Monday, October 29, 2007

Microsoft Buys a Piece of Facebook and Files for Social Network Firewall Technology Patent

On October 25, Microsoft filed for a patent titled Integration of social network information and network firewalls. For a number of reasons, primarily security based, many corporations block social networking sites like Facebook and mySpace.

You may have also heard that, on October 24 (one day before the patent application), Microsoft and Facebook announced that Microsoft has purchased a 1.6% stake in Facebook for $240 million. According to Richard MacManus at Read/Write Web:

The amount invested is lower than expectations, which were around $500M. Microsoft's new deal with Facebook is all about bolstering their existing advertising arrangement - Microsoft will now sell Facebook's international display ads, in addition to the banner ads it already sells on the US site. However this deal leaves room for Facebook to run its own advertising network. Facebook's ad system will likely use social profiling to target ads, given the wealth of such data that Facebook has.

Lower than expectations..... still - do the math - $240 million for 1.6% of Facebook puts the value at $15 billion! The numbers are making me dizzy and I'm going off track.......

Seriously - after investing $240 million it does seem logical that Microsoft would apply for a patent on technology that would allow easier access to sites like Facebook from inside firewalls. In the patent application Microsoft proposes the problem with current firewall technology:

Internet protocol security (IPsec) allows the remote user or machine to be identified and is an additional mechanism for providing security to Internet traffic. A firewall may be programmed to require IPsec security on incoming connections. However, maintaining accurate connection information in a firewall can become tedious and prone to error. Detailed configuration knowledge may be required and the highest levels of protection may require frequent changes to the settings.

For example, broad application level exceptions may be authorized because it is too difficult or time-consuming to program a narrower, more appropriate, exception. Furthermore, due to the difficulty of configuring such elaborate settings, firewall configuration is generally statically set, wherein exceptions are configured once and then left unaltered thereafter. This decreases the security of the machine by causing the firewall configuration to not accurately represent the precise security requirements of a machine at a given moment, but instead represent the least restrictive superset of the needed configuration at all times.


And then the solution:

Instead of manually entering an allowed IP address or list of remote users to allow for setting a firewall exception, an invitation mechanism may be programmed to extract data about a connection invitation sent to an outside party and to appropriately program the firewall exception. The exception may be specific to the particular connection invitation, and, optionally, for limited duration. The invitation mechanism may be associated with an application, for example, an instant messaging program, or a game.

Alternatively, the invitation mechanism may be part of an operating system callable by an application or trapped by the OS itself. The firewall may receive an application handle and an identifier for the outside party, such as cryptographic material. The cryptographic material may be a public-key. The identifier for the outside party may be a handle, or pointer, to the public-key or an equivalent, such as a certificate. The exception may be timed corresponding to the type of application or invitation. For example, an exception for an e-mail-based invitation may be available for a period of hours, whereas an IP-based invitation for a game may be available for a minute or less. By making available the cryptographic material (e.g. public key) for an IPsec connection, the firewall can process the connection without interruption to the application, user, or OS.


Read/Write Web has also posted some web traffic stats regarding Facebook as compiled by Hitwise:
  • Facebook.com was the ninth most visited website (as ranked by Hitwise) in the U.S. receiving .96% of all Internet visits for the week ending 10/20/07.
  • U.S. traffic to Facebook.com has increased 102% YOY comparing the week ending 10/20/07 versus 10/21/06.
  • Among a custom category of leading social networking websites, Facebook.com received 15% of U.S. visits for the week ending 10/20/07. That was second most among social networking websites behind MySpace.com, who received 76%. Windows Live Spaces received .40% for the same week.
  • Facebook.com received '9.90%' of its U.S. traffic from Search Engines for the week ending 10/20/2007. Of that traffic, MSN Search and Live Search combined for .46% to Facebook.com last week. Google sent 6.82% percent of U.S. traffic while Yahoo! Search send 1.34% of traffic for the week ending 10/20/07.
  • U.S visits for Facebook.com among users ages 35 and over have increased 19% comparing the week ending 10/20/07 versus 10/21/06.
Providing easier access to sites like Facebook from inside corporate firewalls has the potential to make these numbers even higher - at least that is likely what Microsoft is thinking.

No comments: