Have you ever actually clicked on any of Twitter's trending topics? I don't want to sound like the old guy telling whippersnappers to get off his lawn, but trying to read almost any Twitter trend gives me a headache. There's so much spam with popular hashtags attached that even people who care about the trends aren't getting a great user experience. Twitter realizes this, and they're going to do something to cut down the noise.

The precise something that Twitter intends to do isn't really clear. Biz Stone's blog post is full of ambiguous language: "We're working to show higher quality results for trend queries by returning tweets that are more useful." It's not clear whether this means manually filtering trends in some way, or whether Twitter is introducing an algorithm to weight tweets by relevance. I think the average Twitter user is less concerned with the technical details, and more concerned with how effective this experiment will be at reducing junk tweets.

[via TechCrunch]

Facebook's making some big changes around its application platform, particularly concerning how much access apps have to a user's activity stream and notifications. If you're a Facebook user who hates app spam, that's good news for you. It's terrible news for developers, though, because getting their links in front of you is how they spread virally and pick up more users.

This doesn't mean that apps won't be able to communicate with their users. They're getting put back into the sidebar, and that (virtually useless) boxes tab is going away. App and Game notifications will be handled by a new sidebar dashboard, moving them out of your stream once and for all.

Email will also figure more prominently in the user-developer relationship, with developers getting the option to ask users for their email addresses and send notifications that way.

Facebook isn't mincing words about what it's trying to do, here. In the official blog post announcing the changes, they come right out and say they're trying to cut down on spam: "Application communication in channels like notifications and requests aren't effectively serving their original purpose. There is a significant opportunity to improve the user experience and reduce spam by replacing them with better features and moving most communication to the stream and Inbox."

Take that, Farmville!

[via TechCrunch]

If you didn't ask to have your Facebook password reset, think twice before opening an email that looks like it's from Facebook's support team. A lot of these fake password-reset emails have been going out lately, and the attachments they contain can take over your computer and add it to the Bredolab botnet, according to ZDnet.

Your first clue that these emails are sketchy is that they contain a zipped .exe file, which is a horribly insecure and inefficient way to send an account password. Although the mail looks like it comes from support@facebook.com, the address is just spoofed to fool you. The botnet behind this attack, Bredolab, is reportedly involved in some large-scale spamming and identity theft activities, so don't risk letting your computer become part of it.

[via ZDNet]

The head honchos at Twitter have decided to take action against the site's growing problem with spam accounts by giving users some new options to file spam reports. You'll see a new "Report as spam" link on the sidebar of each user's Twitter page, and a "Report as spam" action available from your followers and following lists. Clicking on either of those links will give you a chance to decide if you're sure you want to report, and then block the user and flag them for review.

Previously, reporting spam meant following Twitter's @spam account, and sending it a direct message with the username you wanted to report. There's no official word from Twitter on how the spam reports work, yet, but I suspect it's something like the way blocking worked before: i.e., the more times an account is marked as spam, the more likely it will be to get deleted. This seems like a much more efficient way to handle the spam problem, and it'll be interesting to see if it results in fewer bot accounts on Twitter.

[Thanks, Damon!]

UPDATE: Twitter's official blog post on spam reporting is up now.

Spam is a growing problem on Twitter, and there's not much an individual user can do about it. Finding and blocking all the spammers amongst your followers can be a tedious and time-consuming process. Fortunately, Tweet Blocker makes it easy, and offers a way to quickly unfollow and block any spammers.

Using a spam filter algorithm based on user recommendations, Tweet Blocker gives your followers a grade from A to F, based on their level of spamminess. This you gives you a quick way to locate the spammers, and then you can use Tweet Blocker's convenient block and unfollow buttons to take appropriate action. You can also see the recent tweets from any account on the list, in case you're not sure at a glance whether someone's a spammer or not.

Spam is a problem nearly as old as email itself. Sure, it's 2009, but posting your email address on your website is still likely to invite spammers to let you know about the latest Viagra and Cialis deals. MailTo Encoder uses a bit of Javascript to obscure your address from spambots, while leaving it readable to actual humans.

From the user's perspective, email links look exactly they way they normally would. The encoding and decoding all happen behind the scenes, thanks to some easy Javascript you can cut and paste. MailTo Encoder is a decent solution that gets the job done with minimal effect on the user experience, and it might beat setting up a contact form on your website.

I've been guilty of it, and if you subscribe to a lot of mailing lists, I'd be willing to be you have been too. Guilty of what? Of marking legitimate mailing list email as spam as a shortcut way to unsubscribe. To be fair, most of the time when I've done this, it's because the mailing list in question makes unsubscribing difficult. But sometimes it's just sheer laziness.

The problem with marking legitimate messages as spam is that it messes with Google's spam detection algorithms. So Google has gotten smart, and when it detects that you've marked a legitimate mailing list as spam, it will now offer to properly unsubscribe you from the mailing list automatically.

Google reasonably says that they can't provide the unsubscribe option for all mailing lists, and that it will be careful not to offer the unsubscribe option for lists that are known to be owned by spammers.

This is a great example of a web service going the extra mile to use the information it has to make life easier on its users.

[via Lifehacker]

If you've ever had your Facebook account taken over and used to spam your friends, or if you've ever been on the receiving end of that spam, you might be happy to hear that Facebook is actually doing something about it. In a blog post on Friday, the social network announced the rollout out of new verification procedures for logging into an account that appears to be compromised. When Facebook thinks an account is being used to send spam, the owner will get an email directing him or her to a new verification page to confirm ownership of the account and log in.

The verification page serves the dual purpose of letting the user know how the account was taken over - likely through a phishing attack using a fake site that looks just like Facebook, according to the message. Moving the verification process to the Facebook site and automating it should streamline the process of getting your account back, and hopefully give you some tips to keep you from exposing it again in the future. It's a good new feature, but I can't help wondering about the extent of the increase in spam that probably prompted it.

For the seasoned Internet user, that headline is a no-brainer. Unless you're hoping to be spammed ad nauseum by everything from (ahem) stamina enhancers to mail order brides to bogus antivirus software, don't post your real email address anywhere.

Less security and privacy savvy users, however, might not be aware of the pitfalls yet, so here's some advice. If you are using a social site like Twitter or Facebook, don't be so quick to give your personal information away.

For an unsavory soul to harvest your address from Twitter is as simple as setting up a search for a topic like "email me at" - text which CNet found occurred nearly 300 times in a one-hour period. It's worth noting that a good portion of that volume actually comes from Twitter spammers trying to drum up business - but unwary users are doing it, too.

It's bad enough that these people are actively spamming trending topics on Twitter, so don't invite them into your inbox. If you must post an address for people to contact you via email, sign up for a dedicated public email address with service like GMail or Live/Hotmail. That way you don't need to give out your everyday family-and-friends address.

Another option is to familiarize yourself with some sites that provide disposable email addresses like the ones I wrote about a while back. They're a perfect way to let people contact you without the risk of polluting your inbox.

There are a lot of virtually-identical web clients for Twitter out there, but Philtro is a new one with a unique approach. It uses a system that you're probably familiar with from email spam filters to weed out the irrelevant stuff and show you the posts from your Twitter stream that are most interesting to you. There's a thumbs-up/thumbs-down rating system that trains the filter and lets you correct any mistakes it makes.

It's definitely an original approach, but there's already a way of weeding out spam on Twitter: just follow the people who are relevant to you. If they're not, then don't follow them. If it gets to the point where you're following so many people that the small percentage of irrelevant posts from otherwise-relevant people adds up to more than you can handle, consider dropping some people. On the other hand, if you're a business user of Twitter, or a "social media marketing guru" of some kind, Philtro could prove indispensible. Philtro does have an audience, though: according to their blog, their average user only cares about 5% of the tweets they read.

While it's not news that malware developers are opportunistic, their latest deception isn't at all what I expected.

Fake P2P sites? Sure. Fake celeb porn sites? Ok. But bogus presidential news blogs?

Trend Micro researchers have discovered a number of sites built using Obama's name and related keywords to ensnare unwary browsers. The sites try to push ActiveX controls and .exe files on visitors like barack.exe or baracknews.exe. Spam is now appearing in inboxes as well in an attempt to drive users to the suspicious sites.

As is the norm in these cases, the sites and emails are poorly written and would probably only look believable after six or seven beers.

Subject : What will be with our country?
Message: Barack Obama is not ready to be a president [link]. Yours sincerely, [name]

Keeping yourself infection-free shouldn't be a big deal, as long as you exercise common sense. Don't run .exe files from sites you don't trust. Don't authorize ActiveX installs in Internet Explorer on sites you don't trust (through the gold bar at the top of the browser window).

Dear god, man!!! What will be with our country?!?!

We'll all be in a lot more trouble the day malware hooligans decide to employ someone that knows how to write compelling bs.

If you've ever bought anything online you know that there's no such thing as a simple, one-time transaction. Once you give an online retailer your email address there's a good chance you'll continue to get emails letting you know about other items the company would like you to buy, coupons, or sales until the day you die (or opt out of these email messages, whichever comes first). And that's if you're lucky. There's also a chance that your email address will be sold to marketers and you'll start getting messages from dozens of companies you've never done business with at all.

There are a bunch of services that provide you with disposable email addresses that disappear after a few hours or days. You can use these services to create a temporary email address to sign up for a new web service or purchase an item online. But you need to sign up over and over again every time you need an email address. OtherInbox simplifies the process by letting you register for a single account which comes with a virtually unlimited number of email addresses.

Here's how it works. You register for a free account and you're assigned a custom domain like username.otherinbox.com. Any time an email is sent to any address ending with @username.otherinbox.com it will show up in your inbox. Messages will automatically be sorted into folders based on the address they're sent to.

Results from a new survey by Marshal are in, and apparently 29% percent of the respondents to a recent survey admitted they made purchases from spam messages. That number is up from a 2004 survey in which only 20% admitted doing so. I was all set to vent about people getting sucked in when I realized something: who cares?

Marshal's VP of Products, Bradley Anstis, said "Many of us often question ourselves, why is there so much spam? The answer is, enough people are purchasing products from spam to make it a worthwhile and profitable endeavour for spammers."

Well duh. Thanks for the press release!

In our last installment the XForce was busy keeping you safe on the Internet. In this episode it's XForce versus the evil spam.

Spam, as we all know, is a pain in the rear. The XForce report covers a lot of ground on spam and phishing.

Some of the things the report covers (that I won't):

• What happened to image-based spam?
• How much spam is phishing?
• How much spam is PDF spam?
• Where are the web pages contained in spam messages hosted?

So, here are the interesting spam nuggets from the report. The XForce reports that Russia sends 11% of spam, Turkey sends 8% and the US sends 7% of worldwide spam. Can you believe that Turkey is beating us in spam?

The XForce report also lists the most common subject lines for spam and surprisingly, there is not a mention of Viagra in any of them. The most popular spam subject line, at .67% of the world's spam is - Replica Watches. I know, boring, isn't it? The second and third most popular subject lines are about more risque topics.

If all this talk of spam has that lovely Monty Python song stuck in your head, go try the spam-a-lot game. But if you're at work you might want to turn your speakers down (or off)!