How Much Should You Rely on Your Users to Do Your Job?

Cyndy Aleo-Carreira,

on May 09, 2008,

Read any advice about bootstrapping your start-up company and odds are you'll find a tip about using your loyal user base to contribute services to your company. It sounds like a great idea in theory: you have all these people who love what you are doing and want to help. Your users may be willing to code for you or design for you or help localize your app by translating all your pages into languages they speak. The question left after relying on these people is how much you should rely on them to do your job.

The recent news about a Mozilla plug-in may be a warning about letting users code. We are in an space where the API is an ubiquitous offering from almost every 2.0 company. Use our API! Add functionality! Build a plug-in! Mozilla has succeeded where other iterations failed by switching to an Open Source model for developing the basic browser, and then letting anyone build plug-ins to enhance the feature set. We've been trained like Pavlov's dog to click the "This is okay! Go ahead and install it!" button every time we add a plug-in to Mozilla, but as some users discovered this week, you can't always trust the code you are installing. All versions of the Vietnamese language pack that have been downloaded since February of this year were infected with a virus. And this was a language pack that could be installed directly from Mozilla's own servers. With no oversight of these plug-ins, users are installing them at their own peril. This time it was just a virus, but the opportunity exists for injection of malicious code based on the current model.

Facebook is apparently having some issues of its own. As our own Svetlana discovered, the Russian language version of Facebook has its own issues. Facebook relies on its users to translate the site into other languages for them. You'd think that a company with Google-esque perks could afford to pay for localization, but most companies will take advantage of free services wherever they can get them if you ask them. The problem is that because Facebook relies on its users to translate the site for them, they don't employ anyone to actually check the translations, nor read any of the ads fed to users who are using the localized versions. As a result, an ad is currently running on the Russian language version of Facebook that advertises pornographic images of teen girls.

It sounds like good business sense to get free services whenever you can, especially when you have a devoted user base willing to provide them. But do you really want to rely on them when your company's image is at stake? And can you bet that in every case free services provided are doing more good than harm?

screenshot of porn ad running on Russian-language Facebook

Update: Filing under "great minds think alike," Drama 2.0 was thinking the same thing today and referenced the Data Portability logo design issues as another example of crowdsourcing gone wrong.

Google Puts Docs In Gear To Go Offline

Gmail Remembers the Milk

Is Google App Engine a Sign that Google’s Jumped the Shark?

GigaSpaces Launches OpenSpaces.org

20 Comments (Subscribe to rss)

Tara Kelly - May 09, 2008 at 11:49 am PDT

I’m glad you’ve brought this up. We’re struggling with these issues on numerous levels.

Lots of folks want an API for PassPack - but just *think* what that could lead to in the hands on a less-than-honest coder. We’d have certify all third party code and monitor it to make sure it doesn’t change post-certification. Our liability grows exponentially - but it’s not just protecting our “brand”, it’s protecting our users (why do so many companies forget that?)

I know I’m going to get hit with a myriad of hate mail for saying this but…. now extend the issue to open source.

We *love* the idea of open peer review, of a community building compatible apps and plugins. But what would happen if, say, a criminal mind decided to download the PassPack code package, make malicious changes and host it on his own servers advertising it as “Secure, Powered by PassPack”?

Sure, we could use the AGPL which requires all modifications to be made available to the community — but it’s not honest coders who follow the rules that are the issue here, it’s dishonest coders.

Anyone who trusts our brand would be at risk. It would ruin not only PassPack, but a lot of innocent people’s lives.

It’s a tough call. I wish there was an black and white answer, but there’s not.
Aurelijus Valeiša - May 09, 2008 at 12:59 pm PDT

It is a very urgent and probably the biggest problem of open APIs and OpenSource.
This is not the first time, when open source project gets hit. Some time ago same thing happened with Wordpress, when it’s update was injected with malicious code. And probably it’s not the last time.
The biggest problem is internet users’ society. Nobody will fix it. .

What could be done?
Well, take a look at wikipedia`s model. Community is building, community is destroying, community is fixing and this circle never ends. And this is one of the solutions - let people to find and fix the problems themselves.

Another solution would be to copy a business model from Apple iPhone (IMHO it’s one of the best). Firstly, everything closed - on this period, biggest bugs are fixed. And than - opening, BUT - only certified/confirmed developers can build apps. Of course, it requires many resources to check their work and so on, but this also could be done by users.
For example, when PassPack released for testers beta-6, many testers themselves wanted to test, help fix bugs and so on. Those people could also check, test and confirm those apps.

Of course, the most secure solution would be not to launch any APIs and don’t use open source.
Stephen Kelly - May 09, 2008 at 06:21 pm PDT

@Aurelijus one issue with iphone certification will be the cost of certification. As if it is too expensive (as it is to get a symbian application certified) - this will stop startups being able to afford to release for certain hardware / platforms which can stifle innovation.
Aurelijus Valeiša - May 09, 2008 at 09:12 pm PDT

@Stephen Kelly, if my memory is still good, for standard program you only need to pay $99 and for enterprise - $299, it’s not so much.
Tara Kelly - May 11, 2008 at 02:00 am PDT

@Aurelijus, Thanks for popping in.

Like I said, i don’t think there is any black or white answer. So I don’t believe one can say that APIs and Open Source are absolutely good (must use) or absolutely bad (must avoid).

Each and every company will need to find exactly the right mix for its product. Personally I’m a fan of Open Source. We use public algorithms for encryption and JQuery for rapid interface development. But each time a new version of these get released, we out them through the ringer before putting them into PassPack.

On Beta Testing, I think that’s a great example of finding the right balance between doing it all yourself, and looking to your users for help. Users can tell us what they think and help us find the bugs that pop up in real-world usage (not just test runs). But users aren’t actually touching the code - that’s our job. Ultimately we’re responsible.

@Stephen, certifications are a double edged sword. I’d like to think that they are there because the developers feel the need to make sure their product remains coherent, but often they are used purely as commercial tools. Again - it’s about finding the right mix.

Great discussion.
Global - May 17, 2009 at 03:26 am PDT

Great Post Thanx.
Diet Capsules - September 13, 2009 at 04:20 am PDT

its cool site, its cool work!!!
Kfc Online Menu - September 14, 2009 at 01:03 am PDT

good site, good work!!!
Ambien - September 14, 2009 at 11:22 am PDT

permanently zine ftuds overweight lokfero ambition testbeds namibia
Ambien - September 15, 2009 at 09:58 am PDT

blogsrss share mitochondria wheel florida savvy information singing calibre
Buy Cheap Xenical - September 16, 2009 at 07:24 am PDT

intervenes fiberglass pseudonyms collateral prevalent quantitative analgesics multilateral raised maturity
Ativan - September 18, 2009 at 08:45 pm PDT

passenger axis closed chances limitless declare edustipend rita prophet wrong inviting chinas provost macular
Ambien cheap - September 19, 2009 at 06:17 am PDT

stipulations citizenry refundable ibid geach moveabletype nicholas fares reshapes simplicity
Ambien no prescription - September 20, 2009 at 12:16 am PDT

nursery artsdest reservations franklin stephanie thurs mapping izkir dosesvaccine underwritten owing nexus
Bill Bartmann - September 22, 2009 at 08:38 pm PDT

FYI…..Plaxico Burress The NFL Footbal Player Begins Prison Sentence Today!
Not that I have anything against the guy but finally these athletes might start to get it….You CAN’T just do anything you want and get away with it. If I get caught with a gun, I would have to do time too.

Just my 2 cents…..
Tamiflu no prescription - September 24, 2009 at 10:40 pm PDT

culminated meuwly nhsdirect promises insides constant coach upkeep expansion clots infringed price
Valium no rx - September 27, 2009 at 08:14 am PDT

electoral backroad desiring kathi tygacil ddevelopment your richmedia homeostasis stray hoovering equitable
young erotic - September 28, 2009 at 03:51 pm PDT

I think its very nice!!!
Tamiflu no prescription se - October 02, 2009 at 12:35 am PDT

tackles fisher ethiopia forensics wheeler infovienna promises ujazdowskie moes eculture rahul outlined
Ativan drug - November 30, 2009 at 07:17 pm PDT

hunches penn middleton appreciates minds color modeling poorest isanta looked migrate

Leave a comment (We support avatars from Gravatar, MyBlogLog, and FriendFeed)