Friday, November 02, 2007

Open social insecurity

Everyone is praising google's open social initiative. So let me do the opposite and try to put together a few weak points:
  • Open social apps already have been hacked.
  • Open social is not really open yet, only the client API has been published so far. It allows to put iframe apps with Javascript based business logic (or should I say "social logic") into open social containers such as orkut. Currently you have to join the waiting list, to get notified when the server API specification gets published.
Dave Winer goes even a step further and criticizes the motivation behind open social:
Standards devised by one tech company whose main purpose is to undermine another tech company, usually don't work. Permalink to this paragraph

In this case it's Google trying to undermine Facebook. Permalink to this paragraph

And I don't think it's going to work. Permalink to this paragraph

Time will tell ...

[Update:] Just after posting, I found more critique thoughts, by Julien Bond:

As a geek it pisses me off because there's absolutely no accountability or transparency in how those standards are developed. It's every bit as bad as MS trying to force the Word XML standard through the standards bodies. Google is something of a black box. There's no way to influence them. Stuff appears out of the black box fully formed.

And here a detailed article about, exploiting open social XSS vulnerabilities on ning.

1 comment:

pepperstix said...

Wow! Makes one really think twice about the whole concept.