Facebook has taught us some lessons about what people want on the web. Geocities provided a space, but there was nothing in it. It had to be filled with content from the account owner transferred via something called FTP — waaay too much work for a lot of people, and scary too. I mean “FTP” sounds like something out of a barely remembered science class. There might also have been an uncomfortable implication that you ought to have something worthwhile to say before going to all that trouble.

With Facebook, on the other hand, the content practically generates itself! Just hit a lot of “Like” and “Share” buttons and you don’t really need to write anything. Or if you do feel like broadcasting yourself, just type whatever you like into a form, and it’s as easy as that! And so safe as well for those who don’t want their info exposed to the whole world, but only to a select group of one or two or three or four hundred “friends.”

Facebook’s Achilles’ heel, though, may turn out to be privacy. Matt McKeon has created a wonderful chart which allows one to track, year-by-year, the erosion in Facebook’s default privacy settings. Over at Wired, Ryan Singel provides some insight into the current situation.

So is there an alternative for those concerned by Facebook’s emerging business model — namely, selling its user’s identities? Could any private entity be trusted not to do exactly the same?

The answer may be to take a fresh look at the web, with the lessons of Facebook in mind. Facebook does nothing unique, and it doesn’t do any particular thing particularly well. What it does primarily is aggregate a number of things which can already be done, and facilitate sharing of information between users (and increasingly anyone else they feel like sharing user info with).

What if these various functions could be distributed following much the same sort of model as the internet? Let’s take a simple example, like your email address. There isn’t a central server which holds all info about email addresses, but rather a system which allows your computer to fire off an email which goes to another computer which does a lookup and sends the info on towards its destination. Yes, it’s all quite technical, but, as a user, you don’t need to know any of the technicalities in order to send email, and no single entity or organization needs to manage all the email addresses in the world so that everyone can communicate with one another.

An open, distributed system wouldn’t be enough on its own for a lot of people, just as Geocities’ free empty space you could FTP to wasn’t appealing to a lot of people. But it would allow others to set up their own “Facebooks,” and every one of them would be interoperable with every other. If friend Alice posted something on her “wall” in her account with the Super Social Networking A-go-go site, friend Benny would see it in his account with Awesome Social Networking Divas site. And accounts would be transferable between sites, just like any real internet type account is today.

That latter point is very important. If Super’s privacy policy sucks, there’s absolutely nothing stopping Alice from moving her account to Awesome. Users would no longer be The Damned, condemned to an individual social networking site’s hell.

It’s difficult to say when or even if this will come to pass, but I’ve yet to hear a Facebook user who was entirely pleased with the service, especially on the issue of privacy. Give users a site with all the functionality of Facebook, better designed, as easy or easier to use, with total control over access to their information, and they might just go for it. Make it a distributed technology, and you’d do away with the need for a single entity to acquire a critical mass of users — any individual, group, ISP, etc. could set up their little corner, which would be interoperable with everyone else’s little corner, with all those little corners adding up to a global community of users.

In other words: watch out, Facebook.

Susan Boyle went viral for the same reason she did so well on “Britain’s Got Talent.” She . . . er . . . has talent. But she also exploded due to the nature of the viral phenomenon. The more people who saw her, the more vital to one’s pop-culture sensibilities it became to have seen her, and the more people saw her. Other things, such as the SNL short “On a Boat,” are popular because they’re hilarious, but mostly hilarious only because they’re popular. The video for “On a Boat,” with well over a million YouTube views, derives at least part of its humor from the fact that three guys rapping so enthusiastically about something as banal as being “on a boat” has become a legitimate hit.

And in a sense, this just reflects how the dot.com.sphere.net has amplified our basic instincts. Viral videos such as Miss Teen South Carolina’s painfully idiotic take on “U.S. America’s” education system are no more than ramped-up gossip. (Pssst! Did you hear that Miss California hates the gays?.) Our love of scandal (and parody) resulted in the widespread viewing of the “don’t tase me, bro!” guy, as well as its many spoofs.

And of course, there is the inevitable sheep-factor. Since being featured on “Oprah” last week, J&D’s Bacon-Flavored Lip Balm is all over the internet and sales have skyrocketed.

Bacon-Flavored lip balm will be hot for about 20 minutes before everyone realizes that it’s a disgusting idea. While good products get a fair bit of net-play on their own by word of enormous-internet-mouth, lousy products are shunted quickly aside by a bad rep. Social networking and news sites such as Facebook, Myspace, Digg, StumbleUpon, del.icio.us, Reddit, Sphinn (ad infinitum) that allow users to display and rate items tend to be self-filtering. Or would be, if they weren’t corrupted.

But they are, and this is where the viral phenomenon gets dicey. Once marketers realized that videos, games, memes, and products pretty well advertised themselves once they got going, companies began throwing a fair bit of energy into trying to force things to go viral. They started “astroturfing” these forums, posting as ostensibly disinterested parties in order to create what appeared to be genuine grass-roots interest. With the anonymity the internet provides, it became all too easy for a company to create fake but believable endorsements.

Or spawn them. In 2006, a book that had clogged the lit-blogosphere with rave reviews was revealed to have encouraged those plaudits with a contest; send us the most readers, win a prize. The book may have been fabulous, but when word of the contest surfaced, suspicion was thrown even on those reviewers who hadn’t heard of the contest. And as fun as it is to be hip with the jive, maybe this is the attitude we need to adopt when things flash into fashion. When shredded jeans and flannel shirts were all the rage (the first time), we looked like idiots because we wanted to, not because some flannel corporation was slipping free button-downs into the cool kids’ lockers. Now those flannel fat-cats are all up on those cool kids, and we need to watch our backs.

It was great for a while to be able to run around the internet like barefoot children, blithely accepting all the reviews of movies and books and dust-busters and teeth whiteners and squash rackets (I hear that the Wilson N145 has an enormous sweet spot) as though they came from trusted friends. Those days are gone the way of the penny candy. I don’t mean to sound conspiracy theorist here, but I’ve become wary of anything virally popular. From now on, I only click over if it’s that video of the fellow doing his happy jig in all those foreign countries.

Wait, that’s brought to me by Stride Gum? Shit.

Nope, not working. I’m going to have to find easier exercises and work my way up to that by degrees. Perhaps I can start with feeling some sympathy for Britney Spears (though not as much as the “leave Britney alone” kid).

Maybe I can have sympathy for them by taking a moment to reflect on the fact that the virtual currency of Second Life, Linden Dollars, is convertible into actual dollars, and therefore someone whose account was compromised could be cleaned out of real money . . No, that just makes me want to laugh. Clearly I must put much more effort towards becoming a better person.

Or perhaps it’s just that for years now I’ve been telling people that if they are going to journey to the darker side of the web (porn sites, warez sites, black hat hacker sites, sleazy stock tip sites, etc., etc.), for goodness sake don’t use Internet Explorer, and whatever you are using, turn off java and javascript! THIS ISN’T ROCKET SCIENCE PEOPLE!!! Sorry, sorry, didn’t mean to shout. Clearly I have some anger issues as well.

Once, when the world (wide web) was new, some might have argued that neither java nor javascript would be exploitable, since they’re supposed to run in a sandbox stripped of all manner of privileges allowing them to do anything nefarious to your computer. However, time and experience have shown that complex systems yield unforeseen combinations. As well, it would be foolish to believe that your browser doesn’t have bugs — yes, even if you just upgraded it because the last version had bugs. There has never been a browser released where, finally, they discovered and fixed all the security holes. Your browser has security holes that no one knows about yet, or worse, are only known about by the black hats. Perhaps they are being auctioned off even now to the highest bidder on Wabisabilabi.

The other day I was googling something innocuous, clicked on a search result, and my browser (Firefox) was redirected to another site which immediately attempted to whore the system. It didn’t succeed, of course, since it was clearly targeting Windows and trying to install Windows binaries, a futile effort against a Linux machine. I even clicked on “ok” to something that would have been very, very bad for a Windows user to agree to, just to watch it gnash its teeth.

However, it does demonstrate that the old advice to take precautions only when visiting seedy sites is outdated. These days, even high-ranking Google results may point to sites that have been compromised, or designed to be evil from the start, and achieved a high Google rank by nefarious means. Most any link may function as a kind of wormhole which sucks your browser quite unexpectedly to the dark side. You just can’t say for sure where a link is going to take you.

I’ve known about the NoScript Firefox extension for some time, but never installed it as it seemed excessively paranoid. However, I’m reassessing. I have been using it for about a week and it’s really not that bad. To break it in, one simply hits the dozen or so sites that one visits regularly and adds them to the white list. There’ll be other sites you’ll need to add later for them to work properly, but most will function fine even if you don’t add them. Perhaps buttons won’t change if you mouse over them, but that may not even be worth the simple process of adding the site to the white list. It’s so little hassle that I’m going to leave it installed, even though as a Linux user I have vastly less risk than a Windows user.

bottom left corner of my web browser visiting zombo.com, showing NoScript dialogue and bits of a couple of other extensions.

NoScript isn’t a panacea for all the potential dangers out there. For instance, there are vulnerabilities related to browser image rendering (search securityfocus.com for gif and jpeg). You can turn off images (Edit=>Preferences=>Content then uncheck “Load images automatically”), though that’s pretty drastic. But if you at least cripple a site’s ability to do stuff dynamically through scripting, you will have removed some of its teeth, and very pointy ones at that.

If you haven’t already, you might also want to check out the Adblock and FlashBlock extensions. While not directly security related, they may save thine eyes from the corrupt visions of the Beast, yea, even the most foul visitations which invite you to strike a monkey, or which feign to be a Windows dialogue.

If you’ve taken these precautions, switched to Firefox, been wary of the dark side, installed NoScript, and still your system gets whored by some nefarious web site, you will most certainly have my sympathy. If it happens because you visited the dark side with a password laden Internet Explorer and someone stole all your Linden dollars, well, you may have to wait some time for me to become a much, much better person before I can shed a single tear.