In the latter parts of the study, the company looked specifically at social network membership data for users of the AOL, Gmail, Hotmail and Yahoo webmail services. Not surprisingly, the study found that Facebook was the most popular network across the board. What's more interesting is how well MySpace fared in some cases. On both the Hotmail and Yahoo webmail services, Facebook only had a small lead. Here, around 20% of all Hotmail and Yahoo webmail users were found to be on Facebook and MySpace. What does this reveal about the Hotmail and Yahoo user base? That they're a little more behind the times? Or that they've been around on the net longer and at one time had created (and possibly now abandoned) their MySpace pages? Unfortunately, the study can't provide us with these sorts of answers.

The study also showed that Twitter is far more popular among Gmail users than anyone else. In fact, on the other services, it's 4-5 times less popular than Facebook. We would like to think that's because Gmail users are just more web-savvy and cool, but it's possible that it's because they're just younger than everyone else.

Not surprisingly, LinkedIn is the least popular social network, but as Rapleaf points out, many LinkedIn users may have registered with their business email instead.

Participation Levels - Hotmail Users have Most Profiles, Gmail Users Better-Connected

When it comes to how the webmail users participate on social networks, Rapleaf found that the majority of the users have only one social media profile. But the service where the average number of profiles is the highest might surprise you - it's Hotmail. There the average is 2.5 profiles per user. Hotmail is followed by Yahoo, then AOL, and it's Gmail users who have the least number of social media profiles. That finding seems odd considering that Gmail users are younger and more likely to use Twitter in addition to Facebook. In fact, it almost seems like this data doesn't even fit with the rest of the study.

However, the discovery that Gmail users are better-connected than the other users makes more sense. On average, Gmail users have the most friends on social networks with 46.2 friends while Yahoo users have the least with 40.0.

Since again, Gmail users tend to be younger than the rest, it goes to reason that they would be in a demographic where their peers are more likely to have social membership profiles. Older webmail users, meanwhile, are still signing up for these sites. Although baby boomers and other middle-aged folks are joining sites like Facebook in droves these days, social networks are still dominated by the young.

Methodology

For the Rapleaf study, the company sampled 120,000 webmail accounts from users with @aol.com, @gmail.com, @hotmail.com and @yahoo.com email addresses. They then looked into the users' age, gender and social networking data by collecting information from public social media profiles. Obviously, in doing so, they've skewed their findings a bit, as the company notes in their original blog post. However, the sample size is large enough to form some conclusions about the members of these services, even if it relied on a particular subset of users.

When thinking as to how the new uploader should function, Facebook had a few goals, most of them technical in nature. They wanted the new tool to no longer depend on Java, be compatible with future versions of Facebook's chrome, be easy to update and more. However, to the end user, the best part about the new uploader is that it allows you to start a photo upload and then leave the page to browse around elsewhere on Facebook (or even the web!) while the upload is underway.

To meet their goals, Facebook went with a browser plug-in that uses JavaScript APIs and a front-end created with HTML and CSS. The end result is a much improved experience. But like the Facebook blog post says, "while it looks like magic, it's really just a bunch of cool hacks." Hacks or not, regular Facebook users will greatly appreciate the upgrade.

Install the New Photo Uploader Tool

To install the new uploader, you must first visit the Prototypes page for the tool and activate it for your profile. Then, the next time you go to create a new album, you'll be prompted to install the Facebook plug-in. Once complete, you'll be presented with the new user interface which lets you browse through your computer's photo library and select the images you want to upload. This new interface is much easier to navigate - and more attractive, too - than the old Facebook uploader from days past.

Facebook says the new tool has several additional security mechanisms built in as well, one of the more interesting being a "kill switch" that can remotely deactivate the tool in the event that a security hole is discovered. While confident that the new uploader is already securely designed and architected from the start, the company has released it as a prototype first so people can report any security issues they may find.

Less technically-minded folks can simply activate the tool and use it, reporting any problems they find as well as far as user experience issues, crashes or other bugs. Depending on the results of the tests, Facebook will be able to correct any problems prior to rolling it out to all users. If you want to give the new uploader a shot yourself, you can do so by visiting its page here.

With adequate user information, Facebook hoped to become better stewards of "the unnaturally uncontrollable nature of communication," as we called their general user-data privacy dilemma in June. And this revision also makes a nod to Canadian objections to Facebook's policies. What's in store for users, and how did the thousands of units of user data impact Facebook's governance and privacy policy? Read on to get the full story.

According to the site's governance, fewer than seven thousand user comments, the revised policy will be shortly enacted and will be official. "While a lot of people participated," wrote IP counsel Michael Richter, "the total number of people commenting did not reach the threshold of 7,000 that makes a vote necessary according to our Statement of Rights and Responsibilities. Because of this - and the fact that many of the comments were positive - we've decided to adopt the revised policy."

The new method of determining policies based on user feedback stems from the site's desire to foster a culture of transparency and engagement.

Here are the old policy and revised policy changes, which, again, will be enacted shortly:

Old:

When you update information, we usually keep a backup copy of the prior version for a reasonable period of time to enable reversion to the prior version of that information... Even after removal, copies of User Content may remain viewable in cached and archived pages or if other Users have copied or stored your User Content... Access and control over most personal information on Facebook is readily available through the profile editing tools. Facebook users may modify or delete any of their profile information at any time by logging into their account. Information will be updated immediately. Individuals who wish to deactivate their Facebook account may do so on the My Account page. Removed information may persist in backup copies for a reasonable period of time but will not be generally available to members of Facebook.

New:

Viewing and editing your profile. You may change or delete your profile information at any time by going to your profile page and clicking "Edit My Profile." Information will be updated immediately. While you cannot delete your date of birth, you can use the setting on the info tab of your profile information page to hide all or part of it from other users...

Deactivating or deleting your account. If you want to stop using your account you may deactivate it or delete it. When you deactivate an account, no user will be able to see it, but it will not be deleted. We save your profile information (friends, photos, interests, etc.) in case you later decide to reactivate your account. Many users deactivate their accounts for temporary reasons and in doing so are asking us to maintain their information until they return to Facebook. You will still have the ability to reactivate your account and restore your profile in its entirety. When you delete an account, it is permanently deleted. You should only delete your account if you are certain you never want to reactivate it. You may deactivate your account on your account settings page or delete your account on this help page.

Limitations on removal. Even after you remove information from your profile or delete your account, copies of that information may remain viewable elsewhere to the extent it has been shared with others, it was otherwise distributed pursuant to your privacy settings, or it was copied or stored by other users. However, your name will no longer be associated with that information on Facebook. (For example, if you post something to another user's profile, and then you delete your account, that post may remain, but be attributed to an "Anonymous Facebook User.") Additionally, we may retain certain information to prevent identity theft and other misconduct even if deletion has been requested.

Future updates will be announced via the site's governance page.

This tool is called FBFriendFinder. It comes from the Dutch web dev shop Open & Sociaal, and it works like a charm by using OAuth, Facebook Connect and contact export functions to gather enough data to organize a user's social graph. The most interesting part, however, isn't the technology but the business model. You have to read it to believe it.

FBFriendFinder has take the much maligned approach of actually requiring users to pay for the service. Users are charged around one American penny per friend found, give or take. The site integrates with PayPal, so the process is quick and painless.

After we paid our fee, we were able to scroll through a slideshow of our social graph (albeit with a lot of same-name duplicate accounts) to find and add those friends to our Facebook network. This process was a tiny bit buggy and required some back-and-forth navigation (it seems our friends at The Next Web had the same problem), but overall, the experience was well worth the five bucks it took to find these friends without having to manually hunt them down ourselves or rely on Facebook suggestions.

Also, we appreciate the app's acknowledgement of our "crazy lifestyle." And now, we're off to ditch these pajama pants we've been sporting since the weekend and just go bananas. It's our crazy lifestyle calling to us - the crazy lifestyle we never knew we had.

A sincere congratulations to the FBFriendFinder dude for creating a handy and monetizable application.

Without sufficient anti-virus and malware protection programs installed, social networking users can easily become victims to these ever-evolving attacks. However, the best way to avoid becoming a victim yourself is to be aware of what's out there and what sorts of things you should avoid. Below are the best practices which you should use on Facebook and Twitter in order to keep yourself safe.

The Problem with Malicious Links

One of the most common vectors for attacks are malicious links posted either to Twitter or to your Facebook wall. In the past, such as with the malware known as Kooface, the troublesome links could be easily identified because they would often use a consistent phrase followed by a URL. For example, in August, Koobface was posting links that read "my home video :)" which was followed by a URL and then a random component on the end such as "HA-HA-HA!!", "W.O.W.", "WOW", "L.O.L.", "LOL", ";)" or "OMFG!!!"

Although the end piece changed from tweet to tweet, the message itself remained the same. However, security researcher Costin Raiu of Kaspersky Lab tells us that easy-to-identify messages are not as common anymore. Today, it's much harder to identify malicious links thanks to two newer techniques being used by hackers. Below those two newer methods are described in more detail as is the tried-and-true method of spreading malware via email.

Method 1: Hijacking Twitter's Trending Topics

The first technique, which really became popular in August of this year, involves hackers creating Twitter new accounts and then posting messages related to whatever trending, or "hot," topic was being heavily discussed on Twitter at that time. This would allow the post to be aggregated in Twitter search results where unsuspecting users would click on the included link. The text accompanying the link would be intriguing to those interested in the subject, enticing them to click through.

Method 2: Hijacking Legitimate Accounts

The second technique involves infiltrating legitimate accounts through phishing attempts and other methods so that the hacker essentially has control over a "real" account. After control has been established, if on Twitter, the hacker will then tweet out links that redirect users to malware-infected sites. Because the tweets come from an account that already has an established set of followers, those reading the tweets assume it's safe and don't hesitate to click the links.

After infecting the account of a Facebook user, malware often uses that particular person's account to spread, too. As with the malicious links on Twitter, because it appears that the links posted are from a trusted friend, other users don't realize that the posted link is harmful.

On Facebook, one of the most problematic malware programs is Koobface, a particular type of malicious software that sees 20 to 30 new variations per day. Despite the number of variants out there, Koobface's M.O. is relatively consistent: it tricks people into clicking links. These links appear on social networks like Facebook and Twitter, but also on MySpace, hi5, Bebo, Friendster, and others.

Method 3: Dangerous Email

A third method to encourage social networking users to click on infected links is the old but still effective technique of sending out spoofed email. Hackers can create email messages that appear to be sent from a social networking site. The messages prompt you to "update your account" or open an attachment containing your new password among other things.

Image Credit: Last Watchdog

Image Credit: Last Watchdog

Although many users are now wary of email, these techniques are still being seen in the wild, so it's clear that to some extent they still work.

How To Stay Safe

There are a number of best practices that you should follow in order to stay safe and avoid infection. They are as follows:

1. Don't assume a link is "safe" because it's from a friend: As noted above, your friend's account may be infected. You should never assume that a link is safe just because a friend tweeted it or posted it to your wall. Use your common sense. If it doesn't sound like something they would say, be wary, don't click. If you're unsure, try to contact them through another channel and see if the link is legit.
2. Don't assume Twitter links are safe because Twitter is now scanning for malware: In August, Twitter partnered with Google to use Google's Safe Browsing API, a technology that checks URLs against Google's blacklist. This prevents spammers from posting malicious URLs to Twitter, but it does NOT prevent them from posting shortened URLs which direct users to those same malicious sites. It's better than no protection at all, but it's not going to keep you entirely safe.
3. Don't Assume Bit.ly Links are Safe: Earlier this year, Twitter's default URL-shortening service Bit.ly, began warning users of malware. Bit.ly also uses Google's Safe Browsing API along with two other blacklists to identify malicious links. Although the service doesn't prevent users from posting these links, it will warn upon clicking that the site being linked to is infected. However, as Raiu tells us, this is not 100% effective either. Kaspersky has identified a number of malicious links which Bit.ly did not block. However, you can assume that Bit.ly is generally safer than the other URL-shortening services because it uses this technology and because the hackers are generally avoiding this service at the moment because of its built-in protection. But it is not completely safe - nothing ever is.
4. Use an up-to-date web browser: Kaspersky recommends using the latest version of your web browser and keeping it up-to-date with the necessary patches. That means Internet Explorer users should be on IE8 - and since this browser is attacked the most, it's critical that you make sure it stays updated as needed. Firefox is the second most attacked browser, but fortunately, it has a self-updating feature built in. Google Chrome is also good because it has a self-updating feature as well as another security feature that runs plugins in "sandboxes," or restricted environments. If an attacker was able to exploit the browser and run malicious code, it would be isolated to this sandbox and would not able to effect the entire machine. Opera and Safari are also good browsers and should be kept current, too.
5. Keep Windows up-to-date: As always, Windows users should make sure their systems are current with the latest patches from Microsoft. Automatic updates should be turned on.
6. Keep Adobe Reader and Adobe Flash up-to-date: At the moment, Adobe Reader and Flash are the two most targeted programs by hackers. A lot of malware specifically goes after known vulnerabilities within Adobe's software. In addition, a common method of attack, such as that used by Koobface, is to redirect a victim to a malware-infested site where the user is prompted to update their Flash player or Adobe Reader in order to see the website content. NEVER do this. Always go to Adobe's site on your own to download the latest version or update the software on your computer using its own built-in update mechanisms.
7. Don't assume you're safe because you use a Mac: While it's true that Mac users are less targeted than Windows users, they are not immune to malware, despite what those commercials may say. Although Apple did include some malware protection in their latest operating system, it only protects users from two trojans; you cannot count on it alone to protect you. There are a couple of hundred of trojans currently in the wild that specifically target Mac machines, according to Kaspersky. In fact, there may even be as many as a thousand, but researchers are unable to identify all of them because Mac users don't typically run anti-virus software which is how much of the data is collected. These days, when a user clicks an infected link, the malicious web page will now sometimes identify whether that user is coming from a Windows or Mac machine and then display the appropriate version of the trojan accordingly. A particular family of trojans known as "DNS Changer" trojans are the most common ones used to attack Mac machines. The only way to really be sure that you're protected against these malicious programs is to run anti-malware software on your Mac, but most Mac users won't do so, preferring to take their chances since their risk is lower.
8. Be wary of email messages from social networks: Because email addresses can be "spoofed" by hackers, you can't assume that an email from Facebook or Twitter is really from those the site it claims to be from. As always, you should never open attachments you were not expecting to receive and you should be wary of clicking on links - especially if you're being told to "update your account." If you do click on a link and are taken to a web page that asks you to log into the site, DON'T DO IT. It would be handing over your password to the hackers. Instead, you should always access the sites directly by typing in their URL in your browser or clicking a saved link in your Favorites.

It's Not Just a Matter of Common Sense Anymore

As the above best practices show, a lot of the things you can do to protect yourself from malware are the same as they have been in the past - keep your computer and browser up-to-date, don't open attachments, etc. However, malware is trickier to identify these days thanks to social networking sites. It now uses the trusted identities of your friends in order to lull its victims into a false sense of safety. You can no longer simply assume that because someone you know posted a link, it's automatically safe. You can't even assume that the networks themselves are safe, either. They're not always scanned for malware-laden links, and when they are, such as is the case with Twitter, it's not a 100% effective method.

Security researchers are actively working on better ways to fight this problem - for example, Kaspersky just announced their "Krab Krawler" project which will help keep their blacklists current by scanning for malicious links on Twitter, but it's not a tool that end-users can download to protect themselves; it's only one of many methods that security firms use to collect data about the malware on the internet. The best way to stay safe is to follow through with all the best practices - not just one or two. Malware isn't ever going away, so everyone must do their own part in order to stay safe on the web.

Changes include developer access to user emails, more prominent app displays on user profiles, all-new homepage dashboards for apps and games, and improvements to Open Graph and Analytics APIs. Facebook Connect libraries will be "smaller, clearer, and faster," and app policies and principles will be streamlined and uniformly enforced. Read on for details and screenshots of the new faces of Facebook apps.

"Through these new APIs and tools, we are giving all developers building with Facebook and those in our largest application category - gaming - new ways to attract and engage users."

Look & Feel Changes

Indeed, Facebook seems to regard gaming as its own monster - something that has taken off to the extent of taking over the platform, and not something that was necessarily anticipated. For that reason, we see of the most interesting changes as drawing a line in the sand between social games and "real" apps.

In this bit of new hotness, you can see Apps displayed on the homepage left-hand menu for easier user discovery that will likely be less dependent on recommendations or invitations from one's Facebook friends. And Games are now just games, no longer grouped under the general apps umbrella.

The Games Dashboard will also give developers a new communication channel, called "News", for sending personalized text updates to their users.

One of the more interesting changes that will drive adoption and interaction virally is letting usersfeature their favorite apps on their home pages with bookmarks and new dashboards. "In addition, users will be able to better represent applications on their profile following short-term changes that include focusing profile integration on application tabs, as well as removing profile boxes, the info section of boxes, and the Boxes tab," writes Beard. Also, the apps that are bookmarked into a user's homepage menu will have counters, just like Facebook's own features, to prompt user actions.

Apps are also getting a new canvas layout, "a format that increases brand association with users," writes Beard.

Communication Changes

App-user communication is rather busted in its current state. Beard acknowledges this fact and presents a preliminary solution. "Application communication in channels like notifications and requests aren't effectively serving their original purpose. There is a significant opportunity to improve the user experience and reduce spam by replacing them with better features."

Moving forward, Facebook developers will also be able to interact with users in several different ways. First of all, user-user communication via the platform will be consolidated into streams and inboxes and will have new features to help users remain engaged with apps. User-to-user communications commonly in the notifications and requests channels will be moved to the inbox, as well.

Also, developers will have access to user email addresses. Using the domain @facebookappmail.com, devs will be able to contact users via email through what Beard says will be a safe, secure channel for users.

Developer Product Changes

Beard also highlighted two APIs set to change. The Open Graph API will allow any page on any website to integrate Facebook Page features. This means that users can become Facebook fans of any site or page on the Internet; that page would then appear on the user's profile and in Facebook search results; and the page will be able to publish stories to the user's stream. Although this change in itself doesn't open any Facebook data to the rest of the world, it does significantly increase the boundaries of the walled garden.

Beard also writes that an improved Application Insights Page and new Analytics API are on the way. He promises improved tools, more robust data, and better management capabilities for apps and Facebook Connect-enabled websites.

And speaking of Facebook Connect, those libraries are set to become smaller and faster. Other boons to devs include the public roadmap, a new website for developers, and Platform Live Status, "a central dashboard to view the health of various integration points, bugs, and Platform uptime as well as detail about upcoming changes and improvements to Platform." The developer blog and status feed will also be available via email subscriptions.

Finally, Facebook's Developer Principles and Policies have been streamlined and will now be applied across the platform. "In addition," Beard notes, "we're retiring the formerly optional Application Verification brand, submission process, fees and badge; the program's higher standards will be required and applications will be subject to review at any time."

In terms of reducing the platform's complexity and increasing its power and speed, Beard concludes, "We are focused on designing Platform in a way that we can run core Facebook applications on the same set of APIs you're building on. If our technologies aren't fast, robust, and simple, we will feel the same pains that you do."

What do our developer friends have to say about Facebook's proposed changes and attempts at communicating them? Is it helpful to have some idea of what will be happening to the platform, when changes will occur, and why Facebook is making those adjustments?

Another question that interests us is that of cross-platform development: From what other companies would you also like to see developer roadmaps?

Let us know your thoughts in the comments.

Currently Brizzly is in private beta, but ReadWriteWeb has scored 2000 invites for our readers to test it out! (see the bottom of this post for the code).

Features, Including New Facebook Support

Brizzly is a self-described "social media reader." It's a browser-based service, like Blogger.com. Today Brizzly added Facebook as the second service it supports, after Twitter. Facebook users will be able to view and update their status, wall posts, comments and likes using Brizzly.

Brizzly is similar to Twitter clients such as TweetDeck, Seesmic and PeopleBrowsr (not all of them currently support Facebook though). However power users won't see much reason to switch, as Brizzly doesn't have the advanced features of those products. And that's the point.

The feature set of Brizzly aims to make microblogging a simple and seamless experience for users. For example instead of having to click links to view media such as photos and videos, Brizzly puts those items inline in the user's stream. Another example: Direct Messaging via Twitter has a UI (user interface) very similar to Instant Messaging, which many mainstream users will be familiar with.

Brizzly in 2009 = Blogger in 2003

Brizzly shares much of the same philosophy as Blogger. It's simple to use and aims to make microblogging easy to understand and use by a mainstream audience. This seems like a great strategy. Back in 2003, blogging was at a similar stage in its adoption as microblogging is today - passionately used by early Internet adopters, but not fully understood by a wider audience.

The popular Twitter clients circa 2009 include TweetDeck, Seesmic and PeopleBrowsr. Those are great apps and no self-respecting Web geek would be caught without at least one of them. However it's unlikely that your brother or sister, let alone Mom or Pop, is using those products. Brizzly wants to be the service that introduces your family and friends to the world of microblogging and social media.

Jason Shellen, who RWW readers may also recognize as a creator of Google Reader, was at The ReadWrite Real-Time Web Summit in October. Jolie O'Dell interviewed him about about filtration and discovery on the real-time web. Shellen mentioned that mainstream users probably won't use hashtags to tag their tweets. He noted (at about the 3 minute mark in the video) that "most people are not going to do that [hashtags], so it needs to evolve into a different type of filtration." One of Brizzly's goals is to make hashtags and other "geeky" social media concepts simple for mainstream users to understand.

Less Noise

Regular people often struggle to see the value in Twitter and other social media apps. Web app developers need to find ways to convince people that behind the noise of social media, there is tremendous value.

So how does Brizzly compare to the now Facebook-owned FriendFeed, an aggregation service that early adopters love but most others think is information overload? I spoke to Jason Shellen at the RWW Summit about that. He told me that Brizzly won't blend services together like FriendFeed. It will keep them separate (Twitter, Facebook, other services that are added over time), in order to maintain simplicity.

Conclusion

All in all, we're impressed by the vision of Brizzly and we think it has a good chance of hitting the same wide user base that Blogger.com so successfully tapped. It's fair to say that power users will probably be a little disappointed by Brizzly - but you're not the target audience.

INVITE CODE: ReadWriteWeb readers can access the private beta of Brizzly by signing up using the code "rwwsentme" or clicking here. There are 2000 invites available.

Facebook Platform product manager Mark Kinsey writes on the Facebook Developers blog, "Today we're making the sharing experience on Facebook and off even richer by launching the next version of Facebook Share, with a live counter, as well as new ways to measure how content is being shared on Facebook."

"You can do this programmatically by calling the links.getStats API method, or you can run an FQL query on the link_stat table," writes Kinsey. "By giving you access to this data for all URLs, we hope you'll create tools to help analyze and understand how users interact with your content on Facebook."

The Facebook post further notes that Techmeme, bit.ly, and awe.sm have already put this data to use in analyzing traffic and monitoring user attention.

Late last week, a federal judge in California gave preliminary approval to a settlement of the class action lawsuit regarding Facebook's Beacon program. The controversial program, launched back in November of 2007, allowed Facebook users to share online purchases made on third-party affiliate websites with their social networking friends. The problem with the program was that it was opt-out instead of opt-in, angering many Facebook users who unknowingly shared information they wished they wouldn't have.

Details of the Agreement: Shutting Down Beacon, Paying Damages, Non-Profit Foundation

The case has been in litigation since last year, but now looks like it's drawing to a close. U.S. District Court judge, Richard Seeborg in San Jose, has approved the proposed Facebook settlement that would have the company paying out $9.5 million, two-thirds of which would go to setting up a non-profit foundation to fund "projects and initiatives that promote the cause of online privacy, safety and security." The remaining money would then be split among the lawyers and the plaintiffs, each of whom would receive damages of $1000-15,000, according to MediaPost.

The other major part to the Facebook settlement is the required termination of Facebook's Beacon program in its entirety. Although Facebook had quickly reacted to the Beacon outcry after its launch, changing the system over to opt-in and even issuing a formal apology, the program still exists today. (You can check your settings by going to Settings -> Privacy Settings -> Applications -> Settings tab. Then scroll down to the bottom to see if "Beacon websites" is checked or unchecked. Checked will ensure no Beacon stories get posted to your profile).

If the proposed settlement goes through, Facebook would then be relieved from liability from any future lawsuits regarding the same complaint and even those still pending like the Facebook/Blockbuster class action suit brought in April 2008.

Settlement Sounds Great...Especially for Facebook

On the surface, the proposed settlement sounds fair enough to all parties involved. Damages are paid and Facebook has to promote online privacy. However, as David Johnson points out on the Digital Media Lawyer Blog, Facebook is already required by law to promote online privacy and the safety and security of its users' information per FTC mandates. In addition, Facebook would get to nominate one and have say over the other two board members on the proposed Privacy Foundation's board of directors.

Says Johnson: "Facebook effectively gets most of its money back to fund projects that it is already has an obligation to perform."

Sounds like the real winner here may be Facebook.

You can read the Settlement Agreement here, courtesy of CircleID. The settlement was proposed last month, but only received preliminary approval on Friday. The affected parties have until February 1st to object to the proposed settlement.

In January, 20 million people were accessing Facebook on their mobile phones. By September, that number had more than tripled to a whopping 65 million mobile users. As the company continues to upgrade the mobile user experience, the rate of content generation appears poised for unlimited growth. To test the redesigned mobile site visit touch.facebook.com.

PMN asked 203 panel members about their day-to-day behavior including the time they spent visiting social networks, reading and writing email, texting, talking on the phone, watching TV, reading magazines and surfing the web (visiting non-social networking sites).

When asked what activity they would be least willing to give up for an entire week, only 9% responded with "social networks." However, 26% responded "email." Another 26% said they wouldn't give up texting, although that finding is less surprising and fits in with other known behavioral traits of this particular demographic.

The report also notes that the time spent on social networks is now nearly the same as the time spent emailing. Panelists reported spending 33 hours per month on social networks and 31 hours per month on email. The difference of 2 hours per month is somewhat negligible. What's unexpected is how close those two numbers are to each other.

Questionable Findings?

According to Michael Della Penna, PMN co-founder and Executive Chairman, Gen Y finds email more critical because it remains the central hub for "social networking updates, including alerts around new followers, discussion updates and friend requests." While that may be true to a point, if the only reason Gen Y desired email access was for the social networking updates, it seems they would just go to the source instead: the social networks themselves. Given a choice between the two, it would be likely that they would have chosen to give up email and not their Facebook accounts. Something else must be going on here.

These findings also somewhat contradict a wider study done by Pew Internet and American Life earlier this year which more deeply examined how the different generations use the Internet. At that time, the study showed that email was still "for old people," so to speak, and email usage among teens had dropped from 89% in 2004 to 73% in 2009. Meanwhile, Pew also found that out of all the demographic groups surveyed, Gen Y was the most likely to use social networks.

Then last month, the Online Publishers Association revealed that web surfers' use of social networking sites like Facebook had become so rampant that it was actually causing a decline in email use.

While neither study specifically compares Gen Y's use of email against that of social networking sites, both seem to imply that email use is trending down thanks to the impact of social networking. That's why it's odd to find that one of the more "connected" generations would be quicker to abandon those social sites in favor of the more antiquated medium.

So Why Would Gen Y Give Up Facebook, but Not Email?

The answer to that question could be something as simple as how the survey question was worded. After all, the survey asked which activity they would give up for a week. Ask them again which one they could give up permanently and you may get a different answer.

Another theory is that all the hype about how Generation Y doesn't care for email is just an overblown stereotype about a demographic that, in reality, isn't all that different from the rest of us...at least when it comes to our inbox addiction.

Or perhaps Gen Y is starting to grow up a bit. Now that a large majority of them have exited their "teen" years and have entered the job market, they have begun to learn the importance of email communications. And no, they aren't just for receiving Facebook updates and friend requests. Email may now involve business-critical messages which jobs depend upon.

Finally, it could be that Gen Y has just a touch of Facebook ennui. The network, which used to be an exclusive hang out, has now been overrun by Baby Boomers and other "old folks" including bosses, parents, and sometimes even grandparents. Meanwhile, many have "aged out" of MySpace, finding themselves no longer as interested in the glittery profiles and loud music that seemed much more attractive in their high school days.

In addition, although we don't have any hard data yet, there are reports that Gen Y users are finding solace in alternative, niche social media sites like FML, Failblog, TextsFromLastNight, and Sporcle. Though not typical "social networks," these timewaster sites skew heavily towards young, college-aged adults says Carol Phillips, president of Brand Amplitude, a marketing firm that focuses heavily on the millennial demographic.

In any event, there's no need to take the PMN's study as gospel, especially given its relatively small sample set. Still, it raises the question whether this purported change in behavior deserves further study. Has Gen Y succumbed to email addiction like the rest of us? Or have they always felt this way? We hope some more in-depth research will reveal those answers in the future.

While this incident alone wouldn't generate much excitement given the low-profile nature of the applications affected, it's not the only example of unsafe applications on Facebook. Another researcher just spent an entire month scouring Facebook apps for security vulnerabilities and what he found is disturbing: six of the hacked apps were in the top ten, 9700 applications were affected, and the potential victims totaled 218 million users.

In the case of the hacked Facebook apps found by AVG, the apps had been compromised by the use of "iframes," which are bits of code embedded in the applications themselves. The iframes were able to load content from malicious websites into the applications' pages on Facebook.com, directing app users to install software on their computers by purporting to be an update for an out-of-date Adobe Reader product.

At first, Thompson thought the apps had been hacked by the developers, but as it turned out, it was the developers who were the victims. After looking at the source code for the apps in question, Thompson found that the iframes had been injected into the apps' code due to infected software on the developers' PCs.

Facebook quickly reacted to the situation and took down the compromised apps while also contacted the developers to warn them of the issue.

Thousands of Apps Vulnerable to Attacks

While hacked Facebook apps may still be a bit of a rarity today on the popular social network, security vulnerabilities that could lead to malicious attacks are not. After spending a month on Facebook looking for application bugs, another security researcher made some disturbing findings.

Specifically, the researcher, who goes only by the handle "theharmonyguy" online, was looking for a specific vulnerability he referred to as a "FAXX Hack." FAXX stands for "Facebook Application + XSS + XSRF" or, in other words, a cross-site scripting vulnerability - a certain type of security hole that could allow a hacker to access profile information, including personal details, status updates, and photos of a victimized user and their friends.

The findings showed that many Facebook applications, even those that were widely used and considered trustworthy, lacked basic security precautions. There were some 9700 Facebook applications which were affected by vulnerabilities and nineteen of the applications in question had passed through Facebook's "Verified Application" program, a sort of "stamp of approval" designed to assure Facebook users of an app's general trustworthiness. Among the apps, six were ranked in the top ten by monthly active users including FarmVille, Causes, LivingSocial, Movies, Farm Town, and YoVille. The collective monthly active users counts for all the hacked apps totaled 218 million. However, that previous figure does include overlaps. Also, seven of the top ten application developers on Facebook were found to host at least one vulnerable app. (Note: the 9700 number may seem large but that's due to one vulnerability found in the "Make a Gift!" application. Make a Gift! lets users create their own custom applications for sending gifts, and the myriad of resulting applications are all hosted from the same server.)

While discovering the bugs, the researcher contacted each application developer to make him or her aware of the hole. For the most part, developers responded quickly and took the situation seriously. However, several developers took a while longer to respond. Nine took over a week to patch their application and one even took two weeks. And those delays were not due to the complexity of the required patches - these were, in terms of coding, simple fixes.

What's most concerning about these findings is how widespread the problem was. Unlike the apps AVG discovered, this wasn't a minor, isolated incident affecting a small handful of users. Although the apps in question here were just vulnerable to attacks as opposed to being comprised themselves, it shows how risky it is to use any application, Facebook Verified or not.

Is Any App Safe?

On top of all these security issues, in August many Facebook users were surprised to discover the vast amounts of personal information they were revealing by their use of Facebook quizzes. Even if you limit access to your profile through privacy settings, Facebook quiz applications can see everything on your profile page when you take a quiz...or even when your friend takes one. To make matters worse, Facebook does not screen developers for trustworthiness nor do they require developers to comply with a privacy policy.

With hacked apps, security vulnerabilities, lack of privacy policies, and apps that can read your private profile information, one has to wonder if using any Facebook application is appropriate and safe these days.

Update: Facebook's response: "Developers on Facebook Platform must comply with Platform Policy Guidelines, which require that applications provide a trustworthy user experience. Similarly, applications must post their own privacy policy if they collect any user information. We enforce these guidelines through spot checks and have disabled thousands of apps that we found in violation. We also encourage users to report suspicious apps and practice caution with all of their online activity."

But with SocialSafe, no matter what an evil hacker does, you would never actually lose your data. It's all safely stored on your own computer. (Those people who are currently affected by the ongoing "site maintenance" issue that has locked an unknown number of people out of their accounts could probably have used a program like this too.)

The new addition of Facebook Wall Backup adds another component to SocialSafe's Time Capsule feature which lets you see how your Facebook account has changed over time - that is, from your first backup onward. It provides an overview of your Facebook account where you can see the friends and photos you've added, those you've removed, and so on. It's also an easy way to scan your "digital diary" for any time period. Now with your Wall Posts backed up too, you can quickly navigate to any old post and its associated comments instead of having to manually click the "Older Posts" button at the bottom of your Facebook Wall time and time again.

The new version of the SocialSafe application will be made available for download from the company's home page here.

AVG's research chief Roger Thompson said that LinkScanner users had reported "rogue spyware attacks" from a large number of these profiles. He postulated that the fake profiles were created automatically, which would indicate that someone, somehow has figured out a way around the ReCaptchas used to protect Facebook from bot-created content.

Here are a few screenshots Thompson posted. Please note that all the fake profiles he reported showed the same main image:

According to statements made by Facebook spokesman Simon Axten to CNet, the link was reportedly blacklisted by web browsers and Facebook was blocking the URL. Interestingly,
Axten disagreed with Thompson's assertion that the profiles were automated and the Captchas had been conpromised.

"We're looking into how these accounts were created, but it's very likely that the sign-up process was manual or that the person behind the attack farmed out the Captchas to be solved by humans for a price," he said.

Facebook is working to shut down the profiles. Users are cautioned to keep their distance from any profile containing the image of the woman shown above.

Those claims are now being further backed up by the Nielsen study, which, in addition to noting the financial discrepancies, also discovered that many social networking users tend to be urbanites, especially those engaged in blogging and tweeting.

The study examined seven of the most popular social networking and blogging sites including Facebook, MySpace, Blogger, Twitter, WordPress, ClassmatesOnline, and LinkedIn. Through the Claritas product, Nielsen segments their online panel of 200,000+ participants into demographically and behaviorally distinct groups which include everything from "Young Digerati" to "Heartlanders." After doing so, they found a notable difference between the two top social networking sites, Facebook and MySpace.

According to the research, the top third of lifestyle segments relative to affluence (aka the "richest" users) are 25% more likely to use Facebook than those in the lower third. The bottom third segments related to affluence (aka the "poorest") are 37% more likely to use MySpace. Also of note, Facebook users are more likely to use LinkedIn, a site for professional business networking, and again, another factor which points towards the differences in demographics between the two social networks.

Besides confirming the income discrepancies between MySpace and Facebook, Nielsen also discovered that those involved in blogging and tweeting tend to live in more urban areas such as New York, Los Angeles, San Francisco, and Chicago. The 12 "Urban" lifestyle groups tracked by the company are more likely to use Blogger, WordPress, and Twitter than the 22 "Town and Rural" segments. However, there was no mention of these groups being more affluent, just more urban.