Facebook and spam: a race to the bottom

Facebook’s so-called crackdown on MyQuestions, FunWall, SuperWall (3 of the top 10 largest apps) has sent a clear message to application developers: spam away, you won’t be punished! This is best expressed in today’s TechCrunch story by Michael Arrington:

Facebook is still a young platform, and it’s good that they are taking steps to reduce abuse of the user base. But they don’t seem to be taking any remedial action against past abusers, meaning those applications get to keep the millions of users they’ve racked up using questionable practices.

Since application developers aren’t penalized for finding the weaknesses in the Facebook platform, expect them (and their venture dollars) to continue to focus on finding the next hole to exploit. If Facebook were to slap a few of the worst offenders on the wrist, perhaps others would lose the incentive to engage in bad behavior.

User comments on the TechCrunch post agree with the sentiment:

This [Facebook's crackdown] is a good call, but it has the perverse effect of helping the people who did this stuff in the first place. Slide and RockYou and Social Media have a huge benefit by being first to market and getting to spam away….now they use those networks to charge new apps for visibility. They will still be allowed to monetize their user base, while these new apps have to pay the incumbents for advertising rights. By locking out new apps from these techniques, Facebook has entrenched the power structure… Far from being able to rise up the app curve by just being good, we are going to see new apps have to cough up large fees to the triopoly that runs the apps business (RockYou, Slide, Social Media) to get themselves discovered.

The message from Facebook is clear: the best way for an app to succeed is to find a loophole in the Facebook technology or in the rules — or frankly just to break the rules! — and trick users into spreading your app unintentionally like a virus. We now have a clear precedent that Facebook will let you keep all the “users” that you can trick into adding your application no matter how flagrantly you abuse the rules.

Given what they’ve been allowed to get away with so far, I shudder to think what new tactics the Slide and RockYou apps are going to try next.

It is a sad day indeed for Platform. Facebook has spoken, and if their actions today are any indication, we can expect the platform to continue slipping into a spammy wasteland controlled by Slide and RockYou.

Over the past few weeks, the technique of fraudulent notifications has become standard across apps by Slide and RockYou: MyQuestions, FunWall, SuperWall, and others. (For example, “Sally wrote on your SuperWall” – both Slide’s FunWall and RockYou’s SuperWall have been sending messages like this on behalf of users, to all their friends, when no such action had occured.)

Lo and behold, as reported on TechCrunch today, Facebook Takes Action Against ‘Black Hat’ Apps. Specifically, Facebook published new rules that say that apps cannot send deceptive notifications on behalf of users. About time! But guess who the big winners are?

Over the last few weeks we have noticed several developers misleading our users into clicking on links, adding applications and taking actions. While the majority of developers are doing the right thing and playing by the rules, a few aren’t – and are creating spam as a result. Going forward, if you are deceptively notifying users or tricking them into taking actions that they wouldn’t have otherwise taken, we will start blocking these notifications. The bottom line is that if the notifications you send are the result of a genuine action by a Facebook user and that action is truthfully reported to the recipient so they can make an informed decision, you should have no problems.

Well, apparently nobody can engage in such behavior going forward. But guess who the winners are? Slide and RockYou. Not surprisingly, after a few weeks of insane spammage, Slide and RockYou’s apps now dominate the top 10 list. These two companies have been asked to stop this particular deceptive growth tactic, but they get to keep their massive audience! FB has done nothing to punish the offenders, and more importantly, nothing to deter them from exploiting new deceptive tactics next week.

Responses from other developers can be seen in the comments on TechCrunch:

Good thing they are stopping others from doing this……after Slide and RockYou got 20 million installs using these tactics. Seems fair, right?

Basically, this means they were able to spam to get to critical mass, but now everyone else will be blocked. It’s amazing to watch Facebook make stupid moves like this again and again. This just shows the lack of maturity over at Facebook.

Sure it’s good that FB has updated their API to help prevent spamminess, but they should really do more than simply slap these guys on the wrist. Make a freaking example out of these people. Delete all these applications from the FB network immediately without notice, and ban the companies from further development on FaceBook, permanently. What they have done will accomplish nothing to deter this type of behavior in the future.

Anything more like this and the application should be swiftly deleted.

I am glad they are doing something about it.. it is really discouraging to legitimate developers like me (Free Gifts) and the Graffiti guys and the majority of app developers. We don’t do any of that slimy spam crap and we maintain Top 10 positions, but companies like Slide don’t think twice about spamming their way ahead. I find it kind of ridiculous and a little strange that Facebook didn’t do anything about this within a day of My Questions getting nearly 25k users per hour…

If Facebook doesn’t crack down on it hard, it puts pressure on other developers to do it in order to stay competitive. If devs are going to work their butts off to create good apps, they don’t want their work eclipsed by someone willing to lower their standards of user-friendly interaction. If app spamminess continues, I fully blame Facebook, not the developers. I look at their close relationship with Slide as motive for being soft on crime.

Deleting applications by Slide & RU is a really interesting thought. Dont you think the 2 application providers have the ability to hold FB hostage now, especially Slide.

Does it not seem like a better idea to ban an app developer entirely who has violated the spirit of Facebook rather than to take measures to make certain features no longer possible to a developer who might use them for “white hat” purposes? For the Facebook team, this is a completely controllable environment for them. It seems lame to let a couple bad apples spoil the bunch.

Yeah, it is bullshit that Facebook does not punish the apps who use shady tactics. Instead, they just stop the ability for others to use the same tactic. This is unfair because RockYou, Slide and others have already reaped the benefits and now it is even harder for others to compete with them.

One of the f# %@&! things that pisses me off is that FB bans channels after Slide and RockYou abuse them, but don’t penalize Slide and RockYou for having done that.

Well, the spammy behavior of the My Questions application has made it to the mainstream consumer press! From the Newsweek cover story “Facebook Grows Up“:

David Rodnitzky, 35, a San Francisco marketing executive, was having a fine time on Facebook until he installed a widget called “My Questions.” Unbeknownst to him, it sent out a query to people on his friend list, specifically: “Do you kiss on the first date?” “Here I was, asking some of my company’s venture capitalists, along with some of my guy friends, if they kiss on the first date,” says Rodnitzky.

It begs the question, is this behavior that Facebook wants from apps?

Platforms like Windows or MacOS also have malicious software that spreads like this: they’re called viruses. On desktop platforms you need anti-virus tools because there’s no central way to identify, track, or stop viruses. But Facebook, on the other hand, has exactly those central capabilities. Why haven’t they just pulled the plug on this malicious app?  Hopefully they’re thinking about it, and with press coverage like this, they’ll act soon.

The all-time fastest-growing app on Facebook is the MyQuestions application by Slide, growing by a sheer 200,000 new users every day.

How is MyQuestions achieving such phenomenal growth? It’s simple. As soon as you add the MyQuestions app, Slide promptly (a) sends messages from you to all your friends, saying “John has asked you a question,” and (b) posts a completely fabricated question on your user profile, for friends to come answer. Your friends see the notification, “John has asked you a question”; they click innocently to see what you’re asking; and before they know it, MyQuestions had spammed all their friends, and so on.

Most users don’t even realize that their friends never asked these questions. Slide invented 20 or so questions to send on behalf of unsuspecting users. If you try the MyQuestions app you see absolutely nothing that explains to you that a question “from you” is being sent to your friends.

Users are beginning to figure this out, but only after Slide has spammed all their friends on their behalf. Take a look at the application review wall: 20 out of 20 posts are complaints by users who’ve been tricked into spamming their friends. It’s a clear signal of a broken platform that the fastest-growing application, growing 200,000 users a day, receives a completely unanimous response from its userbase. I have to imagine Facebook won’t let this app keep all the users it’s registering this way, although their policy (or lack thereof) so far hasn’t been very comforting.

Andreas Silva:
It’s really BAAAD that you suddenly get an email telling you someone has answered a question you never asked!!

Allix Harrison-D’Arcy:
Why does MyQuestions seemingly just ask an undeleteable question when you install it and broadcast it to all your friends? Isn’t it profoundly obnoxious? I believe this goes against the spirit of facebook apps – I’m removing, blocking and reporting this app.

Lizel Adendorff:
I had the same problem. i’m trying to get rid of the app but it’s still sending questions on my behalf and it still says people asked me questions…this sucks. stop the app….

Click here to read more reactions from the 200,000 users per day who were exposed to this virus. Here is a nice screenshot of a sampling of user complaints.

RockYou has found a new gold mine for viral user growth: completely fabricating user actions.

The basic concept: Joe adds an app; the app sends messages to Joe’s friends on his behalf, with a catchy call to action that Joe didn’t actually have anything to do with.

This is being thinly veiled with the user’s implied “consent”. If you try using the RockYou Music Videos app, when prompted to invite friends, you probably wouldn’t even know that the invitations you’re about to send include randomly-chosen music videos that you’re apparently sending to your friends. (As a user you can’t pick what music video to send all your friends. You only choose who to invite, and RockYou selects a music video to send your friends, and the only way you’d even know this was happening is buried on the subsequent confirmation screen.) I’m sure most users don’t notice the circled text, they just hit “Send it”, and the recipient is likely to accept the invite.

It’s against the rules to use a friend’s photo as the associated image for an application “request” or “invitation”. Why? Facebook doesn’t say, but I can only assume it’s so that recipients would not confuse these invites/requests with Facebook’s own native features (invitations for friendship, events, groups).

Slide has figured out how to easily skirt this rule. With the rise of Top Friends, it’s become clear that adding “friend request” to any application invitation will automatically increase the likelihood that the recipient will “Accept”. Slide has taken this one step further: they’ve built a proxy for Facebook’s user photos, so Slide’s app requests now further confuse the recipient by making all app invites look more like ordinary friend requests.

While Facebook prevented urls to Facebook’s user-pictures to be used as the image for an application invite/request, they had no way of preventing a proxy-server (hosted by Slide) from doing the same thing.

Although Facebook’s rules clearly suggest that an app shouldn’t disguise their invitation/request as a friend request, Slide’s proxy-server trick (and their app name) does exactly that. Clever!