John Dillon, the CEO of Engine Yard, was one of them. Dillon was CEO of Salesforce from 1999 until 2001, when he was ousted by founder and current CEO Marc Benioff. Heroku specializes in the development of Web applications on Ruby on Rails. So does Engine Yard. Now his old company is a competitor. He shared a few thoughts about that in an interview last week. But here are the highlights: First, he thinks Salesforce overpaid for Heroku. Second, he thinks the deal is an admission that Force.com, Salesforce’s own application development environment, isn’t working.

NewEnterprise: So John, what did you first think about the Heroku deal?

John Dillon: I certainly didn’t expect to compete with Salesforce. First of all, we know the Heroku guys really well. We even talked at one point about combining the companies. They’re into Ruby on Rails, which is the best environment for building applications in the cloud. We’re kind of going after the same market. They were going after smaller players and we were doing more industrial-size customers. Both companies had been approached to be acquired at different times, and in either case the deals didn’t get done. We had pretty good confidence in our future. So then Marc Benioff goes out and spends more than $200 million for a company doing maybe $2 to $3 million in revenue. It’s kind of an unbelievable multiple. Of course its a massive endorsement of Ruby on Rails, but it’s also an admission that Force.com isn’t working. You don’t spend that much to buy some additional technology if your core product is working well. I think they’re struggling, and I think they’ve created a bit of a Frankenstein.

You really seem to think Salesforce overpaid for Heroku.

Absolutely. It was somewhere between 80 and 100 times revenue. When VMware bought SpringSource it paid maybe 20 times revenue and that was considered a phenomenal deal.

If that’s true, why do you think Marc Benioff would pay that much?

Because he was desperate to find a way to shore up Force.com. He’s been touting it for three to four years and it hasn’t lived up to expectations.

So what does Engine Yard bring to the table?

We deliver a lot of the components you need to build and deploy and run applications in the cloud. There some 20 to 30 components, the load-balancers and Web servers and app servers, and databases, and Ruby on Rails. What we’ve done is we’ve integrated all that, and we’ve automated the ability to provision it and we’ve hardened it. That means the development team doesn’t have to worry about any of that. And that’s where you make a lot of mistakes that can cause your Web site to go down. But because we’ve used mostly open source, there’s not some big cost that you have to bear, when you’re using someone like Oracle that sells you all this stuff, and then you have to pay 20 percent a year in maintenance. Our customers pay us for success. Building the application is inexpensive. You can build it and if it doesn’t work you can throw it away. But when you build it and deploy it and lots of people use it that you start paying because it’s based on resource consumption.

Who are your customers?

They’re all over the map. And then we have your traditional enterprise companies. From a Web standpoint, we have Get Satisfaction. We have gaming companies like Playmesh that make social games for the iPhone. Most of our enterprise customers don’t let us name them. But we have a few Fortune 500 accounts. About 20 to 30 percent of the time we have customers who sign up using a credit card and we call them up and find they’re inside some household-name corporation.

What kind of an exit are you contemplating? IPO or get acquired?

I’m building the company to go the distance. We have the market opportunity and the executive management talent, and we have the business traction. So it seems very doable. The IPO market hasn’t been very friendly. If it opens up I think we’re a strong candidate to IPO in a couple years. It’s not very much fun to be a public company. We have a very real shot at it. But I also think this is going to be a really wild period in M&A activity. I think a lot of companies that don’t understand the cloud are going to buy their way in because they’re otherwise going to get left behind. Our investors are in it for the long haul and I have plenty of money and access to plenty of money. But if Salesforce is going to pay more than $200 million for Heroku then I like what our value looks like.

The service seems remarkably similar to 4chan, the rowdy image-sharing message board, but rather than anonymity, Canvas requires that users have accounts (would-be users currently sign up through Facebook Connect), and unlike 4chan, Canvas keeps an archive of posted graphics (and will reportedly later support other media).

Poole has described his goal with Canvas as trying “to reimagine what an image board should be today using the current technologies available.” Canvas and 4chan are run separately.

Unlike the many personal and professional image-sharing sites that already exist, Canvas seems oriented toward PhotoShop jobs, cartoons and memes (more like Cheezburger, which often riffs off 4chan-originated concepts, and just raised $30 million for an Internet comedy empire). Canvas is backed by Ron Conway, Marc Andreessen, Chris Dixon, Kenneth Lerer and Joshua Schachter.

Image via TechCrunch.

Netflix’s dramatic growth in user base and market cap have had a lot to do with the company anticipating market changes and making audacious bets, but it has been relatively plodding and hesitant about getting social.

Netflix explained in the shareholder letter (PDF) accompanying its quarterly earnings report that its Facebook integration will accompany an effort to split household accounts into multiple personal accounts.

In part because of the company’s history as a DVD mailing service, a Netflix account is affiliated with a particular address. That’s also the way traditional television providers measure their market: In terms of households.

But online video, Netflix notes, “is more naturally individual, since it is watched on personal screens like phones, tablets, and laptops, as well as on shared large screen televisions.”

In addition to helping identify discrete people within a household, Facebook integration would presumably allow Netflix to help users do things like share their personal viewing history in their newsfeed and recommend videos to friends. Understanding social networks could improve Netflix’s famously honed recommendation algorithm. It might also be an opportunity for Netflix to create social viewing experiences.

Currently, Netflix lacks much in the way of social features; it had yanked a previous effort to offer social sharing last year after saying that relatively few subscribers used it.

However, the company has recently staffed up for a renewed social effort.

Mike Hart, previously Netflix’s director of engineering for APIs, is now director of engineering for social. Hart told Fast Company in November that Netflix sees social as an international user acquisition strategy and an opportunity to avoid disruption by a competitor that is more social.

Netflix also appears to view personal accounts as an opportunity to charge more money. The company said in the shareholder letter that later this year it will start offering new account options that include multiple simultaneous streams. (So, for instance, you could stream TV episodes in the bedroom on your iPad while your spouse watches a movie in the living room through the Roku.) The streaming-only plan Netflix recently launched costs $7.99 (which some industry watchers say is too cheap) and allows just one stream at a time.

Netflix noted in the letter that its new grand internal vision is to target the number of active mobile phones in an area, rather than the number of households (though that might be a bit ambitious in places where it’s common for people to have more than one phone!).

Please see the disclosure about Facebook in my ethics statement.

All the security attention paid in recent years to securing the Windows desktop and the applications running on it have paid off a little, Cisco found, making it harder for computer scammers to successfully carry off their intended crimes on that platform. The trouble is they’re now starting to focus more attention on mobile devices, including Apple’s iPhone and iPad, and devices running Google’s Android operating system, Cisco said.

Meanwhile, the overall global volume of spam, which often contains troublemaking links that are used to deliver attacks, decreased for the first time ever in 2010. Even so, spam still increased in some developed countries where broadband connections are multiplying. In the United Kingdom, spam volume nearly doubled, while the volume in France went up 115 percent. The U.S. saw a slight decline–11.1 trillion messages down from 11.3 trillion in 2009. Spam in Brazil, China and Turkey also declined. Some of the decline can be attributed to last year’s arrest by FBI agents in Milwaukee of a Russian accused of being the “king of spam,” and to the shutdown of a few botnets used by scammers to send spam.

One thing about Cisco’s report that’s likely to draw some attention is its finding that the raw number of vulnerabilities on Apple products appear to be growing. Apple users are usually pretty sensitive about this topic, and any comparison of the Mac to Windows on the security front tends to make them grind their teeth and pound out annoyed comments on tech blogs. I know because I’ve done the same teeth-grinding and have in the past criticized other reports for similar findings.

Here Cisco is addressing vulnerabilities that Apple has itself documented and patched in software updates. One thing that’s not clear to me–though it sure looks like it–is whether Cisco is combining vulnerabilities found on both iOS (iPhone and iPad) and OS X (the Mac). The data it’s using is from its IntelliShield service, which tracks vulnerabilities and security incidents, and shows that over five years Apple’s vulnerabilities rose, from less than 200 in 2006 to more than 350 in 2010. That rate was higher than Microsoft and Hewlett-Packard and Cisco itself, the report found, though it goes on to say that Apple has worked harder than most other vendors to protect its users. Security is one of the reasons Apple imposes such strict rules on what’s available in the App store, though people still jailbreak their phones.

Another trend Cisco found is something called “money muling.” Tom Gillis, VP and general manager of Cisco’s Security business unit, describes money muling as using unsuspecting people who are attracted by “work at home” spam messages and Web ads to participate in money laundering by moving small amounts of money into bank accounts, just a few thousand dollars at a time. He says the operations around this are becoming increasingly elaborate, and criminals will devote a lot of effort to developing it this year.

I talked with Gillis about the report and other security trends that Cisco found. Here are a few highlights from our conversation:

NewEnterprise: So you’re seeing fewer attacks on Windows and more on mobile devices. Is that simply because there are more of them?

Tom Gillis: It’s the simple fact that there’s this new class of mobile device coming into the enterprise that used to be a phone and now it’s a computer, and it can access enterprise information. So what we’re seeing is that the raw number, but not the severity, is down on Windows. Part of this is that Windows 7 was a very good release on Microsoft’s part from a security standpoint. And we’ve got these new devices coming into the enterprise, and so we’re seeing a shift in focus of attacks on these mobile devices. They’re vulnerable to attack and they’re relevant in the enterprise. Two years ago this would have been too small a population to be meaningful.

What kind of attacks are you seeing?

It varies. In some cases there’s a little “phone home” code in a free gaming app. Pretty gentle stuff so far. But as people start using smartphones to access sensitive information we need to start thinking about security considerations on these devices. There’s a larger theme here that the whole nature of attacks is changing dramatically. The fact that spam volumes dropped at all is a big tell. For 10 years this has only gone up. We’re not forecasting a steady decline in spam, but the fact that it slowed down at all is an indicator of the shift in the way that attackers are using email. The attacks are more targeted and personal, for one thing.

Can’t some of this decrease be attributed to some of the arrests that happened last year?

It can. There’s been a handful of arrests. And they went after not only the botnet operators but other parts of the spam value chain. There are firms and entities that build botnets of compromised machines that relay the spam, and then there are other firms and entities that rent time on those botnets that do the merchandising. The biggest category is selling fake pharmaceuticals. Some of these fake pharma operations were shut down and the people associated with them arrested. It’s not an easy thing to do, because they’re global, they move around, and so to make an arrest in this space is a huge accomplishment.

So what is the thinking now about securing the mobile device?

We think there are two ways to make mobile devices work in the enterprise. The flood of devices into the enterprise is huge, and everyone wants to use them to check their email and access corporate directories and other fundamental things. There needs to be some kind of software on the end point–the phone or device. It will have to be light. You can’t have some kind of antivirus suite running on the phone. It would be a little piece of software that’s on all the time that knows when you’re behind the corporate firewall and when you’re not, and manages your connection accordingly. We bought a company called ScanSafe that has 40 data centers around the world. When you’re outside the firewall it connects to you the nearest data center and enforces your corporate policies, but all you as the user know is that it just works. This notion of being on or off the corporate network goes away. And we can do all kinds of scanning for security, independent of the device that’s being used.

This year we also saw the Stuxnet attacks, which we now know for certain were carried out against the Iranian nuclear program. Clearly this is a new kind of attack that can be mounted against industrial control systems via computer networks. Is Cisco researching this?

Massively. Often these types of attacks are targeted against Cisco’s biggest enterprise customers. Who buys Cisco’s infrastructure? The biggest banks in the world, the defense contractors. If the goal of an attacker is to disrupt an economy, their targets will be our customers, and they’re demanding a response from us. I like to call it global threat correlation, but it comes down to taking huge samples of network traffic and picking out good traffic from the bad. Cisco has a good advantage here because our equipment is so widely deployed around the world. As we start measuring traffic we can develop reputation data on every publicly routable IP address on the Internet. As we start putting telemetry info into that equipment–and the customer can choose to enable it or not, and it’s turned off by default. But people turn it on because it helps them against the unknown kind of attacks that are popping up. If a Web server says its a Web server, but you just saw it sending spam three minutes ago, there’s a pretty good chance it’s part of a botnet. Once you know that you know that, you can start to mount a pretty good defense. We’re putting a lot of energy into developing that, and it’s proven to be pretty robust.

The company’s “social modules” dynamically populate with fresh content on any topic.

So, for instance, a news organization could automatically input the tags associated with its articles into a module, and on each page it would show relevant tweets about similar topics (and not just lame redundant retweets of the article itself, like you often see).

Or a site could show a live-updating widget that displays its most tweeted articles that day. Publisher IDG is already using the modules on some of its sites.

Anyone can create a self-service module, and Topsy will offer premium features such as analytics and revenue-shared advertising. Content within the modules is automatically filtered for profanity and language preference.

You might ask why Topsy and its random blog widgets are important. For one thing, Topsy is among the few independent players remaining in real-time search, with OneRiot pivoting to focus on ads, and Ellerdale acquired by Flipboard. Twitter does have its own search service, but it stores only a week of tweets at a time.

Topsy organizes its index of eight billion tweets using social signals, such as figuring out which accounts on Twitter are influential and which tweeted links are important, something Google and Bing are only starting to do. That’s a change from the dominant PageRank mindset, where a parent domain carries a certain weight without differentiation for all the different people who have accounts on it, from influential authorities to spammers.

And while it’s true that few Web pages need any more widgets than they already have, prominent tech publishers like Business Insider and TechCrunch use Twitter sidebar widgets from PostUp (formerly TweetUp) that show a rotation of promoted accounts. A more timely and dynamic alternative like Topsy Social Modules might be more useful.

Sites like Gilt are supposedly exclusive discount fashion communities, but the reality is they will take anyone who will pay. Groupon, which just got Google to say it was worth as much as $6 billion and is on the verge of an investor valuation of $4.75 billion, is a glorified email list. Sure, users must swarm a deal to activate it, but that always happens. And users can share deals with their friends on Facebook and Twitter, earning referral rewards if they buy a deal.

Hitwise researcher Bill Tancer told me via email that only 8.3 percent of Groupon traffic comes from social media referrals. That’s compared to 24 percent of Groupon traffic coming from shopping and classifieds Web pages (as in, ads) and 13 percent from email sites.

Upstream traffic from social networks as a portion of total Groupon traffic declined 83 percent from Nov. 9 to Nov. 10. Tancer said the move from social networks to email reflects the shift of Groupon visitors from early adopters to mainstream users.

The thing is, as seen particularly in the gaming business, social may have the capacity to be an incredible multiplier for any industry. Facebook CEO Mark Zuckerberg has said more than once that he thinks e-commerce will be one of the next big sectors to be disrupted by companies that are built to be social from the ground up.

Linking social with commerce is tricky. Besides user reviews and accounts, which have been around forever, much of social commerce is very basic.

For example, Amazon recently launched the most minimal of minimal Facebook integrations, recommending products based on opted-in users’ public “Likes” and giving gift suggestions for friends with upcoming birthdays. The Web retailer could have gone much deeper, by, for instance, automatically connecting Amazon users to their Facebook accounts or helping users tell friends about new items they have bought.

But that would have raised privacy hackles, as with previous Facebook initiatives, such as the discontinued Facebook Beacon effort or the current Instant Personalization program.

Some retailers are trying to sell things directly on Facebook, such as Delta Air Lines tickets and JCPenney apparel. I see the point of trying to capture users on the sites where they spend all their time, but it seems a little awkward.

Not to say Facebook isn’t already developing a burgeoning business in virtual e-commerce through its gaming partners that could eventually extend to real-world goods (although the margins would be much worse).

And, yes, there are all sorts of real-world deals you can access by playing the “mayor game” on a local social service like Foursquare.

Also on the start-up front, the collage community Polyvore arranges deals and creates tools to help its two million users influence fashion designers, and indie retailer Moxsie asks its Twitter followers to help it choose what items to sell.

There are also start-ups, like Payvment and Milyoni, that provide tools for Facebook storefronts. And the purchase-sharing platforms Blippy and Swipely are social commerce taken to the extreme.

While none of those are Groupon-scale businesses, there are many playing around with the potentially explosive combination of social and commerce.

One cool example of social commerce I just saw today was in a post by E.B. Boyd at Fast Company.

Tea Collection, a boutique children’s clothing maker, used the Facebook Like button to decide which of its selection of discontinued girls’ dresses to deeply discount. When a $59 dress was chosen by user Likes, it was discounted to $10. It quickly sold out at a loss, but additional purchases by customers brought in by the sale gave the company one of its biggest overall sales days ever.

Within two days, sites like LinkedIn and later Blizzard Entertainment and Yahoo had advised their users to change their passwords.

The latest company caught up in all this is the New York Times. A little more than an hour ago, the Times sent an email to customers (see below) whose email addresses appeared in a searchable database of compromised Gawker commenting accounts, warning them that if they used the same password on nytimes.com as they did on Gawker, it would be a good idea to change it. There is no evidence of any funny business on the Times’ Web site.

Incidentally, in case you missed it, Gawker’s technology head, Thomas Plunkett, circulated a memo detailing what happened at Gawker and what it plans to do in response to the incident. One thing it will do is offer disposable commenting accounts that users can ditch easily, and for which storing an email address won’t be required.

Here is the email from the Times:

NYTimes.com Wed, Dec 22, 2010 at 5:15 PM
Reply-To: nytdirect@nytimes.com

In case you missed our recent article “Gawker Sites Hacked and Passwords Compromised”
http://nyti.ms/hjNvlY we are writing to inform you that databases belonging to Gawker Media were compromised and hackers obtained more than one million user names, e-mail addresses and passwords.

While there is no evidence of suspicious activity on NYTimes.com we wanted you to know that
the e-mail address you registered with NYTimes.com matches an e-mail address that was on
the list of Gawker e-mail addresses and passwords that were published online.

If you use the same password for NYTimes.com as you did for Gawker, we strongly recommend you change your password. Changing your NYTimes.com password can be accomplished by visiting the Member Center page: http://www.nytimes.com/membercenter. After logging in to your account, click on the ‘change’ button associated with the password field which can be found under the Account Summary heading.

Here’s a Gadgetwise post with tips on developing a good password (in brief: do not make it a real word, keep it long and mix in an unusual combination of letters and numbers).
http://nyti.ms/gGR3kz

Please contact Customer Support at 1-800-698-4637 or e-mail customercare@nytimes.com with any questions.

Have a safe and happy holiday season.

The New York Times Company
620 Eighth Avenue
New York, NY 10018

However, we’re starting to get more information about how the McDonald’s incident appears connected to hacking incidents at other sites. Chicago Business is reporting that the company responsible for McDonald’s email marketing is Silverpop Systems, and that it had been operating under a subcontract from Chicago-based Arc Worldwide.

So who else is a customer of Silverpop? Yesterday I received an email from someone who’s a customer of deviantArt, a social network where artists share their creations. DeviantArt has a base of 13 million users. Got an account there? You’d better change any passwords that overlap with other sites. The site advised customers that their accounts were compromised, and blamed Silverpop.

It could extend much further yet. Silverpop has more than 100 clients, and not all of them are publicly disclosed, though here are a few, found on its client quotes page and its case studies page: Stamps.com, Pitney Bowes/Mapinfo, Encyclopedia Britannica, Santander Consumer Finance and watchmaker Fossil. There’s no word how any of those other companies are affected, if at all.

Silverpop CEO Bill Nussey said in a blog message to customers that the FBI is investigating the incident, and that only a small percentage of Silverpop customers have been affected. He also said that Silverpop was “among several technology providers targeted as part of a broader cyber attack.” Stacy Kirk, a Silverpop spokeswoman, wouldn’t say anything beyond what’s in Nussey’s message.

I’m beginning to wonder if there’s some indirect connection between what happened to Silverpop and what happened to Gawker. I’m speculating here, but it’s no stretch of the imagination that numbering among deviantArt’s 13 million users are some of the 1.5 million people whose accounts were compromised in the Gawkergate affair. And the FBI is investigating both. Thomas Plunkett, Gawker’s technology chief, told me by email that there’s no evidence of a connection. Then again, as Business Insider tells it, he hasn’t yet had his meeting with the FBI.

Maybe I’m looking for connections that aren’t really there, but it’s really not hard to see how the breach at Gawker could turn out be the start of a domino effect that’s much larger than anyone has yet realized. There certainly is a lot of grumbling about changing passwords today.

If you know more more about any of this, get in touch!

Below is the email to deviantArt users.

From: deviantART.com (address deleted)
Date: Mon, Dec 13, 2010 at 5:54 AM
Subject: RE: Email Notice

Silverpop Systems, Inc., a leading marketing company that sends email messages for its clients, told us that information was taken from its servers. This was probably part of a sweep by spammers. As a result, email addresses belonging to deviantART members were copied. Corresponding usernames and birth date may also have been removed.

We can assure you that nothing occurred on our systems with respect to this incident and no access was gained to private information on deviantART’s servers.

As a member of deviantART, you certainly have a right to know when an incident of this kind occurs. Unfortunately spammers are an unavoidable part of living on the Web.

The likely result of this event might be an increase in spam to your email. Experts have told us that there is an increase in email scams out there on the Internet and you should be cautious. Only click links or download attachments from people you know, particularly if they ask for personal information, and be sure that your email service provider has adequate spam filters.

Because we value the information that members give us, we have decided not to rely on the services of Silverpop in the future and their servers will no longer hold any data from us.

Example 1: Twitter saw a rash of promotional tweets for a bogus berry weight-loss product, the result of a security breach thought to be connected to the Gawker break-in.

Example 2: LinkedIn has temporarily disabled the accounts of any users whose email addresses turned up in the public database of hacked accounts. It’s asking those users to reset their passwords.

LinkedIn PR guy Hani Durzy says the move, which started yesterday afternoon, has only affected a “small fraction” of LinkedIn’s 85 million members. He says the social network made the decision proactively, not because it had any evidence that any accounts had been misused;  LinkedIn now has a blog post on the topic.

Some context/math: Gawker has said it has had to notify users of 1.5 million email addresses to change their passwords following the break-in.

If, for argument’s sake, half of those emails belonged to LinkedIn users, that would be less than one percent of the company’s user base. And likely much less: For some reason I have two emails connected to my single LinkedIn account. And both were exposed during Gawkergate, so I got two emails this morning.

No real debacles so far, but that doesn’t mean we won’t see them. Who’s next?

The social version of Pulse will be available only for iPad for now, and is to be released this afternoon at 3 pm PT.

Palo Alto, Calif.-based Alphonso Labs, which makes Pulse, recently stopped charging for its apps and raised $800,000 in venture funding. CEO Akshay Kothari came up to San Francisco today and showed me the new iPad app.

The new Pulse for iPad gives users three feeds of Facebook information: Friends’ status updates, friends’ shared links and a historial look at the user’s own Facebook wall. In keeping with Pulse’s design, items are image driven and easily swipe-able, and expand into a second panel when users tap on them (see screenshots). Users can add comments or “Like” statuses and shared links as they would on Facebook, but this is more of an alternate way to consume content than a full-featured Facebook client.

As with other content feeds, Pulse caches the 25 most recent Facebook updates in each category, so a user who goes somewhere without Internet access could continue to read the content there.

As Alphonso grows from being some young folks with an interesting design approach into a real company, it is exploring closer relationships with publishers like the Huffington Post. “We don’t want to be a company that makes a news reader,” said Kothari. “We want to help people discover awesome content.”

Kothari added that with the influx of new users since Pulse went free two weeks ago, Alphonso is looking to improve content discovery by mining user data to show a “most-emailed” story list across all feeds.

He said his aim is to get away from the hierarchical structure of Web sites–where one must return to the homepage before moving on–and help people scan quickly through potential reading material. Ultimately, Kothari said, recommendations will be done through a balanced combination of machine and social factors.

Further reading: Earlier this year, Pulse was mentioned as an example app by Steve Jobs, then yanked from the App Store due to complaints about content usage by the New York Times. The app was quickly reinstated and Alphonso has an open dialogue with the Times about how best to send it new readers and subscribers, according to Kothari.

But that system, introduced by Twitter back in June 2009, is going away.

The messaging service hasn’t taken down the icons it assigned to certain famous users, which were supposed to tell users they “can trust that a legitimate source is authoring their Tweets.” But in most cases, it is not assigning new badges.

Twitter actually shut down verification at the end of August, but almost no one seems to have noticed. Aside from this ClickZ story,  the only other mention I can find of the change is this vague note on Twitter’s help site, which says the company is going to replace the old system with a new one “that will be better for users.”

One reason Twitter and the famous people who use it have been able to soldier on: Verified accounts haven’t been completely closed–if you’re really, really important, the service may be able to help you out.

“We continue to very selectively verify accounts most at risk for impersonation on a one-off and highly irregular basis,” Twitter PR exec Carolyn Penner writes.

One recent worthy: Apple marketing exec Phil Schiller, who showed up on the service early, way back in 2008, but didn’t start actively using it until this month, when he earned the “verified” badge.

[Image credit: Annie Mole]

Facebook said the issue only affected a “fraction of a percentage” of the social network’s users, and they fixed it within hours. The company also deleted all the ID information that some people sent in.

But the incident raised an interesting question: Why was Facebook asking for real-world IDs in the first place?

Unlike some other social networks, Facebook takes pride (and pitches advertisers) on the idea that its users present their real-world selves. But the ID request isn’t part of a broader effort to verify users’ identities–something that sites in countries such as China sometimes do.

Read the rest of this post on the original site

Google publicly shamed Facebook this week for not giving its users the option to export the email contacts of their Facebook friends and import them to Gmail. The rapid-fire kerfuffle between the two companies came after private talks about sharing such data had broken down, and is apparently working, with tech industry opinion seeming to side with Google, even though few if any users seem to actually care about the issue. Sooner or later, if users start demanding to own their email lists and complaining about Facebook being evil, it will happen.

But the actual battle isn’t about reciprocity. If it’s on purely moral grounds, everyone’s hypocritical here. Facebook has arrangements to share user email addresses with Microsoft and Yahoo, and Google has in the past impeded Orkut users from exporting emails to Facebook. The reason this is playing out this way is because of the contentious relationship between Facebook and Google, and Google’s planned competitor to Facebook, a.k.a. Google Me.

As a larger question, what captivates me is how much value people are putting on user email addresses. Are our email addresses really the best proxy for who we are?

If you peel back the back-and-forth, the substance of Facebook’s argument is that Facebook users are on the service because it’s a social network, not an email application. When you use Facebook, your friends are identified by their (usually real) names, and you hardly ever see their email addresses. From Facebook platform tech lead Mike Vernal’s comment on TechCrunch:

Email is different from social networking because in an email application, each person maintains and owns their own address book, whereas in a social network your friends maintain their information and you just maintain a list of friends. Because of this, we think it makes sense for email applications to export email addresses and for social networks to export friend lists.

But to Google’s point, if people want to deactivate their Facebook accounts and/or try another service, they shouldn’t lose what they’ve created. When you join a new service, the best way it becomes useful and interesting is to quickly find and invite your existing friends (see: network effects)–and the best way to do that is to import a list of your email contacts.

The problem is you don’t own your friends’ email addresses; they do. Email is the only successful example of a decentralized social network.

Facebook has a privacy setting that lets you decide who specifically can view your email address. But that’s just within the centralized system of Facebook; you don’t (yet) get to choose where your email address can be shared. Plus, as we all know, Facebook’s privacy settings can get rather complicated, and both we users and the company change them over time.

Say I have a business contact I don’t want to share my personal email with, and she goes and exports her Facebook email contacts so she can fill out her Yahoo Mail contact list. Those settings need to carry over. And even if they do, spam and invasions of privacy are pretty much inevitable.

But am I my email address? As someone who’s very recently changed jobs, I know firsthand that link can be broken. I registered for so many of the sites I use with my old work email, and my whole address book was locked up there too. Now I have to reconstruct those relationships with a new identity. But I can do it. I’m still myself, after all.

Probably all of you reading this have more than one email address, and often multiple people use the same email address or the same computer. There’s not a one-to-one link between self and email, and the overlaps are often confusing and annoying.

Besides email, other options for an identity token might be your phone number, your social security number, your Facebook user name or your fingerprint.

But email seems to be the agreed-upon best proxy for Web services. Companies like RapLeaf run their businesses on connecting and aggregating information about people based on identifying their valid email addresses (and incur concerns about the implications of getting all that data in one place and selling it).

The stakes in this battle are increasingly high. Both Facebook and Google want to be our identity on the Web. I stay logged in to Gmail and Facebook all day from my laptop, and reap the benefits of those services being integrated with other ones, whether it’s a related service like Google Calendar or a new doodad that I can use Facebook Connect to register for.

Both Facebook and Google are striving to do two things:

• Represent us best by collecting our connections and experiences
• Be our token to bring that identity the rest of the Web

So think about where this is going. Facebook last week introduced a single-sign-on feature for phones (first on select Android apps and soon iOS). The way this will work is when you open a participating app, you have the option to connect to Facebook and bring your identity and friends with you. So the first time you use the app, it knows you and your context. You can imagine if this were to extend to Facebook’s Instant Personalization product, and you were to get a phone that out-of-the-box got your Facebook account and then automatically set up your contacts, preferences, apps and anything else you want or need. It’s powerful stuff.

Please see the disclosure about Facebook in my ethics statement.

But that’s not enough for O’Brien. Or, more likely, it’s not enough for Time Warner’s (TWX) TBS channel, which is paying big money to bring O’Brien back to TV next month. In any case, someone is paying Twitter* to make @TeamCoco a “Promoted Account”–one of the first that Twitter has rolled out today.

Here’s what that looks like (via my “New Twitter” homepage):

A little redundant, and I’m probably not going to follow two different Conan accounts. But whatever. It doesn’t have any material impact on the way I use Twitter, which remains both free and useful to me. (Except when it breaks, as it seems to have done just now.)

My hunch is that I’m going to feel the same way as Twitter starts to carve out increasing amounts of real estate for ads and other revenue-generating products on its platform. That’s what media companies do, after all.

And in fact, here’s another small ad move coming out of Twitter at the same time. It has moved up its “Promoted Trends” product from the bottom of its topics list to the top, where I’m more likely to see it.

Or at least it says it has: My Twitter Trends feature, which is set to “New York,” doesn’t show me any Promoted Trends at all. If and when they do show up, the fact that they’re up higher won’t make much difference to me, because I almost always ignore Trends in general.

And that’s the real risk for Twitter here–not that users will be turned off by ads, but that they’ll ignore them, just as they do throughout most of the Web. When’s the last time you clicked on, or even looked at, a Gmail ad from Google (GOOG)?

*It is possible that no one is actually paying Twitter to promote TeamCoco, and that the company is throwing it in as a promotional freebie, as it did in some cases when it rolled out “Promoted Tweets.”