on YouTube, would certainly make sense, although it might clutter up users' Facebook profiles if they are a prolific YouTube watcher. For now, the addition of this new feature is a welcome inclusion and serves as a great way of getting trusted recommendations for videos to watch on YouTube.

YouTube's new Facebook Connect feature.

(Credit: Screenshot by Harrison Hoffman/CNET)

YouTube said this feature is in "test mode" for the time being. In my testing, I was not able to get this feature to actually work. This can be sometimes be expected while YouTube irons out the kinks with new features that aren't quite ready for prime time. If anyone has better luck, let us know in the comments.

Looks like Facebook will be throwing another big "F8" developer conference in the spring, after taking 2009 off. According to a sparse post on the company's developer blog, the event will be held April 21 and 22 in San Francisco. No more details are currently available.

"F8 has always been about empowering a community of developers to hack, to build and to delight users," the post reads. "We're looking forward to continuing this tradition at our third F8 in San Francisco on April 21-22, 2010. Please save the date!"

This is a big deal because Facebook's past two F8 conferences have marked the debut of some of its biggest products: in 2007, the groundbreaking Facebook developer platform, and in 2008, Facebook Connect. It's likely that the 2010 version will involve some kind of high-profile launch, too.

What could it be? The obvious possibility is Facebook's long-rumored payment platform or virtual currency system, which currently only powers the internal "gift shop" feature along with a few test developer apps and nonprofit partners. This is more or less Facebook's worst-kept secret: it's been in development for quite some time, but appears to have been repeatedly modified internally. Once said to be a straight-up PayPal competitor called "Facebook Wallet," the project has evolved to fall more in line with the meteoric rise in virtual goods-based social gaming, one of the biggest and most profitable runaway hits on Facebook's platform. It could also mean that Facebook starts to make some serious money from transaction fees and become a real power player in the e-commerce space.

Still, we don't know for sure. We'll keep you updated as more details become available about F8 2010 over the coming months.

This post was updated at 11:42 a.m. PST with a link to the post on Facebook's developer blog.

If Google's rumored $500m acquisition of Yelp goes through, the search giant may finally get a solid lock on the "hyperlocal" Web. But it'll also be acquiring a big community site--and those are notoriously hard to wrangle.

Restaurant industry blog Eater might have put it best: "One can only assume that with Google's muscle behind the site, the millions of users who log on to complain about restaurants would be able to say stupid stuff faster, and with more efficiency," editor Amanda Kludt wrote on Friday.

All snark aside, it's the same sort of issue that arose a few years ago amid persistent rumors that Google was going to acquire Digg, another site reliant on heavy participation from a loyal and extremely vocal community. The questions are more or less similar: What would Google change, and how much would they change it? Does Google's massive scope make it untrustworthy?

Yelp's official word: "Yelp is approached frequently by numerous entities to discuss partnerships, investments and more, and the company does not comment on private discussions that may occur."

Truth be told, the state of Yelp's forums on Friday indicated that many were more interested in talking about "Why are NYC apartment brokers such d-bags?" and "The official 'Jersey Shore' on MTV thread" than about whether Yelp might get sucked up by the Google monster. But a few threads did emerge, and the gist seems to be pretty much the same: They better not change too much. And please keep throwing parties.

"I wonder how this will effect Elite parties as well as Yelp Talk?" one Yelper asked in a Bay Area-centric thread about the acquisition. Another said, "So long as it's not Rupert Murdoch buying it." Some Yelpers were optimistic, suggesting that maybe there would be better integration with Google maps or additional technical improvements.

But others were concerned about quality control. "It means more trolls and fake reviews," one Yelper griped.

"Anyone ever look at the comments on YouTube videos?" another asked. "That is what is gonna happen here."

There were a few threats of account deletion, like "If this happens, I'm deleting my profile" and "Yelp is big because of us. Let's demand money or delete our accounts en masse." Generally, those aren't any real indicator of community revolt, but they're a reminder that it's extremely possible for a big buyer of a community site to mess things up big-time. LiveJournal users weren't thrilled about its Six Apart ownership, which ultimately failed. Likewise, when News Corp. acquired social network MySpace, mismanagement and a lack of innovation were likely what led to a drop in traffic and the eventual dominance of Facebook.

Worth a read: Yelpers' reviews of Google HQ in Mountain View, Calif. Choice bits range from "Google has lots of yummy, organic snacks and drinks" to "They have way too many skunks after 7 p.m. nightly and raccoons living on the Google campus."

This post was updated at 10:48 a.m. PT with comment from Yelp.

Sex, porn, and Michael Jackson were among the most popular items kids searched for online in 2009, as tracked by Symantec's OnlineFamily.Norton.

Symantec on Thursday revealed the top 100 favorite search terms among children 18 and under found by its free OnlineFamily.Norton service, which helps parents monitor their kids' online searches. Though innocuous terms like Sesame Street and "New Moon"--a popular movie in the Twilight vampire series--made the cut, sex showed up fourth on the list for boys and fifth for girls, following YouTube, Google, and Facebook as the three top terms.

Top 10 search terms by boys and girls for 2009

(Credit: Symantec)

For boys, the top 25 search terms focused on social-networking sites, shopping sites, and certain adult terms. Girls seemed to favor subjects related to music, TV shows and movies, and celebrities.

Speaking of celebrities, to no one's surprise, the late Michael Jackson was the most searched for celebrity, coming in at number 12, followed by pop singer Taylor Swift at No. 13. Other hot stars that made the list included Miley Cyrus, Britney Spears, Beyonce, the Black Eyed Peas, the Jonas Brothers, Eminem, Rihanna, and Chris Brown (who was in the news this year after admitting that he assaulted ex-girlfriend Rihanna).

Searching for celebrities online, however, may be hazardous to your PC's health. Symantec has found found that these searches sometimes draw people to dangerous Web sites, which spew out viruses, spam, and other malware.

Kids seven and under searched for items related to video games, while older kids were heavy into music, with 34 percent of teens and 27 percent of tweens searching for music-related topics. The Miley Cyrus song "Party in the USA" was the most-searched for tune among kids, while "Boom Boom Pow" by the Black Eye Peas took the No. 2 spot.

Top 10 searches by age group for 2009

(Credit: Symantec)

Tech terms that popped up on the list included MySpace at No. 8, MSN at No. 33, the iPod Touch at No. 98, and Bing last at No. 100.

To compile its top 100 list, Symantec tracked 14.6 million searches run by users of its OnlineFamily.Norton service and ranked the terms according to ones submitted most frequently to those submitted the least. The terms were collected anonymously, so none could be associated with any specific children or families.

What Twitter's homepage looked like before it went down on Thursday night.

(Credit: CC u07ch/Flickr)

Twitter stumbled again overnight on Thursday. But this time, it wasn't the work of the "fail whale," the cuddly cartoon personification of the site's excessive technical baggage. Rather, the site was replaced with a foreboding message from "Iranian Cyber Army" before crashing entirely, indicating that it had been the victim of a malicious attack that targeted its internal servers.

Co-founder Biz Stone posted a brief clarification on the issue late on Thursday night. "Twitter's DNS records were temporarily compromised tonight but have now been fixed," he explained. "As some noticed, Twitter.com was redirected for a while but API and platform applications were working. We will update with more information and details once we've investigated more fully."

At the risk of sounding like an evening-news anchor calling attention to exactly how dangerous your treadmill is or how many diseases you can get from the ball pit at Chuck E. Cheese, I think it's time to explore the question: Is it safe to use Twitter?

For one, Twitter's track record with security has been shaky at best. A security flaw this spring exposed the data of a number of employees and allowed a hacker to pilfer some internal documents. Several high-profile accounts, like those of Britney Spears, Ashton Kutcher, and CNN anchor Rick Sanchez, have been targeted individually. Twitter has been the victim of phishing attacks. Other hackers have proved that Twitter accounts can be set up specifically to corral botnets of infected PCs. And in perhaps the biggest incident of all, a politically motivated denial-of-service attack in August that targeted multiple social-media sites managed to cripple Twitter entirely.

Think of it this way: if Facebook, a far bigger and more mainstream site that's had concerns about user privacy splashed all over the news recently, saw its homepage replaced with a nefarious political message, there would probably be a fresh round of calls for CEO Mark Zuckerberg's resignation. Twitter's heavy users are, for better or for worse, accustomed to sporadic downtime and glitches. They're also less likely to ever visit the Twitter.com homepage, considering the service has so many points of entry--text message, as well as third-party apps for mobile, Web, and desktop. Users have become accustomed to logging into third-party applications with their Twitter credentials.

That, perhaps, makes the overnight hack a bigger concern. Even though it's unlikely that user accounts were compromised in this DNS redirect, it's yet another sign that Twitter's security operations have time and again proven weak enough that the service doesn't exactly seem watertight.

A political message, or just plain obnoxious?
On the other hand, we still don't know much about this attack and it may have been less sophisticated than some may fear. One, nobody's exactly sure yet who the hackers were. "Of course, just because a message saying 'This site has been hacked by Iranian Cyber Army' has been posted on a Web page does not necessarily mean that hackers from Iran are responsible for the defacement," Sophos security consultant Graham Cluley wrote on his blog Friday.

Additionally, Cluley said, the aim seems to have been to either get a political message through or to simply be obnoxious. "Fortunately there is no indication at this point that the page was carrying malicious code, and this attack appears to have had political motivations rather than being designed to steal confidential information from users," he wrote.

"It really looks like it was people were redirected to a 'hactivism' site," weighed in fellow Sophos analyst Beth Jones via e-mail. "There was no malicious code on the site claiming to be the 'Iranian Cyber Army' either. It looks like they just hacked the registrar to redirect traffic. So it's quite probable that none of Twitter's own servers were touched."

Another reassurance is the fact that Twitter simply doesn't have the kind of sensitive data that a Facebook or Google does. While it does have millions of mobile phone numbers stored to power its text-message app, not to mention archived private "direct messages" between users, Twitter does not index a whole lot more that isn't otherwise public. Facebook, for example, has many members' credit card numbers on hand (if they've ever used its "gift shop" feature), not to mention extensive personal data in profiles like addresses, birthdays, and family connections. Members who are still concerned about the security of their Twitter accounts can take the obvious step of changing their Twitter passwords to something that they don't use on their e-mail, Facebook accounts, or elsewhere--just in case.

Beth Jones says she has confidence in Twitter. "I wouldn't say their security is second-rate by any means," Jones said via e-mail. "As it stands, they weren't actually compromised, but I can see from a user point of view the questions and concerns. At Sophos we see a new site compromised every 3.6 seconds. That's easily close to 24,000 sites a day, and of those, the vast majority are legitimate sites that get hacked."

That doesn't mean that Twitter shouldn't start making it more clear that it takes security seriously. If the company, which is now beta-testing a "Contributors" feature that may pave the way to paid corporate accounts, begins storing financial information, we can only hope that their security operations are turned up a few notches. Or, ideally, an order of magnitude.

This post was expanded at 6:23 a.m. PT with comment from Sophos' Beth Jones.