From now on you can assign direct company contacts so that people who visit your Company Profile know who they can contact if they want to apply for a job or if they are journalists and have some questions about the company. Companies with a ‘Standard’ Company Profile can assign four contacts while companies with a ‘Plus’ Company Profile can state ten. The beta version of the XING company quiz for all companies with at least ten employees will also be going live today. How well do you know your own colleagues? Take the test and answer up to ten questions to find out. Maybe you’ll even make it into the high score list.

A number of improvements to the infrastructure were made along with an important feature added to the popular OpenSocial application Ask XING. Now you have the option to close a question you think you have received enough answers to. Once a question has been closed it will remain visible and can still be forwarded, but no new answers can be added.

And last but not least – Now you can also add your Spreed account to the ‘My other profiles on the Web’ section.

Do you have any suggestions or ideas? If so, you can post a message in the XING Group or add a comment here.

Being able to print out your profile and other XING member profiles, which are inserted into our style sheets to visually adjust the layout, is of course nothing new. But now we have tweaked the corresponding CSS data and enhanced it even further so that a profile printout can also be used as a large professional business card complete with résumé.

We have also added a ‘Print profile’ button which is located on the right-hand side under ‘Options’. Of course you can only print out contact information for people whose profiles are visible to you, and vice versa.

Save Time, Money and Traffic

Optimized data management is one of the new developments and is now far more efficient with less data being automatically loaded. This in turn helps to reduce the level of traffic generated and not only leads to increased execution speeds, but can also help to put off the speed reduction that a number of providers enforce when users exceed a certain monthly data volume. This of course helps to save money when roaming.

Improved Contact and Messaging Management

Contact management within the app has been improved. As is the case with the browser-based platform, now you can add messages to and decline contact requests, while unconfirmed contacts now appear in their own tab. As was previously the case, available contact data is intuitively linked to core BlackBerry functions such as the telephone, email, and map application.

The outbox, i.e., your sent messages, is now also available in the application so you can mark messages as ‘unread’ once you’ve read them to make sure you don’t forget about them.

When viewing profiles, you can now also see the ‘Wants’, ‘Haves’ and ‘Interests’ fields. And, just like on the browser-based platform, visitors to your profile are displayed in a separate tab rather than in the ‘What’s new in your network’ list.

This ‘interim version’ therefore incorporates a number of application optimizations while adapting handling and usage to that of the browser-based platform. Naturally, data traffic via the application only occurs once authentication has taken place, and personal privacy settings are retained at all times.

As part of our ‘De-De-Anonymizing’ drive we have now made changes to the Groups link structure. By dynamically adding a random number, the address in the RSS feed of ‘What’s new in your network’ changed more often and previously read messages about users who joined a group appeared as ‘new’ messages. These problems have now been rectified.

The content of ‘What’s new in your network’ has also been improved from a linguistic perspective. If a XING member entered two other profiles on the web of the same type (e.g. two blogs or two Twitter accounts), they were not summarized in a corresponding message. This led to somewhat clumsy messages such as “John Does entered a blog and a blog” so we have now replaced this with “entered two blogs”.

We have also made improvements to the ‘Members who attended the same universities’ Powersearch option and to the logged-out event page.

So what exactly is it then?

As is customary within our industry, we perform so-called A/B tests on various parts of our platform, meaning that one group of XING users (A) sees a certain interface or function while a control group (B) is presented with a variant offering the same functionality but with different visuals. There is no opt-in or opt-out – the system assigns users to the groups, everything else would lead to inconsistent test results.

Both of these design variants are then analyzed using quantifiable factors to see which option users liked best and which was easiest to execute certain functions. As a result, we can tangibly estimate whether it makes sense to implement the change for XING members. This isn’t of course the only method we can deploy to improve platform usability; in fact it’s often the last item in a long list of focus groups, surveys and usability tests carried out in our Usability Lab.

The design variants and features subject to A/B testing are also put through their paces by our usual quality controls and are by no means considered to be ‘inferior’ or ‘half-baked’ software. The different versions on offer are all fully functional, with A/B testing merely used to analyze acceptance of certain designs among users.

A/B Tests in the Release Flash?

We do not announce in the Release Flash or via Twitter when we’re going to carry out A/B testing – and with good reason (which is also why there is no specific information provided in this article). If we were to do this, the test conditions would not be realistic, so it would be like telling a placebo group before conducting a medical product study that they are merely taking dextrose tablets. The idea behind a test is to investigate a certain design’s performance under real-life conditions.

And all this is because we at XING want to offers users a dynamic and effective platform that is as easy as possible for members to use.

XING considers it fundamentally wrong to simply dismiss concerns voiced by the German public and Internet users. Even in the ‘old economy’ it would have been madness to try and tell customers what to do and not comply with their wishes. This applies even more to the Web 2.0 world where people decide for themselves which services they want to use. Companies need to align themselves with this situation, Google being a prime example of this as positively pointed out by Jeff Jarvis, the author of ‘What Would Google Do?’

We know that trust forms the basis when it comes to networking, which is why we do everything we can to make the XING platform as secure as possible. The Internet was of course created by humans, and humans make mistakes, so it’s not possible to guarantee 100% security. What is vital, however, is that we do everything we can to provide the highest possible level of security – which we work towards every single day. As a German company, we are subject to highly stringent data protection laws and are the only social network with SSL encryption, the standard used by banks for their online banking portals. Our Operations and Engineering teams immediately drop everything they’re currently working on if they hear of a potential security problem, and our in-house data protection officer handles any issues within his scope of responsibility.

We take this subject very seriously because we take our customers seriously.

We also have a few bits of technical information for you. Twitter accounts are queried every thirty minutes, with updates that you set up on the XING platform appearing on your Company Profile via imported tweets. In contrast to Company updates, tweets are not added to the’ ‘What’s new in your network’ section and the ‘Like’ function is not available.

One other thing about Twitter: Have you heard about the XING Labs project Xwitter, our experimental feature that synchronizes XING status messages and tweets?

Improved Messaging

Recently we made vast improvements in terms of writing messages on XING, and have now taken another step forward when it comes to usability. People who prefer to write messages in a new tab or window rather than in the lightbox (that’s the field that appears over the rest of the content) can now do so, which also makes it easier for them to write several messages before posting them.

XING’s data protection maxim is ‘Our customers trust XING and its users’ and a key part of that trust is our customers’ right to decide for themselves how they want to appear in public and which data they want to post online. As a result of these considerations and our experience in security, we immediately initiated a number of measures to prevent this kind of classic history stealing and make it impossible for online users to be exposed. The technique deployed was of a purely academic and experimental nature specific to the intended purpose. As far as we are aware, this experiment posed no threat to XING users and their data whatsoever. Despite this, we decided to react immediately before the process became established beyond its current experimental context.

De-Anonymizing

Put simply, de-anonymizing takes place in two steps (for a detailed description, please refer to the researchers’ original report):

1. A fingerprint is taken of the browser being used. To achieve this, the browser’s history is used, i.e., the place where visited sites are stored. This history is then used for the browser’s back button and to color visited links (purple by default, and blue for unvisited links). Of course the history can’t be retrieved from the browser, but by using JavaScript we can query the color of a link to easily find out whether a site has been visited in the past. If the link to, say, http://www.google.com is purple, then the user has already visited the site (it must be the exact same address – http://www.google.com/search/ would therefore not work in this case). So if the user has already been on the XING site, then we could query all of the Groups on the XING platform which have an address (according to the following model: http://www.xing.com/net/<Gruppenkürzel>). This method allowed us to clearly identify a large number of users.
2. Publicly accessible Groups can be used to create a database which allows publicly known Group users to be matched to their fingerprint. To do this, you need to visit all of the public Groups and then crawl them. With a little bit of technical expertise, a service can then be programmed to provide the fingerprint of all users with this exact same fingerprint or a similar one. When I saw this in action, it seemed to work really well…

Counter-Measures

As a user you can simply delete your browser’s history on a regular basis and set your browser to private mode. Firefox also provides a plug-in (SafeHistory) to prevent against such attacks (only works with Firefox up to version 2, unfortunately.

We at XING are of course obliged to do all we can to protect our users. Based on this, we have now put a counter-measure in place to meet the recommendations made by Thorsten Holz and Gilbert Wondracek.

To be more specific, we have added a random number to all the relevant links on the platform (i.e. links containing Group names) which is then saved in the history, meaning that there is a probability of about zero that someone can guess the URL using the ‘yes/no’ question and answer game as the browser will only accept the exact same string as being the URL visited in the past. We are currently monitoring usage and will take further action over the next few days if required.

The upshot of all this is that your browser should now prevent anyone from de-anonymizing your XING profile. However, please bear in mind that your browser’s history will still contain entries dating back several hours, days or even weeks, so it’s best to be on the safe side and delete your browser’s history once you’ve finished surfing.

If you have any other questions, please feel free to contact the XING Group or post a comment here in the blog.

From now on – regardless of whether you have subscribed to company updates or not – you can show others which updates you’re particularly interested in with just one simple click. Your contacts will then automatically receive this recommendation in their “What’s news in my network” feed and then read the update in full for themselves if they wish. On the other hand, this also means for the owners of Company Profiles that they can now see which news and information is most popular and relevant amongst their profile visitors. And all they need do is click on the displayed number of people who find the update interesting to see precisely which members made the recommendation.

Does you company have a profile already?

“Will I be informed when my employer purchases a profile?” This is a question we have been asked by members on many occasions over the past few weeks. It stands to reason! That’s why from now on we will be letting members employed by a particular company know via a short message in their “What’s new in my network” box once that company has invested in a customized XING Company Profile.

As we do every Wednesday, we made a few adjustments to the platform this week. These include a number of nearly invisible, hard-to-detect performance tweaks. Two visible changes this week apply to the XING References feature. Up until now, if you wanted to change or delete a reference you gave someone else, you had to click around quite a bit to do so (First go to your profile -> References -> My Contacts‘ References -> Contacts I have acted as a reference for). We’ve now shortened this path considerably: just go to the person’s References page, and you can edit or delete a reference directly there.

One more change this week: If you want to write a letter of reference for a contact who has already received one from you for the same job, you’ll see a note reminding you of this fact. Now this note will also contain a link you can click on to view, edit, or delete the older reference.

Another small yet important change was the result of usability studies we’ve conducted recently. It seems that when receiving an email informing you of new posts to a group article, several users were not intuitively finding the link to the article, but rather clicked by mistake on the link below it, which ended the group subscription. By increasing the space between the two links, we hope we’ve made both easier to differentiate. Happy clicking!