AncestralSpace is brand new. The domain name was registered on 2008 Jun 13 and the site was announced the next day. The creator envisions it as a MySpace for genealogy.
There aren’t many users yet. I just signed up, and now there are 358 members.
The site looks reasonably clean and complete. It seems hard to believe it was set up so quickly, until you peruse the terms of service, which tells you that "Ancestral Space is powered by the ONEsite Platform.". ONEsite is ready-made software for running a social networking site.
There are several editions of ONEsite, and a quick comparison of their feature chart with the AncestralSpace site leads me to believe that AncestralSpace is running on the Total Control edition, which is essentially the same as their free edition, but provides total control over advertising.
I am sorry to note that I do not consider ONEsite to be a professionally done
platform. The HTML it generates claims to be XHTML 1.0 Transitional, but does
not validate, and That’s only the first complaint about ONEsite. As I explored
AncestralSpace, I discovered various limitations and issues.
The site uses JavaScript. Now, most things seem to work fine without it, but
sadly logging in does not.
The site is free, and hopes to support itself with adds for genealogical products and services. There aren’t any adverts yet. It is not even displaying Google Ads. Right now, the site is add-free, but do not expect it to stay that way.
The site has a bad password policy; it requires that your password contains a number, which is not a good idea. It does make passwords stronger, but it also makes them harder to remember, so people write them down because they are so hard... and that is why every real security expert recommends against demanding this.
It gets worse. If you follow the "Be Safe" link along the bottom of each
page, you get to see the Helpdesk page, and the top item on that page is the
"Password Recovery Tool", which is described thus: "If you have forgotten your
password you can have it e-mailed to you by using the Password Recovery Tool.".
AncestralSpace is apparently storing your password as plain text. That is a
serious security blunder. I tried the recovery service and it did indeed email
me my current password. Argh....
The ONEsite people think their platform is such a great "enterprise-class
solution" that enterprises will gladly pay $ 75.000 and $ 5.000 per month for
the Custom Enterprise edition. Judging by their promotional claims, Clear
Channel Communications, Univision, Procter & Gamble, Visa International and
Alloy probably opted for that package.
Apparently, some marketroids at those companies decided to use this insecure
system without asking permission from their IT department, and are still
blissfully unaware that this application is an "enterprise-class" security
embarrassment waiting to happen.
A simple SQL injection attack is probably all you need to get a full list of passwords, including the administrator password. After all, it’s not likely that a programmer aware of SQL injection attacks would use plain text passwords. They use plain passwords, so the product is probably susceptible to SQL injection attacks .That any would would-be attacker can sign up for their free ONEsite-based subdomain to play with is just the icing on the attacker’s cake.
Once you’ve signed up, you are met by the cartoony Profile Welcome Wizard,
which expects you to pick a theme, create your profile (i.e. fill in some basic
info), upload a photo, write an initial blog post, invite friends, and finally
choose some site and privacy settings.
On the last page, you are expected to provide a Page Title and Search keywords.
I do not find it very clear that these two options apply to your main page.
I don’t think it is very hot that you must provide your gender and must upload a photo. You can choose "unspecified" and upload any photo you like, or just pick one of the avatars, but it is rather pushy - and the site does not have privacy policy!
When I picked an image, I discovered that the site supports only the GIF and JPG formats. You’d expect a genealogy site to shun JPG and support a modern lossless format like PNG, but it does not even support Windows BMP.
Having members invite others is a viral marketing technique. It would be
great if AncestralSpace always offered an invite friends link, but being asked
to invite friends when you are still signing up is so dumb. How can I recommend
a site when I am not even done signing up for it yet? More to the point, what
are my friends going to think of me when they discover that I asked them to a
join a site as dumb and pushy as this? Well, the answer to that question is that
I value my friends and will subject them to that. Asking this question as part
of the signup process does not make me recommend a site, it makes me
disrecommend that site.
I provided the site an alternate email address, so I would receive the
invitation myself.
The default setting for comments on your blog is that AncestralSpace auto-approves them. I therefore predict that many blogs will soon be filled with spam, causing the site owner to wise up and change this default.
Once you’re done with the wizard, you can view your home page, and will notice that you already have one "friend". MySpace always adds Tom as your initial friend, AncestralSpace adds Shannon as your initial friend. Tom is Thomas Anders, the president of MySpace, and Shannon is Shannon Byers, the creator of AncestralSpace.
There is also one "Welcome to Ancestral Space" mail waiting your inbox. That mail invites you to join the "Site News and Updates" group.
AncestralSpace does not offer any genealogy-specific features. It collects a lot of genealogist and their blogs, and you can email each other, but That’s nothing special. You cannot upload your tree, it does not match your data to anyone else’s, it does not even have an application like FamilyLink, something MySpace does have. AncestralSpace is a genealogical community without genealogical features.
I wonder whether AncestralSpace is a good idea. Even if it were technically perfect, already had a large community of users, and was financially secure, it still makes limited sense. Many people who already have a MySpace account will not want to maintain yet another home page, but its focus on genealogy may appeal to to those who don’t care for the MySpace culture. If you don’t mind the many widget-overloaded pages that seem designed by random page generators, MySpace is quite attractive; it has way more users, multiple genealogy groups and multiple genealogy applications.
AncestralSpace wants to be a MySpace for genealogist. Its runs on the ONEsite platform, which seems be fairly feature-rich but otherwise unattractive. The pages do not validate, the site requires JavaScript and the password security is broken by lack of design.
AncestralSpace does not extend this generic platform with any genealogy-specific features, so it does not even match MySpace on genealogy features. Luckily, it does not match MySpace in widget-overloaded pages either.
AncestralSpace is backed by a single individual and there is no advertising
to support it yet, so its future seems uncertain. The simple truth is that it is
a new site, and it remains to be seen how it develops.
The real value of a site like this is the community. Right now, its best feature
is that it collects a bunch of blogging genealogist in one place.
That AncestralSpace is built on the insecure ONEsite platform limits its appeal significantly. If you check it out, be sure to use a unique password that you do not use for anything else.
Copyright © Tamura Jones. All Rights reserved.