{ Friday, February 23, 2007 }
MyBlogLog, Flickr's sister company at Yahoo, has gotten dinged for banning a community member who exploited a security hole, and then posted instructions of how to use the exploit to impersonate other MyBlogLog members, providing names of several members to use. A bit of a blogstorm has ensued, and man, I've been in the middle of a bunch of these, and boy do I sympathize.
Adding fuel to the fire is the fact that MyBlogLog had no Terms of Service posted to defend themselves when the member was banned, and even though they'd announced before this situation that one was on the way, it wasn't there yet. This is a large and ugly oversight for sure, and I think they have to take their lumps for that -- and for some sloppy programming, which they're scrambling to rectify. You've gotta own up, then shut up and fix it up. God knows we've issued a mea culpa or twelve.
But I defend their position on banning the exploit poster, Shoemoney. I think he crossed the line from white hat to black hat when posting the identities of several community members. I think banning was the right thing to do, even without a Terms of Service to cover their ass.
Impersonating someone online is a kind of identity theft, and on a site where you're leaving traces of yourself, a kind of digital "Kilroy was here", using the names and identities of other community members to make a point goes fairly powerfully against the intentions of their product. I remember the early days when we celebrated our ability to be anyone we wanted to be online (remember all those earnest 1996-era conversations with Jean Baudrillard and Allucquere Roseanne Stone?). 10 years later, after we've been through Kaycee Nicole, companies inventing "bloggers" to market their products, and kids lying about their ages and identities online, The Well's credo You Own Your Own Words and the importance of real identity online become more and more apparent. To side with one user who abetted the misuse of the identities of several users doesn't seem right. But my Inner Community Manager tells me that there are dozens of circumstances in which it would be fine for Shoemoney to be unbanned and brought back into the community. I've seen the most egregious trolls clean up their acts and play nice, and I don't think social software should have a death penalty. (No Rez for You My Friend!)
One further note: the lack of a TOS, security holes, bugs and so on -- in this rapid development environment where people code and launch and build things in concert with users in real time -- release early and often! a method I completely endorse! -- this kind of thing is going to happen a lot, so caveat emptor. In the early days at Flickr, we depended on the Kindness of Early Adopters to help us spot exploits, forgive ugly errors and oversights, and help us make the product better. Arrington also agreed with that in his comments. (Anyone know why he always posts at 4:20?)
LINK | 4:55 PM | TB
The truth is there are just TOO MUCH bugs and holes in MBL. The number is much higher than average. Launch something crappy but early - is a bad mistake.
BTW, "identities" of community members are publicly available.
Anatoly Lubarsky | February 24, 2007 10:33 AMVery thoughtful analysis and I think you have coined a great concept: "don't think social software should have a death penalty"
Please Caterina, spare us the I'm blindly on MyBlogLog's side because they made a pile of money from Yahoo as well speech, Jeremy DIDN'T exploit MyBlogLog, what he did was raise a number of VERY SERIOUS security issues for which he was then banned. Those security issues were not only there to be used, if you'd bother to check your facts MyBlogLog knew about these exploits for at least 1 month prior to all this, and failed to do ANYTHING to protect the very identities you're so quick to be pious about in this post. Jeremy has NO choice but to take this public given MyBlogLog hadn't cared about the issues to date. BlogLog shot the messenger. But it gets better, you see MyBlogLog has now apologized to Jeremy and reinstated his account, so for all your MyBlogLog did the right thing talk and I support them....they've changed their minds. Amazing what a little fact checking can do, I'm sure you'd agree!
Duncan | February 24, 2007 8:57 PMNah, you'll notice in the post, Eric explains that they banned them for the right reasons "We banned Shoemoney originally to keep him from updating his list of User IDs on Wednesday night, which I think was the right thing to do" -- and unbanned him after the exploit was fixed -- consistent with my "No Death Penalty In Social Software" position.
As for my "blindness" -- no, I still think they had to take their lumps for the bad code, the lack of TOS. Having been in the middle of dozens of these kinds of blogosphere flareups, they did the right thing -- banning when necessary, admitting their screwups, and reinstating the banned member.
And when someone does what you also seem to think is the right thing, gloating and pointing fingers and continuing to say they're wrong doesn't put you in a very elevated or righteous position.
{ Post a comment }
much as i'm a fan of MBL, seems like Eric & team may still have a good bit of work ahead of them to get the house in regular order. fortunately (for them), seems like there's a lot of overall goodwill out there to help them get by while they do so...
perhaps contrary to the TC post, i think it's rather surprising how much a generally-positive user community will let you slide on things they would normally beat up on a less-loved vendor or company.
same thing with Flickr & YouTube downtime error msgs... i think people cut you some slack if you show you're human and otherwise try your best. not always, but sometimes anyway.
>>(Anyone know why he always posts at 4:20?)
probably that's the only time he's not being inundated by email / im / phone calls ;)
dave mcclure | February 24, 2007 8:07 AM