Fake My Life

Posted on September 26, 2007
Filed Under Uncategorized | | Written by Gary Reid

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

What the hell happened to Utopia? Where great ideas can be implemented without fear.

There has been, and will continue to be calls for things that ‘make life easier’ for people to do ’stuff’. Yet it really does beggar belief how little thought goes into ‘what if’ scenario testing.

Two examples.

Social Network Portability. We’ve been working hard trying to find a solution that is simple, effective and at the same time safe. Lot’s of bloggers are backing friend portability using Microformats.

The solution is great, but it is Utopian - it can’t happen, we tested it out to see just how quickly people would see the privacy issues.

The idea is that by using a mix of hCard and XFN users of social networks will have a portable profile and list of friends. Great!

Except in reality the amount of information you can add into the hCard makes identification of both the person and the friends impossible. If you actually put the information needed to complete the task on the page the vulnerability to abuse is huge.

Example, let’s say you add hCard, but of course you don’t want to add the persons real name and email address because that will cause them privacy issues, we tested it and after just 3 days we had a user ask the question, ‘what if…

If you don’t add the real name and email address you have no way of actually identifying them. Imagine you ‘auto-sync’ your friends from another network and all it can get is their nickname, maybe their real name, how can it auto-sync your friend John Smith against the 25 John Smiths already in the system? It Can’t. It would be a hit and miss affair.

If social networks do put enough information into hCards to make it possible to identify users imagine what would happen, well do you want Mike Arringtons friend list? Complete with email addresses?

If fully implemented all you would need to do is sign up at a social network that supports auto-sync and completley fake someone, complete with a full friends list. You would have that persons nickname, profile photo and access to all of their friends…

The Mobile Web. Now you’ve faked them on a social network you can start to take over their other accounts, such as Twitter, get hold of their mobile phone number and fake the caller id.

We just had a user asking us if we had taken this into account for our SMS plugin because they’d read this article by Nitesh Dhanjani. Actually we had, having been around the web for so long I’ve seen it all, so I always expect the worst.

Friend portability through Microformats is a great idea, posting to the web using SMS is a great idea, shame we don’t live in Utopia. And because we don’t both will have their usability hampered by the need to stop potential abuse.