As citizens of this vast country, it's nice that we can smite the spammers and illegal pyramid schemers that plague our great nation. And then I remember, this isn't ACTUALLY a country. It's a company. If it were really a nation, we would know where we're supposed to offer our comments pre-August 18th and each of the "Rights" would have been spelled out separately as amendments to a pre-existing document. In fact, by now all of this info should have arrived in our mailboxes as a poorly designed pamphlet full of cheesy stock photography.

While Facebook's "Open Governance" redraft is an admirable attempt to encourage crowd sourced decision-making, it lacks the feedback mechanism to make it a success. Critics will argue that this is intentional, but it feels more like the system (or lack thereof) was rushed to the public after the TOS uproar in February. While this amendment to the Facebook Bill of Rights is a fairly tame one, consider joining the Bill of Rights group for future updates and leaving a comment. At this rate, if Facebook acquires anymore companies or services, you might find your entire online identity living in one social networking landscape. It's not like the administration is going to change, let's just hope a loud majority can usher in a better system.

Photo credit: David Drexler

Or was Facebook simply following through on a TOS violation because Chris had accidentally sent out duplicate messages to group members, thereby getting flagged as a spammer and subsequently booted from the network?

On Monday, the anonymous blogger over on Social Hacking posted a link that demonstrated a gaping hole in Facebook which revealed private profile data upon clicking. The hack worked (I tried it at the time) although now the hole has been closed. He later revealed the technical details of this hack on his blog.

However, even before those technical explanations were posted, Chris Almond was spreading the word via the Rogue Facebook Apps Early Warning Group, a group whose members like to stay informed about the latest and greatest threats happening on the social network. All he was doing was publicizing the information - he was not involved in the hack's creation in any way.

Shortly after sharing the information with the group, Chris found his account was disabled.

And because it was disabled, Chris's collection of links and articles he had posted since the group's creation in 2009 as well as all the discussions he had with other group members were gone, too. The group's archive was emptied out.

Does that sound suspicious to you? TheHarmonyGuy (aka Mr. Anonymous from Social Hacking) thinks so. He writes, "While I hope I'm wrong (and I very well could be), it appears that at least part of the reason for the account shutdown was that this user was spreading word about my Facebook attack. It saddens me that other people are having to suffer on my account..."

Flip Side: Just a Simple TOS Violation?

Of course, there are always two sides to any story and this story is no exception. In Facebook's defense, Chris Almond was guilty of a TOS (Terms of Service) violation. You see, Chris had decided to send out personal emails to group members with information about the hack and to invite them to a group event. Unfortunately, he accidentally sent out duplicate emails to some of the group's members.

This triggered Facebook's spam detection feature - most likely an automated system that detects such behavior on the part of group admins. Chris received the warning and realized his mistake. Though accidentally, he had in fact violated Facebook's TOS. He stopped sending any further messages after receiving the message.

But apparently, it was too late for contrition because Facebook soon thereafter disabled his account.

At the moment, Chris is busy pleading for reinstatement. He has sent Facebook the following emails to state his case:

Email 1

Hello

My Facebook account, registered with this email account [EMAIL ADDRESS REMOVED] has been disabled.

I'm not going to argue that I didn't violate terms of use, only that I did so unknowingly and in completely good faith.

Please allow me to explain my activity that led to the disabling. I am admin of a group called Rogue Facebook Apps Early Warning Group. I wished to send an invite to members to a group event I'd created in which information about facebook security issues was shared, containing links to a site that after personal contact with the author I am satisfied is legitimate and non-threatening.

Here is the link I shared: http://theharmonyguy.com/2009/06/22/illustrating-facebook-privacy-problems/

Due to the size of the group, it was impossible to send a group invite, so I decided to personally message members of the group who had posted on the wall. My reasoning was that they were voluntary members of the group and so this was probably an acceptable course of action. Obviously I was wrong about that.

I assume that somebody to whom I sent a message has reported my activity as spam. I can certainly see, in light of what has happened, that it could be construed as such but my intention was to share information about Facebook security awareness, and absolutely not to trouble anyone at all.

Please reinstate my account. I run a small business, promoting music in my local area, and my business will suffer if I can't use facebook for that purpose.

Yours contritely

Chris Almond

Email 2

Hello

I wrote the other day about how I'd shared a link with members of the Facebook group I co-administrate, and how that action has led to the disabling of my Facebook account registered with [EMAIL ADDRESS REMOVED]

I don't know if the manner in which I distributed the message or its contents were the main transgressions in your opinion. I accept that by duplicating a message I triggered an automatic spam alert, and I sincerely regret that particular course of action. Please note, I stopped sending the messages as soon as the first warning appeared.

The link itself was to a hack, described here by its author http://theharmonyguy.com/2009/06/24/facebook-attack-technical-details/

The purpose of the Facebook group I help to run, Rogue Facebook Apps Early Warning Group, is to spread awareness about the weaknesses in Facebook platform that allow unscrupulous Facebook app developers to access users' private information without their explicit authorisation. I am not a hacker, nor particularly technically informed in that area, but I am somebody who is concerned by the implications of such weaknesses. Neither am I, as my group co-admin erroneously stated in an email to you yesterday, working with theharmonyguy. I merely follow his work and believe that the kind of activism he engages in is an honorable, and practical way, of encouraging greater security on Facebook.

A hallmark of my personal experience of Facebook is the worrying amount of applications that find their way onto my account without my permission. Error Check System, the notorious app attack of February 2009 that led to the formation of our group, was merely one of the most aggressive, visible, and widely remarked-upon.

I don't publish sensitive personal info on my account, but many do, and I believe it is legitimate behavior to be proactive in spreading awareness of the issue.

Having accepted that the sending of duplicate messages is in contravention of the Facebook terms of use, I must say it is intolerable that I have been singled out for suppression when, over the course of my time using Facebook I have seen many groups containing material that by any reasonable assessment is racist, homophobic, or in some other regard hate-filled and offensive, and whose admins are allowed to continue their activities.

I am not a spammer. I have never, before this incident, done anything that could be viewed as spamming. I accept that I was naïve in the way I went about promoting the activities of my group. I do not think that what I did warrants permanent expulsion from the Facebook community, and I hope you will agree.

Yours sincerely

Chris Almond

What Do You Think?

So is this a clear-cut case of a Facebook TOS violation being acted upon? Or was Facebook just looking for an excuse to shut this group down? Surely they couldn't have liked the fact that Facebook users were using their very own platform to share news and links about ways to attack Facebook! Still, there wasn't anything Facebook could do about it...unless somebody crossed the line, of course.

Luckily for us, Facebook has not yet succeeded in completely destroying this group. The Rogue Apps Early Warning group itself lives on thanks to co-admin, Stuart Forbes, who is now in charge of the group's activities. Chris's account is currently still suspended.

UPDATE:After this article was published, Facebook reactivated Chris's account.

At this time, we have only heard from a handful users about their banning, but the general feeling among this group of outcasts is that StumbleUpon had actively hunted them down.

Although none of the banned users have received any sort of communication from StumbleUpon, some believe that they may have been kicked off for occasionally stumbling sites that had financial value. While that may be a big no-no on Digg, who prohibits such a thing in their Terms of Service (TOS), on StumbleUpon, it's much more of a grey area.

The reason why it's not as cut-and-dry as on Digg is because StumbleUpon features a ton of categories - to see what we mean, Stumble something today and check out that drop-down box of theirs. There, you'll find categories that very much fit in the "financial value" niche including options like Bargains/Coupons, Business, Daytrading, Entrepreneurship, Financial Planning, Investing, Marketing, and others. Clearly, StumbleUpon is OK with many more categories of sites than Digg.

In addition, the only reason StumbleUpon would terminate accounts according to their TOS is if the account was created with the primary intention to promote a product or service are considered "SPAM." In other words, the occasional accidental spammy stumble shouldn't get you kicked out.

That sentence goes on to say that those spam accounts are subject to termination unless expressly authorized in advance in writing by StumbleUpon. What? It's OK to use StumbleUpon for spamming purposes if you get permission first? That seems odd.

Banned Behind The Firewall

Others who have been recently banned from the site include Ian Lurie of Conversation Marketing, who believes that he may have been banned because he stumbled behind a firewall at work. Everyone in his office showed up as the same IP address, making StumbleUpon question whether or not they were operating some sort of black-hat stumbling farm. Unfortunately, Lurie never heard back either thanks to SU's policy of not responding to their users (unless you have the clout of someone like the high-profile Darren Rowse of ProBlogger, that is).

Starting To Clean House?

Obviously, we don't have enough information just yet to know for sure if StumbleUpon is starting to clean house. These recent complaints brought to our attention could either be business as usual at StumbleUpon or could be indicative of a new trend.

Have you been banned or know somehow who has been banned from SU? Let us know in the comments.

Unfortunately, crgslst may be in violation of the Craigslist terms of use and could face the same shutdown that other similar projects have in the past. This situation brings up a number of questions about intellectual property, RSS and mashups.

Additionally, you agree not to:... use automated means, including spiders, robots, crawlers, data mining tools, or the like to download data from the Service - unless expressly permitted by craigslist;

What's an RSS feed though, but an API that lets 3rd parties download data from a site by automated means? Isn't Craigslist, or at least Housing Maps, the long-time darling of the mashup world? Some folks at least contend that an API is a way for noncommercial mashups to be developed without a lengthy, formal business development process.

There's no indication that crgslst has received any contact from Craigslist, but the history of similar services and the continued presence of the language above in the Terms of Use don't bode well.

Just the thought of a service like this getting shut down is sad. It's a great little site, offering a user experience that Craigslist itself would do well to offer. Who's IP is at work at crgslst, though?

For now, you can check out crgslst and see just one more example of the kinds of magic that becomes possible when a website offers its data in a standards-based format like RSS.