Landon Prentice Cox tells about social networks. Facebook is #2 and 24% of global internet users are on facebook on any given day. Facebook is growing like crazy. Facebook Messaging: 2 billion status updates/week 300 million active users/month Average user has 130 friends Photos: 2 billion photos uploaded each month #1 photo site on the web This is a large engineering challenge: building a site that can accommodate users and photos on this scale -- Why should we worry about Facebook? Facebook has a history of mishandling data. They might work things out, but they've made mistakes. Example 1: Beacon: partners with other sites. The other sites told facebook what you were doing. Stuff starting showing up in feeds: what you were doing on other sites. Is this an issue? probably. Is this an ethical or a legal problem? Beacon was default opt-in, you could opt-out. Then they made it default opt-out and you could opt-in. Beacon died: lawyers had class-action suit against Facebook and Blockbuster. Facebook gave $9.5 million to "internet privacy initiatives" Why are people upset about Facebook when they're not about Google/Doubleclick? Facebook shares your info with your friends. Doubleclick doesn't know who your friends are. GMail doesn't send mail to your contacts. --- Photo Sharing bugs: why does Landon use a cockroach in describing the problem. Problem: hard to remove data from Facebook and other OSN sites. Terminology: Access Control List: authentication: who are you. login + password for email, card + PIN for ATM. Capability: get a token and use the token to access things. Get a car key, you can use it anytime. If you get a gift card: they can get 20 dollars on iTunes without knowing who you are. Capabilities are good: reduce interaction between user and guard. we don't ask Toyota if we can get into our car. Appealing if need to upload 2 billion photos month. What's bad about gift cards and car keys? Fall into wrong hands. Can be forged -- copy car key. Expensive to revoke capability, e.g., change locks on your doors. They have low overhead. facebook forces you to log in: access control list, prevents unauthorized profile updates. Photo URLs are capabilities. This is for performance reasons. They don't want to check credentials on each request. This is ok if the capability (in this case a URL) is hard to forge. If your car key is easy to copy, you're in trouble. It used to be easy to forge, Zuckerberg was found with Paris Hilton by creating a false/bogus URL and finding his photos. Now URLs are harder to forge. There is more stuff in the URL that makes it very hard to guess the URL. They also use access control, not just capability. Could use cookie, could use login. It's hard to guess the capabilities of the photos that are stored offsite. But what about revocation? If you delete stuff from Facebook, the capabilities are still valid. Post images, then delete images,then try to access. Five of 16 sites failed to revoke the image. Facebook and Myspace are still around. Photos hang around even when they're revoked. Is this an akami usse? A CDN issue. We'll find out. ---- Why is this happening? It's a direct result from making Facebook fast and usable. Hard to make facebook fast and accessible. It's usable, but it's not secure. How will people use OSNs in the future? Google latitude, loopt, brightkite, stalqer, foursquare Pretty soon everything will be geotagged. iPHone images are geotagged. Services are increasingly location-based. People upload without knowing this. search for vomit on Flickr and you can find out where people are getting sick. ---- What is the cloud? Where is it? What is it used for? Put your data on your desktop? No one can get it. Put it in the cloud? It's too expensive. Conclusion: Facebook is very important OSNs are poised to become location-based New challenges with location awareness. Is this an issue for college students?