Slashdot Mirror

"Quirky.com has generated a lot of buzz," writes frequent contributor Bennett Haselton, "but it's hard to see how it could ever be more than a novelty unless they change two key features of their process. Fortunately, they already have all the infrastructure in place for bringing inventions to fruition, so that with these two changes, Quirky really could deliver on their early promise to change the way products get invented." Read on for Bennett's thoughts — which seem more sensible than quirky.

You've probably read about Quirky in one of many articles that read like valentines to the company and the concept. I do think the vision is brilliant — regular people who have smart ideas, but no experience with patents or marketing, partner with an invention company that manufacturers the product and splits the profits with them. But the hype seems oddly out of proportion to what Quirky actually makes — if you received a catalog in the mail with pictures of these products, would you remember the catalog a week later?

OK, I know, the hype is based not on the products, but on the process — regular people getting a shot at inventor stardom. Certainly the fairy tale has come true for some of the community inventors (who, not surprisingly, are spotlighted by Quirky quite a bit). But if you look at the overall numbers, the "About Quirky" page claims a community of "399,000 inventors" and "325 products developed," a pair of statistics that may reveal more than they intended — and indeed the odds are even worse than that, since only 74 of those products are being sold in their store and making the inventors any money, and only about half of those have made the inventor $10,000 or more. (For reasons explained here, some products selected by Quirky never actually get manufactured.) If you're tempted to think that it's a meritocracy and those 74 products really are the best ones anyone has ever submitted -- do you really think the Glide knife cleaner (12 units sold so far) is more useful than the nearly 400,000 other ideas people have sent in?

So if the products themselves are not changing the world, and from the "community inventor's" point of view it's a lottery that most of them have no chance of winning, then what is the big deal about Quirky?

Not surprisingly, there is an undercurrent of frustration that keeps bubbling to the surface on the Quirky message boards — frustration with the high odds against winning, and the lack of transparency about what products do make it. But I think the frustration can be traced back to two key problems with Quirky's process — both of which could be fixed (one of them quite easily), and which could take the arbitrariness and lack of transparency out of the selection process, and result in more inventions getting selected, all while making Quirky more money.

First, in the existing system, a user submitting a new idea probably doesn't realize that less than 1 in 1000 submissions goes on to be selected by Quirky as one of that week's "winners," and only about 1 in 10,000 ideas has ever gone on to make the inventor more than $10,000. On this page you can see a scrolling list of the most recent submissions; I wrote a script to poll that feed and count up the new submissions as they appeared, and the total averages about 1,500 per week. Of these, only two get selected by Quirky at their weekly staff meeting, and, as noted above, most of the selected winners do not end up in their store anyway.

Quirky also charges $10 for each idea submission, which comes to $15,000 per week, or about $150 per employee — hardly enough for each of them to live on, but not trivial. According to the text I copied from an old version of Quirky's FAQ: "We ask for $10 when submitting an idea for three simple reasons: to make sure you are serious about your submission, to be sure that you're an actual human, and most importantly: to assure that the quality of submissions remains high." Notably missing from that list was "To make Quirky some extra money." But from my experience when running a paid service that offered the first month at a reduced rate, asking for $1 and asking for $10 achieved about the same goal of filtering out the people who weren't serious.

Now, however, Quirky's FAQ answers that question by saying:

Well, you've got to ante up to give your idea the fair shot it deserves. Best case scenario? Your $10 investment takes your idea from a tiny sketch to a professionally manufactured product found on shelves worldwide, earning you a heckuva lot more. Worst case? That 10 bucks gets you extensive community feedback on who liked and didn't like your idea, which serves as focused consumer market research. You then have the option to resubmit your idea, or you can use the feedback you received to make it on your own.

That's not a trivial change, because that statement is actually wrong — the $10 doesn't "get you" any "community feedback". Which brings me to the next problem with Quirky's current system.

When I gave Quirky a test drive by submitting an idea for a standalone smartphone-battery recharger (something I wished for in my article about the usefulness of spare batteries), after I submitted the idea and my payment, I was left on a page without any information about what to do next. How, I wondered, was I supposed to get "votes" for my idea without spamming the message boards or other users? The FAQ didn't — and still doesn't — answer this question, odd for something that would be one of the first things on every submitter's mind. But it referred me to the forums, where I found a post by quirky user Matthew Fleming, whose invention was actually picked up by Quirky, summarizing advice from himself and other Quirky experts on how to get votes (and, presumably, how he himself did it):

"(1) Posting your idea is the designated Pimping Zone. [dead link]
(2) Getting your Facebook friends or Twitter followers to check out your idea.
(3) Promoting to all other people off site (including Google Adwords, Facebook Ads, Reddit, emailing, texting & calling your friends, finding relevant forums elsewhere online).
(4) Putting links to your idea in your profile, then being active in other areas of the site, such as helping other people's. People may check out your profile and look at your ideas.
(5) When adding a link to your submission in # 1 or 4, make sure your link is clickable typing in the html code (OR you can use this handy link generator to generate the HTML code to then paste directly into your post).
(6) Promote in other Quirky hangouts, like:
Quirky Inventors on Facebook
As Seen On Facebook [dead link]
Quirky Products on Facebook"

My heart sank like a rock when I read those words. Here I had really believed that — despite the considerable odds against any given submission making it into the production stage — Quirky at least had a system in place for identifying the best ones. But it turned out that those who had played the game successfully were basically admitting that the only way to win was to act as an unpaid Quirky promoter to your friends. And more to the point, it meant that the winners would not be the best inventions, but rather just the inventions that met the minimum requirement of not being embarrasingly stupid, whose inventors were the best at playing the promotion game.

So it is in fact misleading to say that the $10 entry fee "gets you" any community feedback. The only way to get community feedback is to try bringing up your idea in forum threads (which risks pissing people off if you violate some rules that are never clearly explained), to post it in designated areas where idea flooding is encouraged (which are clogged to the point of uselessness from everybody else doing the same thing), or to recruit new people under you in the Quirky pyramid.

I didn't do any of those things, so my idea got a grand total of 8 views and 3 votes, before expiring at the end of the 30-day vote-gathering window. Far from being surprised that I got so few views, on the contrary I don't even have any idea where those 8 views came from, since I didn't rope in any of my friends to sign up and vote for me.

If Quirky wants to essentially limit the winners to people who agree to promote Quirky to their friends, that's their right, but then they shouldn't claim that their system actually identifies the best new ideas, or even what "the community" thinks are the best new ideas.

Meanwhile, the products that do make it into production, seem to bear out the prediction above — they're good, but not great, and many of them look like they made it as a result of a combination of luck and playing the promotion game. The $13 "Pluck" egg yolk separator looks cool, but do you really need it when the grocery store sells an egg separator for $1.59? Well, I don't cook much, so maybe I'm more qualified to evaluate electronics accessories. I actually did just order one of Quirky's "Cordies" for holding cord extensions on your desktop (if it works out, I can let you know in a follow-up to my much-beloved article about low-tech hacks!), but there are gizmos on Amazon that do the same thing. The Pivot Power Strip also looks cool, but it seems simpler to me just to use power strip liberators, which are cheaper per-plug, can be divided across multiple rooms, and light up to show when the power is running.

And the truth is that of all the gadgets I saw in the Quirky store, there's nothing I would choose over having a portable charger for spare cell phone batteries. I may be biased, but what would you rather have — effectively unlimited phone battery life, or an egg yolk separator that happens to look like an egg?

What's frustrating about all of this is that there are two simple changes that Quirky could make to their selection system, which would immediately make the "promotion game" obsolete, and almost by definition would select the inventions that the greatest number of people would actually buy. The first change is the same basic system that I've advocated for reforming the White House "We The People" website, for halting cheating on news aggregator sites, for detecting abusive content on Facebook, and multiple other problems: random-sample voting. In other words, when you submit a new idea to Quirky, the idea would also be presented to, say, 20 other users selected at random. Each user votes on whether they would buy the product if it went into production. (Quirky could simply require that, as a condition of keeping your account active, you have to vote when they ask you to.) The ideas that get the most "yes" votes out of those 20 randomly selected users, are judged to be the most marketable. (Well, 20 is a small enough sample that some would get high ratings just as a statistical fluke, but an invention that cleared the first hurdle could then be sent to a voting panel of 100 users.)

Of course, users who have expertise in particular fields, could weigh in at any time to point out that an invention would be impractical, illegal, in violation of someone else's patent, or redundant given another product already on the market. But to answer the basic question of how many people would buy a product if it cleared all those other hurdles, asking a random sample of users is a rather more valid research method than "texting & calling your friends".

Unusually for one of my "random-sample-voting" lobbying efforts, someone has already made essentially the same point on the Quirky message boards — community inventor Clinton Fleenor wrote a post making essentially the same argument. I would quibble with him in a couple of points (there's no reason to bring in "a million+ impartial, non-submitting voters" per day, since a smaller sample size is good enough), but he got the key point exactly right:

"What happens if the system is distributing the submissions to voters one at a time instead of allowing voters to self-select?
Answer: No submissions are buried."

(Clinton's posts since that date have expressed an increasing disgust with the process, most recently calling Quirky "glaze-eyed lazy asses" — and this was from someone who actually won at their game. You can imagine how the people feel who don't win.)

In fact, you could even use the random sampling method to ask people not just whether they would buy a product, but to give them the option to pre-order it, Kickstarter-style, with the money to be returned if the product doesn't get enough pre-orders to justify production. Which leads to the second change that could revolutionize how Quirky works: Rather than picking two "winning" products every week, put every product into production that receives enough votes and/or pre-orders to indicate that it would be profitable.

For example, suppose you have an idea that can be made and sold for $10 per unit, but only if the product sells 10,000 units or more. Assume there are 100,000 Quirky users who can be polled to ask if they are potential buyers. Quirky takes your idea and presents it to 100 randomly selected users, and asks them to pre-order it for $10 if they're interested. If 20 of those 100 users do in fact pre-order, then Quirky presents the idea to all of their 100,000 product-buying user base. Assuming that the original sample of 100 was representative of the population of 100,000, then they would expect that 20,000 users would also pre-order. Now you've exceeded the minimum required order of 10,000 and the product can go into production. On the other hand, suppose only 5 people pre-order out of that sample of 100. Then Quirky could expect that out of their total population of 100,000, only about 5,000 would pre-order the product — not enough to justify production, so they never push the pre-order to the rest of their customers, and the original 5 who placed their pre-order would get their money back.

More realistically, suppose Quirky makes most of their sales through retail and not to their own users, but they also know that sales to their own users are a good predictor of retail sales — for example, that they sell 3 times as many of a product through retailers as they do to their own built-in user base. Then if a product has to sell 10,000 units to be profitable, they put it into production if they determine, via random sampling, that they would sell at least 2,500 units to their own users, and count on roughly 7,500 more orders from retail shoppers.

This system has several desirable features:

• If an idea doesn't appeal to a high enough percentage of the user base (as determined by asking the random sample that are asked to pre-order), then the vast majority of users never get bothered with the pre-order request, since it dies after not making it past the hurdle of the initial 100.
• On the other hand, if there are enough potential buyers among the user population, then barring any statistical flukes, the initial sample of 100 randomly selected users will reveal that. Thus almost all of the time, any idea that does get pushed to the entire user population, will get enough pre-orders at that point to go into production.
• The system can't be "gamed" by promotional shenanigans like "texting & calling your friends".
• It's scalable — any product that receives enough pre-orders to guarantee the desired profit, can go into production, no matter how many such products clear that threshold in any given week.

(If Quirky's patent lawyers are in danger of getting overwhelmed from all the ideas that clear the pre-order hurdle every week, the idea is still scalable for any invention where there's enough profit to pay for the lawyers. Suppose it takes $2,000 worth of lawyer-time to clear all the patents and other paperwork to market an invention. Then any invention that gets enough pre-orders to pay for the production cost, plus $2,000 for the lawyer, can still go to manufacturing. That process can be repeated as many times per week if you want, as long as there are lawyers who want the work.)

Kickstarter doesn't use random-sample-voting to identify the best ideas on their site, but they do use pre-orders to solve the scalability problem -- if enough people make a pre-order pledge on Kickstarter to meet the project's minimum funding requirements, the project goes ahead (and if the fundraising goal is not met, everyone who pledged gets their money back). Kickstarter doesn't pick "winners"; if you meet your funding requirement, you "win," and there's no limit on how many projects can be successfully funded in a given week. So I wasn't surprised to see that Kickstarter has funded over 39,000 projects successfully compared to Quirky's 326. (Yes, that's apples and oranges, since many Kickstarter projects are easier to complete than putting a Quirky invention into production — but still, given the buzz that both companies are receiving these days, would you have guessed that one of them has funded over 100 times more projects successfully than the other one?)

So those are my suggestions to Quirky: Use random-sample voting to get an initial reading for the merits of an idea (very easy), and then use Kickstarter-style pre-orders to secure funding for any marketable invention, not just a limited number of weekly "winners" (a much bigger overhaul, but a good long-term goal). If they appropriate my suggestions, I promise not to organize any protest demonstrations outside their headquarters demanding credit. In fact, given how unfair their current system is to the inventors ponying up $10 each to play their lottery, we should probably stage a protest outside their office if they don't take these ideas.

"Quirky.com has generated a lot of buzz," writes frequent contributor Bennett Haselton, "but it's hard to see how it could ever be more than a novelty unless they change two key features of their process. Fortunately, they already have all the infrastructure in place for bringing inventions to fruition, so that with these two changes, Quirky really could deliver on their early promise to change the way products get invented." Read on for Bennett's thoughts — which seem more sensible than quirky.

You've probably read about Quirky in one of many articles that read like valentines to the company and the concept. I do think the vision is brilliant — regular people who have smart ideas, but no experience with patents or marketing, partner with an invention company that manufacturers the product and splits the profits with them. But the hype seems oddly out of proportion to what Quirky actually makes — if you received a catalog in the mail with pictures of these products, would you remember the catalog a week later?

OK, I know, the hype is based not on the products, but on the process — regular people getting a shot at inventor stardom. Certainly the fairy tale has come true for some of the community inventors (who, not surprisingly, are spotlighted by Quirky quite a bit). But if you look at the overall numbers, the "About Quirky" page claims a community of "399,000 inventors" and "325 products developed," a pair of statistics that may reveal more than they intended — and indeed the odds are even worse than that, since only 74 of those products are being sold in their store and making the inventors any money, and only about half of those have made the inventor $10,000 or more. (For reasons explained here, some products selected by Quirky never actually get manufactured.) If you're tempted to think that it's a meritocracy and those 74 products really are the best ones anyone has ever submitted -- do you really think the Glide knife cleaner (12 units sold so far) is more useful than the nearly 400,000 other ideas people have sent in?

So if the products themselves are not changing the world, and from the "community inventor's" point of view it's a lottery that most of them have no chance of winning, then what is the big deal about Quirky?

Not surprisingly, there is an undercurrent of frustration that keeps bubbling to the surface on the Quirky message boards — frustration with the high odds against winning, and the lack of transparency about what products do make it. But I think the frustration can be traced back to two key problems with Quirky's process — both of which could be fixed (one of them quite easily), and which could take the arbitrariness and lack of transparency out of the selection process, and result in more inventions getting selected, all while making Quirky more money.

First, in the existing system, a user submitting a new idea probably doesn't realize that less than 1 in 1000 submissions goes on to be selected by Quirky as one of that week's "winners," and only about 1 in 10,000 ideas has ever gone on to make the inventor more than $10,000. On this page you can see a scrolling list of the most recent submissions; I wrote a script to poll that feed and count up the new submissions as they appeared, and the total averages about 1,500 per week. Of these, only two get selected by Quirky at their weekly staff meeting, and, as noted above, most of the selected winners do not end up in their store anyway.

Quirky also charges $10 for each idea submission, which comes to $15,000 per week, or about $150 per employee — hardly enough for each of them to live on, but not trivial. According to the text I copied from an old version of Quirky's FAQ: "We ask for $10 when submitting an idea for three simple reasons: to make sure you are serious about your submission, to be sure that you're an actual human, and most importantly: to assure that the quality of submissions remains high." Notably missing from that list was "To make Quirky some extra money." But from my experience when running a paid service that offered the first month at a reduced rate, asking for $1 and asking for $10 achieved about the same goal of filtering out the people who weren't serious.

Now, however, Quirky's FAQ answers that question by saying:

Well, you've got to ante up to give your idea the fair shot it deserves. Best case scenario? Your $10 investment takes your idea from a tiny sketch to a professionally manufactured product found on shelves worldwide, earning you a heckuva lot more. Worst case? That 10 bucks gets you extensive community feedback on who liked and didn't like your idea, which serves as focused consumer market research. You then have the option to resubmit your idea, or you can use the feedback you received to make it on your own.

That's not a trivial change, because that statement is actually wrong — the $10 doesn't "get you" any "community feedback". Which brings me to the next problem with Quirky's current system.

When I gave Quirky a test drive by submitting an idea for a standalone smartphone-battery recharger (something I wished for in my article about the usefulness of spare batteries), after I submitted the idea and my payment, I was left on a page without any information about what to do next. How, I wondered, was I supposed to get "votes" for my idea without spamming the message boards or other users? The FAQ didn't — and still doesn't — answer this question, odd for something that would be one of the first things on every submitter's mind. But it referred me to the forums, where I found a post by quirky user Matthew Fleming, whose invention was actually picked up by Quirky, summarizing advice from himself and other Quirky experts on how to get votes (and, presumably, how he himself did it):

"(1) Posting your idea is the designated Pimping Zone. [dead link]
(2) Getting your Facebook friends or Twitter followers to check out your idea.
(3) Promoting to all other people off site (including Google Adwords, Facebook Ads, Reddit, emailing, texting & calling your friends, finding relevant forums elsewhere online).
(4) Putting links to your idea in your profile, then being active in other areas of the site, such as helping other people's. People may check out your profile and look at your ideas.
(5) When adding a link to your submission in # 1 or 4, make sure your link is clickable typing in the html code (OR you can use this handy link generator to generate the HTML code to then paste directly into your post).
(6) Promote in other Quirky hangouts, like:
Quirky Inventors on Facebook
As Seen On Facebook [dead link]
Quirky Products on Facebook"

My heart sank like a rock when I read those words. Here I had really believed that — despite the considerable odds against any given submission making it into the production stage — Quirky at least had a system in place for identifying the best ones. But it turned out that those who had played the game successfully were basically admitting that the only way to win was to act as an unpaid Quirky promoter to your friends. And more to the point, it meant that the winners would not be the best inventions, but rather just the inventions that met the minimum requirement of not being embarrasingly stupid, whose inventors were the best at playing the promotion game.

So it is in fact misleading to say that the $10 entry fee "gets you" any community feedback. The only way to get community feedback is to try bringing up your idea in forum threads (which risks pissing people off if you violate some rules that are never clearly explained), to post it in designated areas where idea flooding is encouraged (which are clogged to the point of uselessness from everybody else doing the same thing), or to recruit new people under you in the Quirky pyramid.

I didn't do any of those things, so my idea got a grand total of 8 views and 3 votes, before expiring at the end of the 30-day vote-gathering window. Far from being surprised that I got so few views, on the contrary I don't even have any idea where those 8 views came from, since I didn't rope in any of my friends to sign up and vote for me.

If Quirky wants to essentially limit the winners to people who agree to promote Quirky to their friends, that's their right, but then they shouldn't claim that their system actually identifies the best new ideas, or even what "the community" thinks are the best new ideas.

Meanwhile, the products that do make it into production, seem to bear out the prediction above — they're good, but not great, and many of them look like they made it as a result of a combination of luck and playing the promotion game. The $13 "Pluck" egg yolk separator looks cool, but do you really need it when the grocery store sells an egg separator for $1.59? Well, I don't cook much, so maybe I'm more qualified to evaluate electronics accessories. I actually did just order one of Quirky's "Cordies" for holding cord extensions on your desktop (if it works out, I can let you know in a follow-up to my much-beloved article about low-tech hacks!), but there are gizmos on Amazon that do the same thing. The Pivot Power Strip also looks cool, but it seems simpler to me just to use power strip liberators, which are cheaper per-plug, can be divided across multiple rooms, and light up to show when the power is running.

And the truth is that of all the gadgets I saw in the Quirky store, there's nothing I would choose over having a portable charger for spare cell phone batteries. I may be biased, but what would you rather have — effectively unlimited phone battery life, or an egg yolk separator that happens to look like an egg?

What's frustrating about all of this is that there are two simple changes that Quirky could make to their selection system, which would immediately make the "promotion game" obsolete, and almost by definition would select the inventions that the greatest number of people would actually buy. The first change is the same basic system that I've advocated for reforming the White House "We The People" website, for halting cheating on news aggregator sites, for detecting abusive content on Facebook, and multiple other problems: random-sample voting. In other words, when you submit a new idea to Quirky, the idea would also be presented to, say, 20 other users selected at random. Each user votes on whether they would buy the product if it went into production. (Quirky could simply require that, as a condition of keeping your account active, you have to vote when they ask you to.) The ideas that get the most "yes" votes out of those 20 randomly selected users, are judged to be the most marketable. (Well, 20 is a small enough sample that some would get high ratings just as a statistical fluke, but an invention that cleared the first hurdle could then be sent to a voting panel of 100 users.)

Of course, users who have expertise in particular fields, could weigh in at any time to point out that an invention would be impractical, illegal, in violation of someone else's patent, or redundant given another product already on the market. But to answer the basic question of how many people would buy a product if it cleared all those other hurdles, asking a random sample of users is a rather more valid research method than "texting & calling your friends".

Unusually for one of my "random-sample-voting" lobbying efforts, someone has already made essentially the same point on the Quirky message boards — community inventor Clinton Fleenor wrote a post making essentially the same argument. I would quibble with him in a couple of points (there's no reason to bring in "a million+ impartial, non-submitting voters" per day, since a smaller sample size is good enough), but he got the key point exactly right:

"What happens if the system is distributing the submissions to voters one at a time instead of allowing voters to self-select?
Answer: No submissions are buried."

(Clinton's posts since that date have expressed an increasing disgust with the process, most recently calling Quirky "glaze-eyed lazy asses" — and this was from someone who actually won at their game. You can imagine how the people feel who don't win.)

In fact, you could even use the random sampling method to ask people not just whether they would buy a product, but to give them the option to pre-order it, Kickstarter-style, with the money to be returned if the product doesn't get enough pre-orders to justify production. Which leads to the second change that could revolutionize how Quirky works: Rather than picking two "winning" products every week, put every product into production that receives enough votes and/or pre-orders to indicate that it would be profitable.

For example, suppose you have an idea that can be made and sold for $10 per unit, but only if the product sells 10,000 units or more. Assume there are 100,000 Quirky users who can be polled to ask if they are potential buyers. Quirky takes your idea and presents it to 100 randomly selected users, and asks them to pre-order it for $10 if they're interested. If 20 of those 100 users do in fact pre-order, then Quirky presents the idea to all of their 100,000 product-buying user base. Assuming that the original sample of 100 was representative of the population of 100,000, then they would expect that 20,000 users would also pre-order. Now you've exceeded the minimum required order of 10,000 and the product can go into production. On the other hand, suppose only 5 people pre-order out of that sample of 100. Then Quirky could expect that out of their total population of 100,000, only about 5,000 would pre-order the product — not enough to justify production, so they never push the pre-order to the rest of their customers, and the original 5 who placed their pre-order would get their money back.

More realistically, suppose Quirky makes most of their sales through retail and not to their own users, but they also know that sales to their own users are a good predictor of retail sales — for example, that they sell 3 times as many of a product through retailers as they do to their own built-in user base. Then if a product has to sell 10,000 units to be profitable, they put it into production if they determine, via random sampling, that they would sell at least 2,500 units to their own users, and count on roughly 7,500 more orders from retail shoppers.

This system has several desirable features:

• If an idea doesn't appeal to a high enough percentage of the user base (as determined by asking the random sample that are asked to pre-order), then the vast majority of users never get bothered with the pre-order request, since it dies after not making it past the hurdle of the initial 100.
• On the other hand, if there are enough potential buyers among the user population, then barring any statistical flukes, the initial sample of 100 randomly selected users will reveal that. Thus almost all of the time, any idea that does get pushed to the entire user population, will get enough pre-orders at that point to go into production.
• The system can't be "gamed" by promotional shenanigans like "texting & calling your friends".
• It's scalable — any product that receives enough pre-orders to guarantee the desired profit, can go into production, no matter how many such products clear that threshold in any given week.

(If Quirky's patent lawyers are in danger of getting overwhelmed from all the ideas that clear the pre-order hurdle every week, the idea is still scalable for any invention where there's enough profit to pay for the lawyers. Suppose it takes $2,000 worth of lawyer-time to clear all the patents and other paperwork to market an invention. Then any invention that gets enough pre-orders to pay for the production cost, plus $2,000 for the lawyer, can still go to manufacturing. That process can be repeated as many times per week if you want, as long as there are lawyers who want the work.)

Kickstarter doesn't use random-sample-voting to identify the best ideas on their site, but they do use pre-orders to solve the scalability problem -- if enough people make a pre-order pledge on Kickstarter to meet the project's minimum funding requirements, the project goes ahead (and if the fundraising goal is not met, everyone who pledged gets their money back). Kickstarter doesn't pick "winners"; if you meet your funding requirement, you "win," and there's no limit on how many projects can be successfully funded in a given week. So I wasn't surprised to see that Kickstarter has funded over 39,000 projects successfully compared to Quirky's 326. (Yes, that's apples and oranges, since many Kickstarter projects are easier to complete than putting a Quirky invention into production — but still, given the buzz that both companies are receiving these days, would you have guessed that one of them has funded over 100 times more projects successfully than the other one?)

So those are my suggestions to Quirky: Use random-sample voting to get an initial reading for the merits of an idea (very easy), and then use Kickstarter-style pre-orders to secure funding for any marketable invention, not just a limited number of weekly "winners" (a much bigger overhaul, but a good long-term goal). If they appropriate my suggestions, I promise not to organize any protest demonstrations outside their headquarters demanding credit. In fact, given how unfair their current system is to the inventors ponying up $10 each to play their lottery, we should probably stage a protest outside their office if they don't take these ideas.

"Quirky.com has generated a lot of buzz," writes frequent contributor Bennett Haselton, "but it's hard to see how it could ever be more than a novelty unless they change two key features of their process. Fortunately, they already have all the infrastructure in place for bringing inventions to fruition, so that with these two changes, Quirky really could deliver on their early promise to change the way products get invented." Read on for Bennett's thoughts — which seem more sensible than quirky.

You've probably read about Quirky in one of many articles that read like valentines to the company and the concept. I do think the vision is brilliant — regular people who have smart ideas, but no experience with patents or marketing, partner with an invention company that manufacturers the product and splits the profits with them. But the hype seems oddly out of proportion to what Quirky actually makes — if you received a catalog in the mail with pictures of these products, would you remember the catalog a week later?

OK, I know, the hype is based not on the products, but on the process — regular people getting a shot at inventor stardom. Certainly the fairy tale has come true for some of the community inventors (who, not surprisingly, are spotlighted by Quirky quite a bit). But if you look at the overall numbers, the "About Quirky" page claims a community of "399,000 inventors" and "325 products developed," a pair of statistics that may reveal more than they intended — and indeed the odds are even worse than that, since only 74 of those products are being sold in their store and making the inventors any money, and only about half of those have made the inventor $10,000 or more. (For reasons explained here, some products selected by Quirky never actually get manufactured.) If you're tempted to think that it's a meritocracy and those 74 products really are the best ones anyone has ever submitted -- do you really think the Glide knife cleaner (12 units sold so far) is more useful than the nearly 400,000 other ideas people have sent in?

So if the products themselves are not changing the world, and from the "community inventor's" point of view it's a lottery that most of them have no chance of winning, then what is the big deal about Quirky?

Not surprisingly, there is an undercurrent of frustration that keeps bubbling to the surface on the Quirky message boards — frustration with the high odds against winning, and the lack of transparency about what products do make it. But I think the frustration can be traced back to two key problems with Quirky's process — both of which could be fixed (one of them quite easily), and which could take the arbitrariness and lack of transparency out of the selection process, and result in more inventions getting selected, all while making Quirky more money.

First, in the existing system, a user submitting a new idea probably doesn't realize that less than 1 in 1000 submissions goes on to be selected by Quirky as one of that week's "winners," and only about 1 in 10,000 ideas has ever gone on to make the inventor more than $10,000. On this page you can see a scrolling list of the most recent submissions; I wrote a script to poll that feed and count up the new submissions as they appeared, and the total averages about 1,500 per week. Of these, only two get selected by Quirky at their weekly staff meeting, and, as noted above, most of the selected winners do not end up in their store anyway.

Quirky also charges $10 for each idea submission, which comes to $15,000 per week, or about $150 per employee — hardly enough for each of them to live on, but not trivial. According to the text I copied from an old version of Quirky's FAQ: "We ask for $10 when submitting an idea for three simple reasons: to make sure you are serious about your submission, to be sure that you're an actual human, and most importantly: to assure that the quality of submissions remains high." Notably missing from that list was "To make Quirky some extra money." But from my experience when running a paid service that offered the first month at a reduced rate, asking for $1 and asking for $10 achieved about the same goal of filtering out the people who weren't serious.

Now, however, Quirky's FAQ answers that question by saying:

Well, you've got to ante up to give your idea the fair shot it deserves. Best case scenario? Your $10 investment takes your idea from a tiny sketch to a professionally manufactured product found on shelves worldwide, earning you a heckuva lot more. Worst case? That 10 bucks gets you extensive community feedback on who liked and didn't like your idea, which serves as focused consumer market research. You then have the option to resubmit your idea, or you can use the feedback you received to make it on your own.

That's not a trivial change, because that statement is actually wrong — the $10 doesn't "get you" any "community feedback". Which brings me to the next problem with Quirky's current system.

When I gave Quirky a test drive by submitting an idea for a standalone smartphone-battery recharger (something I wished for in my article about the usefulness of spare batteries), after I submitted the idea and my payment, I was left on a page without any information about what to do next. How, I wondered, was I supposed to get "votes" for my idea without spamming the message boards or other users? The FAQ didn't — and still doesn't — answer this question, odd for something that would be one of the first things on every submitter's mind. But it referred me to the forums, where I found a post by quirky user Matthew Fleming, whose invention was actually picked up by Quirky, summarizing advice from himself and other Quirky experts on how to get votes (and, presumably, how he himself did it):

"(1) Posting your idea is the designated Pimping Zone. [dead link]
(2) Getting your Facebook friends or Twitter followers to check out your idea.
(3) Promoting to all other people off site (including Google Adwords, Facebook Ads, Reddit, emailing, texting & calling your friends, finding relevant forums elsewhere online).
(4) Putting links to your idea in your profile, then being active in other areas of the site, such as helping other people's. People may check out your profile and look at your ideas.
(5) When adding a link to your submission in # 1 or 4, make sure your link is clickable typing in the html code (OR you can use this handy link generator to generate the HTML code to then paste directly into your post).
(6) Promote in other Quirky hangouts, like:
Quirky Inventors on Facebook
As Seen On Facebook [dead link]
Quirky Products on Facebook"

My heart sank like a rock when I read those words. Here I had really believed that — despite the considerable odds against any given submission making it into the production stage — Quirky at least had a system in place for identifying the best ones. But it turned out that those who had played the game successfully were basically admitting that the only way to win was to act as an unpaid Quirky promoter to your friends. And more to the point, it meant that the winners would not be the best inventions, but rather just the inventions that met the minimum requirement of not being embarrasingly stupid, whose inventors were the best at playing the promotion game.

So it is in fact misleading to say that the $10 entry fee "gets you" any community feedback. The only way to get community feedback is to try bringing up your idea in forum threads (which risks pissing people off if you violate some rules that are never clearly explained), to post it in designated areas where idea flooding is encouraged (which are clogged to the point of uselessness from everybody else doing the same thing), or to recruit new people under you in the Quirky pyramid.

I didn't do any of those things, so my idea got a grand total of 8 views and 3 votes, before expiring at the end of the 30-day vote-gathering window. Far from being surprised that I got so few views, on the contrary I don't even have any idea where those 8 views came from, since I didn't rope in any of my friends to sign up and vote for me.

If Quirky wants to essentially limit the winners to people who agree to promote Quirky to their friends, that's their right, but then they shouldn't claim that their system actually identifies the best new ideas, or even what "the community" thinks are the best new ideas.

Meanwhile, the products that do make it into production, seem to bear out the prediction above — they're good, but not great, and many of them look like they made it as a result of a combination of luck and playing the promotion game. The $13 "Pluck" egg yolk separator looks cool, but do you really need it when the grocery store sells an egg separator for $1.59? Well, I don't cook much, so maybe I'm more qualified to evaluate electronics accessories. I actually did just order one of Quirky's "Cordies" for holding cord extensions on your desktop (if it works out, I can let you know in a follow-up to my much-beloved article about low-tech hacks!), but there are gizmos on Amazon that do the same thing. The Pivot Power Strip also looks cool, but it seems simpler to me just to use power strip liberators, which are cheaper per-plug, can be divided across multiple rooms, and light up to show when the power is running.

And the truth is that of all the gadgets I saw in the Quirky store, there's nothing I would choose over having a portable charger for spare cell phone batteries. I may be biased, but what would you rather have — effectively unlimited phone battery life, or an egg yolk separator that happens to look like an egg?

What's frustrating about all of this is that there are two simple changes that Quirky could make to their selection system, which would immediately make the "promotion game" obsolete, and almost by definition would select the inventions that the greatest number of people would actually buy. The first change is the same basic system that I've advocated for reforming the White House "We The People" website, for halting cheating on news aggregator sites, for detecting abusive content on Facebook, and multiple other problems: random-sample voting. In other words, when you submit a new idea to Quirky, the idea would also be presented to, say, 20 other users selected at random. Each user votes on whether they would buy the product if it went into production. (Quirky could simply require that, as a condition of keeping your account active, you have to vote when they ask you to.) The ideas that get the most "yes" votes out of those 20 randomly selected users, are judged to be the most marketable. (Well, 20 is a small enough sample that some would get high ratings just as a statistical fluke, but an invention that cleared the first hurdle could then be sent to a voting panel of 100 users.)

Of course, users who have expertise in particular fields, could weigh in at any time to point out that an invention would be impractical, illegal, in violation of someone else's patent, or redundant given another product already on the market. But to answer the basic question of how many people would buy a product if it cleared all those other hurdles, asking a random sample of users is a rather more valid research method than "texting & calling your friends".

Unusually for one of my "random-sample-voting" lobbying efforts, someone has already made essentially the same point on the Quirky message boards — community inventor Clinton Fleenor wrote a post making essentially the same argument. I would quibble with him in a couple of points (there's no reason to bring in "a million+ impartial, non-submitting voters" per day, since a smaller sample size is good enough), but he got the key point exactly right:

"What happens if the system is distributing the submissions to voters one at a time instead of allowing voters to self-select?
Answer: No submissions are buried."

(Clinton's posts since that date have expressed an increasing disgust with the process, most recently calling Quirky "glaze-eyed lazy asses" — and this was from someone who actually won at their game. You can imagine how the people feel who don't win.)

In fact, you could even use the random sampling method to ask people not just whether they would buy a product, but to give them the option to pre-order it, Kickstarter-style, with the money to be returned if the product doesn't get enough pre-orders to justify production. Which leads to the second change that could revolutionize how Quirky works: Rather than picking two "winning" products every week, put every product into production that receives enough votes and/or pre-orders to indicate that it would be profitable.

For example, suppose you have an idea that can be made and sold for $10 per unit, but only if the product sells 10,000 units or more. Assume there are 100,000 Quirky users who can be polled to ask if they are potential buyers. Quirky takes your idea and presents it to 100 randomly selected users, and asks them to pre-order it for $10 if they're interested. If 20 of those 100 users do in fact pre-order, then Quirky presents the idea to all of their 100,000 product-buying user base. Assuming that the original sample of 100 was representative of the population of 100,000, then they would expect that 20,000 users would also pre-order. Now you've exceeded the minimum required order of 10,000 and the product can go into production. On the other hand, suppose only 5 people pre-order out of that sample of 100. Then Quirky could expect that out of their total population of 100,000, only about 5,000 would pre-order the product — not enough to justify production, so they never push the pre-order to the rest of their customers, and the original 5 who placed their pre-order would get their money back.

More realistically, suppose Quirky makes most of their sales through retail and not to their own users, but they also know that sales to their own users are a good predictor of retail sales — for example, that they sell 3 times as many of a product through retailers as they do to their own built-in user base. Then if a product has to sell 10,000 units to be profitable, they put it into production if they determine, via random sampling, that they would sell at least 2,500 units to their own users, and count on roughly 7,500 more orders from retail shoppers.

This system has several desirable features:

• If an idea doesn't appeal to a high enough percentage of the user base (as determined by asking the random sample that are asked to pre-order), then the vast majority of users never get bothered with the pre-order request, since it dies after not making it past the hurdle of the initial 100.
• On the other hand, if there are enough potential buyers among the user population, then barring any statistical flukes, the initial sample of 100 randomly selected users will reveal that. Thus almost all of the time, any idea that does get pushed to the entire user population, will get enough pre-orders at that point to go into production.
• The system can't be "gamed" by promotional shenanigans like "texting & calling your friends".
• It's scalable — any product that receives enough pre-orders to guarantee the desired profit, can go into production, no matter how many such products clear that threshold in any given week.

(If Quirky's patent lawyers are in danger of getting overwhelmed from all the ideas that clear the pre-order hurdle every week, the idea is still scalable for any invention where there's enough profit to pay for the lawyers. Suppose it takes $2,000 worth of lawyer-time to clear all the patents and other paperwork to market an invention. Then any invention that gets enough pre-orders to pay for the production cost, plus $2,000 for the lawyer, can still go to manufacturing. That process can be repeated as many times per week if you want, as long as there are lawyers who want the work.)

Kickstarter doesn't use random-sample-voting to identify the best ideas on their site, but they do use pre-orders to solve the scalability problem -- if enough people make a pre-order pledge on Kickstarter to meet the project's minimum funding requirements, the project goes ahead (and if the fundraising goal is not met, everyone who pledged gets their money back). Kickstarter doesn't pick "winners"; if you meet your funding requirement, you "win," and there's no limit on how many projects can be successfully funded in a given week. So I wasn't surprised to see that Kickstarter has funded over 39,000 projects successfully compared to Quirky's 326. (Yes, that's apples and oranges, since many Kickstarter projects are easier to complete than putting a Quirky invention into production — but still, given the buzz that both companies are receiving these days, would you have guessed that one of them has funded over 100 times more projects successfully than the other one?)

So those are my suggestions to Quirky: Use random-sample voting to get an initial reading for the merits of an idea (very easy), and then use Kickstarter-style pre-orders to secure funding for any marketable invention, not just a limited number of weekly "winners" (a much bigger overhaul, but a good long-term goal). If they appropriate my suggestions, I promise not to organize any protest demonstrations outside their headquarters demanding credit. In fact, given how unfair their current system is to the inventors ponying up $10 each to play their lottery, we should probably stage a protest outside their office if they don't take these ideas.

I've been really, really excited about digital video distribution lately: first Netflix greenlights jms's return to science fiction TV, and then Amazon announces their new pilots. Perhaps the decade long dearth of any good television is nearing its end! So, with that in mind, I finished up editing Slashdot for the day and sat down to watch some of these new pilots. Only to discover that Amazon has taken away my ability to watch entirely in the name of Digital Restrictions Management.

For ages now, Amazon Instant Video has worked with Android devices supporting Flash and, more importantly to many people (and me) it seems, through an unofficial XBMC plugin. It seemed like Amazon was happily using RTMPE to prevent casual stream interception, at least for content funded by others. But with the release of their new pilots, they enabled "Flash Access," Adobe's DRM that (for now) is actually effective.

This effectively kills access for everyone using GNU/Linux, even with the (officially unsupported) Adobe Flash plugin! The Adobe plugin relies on HAL for some DRM magic, but HAL is unmaintained, deprecated, and was removed from most major distros ages ago. You can't even install it by hand thanks to udev removing a few features HAL relied upon. Naturally, the Adobe Flash plugin is equally unmaintained so there is little hope even for people willing to install a piece of unmaintained software with a history of remotely exploitable security holes, instability, and poor performance.

But it seems the loss of access from XBMC is more widely felt: RMS cultists and pragmatic Windows users alike now suffer equally. And the folks who aren't GNU/Hippies with an anti-cloud-chip-on-their-shoulder might even be suffering more: they've lost access to shows and movies that they purchased.

There are a dozen pages on the XBMC forum of people pretty pissed, hundreds of angry posts on their Facebook wall, lengthy threads on Amazon's official forums. But so far the response from Amazon has simply been: it was never supposed to work, and we've fixed it.

In the absence of a clear response from Amazon, wild speculations as to why they decided to institute DRM abound: it's not intentional, piracy is a problem for them after all, Jeff Bezos personally wants to eat every XBMC user's cat, or it has something to do with those pilots.

I'd wager it had something to do with the pilots, or was somewhat unintentional (maybe they only meant to restrict HD content).

An XBMC forum member claims to have chatted with a support representative and gotten a suggestive answer:

Amazon Support: Okay, for Android devices we unfortunately don't support them except for the Kindle Fires so it was really lucky your phone was able to play our instant videos before. As to why they aren't working now, we just recently updated our Flash video playback support which is more than likely why it won't play now. I'm really sorry for any inconvenience this will cause you!
Me: I see. Was the flash video playback updated because of the new Amazon Original Pilots that was released recently?
Amazon Support:I'm honestly not sure if it was due to the pilots that came out, though the timing with the pilots and the update can't be coincidental :-)

Assuming it's not just a technical glitch (it happened once before, and Amazon turned the harder-to-break DRM off) and related to the pilots, why only now have they enabled proper DRM? Surely if content they fund is worth restricting then all content is worth restricting? After all, the party line has always been that DRM is imposed by those evil card carrying MPAA members, and not by enlightened tech companies who are just doing what has to be done to free us from the tyranny of broadcast television.

Is it that the content they already provide is widely available through piracy that they haven't cared before? Perhaps; stream ripping from Amazon/Netflix/Hulu and transforming it into a shareable form is not something a normal person would do if only because the video is streamed in mostly real-time. But there are entire groups dedicated to capturing television and uploading it, so someone out there would probably do it.

The problem is that they are going to break the DRM and pirate everything anyway. In fact. they already have (possibly nsfw, because piracy). The same goes for Netflix; their onerous DRM did nothing to stop piracy of House of Cards (finding it is left as an exercise for the reader, but Knuth would rate it 00), and yet they just posted incredible financial results and strong subscriber growth (in utter contrast to this time last year).

The cat's out of the bag: a good chunk of the world population own Infinite Copying Machines and those machines are networked. You cannot stop a determined individual from making a freely copyable version of anything digital unless you ban all output devices (certainly would make Haskell programming nicer) and burn every camera and piece of audio equipment ever built.

It seems that the same toxic thinking about distribution control that pervades the traditional networks has infected the online distributors. It's clear that torrent trackers offer something the traditional channels do not: (mostly) effortless access to content how and when you want it. But these are things that Netflix, Amazon, et al could offer as well... that they do offer. However, instead of liberalizing distribution as time goes on, the New Distributors have fallen into the same clearly failed mentality about restricting distribution that led to the entire media industry becoming a former shell of itself in a mere five years!

This mentality will only lead to failure. Pursuit of it is insanity: we are witnessing the end stages of an industry-wide collapse because of it! And it seems these new distributors have quickly forgotten that it was only the desperation of their predecessors that they were even able to license what they have now.

So, Amazon, why do you insist upon flogging people who are yelling "Shut up and take my money!"?

Nerval's Lobster writes "Facebook has added real-time dashboards for measuring the efficiency of its data centers' internal power and water use. Two dashboards monitor the company's Prineville, Ore. (here) and Forest City, N.C. data centers (here), measuring both the Power Usage Effectiveness (PUE) and Water Usage Effectiveness of those facilities, in addition to the ambient temperature and humidity. So far, visitors to the Prineville and Forest City dashboards only see a limited snapshot of the Facebook data: the display only covers 24 hours, and is delayed by 2.5 hours on both sites. Facebook also hasn't disclosed how many servers the data represents, which could conceivably be used by competitors to get a sense of the social network's total computing power. The company said that once its data center in Luleå, Sweden, comes online, Facebook will begin adding data from that location, as well. Although Facebook said it provided the information out of a sense of openness, the data—showing PUEs of about 1.09 for both facilities as of press time—is a bit of a boast, as well; as recently as 2011, Uptime Institute said that the average data center's PUE was approximately 1.8. So far, Facebook hasn't said whether it will provide access to the dashboards via an API, so third parties can get a better sense of how Facebook is managing power and water use over time, and through various seasons of the year."

Nerval's Lobster writes "Facebook has added real-time dashboards for measuring the efficiency of its data centers' internal power and water use. Two dashboards monitor the company's Prineville, Ore. (here) and Forest City, N.C. data centers (here), measuring both the Power Usage Effectiveness (PUE) and Water Usage Effectiveness of those facilities, in addition to the ambient temperature and humidity. So far, visitors to the Prineville and Forest City dashboards only see a limited snapshot of the Facebook data: the display only covers 24 hours, and is delayed by 2.5 hours on both sites. Facebook also hasn't disclosed how many servers the data represents, which could conceivably be used by competitors to get a sense of the social network's total computing power. The company said that once its data center in Luleå, Sweden, comes online, Facebook will begin adding data from that location, as well. Although Facebook said it provided the information out of a sense of openness, the data—showing PUEs of about 1.09 for both facilities as of press time—is a bit of a boast, as well; as recently as 2011, Uptime Institute said that the average data center's PUE was approximately 1.8. So far, Facebook hasn't said whether it will provide access to the dashboards via an API, so third parties can get a better sense of how Facebook is managing power and water use over time, and through various seasons of the year."

New submitter zayyd writes "The CBC reports that publicly-elected Gerry Rogers, member of the Provincial Government for Newfoundland and Labrador, 'has been removed from the house of assembly for refusing to apologize for comments made by other users on a Facebook group of which she had been added to as a member.' Rogers was unwillingly added to a Facebook Group which included comments of death threats aimed at Premier Kathy Dunderdale from other users. From the article: 'Dunderdale said her government understands how Facebook groups work, and she said it is up to every MHA to monitor the comments posted on Facebook groups to which they belong.' Facebook's policies for Groups are somewhat clear, even if they don't actually answer the question of 'Can I prevent people from adding me to a new group?'"

hydrofix writes "The Bitcoin-to-USD exchange rate had been climbing steadily since January 2013, from around 30 USD to over 250 USD only 24 hours ago. Now, the value bubble seems to have burst, at least partially. The primary trading site MtGox reported a drop in value all the way down to 140 USD today, a loss of almost half in real value. With many sites unreachable or slow, there are also news of a possible DDoS attack on MtGox: 'Attackers wait until the price of Bitcoins reaches a certain value, sell, destabilize the exchange, wait for everybody to panic-sell their Bitcoins, wait for the price to drop to a certain amount, then stop the attack and start buying as much as they can. Repeat this two or three times like we saw over the past few days and they profit.'"

tsamsoniw writes "Hoping to strike a blow against sexism in the tech industry , developer and tech evangelist Adria Richards took to Twitter to complain about two male developers swapping purportedly offensive jokes at PyCon. The decision has set into motion a chain of events that illustrate the impact a tweet or two can make in this age of social networking: One the developers and Richards have since lost their jobs, and even the chair of PyCon has been harassed for his minor role in the incident."

The quote in the title is from www.muckrock.com/about/. And that is exactly what MuckRock is all about: Making FOIA (Freedom of Information Act) requests for you (and investigative reporters) so you don't have to deal with the often-daunting paperwork and runarounds you may run into when you try to pry information out of a recalcitrant government agency. In theory, most government information is public. In practice, many local, state and federal government bodies would just as soon never tell you anything. This is why Tim Lord talked with MuckRock co-founder Michael Morisy, and why we're running this interview in the middle of Sunshine Week, which exists "...to educate the public about the importance of open government and the dangers of excessive and unnecessary secrecy."

An anonymous reader writes "A popular Seattle bar and restaurant has posted a notice on its Facebook page warning patrons that wearing Google Glass will not be tolerated. 'Ass kicking will be encouraged for violators,' wrote Dave Meinert, owner of the 5 Point Cafe, perhaps in a mock aggressive tone. GeekWire reports that Meinert raised privacy concerns in an interview with a local radio station: 'People want to go there and be not known and definitely don't want to be secretly filmed or videotaped and immediately put on the Internet.' A subsequent FB post includes more Meinert musings on Google Glass: 'They are really just the new fashion accessory for the fanny pack & never removed Bluetooth headset wearing set,' along with unflattering photos of a pair of early adopters."

Wescotte writes "The Amateur Monster Movie is the first feature length film by King's Tower Productions and writer/director Kyle Richards, all filmed within an hour of Milwaukee, WI over the course of 57 days during the summers of 2009 and 2010. It was shot as a 'no-budget' film and the entire cast and crew worked for free on owned or borrowed equipment. After a few film festival appearances, highlighted by the Wisconsin Film Festival, and — a cast and crew favorite — the Oshkosh Horror Film Festival, Richards decided to release the film for free online, a move intended to encourage more movies and media to do the same and allow free media access to everyone online. The film can be streamed from Vimeo and YouTube or downloaded via torrent at Pirate Bay, KAT, and magnet link. More information and production stills can be found at the Facebook Page, and IMDB." The acting is straightforwardly campy, but (promise or warning) the gory, zero-budget special effects start about four minutes in.

New submitter PuZZleDucK writes "If you hadn't had enough 'mobile UI' thrust upon you by OS makers, you'll be relieved to know Facebook will be chipping in. The company is redesigning its desktop user interface in a way which 'standardizes the feed across mobile devices and desktop computers, is designed to keep users active and interacting as well as appeal to advertisers.' According to the article, 'Greater emphasis is given to images — which are now much larger. Photos now make up nearly 50% of news feed stories and are now front and center. If you see shades of Instagram — or Google+ — in the new feed, you aren't alone. We see them too. Facebook says it is following trends on where design is headed and it is clear that trend includes big photos and a clean, navigable design.' Enjoy, I'll be over here."

Nerval's Lobster writes "Facebook's Graph Search, its new and powerful way of searching the social network for all manner of information, has drawn a lot of attention since its January unveiling. Some have praised its innovation; others have wondered openly whether its search abilities will end up threatening Google and LinkedIn. Still more have questioned what it all means for users' privacy—always a touchy subject in conjunction with Facebook. The social network previously revealed how it's adjusting its hardware infrastructure to deal with the spike in traffic that will come from interactions with Graph Search (short answer: the Disaggregated Rack, which will break up hardware resources and scale them independently of one another). Now, in a new blog posting, it's offering a bit more with regard to the software side of things, and how the company repurposed an existing system to solve Graph Search's enormous engineering challenge. Bottom line: Facebook's engineers and executives finally decided on Unicorn, an inverted-index system they'd had in development for quite some time."

rueger writes "Right now there's an election happening in British Columbia. A desperate government is flooding Facebook with "Sponsored Post" spam (example) extolling the wonderful things that they plan to do if re-elected. There's one problem though. Every one of these posts is followed by hundreds of extremely negative comments added by people who either dislike the party in question, or Facebook spam in general. Desperate moderators are trying to control the 'discussion,' but seem to have no hope of doing so. What was thought to be a cool marketing tool has turned into a public relations disaster. Is this the worst use of social media in an election?"

rueger writes "Right now there's an election happening in British Columbia. A desperate government is flooding Facebook with "Sponsored Post" spam (example) extolling the wonderful things that they plan to do if re-elected. There's one problem though. Every one of these posts is followed by hundreds of extremely negative comments added by people who either dislike the party in question, or Facebook spam in general. Desperate moderators are trying to control the 'discussion,' but seem to have no hope of doing so. What was thought to be a cool marketing tool has turned into a public relations disaster. Is this the worst use of social media in an election?"

Trailrunner7 writes "Laptops belonging to several Facebook employees were compromised recently and infected with malware that the company said was installed through the use of a Java zero-day exploit that bypassed the software's sandbox. Facebook claims that no user data was affected by the attack and says that it has been working with law enforcement to investigate the attack, which also affected other unnamed companies. Facebook officials did not identify the specific kind of malware that the attackers installed on the compromised laptops, but said that the employee's machines were infected when they visited a mobile developer Web site that was hosting the Java exploit. When the employees visited the site, the exploit attacked a zero-day vulnerability in Java that was able to bypass the software's sandbox and enable the attackers to install malware. The company said it reported the vulnerability to Oracle, which then patched the Java bug on Feb. 1."

An anonymous reader writes "Facebook has brought back its photo Tag Suggestions feature to the U.S. after temporarily suspending it last year to make some technical improvements. Facebook says it has re-enabled it so that its users can use facial recognition 'to help them easily identify a friend in a photo and share that content with them.' Facebook first rolled out the face recognition feature across the U.S. in late 2010. The company eventually pushed photo Tag Suggestions to other countries in June 2011, but in the US there was quite a backlash. Yet Facebook doesn't appear to have made any privacy changes to the feature: it's still on by default."

An anonymous reader writes "In what seems to be a recurring theme with Facebook as the social networking giant adds features, competing apps that use Facebook integration risk being cut off due to the terms of service surrounding the API. For example, 'Voxer CEO Tom Katis told AllThingsD that the company got an email on Thursday saying that Facebook wanted to hold a phone call to discuss possible violations of a section of the company’s terms of service. The section in question centers around the use of Facebook’s social graph by competing social networks.' Similarly, 'Within hours of Twitter launching its Vine video-sharing application on Thursday, Facebook has cut off access to Vine’s "find people" feature, which used to let Vine users find their Facebook friends using the Vine application.' You have to ask yourself: is it really worth developing an app that integrates with, or worse runs completely on Facebook's platform?"

Frequent contributor Bennett Haselton writes with some strong cautions on a Facebook "feature" that lets you search for random phone numbers and find the accounts of users who have registered that number on their Facebook profile. This has privacy implications that are more serious than searching by email address. Especially in light of the expanding emphasis that Facebook is putting both on search qua search and on serving as a VoIP intermediary (not to mention the stream of robocalls that the FCC is unable to stop), this might make you think twice about where your phone number ends up. Read on for Bennett's description of the problem and some possible solutions.

A few weeks ago a friend of mine said she was getting harassing text messages from a particular phone number, which she didn't recognize and which didn't appear in any of her own records. On a whim, I suggested entering the number into the Facebook search box, whereupon we found the guy's profile (even though he had no friends in common with the account we were logged in under), realized who he was, and ratted the thirty-something out to his Mom.

Then I thought: Is it really a good idea, for this to be possible? I tried entering consecutive phone numbers (starting with a random valid number, and varying the last 2 digits from 00 to 99) into Facebook's search box, and 13 of them came up with valid matches. None of those matches had any friends in common with the account we were searching from; as far as I can tell, anybody could enter any phone number into Facebook's search box and find the account associated with it, if there is one.

I think this has non-trivial privacy implications. (I repeatedly contacted Facebook explaining why I think this is a problem, but they haven't responded.) I'm not talking about the ability to find the account associated with a particular phone number — I think relatively few people have a legitimate need to send text messages from a truly anonymous phone number, and if they do, it's their own fault if they're dumb enough to put that number on their Facebook profile. And it wouldn't be a practical way to unmask the phone number associated with a particular account, either — even if you knew the person's area code, and narrowed down the list of possible exchange numbers following the area code, you'd still have to try tens of thousands of possibilities.

Rather, the problem is that you could use this technique to build up a database of phone numbers and associated accounts without targeting any specific phone number or account. Not only would you know the names associated with each of the numbers, you could associate the phone number with anything else that was discoverable from the person's Facebook profile &mdash which usually includes their location, their interests, and the names of their other friends. (By default, all such information is visible on your Facebook profile — even to users who aren't your Facebook friends and have no friends in common with you — but your contact information is supposed to be hidden from other users unless you've confirmed them as friends.)

An attacker could do this with email addresses too, of course, if they had a long list of email addresses known to be valid, by searching to see which ones were associated with Facebook accounts. Or they could supplement it with a list of automatically generated email addresses like john001@hotmail.com, john002@hotmail.com, similar to what spammers use in a dictionary harvest attack, and hope that some of those would map to valid accounts as well. The difference is that because the space of possible email addresses is effectively infinite, and because many people use email addresses on Facebook that aren't on any publicly circulating databases, an email search would probably not hit more than a small portion of Facebook accounts that were searchable by email address. On the other hand, since the space of possible phone numbers is finite, with enough patience you could uncover every Facebook account that had an associated phone number. As my short experiment above showed (13 out of 100 random numbers mapping to accounts), you could start building up a list of valid hits pretty quickly.

Similarly, it's already trivially possible for an attacker to build up a long list of other users' Facebook accounts - start with one person's account, go through their friends list, then visit the profile of each of those users and index their friends list, etc., like a search engine recursively spidering the Web. However, you'd be left with a large list of Facebook accounts but no way to contact them — you wouldn't have their email addresses or phone numbers, and if you send a message to a non-friend on Facebook, it goes into a subfolder of their Inbox marked "Other", which most users never check. The phone number dictionary attack described above, is the only loophole I can think of that lets you harvest a large list of Facebook users and a means to contact them in a way that they will actually see.

What could somebody do with such a database? Well, even if you only had a small list of a few thousand people, you could try spamming or scamming the numbers via text message. SMS scams are nothing new, of course, but they would probably be more effective if supplemented with the details you could get from a person's Facebook profile. (For straight-up spam, you can target it based on the interests listed in a person's profile. For scams, remember that you can use names taken from a person's friends list: "Hi, this is Jessica Smith. I have to pay off a parking ticket online or my car will get towed; can I borrow your credit card number and then I'll pay you tomorrow?")

Or if you spidered so many accounts that you built up a database which included a significant portion of all Facebook users with phone numbers on their profile, you could even launch your own publicly searchable website, splattered with grey-market pop-up advertisements: "Look up any Facebook user's phone number! If they've got their number on their Facebook profile, we have it here!" (While this would certainly raise awareness of the problem, I think it's more likely that the data harvester would decide they could make more money trading the data on the black market.)

I haven't seen this issue raised anywhere else, but lest you accuse me of "giving the bad guys ideas", I do think it's sufficiently obvious that some people on the dark side have probably discovered it, or would have, even if I hadn't brought it up. And even if any of these outcomes is unlikely, it would only have to be done once, to put the users' data permanently in the hands of the attackers, with Facebook unable to put the cat back into the bag. (Although they could at least rectify the problem for new users going forward.)

Balanced against this, what is the upside of being able to search for someone's profile on Facebook using their phone number? In my Facebook-using days, I never did it, since it was always easier to find someone using their email address, or by searching for their name, or by finding them in the friends list of one of our mutual friends. But even in a case where all you had was the person's phone number, is it too much to text them and ask for their first and last name, or their email address, so you can add them on Facebook?

Although Facebook did not respond to my inquiries, it's true that the existing behavior doesn't technically look like a violation of their Privacy Policy ("To make it easier for your friends to find you, we allow anyone with your contact information (such as email address or telephone number) to find you through the Facebook search bar..."). And I verified with a new test account that by default, in your privacy settings, under "How You Connect", the setting "Who can look you up using the email address or phone number you provided?" is set to "Everyone." The problem is that this setting casually lumps the two together, and users — as well as Facebook itself — might not realize that the implications of being findable by your phone number, are different from being findable by your email address.

Facebook should probably just go ahead and block searches by phone number — or, at least, make you fill out a CAPTCHA every time you do a phone number search, to make it harder to harvest them in bulk. There's no way to know if scammers are trying this already, but at least we can prevent it going forward. That would require a small edit to Facebook's privacy policy, but luckily for them, they can now do that without even calling a vote.

- - - - - - - - - - - - - - - - - - - - - - - - - - Do you have a feature idea for Slashdot? Contact us at feedback@slashdot.org, and give us a heads-up!

Today at a press conference in California, Mark Zuckerberg announced a big new feature from Facebook: Graph Search. It's a set of tools designed to quickly bring together social information involving "people, photos, places, and interests" in response to a user's query. Zuckerberg was quick to point out that they aren't indexing the web, and thus aren't challenging Google. However, it will use the vast volumes of data already stored on Facebook to answer questions like "What kinds of movies do my friends like?" and "Who are friends of friends that are single in San Francisco?" Addressing the obvious privacy concerns, the company said it wouldn't allow users to search content that wasn't already shared with them (or already public). The searched data does, however, include location data, if it's been shared — you can search by places your friends have been. Significantly, the official site also mentions that Graph Search will help you meet new people, something Facebook hasn't really highlighted until now. Graph Search is being rolled out as a limited beta, with only a few thousand participants. In the coming months, they'll open it to more users and continue working on mobile and non-English versions.

Many reporters go to the CES, AKA Consumer Electronic Show (warning - link landing page plays annoying sound) in Las Vegas to see the newest 42.001" LCD TVs, which are 0.001" bigger than last year's 42" models. And there are many boring Windows 8 devices, many of which both run Windows and can display the number 8. These items, along with keynotes from tech gurus like Bill Clinton (We're not making this up!) may be amazing to some news outlets, but not to Slashdot or to Our Man Timothy, who seeks out the new, the bizarre, and the unusual and -- without taking a dime from them -- lets their instigators talk to him about their wares. But it's got to be good stuff, not run of the mill incremental advances. Like the Good Night Lamp(tm), which was invented by Alexandra Deschamps-Sonsino, whose "work has been exhibited," says the goodnightlamp.com/team page, "at the Milan Furniture Fair, London Design Festival, The Victoria & Albert Museum and the Museum of Modern Art in New York." Now the Good Night Lamp people are showing off their product and trying to raise money through Kickstarter. But that's enough from us. We will now hand the microphone to Ms. Deschamps-Sonsino and let her tell you the rest.

Let's say you are an IT stud named Yoed Anis, you spent a year in Japan and decided you really like Saké, and you're back home in Austin, Texas. Since Texas, like Japan, grows lots of rice, you obviously need to start the Texas Saké Company to produce Rising Star and Whooping Crane Sakés, which you sell online and through a number of Texas restaurants and retailers. But whatever we can say in print pales beside a two-part brewery tour conducted by Toji Yoed himself, accompanied by Timothy Lord and his trusty camcorder. Yes, there's a transcription. But the video tour itself is better, even though it regretfully does not include the delightful aroma of Saké being made. (Someday, perhaps, Slashdot Studios will be equipped for Smell-O-Vision, but that's at least a few years off.)

Orome1 writes "The voting period for the proposed changes to Facebook's Statement of Rights and Responsibilities and Data Use Policy has ended on Monday, and despite the email sent out to the users asking them to review the changes and cast their vote, less than one percent of all users have done so. 'An external auditor has reviewed and confirmed the final results. Of the 668,872 people who voted, 589,141 recommended we keep our existing SRR and Data Use Policy,' stated Elliot Schrage, Facebook's vice president of communications, public policy, and marketing. Still, that is not nearly enough to prevent the proposed changes — as required by Facebook, at least 30 percent of the users should have voted against them in order to keep the previous versions of the policies. Schrage pointed out that that the whole experience illustrated the clear value of Facebook's notice and comment process."

New submitter OldTimeRadio writes "Over the last month, both game publishers and gaming communities alike were surprised to find their GameSpy multiplayer support suddenly disabled by GLU Mobile, who purchased GameSpy from IGN this August. Many games, including Neverwinter Nights 1 & 2, Microsoft Flight Simulator X, Swat 4, Sniper Elite, Hidden and Dangerous 2, Wings of War, Star Wars: Battlefront are no longer able to find (and in some cases even host) multiplayer games. While games like Neverwinter Nights are still able to directly connect to servers if players know the IP address, less-fortunate gamers expressed outrage on GLU Mobile's 'Powered by GameSpy' Facebook page. In an open letter to their Sniper Elite gaming community today, UK game developer Rebellion explained it was helpless to change the situation: 'A few weeks ago, the online multiplayer servers for Sniper Elite were suddenly switched off by Glu, the third-party service we had been paying to maintain them. This decision by Glu was not taken in consultation with us and was beyond our control. We have been talking to them since to try and get the servers turned back on. We have been informed that in order to do so would cost us tens of thousands of pounds a year — far in excess of how much we were paying previously. We also do not have the option to take the multiplayer to a different provider. Because the game relies on Glu and Gamespy's middleware, the entire multiplayer aspect of the game would have to be redeveloped by us, again, at the cost of many tens of thousands of pounds.""

Nerval's Lobster writes "Facebook is letting users vote on changes to its Data Use Policy and Statement of Rights and Responsibilities (Facebook users can vote via this link). The company will also host a live Webcast to answer questions at 9:30 AM PST. One section of Facebook's revamped policies insists that the network can share information with its family of companies. This apparently applies to Instagram, the photo-sharing service acquired by Facebook earlier this year. Under the terms of the provision, Facebook can store 'Instagram's server logs and administrative records in a way that is more efficient than maintaining totally separate storage systems.' Facebook is also clarifying its language surrounding affiliates, as well. As long as Facebook continues to exist in its current form, these debates over its privacy rules will almost certainly continue to crop up on a semi-regular basis. The challenge for Facebook executives is how to best maintain that delicate dance between their need for revenue, advertising firms' desire for effective marketing campaigns, and users' rights to privacy. They run a corporation — but at moments, it also starts to resemble a messy democracy."

theodp writes "Illinois Governor Pat Quinn has launched a website and gone social on Facebook, Twitter, and YouTube to educate taxpayers on why they must make good on pension promises to state workers. And, in addition to Squeezy the Pension Python, Gov. Quinn is enlisting the help of Khan Academy, the tax-exempt, future-of-education organization funded by tax-free millions from Google, Bill Gates, and others, to help convince taxpayers that a state-pension-promise is a promise. In the Khan Academy video commissioned by the Governor, Illinois Pension Obligations, Sal Khan concedes that the annual annuity payouts for IL state employee retirees do look 'pretty reasonable' — e.g., $43,591 for the average teacher, $117,558 for a judge — but goes on to argue that 'in all fairness, this was promised to these people,' who he speculates 'probably took lower compensation while they were working,' 'probably stayed in the jobs longer,' and 'probably sacrificed other things' to get these 'great benefits.' 'We're delighted to have his [Khan's] help in enlightening Illinois citizens about how the pension problem came to be,' said the Governor. Of course, not everything can be explained in one video — perhaps other contributing factors like 'pension spiking', lobbyists' maneuvers, sweetheart deals, creative job reclassification, golden parachutes, bruising investment losses, and other wacky pension games will be taught in Illinois Pension Obligations II!"

David Hume writes "The Los Angeles Times has a story about the two-year University of Tulsa Cyber Corps Program. About '85% of the 260 graduates since 2003 have gone to the NSA, which students call "the fraternity," or the CIA, which they call "the sorority."' 'Other graduates have taken positions with the FBI, NASA and the Department of Homeland Security.' According to the University of Tulsa website, two programs — the National Science Foundation's Federal Cyber Service: Scholarship for Service and the Department of Defense's (DOD's) Information Assurance Scholarship Program — provide scholarships to Cyber Corps students."

Nerval's Lobster writes "Facebook's engineers face a considerable challenge when it comes to managing the tidal wave of data flowing through the company's infrastructure. Its data warehouse, which handles over half a petabyte of information each day, has expanded some 2500x in the past four years — and that growth isn't going to end anytime soon. Until early 2011, those engineers relied on a MapReduce implementation from Apache Hadoop as the foundation of Facebook's data infrastructure. Still, despite Hadoop MapReduce's ability to handle large datasets, Facebook's scheduling framework (in which a large number of task trackers that handle duties assigned by a job tracker) began to reach its limits. So Facebook's engineers went to the whiteboard and designed a new scheduling framework named Corona." Facebook is continuing development on Corona, but they've also open-sourced the version they currently use.

theodp writes "The USPTO lowered the bar again on Tuesday, granting U.S. Patent No. 8,296,373 to four Facebook inventors for Automatically Managing Objectionable Behavior in a Web-based Social Network, essentially warning users or suspending their accounts when their poking, friend requesting, and wall posting is deemed annoying. From the patent: 'Actions by a user exceeding the threshold may trigger the violation module 240 to take an action. For example, the point 360, which may represent fifty occurrences of an action in a five hour period, does not violate any of the policies as illustrated. However, the point 350, which represents fifty occurrences in a two hour period, violates the poke threshold 330 and the wall post threshold 340. Thus, if point 350 represents a user's actions of either poking or wall posting, then the policy is violated.'"

New submitter jaa101 writes "Facebook has refused a request from Australian police to take down a page with details of undercover police vehicles saying it cannot stop people taking photos in public places. The original story is paywalled and it doesn't give a link to the relevant page which seems to be here . This page for the state of Victoria has 12000 likes but a similar page for the state of Queensland has over 34000, and there are other Australian pages too."

New submitter jaa101 writes "Facebook has refused a request from Australian police to take down a page with details of undercover police vehicles saying it cannot stop people taking photos in public places. The original story is paywalled and it doesn't give a link to the relevant page which seems to be here . This page for the state of Victoria has 12000 likes but a similar page for the state of Queensland has over 34000, and there are other Australian pages too."

SpaceX's first regular launch to the International Space Station is set to go off at 8:35 (Eastern time) Sunday evening; the first SpaceX launch to successfully reach the ISS was more of a test, though it did bring some goodies to the crew. Wired has a live video feed in place. Slashdot reader Lee Sheridan is in Florida for the launch; if you're one of the billion Facebook users, his photos of the mission briefing and Falcon 9 lift vehicle being lifted to vertical are public. The SpaceX twitter feed might be fun to watch, too. Update: 10/08 00:09 GMT by T : Bonus points for intelligent parsing of the acronym-laden communications on the live feed.

SpaceX's first regular launch to the International Space Station is set to go off at 8:35 (Eastern time) Sunday evening; the first SpaceX launch to successfully reach the ISS was more of a test, though it did bring some goodies to the crew. Wired has a live video feed in place. Slashdot reader Lee Sheridan is in Florida for the launch; if you're one of the billion Facebook users, his photos of the mission briefing and Falcon 9 lift vehicle being lifted to vertical are public. The SpaceX twitter feed might be fun to watch, too. Update: 10/08 00:09 GMT by T : Bonus points for intelligent parsing of the acronym-laden communications on the live feed.

judgecorp writes "Claims that old private Facebook messages have been leaking onto people's Timelines have been dismissed by the French privacy watchdog, CNIL. Apparently, as many concluded early on, the "leaked" messages were just old Wall-to-Wall posts, that users had mistakenly believed were private. Given the lack of user understanding, now is a good time for Facebook to revamp its privacy help pages. Let's hope users pay attention, and Facebook genuinely resists exploiting their naivety." Update: 10/04 17:42 GMT by T : Maybe we shouldn't be so hard on Facebook; Mark Zuckerberg says keeping up with a billion users makes it tough to follow all that data.

theodp writes "Blogger Floopsy complains that he would love to RTFM, but can't do so if no one will WTFM. 'You spend hours, days, months, perhaps years refining your masterpiece,' Floopsy laments to creators of otherwise excellent programming language, framework, and projects. 'It is an expression of your life's work, heart and soul. Why, then, would you shortchange yourself by providing poor or no documentation for the rest of us?' One problem with new program languages, a wise CS instructor of mine noted in the early look-Ma-no-documentation days of C++, is that their creators are not typically professional writers and shy away from the effort it takes to produce even less-than-satisfactory manuals. But without these early efforts, he explained, the language or technology may never gain enough traction for the Big Dogs like O'Reilly to come in and write the professional-caliber books that are necessary for truly widespread adoption. So, how important is quality documentation to you as a creator or potential user of new technologies? And how useful do you find the documentation that tech giants like Google (Go), Twitter (Bootstrap), Facebook (iOS 6 Facebook Integration), Microsoft (Windows Store apps), and Apple (Create Apps for IOS 6) produce to promote their nascent technologies? Is it useful on its own, or do you have to turn to other 'store-bought' documentation to really understand how to get things done?"

linjaaho writes "A group of Finnish mathematics researchers, teachers and students write an upper secondary mathematics textbook in a three-day booksprint. The event started on Friday 28th September at 9:00 (GMT+3) and the book will be (hopefully) ready on Sunday evening. The book is written in Finnish. The result — LaTeX source code and the PDF — is published with open CC-BY-license. As far as the authors know, this is the first time a course textbook is written in three-day hackathon. The hackathon approach has been used earlier mainly for coding open source software and writing manuals for open source software. The progress can be followed by visiting the repository at GitHub or the project Facebook page."

George Albercook says he got carried away talking with some third and fourth graders about space and asked them, "Would you like to go?" Except, of course, he couldn't send them beyond the atmosphere in person, so as a consolation he worked with them to send up a balloon that could carry experiments high enough that the sky is black 24 hours a day and the Earth's curvature is easy to see. This interview with George was at the 2012 Ann Arbor Mini Maker Faire. Click on the link just below, if you'd like to read the transcript.

linjaaho writes "Senja Larsen, who runs popular Facebook study group Senja teaches you Swedish, collected $14,161 via Kickstarter's crowd funding service. The project caught much media attention in Finland (TV and all major newspapers), since it is the first crowdfunded book project in this country, and among the first Finnish crowdfunded projects. (Previous ones include the movie Iron Sky, the role-playing game Myrskyn Sankarit, and the Wishbone headphone wire manager). Now, after successfully collecting the funds for the book (and after the book has been edited and printed), the National Police Board of Finland has asked Senja to submit a statement [PDF; Finnish] concerning using crowdfunding to finance a project [PDF; Finnish] and the terminology used. It is possible that all the funding collected must be returned. The main problem is that direct translations of terminology at Kickstarter, such as 'bounty' and 'support,' are interpreted to mean collecting money without giving anything back, and this kind of operation requires a permit which can be only given to associations, not to private persons, and it takes long to apply for such permit."

Frequent contributor Bennett Haselton writes: "The distributed-social-networking Diaspora Project recently announced that their software will be released as open source. I don't know if Diaspora specifically will be the Next Big Thing in social networking, but I hope that social networking moves to a decentralized model within the next few years, where anyone can set up and run a hub to administer profiles for themselves and their friends or clients, and where profiles can interact with each other in a distributed fashion instead of on a centralized system like Facebook." Read on for Bennett's thoughts on how that model could work. A decentralized social network infrastructure would bring a number of benefits, such as:

• the end of horror stories about accounts and company pages being shut down arbitrarily by Facebook
• privacy settings that give you fine-grained control, and that are not forcibly changed for you
• an ad-free viewing experience (depending on the policies of the node hosting your profile), and
• the easy implemention of desirable features in the interface, without waiting for a single company like Facebook to adopt them.

(Not to mention an interface that stays relatively stable until you decide you want to change it -- no more waking up to find out you've been "timelined".)

Consider the main things that we use Facebook for today:

• Finding old friends and re-establishing contact with them.
• Receiving a stream of updates from your friends, viewing photos, posting comments, etc.
• Creating events and inviting friends.
• Creating branded pages for your company or product that other people can "like," and receiving updates from pages created around other people's companies or products.

There's no particular reason why any one of those functions could only be carried out on a centralized system. I can envision a distributed protocol with many different servers, or 'nodes,' run by different hosting companies, and each 'node' can be used to store many accounts; users pick a hosting company and a node to create their new account, and their account on that node could be used to store their friends list, their photos and status updates, and any events and groups that they had created. I'll get to the protocol design in a second, but let me emphasize something more important first: to make the protocol censorship resistant, it would have to be possible to move your entire account from one node to another node at a completely different company, without breaking any of the existing links with friends, your events, etc. That way, the node hosting your profile wouldn't be able to lean on you by saying, "Delete that one photo you posted, or I'll delete your entire profile and you'll lose all the friend links and events that you created."

To make a profile "seamlessly portable" in this manner, my suggestion would be to have the profile associated with a domain name owned by the user, with a URL like http://yourdomainname.com/profileprotocol/yourusername/. The domain name could be hosted with any hosting provider, as long as you paid their hosting fee (or as long as you were willing to display their advertisements to people who viewed your profile). But if your hosting company ever kicked you to the curb, you could simply change the domain name to point to a different hosting provider, and be back up and running after just a few hours of downtime (assuming you had backups of all of your data!).

No one would be able to shut down your profile permanently, unless they wrested control of your domain name away from you, or convinced every hosting provider in the world not to host you. (A user who didn't want to bother with their own domain name, could still host a profile under someone else's domain. This would probably be the default option for most casual high-school users, and thus companies like Facebook could still exist to serve them by helping them create new profile accounts in two minutes. But then those users would have to accept the risk that the domain name owner could shut their profile down.)

Thus I'm distinguishing here between two levels of censorship-resistance that could be provided by a distributed model. In the weaker type of censorship-resistance, profile-hosting companies would compete for your business by providing more permissive hosting policies, which would enable people to post edgier content than Facebook currently allows -- but once you're hosted with a given company, you couldn't easily switch without breaking all of the inbound "links" from your friends' accounts, so your hosting company could force you to self-censor, by threatening you with the loss of your account. In the stronger type of censorship-resistance that I'm advocating, you could switch seamlessly from one hosting provider to another, as long as you kept control of your domain name.

Of course this is exactly the type of "censorship resistance" enjoyed by people who run their own websites under their own domain names. The challenge would be to bring the same freedom to an open social networking protocol, but I see no technical reason why it couldn't be done.

Consider a protocol where "Bob" creates a new account on a social networking hosting node (together with a public/private key used to authenticate his actions to other nodes — if you're not a crypto geek, don't worry about that, it just means that users wouldn't be able to forge friend requests, "likes," event invites, etc. from other people). "Bob" could then find the profiles of his friends, and add them to his own "friends list" (which would be stored on his node). If Bob adds Alice as a friend, then Bob's node can also download Alice's current friend list (unless Alice has disabled this feature, or unless Alice has customized her friend list so that only portions of her friends list are viewable to other users — something not currently possible with Facebook). That way, when Bob searches for new names of users to add as friends in the future, the search will first default to searching the friends-of-friends lists that he's downloaded from his own friends.

When Bob signs in to his account on his node (either through a web interface, or a dedicated application, or a mobile app), his "news feed" consists of the comments, photos, and other items that have been published from his friends' accounts. He can post comments on any of his friends' items, which are then transmitted to his friends' accounts and stored on their node along with their content, unless they choose to delete the comments. And of course he can publish his own photos and status updates just like we all do on Facebook today, which would be downloaded to his friends' news feeds. (I'm hand-waving over whether the notifications would be "pulled" by users' nodes periodically polling the nodes of their friends to check for new content, or by their friends' nodes "pushing" the content to all known subscribers.)

Alice could meanwhile create an "group" of users would would be stored as an object on her node, and invite other users to join the group. Then any messages or content posted to the group would show up in the news feeds of all users who had joined. And Alice could create "events" which are also stored as an object on her node, and send out invites to her friends or other members of her groups. Pretty much any Facebook feature could be duplicated in this distributed system, with the benefit that users wouldn't run up against aggravating limitations imposed by Facebook — like the fact that Facebook used to block you from messaging the guests of your own event after it reached 5,000 attendees, and then removed the ability to message guests of an event entirely.

There's only one Facebook feature that I think could not be implemented on a distributed social networking protocol, and that's the practice of accruing hundreds of thousands of fans for your company fan page, basically as a form of "social proof" to show potential new customers that you're serious. Under Facebook's model, if you see a fan page with hundreds of thousands of fans, your first instinct is to assume that the company must be doing something right in order to be that popular, since Facebook makes it difficult for a company to create hundreds of thousands of fake users just to be fans of their product. On the other hand, in a distributed model, suppose I run across a company's fan page which claims to have 1 million fans. It's not just a case of the company lying about having 1 million fans — you could use digital signatures to verify that 1 million "users" really are "fans" of the product — but since anybody can set up a profile hosting node, you have no way of knowing how many of those 1 million "users" are real. "Acme Soda Company" could have just set up a dozen profile hosting nodes and created 100,000 fake users on each one, and have each of them sign up as "fans" of their product. (I just made up that company name, but this is incidentally something the real Acme Soda Company is apparently not doing.)

But how useful is it for regular users, after all, to see that a company has hundreds of thousands of fans? I've never assumed that a company makes a quality product just based on the number of Facebook fans that they have. I'd be more interested in checking out a company if a high proportion of my own social networking friends are fans of the product — and that is something that could still be implemented in a distributed model, since if a company claims that 3 of my 100 friends are fans of their page, I could use their digitally signed "fan" relationships to verify that this is true.

So I hope that the future of distributed social networking arrives soon. It may or may not be in the form of the Diaspora Project (in true Dr. Evil fashion, their most recent press release announced that they've already attracted "thousands" of users), but there's no particular reason that a distributed protocol would have to be a grass-roots effort. My guess is that if it took off, it would have to be started as a side project by an established company that gave it name recognition, and which could possibly provide free hosting for the first wave of users. Google+ never gave most people a compelling reason to switch, but imagine if it had been released not as a website but as an open protocol, complete with an open-source implementation that could be installed anywhere. Thus, complete freedom to create pages with whatever content you want, to amass as many fans and subscribers as you could legitimately earn, without having to worry about it all being controlled by a single entity who could mine your data or delete your content. I definitely would have given it a closer look.

Frequent contributor Bennett Haselton writes: "The distributed-social-networking Diaspora Project recently announced that their software will be released as open source. I don't know if Diaspora specifically will be the Next Big Thing in social networking, but I hope that social networking moves to a decentralized model within the next few years, where anyone can set up and run a hub to administer profiles for themselves and their friends or clients, and where profiles can interact with each other in a distributed fashion instead of on a centralized system like Facebook." Read on for Bennett's thoughts on how that model could work. A decentralized social network infrastructure would bring a number of benefits, such as:

• the end of horror stories about accounts and company pages being shut down arbitrarily by Facebook
• privacy settings that give you fine-grained control, and that are not forcibly changed for you
• an ad-free viewing experience (depending on the policies of the node hosting your profile), and
• the easy implemention of desirable features in the interface, without waiting for a single company like Facebook to adopt them.

(Not to mention an interface that stays relatively stable until you decide you want to change it -- no more waking up to find out you've been "timelined".)

Consider the main things that we use Facebook for today:

• Finding old friends and re-establishing contact with them.
• Receiving a stream of updates from your friends, viewing photos, posting comments, etc.
• Creating events and inviting friends.
• Creating branded pages for your company or product that other people can "like," and receiving updates from pages created around other people's companies or products.

There's no particular reason why any one of those functions could only be carried out on a centralized system. I can envision a distributed protocol with many different servers, or 'nodes,' run by different hosting companies, and each 'node' can be used to store many accounts; users pick a hosting company and a node to create their new account, and their account on that node could be used to store their friends list, their photos and status updates, and any events and groups that they had created. I'll get to the protocol design in a second, but let me emphasize something more important first: to make the protocol censorship resistant, it would have to be possible to move your entire account from one node to another node at a completely different company, without breaking any of the existing links with friends, your events, etc. That way, the node hosting your profile wouldn't be able to lean on you by saying, "Delete that one photo you posted, or I'll delete your entire profile and you'll lose all the friend links and events that you created."

To make a profile "seamlessly portable" in this manner, my suggestion would be to have the profile associated with a domain name owned by the user, with a URL like http://yourdomainname.com/profileprotocol/yourusername/. The domain name could be hosted with any hosting provider, as long as you paid their hosting fee (or as long as you were willing to display their advertisements to people who viewed your profile). But if your hosting company ever kicked you to the curb, you could simply change the domain name to point to a different hosting provider, and be back up and running after just a few hours of downtime (assuming you had backups of all of your data!).

No one would be able to shut down your profile permanently, unless they wrested control of your domain name away from you, or convinced every hosting provider in the world not to host you. (A user who didn't want to bother with their own domain name, could still host a profile under someone else's domain. This would probably be the default option for most casual high-school users, and thus companies like Facebook could still exist to serve them by helping them create new profile accounts in two minutes. But then those users would have to accept the risk that the domain name owner could shut their profile down.)

Thus I'm distinguishing here between two levels of censorship-resistance that could be provided by a distributed model. In the weaker type of censorship-resistance, profile-hosting companies would compete for your business by providing more permissive hosting policies, which would enable people to post edgier content than Facebook currently allows -- but once you're hosted with a given company, you couldn't easily switch without breaking all of the inbound "links" from your friends' accounts, so your hosting company could force you to self-censor, by threatening you with the loss of your account. In the stronger type of censorship-resistance that I'm advocating, you could switch seamlessly from one hosting provider to another, as long as you kept control of your domain name.

Of course this is exactly the type of "censorship resistance" enjoyed by people who run their own websites under their own domain names. The challenge would be to bring the same freedom to an open social networking protocol, but I see no technical reason why it couldn't be done.

Consider a protocol where "Bob" creates a new account on a social networking hosting node (together with a public/private key used to authenticate his actions to other nodes — if you're not a crypto geek, don't worry about that, it just means that users wouldn't be able to forge friend requests, "likes," event invites, etc. from other people). "Bob" could then find the profiles of his friends, and add them to his own "friends list" (which would be stored on his node). If Bob adds Alice as a friend, then Bob's node can also download Alice's current friend list (unless Alice has disabled this feature, or unless Alice has customized her friend list so that only portions of her friends list are viewable to other users — something not currently possible with Facebook). That way, when Bob searches for new names of users to add as friends in the future, the search will first default to searching the friends-of-friends lists that he's downloaded from his own friends.

When Bob signs in to his account on his node (either through a web interface, or a dedicated application, or a mobile app), his "news feed" consists of the comments, photos, and other items that have been published from his friends' accounts. He can post comments on any of his friends' items, which are then transmitted to his friends' accounts and stored on their node along with their content, unless they choose to delete the comments. And of course he can publish his own photos and status updates just like we all do on Facebook today, which would be downloaded to his friends' news feeds. (I'm hand-waving over whether the notifications would be "pulled" by users' nodes periodically polling the nodes of their friends to check for new content, or by their friends' nodes "pushing" the content to all known subscribers.)

Alice could meanwhile create an "group" of users would would be stored as an object on her node, and invite other users to join the group. Then any messages or content posted to the group would show up in the news feeds of all users who had joined. And Alice could create "events" which are also stored as an object on her node, and send out invites to her friends or other members of her groups. Pretty much any Facebook feature could be duplicated in this distributed system, with the benefit that users wouldn't run up against aggravating limitations imposed by Facebook — like the fact that Facebook used to block you from messaging the guests of your own event after it reached 5,000 attendees, and then removed the ability to message guests of an event entirely.

There's only one Facebook feature that I think could not be implemented on a distributed social networking protocol, and that's the practice of accruing hundreds of thousands of fans for your company fan page, basically as a form of "social proof" to show potential new customers that you're serious. Under Facebook's model, if you see a fan page with hundreds of thousands of fans, your first instinct is to assume that the company must be doing something right in order to be that popular, since Facebook makes it difficult for a company to create hundreds of thousands of fake users just to be fans of their product. On the other hand, in a distributed model, suppose I run across a company's fan page which claims to have 1 million fans. It's not just a case of the company lying about having 1 million fans — you could use digital signatures to verify that 1 million "users" really are "fans" of the product — but since anybody can set up a profile hosting node, you have no way of knowing how many of those 1 million "users" are real. "Acme Soda Company" could have just set up a dozen profile hosting nodes and created 100,000 fake users on each one, and have each of them sign up as "fans" of their product. (I just made up that company name, but this is incidentally something the real Acme Soda Company is apparently not doing.)

But how useful is it for regular users, after all, to see that a company has hundreds of thousands of fans? I've never assumed that a company makes a quality product just based on the number of Facebook fans that they have. I'd be more interested in checking out a company if a high proportion of my own social networking friends are fans of the product — and that is something that could still be implemented in a distributed model, since if a company claims that 3 of my 100 friends are fans of their page, I could use their digitally signed "fan" relationships to verify that this is true.

So I hope that the future of distributed social networking arrives soon. It may or may not be in the form of the Diaspora Project (in true Dr. Evil fashion, their most recent press release announced that they've already attracted "thousands" of users), but there's no particular reason that a distributed protocol would have to be a grass-roots effort. My guess is that if it took off, it would have to be started as a side project by an established company that gave it name recognition, and which could possibly provide free hosting for the first wave of users. Google+ never gave most people a compelling reason to switch, but imagine if it had been released not as a website but as an open protocol, complete with an open-source implementation that could be installed anywhere. Thus, complete freedom to create pages with whatever content you want, to amass as many fans and subscribers as you could legitimately earn, without having to worry about it all being controlled by a single entity who could mine your data or delete your content. I definitely would have given it a closer look.

Ian Lamont writes "Remember LendInk, the legitimate ebook lending community that got knocked offline at the beginning of August by a mob of misguided authors? The site's owner, Dale Porter, received a lot of support after the story went viral and last week was able to reactivate the site and his affiliate accounts with Amazon and Barnes & Noble." The owner reportedly received a DMCA notice immediately, but a few folks dug and it appears that the "lawyer" who issued it is no lawyer at all, and probably an Internet troll (evidence includes not being listed as a lawyer in PA, using a home address, and sending the takedown from gmail). Or just a really bad lawyer.

pitchpipe writes "A start-up company, Limited Run, claims that 80% of its ad clicks on Facebook have been coming from bots and will be deleting their page. Their Facebook page reads: 'Hey everyone, we're going to be deleting our Facebook page in the next couple of weeks, but we wanted to explain why before we do ... We built our own analytic software. Here's what we found: on about 80% of the clicks Facebook was charging us for, JavaScript wasn't on ... The 80% of clicks we were paying for were from bots. That's correct. Bots were loading pages and driving up our advertising costs.'"

eldavojohn writes "Unless his Facebook account has been hacked, Peter Jackson has announced a third movie for The Hobbit series: 'So, without further ado and on behalf of New Line Cinema, Warner Bros. Pictures, Metro-Goldwyn-Mayer, Wingnut Films, and the entire cast and crew of The Hobbit films, I'd like to announce that two films will become three.' Other sites are confirming this while Variety notes that filming has been wrapped on the first two so doing a third film will require a restart to all of that effort including re-negotiations with rights holders and acting schedules. **potential spoiler alert** From Peter Jackson's announcement: 'We know how much of the story of Bilbo Baggins, the Wizard Gandalf, the Dwarves of Erebor, the rise of the Necromancer, and the Battle of Dol Guldur will remain untold if we do not take this chance.' How much of Middle Earth would you like to see on film?"

An anonymous reader writes "Nearly a year ago, Facebook introduced its bug bounty program, inviting security researchers to poke around the site, discover vulnerabilities that could compromise the integrity or privacy of Facebook user data, and then responsibly disclose them to the company. Still, when the social network's security team received a tip from a researcher about a vulnerability in the company's own network which would allow attackers to eavesdrop on internal communications, they made an unprecedented choice by broadened the scope of the bug bounty program and inviting researchers to search for other holes in the corporate network. Nobody expects malicious attackers to have a change of heart and hand over information about a vulnerability for a few thousand dollars when they could sell the stole information for much more. It should, therefore, come as no surprise that Ryan McGeehan, the manager of Facebook's security-incident response unit, stated that if there's a million-dollar bug, they will pay it out."

hypnosec writes with news of a curious way of fighting piracy. From the article: "Android based devices are being activated at the rate of million a day and users are downloading apps and games at a rate never seen before. Despite these promising stats, developers of Android based games and apps are not really keen on porting games and apps that have been successful on iOS to Android. Why? Rampant piracy on Android! Madfinger Games has joined the long list of developers who have recently turned their paid Android based game, Dead Trigger, to a free one. Originally priced at $0.99 on Play Store, the first person shooter game is now available for free . The iOS version of the game still costs $0.99 and hasn't been made free." Zero-cost, but certainly not Free Software; one has to wonder whether Open Source games with a "donation" build in the store would do better than proprietary games with upfront costs.

theodp writes "A day after taking Facebook public, CEO Mark Zuckerberg changed his Facebook status to 'married' after wedding longtime girlfriend and recent med school grad Priscilla Chan on Saturday. No word if Zuckerberg heeded Donald Trump's prenup advice."

Chuq writes "Tasmanian Liberal candidate for Bass, Andrew Nikolic, was the subject of a satirical article by NewExaminer on Facebook. Nikolic didn't like it, which is understandable. However he then went to considerable lengths to identify the people who liked the article, find out their employers (via their Facebook profiles) and 'name and shame' them on a follow-up post on his own page. Andrew Nikolic has a history of poorly handling conflicting views on his Facebook page, resulting in creation of another page, 'Andrew Nikolic blocked me.'"

Chuq writes "Tasmanian Liberal candidate for Bass, Andrew Nikolic, was the subject of a satirical article by NewExaminer on Facebook. Nikolic didn't like it, which is understandable. However he then went to considerable lengths to identify the people who liked the article, find out their employers (via their Facebook profiles) and 'name and shame' them on a follow-up post on his own page. Andrew Nikolic has a history of poorly handling conflicting views on his Facebook page, resulting in creation of another page, 'Andrew Nikolic blocked me.'"

Chuq writes "Tasmanian Liberal candidate for Bass, Andrew Nikolic, was the subject of a satirical article by NewExaminer on Facebook. Nikolic didn't like it, which is understandable. However he then went to considerable lengths to identify the people who liked the article, find out their employers (via their Facebook profiles) and 'name and shame' them on a follow-up post on his own page. Andrew Nikolic has a history of poorly handling conflicting views on his Facebook page, resulting in creation of another page, 'Andrew Nikolic blocked me.'"