Ma.gnolia Blog

OAuth Update: Discovery Support is Here

2008-04-08T19:52:44-07:00

For our more technically-minded readers, we have an update on the progress being made with OAuth, and about OAuth support in Ma.gnolia.

Eran Hammer-Lahav announced yesterday the Draft 2 status of the OAuth Discovery spec, and the news that support had already gone live in FireEagle, Get Satisfaction and of course, Ma.gnolia.

What’s the big idea? Eran summarizes OAuth Discovery as

...where a resource protected by OAuth points to a machine readable document containing the configuration needed to access the resource. With that idea in mind, OAuth Discovery has been revised to fit into the general resource discovery flow, where the OAuth configuration is but one of potentially many other attributes associated with the resource.

This is a step in a longer vision:

As soon as we have a wide range of discoverable resources, we can make the case for built-in browser support for OAuth and discovery, enabling developers to implement a single protocol for all their access control needs, regardless if it is being used by an API developer or an end user visiting a site with a browser.

On Our New Front Doors

2008-04-03T15:11:29-07:00

Last week I tweeted a couple of times about a big little change we made with Ma.gnolia about how we accept new registrations. Turns out quite a few people around the Internet noticed. One of the running themes among all of this is that we were using OpenID to minimize spam.

Let me say this as clearly as I can: requiring externally-verified accounts – either OpenID or Facebook – is not about using these technologies as anti-spam tools.

Because of OpenID’s freshness, and because of the way social bookmark spam works, it has significantly reduced the amount of spammers using Ma.gnolia for the time being. We knew this would happen, and it certainly influenced our decision making process.

But, how much is significant? Spam bookmark creation has dropped by 68%, and the creation of new spam accounts has dropped by 63%. This difference has tipped the scales so that legitimate bookmark and account creation by real people now outweighs spam created by bots. Hooray!

Still, why did we ultimately make this change to our registration process, especially considering that it could reduce desirable registrations by scaring off new, legitimate members? Simple: because we believe that the direction of the social web is towards an unofficial, loosely joined distributed social network.

We envision Ma.gnolia as one component of that network, and removing ourselves from the identity silo game allows us to focus on what we do best, helping people share and get more out of all of the great stuff they find on the web.

The most interesting result for me, in looking at the results of this move, was seeing how much our legitimate new users registration would suffer. At first, we actually saw an increase in registrations, which I would attribute to the attention we drew.

And, now, looking at the numbers a little further down the road, our overall legitimate remain at a strong 89% of what they were prior. While I would have loved to welcome all good souls to Ma.gnolia, I think that the continued strength of our new signup numbers speaks to the actual, ongoing success of OpenID.

Little Pictures on the Web Site

2008-03-05T13:29:19-08:00

A few sharp eyes have noticed something new about Ma.gnolia over the past month: a change in the source of our thumbnail screen shots that are found on bookmark detail pages, RSS and Atom feeds, daily blog postings, and through our API.

Where are these images now coming from? A new service we’re publicly launching today called thmbnl.

Thmbnl won’t revolutionize the internets, feed your pets, or teach your children the classics. It does one thing, and that one thing we hope it does well: capture and present accurate screen shots of web pages. We originally developed thmbnl for our in-sourced use only, but soon realized that plenty of other people might want to use the images we’re capturing and decided to open it up as a public service. Given it’s limited scope and applicability, there is a bunch of nifty, geeky stuff going on behind the scenes, which are explored in detail by Todd on his blog. Be sure to check out his post, and even subscribe to keep up with the whole Ma.gnolia family.

What does this mean for Ma.gnolia users? More accurate and up to date images, as well as some new tricks in the works now that we have a variety of sizes to work with. Are there any other places or ways you’d like to see site thumbnails appear on Ma.gnolia? Let us know, we’re sure that we haven’t thought about all of the possibilities.

Is it Two Already?

2008-02-15T11:53:29-08:00

Well, here we are in the middle of February and we find ourselves at another milestone: today marks 2 years of Ma.gnolia on the web! Like all anniversaries, it’s a good time to look back and take stock of how far we’ve come, and where we’re heading.

First thing’s first: we have to send out a big thanks to all our members, whether you’ve been with us from the start or you just arrived today. We want you to know that we appreciate your presence here and the contributions you make, however big or small.

Rather than recount all the little things we worked on over the past year, let’s look at some of the major projects that we took on, and how those have taken us down a somewhat different path than we expected.

Give Thanks

The first is a feature that we launched on Ma.gnolia’s birthday last year: Give Thanks. This idea, which is quite simple, and enormously common in our regular person-to-person actions, is almost completely absent in social software. We started with this feature on the site itself, then soon added it to the RSS feeds so that people reading there could participate without having to visit the site just to say thanks.

There are lots of things on the web that look like Thanks, like Props, +1s, Thumbs Up, and so on, but they seemed to create their own little economies that never quite capture the feeling we get from a simple expression of gratitude. As a person-to-person feature, Give Thanks has been noted by many bloggers and presenters looking to educate audiences on making applications more humane and geared for creating positive social experiences.

How does Give Thanks do in the community? It’s not a runaway, click-a-second feature, but its use is very steady, telling us that people make those clicks thoughtfully. When you get a Thanks from someone, it means something, and being able to create that experience is something we’re very proud of.

Facebook

Shortly into Year 2, we were asked to participate in the launch of the Facebook application platform with our own entry, which incidentally has nothing to do with vampires, zombies or inviting the known universe.

This project gave us a chance to think about Ma.gnolia’s features projecting into other environments, and challenged our assumptions about what can be done outside of the regular website and RSS model. As we worked on creating the authorization flow for the Facebook application, we realized that we could simplify the sign-in process for Ma.gnolia with that integration.

And behold, on the sign-in page, Ma.gnolia members could sign in with their Facebook accounts. The magic part is that, as with OpenID, Ma.gnolia never sees your Facebook password, making it safe and just a bit easier on members who don’t really need to remember yet another password. That kind of magic got us excited, and it turned out to be just the beginning.

OAuth

Through Year 2 we noticed a real growth in OpenID use at Ma.gnolia, and while a success in itself, that growth also created an issue for us: how were we going to make exisitng integrated applications, such as our Ma.rker Dashboard widget, accept OpenID. Our friends at Twitter were facing the same problem, and before long we were neck-deep with a crew of experts in web apps and online security.

The result is the OAuth spec, which enables web users to authorize a desktop, mobile or web application’s access your data stored on another site, without having to give the application your password to the remote data.

Not only are we proud to have worked on the spec with the team that put it together, but we’re especially proud to have been the first web service to implement OAuth, marking the release of version 2 of our API. As proud as we are, we realize that OAuth has commanded a great deal of attention and effort from our small team, taking away from some of the features we expected to be developing this year.

That tradeoff made Ma.gnolia much more of an R&D space than a web business. It’s geeky, it’s very much in the plumbing, and we know it’s not of interest to everyone. But we think it’s enormously important for the future of the web, where more applications will be talking to each other and doing things on our behalf. In that near-future world, we’ll all be better off not having our passwords stored on any number of sites, just waiting for an accident or theft. However far off our planned course we’ve wandered in the work on OAuth, we’re all ending up in a better place.

Ma.gnolia Mobile

The final major feature to look back on is also about the future. With the release of the iPhone, the game for mobile web use has changed. Without missing a beat, and without leaving out exisitng mobile devices, Ma.gnolia went mobile with a special part of the site optimized for use not only with a small screen, but for the scenarios where we need links on the go.

Ma.gnolia Mobile has been very well received, and, of course, looks great on an iPhone or older generation device. Once you go mobile, there’s not much going back, and as we go into Year 3 a major challenge will be to find ways of extending what makes Ma.gnolia special into all the places where it can help make life a little easier.

Be Social

Looking back, it’s a short list of big advances, both in Ma.gnolia and at the edges of the emerging social web. Speaking of social and the web, we definitely need to give a wave to all the people we’ve come to know in the past year. From members to fellow Web 2.0 developers to people who haven’t even heard of us but are curious, we’ve greeted more friendly faces and had more good conversations than we can count.

That’s our year in review. The investments in the less visible, technical aspects strengthens our foundation for growth and more contributions to a more open and interoperable web that supports us as we move through life. Raise a cheer with us in celebration, and here’s to the start of Year 3!

More Message Control

2008-02-06T14:45:56-08:00

Continuing with the theme of the week, I’ve been receiving a number of emails from members complaining about about Ma.gnolia messages they’ve been getting from spammers.

One of our goals in building and designing Ma.gnolia has been to make it easy for our members to connect and communicate. But, as we’ve grown and become more widely known, a small, but highly-impactful, number of people selfishly view Ma.gnolia and other social bookmarking sites a promotional tool they can exploit by any means they wish. And, one of those means has been member-to-member messaging.

Up until now, you have been able to send a message, bookmark recommendation, or group invitation to any member on the site. But, starting today, we have offer a new option that gives you control over whether other members can communicate with you.

Taking a cue from Twitter, rather than allowing anyone to send you a message, only people you add as a contact can send you a message unless you opt-in to allow anyone to send you message. This new option is on the Preferences pane of Your Profile.

Those you don’t count as a contact will still be able to give you thanks and count you as a contact. And, as always, you can choose whether you receive email notices for these actions on the same Preferences pane.

We hope this change helps balance the ability to connect and communicate with protecting you from unwanted messaging. Of course, we value any feedback or suggestions you might have about this feature in particular or messaging in Ma.gnolia in general.

A Dirty Shame

2008-01-31T23:19:13-08:00

This week Andy Baio uncovered how one unscrupulous link spammer was filling his account with Timesonline.co.uk bookmarks, shining a little spotlight on the world of link spamming, SEO, and SMO.

Today, he followed up with a post gathering reactions from those of us running some of the sites on which this user had created accounts. There’s some great stuff in there, though I feel that I came across somewhat less eloquent than my colleagues. Guess that’s what happens when you’re interviewed via IM.

One of the things I’d mentioned was that spamming ”... costs us real money in time and resources.” To understand what I mean by this, I thought it would help to illustrate some of the different kinds of promotion we encounter as well as some statistics on service usage.

An Illustrated Guide

To illustrate what we see as link spam, I created a set on Flickr covering some of the major categories we see. This is not cute, “here’s my blog” type self-promotion. I’m sure for many of us, the first social bookmark we created was of our blog. In the world of real spam, there are infinite variations, but most of it falls into these major categories:

One Site, Many Accounts: This spammer has one site or one page they are trying to promote, so they just create a bunch of accounts and link to the same place in all of them.

Too Legit to Quit: This spammer will add one bookmark to a legitimate source of information to try and cover the Squidoo lens or illegal pharmacy bookmarks they’ve created.

Tagsploitation!: This spammer read somewhere that the more tags means their site will be seen more, so they bookmark one site with as many tags as they can think of. I’ve seen bookmarks with at least a hundred tags.

Joe Seo: This is someone who bought a make money at home book which told them to develop several niche sites which run AdWords and then drive traffic to them through social bookmarking. They’re getting rich in their sleep.

You Can’t Fool Me: This person has a cool avatar and some profile information filled out, but a remarkable interest for dating sites, forex strategies, vacation homes, or mortgage refinancing.

Had Enough Yet?: Just as many bookmarks as they can possibly load up. Probably made use of our import facility.

The Numbers

This comes back to my quote about spammers having an actual cost to us. Though link spammers can take many forms, how much of Ma.gnolia do these users really account for. Quite a bit.

The thumbnail numbers of a sample of the past 3 months show that almost 80% of the actually-used new account created on Ma.gnolia were created by spammers. That means for every one real member that joined, about 4 spammers or their bots created an account.

Similarly, in the same 3 month period, more than twice as many spam bookmarks were created as legitimate bookmarks.

All of these account and spam bookmarks tax our database, server infrastructure, storage, bandwidth and contribute to equipment and maintenance costs. That represents time and money that could be spent on our members who sincerely want to share with one another and build communities.

But, Why?

Why is link spam so prevalent? There are two reasons: it’s easy to create and spammers believe it will bring them money.

Making It Easy To Get In

Some link spammers spam the old fashioned way, they actually create accounts and add bookmarks. Some of these people may speed this process by importing a file full of bookmarks. But the real drivers of link spam are APIs and SMO.

The brave new world of APIs has made it easier than ever to add as many bookmarks as you want, as fast as you want. Some enterprising souls, even more unscrupulous than spammers, have built tools which automate the process of creating accounts and filling them with bookmark via the de-facto standard de.licio.us compatible API.

With one of these multi-posting, multi-submit tools, one person can generate accounts and bookmarks without ever having to even view Ma.gnolia or any of their other intended targets. Of course, these tools only sell for a low, low price of $99.95.

Finally, and actually depressing for me to think about, is outsourced SMO (Social Media Optimization). Yep, believe it or not, you can pay people in foreign countries pennies to create accounts and bookmark your site, bringing the cost and traceability of your link spamming down to almost nothing. Perhaps even less than buying one of the above mentioned multi-submit tools.

Show Me The Money. Not!

Even as easy as it is to spam social bookmarking sites, it wouldn’t be worth it if it only meant that people would see those bookmarks on in-site searches.

What’s really driving link spam is the (usually) mistaken belief that these bookmarks create valuable back links which will raise their sites Google PageRank pushing them up in search results. The real prize is visibility on Google, Google == Money, not in the social bookmarking world.

But, the page rank boost is just a cargo-cultish myth from a time before rel-nofollow. Most responsible web sites now stick a piece of code in their links, “rel=’nofollow’”, which lets search engines know that an outbound link isn’t to be trusted and shouldn’t be given “credit”.

Even more ironic, or not, is that many spam bookmarks point to spam blogs which are trying to make money from Google AdWords from traffic peeled off of traffic from Google search, which is where they’re trying to boost their rankings. At least someone is making money here.

And In The End…

What does it all mean? I’m not sure. I’ve been meaning to write this post on link spam for over a year, and Andy finally motivated me to sit down and make it happen.

Perhaps I’ve been putting it off because I don’t have any grand answers or conclusions. No solution to save Ma.gnolia or the web from link spam.

What we do have is at least a better idea of what link spam is, where it comes from, and the kind of impact it has one services like Ma.gnolia. So…

Anyone? Ferris? Anyone?

Extra, Extra!

2008-01-28T15:26:33-08:00

We’re getting ready to send out the latest Ma.gnolia newsletter, and thought we could do something different from the usual cross-posting that we do to the blog for those who don’t receive the monthly email from us.

We also wanted a way to make past newsletters available for new members to learn about features, tips, and how Ma.gnolia has changed over time. The solution is the Vault of Newsletters Past, which you can now visit to find recent newsletters whether or not you receive them by email.

So, starting today, instead of posting the newsletter to the blog, we’ll just post a note to the here and on Twitter to let you know about each new edition added to the Vault.

Transition

2008-01-23T13:27:20-08:00

We’re only a month into 2008, but already the theme of the year, from politics to personal, has been change. Next month, we’ll be making a change at Ma.gnolia, as I wrap up my full-time work as Product Manager. While I’ll still be a member of the Ma.gnolia community and contributing in small ways, my working days will be spent bringing what I’ve learned here to new projects and people. I’m particularly looking forward to spending more working time with companies in Vancouver, where I live.

Working with Ma.gnolia has been, by far, the most fulfilling 3 years of my professional life so far. I reflect on the experience some more on my own blog, but one thing that can’t be repeated enough is how fortunate I’ve been to work with Larry and to get to know the Ma.gnolia community.

There’s no master list of lessons learned, but one thing that keeps coming to mind is how much more optimisim I have about the capacity of the web to bring out our more positive aspects. The amount of advice and good will we’ve received from people we’ve never met is heartening. I think the same is true for many a web service, and this behind-the-scenes fact doesn’t get enough mention when people talk about online interaction.

Together, we’ve done a lot with Ma.gnolia, and there’s much more to come. So even if you’re not hearing as much from me, personally, you can be sure that I’ll be watching from the wings.

Flowers on the Go

2008-01-11T17:27:33-08:00

As someone who travels often, perhaps too often, there are plenty of times that I found myself on an unfamiliar street and wishing I could find that one restaurant, shop, or museum I’d bookmarked months ago.

As you can imagine, or might know, the cell phone experience for Ma.gnolia has been less than ideal. That is until now, with the unveiling of M.gnolia!

Now you can get easy access to your bookmarks on the go, or even pass some time looking at what’s popular and what your friends and groups are marking.

You can get an idea of how it looks from our screen shots:

Or, better yet, just point your mobile to http://m.gnolia.com/.

A Solstice Podcast

2007-12-22T11:39:03-08:00

Tonight brings us the longest night of the year; and, if you’re yearning to curl up with a podcast, you’re in luck.

Yesterday Chris Messina and I posted our first podcast for the Citizen Garden, where we discuss the usual suspects: the social web, identity, community and our hopes and aspirations for the year to come.

Enjoy the podcast; but even more, enjoy the season and the coming new year.