Nice HTML there, Tom! And grrrreat spelling! It’s so awesome that you were able to get $200 million for your piece of crap site.

And Tom, you wouldn’t have to deal with spammers, phishing, cross-site scripting attacks or other nasties if you’d just get a stinkin’ clue. You’re not the first website in the world to deal with user-provided content/HTML. Do you really have anyone else programming on the site? Are they monkeys?

And let me close by saying what a great NON security feature. You’re changing people’s links to a domain name that doesn’t even have the word MYSPACE in the name. People are going to think that’s not normal and freak out, regardless of your cute little announcement box.

And nevermind the fact that you’ve just given yourself a way to police all links on your site and determine what is “allowed” and “not allowed” to be linked to, nor the fact that you’ve created your own database of links referenced by people using your site, which you will no doubt go on and sell to some marketing firm, privacy be damned!

Blah blah blah. I hate MySpace with a stinkin’ passion.

TechDirt has an excellent write-up today named “Universal Music 'Settlement' With Bolt Makes A Mockery Of The Law; Common Sense”. If you’re not aware, Universal music’s CEO, Doug Morris has been suing video-sharing sites that make use of copyrighted Universal music. Keep in mind, these are usually humorous videos, video diaries, video game captures, etc.. that use music in a fair use manner and are totally legit. No one in their right mind is going to hear “Sexy Back” on a YouTube video and say.. boy, now I don’t have to buy the song!

They successfully got Google to pay out (conveniently after they bought YouTube) by way of equity shares in YouTube! Now, keep in mind that Google/YouTube has done nothing wrong. They’re not responsible for their user’s content. Nor have many of the users done anything wrong, seeing as the music is used in a fair use context, usually not a full song, and actually helps the artist instead of hurting them.

Then they went after MySpace; suing them and winning, again for the same reasons that don’t make sense.

And somehow they then convince Microsoft to pay a type of “Universal music” tax on every Zune unit sold, probably because it could potentially be holding pirated Universal music. What the ——? Check out this quote from the New York Times:

A recent study estimated that Apple has sold an average of 20 songs per iPod — a fraction of its capacity. The rest of consumers’ music files — 95 percent or more — come from ripped CDs, possibly including discs from their own collections, and illegal file-trading networks, the study said.

So what percentage of that 95% is legit files? I’m sure Universal and other record industry executives want to say 0% — but think about it. Most older teens/adults who have iPods aren’t going around and pirating music. Maybe they do the casual thing, and let friends borrow a CD, who rips it, and then gives it back. But ultimately, is that a bad thing? Maybe the next time the person sees an album from that artist, they will purchase it first-hand. Or perhaps they will feel led to purchase the album they ripped, to get the physical album and artwork? Why assume that all of your customers are filthy thieves trying to steal your profits?

So finally, Universal turned its sights on Bolt.com, a site that is probably one of the first social networking sites (that I knew of, at least.) And now they have to sell their company/site to another smaller company, just to make the legal bills work out.

Ugh, when will this just stop? Movie and record executives, listen to me:

People will always steal. No matter what. Even if you put up your best padlock, someone is going to crack it. Give it up, and offer non-DRM’d versions of albums/songs online, in multiple formats. Why do I end up paying 99 cents for a single track in 128kbps MPEG4 format? Why not offer it to me in lossless MP4? Or better yet, 320kbps MP3 or the lossless FLAC format?

Movie studios, just give up. Your Blu-Ray and HD-DVD copyright protection is cracked. Why do you purposefully slow-down modern computers in order to make them support your DRM? By the way, check out this excellent blog post on MSTechToday regarding Vista’s DRM, and how neither Bill Gates nor Steve Jobs likes it.

And this all begs the question: when you buy something, are you buying the RIGHTS to play the song/movie, or are you buying the actual item transacted, such as a file or disc? If it’s just the rights, then shouldn’t I legally be able to obtain that same song in a different format, for little or no cost? If I damage my disc, should I be able to just copy a friend’s and still be legally correct?

Just, ugh. You wonder why people pirate. Because it’s easier to deal with than all of this crap. DRM sucks.

After going back and forth with MySpace’s lovely tech. support, it seems they have finally cancelled my account. Thank God— good riddance and all that. Let it be known that it’s taken me an entire month to cancel my account, and at least 6 e-mails back and forth. I dread to think what a parent would have to go through to get their child’s account cancelled…

Please, leave the sinking ship that is MySpace. If you have kids, explain to them why it sucks, and why they should ignore the sexually-themed advertisements on the site. If you run a network at a company, why are you wasting the bandwidth?

And this shall probably be the last post on the subject of MySpace.

F-Secure writes about a brand new MySpace worm that is making its way like crazy throughout profiles. It spreads by executing a bit of JavaScript embedded in a Quicktime file. And of course, users can embed whatever objects they want on their pages!

Spyware Sucks has a write-up sharing my same thoughts of MySpace: block it from your networks now. If you have kids, educate them about the badness of the site and get them off of it. If you’re in charge of IT at a company, filter it out.

Unless you want to stick with a website that sends password information unencrypted, lets its usernames and passwords get phished, and semi-knowingly exposes (and possibly infects) a million users to an old exploit via a banner ad.

Sheesh.

Wow. I am just speechless right now. I’ll let you read the response that MySpace’s technical support gave me regarding the cancellation of my account:

Hello,

If you wish to terminate your MySpace Account, start by clicking on "Home" in the top navigation menu from any MySpace web page. Once on your personal home page, click on "Account Settings," appearing in the upper left portion of the page, next to your picture. Click on the "Cancel Account" link. You can find it above the "My Account Settings" box. This will link you to the "Cancel My Account" page. There click on the "Cancel My Account" button. Your MySpace Account has now been deleted. Keep in mind, canceling your MySpace account will permanently remove all of your profile information from MySpace, including your photographs, comments, journals, and your personal network of friends. This information cannot be restored. You may re-register your current email address after canceling, but you will need to rebuild your personal network from scratch.

If for some reason you should be unable to delete the account, provide the email plus password for your profile and we will cancel it for you. If you don't remember the password or it has been changed, please send us a salute as verification and we can remove the account.

To send a salute, please do the following:

Create a hand written sign that says MySpace.com and your friend ID. Your friend ID is the number between ID= and &mytoken in your profile's URL.

Get an image, or digital picture of yourself with this hand written sign.

This is image is a salute. Next, reply to this e-mail with the salute as an e-mail attachment, or as an e-mail link to where it is uploaded.

If this does not answer your question, please click:

http://viewmorepics.myspace.com/index.cfm?fuseaction=misc.contact

Thank you,
MySpace.com

What the.. so let me get this straight. I can’t use the automatic function to cancel my account, which is what I e-mailed support in the first place with; indicating that this is a standard response letter. Okay, no biggie. They say I need to e-mail them my password and e-mail address, and they’ll delete it. Okay, I already e-mailed you from that specific e-mail address, asking to be deleted. Why do you need my password too? Ugh.

Furthermore, if you forgot your password, you’re supposed to take a picture of yourself, holding up a sign with “MySpace.Com” and your profile ID? Wow. That just blows my mind. I won’t even get into privacy implications.. why they need a picture of yourself.. and who recieves/views/stores these photos.

I’m reminded of Vinny’s fun time at trying to cancel his father’s AOL account. JUST CANCEL MY ACCOUNT.

MySpace is scum. Block it from your computers, especially if you have young children. If you’re running the network at a business and haven’t blocked it yet, shame on you.

I tried to delete my account. They send you an e-mail with some sort of confirmation link, which of course, I never receive... probably the same broken e-mail logic that doesn't send me an e-mail when I want to change my e-mail address. So, in their support section it says to e-mail them directly from the e-mail address the account is under, and they'll cancel it manually. It's been a week, and still no deletion!

So I decided to just make my account "dead"; remove everything from it, remove all my friends, remove my "real name" so people can't find me on there, etc... After I'm done with all that, I go back to my home page and see:

Apparently I "haven't added any friends yet", but I have 13 friends.

And that, my friends, is reason #46835 why MySpace sucks.

I know the subject is kind of stating the obvious, but I’ve reached the snapping point.

A few days ago, I realized my entire inbox contained all the mail I had ever received. It wasn’t that surprising (and was what I was expecting), I just didn’t think MySpace would work that way, and instead would clear it out after xx days, like they do with bulletins, etc.. anyhow, since there’s no “delete all” (???) I had to manually delete hundreds of e-mails.

After clearing out about half of my mail, it would come back with “Page 1” and there would be no mail on the screen, just the “next page” link. Huh? Clicking “next page” took me to another page of e-mail, this time with actual mail on it to delete. I repeat this, until I get to about 6 pages or so left, but each page is completely blank. This leads me to conclude that:

1) MySpace doesn’t actually delete the e-mail permanently, and is instead setting a flag or something (DeletedFlag?) in the database that indicates the mail is deleted.
2) MySpace’s inbox “pager” which generates page numbers and forward/back links is most likely not factoring in the DeletedFlag.

So that’s one issue to report to the support department.. as well as another issue I’ve been having involving changing my e-mail address— I simply can’t do it. MySpace claims it sends my new e-mail address a confirmation number, but I don’t get it. MySpace’s mail servers never even connect to my mail server.

So anyhow, I send the e-mail to support, expecting to never hear back, but surprisingly, I got an e-mail yesterday with just “We’re working on it. Thanks, MySpace Support”. Wow, thanks for the detailed and professional response. And what are you working on exactly? My InBox problem or the e-mail thing? *shrug* It looks like they meant the InBox problem, because the page numbers are gone today from my InBox, and it truly looks empty.

Moving on, this is what set me off tonight:

This problem has been happening since MySpace started, and Tom’s just now making it an announcement? Nevermind how unprofessional it is. (all lowercase??)

If you read his blog entry, he talks about how people are making fake MySpace login pages (sometimes even using a MySpace profile itself to fake a login screen.. hahahaha!)

Look at the right hand side.. “check her for latest info” ? Did you mean check HERE, Tom? Or perhaps I am indeed supposed to check “her” for latest info?

I notice that my scrollbar on this blog entry is tiny.. the page must have tons of comments on it. Scroll down.. nope, only showing 48 per page. Turns out it’s the ENTIRE list of “Who Gives Kudos”, on each comment page. Like anyone cares. Why must it show the entire list? Why not show like the first 10, and then have a “show the rest” link, like the rest of the web does?

I posted a comment/reply to his blog, but it’s doubtful that he’ll respond. Here goes:

Tom,

Why not implement something like Yahoo does, that shows a custom piece of text or image on the login form (set by the user) in order to prove it's from Yahoo.com's login service.

Also, why are you letting profiles get created/modified in order to look like a log-in page? Some simple HTML filtering would take care of that. Or perhaps you could add a "report this profile" link to the page somewhere-- I've run across numerous profiles that violate the terms of use, either with pornography or other things, yet I have no way of easily reporting them.

And while I'm rambling, why do you allow sites to place their tags/crap all over the auto-generated profile code? Why not clean that up or disallow it completely? That's where most extra advertisements, tracking cookies and other "iffy" things come from..

And finally, I hope you guys fixed the cross-site scripting problems? Otherwise, that would explain why bulletins automatically get posted to people's accounts just by visiting another "bad" site while being still logged into MySpace.

Are you looking for an ASP.Net developer in Southern California who can help? Send me some mail.

I recently had to fix a friend’s computer because they let one of their daughters view MySpace on their computer, which was running Windows XP and for some reason wasn’t running automatic updates. An advertisement, either from MySpace’s ad pool or one of the profiles she viewed exploited a flaw in Internet Explorer, and downloaded/executed a program that proceeded to download about 20 to 30 pieces of spyware, toolbars, etc. — joy! The fact that someone can put code like that on their profile is reason enough to block MySpace from your network, and not let your children near it.

The Yahoo idea I mention is actually pretty darn cool. They call it a “sign-in seal”, and it’s a user-chosen piece of text or image that will appear in the upper right corner of the login box whenever it’s an “official” Yahoo.com login accessed via your computer. The downside is that this is not “automatic” and requires the user to set it up before they get the benefit of it.. but hey, if you’re worried about your personal information, you’d want to be on top of something like this, right?

I think it makes sense, and I hope other sites start to adopt something similiar. Now, if only we could educate people on what a strong password looks like..

Update: I did a quick search on Google's blog searching engine, and found these other bloggers who seem to agree with me:

http://darkmotion.com/blog/2006/10/24/why-myspace-sucks-ass/
http://www.mpdailyfix.com/2006/10/myspace_sucks.html
http://onlinecomics.blogspot.com/2006/10/myspace-sucks.html
http://josepho.wordpress.com/2006/09/09/myspace-sucks-the-saga-continues/
http://www.leliathomas.com/2006/10/16/testing-my-myspace-theory-post-3/

Man, the fun never stops around them wacky MySpace offices!

P.S. — I now have a “MySpace” category on my blog. Be afraid.

I am convinced that MySpace’s “technical group” consists of a single man, a workstation, and a 24–pack of Mountain Dew.

It’s amazing the site even runs at all. They need to fire whoever is heading up their technical staff; and I seriously doubt it’s “Tom” working on it— it is worth at least $580 mil, right? I feel like we’re back in the hayday of the dot-com era here. Just waiting for the bubble to burst, and if the error messages, spyware-laden advertisements, sexy not-safe-for-kids advertisements, exploits (hi Samy!) and more are any indication.. it will be bursting very soon. Check out the Wikipedia article on MySpace, it’s hilarious.

Also, good luck contacting their support department. I still haven’t been able to change my account’s e-mail address..

If you are in charge of running IT at your company, you owe it to yourself to block MySpace.com from your networks at all costs. I don’t even want to get started about how many people I see at my work goofing off with it when they’re supposed to be working.