this is not a picture related to boobs

What follows is my method of deciding who to friend on the three major social networks: Facebook, Twitter, and LinkedIn. Your method may differ; I get that. It’ll come off a bit pompous; I get that too.

Facebook

Facebook for me is personal. I friend people on Facebook using the following criteria (at least one of these must be true):

1. You are a close friend
2. You are someone I’ve met a number of times (associate) who I would enjoy having numerous, long conversations with (hint: concepts vs. current events)
3. You are someone I know of and have interacted with only a little, but you’re someone I’d enjoy having numerous, long conversations with

Who’s Not On This List

• High school friends who I have nothing in common with
• Celebrities of any sort who I have nothing in common with
• People I know well but who don’t have anything in common with me (see long conversations)
• Anyone who I wouldn’t trust to have a key to my house

Basically, the criteria is trustworthy people, who share interests with me, who I can enjoy long conversations with about things I find interesting. This matters because this is where I post personal stuff, like thinking of changing jobs, thinking of moving, rants about stupid people, religious and political humor, etc. It’s for close people only.

This results in me having around 100 friends, which is trimmed down from over three times that amount. Clean out your list; life is too short to miss important stuff from those you care about because it’s been squelched by those you don’t.

LinkedIn

LinkedIn for me is professional. No surprise there. I friend people on LinkedIn based on the following criteria (at least one of these must be true):

1. I’ve worked with you directly in the past, and the experience was positive
2. I’ve dealt with you in the past, and the experience was positive
3. I know your name, and know you’d be a valuable professional contact

Who’s Not On This List

• People I’ve worked with, or dealt with, who I didn’t have a positive experience with (could be negative, or even just neutral)
• Random people who send me invites

The goal here is to have a list of valuable contacts, not a list of people I’ve met or seen…ever…while in a work environment. That’s not useful to me.

Also, the upside of keeping your list properly groomed like this is that it’s not a problem to post things like Tripit updates because you’re not worried about someone on the list robbing you while you’re away. If you have that problem on LinkedIn then you’re doing it wrong.

Twitter

Twitter for me is public. It’s a realtime stream of events from the public-facing personas of various entities. Friends, companies, whatever. I have simple criteria for who I follow on Twitter (at least one of these must be true):

1. You’re a friend
2. You’re family
3. You’re an associate who posts interesting content
4. You’re a company I enjoy hearing about
5. You’re a personality I enjoy hearing from
6. You’re informative

Who’s Not On This List

• Boring people (yes, there is a different between entertaining mundane and just mundane)
• People who tweet about the fact that they’re tweeting, i.e. they’re so into social media that they aren’t actually using the mediums to talk about life, but rather to talk about talking about it

Twitter is an information source. I follow people in two main groups: 1) those who are close to me (see the Facebook section), and 2) those who contribute input that I find either useful or entertaining.

From Public to Private, But Not the Other Way Around

So let’s summarize here: Facebook is private, LinkedIn is professional, and Twitter is public. Let’s capture that differently by saying you post things to Facebook that you can only tell your friends or family over dinner. You post things to LinkedIn that you wouldn’t mind on a resume, and you post things to Twitter that you wouldn’t mind being brought up…anywhere. Ever.

This illuminates an interesting model for cross-posting, which is the practice of sending content from one social network to another. The general rule I recommend is that you allow content to go from more public to more private, but not the other way around. So I send my Twitter content to Facebook, but I’d never send my Facebook content to Twitter. LinkedIn sits in the middle, so it could receive from Twitter but not from Facebook, while Facebook could pull from both of the others.

Summary

Your attention is the most precious of commodities. Adjust your networks accordingly, and don’t be afraid to be exclusive. ::

  

So you have a Facebook account, right? And you use Google Mail, right? Good, then this is for you. It’s just recently become possible for you to sign into Facebook automagically, i.e. without entering your Facebook username and password, just because you’re already signed into GMail. It’s full of win.

The wholesomeness that allows this to happen is called OpenID, which is a powerful technology that you probably want to start paying attention to. It allows you to use one online identity on many different websites, and it keeps you from having to give your password to the sites you use. Basically, it offers:

1. Convenience: faster registration on new sites: get setup in seconds
2. Simplicity: a single username and password to remember
3. Security: you don’t give websites your password

If you’re interested in more details, I just finished a piece on web auth technologies here, but the point is that OpenID is blowing up. Everyone’s getting into it: Google, Yahoo, Facebook, Verisign…everyone. The big players who aren’t there now will be soon.

Facebook + Google = OpenID

So, two of the companies that are embracing OpenID the most are Facebook and Google, but in different roles. Within the OpenID system you can be an Identity Provider (someone that websites trust to provide authenticated users), or a Relying Party (a website that has services and wants to accept users from an Identity Provider).

Well, Google is now the behemoth of Identity Providers, and Facebook is now the Grand Pubah of OpenID Relying Parties. It’s a phenomenal combination for users. In other words, Facebook is saying to the world:

We accept Google users as valid users, so if you show up to Facebook and you’re already signed into Google, you’re considered legitimate to us, and we don’t need to authenticate you further.

Setup

So here’s how to get going–in like two minutes. First, sign into Facebook normally–using your Facebook username and password–and go to your Settings. On the default, left-most tab you’ll have a section called “Linked Accounts”. Click “Change” there to add an account.

Select “Google” from the pull down menu and you’ll be asked to allow Facebook and Google to interact. Once you’ve authorized the connection your two accounts are linked! Now sign out of Facebook (but stay logged in to your Google account) and then go to the Facebook homepage. You’ll see some trickery taking place in the URL bar, and then you’ll be logged into Facebook without having to enter anything!

The way this works is just like when you enter an OpenID identity manually on a site: you’re getting transparently redirected to the OpenID provider (Google, in this case) where Facebook confirms that you’re already logged in and subsequently lets you into the site.

The only difference is, instead of you providing an OpenID through a login form, Facebook already knows where to redirect you based on the previous “Linked Accounts” step.

Notice that you can also add a number of other account links as well, including various OpenID providers, and Yahoo! My favorite, however, is Verisign PIP, because it allows me to use two-factor authentication to access my OpenID provider.

Anyway, enjoy your new transparent login to Facebook through Google, and keep your eye out for more OpenID developments around the web. ::

One of the advantages of social content sharing is that if I like what you write then there’s a good chance I’ll like what you like as well. So, we “friend” and “subscribe to” people who share interests with us, in hopes that they’ll not just find additional content in our overlapping interest areas, but that their slightly different tastes will yield new treasures for us to discover.

What I propose is that we bring this tangential-interest concept to our websites directly, with a dedicated “Discovered” content section. So in addition to our main content, which is original, we would have an area for the content we’ve found interesting and noteworthy online.

Imagine a portion of your website that is automatically updated with:

• Things you’ve posted to Reddit or Digg
• Things you’ve voted up on Reddit or Digg
• Things you’ve stumbled at Stumbleupon
• Everything you share through Google Reader
• Bookmarks you’ve added to Del.icio.us
• Books you’ve added to your Amazon Wishlist
• Etc…

…and this stream of discovered content is updated transparently–requiring no intervention on your part. So when someone visits your site and reads your main content, they’ll also see the stuff you thought was cool during your travels online.

Setup

The good news is that this isn’t a theoretical concept. You can do it now. Today. In just a few minutes. Here are the steps for getting it up and running.

1. Friendfeed

First, get yourself a Friendfeed account. This will serve as the foundation for aggregating your discovered content into a feed. You just sign up and add links to your online profiles, and anytime you update any of those services the content is collected in your Friendfeed stream (which is available as RSS).

2. Filter the Data

Next you want to clean up the feed content coming from Friendfeed by trimming the noise from it. Content like Twitter updates or DISQUS comments don’t necessarily point people to new content worth viewing, so it’s best to prune this kind of stuff out out.

You do this by going to your main Friendfeed page [friendfeed.com/$username] and putting the following into the search field at the top of the page:

-service:twitter -service:disqus

Then copy the URL that results when you run that search. Notice that the results URL has an RSS feed associated with it; that’s the magic of Friendfeed, and that new URL will become the input to the next step.

3. Massage the Data

[ These next two steps might seem slightly intimidating to some, but they're not as difficult as they look. ]

Next we use Yahoo! Pipes to manipulate our feed data a bit. We’re really just doing four things with this pipe:

1. Take the input RSS URL from step 2 as input
2. Filter out duplicates
3. Sort by published date
4. Remove our name from the title of each item (annoying for readers)

You can build this pipe yourself using the diagram I have above of mine, but an easier way is to just star with a clone of mine mine and and change two things. Here’s mine for you to clone (you’ll need to be logged into Pipes for it to work).

Once you have mine cloned, just change the top box to your Friendfeed URL, and change the Regex box (last box before output) to your own name. Save your pipe and run it by clicking on the pipe output box, and you should see your own content (without your name preceding each item) in the output box.

4. Make It Available to Your Users

So now we’ve collected your data, filtered it a bit, then cleaned it up using a Yahoo! Pipe. Now it’s time to make it available for consumption. The first thing to mention here is that the Yahoo! Pipe itself that you created in step 3 is already an RSS feed, so you can put a link to it somewhere on your site as one method of making it available.

My preference, however, is to actually parse the RSS itself and display the contents of the feed on the page in a sidebar. This way the content is visible on the page itself rather than requiring readers to leave your page to go view the RSS feed. We’re going to use Google’s Feed API to pull the RSS feed and display it.

This may sounds scary, but here’s the code to do it.

// this goes in your HTML HEAD section

<script src="http://www.google.com/jsapi?key=ABQIABBA1XbMiDxx_BTCY2_Fkgh06RSaGTYH694l8mBDNb0Y73WNNa8VNxQEevTyrr6OwBo0lv7TDAH5Q"></script><script type="text/javascript"> google.load("feeds", "1");</script>

// this goes in your body section where you want the content to display

<script type="text/javascript"></p>

<p>var feedcontainer=document.getElementById("discovered");
var feedurl="http://feeds.danielmiessler.com/discovered";
var feedlimit=75;
var header="<h2>Discovered Content</h2><ul>";</p>

<p>function GetDiscoveredFeed(){
var discovered<em>feed=new google.feeds.Feed(feedurl);
discovered</em>feed.setNumEntries(feedlimit);
discovered_feed.load(displayfeed);
}</p>

<p>function displayfeed(result){
if (!result.error){
var item=result.feed.entries;
for (var i=0; i<item.length; i++)
header+="<li><a href='" + item[i].link + "'>" + item[i].title + "</a></li>";
header+="</ul>";
feedcontainer.innerHTML=header;
}
else
alert("Feed retrieval problem!");
}</p>

<p>window.onload=function(){
GetDiscoveredFeed()
}</p>

<p>&lt;</p>

<p>p></script>

There are a couple of real simple things to modify in this code:

1. The Javascript API Key in the first section that goes in the HEAD. You need to get yourself a free one (it takes like 30 seconds) and replace the one shown with yours.
2. Where you see var feedcontainer in the second piece of code, you need to make sure that the “discovered” parameter matches the DIV where you’re dropping your code.
3. Change the feed that’s being called (var feedurl) from the feed I have there to yours.

Setup Help

That’s it. Once this is configured you’ll have a feed like the one you see to the right…a list of links that makes an excellent supplement to your own original content.

If you are having trouble with any of these steps, contact me directly and I’ll help you get up and running. ::

This is an interesting post about how the concept of PageRank for URLs is becoming dated at best, and obsolete at worst.

The idea is that people post in multiple places, and that search engines need to track them across all of them, not just their highly ranked home URL.

So basically, the reputation rank would be on the person, not the URL.

This is a neat idea, and it’s pretty much like whuffie from Down and Out in the Magic Kingdom.

In the novel, everyone walked around with a reputation score hovering above them, which was a combination of all their various contributions to society. And as you did things your score would go up and down.

Interesting. ::

It’s getting exciting in the world of cross-network authentication. Let’s review. I can now:

• sign into Digg using Facebook
• sign into DISQUS using Facebook or Twitter
• sign into Facebook automatically using OpenID (with two-factor authentication) or Google
• sign into FriendFeed using Google, Twitter, or Facebook

We’re quickly approaching the point where we’re going to be able to log into one major service (Google, Facebook, OpenID, etc,) and from there access all of our other services without authenticating.

As it stands now, I can already log into my OpenID provider, visit the Facebook homepage, and be transparently logged in. Today this works on Facebook. Soon something like it will work for your bank as well.

This is a good thing, but there’s a catch.

Security

While this is completely phenomenal from a functionality standpoint, we need to consider the fact that single-sign-on (SSO) raises a serious security concern: it significantly increases the impact of an account compromise.

If my OpenID account gets me into Facebook, and my Facebook gets me into Digg and DISQUS and FriendFeed (where I can post to Twitter, of course)…then a compromise of my OpenID account means a compromise of all those other accounts as well. Basically, once someone gets into your main service, your entire online identity can be hijacked.

Authentication Strength: More Important Than Ever

As single-sign-on solutions get more popular (i.e. now) we are going to have to give significantly more attention to our authentication standards and processes. Traditionally this has meant having a strong password, and while that is an essential piece of it, it’s arguably no longer enough.

What we really need to do is move to a strong/multi-factor authentication system. This means combining at least two of:

• something you know (passwords, pins)
• something you have (tokens, smartcards)
• something you are (biometrics)

So if someone guesses your password to my OpenID account, for example, they still can’t get into my account. They know my password, but they don’t have my mobile phone with my soft token on it. That’s multi-factor authentication, and it improves your security greatly when done right.

My current recommended way of doing this is by adding two-factor authentication to OpenID, which can be done via Verisign PIP for free. VIP can be used to add two-factor auth to major sites like eBay and PayPal as well, and soft tokens are available for popular mobile phone platforms if you don’t want to carry an actual token.

Strong Authentication Alternatives

In addition to tokens a number of other innovative options are available for multifactor authentication. Vidoop is an interesting system that combines OpenID functionality with a unique picture-based authentication system. It’s not technically multi-factor since it relies on something you know twice (password, then the images), but it’s still considered strong authentication.

Plus there are number of systems that use other things we commonly have with us to provide an additional factor of authentication, like sending a one-time password to your mobile phone via text message.

Conclusion

Social web service integration is upon us. Very soon, signing into websites using local credentials is going to be an indication of one of two things: 1) your single-sign-on system is broken, or 2) you’re using a website so ancient that you might want to consider an alternative.

This is progress, and it’s progress we should embrace, but we need to keep the risks in mind and take steps to mitigate them. So yes, enjoy the new powers given to you by single-sign-on, but do your best to protect yourself by looking for strong/two-factor authentication options within your favorite online services. ::

Links

[ Strong Authentication | wikipedia.org ]
[ Two-factor Authentication | wikipedia.org ]
[ Single Sign On | wikipedia.org ]
[ OATH | openauthenticaton.org ]
[ Facebook Connect | facebook.com ]

People struggle with why Twitter is special. It’s special because it counters, better than any other technology, the timeless social obstacle of “out of sight, out of mind”. Regardless of how much time you’d spend with a given person if they lived nearby, relationships atrophy when distance comes between you.

The longer someone you care about is gone, the more an invisible barrier grows between you–one that makes it awkward to reinitiate contact. It’s as if loved ones over time somehow change from tangible people into abstract ideas that require effort to interact with. This sinister effect of distance turns best friends into strangers, and technologies such as mobile phones and video conferencing don’t help. They don’t help precisely because the barrier is the initiation of contact, not the ability to communicate once connected.

Twitter solves this problem in a way that no other technology has. Through a stream of common, real-world updates about one’s life, Twitter reminds our fickle, here-focused brains that those we care about are real, and prevents them from disappearing into the world of the abstract. In short, Twitter’s magic is that it’s able to keep close people close regardless of how far they are from each other, which is a feat that no other technology has been able to accomplish. ::

Here’s an interesting question: what is your standard for deciding when to add a given person to these various services?

1. Twitter
2. Facebook
3. Friendfeed
4. LinkedIn

Here are mine (I think).

Twitter

Anyone that seems interesting. I treat this as a content discovery method in addition to a personal communication system. I differentiate this by only doing SMS updates to close friends while using web or app retrieval for everyone else.

Facebook

Only people I’ve met or know in some way on a personal level–including people from high school, college, and such. I also include high-profile people in areas that I follow–but only if I am familiar with their work. The standard for those types is that I will have something to discuss with them when I do talk to them. If I don’t, then I don’t add them–even if I know they’re famous or well-known.

Friendfeed

Same as Twitter.

LinkedIn

This one is like of like Facebook, but for the professional side. In other words, I mostly add just people I know, and when I add people who are well-known in my industry I only do so if I know their particular sub-field and work well enough to carry on a conversation with them easily. If not, I don’t add all the big names just for the sake of having them there.

What are your criteria for adding to these various services?

For Facebook to be as big as it is, it seems like it’d be easier to answer the question that everyone is asking:

How do I get my content from other services, like Google Reader, Picasa, Delicious, etc. into Facebook?

Of course, there are a million apps for Facebook, and using them you can probably hack together a solution to get all your non-facebook content into your stream. But that’s a manual process, which is “meh” at best.

Turns out, there’s a Facebook-native way of doing it. Just go to your Facebook homepage, click on your Profile tab, and then on Settings under the Share button, as seen in the image below.

From there you can add quite a few services to your Facebook stream, which means when you add things to those services directly, that content will be displayed automatically within your Facebook page. Here are the services that I’m pulling natively into Facebook:

[ NOTE: To get your Twitter updates into Facebook, load this Facebook application, and enable the option that says: "Want Twitter to update your Facebook status? Click here!" ]

One word of caution: now that you are able to do this, prepare to be bombarded with questions from your friends like “How did you get x into your Facebook!?!”. Just point them here for now, and hopefully Facebook will do a better job at communicating this functionality in the future. ::

Related

[ A Few Thoughts on Social Networking Tools | dmiessler.com ]

At this point, FriendFeed’s real purpose is to give users a glimpse of what’s to come for social networking in the future. More specifically, FriendFeed has now become a way to test future Facebook features before they make it to Facebook.

I think it’s really cool that FriendFeed is providing this service, but it’s also sad because they aren’t performing this role knowingly. In their minds, they’re actually competing with Facebook.

Kind of cute, really. Well, cute in a sad way. ::

It is considered good social networking etiquette–especially on Twitter–to warn your followers that you are posting a link to content on your own blog or company website.

I hereby reject this for the following reasons:

1. When I follow someone it’s because I think they, on the whole, produce content that I want to read vs. content that I find spammy, boring, or otherwise low-signal-to-noise. If this ever stops being the case, I will no longer follow, and I don’t care at all where that content comes from.
2. If you’re worried that the links I post might be “spam” then we already have a much more serious problem than a labeling issue.
3. The odds of my own content being significantly lower quality than the content I enjoy and share from other sources that you DO enjoy, is low.
4. If I don’t have to warn you before I tell you I am going to get a coffee at Starbucks, then I damn sure am not going to warn you before I refer you to a piece I wrote that I think you might find valuable.

In short, what it really means to warn people that you’re posting your own stuff is:

I wrote this, so it’s probably way lower quality than what I normally post.

But if that were the case, then you probably wouldn’t be following me in the first place.

The whole purpose of social media and networking is to put yourself out there–to share your life and ideas with others. There is simply no more pure way to do this than to show people what you’re thinking and writing about.

So no, I will not shield or obscure my own perception of what I find interesting in what amounts to a preemptively apology. If you like what I normally post then you should also like what I write about. From the follower perspective, you either trust me to post content that is somehow worth your time or you don’t. ::