Hello Boards Users. We are finished with our database migration. Access to all your favorites and preferences should be readily accessible now.

Thank you for your patience!
Happy Posting!

~Erin

After nine years and three months, today is my last day at AOL. It's been a wild ride, lots of fun, and a tremendous learning experience. Besides working with such great folks, where else could one have the opportunity to run such a large community operation and get to know some of the most interesting, savvy, and committed community members in the world? I will miss you, more than you know.

But... other opportunities, both personal and professional have been calling and the time is right for me to move on.

My AOL e-mail box will not work after today, so if you want to stay in touch, feel free to write to NYMeng@aol.com. You can also keep track of my daily activities by reading Hummingbird Mind.

Before you ask what I'll do with myself, I have some plans. Here's just a short list:

* Sleep
* Exercise
* Read
* Play with my new granddaughter
* Fish with my father
* Walk the beach
* Focus on the youth oriented non profit I started last year with some other parents
* Take many road trips
* Complete a book I've been writing

That's just a start. I plan to take off at least a month before starting some consulting work I've been offered.

I'll also still visit AOL communities, so if you see me online, feel free to ping me.

It's not goodbye, it's so long and see you soon.

-Nancie

P.S. Be good!

My last entry promised a series of posts about items on the MESH Team's to-do-list. Let me climb over the 800 pound elephant sitting between us to say that layoffs and reorganizations have eaten up a lot of everyone's time for the last two weeks. To add to the headaches, there's been some mutating virus (of the physical kind) that slowed many of us down. But, we've rallied and we're back. So, let me give you an update on the items that lead our task list:

I knew I hadn't posted an entry here for a while; but, I completely lost track of how long it had been (shame on me). In fairness, the team and I have been pretty busy.

In August, two days after my last entry, other members of my team and I headed on a whirlwind tour to meet with two of the groups who support our moderation and enforcement activities. For those of you who do not know, we have a 24/7 operation supported by people in the Philippines, India and all over the United States. In September, the folks located in the U.S. came to Dulles. All these meetings were a way to introduce the new Moderation, Enforcement, Safety and Help (MESH) team, what we do, how we do it, and to tap the wisdom of the crowd about ways to do what we do better.

It would be hard for anyone who read, heard or watched the news during the past year to remain unaware that AOL's business strategy changed. One thing that has not changed, despite some user's comments to the contrary, is the importance of Community. It has always been and will remain core to AOL's business. Our Communities are an important part of the new strategy. Toward that end, the MESH team has three main areas of responsibility:

* Member Experience in our community spaces

* Enforcement of Terms of Service, Community Guidelines, Product Guidelines and Community Standards

* Communication with our community members about all of the above

While carrying on the day-to-day operations, we've spent considerable time this past quarter analyzing what we do and how we do it in the context of changing business strategies. Mostly, we've focused on how to make improvements. Your e-mail, instant messages, message board posts and comments in our blogs made you part of the process, too.

Curious about the first items on our to-do list? Check out just some of the things we identified and have begun to work on already:

* Smarter moderation and enforcement tools to help us move more quickly through your "Report This" or "Notify AOL" notifications. These will have more efficient features for cross-referencing and actioning "bad players" on our network

* Easy to understand community standards that lay out our policies related to community violations and the related penalties

* New training for our teams

* Clear channels for user feedback and escalations

* Frequent and ongoing communication with users

* Developing closer communication channels and relationships with product owners to whom we raise your requests for features.

This entry is the first in a series (and I hope, an ongoing discussion with you all) about all of this.

Earlier today, I attended a Web 2.0 Security conference sponsored by AOL Developer Network, which focused on the array of threats and solutions to hacking in today's age of Web 2.0. Naturally, I'm very interested in Information Technology (IT) Security so I decided to learn more about it.

The slides opened up with an overview of the history of security on the Internet, as well as statistics on the behavior of the "underground" deviating from traditional Worms and Viruses towards Botnets, Rootkits, and Professional Phishing.

Our IT Security folks also informed the audience that they thwart attacks against our servers every minute by leveraging different technologies to prevent security risks to AOL (and Time Warner, collectively).

Then came the geeky stuff like preventing Cross Site Scripting (XSS) and SQL Injection attacks against a Web server. One of the proven methods discussed was how to secure Web servers from attacks with a free Web application firewall known as ModSecurity. This can be an invaluable component for system administrators to analyze and prevent common attacks against Web servers and generate informative log files for later review. It's free and works with Apache.

On a more relevant note for you, a Web user, it's important to understand that many security exploits aren't technical, but prey on human error. For instance, take Phishing (when scammers try to trick private info out of you): We tend to trust something if it looks official (such as e-mails that carry a company's logo), and may neglect to check the URL or look for other signs that an e-mail is a fake (such as e-mail headers).

You don't need to be a security expert to protect yourself -- there are plenty of easy ways to spot risky e-mails. We have a tips on how to spot phishing scams, so does Microsoft, eBay and PayPal. You can put your phish-finding skills to the test with this fun phishing game [link via PC World].

Besides reporting spam on phishy e-mails, you can volunteer that information to Phishtank [link via Security Fix] to report phishing Web sites. There you can also track and verify them and check out some interesting phishing statistics collected from users. Yesterday, they published a report on ISPs that host the most phishing sites: Right now, SBC, Comcast and Road Runner are the top three.

Maybe now is a good time to plug the free McAfee VirusScan Plus provided by AOL which includes a firewall and McAfee SiteAdvisor as helpful tool to detect phishing sites as you browse the Web.

Other tips include (for all users and system administrators) keeping your computer updated with updates from the vendor. This includes Windows Updates, Mac OS updates, as well as software updates (like AOL 9.0 VR or AIM 6.5) so many vulnerabilities are closed from online criminals.

These are my thoughts on security in a Web 2.0 world. What questions or tips do you have on staying safe and secure on today's Web? Post your thoughts in the comments below.

~ Joseph

Symantec's Security Response Weblog published A Brief History of Phishing: Part I on Friday. The first article of the two part series contains interesting info about this automated method used by the unscrupulous to trick us into divulging personal and private information. This data can be used to steal our money and identities.

Phishing has been around since the mid-1990s and, early on, AOL members were part of one of the biggest pools of victims targeted by rather unsophisticated phishers. The authors point out that "AOL took the phishing problem seriously and... implemented numerous effective measures." They also state that the numbers of phishing expedition e-mails AOL account holders receive today are "relatively small."

I know that though I still receive requests to update my billing information from time to time on both my paid personal and employee AOL accounts, the number of attempts have diminished.

The authors refer to phishing today as an emerging technology organized by business-oriented professionals. They posit that those of us familiar with the early forms of phishing may have been lulled into a false sense of security, which new methods exploit.

Check out the articles -- the second part will be published on Monday. While the first article baited the hook with tasty tidbits about how phishing has evolved over the years into big business, I'm hoping Part II will contain information about how we can avoid getting reeled in by professional phishers.

Via mediabistro.com, washingtonpost.com and other sites, we see that Google plans to roll out a new comments feature on its main page news articles. It allows those covered in a story to submit comments, which will be featured next to the article.

The Google News Blog states, "We're excited about the possibilities of this new feature and we hope you are too, so if you've been covered in a news article please send us your comments and we'll work with you to post it on Google News."

At first glance this seemed like a pretty neat use of an in-line comments feature for an online news community.

Disclaimer: In-line comments are not my first choice of community experience for News Communities, though I do see them as an additional feature that can be used. More on that in another entry.

Though commenting can be a community offering, Google is not providing one, because users can't participate in the conversation. They can only read what Google publishes and what the parties concerned say about what was published... that is, if we see all the comments. Still, allowing the subjects of stories to comment does add value to the user experience.

A closer look reveals this to be an online version of 'Letters to the Editor' with which we're familiar in print journalism and other media. People mentioned or affected by a story can write to the outlet to counter or commend the article and the editors decide what gets published. We all know a lot of Letters to the Editor never hit the page.

I wondered whether Google was going to set guidelines around submissions, so I followed the Send Us Your Comments link and read through the FAQs. There one sees that the News team at Google provides the following statement:

"We may not be able to respond to or publish all comments submitted but we'll try to be in touch with you and we may include your comments in future stories in which you are mentioned."

Kind of broad... am I the only one wondering what guidelines will be used to determine what comments make it through? Stating how they plan to choose which comments get published and some examples of which ones won't, would enhance the user experience. It would also help those submitting comments be more successful in having their's published.

What do you think about Google's new feature? Should all online News outlets allow subjects to submit their side of the story? Should users be able to comment, too? What do you think of comments in general?

Thanks to Will Kern for his 15Meanings blog post on Being Transparent. As corporate bloggers, my team talks about the ups and downs of transparency a lot. As Will states, "It seems easy enough, but is is harder than one might think." (In the spirit of transparency and full disclosure, Will is a colleague and Senior Product Manager here at AOL).

I wager that most corporate bloggers believe that the benefits for the company and the consumer outweigh the problems in most instances. But, the downside is worth thinking about.

Like Will, my team and I will answer any questions as long as we've got the information and are "in a position to give it to you." Please note the key phrases here:

* If we have the information
* If we are in a position to give it to you

On topics over which we have input or control, we're comfortable with being as transparent as possible. And, thankfully, many individuals and groups outside of MESH at AOL keep us informed by reaching out. That enables us to share upcoming changes, new features or other news you all may find useful or even essential.

But, my team's willingness to be up-front and serve as "messaging central" for other groups can make it hard for our customers to know when we're talking just about our areas of responsibilities and when we're just the messengers for others. You know what they do with messengers, right?

Here are some of the realities we work under (and I don't think we're unique):

* Dependencies: Remember the people I mentioned who keep us in the loop? A lot of others don't. People are very busy and in a huge organization it can be hard to know who to involve and when. That's a challenge we can continue to work on.
* Surprises: Sometimes we are as surprised as our customers are. How many times has one of our community users written to say, "What happened to [insert feature here]?" or "Did you know that [insert product here] isn't working?" or "When did they roll out the new version of [insert product here]?" only to have one of us respond, "I don't know. We'll look into it."
* Proprietary Info: Sometimes there are business reasons why we do not or cannot share something.

In the situations I've outline, individuals on my team are often accused of lying, stupidity or not caring. We roll with the punches in those situations because it comes with the territory of customer service. And, we know, especially in the area of community, that people are passionate about their interests and their friends online.

A challenge for us and others is to take employees whose main jobs do not involve customer interaction or messaging and convince them of the value of talking with users early and often. There is always the issue of time. There is also the concern about the potential for negative customer feedback.

This is a big question we'll revisit time and again. For now, what would you identify as the biggest obstacle to corporate transparency?

A slew of "join my network" requests hit my e-mail box this week. It prompted a personal OMIGAWD moment, when I realized that people had actually viewed my many online profiles. I had to ask myself: What do my AIMPage, Facebook, MySpace, and LinkedIn pages say about me?"

Since my work involves online communities and social networks, I joined all of the major social networking sites to learn about them. Because playing in my social networks is a bit like taking a bus driver's holiday, my profiles and networks suffer from deferred maintenance.

Social networks require that their members create, maintain, and facilitate connections. For those too busy or introverted like me, social networking can be... well... work. Hard work.

Still, whether we like it or not, our public profiles reflect on our professional lives. I decided to take an "objective" look at my own and evaluate my online self. It wasn't pretty. I found consistent themes that ran through my social networking attempts -- a virtual list of mortal sins for people who run communities:

* Lack of quality content
* Absence of engaging widgets
* A failure to respond to comments or requests in a timely manner
* A general lack of attention to my online presence

The worst part, for me, is that others (even those who know me well) might get the wrong impressions about my professionalism or dedication to my 'craft.' The state of my LinkedIn profile makes it look as though I don't care about my resume, professional connections or future employment potential.

* Note to everyone who has asked for a job recommendation: I'm so sorry, but I just saw your requests. Yes, even the one from last January. Recommendations coming soon. If you're in a hurry, please Instant Message or e-mail me.

* Note to anyone who would like to give me a job recommendation: Please feel free. I'll never ask because I'm afraid I'll make you uncomfortable and/or that you will say no.

* Note to anyone who has not been asked to join my network: I really want you to join, but I won't ask because I'm just afraid you won't; but, feel free to ask me to join yours. I join everything.

This exercise led me to think: if I didn't work here, would I have joined any of these networks? How should we balance work-related social networking with personal social networks? Can one be a social networking professional without participating fully in virtual networks? How do the most effective among us handle all this? Am I the only one who worries about this? Am I so busy answering all these questions I can't find time to participate. Should my efforts to downsize my off-line life extend to my online life was well?

What condition are your online profiles in? Take a look and let me know. Are you happy with them?

Over the weekend, a friend sent the following meme to me. It seemed like a nice and lazy way to spend a Sunday morning, so I spent some time filling it out and then e-mailed it on. It occurred to me that blog memes are a great topic, so I decided to post it here as an example, with my answers. When I completed it, the Safety Muse spoke to me:

You are not modeling safe online behavior.

Damn. Caught again. I reviewed my answers and sure enough, though I might be comfortable with some of the things I wrote, I had not been very wise in the context of safe sharing. And though I'm willing to take the hits for what I reveal about myself, I do not want you to reveal information that you shouldn't. I edited my answers using the following strategy:

* Answer only the question asked -- don't elaborate. The devil loves the details.
* When supplying details make sure they don't matter or reveal too much about you or others you know.
* Don't use last names.
* Don't use cities, states or countries.
* Don't use the names, ages or other identifying info about your children or anyone else's.

To the safety muse: How's that?

Did my strategy suck the fun out of this exercise? I don't think so, but you tell me. Here's more than you'll ever want to know about me:

[Click Read More to read the meme and my answers.]

It shouldn't, but it always surprises me when some of the negative online behaviors we encounter here on a day-to-day basis happen in one of the communities where I participate.

For instance, today in my favorite online writers forum, one of our regulars reported that she had stopped posting in her usual manner after someone in our group forwarded an e-mail to her, wherein one of us had said unkind things about her. To me, this is the cyber-equivalent of "Guess what Sally said about you."

I'll be the first to admit that I have talked behind people's backs in e-mail. When people have been together as long as we have (15-plus years) there are bound to be days when some of us get cranky. And, in fact, I don't have a problem with taking an issue out of the public space and into private e-mail, even if I'm the subject. I should expect that if I piss people off they're going to talk about it. This sort of back-channel or off-line discussion can be a good thing. Here's why:

First, shooting off a private note to other friends allows them to set you straight. Often they provide perspective you might not have had or info that sheds a different light on what you experienced. Sometimes they agree with you and that's all it takes for you to let go of the conflict.

Second, when private conversations like this take place outside of the larger community then the rest of the group doesn't have to witness unpleasantness, feel as though they should take sides, or get angry that they can't discuss the topics they came to discuss. This is why, in situations like this, I urge our community members to "take it outside."

To me, the bigger sin occurs when someone in an e-mail discussion forwards the mail to someone who is not. Or when they share the correspondence with the person being discussed. The leak breaks the trust of those on the e-mail list, hurts the person being discussed, and foments disruption among the participants in the community-at-large.

Maybe, in addition to the "Do you know who sent this?" message we see before opening e-mail, there should be a "Do you know where this e-mail will wind up?" message that appears before we click 'send.'

I'd really be interested in hearing your thoughts on this.

We receive a lot of e-mail and Instant Messages that contain the same or similar questions each day. I thought that broadcasting the answers here might be helpful and encourage discussion or suggestions. If readers like Community Q&A, I'll make it a regular feature. Feel free to post other questions here, too, since it is a great method for encouraging dialog about these issues.

Q. "This is a member-managed board. We've promised not to report one another, so why are you hiding posts and 'TOSing' us?"

A. Anyone using our network has agreed to abide by the Terms of Service (TOS). There are no TOS-free zones on AOL or AIM. Just because a board is member-managed doesn't mean that TOS or Community Standards do not apply. Member-managed means that we do not proactively moderate an area (as we do in AOL-managed boards). So, no matter where you are on our network, we expect you to:

* Understand the Terms of Service and the community standards for that area

* Abide by the rules and manage your own behavior

* Use the empowerment tools we provide (like filters) to control your experience

* Notify us if you feel standards or TOS have been violated (see methods below)

Member-managed does not mean that you can violate the rules just because people agree that they won't report one another.

[Click Read More for more Community Q&A.]

Some of you noticed the new sighature lines that Joe M (not to be confused with Joe L) and I have been sporting in our e-mail and message board posts. This prompted questions.

Where's COMET? What's MESH? Well, here are the answers:

The Community Operations, Management & Experience Team (COMET) has evolved into the Moderation, Enforcement, Safety & Help team (MESH). We have a new home inside the Safety & Engagement group. And, we have new additions, too. The team formally known as CAT (Community Action Team) is part of our group now.

We've worked so closely with the CAT people for so long, it just made sense to finally align the moderation and enforcement teams so that we could leverage processes, experience, expertise, technologies and information. The COMET-CAT Mashup puts everyone on the same page where community moderation, enforcement, safety and help are concerned. This will enable us provide better experiences for everyone. Stay tuned for entries about what we're doing and why.

You had other questions, too. For instance:

Where is the COMET blog? Why a Social Media Blog? Where will we get answers to our questions about community features?

The COMET blog, or Community Info Blog has a new look and URL, but Joe is still here to answer your question or to track down the people who can. That leads us to the answer for why we started the Social Media Blog.

Think of the Social Media Blog as an aggregator of blogs related to AOL products and features (or a interactive table of contents for AOL and AIM blogs). Here you'll be able to mingle directly with product developers and managers. You'll see the list of contributors grow day by day. In the meantime, we're still here to answer questions and provide support.

If you subscribe to the Social Media Blog, you will receive the updates from all of those who blog here, so you won't miss anything.

Joe Loong wrote Oh, Look -- Yet Another Social Media Blog and About This Social Media Mess as introductions. Then each of the leads wrote one to explain their individual blogs. Check these out:

• AIM BuddyBlog Gets a Facelift
• Welcome to Our Madness
• Introducing Community Info Blog 2.0

If you want to read my intro again, it's First Post Is the Deepest.

The whole point of this is foster a direct relationships with you and give you a way to interact directly with us to ask questions, make comments and present ideas, which should encourage a great deal of "socializing" around our communities.

Monday evening, my 19-year-old daughter logged onto the Web moments after they wheeled her up from recovery after her mandibular osteotomy and connected her to all the tubes in her hospital room.

First, she signed on to AOL.com to check e-mail. Then she logged on to MySpace and Facebook. No, she didn't bring her laptop. The room was equipped with a wireless keyboard and full Internet access. Her father and I watched in amazement, but my eyesight wasn't good enough to peek at her MySpace page.

"Hospitals have sure changed," her father muttered, shaking his head. I think it's great. The child can't talk for at least a week as her mouth is wired shut, so the phone is out. She can keep up with her life without missing a beat.

We brought her home yesterday, and this afternoon I watched teenage social networking up close. Two of her friends dropped by with the obligatory flowers, balloons and lots of sympathy. They watched as I asked if she needed anything and waited as she wrote out her response. I left them alone and then tried to finish my blog entry. Within two minutes, Jeremy came out and said that my daughter wanted to tell me something.

"What do you need, Sweetie?" I asked. She began typing and a voice emanated from her laptop.

"I wanted to thank you and may I have some ginger ale?" the voice said. She smiled as much as she could through her jaw bra.

Let's face it. Kids don't have the patience to wait for the patient to write out all her responses. So, in this case, they just took matters in their own hands and found some assistive technology right on her laptop's control panel under Sounds, Speech and Audio Devices. Who knew?

You have to be impressed. They hooked her up with some text to voice software. After all, she can type like the dickens... almost as fast as she can talk. This will come in handy. She can answer the phone now, too, which is a help, even if it's just to say:

"I'm sorry. I can't help. Whom may I say is calling?"

or

"Sure. I will buzz you in."

Last I heard they were Googling celebrity voices she could swap in and out. I wonder if George Clooney is available.

In the last few days, I learned of several cases where the AOL/AIM Community Moderation, Enforcement, Safety & Help (MESH) team assisted law enforcement in the arrests of child pornographers in different parts of the country. Though we do have some "magical methods" for finding those on our network who endanger children (well, the methods are magic to me -- it's stuff the Operational Security group, or OpSec, does), it is often our users who click the "Notify AOL" and "Report This" buttons to sound the alarm. So, when we tell our community members that we partner with them to provide the best and safest online experiences, we mean it.

Like other large community providers, scaling to offer safe and enjoyable experiences to our users is an issue. Unlike most of our competitors, we do moderate some of our communities in a proactive way; however, most of the moderation we do is reactive -- based on the reports our users send us. And, they send us hundreds of thousands of notifications a month. This means we must perform our own version of triage, dealing with the most serious reports first. The big three are:

* Child Pornography
* Child Endangerment
* Illegal Activities

We take a lot of heat when our community members don't feel we've reacted quickly enough to quell Mean Girls-type spats or to rein in the trolls. We understand because the quality of their experiences is important to us. Users should take advantage of the features we provide, like filtering. Remember, just ignoring the annoying can be quite effective.

In the meantime, congratulations goes to our community members for their vigilance where our children are concerned. We couldn't do it without you.