Argh! 
This post was originally intended to try out a CSRF exploit that should allow an attacker to add himself as someone’s friend automatically on hi5 - simply by having the victim visit a website controlled by the attacker.
The reason why you’re not seeing a big “Add me as a friend” button is that it seems hi5 has protected the “add friend” feature the same way it did with the exchange of messages between its users: checking the HTTP Referer Header. While it makes things harder [for my mom to exploit], this is still a lame attempt at securing people’s privacy since the mentioned header can be forget under certain conditions using Flash.
As secure web requests go the only dependable solution seem to be sharing some in-form token with the server (no cookie-based sessions for you!).
WTF? I just read that TokBox raised $4M in its first round of financing.
Like… It’s Flash Media Server or Red5 or the backend, the regular Flash plugin on the clients and probably some EC2 magic to wire things up (scale wise).
$4000000? WTF? Help me out people! I don’t have a clue how this is gonna be monetized or how are they thinking of keeping competition away…
On another line of thought: $4000000?!?! WTF!!!! 
Update: I was dead wrong about this! 
Especially considering that now TokBox supports multi-user video conferences (up to 6 participants) and has integration with meebo. These guys know their stuff!
Anyway… [hopelessly trying to defend my own prior lame review :P] I expect this kind of service to become commoditized in the medium term. After all, the technology is but one and video chat is Flash’s “Hello World”. Add utility computing, mix it up with some kind of hackaton and you end up with basic competition such as video mail provider VoxLite (previous mentioned on this blog for featuring EC2 load balancing on the client side).
Added value: Hosted Services = No Control
There is no free lunch! Any “free” hosted service is probably mining some of your data (personal info and/or internet usage patterns).
The only way to get around that is becoming part of the cloud: providing space and computing cycles in return for control over your data.
And now for some homework questions:
- How long until people start realizing that their personal data is valuable and stop providing it for free? Will this ever happen?
- If it does happen what are the exit strategies for companies that depend only on exploiting user data for survival?
Microformats enable your data to structure itself out of its web container - enabling it to travel abroad to other sites and to acquire new life on your browser (with some Operator magic that is).
But that’s old history. The goal of this post is to gather some links on using microformats to getdata across social networks (or simply out of them).
There you go! Keep an eye on these resources to follow the trends on data portability.
As a sidenote, also take a look into RDFa - the Semantic Web approach to semantically enriching web pages.
Ahoy live readers!
Two minutes to checkout Kyte and People Agregator!
SKyte first!
create multimedia shows.
share instantly across web and mobile.
connect with live chat.
Or so they say… Using it you can upload photos, videos and have your own audience following what you are doing. Humm…
All in all it seems a nice lifestreaming implementation. I’d like to say more about it, but I wasn’t able to sign up to the service (not due to service problems but because for a while now I’ve lost the ability to sign up to any “Free” service that asks for more information that they need to provide me that service :P).
People Aggregator second!
This is a DIY social network (like of Ning but) available for download and self-host. Bah! Others have done a better job at evaluating it.
This could be a good candidate to refresh sheeptalk.org or leic2006 with some social magic. What say U?
Some very important XEP’s out there:
- XEP-0154: User Profile
This document specifies how to represent and manage profile data about IM users and other XMPP entities using the XMPP Data Forms extension.
- XEP-0163: Personal Eventing via Pubsub
This document specifies XMPP semantics for using the publish-subscribe protocol to broadcast state change events associated with an instant messaging and presence account.
- XEP-0124: Bidirectional-streams Over Synchronous HTTP (BOSH)
This document defines a transport protocol (formerly known as HTTP Binding) that emulates bidirectional connections efficiently using multiple synchronous HTTP request/response pairs (i.e. without polling or asynchronous chunking).
All of them supported in the new release of ejabberd. 
While reading David Recordon’s Battling Social Network Fatigue … By Going Open I stumbled upon a comment pointing to Identity Research - a collection of speeches/presentations (mostly by Jonathan Vanasco). The subject of the thoughts and presentations are Open Social Networks & User Privacy.
The interesting part is that it seems these guys (FindMeOn .com .org) have beaten the crowd in thinking about these matters, or so they say. The truth is that danah boyd has been waving the personas flag wayyy before them.
Which takes me to another quick thought: keyword-based search engines blow! Or in other words… subject-based search would be welcome (as a way to prevent claims over previous work or futile waste of gray matter over previously digested subjects)!
Opinion on FindMeOn: They are on the right track but I don’t know if their line of thought is too focused on the brands.
Either way it is the most interesting piece of work on identity (along what I’ve been thinking ;)) I’ve come across lately.
Note to Self: Activate asset nearest to Jonathan Vanasco.
The Bad Part: FindMeOn doesn’t go as far as to disrupt the existing social networks landscape. As such cross-linking of SN profiles is still possible enabling the aggregation of one’s facets into a centralized identity. So it’s back to square one as I’m concerned.
My screen real estate just got cheaper! Much cheaper! 
This year Santa brought me a Belinea 2225 S1W. Which in layman terms means a freakin huge 22″ monitor!!
I’ll have to rethink my work pratices, my laptop display pales in comparison.
The bad news: a perfectly centered red pixel which is under the minimum amount of stuck pixels (9 for this beast) that enables me to activate the warranty. I’ve tested UDPixel, JScreenFix and by ubber pixel massager skills but without success. That said… I’m happily stuck with a stuck pixel.
I just read about a Gmail exploit that enables an attacker to access your e-mails!
The exploit has now been fixed but you should take a look at Settings > Filters to see if there’s any suspicious filter hanging around and delete them if so.
From what I could tell it appears to be have been a Cross-Site Request Forgery (yet again)!
This might have gone unnoticed… Google as launched Google Profiles:
A Google Profile is simply how you represent yourself on Google products — it lets you tell others a bit more about who you are and what you’re all about. You control what goes into your Google Profile, sharing as much (or as little) as you’d like.
Added value (AV): Merging information into one place is not always good. Sometimes people want “walled gardens” of their own.
Sharing mobile phones makes sense as long as one-half of the world can’t afford for a phone (actually, having one-half of the world’s population living below the internationally defined poverty line of less than U.S. $2 a day is more serious, but this post is about phone use…).
So here’s a link to study on Shared Phone Use!
A snippet of the uncovered shared phone practices:
- Sente is the informal practices of sending and receiving money that leverages public phone kiosks and trusted networks.
- Beeping, flashing and missed calls are all ways to describe the practice of calling and hanging up before the recipient answers.
- In Uganda most phone kiosk communication is mediated through a kiosk operator who completes parts of the calling task normally carried out by a sole device user.
- Pooling is the collective buying of air time that exists amongst peer groups - students, colleagues, friends who each contribute to buy the lowest available denomination of airtime.
- Phone kiosk owners often use a large notepad to document phone numbers used by their customers and over time it represents a form of address book and call log for the local community.
- Step Messaging is the process of delivering either a text or verbal messages via shared mobile phone or kiosk where the message is delivered the last mile on foot.
And here’s some more bits of the final discussion:
- […] in markets with highly price sensitive consumers if there is a marginally cheaper communication channel it will be used.
- Whilst people appreciate the level of privacy that comes with sole device ownership, for most people only a small percentage of communication truly needs to be private.
- why would someone want to own or carry a personal mobile phone in its current incarnation if 95% of its functional and emotional benefits are ubiquitously available in the urban infrastructure and in other objects that are carried?
- Our research suggests that phone sharing (as it is defined above) is mostly driven by cost rather than by social drivers and that as the price of connectivity drops people will move to sole device ownership.
Pretty mind-blowing stuff!
It’s amazing how necessity can drive innovation!
And now for some added value.
What if my identity was decoupled from the SIM card and was able to migrate my identity between mobile devices (without having to juggle with SIM card, battery and cell phone)?
If that was the case I could use your phone or a public one by authenticating explicitly with a login and password when I wanted to communicate.
Or taking my privacy hat off, think about the possibility of integrating an in-body identity token. This would allow you to seamlessly integrate with all of your surrounding environment not just cell phones.
You might wonder why not just consider the cell phone with included SIM card as that (with-body instead of in-body) identity token?
Simply because of the point of data control! SIM cards and the related personal information of it’s users are handled by the phone operators - that friendly bunch. That’s not the way to got!
