Mike On Ads

Just placed an order on Seamlessweb and received this nice warning after placing the order:

OOPS! Seems Yahoo forgot to renew it’s security certificates. Do you have a process in place to secure to ensure your domain names and associated security certificates are always up to date? How about 3rd party monitoring of your service? Now this little warning is a nuisance compared to what happened to perl.com when a domain that was used for serving on the site was registered by a hacker.

No, this isn’t another “OMG, the facebook API IS AWESOME” post. I mean, it is, it’s pretty damn cool, I’ve played with it a bit this month. The real revolution with the facebook API are the server-side requests.

Traditionally widgets & plugins interfaced with social networks by placing snippets of HTML on profile pages. In the Facebook world no content can show up on a user’s profile without passing through Facebook’s servers first. Even your actual application pages must either be within an IFRAME or pass through Facebook. This process provides Facebook with an extraordinary level of control over what can and cannot be displayed on a user’s page. FB can perform a virus scan on all content and analyze any scripts for vulnerabilities or exploits. By directly serving content Facebook also eliminates cookie access — making it far more difficult to track or distribute data about their users.

Yet, the approach has it’s limitations for application developers. I tried briefly to build a “stalker tracker” application which using cookies would tell the user how many people regularly checkout their profile page. No matter what I tried, I couldn’t get access to the cookie without somehow initiating a click — rendering my application completely useless.

Why should you care? Well — advertising isn’t that much different from a traditional social networking widget — both are delivered via a snippet of HTML. Online ads have also been plagued by security issues this past year and I wouldn’t be surprised if the bigger players (Myspace, Yahoo, MSN, etc.) start to ask for server-side ad-requests soon. Server-side requests are the only way that a seller can technically guarantee the safety of third-party ads. Of course this will open up a world of technical challenges — server-side cookies storage, strict global latency requirements and a need for increased capacity to only name a few.