Search This Blog


Wednesday, February 19, 2014

The Hard Truth About How The Facebook News Feed Works Now

facebook (Photo credit: sitmonkeysupreme)
In December, Facebook changed the way it selects the stories and updates you see in the News Feed, that center column of updates, photos, videos, and links you see when you go to or open a Facebook app.
In a blog post, Facebook said its new algorithm would favor "high quality" stories over "memes."
But far beyond publishers of "high quality" or "meme" content, the change had a very wide, negative impact on lots of companies and professional.
Over the past half dozen years or so - since the News Feed became a thing - all kinds of people have built businesses and careers around getting attention in the News Feed.
  • There are online stores big and small with big Facebook "Fan Pages" that use the News Feed update their "fans" about new products.
  • The are "social media marketers" - consultancies, small firms, and big agencies - that work with brands to develop "authentic" voices in order to reach lots of Facebook users through the News Feed.
  • And there are individuals - authors, musicians, and the like - who use the Facebook News Feed to promote their work.
For all these people, Facebook's December change made it so that when they posted to Facebook through their fan pages, a shockingly small amount of their "fans" actually saw their post.
Cookbook author Stephanie Stiavetti said that when she posts now, only 100 or so her 8,000 fans see her updates.
A week or so after Facebook made its changes, one social media marketing agency, Ignite, analyzed 689 posts from 21 brand pages. Ignite found that in just one week, the number of people who saw posts from those brands declined by 44% on average, "with some pages seeing declines as high as 88%."
A source from one retailer told us that her company's "reach" on Facebook declined 40% to 50% after the change. Another source from a different online retailer said that since Facebook's change, her company's posts are getting seen by an 80% smaller audience.
For these people, Facebook's small December tweak was a doozy.
But speaking with several of those effected by it, something else became clear. The December algorithm change was only the latest in a series that has made it harder for all these people to reach their customers, for free, through Facebook.
Obviously, Facebook is - and has been, for years now - trying to change the way these businesses and individuals think about using the News Feed.
But what is it trying to say?
To find out what message Facebook is trying to get across, I spoke to a source familiar with Facebook's News Feed plans, who, on the condition of anonymity, gave me a very candid explanation.
Here is what I learned from that conversation:
  • Two years ago, no one really got their news from Facebook. Now, they do. Every publisher on the planet is from CNN to Buzzfeed to the New York Times are producing content they hope readers will find and share through the Facebook News Feed.
  • So now there's just a lot more content going into the News Feed and it all competes. Facebook's struggle is figuring out how to get the right stories to the top.
  • Facebook's guiding principle is that the News Feed should be full of stuff Facebook users want to see.
  • Facebook has changed its mind about brands. It has decided that users do not really want to see a News Feed full of updates from brands - Tide, Dove, Pampers, Nyquil, etc.
  • If you run a brand and News Feed is a main marketing channel for you, then you need to buy guaranteed reach from Facebook: ads.

  • Many brand managers, online store owners, and individuals trying to market themselves have always been plagued by a misperception - that the number of fans you have is the number of people who will see what you right. This has probably never been true. Get it out of your head.

  • Facebook could make it so the News Feed scrolls faster, therefore making sure more content gets to flow through the channel and increasing reach (if not engagement) for everyone. Facebook is not going to to do this. Internal data shows that when Facebook speeds up the News Feed, user engagement with it goes down.

  • Facebook believes random stuff in the News Feed sucks.

  • Facebook has decided it is better to show old "important" news instead of the latest update. For example, news that a friend had a baby, even if the news was posted two days ago, will get priority over any brand's update if you haven't seen it yet.

  • Facebook is aware that there is a cottage industry built around helping brands reach fans for free through the News Feed. Facebook's view is that these people were arbitraging its system, and it's not going to allow that anymore. It expects consolidation similar to what happened in the search engine optimization industry.

  • People like the cook book author, Stephanie Stiavetti, have to deal with a new reality. They were once the only professional publishers on Facebook. Now, huge publishers that spend millions of dollars on content production are her competitors News Feed real estate. Stiavetti's recipes and photos are competing with clips from Top Chef, and losing.
Enhanced by Zemanta

Tuesday, February 18, 2014

Photos Become Ads With New Technology

Online publishers have been doing a lot of soul-searching lately about how to give their advertising revenue a shot of adrenaline without upsetting their readers. Native advertising, in which stories commissioned by sponsors are dressed up to resemble editorial material, is one of the most widely discussed efforts by publishers (including efforts at The New York Times).

A new technology starting to catch the attention of publishers, especially outside the United States, could further feed the debate over native advertising by turning any visual element on a web page, including editorial photographs and videos, into advertisements.

The technology from a Finnish start-up called Kiosked works like this: publishers who want to earn revenue from photographs and videos on their sites place a snippet of code from Kiosked on their pages. When a reader visits the page, Kiosked does a split-second scan of the written material that accompanies a photo on the page — perhaps a news story or a product review. It then presents a selection of one or more relevant products or services the reader can buy online, overlaying the items on a strip that hovers above the photo.

Kiosked says the publishers using its technology, which it released last fall, include The Telegraph, the British newspaper; IDG, the publisher of technology magazines and Web sites; and a variety of fashion, technology and sports publications in Europe, including Rugby Week and T3.

In a telephone interview, Micke Paqvalén, the founder and chief executive of Kiosked, said the company’s technology “engages consumers in content” rather than acting like pushy, intrusive advertisements.

“We want to be viewed as a service, not as an advertisement,” Mr. Paqvalén said. “We are always looking at it from a consumer point of view, and consumers are extremely conscious. They will respond if it becomes overcommercialized.”

The big question with native advertising is whether readers realize they are seeing an advertisement to begin with (publishers like The Times give readers various visual cues to denote sponsored content). With Kiosked, advertisements and editorial content are not merely adjacent — one rests on top of the other. And the ads are harnessing images, the most visually arresting element of a Web page, where ads have not typically intruded before (other advertising technologies let people provide hyperlinks to products from words in articles).

The advertisements on photos seem less jarring in some instances than others. On device review sites and fashion magazines, the line between editorial and advertising photographs has long been a little fuzzy. Readers are there, after all, for articles that help them figure out what to buy.

On a a review on PC Advisor of the Xbox One, for instance, Kiosked’s shopping widget pops up over a photograph of the game console, with links to buy Call of Duty and other games from an online retailer,

An article on animal print clothing on a Dutch fashion Web site, Fashionista, has links to related merchandise that appear over a picture of a model with a rooster T-shirt.

Other examples feel a bit more intrusive. An image on a Rugby Week story about a recent British match, for example, has links to buy jerseys, leggings and other sports equipment. A photo of James Cracknell, an Olympic rower and endurance athlete, that ran with a question-and-answer column in 
The Telegraph is festooned with links to buy hiking boots, a Nike FuelBand and sunscreen.

Publishers that use Kiosked can decide what types of visual content will and won’t have the shopping links, banishing them from photographs of, say, suffering in Syria and other images where the tone is especially incompatible with commerce.

Publishers get access to a battery of analytical tools so they can see which images get people shopping the most. And since they collect revenue from successful purchases, it is easy to see how tempting it will be for publishers to make editorial decisions about photographs based on such considerations.

To Mr. Paqvalén, publishers should be able to get a piece of the action since their editorial material is, in many cases, already helping people make purchases on web stores.

“In the world we’re in today, the publisher is creating impulses, and e-commerce merchants are capturing the value of these impulses,” he said. With Kiosked, he said, publishers themselves “become the web shops of the future.”

Enhanced by Zemanta

Dear Asus router user: You’ve been pwned, thanks to easily exploited flaw

An Ars reader by the name of Jerry got a nasty surprise as he was browsing the contents of his external hard drive over the weekend—a mysterious text file warning him that he had been hacked thanks to a critical vulnerability in the Asus router he used to access the drive from various locations on his local network.

"This is an automated message being sent out to everyone effected [sic]," the message, uploaded to his device without any login credentials, read. "Your Asus router (and your documents) can be accessed by anyone in the world with an Internet connection. You need to protect yourself and learn more by reading the following news article:"

It's likely that Jerry wasn't the only person to find the alarming message had been uploaded to a hard drive presumed to be off-limits to outsiders. Two weeks ago, a group posted almost 13,000 IP addresses its members said hosted similarly vulnerable Asus routers. They also published a torrent link containing more than 10,000 complete or partial lists of files stored on the Asus-connected hard drives.

The guerilla-style hacking disclosure comes eight months after a security researcher publicly disclosed the underlying vulnerability that exposed the hard drives of Jerry and so many other Asus router users. The June 22 report found the "ability to traverse to any external storage plugged in through the USB ports on the back of the router," but researcher Kyle Lovett said he went public only after privately contacting Asus representatives two weeks earlier and getting a response that the reported behavior "was not an issue." In July, Lovett published a second disclosure that offered additional technical details.

"The vulnerability is that on many, if not on almost all N66U units that have enabled https Web service access via the AiCloud feature, [they] are vulnerable to un-authenticated directory traversal and full sensitive file disclosure," Lovett wrote in his earlier dispatch. "Any of the AiCloud options 'Cloud Disk,' 'Smart Access,' and 'Smart Sync' (need another verification on this one) appear to enable this vulnerability."

According to Lovett, the weakness affects a variety of Asus router models, including the RT-AC66R, RT-AC66U, RT-N66R, RT-N66U, RT-AC56U, RT-N56R, RT-N56U, RT-N14U, RT-N16, and RT-N16R. Asus reportedly patched the vulnerabilities late last week, but as Jerry's experience demonstrates, it has yet to be installed on some vulnerable routers.

"Needless to say, I am pissed," he wrote in a message to Ars. He went on to say that he thought his device was secure because he hadn't enabled any services that explicitly made hard drive contents available over the Internet. "It was my belief that I had all of these options turned off," he said. "I definitely have never used AICloud or had it enabled. In fact, the only thing I've ever enabled myself is the Samba share. However, the Asus menu is very unclear about what is being shared and with whom."
He's not the only one to face the rude discovery that contents of his Asus-attached hard drive have been available to anyone with some rudimentary knowledge and a standard Internet connection. Earlier this month, a Harvard Law School blogger was shocked to find that he was also caught with his digital pants down after hooking a "giant USB drive" to his RT model Asus router.
"Out of curiosity, I entered 'ftp://[my external ip address]' into my browser and sat wide eyed when I saw the contents of my media server show up," the blogger wrote. "I reasoned it must be because I’m already inside the network (which doesn’t even make sense really), but panic was starting to set in. So I pulled out my phone and turned off the Wi-Fi connection and tried it there. Now I was worried."
The exploits against the Asus router coincide with the discovery of a round of attacks that infect Linksys routers with self-replicating malware. The Linksys exploits don't expose any user data, and infected machines can be restored to their normal state by being rebooted. The in-the-wild exploits against both Asus and Linksys devices come two weeks after researchers in Poland reported an ongoing attack that stole online banking credentials in part by modifying home routers' DNS settings. Taken together, the attacks are a sign that routers and other Internet-connected devices are being subject to the same in-the-wild attacks that have plagued PCs—and in some cases Macs—for years. Readers are advised to lock down their routers by installing any available firmware updates, changing any default passwords, and ensuring that remote administration, Cloud, and FTP options are set to off if they're not needed.
Enhanced by Zemanta

Reporting From the Web’s Underbelly

Brian Krebs has good laptop stickers
Brian Krebs has good laptop stickers (Photo credit: quinnums)

In the last year, Eastern European cybercriminals have stolen Brian Krebs’s identity a half dozen times, brought down his website, included his name and some unpleasant epithets in their malware code, sent fecal matter and heroin to his doorstep, and called a SWAT team to his home just as his mother was arriving for dinner.

“I can’t imagine what my neighbors think of me,” he said dryly.

Mr. Krebs, 41, tries to write pieces that cannot be found elsewhere. His widely read cybersecurity blog, Krebs on Security, covers a particularly dark corner of the Internet: profit-seeking cybercriminals, many based in Eastern Europe, who make billions off pharmaceutical sales, malware, spam, frauds and heists like the recent ones that Mr. Krebs was first to uncover at Adobe, Target and Neiman Marcus.

He covers this niche with much the same tenacity of his subjects, earning him their respect and occasional ire.

Mr. Krebs — a former reporter at The Washington Post who taught himself to read Russian while jogging on his treadmill and who blogs with a 12-gauge shotgun by his side — is so entrenched in the digital underground that he is on a first-name basis with some of Russia’s major cybercriminals.

 Many call him regularly, leak him documents about their rivals, and try to bribe and threaten him to keep their names and dealings off his blog.

His clean-cut looks and plain-speaking demeanor seem more appropriate for a real-estate broker than a man who spends most of his waking hours studying the Internet’s underbelly. But few have done more to shed light on the digital underground than Mr. Krebs.

His obsession with hackers kicked in when he was just another victim. In 2001, a computer worm — a malicious software program that can spread quickly — locked him out of his home computer. “It felt like someone had broken into my home,” Mr. Krebs recalled in an interview. He started looking into it. And he kept looking, learning about spam, computer worms and the underground industry behind it.

Eventually, his anger and curiosity turned into a full-time beat at The Post and then on his own blog.

“I realized that if security breaks down, the technology breaks down,” Mr. Krebs said.

Today, he maintains extensive files on criminal syndicates and their tools. Some security experts readily acknowledge that he knows more about Russia’s digital underground than they do.

“I would put him up against the best threat intelligence analyst,” said Rodney Joffe, senior vice president at Neustar, an Internet infrastructure firm. “Many of us in the industry go to him to help us understand what the Eastern European criminals are doing, how they work with each other and who is doing what to whom.”

That proved the case in December when Mr. Krebs uncovered what could be the biggest known Internet credit-card heist. That month, he had been poking around private, underground forums where criminals were bragging about a fresh haul of credit and debit cards.

Soon after, one of Mr. Krebs’s banking sources called to report a high number of fraudulent purchases and asked whether Mr. Krebs could pinpoint where they were coming from. The source said that he had bought a large batch of stolen cards from an underground site and that they all appeared to have been used at Target.

Mr. Krebs checked with a source at a second bank that had also been dealing with a spike in fraud. 

Together, they visited one forum and bought a batch of stolen cards. Again, the cards appeared to have one thing in common: They had been used at Target from late November to mid-December.

On the morning of Dec. 18, Mr. Krebs called Target. The company’s spokeswoman did not return his call until several hours later, but by then he had enough to run his article: Criminals had breached the registers in Target’s stores and had made off with tens of millions of payment card numbers.

In the following weeks, Mr. Krebs discovered breaches at Neiman Marcus; Michaels, the arts and crafts retailer; and White Lodging, which manages franchises for major hotel chains like Hilton, Marriott and Starwood Hotels.

It is still unclear whether the attacks were related, but at least 10 other retailers may have been hit by the same hackers that hit Target and are reluctant to acknowledge it.

That is where Mr. Krebs comes in. Unlike physical crime — a bank robbery, for example, quickly becomes public — online thefts are hushed up by companies that worry the disclosure will inflict more damage than the theft, allowing hackers to raid multiple companies before consumers hear about it.

“There’s a lot going on in this industry that impedes the flow of information,” Mr. Krebs said. “And there’s a lot of money to be made in having intelligence and information about what’s going on in the underworld. It’s big business but most people don’t want to pay for it, which explains why they come to someone like me.”

Mr. Krebs is “doing the security industry an enormous favor by disseminating real-time threat information,” said Barmak Meftah, chief executive of AlienVault, a threat-detection service. “We are only as strong as our information. Unless we are very specific and effective about exchanging threat data when one of us gets breached, we will always be a step behind the attackers.”
Launch media viewer
Brian Krebs, formerly of The Washington Post, now reports from his home in Annandale, Va. Daniel Rosenbaum for The New York Times
The tally of victims from the breaches at Target, Neiman Marcus and others now exceeds one-third of the United States population — a grim factoid that may offer Mr. Krebs a strange sense of career vindication.

He first developed an interest in computers because his father, an Air Force engineer, was obsessed with the latest devices. But he did little about it until 1998, when he began writing about technology for The Post, after working his way up from the mailroom. Cybersecurity became a bit of a focus after his own computer was infected by that worm in 2001. “I learned there’s this whole underworld that seemed really fascinating,” he said.

In 2005, he started The Post’s Security Fix blog, occasionally frustrating editors with hacker jargon and unnerving some who worried he was becoming too close to sources.

“A lot of what Brian does would scare the hell out of traditional newsroom editors,” said Russ Walker, Mr. Krebs’s former editor at The Post. “I don’t think he crossed the lines journalistically, but he was living a different type of experience.”

By 2006, Mr. Krebs was a fixture in hacker forums, learning code, and — ever the dutiful reporter — borrowing Russian language tapes from his local library since most of what he tracks originates in the former Soviet Union and its satellite states. (He acknowledges having used his technical prowess at one point to peek inside The Post’s payroll system to see how much colleagues were making, something he now strongly advises against.)

In 2009, The Post asked Mr. Krebs to broaden his focus to general technology news and policy. When he declined, he was let go.

He used his severance to start his own blog, Krebs on Security, from his “command center,” a guest room at the Annandale, Va., home he shares with his wife. There, three 19-inch computer screens help him keep tabs on the underworld, while another monitors security footage of his house.

Mr. Krebs’s readership is growing. In December, 850,000 readers visited his blog, mostly to learn more about the breach at Target. Though he will not disclose figures, Mr. Krebs says the salary he now makes from advertising, occasional speaking engagements and consulting work is a “nice bump” from what he earned at The Post.

But there are risks implicit to being a one-man operation. “The work that he’s done exposing Eastern European hackers has been seminal,” said Tom Kellermann, vice president for cybersecurity at Trend Micro, a computer security company. “But Brian needs a bodyguard.”

Russian criminals routinely feed Mr. Krebs information about their rivals that they obtained through hacks. After one such episode, he began receiving daily calls from a major Russian cybercriminal seeking his files back. Mr. Krebs is writing a book about the ordeal, called “Spam Nation,” to be published by Sourcebooks this year.

In the meantime, hackers have been competing in a dangerous game of one-upmanship to see who can pull the worst prank on Mr. Krebs. They often steal his identity. One opened a $20,000 credit line in his name. Admirers have made more than $1,000 in bogus PayPal donations to his blog using hacked accounts. Others have paid his cable bill for three years with stolen credit cards.

The antics can be dangerous. In March, as Mr. Krebs was preparing to have his mother over for dinner, he opened his front door to find a police SWAT team pointing semiautomatic guns in his direction. Only after his wife returned home from the grocery store to find him handcuffed did the police realize Mr. Krebs had been the victim of “swatting.” Someone had called the police and falsely reported a murder at their home.

Four months after that, someone sent packets of heroin to Mr. Krebs’s home, then spoofed a call from his neighbor to the police. But Mr. Krebs had already been tipped off to the prank. He was tracking the fraud in a private forum — where a criminal had posted the shipment’s tracking number — and had alerted the local police and the F.B.I.

Mr. Joffe worries Mr. Krebs’s enemies could do far worse. “I don’t understand why he hasn’t moved to a new, undisclosed address,” he said.

Mr. Krebs said he did plan to move and keep his new address secret. But these days it is almost impossible.

Though he goes to great lengths to protect his personal information, last month his wife received an email from Target informing her that their mailing address and other personal information had been stolen in the breach.

“I got that letter,” he said, “and I just had to laugh.”
Enhanced by Zemanta

wibiya widget

Disqus for Surut Shah

Web Analytics