Twitter is Circling The Wagons

With two recent news stories (both encapsulated in this article), a trend is beginning to take shape in how Twitter is planning on dealing with users viewing, creating and managing tweets outside the Twitter-native clients and website.

Twitter wants to end that.

This is a rather short-sighted plan, and will no doubt hurt Twitter in the long term, but what does that actually mean to the average user?

First, it means that automatic cross-posting of tweets to LinkedIn is coming to an end. There are still third-party ways to perform this kind of action, but the officially-sanctioned methods are being shut down. Generally, since Twitter and LinkedIn are used for two very different audiences, that’s not a problem. However, for Information Workers using both services, it could be a bit of a hassle.

Secondly, Twitter looks as though they are trying to curtail the ability of third-party developers who want to create Twitter clients on various platforms. Instead, Twitter would prefer if everyone used their official clients for Windows, Mac, iDevices, Android, etc. or else used the Twitter website.

Why would they do that? Simple, they want money. Advertising and sharing of bulk data from their network are how Twitter makes their cash, and third party applications can skew those funding sources a bit. A non-Twitter client may not properly report all the information Twitter wants to sell to people, and may not show all the ads and sponsored tweets that Twitter wants advertisers to buy into.

Granted, if there’s one lesson that a decade of DVR’s and years of non-ad-supported pay-for-download content services have taught, it’s that users hate ads. The “digital generation” would rather spend hundreds of bucks on Tivos or rent/buy media through iTunes than watch it on ad-supported networks. This hasn’t, however, stopped advertisers from trying to load shows with more ads in some kind of futile game of cat-and-mouse for our eyeballs.

Twitter knows they need to sell ads to make money, and anything that can reduce that ability must be ended, quickly. Cross posting to and from LinkedIn was the first thing to get stopped – an opening salvo in the ad war over social media. Reduction of functionality for third-party clients appears to be the next step, even though that hasn’t been brought to bear just yet.

So what can you do? You could get used to using the native Twitter applications. They’re not horrible, and they may do what you need. If not, you can vote by letting Twitter know you’d be willing to pay for a premium service offering that lets you use any client that you want. If enough folks say they’d pay for that option, Twitter might find that appealing and make it happen.

Make no mistake, Twitter *will* reduce the functionality of third-party software. It’s the only way they can make money, and like any other business in the world; their goal is to make money. You can vote with your wallet, or you can get used to using the service for free in only the ways they say you’re allowed to. Your choice.

I, for one, would be willing to pay for an open Twitter platform. I could cough up US$3-5/month for a service without restrictions. But that’s just me. What do you think? Sound off in the discussion section!

I Shouldn’t Have to Say This, but DO NOT POST PICS OF YOUR CREDIT CARDS

Strangely enough, it would appear that a large number of people have – for reasons that defy logic and sanity – been posting pictures of credit and debit cards via Social Media. Don’t believe me? Check out the Twitter account of NeedADebitCard and see for yourself.

So, since it apparently *does* need to be said, I’ll say it: “Do not, under any circumstances at all, post a picture of your credit/debit cards, work ID’s, personal ID’s (like your driver’s license) or any other personally identifiable documents. Ever. For any reason. Seriously.

Now, here’s why:

We are not alone

Along with all the great folks, customers and colleagues you can meet on social networks, there are a large number of people who live in the dark alleys of the Internet.

As you can see from that Twitter account, anyone can see the pictures you post – sometimes even if your account is marked as “private.” That means an ID thief, using the same exact (legal) tools that the Twitter account creator used, can harvest tons of credit/debit card numbers, expiration dates, and account names. They can then use that information to purchase easily re-sellable objects and turn your card into quick cash.

It’s bad enough that folks are getting tricked into giving up their information by people who have tampered with ATMs and card scanners, we don’t need to make it any easier by purposely sharing information with these crooks.

Security isn’t always that secure

I’ve personally been to several websites that do not require the 3-4 digit security code from the back of the credit/debit card to make a purchase. Even very legitimate websites don’t always ask for the security codes, and that means when a thief has the number, your name, and expiration date; he or she can rob you blind without ever seeing the back of your card.

Let’s all use a little common sense here

I have a rule for what you should and should not post online. It’s very simple:

If you wouldn’t say it out loud in the middle of Times Square in NYC, or wouldn’t want the photo to be posted to a billboard in that same location, don’t put it on any social network, sharing site, or comment page.

Think about that for a second. “My client is squeezing me out of every penny” – probably wouldn’t mind saying it out loud if it was true, and no client was identified.

“My client BigCompany is a bunch of assbags.” – I would definitely hesitate to say that in front of a ton of strangers. After all, the CEO of BigCompany might be standing behind me.

“My client is sleeping with my boss.” – that’s not coming out of my mouth unless the only person I want to hear it is the ONLY person in the room. I might say it on a phone call, may say it personally to someone, but would never say that surrounded by a large group of people I don’t know.

Same goes for pictures. I wouldn’t mind a picture of me at a trade show or professional event up on a billboard. Mildly embarrassing, but that’s about it. However, a picture of my birth certificate is something I definitely would *not* put on a billboard anywhere, but especially not on one seen by millions of people a month.

Social Media is like Times Square. You cannot control who hears or sees what you post. Even direct messages will be broadcast to the world if you make one mistake while posting or attach a picture to the DM. Never say or show anything on any sharing site that you don’t want your neighbors, your boss, your family, and/or the local criminal element to see or hear. Not even in a DM or private message, not ever.

Stay safe, and think before you post. Your credit score, employment and mental stability could very well be on the line.

Editor’s Note: The card shown at the top of this page is a “dummy card” that doesn’t belong to anyone and has invalid numbers, insignia and dates. This means that you can try to use it all you want, it won’t work, and it doesn’t belong to the author.

You have Facebook Mail – even if you don’t want it.

Congratulations. Even if you never asked for it – even if you didn’t want it – you now have an email address. Oh, and it’s your default.

Not learning from previous firestorms over opt-in versus opt-out policies, Facebook has decided that you really want all email to go to [email protected] in all circumstances, so they’ve made the change for you. To be clear, this is indeed a safety and security issue, and Facebook’s idea is very good, but their implementation is horrifically flawed and getting people pretty steamed up.

What happened is that Facebook as changed your default email address attached to your profile to [email protected] This means that if anyone uses Facebook to find and use your email – something many business users want to happen – they will not get your real e-mail address, but rather a pass-through address. You’ll get your mail, but the person sending it won’t get the correct e-mail address.

Problematic on many levels, the biggest issue here is that Facebook didn’t tell anyone or ask permission. They simply made the change for all Facebook users. So if you wanted visitors and friends to see and use your real email address, that won’t happen. For many users, this is a very good thing, as it promotes privacy and stops web crawlers from harvesting your address for spam. For business users who *want* to have customers reach out to them, this is a big problem. For example, even though not public on Facebook, I have a special email address that I use for site/blog visitors to contact me. I want people to use that email address (which you can find in the sidebar of this blog) and specifically *not* to use any other one they may have seen or heard.

Luckily, you can turn this new “feature” off pretty easily. Simply log into Facebook, and click the small down arrow in the upper-right corner near the word Home.


Then click on Account Settings, and then click “Edit” in the section for your email addresses. Make your preferred address the default, and then either ignore or delete the new email address you find there.

I do applaud Facebook for taking the initiative to offer more anonymity and security for their users. I also will take them to task for yet again not making the default for a new setting “off” instead of forcing it on every user across the board. Much like any other mandatory Facebook “feature upgrade” they have missed the mark, and caused more users to avoid or overcome this feature instead of using it where it is a best fit.

Maybe next time…

Yeah, I’m back on Facebook

Well now, that didn’t last long.

After totally removing my Facebook presence not that long ago. I began to realize that I did, indeed, need a Facebook account.

Here’s why I made the decision to come back:

– Everything requires it these days. So many different sites use Facebook as their main signin/login methodology, not having a FB account made it very difficult to use a ton of services on the web.

– People couldn’t find me. Believe it or not, there are many folks who use FB as a way to find people they’re trying to get in touch with. That may be searching for my blogs, or just trying to reach out to me about various topics. And so, it’s become like having a listing in the old-school phone book.

But, I’m doing things differently this time:

– You’ll see there is almost no information about me on FB. I’ve purposely kept my profile clear of anything but the most public information about me, and I won’t post anything there that isn’t set up for the whole world to see anyway.

– I rarely do anything there. My Tweets do get posted there, and blogs will shortly show up there, but that’s it. No more games, updates, location check-ins, or anything else that isn’t just a cross-post. I *may* make a comment or two, if I’m feeling really moved to do so.

So, I’m just using FB as a digital phone book and a single-sign-on for various sites around the web. It’s a good compromise for a necessary evil like FB, even if I still do hate the company. I’ll give them the absolute bare minimum required to “pay” for their service, and that’s all.

So LinkedIn got hacked, now what do you do?


Into each life, a little hacking must fall – it’s become a universal law of the Internet as of late.

As many now know, LinkedIn seems to have allowed about 6.5 million usernames and passwords slip, and they’re now becoming open information. That’s bad, but not the end of the world, and there are steps you can take to protect yourself.

First, here’s what appears to have happened. Somehow, a database of usernames (which for LinkedIn are email addresses) and passwords got into the wild. This was either an accidental breach or a direct theft, time will tell. While the passwords were obscured by a hashing technique, the tech used was notoriously easy to crack, and the bad guys have already begun doing so. Several hundred thousand have already been cracked, meaning that over time the rest will mostly become public.

It’s possible your username and password were discovered, but frankly I would advise against trying to find out or waiting to know for sure. If you have an account on LinkedIn, here is what you should do right now:

– Don’t panic. This was a great piece of advice for Arthur Dent in The Hitchhiker’s Guide to the Galaxy, and it applies just as well here. Yes, your account information may have been stolen from LinkedIn, but if you act quickly and sanely, you can ensure that the breach does not impact the rest of your online life.

– Change your LinkedIn password. Doing so is fast, easy and will fix the problem even if your password was not among those compromised. Open a web browser and go to the LinkedIn home page and log in. Then, in the upper-right corner of the page, click on your name and then on Settings from the mini-menu that drops down. Halfway down the settings page, look for “Account Settings” and click on it. Then click “Change your password,” put in your old and new passwords and you’re done.

– Change your password on any other site that you have used that same password and your email address to log in with. Since the data thieves can now get access to that username/password combination, they’ll try to use it on a wealth of other sites to see if they can get into your accounts across the web. So if you used that same email/password combo elsewhere, you should consider any site with that info to be compromised and change your info there as well.

Now, what to do about this for the future:

– DO NOT click on any link in any email saying that your LinkedIn account has been compromised and asking you to log in to change your password. The official emails LinkedIn will send out will *not* have links in them, they will ask you to manually go to the LinkedIn site and change your password there. There are already reports of phishing emails that are trying to use the fear of this breach to get non-compromised people to give up their login info, so be extra careful.

– Use unique passwords for sites. This gets difficult fast, so use a password manager like 1Password (or many others) that can auto-generate custom passwords and track them for you. This way, you remember the master password (which never leaves your desktop/laptop/phone) and the system handles filling in the unique passwords on the sites.

– Demand that social networks (and any other sites) use stronger security. These LinkedIn accounts were exposed because the data that was stolen was protected using a very weak form of hashing technology. LinkedIn could have used a stronger method, which wouldn’t have stopped the theft, but would have made it much more difficult for the thieves to use the data for anything.

Granted, a dedicated thief with time, equipment, and knowledge could eventually crack any set of data. However, if the thieves would have had to spend months un-encoding the passwords in order to use them, they may have decided it wasn’t worth the time and effort. It’s not a cure, but it is a preventative measure that could have, and should have, been put in place.

Once more, don’t panic. Take a minute or two today and change your passwords. Make sure you’re not using that same email/password combo elsewhere. Never click in links in email (go to the site manually via your browser instead). This advice works equally well for any website where you have user account info, and can keep you from losing your mind when breaches inevitably happen across the web.

Photo Credit: TheSeafarer

Why you need a social email address.


Email is a part of daily life. A few companies trying to outlaw it aside, everyone uses it and deals with tons of mail every day. What many users of Social Media don’t think about is keeping that email separated from their personal email accounts via another address entirely.

There are many reasons to set up and keep a distinct email for all your social stuff, but the two main ones are:

– Anonymity: If you’re planning on creating a persona distinct from your real-world one, then you want to keep email from and/or about that persona distinct from email that you get for everything else. This also goes for the inevitable spam, “new feature” blasts and all the other garbage you *will* get whenever you sign up for a Social Media site/network. Keeping a different address just for your accounts means that you can ignore it whenever you need to, while your co-workers and friends can still get their messages to you on your “real” address.

– Company ownership: Following on from last week’s post, there is always the chance that you may change jobs at some point. Hopefully, that’s because you got a spectacular offer and voluntarily left. If you’re using Social Media in conjunction with your job, and then suddenly aren’t, will you still have access to your work email until you can shift everything off of it? For most of us, the answer is no, and that poses a major problem. By using a different email address that you control, you can get everything that doesn’t belong to the company off of it, then hand it over to them if they want it.

A cautionary tale to illustrate both points:

I was just listening to a story about a friend who had two co-workers quit. As is the usual case in these instances, he got to watch their email accounts in case a customer who didn’t realize they left reached out for something. He now knows way more than he ever wanted to about their social lives, and also knows that they’re trying very hard to change login information, addresses, etc. Why? Because they both used the company email address when signing up for Social Media sites and networks, and all those emails are still flowing in.

So, better safe than sorry. Sign up for another email address (possibly a free service like GMail or a low-cost fee-based option, your choice) and use that address for your Social Media stuff.

Photo Credit: Horia Varlan

Keeping work and play apart

Talking to people means you have to have things to say. That’s a pretty basic rule of conversation, and it can lead to some interesting consequences on Social Networks.

While talking on Twitter, Facebook, LinkedIn, etc. you will meet all different kinds of people. They’ll want to have all different kinds of conversation on a myriad of topics. You have to be very careful not to fall into the trap of saying something inappropriate in timelines and pages that are directly affiliated with your company, lest you incur the wrath of the Powers that Be.

In my case – just as an example – my company preferred that I did not tweet personal conversations on my corporate identity, so I have two different Twitter timelines. @miketalonnyc for personal stuff, @VSI_MikeTalon for anything dealing with my day job. This lets me talk to my online friends about whatever I want, without those conversations crossing over to the timeline I use when I need to transmit corporate messaging.

There is another reason to keep different identities for work and play – ownership. When you tweet about your company, you’re directly affiliating with your company. That means – unless you have a written document saying otherwise – that the company can claim ownership over your Twitter, Facebook and other accounts. Why would they do this? Because your friends and contact lists constitute a customer list of sorts, and companies absolutely love customer lists! While this is still being challenged in the courts, at least one case may end up in favor of a company over the guy who built up the Twitter follower list. That’s bad enough, but he may have to pay the company in question for “using” their customer list if he loses the case – no small amount of cash to be sure.

By having one identity used for work, and one for your own stuff, you can clearly show the line between what posts and followers are yours and which “belong” to the company you’re working for.

In some cases, you may be lucky enough to be able to keep one account for work and play. If you are, get it in writing to protect yourself, then have at it. For the rest of us, keeping two identities is a good idea both to allow you to speak freely and to ensure you know what both you and your organization own.

Photo Credit: KM Photography

It’s about communication


As with any form of transferring information, social media can become mired in the idea of broadcasting information out, instead of being true communication.

Take Twitter, for example. Many folks use this networking tool as a broadcast medium. They send out dozens of tweets, but never interact with anyone else. Others do nothing but retweet and repost, but do not listen for feedback. This is a one-way broadcast, not a true communication or collaboration.

Facebook, G+ and Pinterest can be the same way, with people blasting out update after update and pin after pin, but not listening to what other folks are saying in comments or in their own independent posts.

Falling into the trap of broadcasting only can be a killer for any Information Worker. We’re planning to use social media to communicate with customers, potential clients and others; but in reality we’re just screaming into the wilderness. That means the message will quickly get lost.

It’s relatively easy to communicate instead of broadcast, but it does take a little effort. Here’s a few simple ideas to keep in mind:

– Follow other people. So many folks on Twitter just send out information, but follow so few people back that they cannot possibly be listening to what’s out there. This isn’t to say that you should automatically follow everyone, or that you should randomly follow folks. See who interacts with you, and pick some people who you want to interact with. Then follow those people to foster a two-way communication stream.

– Reply and answer back. In addition to posting, read the timelines of those you follow and those who comment on your posts. Reply to them to say thanks, or to ask questions or make comments to foster more dialog. This doesn’t have to be an all-consuming time-sink, just a few minutes here and there in your day is enough for most people.

– Do share links and retweet/repost, but don’t flood your timeline. Forwarding on things you find that are part of your message is a great idea, but a constant stream of links and RT’s can put people off. Instead, use a service like Buffer to spread out your links and other posts so that you reach more people in more places. This gives you the ability to start a dialog with more people in more places, too.

– Talk about other things. Yes, we – as info professionals – mostly talk about what we’re doing/selling/creating. That’s normal and expected, but shouldn’t be the only thing in your timeline. Talk about what’s going on around you – such as local cultural and sporting events happening near you. This allows people to see that you’re not a one-trick-pony, but rather a real person who is willing to talk, not just broadcast. This shouldn’t be forced, however. Pick things you’re interested in to talk about. Got a hobby, play certain games or have an interesting side-job? Talk about those things, so you can show that you’re interested in more than just the corporate message.

Remember, social networking is networking. Multiple people sharing information and talking to each other. Don’t fall into the trap of making your social media streams become a loudspeaker that tunes out anyone else online.

Photo Credit: Wayne Large

What We Can Learn from the Instagram Buyout…

Money1It’s not news to anyone that Facebook bought out Instagram for One Billion US Dollars.

For me this was a bit of a kick in the gut, as I had just recently left Facebook over concerns about how they use personal data (see last blog post on this site).

So what did I learn from seeing an app I love being scooped up by a site I would rather not be part of?

– Be wary of anything free.

Free software that is not ad-supported should be a gigantic warning sign whenever you see it. If an app has no revenue stream, then it has no purpose but to get itself acquired by some larger company that actually makes money. Hat-Tip to several folks I follow on twitter (@miketalonnyc) who have already posted quite a lot of info on this phenomenon.

– Never assume your data is going to stay put.

When FB integrates Instagram, you can be sure that all the photos you have taken on the indie app will end up on Facebook. Whenever you post something online, just take it for granted that it will eventually become public. No matter if because a site changes its policies, or gets bought by a company with different policies, any data that you don’t hold on your local machine will eventually be seen by everyone.

– Always know how to remove (and how to keep) your stuff.

Instagram has a page where you can delete your account – so you can indeed remove all the data they have from you. That doesn’t help much if you actually want to keep all your photos and move them elsewhere. Sites like can give you a backup of your photos before you delete them, and even move them over to another site if you want. Note that this site is also a free app, but at least they take donations so they have *some* kind of revenue stream going.

– Know where to go next.

There are generally many apps that can do something you want to do. Finding the right one is tough, though, as many of those apps are bad ripoffs of the one you need to get rid of. Sites like AppAdvice can help sort through the crap to find the good tools.

As for my personal feelings on Instagram:

It was a great tool that did some nifty things with photos. That was about it. I loved using it, and would have liked to keep using it, but I very much dislike Facebook and don’t want the apps I’m using to be owned by them.

I’m very happy for the creators of the app who just hit a major payday, and I don’t fault them for taking the money when it was offered.

Finally, I did not “rage quit” Instagram. I took a day, thought it over and really asked myself if the app was good enough to keep using it in spite of who bought it out. The answer – in my case – was “no.” So I calmly found a site to help me get my data downloaded to my desktop, deleted my account, and then the app. No one should get so attached to an app that major changes like this cause them emotional turmoil.

So what did I switch to? Hipstamatic. It lets me take fun photos with filters and effects, and it’s not a free app, so it’s less likely they’ll get bought out and make me go through the process all over again in the near future.

Photo Credit: Amagill

Don’t Panic Over Requests to See your SocMed

AlarmSilenceAlright, we’ve all seen the headlines.

Employers are demanding to see your Social Media profiles, and even – in some cases – demanding usernames and passwords to sites.

Before you panic, keep a few things in mind:

– Asking for your profile information before you are hired (NOT username/password) is something you should not fight against. There are two reasons for this. First, that information will only let them see what’s already available to the public at large, and so it’s stuff they could find on their own anyway. Giving them your screen names will at least let you know they’re looking. Secondly, knowing that they’re looking can come in handy, as you can ensure that there’s nothing you don’t want them to see before you hand over the info.

– Asking for private information before you are hired is NOT OK. Asking you for your login information is a severe violation of privacy, and should not be permissible for any employer. They cannot ask for your bank account information, they cannot – in most states – ask if you’ve been arrested (though, interestingly enough, they CAN ask if you’ve been convicted of a crime) – why should they be permitted to ask for private online information access?

– Asking for private information after you are hired is another story. If you signed an employment contract that gives them the right to ask, then you have to give up that info or risk termination. This is why you need to read your pre-employment and post-employment documents very carefully.

What I’m saying here is that many employees are raising the same level of alarm to the question “What is your FaceBook name?” as they are to the question “What is your FaceBook username and password?” These questions are not the same, and should not be handled the same.

The first question is perfectly reasonable. They want to see what you let any other person in the world see already, they’re just lazy and don’t want to Google search for your profile. The second question is a privacy violation.

We – as a community – need to differentiate between the two and only scream about the true violations, otherwise we risk having the general employer community accuse us of crying wolf over the issue.

That being said, what should you do if asked either type of question?

If they just want to know your online name, give it to them. Prior to beginning the interview process you should have made attempts to sanitize your profiles anyway.

If the interviewer demands your login information, politely refuse. Also inform them that you will note that the question was asked, and take your refusal into account if you are denied employment. In short, put them on notice that you’re still happy to work for them, but that you will not be pushed around.

Read ALL documents carefully to ensure you’re not giving away rights to your personal accounts. This is critical, as you may need to turn down a job offer if the company demands that all employees give up their logins. You may be able to negotiate a rider to your contract that explicitly states they don’t have rights to your Social Media accounts, but usually it’s either “do this” or “don’t work for us.”

If your employment paperwork does not explicitly state that you are required to give that information as a condition of employment, and you are still asked for it; refuse. Also note that you are not required to do so by your contract, and be very clear that you feel that logins are Personal Information and not subject to company disclosure. Let them know that they are very much welcome to view your public information, however; so that it doesn’t appear like you’re trying to hide anything.

In short, treat your FaceBook, Twitter, Pinterest and any other Social Media site login info the same as your bank account info, your medical info, etc. Unless you specifically agree – in writing – to give up that information as part of your employment, don’t give it up.

What if you get fired over this? I’m not a lawyer and you shouldn’t take any legal advice from me, so I won’t give you any. If you are terminated for not giving an employer your login information, seek legal help immediately. If you are denied a job for not giving your login information during an interview, seek legal help immediately. Many free advocacy groups exist, so hunt around and get help!

Secondly, if the employer in question is going to be that strict about your personal life, do you really want to work for them? If you have no choice (it is still a bad job market, after all) then you have to make a very tough decision, but if not, walk away. The employer may realize their mistake and ask you back, sans the request for your passwords.

To sum up: If the company only wants to see public information, or if you willingly agree to give them the logins in your contract, then give it to them. If they fire you unduly, or refuse to hire you because you won’t give them personal info, get legal help. But don’t raise the alarm over public data or data you agreed to give up, save that for the real bullying and privacy violations.

Photo Credit: Flattop341