By Joe Wilcox, Betanews
That's the question I started asking last night. But there is another. Would Microsoft's CEO accept me as friend? Or you?
Yesterday, Nick Eaton of Seattle PI's "The Microsoft Blog" pointed to what he believed to be "Steve Ballmer's real Facebook page." Welcome to Facebook, Steve, assuming that's really you. I've been on the service since 2006. Could I offer you some tips?
The page looks legit enough, but barren. At 3:10 p.m. yesterday, the someone claiming to be Steve Ballmer posted "What a day!" from Windows Phone. That has got to be the understatement of the year, considering Microsoft launched Windows Phone 7 and announced availability of nine supporting handsets (10, if counting another mobile coming next year). I could certainly see Windows Phone as being a means for Ballmer getting on Facebook, or even reason to create an account. The account only has 14 friends, which makes me wonder if it was a dummy account setup for the Windows Phone demonstration -- or if Ballmer has few friends.
Don't feel bad for Mr. Lonely Guy. If Microsoft's CEO has few Facebook friends, let me offer my congratulations for using Facebook the way I'm convinced it should be: To maintain contact with a smaller number of intimate relationships rather than how most people use it -- to gather hordes of so-called friends they might not know or loose acquaintances they otherwise wouldn't ever interact much with. Perhaps many people think there is safety in numbers. I don't. Friend in name only is worth what?
There's still the question: Is the account really Steve Ballmer's? I'd ask Microsoft, but it's too early on the West Coast to get an answer, and one might not be given. As TechCrunch's Michael Arrington demonstrated over the weekend, pretty much anyone can be a Facebook identity thief. In October 10th post "Being Eric Schmidt (On Facebook)," Arrington explains how he created a fake account for Google's CEO and started amassing friends:
I tested this by creating a fake Facebook account for Eric Schmidt based on his real email address. I tried to do this with a few Facebook execs first but it didn't work because the emails I have for them are already associated with their real accounts. The email address I have for Schmidt, however, isn't associated with any Facebook account. It worked.Of course I could have created a fake Eric Schmidt account without using his real email. But by using that email address Facebook immediately started suggesting friends to me - presumably people who have uploaded their contacts, including that email address, to Facebook in the past....
As soon as the account was created I was asked to verify the email address. I ignored that and instead just turned off all email notifications. But I can still use the account to add friends, accept friend requests, like status posts, and send and receive messages. Messages occasionally pop up saying 'Before you can interact with other people on Facebook, you need to confirm your email address.' But most activity isn't restricted at all.
I'm fairly certain that the account will be disabled shortly. But what if I had faked a less high profile individual, and didn't write on TechCrunch about it?
Arrington asks a good question, and it's one I may have a partial answer for. In June, I set up a fake Facebook account using one of my legit, but otherwise rarely used, e-mail addresses. Facebook had made privacy changes I wanted to test, by seeing to whom my information was visible. I needed a fresh account with no friends. I fully expected Facebook to disable the account within a couple of days, since I never clicked the acceptance e-mail. But the account remained active, as evidenced by the occasional friend requests I receive. I accidentally confirmed the account on Oct. 10, about four months after creating it. Following Arrington's Schmidt prank, I wanted to see if the account was active but I had forgotten the password. The process of retrieving the password apparently activated the account. Two minutes later I received e-mail "Welcome Back to Facebook." Oh yeah?
Arrington identifies a tremendous flaw in how Facebook works. A service with legitimate privacy controls would shut down an account unverified from the associated e-mail address within 24 to 48 hours. I surely expected my unverified fake account to disappear after a couple of days. The situation also raises questions about how many of Facebook's over 500 million accounts are active. Someone impersonated my daughter a few months back, using her name and photo yanked from her profile. So I've not just witnessed rogue accounts but identity theft, too.
The question isn't just "Would you be Steve Ballmer's Facebook Friend?" but "Is that the real Steve Ballmer you are friending?" It's time Facebook did something to better protect its users' identities. One way is to aggressively adopt a "verified" account scheme, something like what Twitter does but on steroids. Muscle up, Mark Zuckerberg.
As for Microsoft's CEO, I didn't bother sending a friend request. Will you?
Copyright Betanews, Inc. 2010