Facebook’s gaping security hole

Forget two-factor authentication. Forget all the talk about how passwords are inherently weak and how the future is about biometric access to our online account. For my money, the biggest security problem on the social web is in how Facebook requires you to use the same account to manage brand Pages you do for your personal profile.

One of the best things I and the people I know and work with do when it comes to the brand publishing programs we manage is to follow the simple “don’t cross the streams” rule. That means you don’t use the same publishing tool for your personal account(s) that you do for anything business related. So if you use Tweetdeck for your personal Twitter browsing, use Hootsuite for business. If you use SocialEngage for one account, use Shoutlet for the other. Following this simple advice seriously reduces the chances you will accidentally post a personal update on your client accounts, or post something meant for one client to another’s page. These are the kinds of mistakes that result in lost account or lost jobs, so it makes sense to reduce the odds of that happening.

While you can setup different tools to manage different Facebook accounts – Shoutlet here, SocialEngage there and so on – doing so still requires you to log in with your personal Facebook page, through which you are the manager of any corporate/client pages you help with managing and publishing to. And that means if your personal account is hacked, the perpetrators then have access to all those pages. That’s a huge problem.

By using tools like SocialEnage, Hootsuite and others brand managers are able to minimize the security risks. They can give their team and other stakeholders access to those tools without giving them direct password access to Twitter, so while it shouldn’t be understated or dismissed, the worst thing that’s going to happen is someone is able to post an unapproved tweet or two before someone realizes what’s going on. They can’t change account information or do more harm. Accounts can still get hacked, yes, but the risks of wide-ranging damage is minimized.

But once someone has access to your Facebook page they can do anything and everything to your personal profile or the business Pages you manage. They can post anything they want, they can change account information, they can take down posts and do a lot of very serious damage.

This is a huge, gaping hole in the world of social network security, one that has a huge number of potential repercussions. Facebook needs to take a break from figuring out how to get brands to pay for more reach for their posts and rethink Page admin access, including offering the ability to setup some sort of business-level account that brands can use to manage a Page or multiple Pages. Then and only then can this dangerous connection between the personal and professional be severed to the point that Pages aren’t at risk every time someone, through no fault of their own, falls victim to a bad-actor who has hacked their personal account.

Opening Day 2014

The Cubs take the field in Pittsburgh today for the first game of 2014. While the 2013 season largely eluded me I’m excited about the start of a new one, maybe because this winter was so mind-crushingly oppressive.

But the fact remains that so many of the games this season, as they have been for the last 12-15 years, won’t be played during the day. And I’m sorry but night games just don’t work for me and wouldn’t even if I did have a cable subscription, which I don’t. Too many of the games have increasingly been on channels I didn’t get and, quite frankly, I’ve got other things to do in the evening.

Plus, my contention that a reliance on night games on one of a half-dozen cable channels is killing generations of potential new fans remains firmly in place. As I’ve said before, the fandom of myself and my generation was built on being able to turn on the game on WGN-TV as soon as I got home from school every day. If it was a 1:20 game I could still catch the 7th inning or so. It it was a 3:05 game I could catch it starting in the 2nd or 3rd. So I saw almost every home game and many of the road games throughout my entire childhood.

If you’re making games inaccessible – they’re currently not part of WGN Radio’s streaming either – you’re not giving the fans the in they need. Why would I pay $200-$300 for a bunch of us to go to a game – or even for an MLB multimedia package online – if I’m not already invested in the team and the players?

Anyway, media theory aside, today the Cubs take the field for the first time in the 2014 season. The snow has indeed melted away from Wrigley Field, though the team won’t play there until the weekend. The wind will surely be blowing since it’s April in Chicago, though which direction is anyone’s guess. And a legion of fans will get their hopes up that predictions of it being an ugly year are over-stated and that somehow the ragtag team that’s been assembled will at least make things interesting in the NL Central this year.

We live and die by other people’s contracts

This story about the percentage of LA residents who won’t be able to watch the Dodgers home opener is the latest item to make me shake my head at how much of our media diet is dictated not by audience desires but by random contracts that are completely ignorant of those desires.

The shifting Facebook sands

In the latest of what’s become a series of stories – some featuring solid reporting, some anecdotal experience and some based solely on speculation – reports are emerging that Facebook is getting ready to cut organic reach for Pages down to somewhere around the 1% mark. And shortly after that Adweek published this story about how some publishers were seeing massive dips in traffic coming from Facebook.

I asked on Twitter the other day if, given all these changes, people would start a Facebook page for their brand if they didn’t already have one. In other words, has the value proposition shifted enough to make putting work into building a Facebook audience not worth the potential return?

Honestly it’s a question worth asking. If know the return you get from reaching 1% of of five millions fans is going to be less than the return from reaching 25% of 100,000, what’s the incentive to keep working at acquiring new Facebook fans?

If you ask me, the winds just changed and they’re no longer in Facebook’s favor. This is the kind of huge shift that makes brands (including those that provide the advertising revenue Facebook depends on) reevaluate their publishing strategy. How’s Google+ looking these days? Is there an upstart waiting in the wings? These are the kinds of things brand managers are researching right now. I know. I’m one of them.

Radio still the best music discovery tool

If you ask me it makes perfect sense that radio is still cited as being the best way for people to discover new music.

Most recommendation algorithms are based on what you already like or what you’ve listened to previously. But that gives you a whole lot of prompts to listen to familiar stuff, whether it’s artists you already like or stuff that may be similar but which you already know you don’t like. But they never – at least in my experience – have been very good at surfacing just random stuff for me to discover. So I still tune into WXRT on a regular basis and find that to be the primary way I hear about bands and artists I otherwise wouldn’t have.

And the more I think about it, the more I see this as a perfect example of how important professional curation like the kind you find via radio, television networks, newspapers and other mass media remains today. While everyone is going on and on about this app pulls stories from your Twitter friends and this streaming service pulls recommended video from your Facebook friends, the best way to find out about things that would ordinarily fall outside the echo chamber is still to open a newspaper, browse through TV channels or listen to the radio.

We can’t go all in on recommendation algorithms in our media consumption because those algorithms do one thing in particular very well: They almost completely eliminate randomness. And sometimes, especially when it comes to discovery, that’s what’s most needed.

Pew looks at social media news reading

Pew has a new report out on the state of the news media in 2014. There’s a ton of good data in there on staff sizes, revenue models and everything else. But what stuck out at me was the information on how people were using social networks to get their news.

Facebook in particular showed up as a way some 30% of the audience get their news, though additional data shows that’s not actually on purpose – people are seeing news and sharing it while they’re on Facebook for other, presumably personal, reasons. And the study reinforced an earlier story about how visitors who come in via Facebook have much lower engagement rates on-site than those who visit directly.

Other stats show that half of Twitter users discover news on the site, though it’s likely much of that is “I was on Twitter anyway” type of discovery much like Facebook. Other studies have shown, though, that in breaking news situations people are more likely to turn to Twitter for updates than they are Facebook.

History of the movie trailer is a great watch

I’m extraordinarily late to this, but the “History of the Movie Trailer” video that recently made the rounds is absolutely worth watching. Here’s the full write-up with background notes if you want to fully geek out over it.

The History of the Movie Trailer from FilmmakerIQ.com on Vimeo.