Texas Senate Bill 20 (S.B. 20), also known as the "Stopping AI-Generated Child Pornography Act", is a 2025 law in the state of Texas that creates new criminal offenses for those who possess, promote, or view visual material deemed obscene, which is said to depict a child, whether it is an actual person, animated or cartoon depiction, or an image of someone created through computer software or artificial intelligence. It was passed by the Texas Legislature on May 28, 2025, unanimously in both chambers. It was signed into law by Governor Greg Abbott on June 20, 2025. It went into effect on September 1, 2025. It was authored by Pete Flores and co-sponsored by Brent Hagenbuch, Juan Hinojosa, Joan Huffman, Phil King, and Tan Parker, as part of a package of legislation in the Texas House and Senate about A.I. and child pornography. Some supporters called it "common-sense" legislation falling within the "proper role" of government, protecting children and the "common good" within the state, with Heidi Ruiz, a police sergeant in Houston, describing the bill as "fantastic" and "fabulous." The bill drew comparisons to language, within Texas state legislation, which aimed to institute state-level book bans. Critics described the law as unconstitutional, saying it violated the Free Speech Clause of the First Amendment which prohibits abridgement of freedom of speech and the press, including the legal precedent set in Ashcroft v. Free Speech Coalition. The Comic Book Legal Defense Fund vowed to support those wrongly accused under the law. Much of the controversy regarding S.B. 20 involves the broad language pertaining to "obscene" pornographic images as including A.I.-created, animated, and cartoon depictions, with some critics arguing it could have a chilling effect on anime, manga, graphic novels, and other media produced, distributed, or created within Texas. == Provisions == S.B. 20 gives Texas police more provisions to restrict artificial intelligence-created child pornography, creating new criminal charge for possessing material depicting an underage person, under age 18, whether this child is an actual person or not. Those charged with this felony offense could go to state jail, but this could be elevated if the person charged has a prior conviction, of a $10,000 fine and two years in prison. == Reactions == === Support === Lieutenant Governor Dan Patrick applauded the unanimous passage of the law in the Texas Senate and called it "a priority" to protect children in Texas, and Texas citizens and thanked Pete Flores for his work on "this important issue". He later described the bill as part of the "bold, conservative agenda" that the Texas legislature passed during the 2025 legislative session. Phil King, one of the bill's co-sponsors, said that issue of child pornography had "infiltrated" the state's schools and said he was proud that the Texas legislature had "taken decisive action to protect our vulnerable Texans". Another co-sponsor of the legislation, Tan Parker described the law as "decisive action" to protect the children within Texas, and said he looked "forward to advancing this critical legislation" onward from the Texas Senate Criminal Justice Committee. He also described the legislation as "critical" action to protect the state's children from A.I.-generated child pornography and an "effective tool for law enforcement" to crack down on child porn perpetrators. Other supporters, such as police, and prosecutors, called the legislation an "important step" to ensure that images generated with A.I., along with deepfakes, "can't be shared with impunity" and necessary to ensure children's protection. Flores told senators that technology which enabled the production of "offensive" material by child predators had "no redeeming value whatsoever" and asserted that the materials had often been "used to groom and abuse children". John Leigh, a co-founder of Anime Matsuri, one of the largest conventions for anime within Texas, reassured those who contacted him, saying that the law is not targeted at anime and manga fans, stated that he supported the legislation, describing it as a step "in the right direction," and said that he did not believe it would "negatively impact" anime or related art in the state. Also, State Representative Dade Phelan emphasized the legislation's urgency to deal with A.I. and child pornography, adding that they need to "put some guardrails on it to where the public is being taken care of". The Texas Policy Research Foundation supported the legislation, saying that although it may lead to increased demands on state and local governmental resources, higher costs for local governments, and possible "civil liberty concerns" around online censorship, it represents a "necessary legal update" to address exploitation of children online, while "modernizing enforcement mechanisms" and recommended that lawmakers vote in favor of the law. Additionally, the group Texans for Fiscal Responsibility supported the law, arguing that it strengthened state law, upheld public safety, protected minors, and called it a "common-sense bill" protecting and promoting the "common good", children, and fell within the "proper role" of government. The Texas Public Policy Foundation also expressed their support for the law. A policy director for aforementioned conservative think tank, Zach Whiting, told the Texas Senate Committee on Criminal Justice, on March 4, 2025, that the foundation would assist legislators ans staff to "advance any and all measures to protect kids online" and shared an excerpt from of research paper about threats posed by A.I. in creating "sexually explicit deepfakes of children". === Opposition === Although the bill passed both chambers unanimously, there were some reports that the bill stalled due to opposition from Democratic lawmakers. Additionally, some individuals expressed concerns about the broad nature of the law's provisions. Anime Matsuri co-founder Deneice Leigh called for the law's wording to be clarified because "artists are anxious about displaying or selling fan art" even if the intention is "not be to penalize creators". She also described the bill as "vague and open to interpretation" as to what would be considered obscene and offensive while noting that the bill is not aiming to "target artists". Benjamin Napier, owner of Mansfield Comics and Manga in Mansfield, Texas, said that at first he felt the law was "ridiculous" and "kind of frivolous" at first, part of a "misguided puritanical onslaught", and noted that he would not cow "to the puritanical regime" if it was enacted. Kirsten Cather, an Asian Studies scholar at University of Texas, expressed concern at the law's misinterpretation because "many anime characters appear youthful, regardless of their actual age", said that the law could "stifle creative expression", and noted that the law's scope is broad enough to have manga and anime under scrutiny, a "real slippery slope here that's being breached". Marcel Green of Screen Rant said that the law's ambiguity led to concerns from manga and anime fans, and theorized that the law's application to a fan within Texas, who downloaded the 368th chapter of My Hero Academia, which has a "sexualized depiction" of an "underage high school student", would result in a criminal offense of "180 days to two years in state jail, along with a fine of up to $10,000". Green also said the law is problematic because many anime and manga characters are young, with many protagonists as minors and argued that the law could apply in limited cases, if state officials deemed an anime or manga under scrutiny as lacking "artistic value". Evan D. Mullicane, on the same site, said the vague wording of the legislation made it "dangerous" for anime such as Dragon Ball and Naruto, and could impact more than hentai, predicting it will be used against more than its "intended target" and be used to censor stories with "young LGBTQIA characters". Another critic on the same site, Carlyle Edmundson, called for anime fans to step up and prevent the law's enactment "for the good of artists and fans everywhere", saying that the legislation was "draconian" and claimed it was the most extreme case of anime and manga censorship in U.S. history. Nick Valdez of ComicBook.com said that the legislation could lead to censorship of "many anime and manga projects," like Kill la Kill and The 100 Girlfriends Who Really, Really, Really, Really, Really Love You, becoming a crime, and said that even if the law is enforced in a case-by-case basis, it could lead to a "much larger ban of materials in the state" itself due to the content of certain manga and anime. Vanessa Esguerra of The Mary Sue argued that possession of manga like Berserk and Vagabond, or viewing Dandadan, could be deemed illegal under the law, due to various parts of each of these media, and asserted that viewing and owning certain anime and other media, falling under the law's provisions,
Cloud Security Alliance
Cloud Security Alliance (CSA) is a not-for-profit organization with the mission to "promote the use of best practices for providing security assurance within cloud computing, artificial intelligence and to provide education on the uses of cloud computing to help secure all other forms of computing." The CSA has over 80,000 individual members worldwide. The CSA gained significant reputability in 2011 when the American Presidential Administration selected the CSA Summit as the venue for announcing the federal government’s cloud computing strategy. == History == The CSA was formed in December 2008 as a coalition by individuals who saw the need to provide objective enterprise user guidance on the adoption and use of cloud computing. Its initial work product, Security Guidance for Critical Areas of Focus in Cloud Computing, was put together in a Wiki-style by dozens of volunteers. In 2014, the Chairman of the Board of the CSA was Dave Cullinane, VP of Global Security and Privacy for Catalina Marketing, St. Petersburg, Florida, and former CISO for eBay. Cullinane has said, "If you have an application exposed to the Internet that will allow people to make money, it will be probed." == Profile == In 2009, the Cloud Security Alliance incorporated in Nevada as a Corporation and achieved US Federal 501(c)6 non-profit status. It is registered as a Foreign Non-Profit Corporation in Washington. == Policy maker support == The CSA works to support a number of global policy makers in their focus on cloud security initiatives including the National Institute of Standards and Technology (NIST), European Commission, Singapore Government, and other data protection authorities. In March 2012, the CSA was selected to partner with three of Europe’s largest research centers (CERN, EMBL and ESA) to launch Helix Nebula – The Science Cloud. == Size == The Cloud Security Alliance employs roughly sixty full-time and contract staff worldwide. It has several thousand active volunteers participating in research, working groups and chapters at any time. == Membership == According to CSA, they are a member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing, and providing education on the uses of Cloud Computing to help secure all other forms of computing. === Individuals === Individuals who are interested in cloud computing and have experience to assist in making it more secure receive a complimentary individual membership based on a minimum level of participation. === Chapters === The Cloud Security Alliance has a network of chapters worldwide. Chapters are separate legal entities from the Cloud Security Alliance, but operate within guidelines set down by the Cloud Security Alliance In the United States, Chapters may elect to benefit from the non-profit tax shield that the Cloud Security Alliance has. Chapters are encouraged to hold local meetings and participate in areas of research. Chapter activities are coordinated by the Cloud Security Alliance worldwide. === International scope === There are separate legal entities in Europe and Asia Pacific, called Cloud Security Alliance (Europe), a Scottish company in the United Kingdom, and Cloud Security Alliance Asia Pacific Ltd, in Singapore. Each legal entity is responsible for overseeing all Cloud Security Alliance-related activities in their respective regions. These legal entities operate under an agreement with Cloud Security Alliance that give it oversight power and have separate Boards of Directors. Both are companies Limited By Guarantee. The Managing Directors of each are members of the Executive Team of Cloud Security Alliance. == Areas of research == The Cloud Security Alliance has 25+ active working groups. Key areas of research include cloud standards, certification, education and training, guidance and tools, global reach, and driving innovation. Security Guidance for Critical Areas of Focus in Cloud Computing. Foundational best practices for securing cloud computing. Top Threats to Cloud Computing. Helps organizations make educated risk management decisions regarding their cloud adoption strategies. GRC (Governance, Risk and Compliance) Stack. A toolkit for key stakeholders to instrument and assess clouds against industry established best practices, standards and critical compliance requirements. Cloud Controls Matrix (CCM). Security controls framework for cloud provider and cloud consumers. CloudTrust Protocol. The mechanism by which cloud service consumers ask for and receive information about the elements of transparency as applied to cloud service providers. Consensus Assessments Initiative Research. Tools and processes to perform consistent measurements of cloud providers. Software Defined Perimeter. A proposed security framework that can be deployed to protect application infrastructure from network-based attacks. It will incorporate standards from organizations such as OASIS and NIST and security concepts from organizations like the U.S. DoD into an integrated framework. == Working groups and initiatives == Mobile Working Group Big Data Working Group Security as a Service Working Group Trusted Cloud Initiative CloudAudit CloudCERT CloudSIRT Cloud Metrics Security, Trust and Assurance Registry (STAR) Cloud Data Governance Turbot (business) Blockchain/Distributed Ledger
Stegomalware
Stegomalware is a form of malicious software that leverages steganography techniques to conceal its code, configuration data, or command-and-control (C&C) communications within seemingly benign digital media such as images, audio files, videos, documents, or network traffic. It typically embeds encrypted or obfuscated payloads into digital media and only extracts and executes them at runtime, which makes traditional signature-based and sandbox-based detection significantly more difficult. Stegomalware has been observed in attacks ranging from advanced persistent threats (APTs) to financially motivated cybercrime, and is now the subject of dedicated academic surveys, research projects, and international law-enforcement initiatives. The key distinction between stegomalware and traditional obfuscated malware lies in the encoding location. After obfuscation, malicious code remains present within the executable and can theoretically be discovered through static analysis. In contrast, stegomalware hides the payload entirely within a cover medium (image, audio, etc.), remaining invisible until the malware dynamically extracts and executes it at runtime. == History == The term stegomalware was formally introduced by researchers Águila, Laskov, and others in the context of mobile malware and presented at the Inscrypt (Information Security and Cryptology) conference in 2014. This marked the first academic formalization of the concept, though earlier work had already identified that botnets and mobile malware could use steganography and covert channels for command-and-control communication over probabilistically unobservable channels. Since its introduction, stegomalware has evolved from a theoretical concern to a documented threat. In 2011, the APT operation known as "Operation Shady RAT" became one of the first documented cases of stegomalware in the wild, using digital images to hide Internet Protocol addresses and command-and-control server addresses. The same year, the Duqu malware (targeting industrial manufacturers) embedded victim data into JPEG image files before exfiltration, making the data transfer virtually undetectable to network-level security tools. From 2014 onwards, stegomalware became more prevalent in organized cybercrime and advanced persistent threat campaigns. Notable examples include Zeus/Zbot, which masked configuration data in images; Gatak/Stegoloader, which hid shellcode in PNG files; TeslaCrypt, which embedded C&C commands in JPEGs; and Cerber, which concealed ransomware payloads within images. By the 2010s, stegomalware had become established as a preferred evasion technique for espionage, financial theft, and ransomware distribution campaigns. Recent surveys (2020–2025) document that stegomalware has increasingly been exploited by adversaries targeting banks, enterprises, government agencies, educational institutions, and internet users via malvertising campaigns. The technique is now considered a sophisticated method of attack worthy of dedicated international law-enforcement attention. == Technical Characteristics and Definitions == Stegomalware operates through a three-component architecture: Stegotext (R): An innocent-looking digital asset (image, audio file, etc.) into which the malicious payload is embedded. Secret key (sk): A key used by the embedding and extraction algorithms, typically hardcoded into the malware. Payload (p): The actual malicious code, configuration data, or C&C commands hidden within the stegotext. The malware extracts the payload at runtime using the secret key and either executes it directly or uses it to download additional stages of the attack. Stegomalware can be classified into several types based on deployment method: Type 0 (Autonomous): Both the stegotext and extraction algorithm are embedded within the malware application itself. The malicious payload is extracted and executed locally without external communication. Type I (Update): The stegotext and secret key are downloaded from a remote server at runtime; only the extraction algorithm is included in the malware. This variant is more flexible, allowing attackers to push updated payloads. Type II (External Algorithm): Neither the stegotext nor the extraction algorithm are distributed with the malware; both are fetched from an attacker-controlled infrastructure, providing maximum flexibility and evasion. == Steganography techniques == === Spatial domain methods === Stegomalware predominantly uses steganographic methods designed for images, as images are the most common cover medium in the wild. The most basic spatial domain technique is Least Significant Bit (LSB) substitution, which replaces the least significant bits of pixel color values with payload bits. While simple and easy to implement, LSB is also relatively easy to detect through statistical analysis. More sophisticated spatial domain techniques include: HUGO (High Undetectable steGO) (2010): Minimizes detectable distortion by distributing the payload across multiple pixels, achieving embedding capacity with reduced statistical footprint. WOW (Wavelet Obtained Weights) (2012): Embeds data preferentially in textured regions of images where modifications are less perceptually noticeable. UNIWARD (Universal Wavelet Relative Distortion) (2014): Uses a universal distortion function applicable to multiple image formats, balancing payload capacity with undetectability. HILL (2014): Applies high-pass and low-pass filters to identify robust embedding regions. MiPOD (Minimizing the Power of Optimal Detector) (2016): Designed to minimize the power of theoretical optimal steganalysis detectors. === Transform domain methods === Transform domain techniques convert images into the frequency domain (e.g., using DCT or DWT) before embedding, allowing for more robust hiding in JPEG and other compressed formats: Embedding in DCT coefficients (used in JPEG compression) Embedding in DWT coefficients (used in lossless formats) Spread spectrum techniques, which distribute the payload across many frequency components Transform domain methods are generally more resistant to noise, compression, and image transformations than spatial methods. === Generative adversarial network (GAN) methods === Recent advances in machine learning have introduced GAN-based steganography, where a generative model produces stego images that minimize detectable artifacts: SGAN (Steganographic GAN) (2017): First GAN applied to steganography, using a generator, discriminator, and steganalysis network. ASDL-GAN (2017): Performs automatic steganographic distortion learning at the pixel level. SteganoGAN (2019): Improves upon earlier GAN models, achieving higher embedding capacity and robustness. HiGAN (Hiding Images GAN) (2020): Enables hiding one image within another while maintaining visual plausibility. GAN-based approaches are more resilient to standard steganalysis attacks but remain an emerging threat requiring further research. == Notable malware campaigns == Stegomalware has been documented in numerous high-profile cyber attacks and campaigns. Notable examples include: Operation Shady RAT (2011): Used digital images to hide command-and-control server addresses in targeted espionage. Duqu (2011): Embedded victim data into JPEG files to exfiltrate industrial control system information. Zeus/Zbot (2014): Masked banking configuration data inside JPEG files exploited via malvertising. Gatak/Stegoloader (2015): Hid shellcode in PNG files for software licensing attacks and bot command execution. TeslaCrypt (2015): Embedded C&C commands and ransomware keys in JPEG images. Cerber (2016): Concealed executable ransomware code in JPEG files distributed via phishing. DNSChanger (2016): Embedded malicious code in PNG files for DNS hijacking campaigns. Sundown Exploit Kit (2017): Distributed exploit code in PNG files via malvertising. AdGholas (2017): Used JPEG steganography to distribute ransomware via malvertising. Synccrypt (2017): Hidden ransomware components in JPEG-steganographic encrypted archives. ZeroT/PlugX (2017): Hid Remote Access Trojan payloads in BMP files for espionage. Loki Bot (2018): Concealed malware installers in JPEG and video files. Waterbug (APT28) (2019): Injected malicious DLLs into WAV audio files. Shlayer (macOS adware) (2019): Hid malicious URLs in JPEG files via malvertising. === Attack vectors === The most common attack vectors for stegomalware include: Phishing emails with malicious attachments or links Malvertising campaigns using malicious banner advertisements Exploit kits through compromised or malicious websites Legitimate application vulnerabilities (e.g., watering-hole attacks) Fake software distribution (cracked software, keygen tools) === Exploitation stages === Stegomalware typically serves one or more roles in attack lifecycles: Payload delivery: Stego images contain full executable code or shellcode. C&C communication: Hidden data contains server addresses or command instructio
Customer data management
Customer data management (CDM) is the ways in which businesses keep track of their customer information and survey their customer base in order to obtain feedback. CDM includes a range of software or cloud computing applications designed to give large organizations rapid and efficient access to customer data. Surveys and data can be centrally located and widely accessible within a company, as opposed to being warehoused in separate departments. CDM encompasses the collection, analysis, organizing, reporting and sharing of customer information throughout an organization. Businesses need a thorough understanding of their customers’ needs if they are to retain and increase their customer base. Efficient CDM solutions provide companies with the ability to deal instantly with customer issues and obtain immediate feedback. As a result, customer retention and customer satisfaction can show marked improvement. According to a study by Aberdeen Group, "above-average and best-in-class companies... attain greater than 20% annual improvement in retention rates, revenues, data accuracy and partner/customer satisfaction rates." == Customer data management and cloud computing == Cloud computing offers an attractive choice for CDM in many companies due to its accessibility and cost-effectiveness. Businesses can decide who, within their company, should have the ability to create, adjust, analyze or share customer information. In December 2010, 52% of Information Technology (IT) professionals worldwide were deploying, or planning to deploy, cloud computing; this percentage is far higher in many countries. == Background == Customer data management, as a term, was coined in the 1990s, pre-dating the alternative term enterprise feedback management (EFM). CDM was introduced as a software solution that would replace earlier disc-based or paper-based surveys and spreadsheet data. Initially, CDM solutions were marketed to businesses as software, which were specific to one company, and often to one department within that company. This was superseded by application service providers (ASPs) where software was hosted for end user organizations, thus avoiding the necessity for IT professionals to deploy and support software. However, ASPs with their single-tenancy architecture were, in turn, superseded by software as a service (SaaS), engineered for multi-tenancy. By 2007 SaaS applications, giving businesses on-demand access to their customer information, were rapidly gaining popularity compared with ASPs. Cloud computing now includes SaaS and many prominent CDM providers offer cloud-based applications to their clients. In recent years, there has been a push away from the term EFM, with many of those working in this area advocating the slightly updated use of CDM. The return to the term CDM is largely based on the greater need for clarity around the solutions offered by companies, and on the desire to retire terminology veering on techno-jargon that customers may have a hard time understanding.
Out-of-band control
Out-of-band control is a method used by network protocols for sending control information (commands, logins, or session signals) separately from the main data, improving reliability and preventing interference. File Transfer Protocol (FTP) employs an out-of-band approach, using one connection for control commands, like logging in or requesting files, and a separate connection for transferring the files themselves.
Splitwise
Splitwise is an online expense-splitting application software accessible via web browser and mobile app. The app facilitates repayments of shared bills by calculating what each person in a group owes. The primary competitor to the app is Venmo, which only operates in the U.S. Splitwise allows users to create groups with friends to determine what each person owes. All expenses and allocations are added to the app, and Splitwise simplifies the transaction history to determine exactly what payments need to be made to whom to settle outstanding balances. Splitwise stores user information via cloud storage. It was developed and is owned by Splitwise Inc., based in Providence, Rhode Island, United States. == History == The app was launched in February 2011 as SplitTheRent, intended to be used for rent splitting, by Ryan Laughlin, Jon Bittner and Marshall Weir. In September 2013, Splitwise was integrated with Venmo to allow users to settle payments via Venmo. In April 2024, Splitwise partnered with Tink, a Visa payment services company, to incorporate a bank transfer feature directly in the Splitwise app. === Financing === In December 2014, the company raised $1.4 million. In October 2016, the company raised $5 million. In April 2021, Splitwise raised $20 million in funding from series A round run by Insight Partners. == Reception == A 2022 opinion piece in The Guardian by London journalist Imogen West-Knights shared the negative effects of exactly splitting bills among friends and family members. West-Knights argued that Splitwise and similar apps can "turn people into those true enemies of all that is fun and joyful in the world: accountants." However, she said the app does work better when used by couples rather than friend groups. Other reviews noted that the app makes people petty. In contrast, an article published by Condé Nast Traveler describes how Splitwise eliminated stress caused by complicated offline bill splitting, saying it "fixed such a pervasive obstacle in group travel." Coverage by The Wall Street Journal lands somewhere in between the two contrasting views, saying Splitwise and similar apps are helpful, but users need to be prepared for difficult money-related conversations that may arise. An etiquette advisor at Debrett's, said, "The less talk you can have about money on any of these occasions, the better." An editor suggested conversations as simple as asking, "We’re splitting this evenly, right?" before a meal.
Professional network service
A professional network service (or, in an Internet context, simply a professional network) is a type of social network service that focuses on interactions and relationships for business opportunities and career growth, with less emphasis on activities in personal life. A professional network service is used by working individuals, job-seekers, and businesses to establish and maintain professional contacts, to find work or hire employees, share professional achievements, sell or promote services, and stay up-to-date with industry news and trends. According to LinkedIn managing director Clifford Rosenberg in an interview with AAP in 2010, "[t]his is a call to action for professionals to re-address their use of social networks and begin to reap as many rewards from networking professionally as they do personally." Businesses mostly depend on resources and information outside the company and to get what they need, they need to reach out and professionally network with others, such as employees or clients as well as potential opportunities. "Nardi, Whittaker, and Schwarz (2002) point out three main tasks that they believe networkers need to attend to keep a successful professional (intentional) network: building a network, maintaining the network, and activating selected contacts. They stress that networkers need to continue to add new contacts to their network to access as many resources as possible and to maintain their network by staying in touch with their contacts. This is so that the contacts are easy to activate when the networker has work that needs to be done." By using a professional network service, businesses can keep all of their networks up-to-date, and in order, and helps figure out the best way to efficiently get in touch with each of them. A service that can do all that helps relieve some of the stress when trying to get things done. Not all professional network services are online sites that help promote a business. Some services connect the user to other services that help promote the business other than online sites, such as phone/Internet companies that provide services and companies that specifically are designed to do all of the promoting, online and in person, for a business. == History == In 1997, professional network services started up throughout the world and continue to grow. The first recognizable site to combine all features, such as creating profiles, adding friends, and searching for friends, was SixDegrees.com. According to Boyd and Ellison's article, "Social Network Sites: Definition, History, and Scholarship", from 1997 to 2001, several community tools began supporting various combinations of profiles and publicly articulated Friends. Boyd and Ellison go on to say that the next wave began with Ryze.com in 2001. It was introduced as a new way "to help people leverage their business networks". == Inside the works == Quite a lot of work is put into a professional network service, such as the number of hours that go into them and the type of people they work for, as well as the business model of it all, such as the professional interaction and the multiple services they deal with. === Types of services === Some professional network services not only help promote the business but can also help in connecting to other people. Those services may include a specific phone and/or Internet company or a company that helps to connect with other businesses. According to the Society for New Communications Research (SNCR), there are at least nine online professional networks that are being used. === Professional interaction === Kaplan and Haenlein elaborate on five key considerations for companies when utilizing media. These include the importance of careful selection, the option to choose existing applications or develop custom ones, ensuring alignment with organizational activities, integrating a comprehensive media plan, and providing accessibility to all stakeholders. ==== Choose carefully ==== "Choosing the right medium for any given purpose depends on the target group to be reached and the message to be communicated. On one hand, each Social Media application usually attracts a certain group of people, and firms should be active wherever their customers are present. On the other hand, there may be situations whereby certain features are necessary to ensure effective communication, and these features are only offered by one specific application." ==== Ensure activity alignment ==== "Sometimes you may decide to rely on various Social Media, or a set of different applications within the same group, to have the largest possible reach." "Using different contact channels can be a worthwhile and profitable strategy." According to the Society for New Communications Research at Harvard University, "the average professional belongs to 3–5 online networks for business use, and LinkedIn, Facebook, and Twitter are among the top used." ==== Integrate a media plan ==== Social media and traditional media are "both part of the same: your corporate image" in the customers' eyes. ==== Allow access to all ==== "...once the firm has decided to utilize Social Media applications, it is worth checking that all employees may access them." According to the SNCR, "the convergence of Internet, mobile, and social media has taken significant shape as professionals rely on anywhere access to information, relationships, and networks." ==== Online usage ==== "Half of the respondents report participating in 3 to 5 online professional networks. Another three in ten participate in 6 or more professional networks." "Popular social networks are now being used frequently as Professional Communities. More than nine in ten respondents indicated that they use LinkedIn and half reported using Facebook. Twitter and blogs were frequently listed as 'professional networks'." === Business model === According to Michael Rappa's article, Business models on the Web", "a business model is the method of doing business by which a company can sustain itself – that is, generate revenue. The business model spells out how a company makes money by specifying where it is positioned in the value chain." Rappa mentions that there are at least nine basic categories from which a business model can be separated. Those categories are a brokerage, advertising, infomediary, merchant, manufacturer, affiliate, community, subscription, and utility. "...a firm may combine several different models as part of its overall Internet business strategy." At first, Flickr started as a way to mainstream public relations. == Social impact == When it comes to the social impact that professional network services have on today's society, it has proved to increase activity. According to the SNCR, "[t]hree quarters of respondents rely on professional networks to support business decisions. Reliance has increased for essentially all respondents over the past three years. Younger (20–35) and older professionals (55+) are more active users of social tools than middle-aged professionals. More people are collaborating outside their company wall than within their organizational intranet." == Limitations == Since the internet and social media are a part of this "world where consumers can speak so freely with each other and businesses have increasingly less control over the information available about them in cyberspace", most firms and businesses are uncomfortable with all the freedom. According to Kaplan and Haenlein's article, "Users of the world, unite! The challenges and opportunities of Social Media", businesses are pushed aside and are only able to sit back and watch as their customers publicly post comments, which may or may not be well-written.