So, according to Nielson Netratings, Facebook’s domination of the Internet might be on the slide. Between December 2007 and January 2008, there was a 5% fall in visitor numbers - MySpace and Bebo have suffered similar drops in traffic. Could this be the beginning of the end?

Well, maybe. Then again, maybe not.

The sensible explanation here would seem to be that most websites suffer a drop in traffic over Christmas, particularly ones that people access from work. Because at Christmas, people have more interesting things to do. Another factor is almost certainly the fact that many offices have blocked access to social networking sites, so employees can’t access these sites during working hours. That’ll kill a lot of traffic to time-wasting websites. And the thing with websites like Facebook is that if you can’t access it regularly, there’s not an awful lot of point: the fun of it is watching things change, reading your friends’ status updates in real time, and writing messages on their walls about them. If you don’t check it for a few days, you’ll probably find that when you do come back, there’s not a lot to catch up on - conversations you might have had now won’t happen, because the moment’s passed. A lot of concerns have been raised recently about whether or not people should share any information online at all, due to fears of identity theft, and that, too, might have negatively affected Facebook’s traffic.

But I don’t think that MySpace, Facebook et al are going to be shutting up shop any time soon. It was probably naive to think that the all-consuming popularity of social networking was going to continue forever, because the zeitgeist almost moves on, often for no discernible reason. Dozens of social networking sites have already fallen by the wayside - who uses Friendster any more, or even, if we’re honest, MySpace? Something else will, almost inevitably, rise up to take the place of Facebook:

Next Friday sees the UK release of one of the most eagerly awaited movies of, er, well, the last few months, anyway. Cloverfield is already pretty much guaranteed a spot in my own personal top 10 of 2008. But the merits of the film itself are almost incidental to the amount of buzz that’s been generated surrounding it. That’s entirely due to the weird and wonderful way the film’s been marketed.

Obviously, having a name like JJ Abrams connected with the film doesn’t hurt, but who, other than the most obsessive Buffy the Vampire Slayer fans, has heard of Drew Goddard? Or Matt Reeves? There’s not a lot of star power attached to Cloverfield; the biggest name actor involved is Lizzy Caplan - and while you might recognise her face, you probably wouldn’t recognise her name.

Nope, the buzz around Cloverfield is entirely down to the online viral marketing. An alternate reality game has been built up around the movie, using various websites representing fictional companies, organisations, and characters - as well as MySpace profiles for fictional characters - to spread clues about what the movie might be about. The trailer was just intriguing enough to push people towards Google to find out what this mysterious 01-18-08 thing might be, and then the string of clues lead them around all the other connected sites - and crucially, none of the sites really gave much away. Only the merest hints were given, to the point where people wanted to see the movie in order to solve the clues.

A lot of the people who did follow all the Cloverfield clues were eventually disappointed by the movie. But considering they’d already paid for their tickets, how much did that matter? More importantly, the clues weren’t crucial enough to the plot of the movie that anyone not playing along would feel excluded, so even if you were only dimly aware of the marketing, you could still enjoy the movie.

Cloverfield’s record-breaking January box office figures confirmed that this was an incredibly successful campaign. But other attempts at viral marketing campaigns have failed miserably (see, once again, the deservedly much maligned All I Want For Christmas Is A PSP Sony website). So what makes the difference?

Well, firstly, the viral campaign has to be good - which is to say, it needs to be meticulously planned and thought through. It has to be interesting enough that people will want to talk about it; if the clues you’re dropping are too easy, people will see straight through them and move on. Ideally, you want people to have to work together to speculate on what the clues mean; the buzz will be self-perpetuating if you manage this. There needs to be an element of interactivity, or people will get bored; you can’t just hand your audience everything on a plate.

The next important thing is to keep updating - keep adding new things. If you don’t, your audience’s attention will wane, and by the time your product is available, they’ll have forgotten all about it. You want them to keep coming back for more.

Another thing to think about is that, if you do successfully attract a lot of people to your campaign, you need to keep a step or two ahead of them. Which can be difficult - never underestimate the intelligence of your audience. If there’s more stuff out there to be found, chances are they’ll find it, possibly before you’re ready.

And of course, ultimately, you’ll need to be able to monetise your campaign. To return to the Cloverfield example, obviously the marketing paid off because people went to see the movie, but there’s also a massive opportunity there to sell shedloads of merchandise related to the campaign - anything branded Slusho!, for example, would sell. Cloverfield’s campaign created characters and brands that were mostly irrelevant to the main product it was selling, which is a lot of work, but again… record-breaking January box office figures.

The popularity of Lost proves that JJ Abrams knows what he’s doing. The marketing for The Dark Knight could also be pointed to as an example of doing the viral thing well, but let’s face it, people were going to see that movie anyway; it’s a Batman movie. Using viral marketing to successfully sell a completely unknown quantity is much more impressive.

(And yes, I just wrote this blog because I wanted to talk about Cloverfield some more. I love that movie.)

By this stage, everyone in the known universe has already blogged about the etiquette of social networking, to the point where I feel almost too bored by the subject to write about it. Usually, you see, when it comes to questions of MySpace or Facebook manners, I have a ready answer.

“Someone wants to add me but I don’t know them, how do I politely decline their offer of friendship?” Press the Deny button - you don’t know them, you don’t have to be friends with everyone, don’t feel bad.

“My friend’s ex wants to friend me on Facebook, but I think my friend would be upset, what should I do?” Decline. Who needs the stress, for the sake of increasing your friend count by one?

“I’ve got loads of people on my friends list that I don’t really know and don’t want them to know what I’m doing any more…” Yeah, delete them, chances are they won’t even notice. Plus, the label of “friend” on MySpace and Facebook doesn’t mean quite the same thing as it does in real life - it’s much easier to break off a friendship online, because it doesn’t involve having to actually see the person or do anything other than click a button. Problem solved.

Yeah, only today I received a friend request from someone I actively dislike. The feeling’s mutual, too. So obviously I’m not going to click the ‘add friend’ button; I don’t want to be friends! But for some reason I don’t even feel like I want to click the ‘deny’ button, either, because I just want to ignore it and hope it’ll go away. But it won’t. The status update is there every time I log in, big and glaring and demanding I take action.

This is stupid. Denied.

Gulp.

I know, I said sunshine and puppies, but I couldn’t resist an update on this ridiculous MySpace story. So, apparently an Attorney General has subpoenaed MySpace, and MySpace has agreed to hand over details entered into profiles linked to registered sex offenders. The Internet is safe again… or is it?

A statement from the Attorney General in question ran as follows: “We cannot sit idly while convicted sex offenders stalk children with confidence that their identities are hidden online.”

It just makes me want to bang my head against the nearest wall. Can you not hear what you’re saying? These people have hidden their identities online. Therefore people won’t know who they are. Does it not therefore follow that you can’t just rattle the MySpace treehouse until they all come running out? Doesn’t something in your brain tell you that you’re talking nonsense?

No, I guess not, because the purpose of this whole exercise has nothing to do with protecting children: it’s all about making the authorities in question look better to people who know no better. It’s about offering a false sense of security — not any real, actual security. This reminds me of John Reid’s suggestion that software be stamped with an anti-paedophile kitemark, to reassure parents that it’ll keep their children safe. It’s just rubbish; grandstanding, people blathering on and using scary words like “sex offenders”, “stalking”, “grooming” and so on and so forth in order to whip the general populace into a state of hysteria that can then be exploited.

The approach being taken by government figures is all wrong. It’s not thought through to the point where any of this could work, it’s just all about public image. And we’re all worse of because of it.

I’d be interested to know whether any of the information MySpace hands over yields anything even remotely useful. More than likely, it’ll just contain some fake pictures, fake addresses, and favourite movies.

Just when you think that issues over copyright and privacy couldn’t get any more convoluted and fraught with pitfalls than they already are, everything goes completely screwy in a whole new way.

Take this week’s news stories about MySpace purging “thousands” of registered sex offenders from its databases. That sounds like good news, doesn’t it? Sex offenders, bad, get rid of them, etc, etc.

Until you start wondering whether MySpace took into account different kinds of offences, when these offences took place, and so on and so forth, and until you start worrying about all the sex offenders who aren’t registered (because there must be far more of them than registered ones, mustn’t there?)

So there’s the slightly sticky issue of, say, human rights, for example. But on the whole, it’s probably less problematic to get rid of all of them than let them all remain, or to try to draw lines, so let’s pretend that one’s a straight win for MySpace.

Next up, though, comes the news that several state attorneys general have asked MySpace to hand over all the info they’ve got on these banished offenders. Again, on one hand, MySpace has the info, and potentially some of it is incriminating. On the other, as soon as you start handing over that kind of info, you end up with newspapers printing it on their front pages, you end up with frenzied mobs mistakenly attacking innocent people (or not-so-innocent people), and you also collide head first into a wall of privacy issues.

Seems MySpace has refused to hand over the information at the moment, citing federal privacy laws, and a need for a subpoena. Attorneys general(s?) are up in arms, claiming MySpace is being disingenuous …

Er, which is where I’m confused. Do they think MySpace really wants to protect potential sexual predators? No. Surely not. It’s more likely this is similar to the way Google refused to hand over information about its users to legal bods; and it would be scarier if Google, MySpace, and everyone else were to happily hand over information. Because it’s that thin-end-of-the-wedge argument, isn’t it?

It’s baffling how completely inadequate the law seems to be as soon as the Internet gets involved.

As an aside: you don’t have to give MySpace much info anyway, do you? So most of what they’ve got is probably nonsense anyway.

As another aside: next time I’m going to write about sunshine and puppies, or maybe something else, but it’ll be decidedly something non-Orwellian, since I’m starting to scare myself.

Phishing is a horrible thing. Identity theft is becoming more and more common and the burden is increasingly on the individual to protect themselves, with banks starting to grumble about protecting their customers from scams. Browsers now have anti-phising protection built-in, and we’re all sitting behind firewalls and running regular virus checks with our regularly updated virus protection software. (Right?) Still, the bad guys seem to be staying a few steps ahead of the white hats, using increasingly sophisticated attacks, and basically, it’s all quite scary.

But was there really any need for MySpace to block my account five times this afternoon?

The first time it did it, I was a little concerned, but happy to change my password. Well, I was initially happy, before I had to navigate all of the password-changing requirements: a password that was between 6 and 10 characters long, including a mixture of letters and numbers or at least one special character. I have a list of passwords I generally cycle around accounts, but most of them are around 12 characters long. Eventually I found a suitable one, only to be confronted with the most infuriating CAPTCHA I’ve ever seen. The letters were a mixture of upper and lower cases, some upside down or distorted, and quite frankly, I couldn’t read some of them.

So my efforts to reset my password were rejected and I had to start again.

And again.

And again.

MySpace continually found something wrong. And as soon as I managed to change the account, the “You’ve been phished!” message popped up again and made me go through the whole rigmarole again. I was getting increasingly paranoid that someone really was phishing my account at this stage, till I realised what was triggering it: I was trying to post a bulletin with a link.

Apparently MySpace thinks that’s something only phishers do.

Of course, if a phisher really had obtained control of my account, er, what’s to stop them clicking on the “change password” button and really screwing me up by changing it — and altering the e-mail address associated with the account, to boot?

Bah, humbug. I’m quite angry now. Especially since I can’t remember what the last password I came up with was. And I still haven’t posted that bulletin.