Category: Data Custody

Categories
Data Custody Privacy and Anonymity Products and Design The Dark Forest of the Internet Wellness when Always-On

Why you shouldn’t delete Whatsapp and move to Signal

The Ars Technica website has a solid explanation of Whatsapp’s new privacy policy changes, which involve sharing extensive data about your Whatsapp usage with Facebook, Whatsapp’s parent company.

Whatsapp has been sharing data with Facebook since 2016, but earlier you had one chance to opt out of it. With the prompt you saw last week, it’s now mandatory – if you didn’t opt in this time, you won’t be able to use the app after 8 Feb 2021.

Now. Whatsapp claims it cannot read the actual contents of your chats – the company says those are encrypted end to end, in a way that even Whatsapp/Facebook can’t unscramble, in fact using technology from the privacy-focused app Signal.

But metadata – “data about data” – is not encrypted. This is your activity in the app:

  • Who you chat with
  • When and how often you chat with them
  • Whether you send multimedia,
  • Whose profiles you search and look at,
  • Whose statuses you check,
  • who you call on the app, when and for how long

All of this is sent as one long, continuous stream of data. The plan is almost certainly to match this with similar data collected by the Facebook and Instagram apps, and the thousands of other apps that use the Facebook ‘SDK’ for ads/tracking, to build a detailed picture of you.

So. Now that you know this, should you move off Whatsapp to Signal, as Elon Musk suggested on Twitter?

In general, no. You shouldn’t move off Whatsapp and move to Signal.

Is this you?

  • You have a Facebook account
  • You stay logged into it on one tab while you browse other sites on the web
  • You run the Facebook app on your phone
  • You have an Instagram account
  • You’ve given either or both FB and Instagram access to your contacts when they asked you at signup
  • You’ve used Log In With Facebook to sign into other apps
  • You hadn’t opted out of sharing Whatsapp data with Facebook when asked a few earlier

If you’ve answered Yes or even I’m not sure to some of these questions,, the Whatsapp policy change really doesn’t make much difference. You’re already sharing data – lots of it – with the Facebook family. Deleting WhatsApp is plugging a few squares in a sieve.

I’m not judging you. Our relationship with technology, especially social media, is highly asymmetric. It isn’t practical for you and me to understand the average privacy policy fully, leave alone that the onus of tracking frequent changes to it is on us. Repeat for each app that we use, and the tracking code from different other companies that that app uses.

Even if you’ve wisened up, even if you’re now uncomfortable with the amount of data the Facebook family of apps collects about you, chances are your friends, family, professional groups don’t care as much – they’ll still happily use them, and they’ll expect you to ‘be’ on these apps too.

Quitting Whatsapp is most effective when you quit the rest of Facebook too. It’ll take time. It’ll take some convincing, it’ll take some re-evaluation of relationships. But you can make it work.

It’s taken even Facebook a few years to hook you enough to get the sheer amount of data it has on you. Give yourself time to rid yourself of it too.

Update: A friend asked me if Facebook was able to collect any less data if one used Instagram in a browser as opposed to the app:

“I signed up [on Instagram] using an email address I created specifically for IG, but it doesn’t take Zuck to figure out that the overlap between the people I talk to on Whatsapp and those that this IG account interacts with means that we’re the same person.”

“Your interaction on Instagram the service reveals more about you than the specific devices you use it on. Sure, the IG app can tell your location more accurately than IG in a browser window can, because the former uses GPS and the latter looks up your IP in a database. But IG in the browser still knows when you log in and for how long, whose profiles you lurk on, what your friend network is and suchlike.”

“When you upload a photo, IG can tell a lot from the photo’s EXIF data: the precise model of the camera you used, phone or otherwise, where you were when you took it, when you took it, among other things. IG can run facial recognition algorithms on them to draw an even more detailed picture of your network. But both of these have little to do with whether you use the app or the browser.”

“If someone spots you at a cafe, you aren’t better hidden if you pulled up to the cafe in an uber as opposed to drove there. The fact remains that you were there and someone saw you. (I am rather bad at analogies but I think this one might actually work)”

(Featured Image Photo Credit: Markus Spiske/Unsplash)

Categories
Audience as Capital Data Custody Discovery and Curation Making Money Online The Dark Forest of the Internet Wellness when Always-On Writing

For content platforms, revenue and moderation are inextricably interlinked

The newsletter platform Substack, on its revenue model:

A lot of people suppose that we started Substack to be the next big thing in journalism. But what we’re actually trying to do is subvert the power of the attention economy.

When engagement is the holy metric, trustworthiness doesn’t matter. What matters more than anything else is whether or not the user is stirred. The content and behaviors that keep people coming back – the rage-clicks, the hate-reads, the pile-ons, the conspiracy theories – help sustain giant businesses. When we started Substack to build an alternative to this status quo, we realized that a tweak to an algorithm or a new regulation wouldn’t change things for the better. The only option was to change the entire business model.

Substack’s key metric is not engagement. Our key metric is writer revenue. We make money only when Substack writers make money, by taking a 10% cut of the revenue they make from subscriptions. With subscriptions, writers must seek and reward the ongoing trust of readers.

Substack does two things differently from typical social platforms: one, by encouraging paid publications, readers pay to receive their information fix, which naturally caps the number of newsletters a person receives and by extensions the attention they capture. Two, it has aligned its revenues with these paid publications. These two by themselves are a significant departure from the norm, for the better.

There is always the likelihood, perhaps the inevitability that deliberately divisive, disingenuous polemical publications will publish on Substack for free, making money off sponsorships instead of reader payments, and they may amass large followings too. And Substack too has declared that they will be light with censorship:

we commit to keeping Substack wide open as a platform, accepting of views from across the political spectrum. We will resist public pressure to suppress voices that loud objectors deem unacceptable.

This will be something that Substack will have to reckon with, and perhaps soon. Yes, apublication with a generous enough sponsor – whether public or not – and a large enough audience is better off simply hosting their own newsletter infrastructure, which is not complicated. But they may also simply continue on Substack. What is the company to do then?

The possible answers are for another time. In any case, Substack’s approach to revenue and moderation, its recognition that they are interlinked, and its willingness to publicly articulate it, is commendable.

Categories
Audience as Capital Data Custody Privacy and Anonymity Products and Design

Monopolies that may not matter

I came across this blog post that cites Peter Thiel’s thesis of monopoly power in his book Zero to One as one of the root causes of the dominance of Big Tech:

Thiel made the case for monopoly as the ultimate goal of capitalism. Indeed, “monopoly is the condition of every successful business,” he asserted. With it, you’re free to set your own prices, think long-term, innovate, and pursue goals other than mere survival. Without it, you’re replaceable, and your profits will eventually converge on zero.

… it’s not hard to imagine how Thiel’s outlook [on monopoly] has helped to justify behavior by tech titans that routinely crosses the line from aggressive to anticompetitive, including Facebook’s policy of cutting off access to its platform from any company it deems a direct competitor. Like Gordon Gekko in Wall Street proclaiming that “greed … is good,” Thiel’s full-throated defense of monopoly gave tech leaders such as Zuckerberg philosophical cover to ruthlessly pursue their own self-interest while patting themselves on the back for it.

I think the writer misses an important point: the definition of a market that a business looks to monopolise. With sharp positioning, brands divide a market into a number of micro-markets that they look to dominate. See this good explanation of what great positioning looks like:

Harley-Davidson publicly shared their positioning statement:
The only motorcycle manufacturer
That makes big, loud motorcycles
For macho guys (and “macho wannabes”)
Mostly in the United States
Who want to join a gang of cowboys
In an era of decreasing personal freedom.

In tech, the barriers to entry in most spaces have trended downwards. Funding has, in general, been plentiful, including during a year as unusual as 2020. Every creator wants to be monopolist for their increasingly narrowly defined market.

Facebook, the target of an antitrust case as of this writing, understands this well. Facebook leadership understands that people tomorrow may look to something completely different to stay ‘open and connected’. It could be visual – hence their acquisition of Instagram. It could be text-oriented, group and chat based – see Whatsapp. Could be VR – Oculus. Could be audio or even video, hence their description of Tiktok as an existential thread and their building of stories into every product, including Whatsapp statuses. But it could also be something that looks like Slack or Discord. It could be something built on top of boring old email, unrecognisable from today’s traditional email clients. But more than anything it could be all of them. It could be – and is likely to be – multiple startups of each such type optimised for different narrow audiences.

Everyone may still have a Facebook account, they may still be tracked all over the web, and it wouldn’t matter because they’re no longer logging into Facebook that often to be served ads.

To come full circle on the issue of monopolies – one could imagine a future in which Facebook could technically be a monopoly: they could be the number one social network by far. Their MAUs could be in the billions. But their Big Tent positioning would also be irrelevant in a world where tens of thousands of brands have successfully created microniches such that not a single one of them holds a candle to Facebook’s numbers but taken together they have taken away all of the attention that Facebook used to capture.

Categories
Data Custody Decentralisation and Neutrality Writing

Own your content, December reminder

and

Within 24 hours. The case for owning your own content gets stronger by the week.

Previously:

July 2020: Platform censorship and the Malpani incident

November 2020: A problem with Amazon Web Services caused several appliances to go offline 

Categories
Data Custody Decentralisation and Neutrality Discovery and Curation Privacy and Anonymity

Today, presence is democratised but discovery is centralised

Demonization of Facebook is now mainstream. And because readers of this site are privacy-conscious, we have previously discussed – without judgement – both the data that Facebook collects and how to minimise that data collection. Today, I read this:

Niche products and publications… can build sustainable businesses with customers across the entire world who have nothing in common except a shared interest in the product or publication in question; or, to put it another way, customers who “lookalike”. That’s the thing about Facebook and other digital advertising companies: they are just as essential a part of growing the GDP of the Internet as are Stripe and Shopify and other companies with universal approval ratings. It is no good to be capable of serving anyone anywhere if they can’t find you.

– Privacy Labels and Lookalike Audiences, Stratechery by Ben Thompson

The post itself is in the context of Apple’s requirement of privacy labels for iOS Apps. But it makes the following point: while those who are conscious of their privacy and their attention may be careful of their use of social media and may avoid Facebook, it is perhaps the most important distribution channel that small businesses have. It is their very data collection that makes (ostensibly) precise targeting possible. If one takes that away, then the business with the biggest advertising budget wins.

The same holds true with regard to Google and discovery through search:

This post from First Round Capital makes the case that a small direct-to-consumer business only really has three ways to sustainably achieve scale: performance marketing, content marketing/SEO, and referrals/virality. While Facebook and Instagram, along with Google’s AdWords, draw the bulk of performance advertising budgets, Google dominates discovery through its search engine. And has done so for nearly twenty years now.

Just like with Facebook, it is because of the vast amounts of data that Google collects about you that a business can reach you precisely through search results on a browser or via Google Assistant or in its personalised news feed in your Google app.

Presence of all sorts – content, commerce, community – has been democratised on the Internet, but discovery of all that is today highly centralised.

Categories
Data Custody Real-World Crypto

Crypto: mainstreaming, one boring institution after another

Three recent instances of mainstream institutions getting involved in crypto:

~ A regulator: SEC Announces New Standalone Office Dedicated To Digital Assets And Blockchain
~ An insurance company: 169-Year-Old MassMutual Invests $100 Million in Bitcoin
~ A custodian: Lukka Closes Series C Led by State Street With Participation From S&P Global and CPA.com

These are not new-age valley-type or fintech companies. MassMutual, as the headline says, is a nineteenth century institution whose sales were over half a billion dollars by the time the USA Civil War ended. State Street is the world’s second largest custodian. And the SEC is, well, the SEC.

Nor are the crypto companies that are attracting attention from such institutions simplistic: Lukka makes data management software for institutions’ crypto asset holdings.

We have been seeing the mainstreaming of crypto happening before our eyes for months now. One boring institution after another. What they’re interested in is just as boring: cryptocurrency as an asset uncorrelated with other major assets. On the one hand it makes sense – it’s a time of potential prolonged uncertainty in markets across the globe. On the other it’s amazing: this is trust in an eleven-year-old creation that truly lives ‘on the internet’ and nowhere else.

Categories
Data Custody Privacy and Anonymity Products and Design The Next Computer

The tradeoff between security and liberty

The tradeoff between security and liberty often comes up in the USA. The context is usually infringement of civil rights vs the threat of terrorism. This tradeoff is seen in an entirely different context when Apple’s approach to data security on its newer Mac computers.

For the last four years or so, most Mac machines have had their disks encrypted in hardware:

Mac computers that have the Apple T2 Security Chip integrate security into both software and hardware to provide encrypted-storage capabilities. Data on the built-in, solid-state drive (SSD) is encrypted using a hardware-accelerated AES engine built into the T2 chip. This encryption is performed with 256-bit keys tied to a unique identifier within the T2 chip… The advanced encryption technology integrated into the T2 chip provides line-speed encryption

Another Apple document goes into more detail:

On Mac computers with the Apple T2 Security Chip, encrypted internal storage devices directly connected to the T2 chip leverage the hardware security capabilities of the chip. After a user turns on FileVault on a Mac, their credentials are required during the boot process… Without valid login credentials or a cryptographic recovery key, the internal APFS volume… remains encrypted and is protected from unauthorized access even if the physical storage device is removed and connected to another computer… all FileVault key handling occurs in the Secure Enclave; encryption keys are never directly exposed to the Intel CPU

But. To accomplish this, the hard drive must be soldered on to the same board that the T2 chip is. The same Apple doc clarifies:

Encryption of removable storage devices doesn’t utilize the security capabilities of the Apple T2 Security Chip, and its encryption is performed in the same manner as Mac computers without the T2 chip.

Which means that when you buy a computer with such a T2 chip, you get the benefit of high-grade default-on encryption at nearly zero overhead, but at the cost of never being able to upgrade your hard drive size for the lifetime of the device.

In addition, replacements to other components must be verified by running a tool whose distribution Apple closely controls:

… the T2 chip could render a computer inoperable if, say, the logic board is replaced, unless the chip recognizes a special piece of diagnostic software has been run. That means if you wanted to repair certain key parts of your MacBook, iMac, or Mac mini, you would need to go to an official Apple Store or a repair shop that’s part of the company’s Authorized Service Provider (ASP) network…

For Macs with the Apple T2 chip, the repair process is not complete for certain parts replacements until the AST 2 System Configuration suite has been run. Failure to perform this step will result in an inoperative system and an incomplete repair.

I see Apple’s gravitational pull make privacy more widely discussed than otherwise, causing other major tech companies to pay at least lip service to it. In the next few years, I think we will see new companies emerge that take a bold privacy-first stand because of Apple’s position on this. We’ve already seen Apple, Cloudflare and Fastly collaborate on a new privacy-oriented enhancement to an already privacy-oriented DNS lookup standard.

However, it increasingly seems that in its own ecosystem, Apple’s making it clearer than ever that the cost of this security is inherently going to be near-zero freedom to customise, repair or upgrade your hardware.

Categories
Data Custody Decentralisation and Neutrality Privacy and Anonymity

Algorithms

In “fintech”, which is where my day job is, many companies create algorithms to calculate people’s ‘risk profiles’. That can mean different things in different contexts. For investment-tech companies, a person’s risk profile usually determines what set of investments to recommend the person. (those investments are then sometimes automated via another algorithm). For credit-tech or lend-tech companies, a risk profile is a measure of how likely the person is to default on their loan, and that determines yes/no decisions, documentation, collateral, lending rate among others.

And speaking of credit, this article by MIT Technology Review describes the creeping influence of black-box algorithms in people’s day to day lives:

“Consumer reporting agencies, including credit bureaus, tenant screening companies, or check verification services, amass this information from a wide range of sources: public records, social media, web browsing, banking activity, app usage, and more. The algorithms then assign people “worthiness” scores, which figure heavily into background checks performed by lenders, employers, landlords, even schools.”

“Their comprehensive influence means that if your score is ruined, it can be nearly impossible to recover. Worse, the algorithms are owned by private companies that don’t divulge how they come to their decisions. Victims can be sent in a downward spiral that sometimes ends in homelessness or a return to their abuser.”

Even if a private company were forced to describe their algorithm, dissecting code in a court case is remarkably different from dissecting facts. As one of the lawyers handling such cases put it, “Am I going to cross-examine an algorithm?”

The unfortunately prescient series Black Mirror aired an episode back in 2016 that described a world ruled by people’s social scores, scores that real estate firms used to screen potential customers. As it turns out, reality has managed to out-dystopia a dystopian fictional series.

(Featured image photo credit: Matt Hoffman/Unsplash)

Categories
Data Custody The Next Computer

Imagining Mac OS Big Sur on the iPad Pro – Part 1

Apple’s always marketed the fact that buyers of its devices benefit from having hardware and software designed in conduction with each other. Well, now it’s been taken all the way down the chip level, resulting in what seems to be an exceptional step-function leap in performance.

The reviews I’ve read about Apple’s M1 laptops have been beyond effusive in their praise of its power, speed and battery life.

The M1 MacBook Air (and M1 MacBook Pro) are now the best laptops regardless of operating system. They’re the new gold standard by which all laptops will be judged, and this is just the start. In a few years, we’ll look back and wonder how we ever tolerated laptops with anything less than this kind of performance.

– “MacBook Air M1 review: Windows laptops are so screwed

Other reviews have described how its great to have their laptop get the same sort of performance has high end laptop with the power consumption of their iPhone and iPad.

Then I read this set of tweets:

https://twitter.com/tolmasky/status/1330033394349125642?s=20

A sad but inescapable conclusion from the impressive launch of the M1 is just how much Apple squandered the potential of the iPad. The iPad has had amazing performance for a while, so why is the M1 a game changer? Because it’s finally in a machine we can actually do things on.

It’s been an open secret for a while that the iPad could embarrass MacBooks in more and more benchmarks. If the iPad had meaningfully advanced in any sort of product vision, this would be the iPad’s time to shine, not the time to shove an iPad’s guts into an old MacBook case.

11 years after the launch of the iPad, we settled for the Intel transition when we could have had an iPhone-style revolution. The great triumph is “wow, emulation is really fast!” instead of “remember when we used to use clunky laptops”. Meanwhile the iPad… got trackpad support

I understand this. I used a 12.9″ iPad Pro as my main computer for most of 2020. It was great in many ways. The portability is unbeatable. The flexibility of being able to ditch the Smart Folio and turn it into a gorgeous magazine is unlike any laptop. The power is several times what I need from even my work machine. The Apple Pencil just works, turning it into a sketchpad in a trice. The battery lasts all day, even with work breaks to watch TV shows.

However, it’s limiting. And the problem is iPadOS. Not the iPad hardware.

For instance, the iPad has supported multiple windows for a long time, but manipulating them is still far harder than it should be. Revealing, dragging, dropping, resizing, sliding is constant. I have to keep thinking about it. On Mac OS, I can launch and move between windows without a thought. I can drag them around – including using three-finger drag. Why, I can drag them between different virtual desktops. I can see all open windows with Expose with a single button or gesture. I can also use third-party tools like Shift It to snap, move and resize windows. And I can do all of this through muscle memory, leaving me to focus on my work.

This isn’t because I’m just used to Mac OS. I’ve used Mac OS – then OS X – from 2010. I bought my first iPad in 2012 and immediately began using it as a part-time work machine. I bought a Bluetooth keyboard-with-stand for it that works just fine. And in recent years I’ve used iPadOS a lot more than Mac OS.

But the OS continues to bother me in many other ways.

The Files app isn’t nearly as capable as Finder, and I deal with files a lot.

Throughout the OS, unless I use the Magic Keyboard with the Trackpad, which I don’t, I have to tap and hold to reveal action menus, which are an instant right-click or Ctrl-click on MacOS.

I can drag and drop music files, podcasts, audiobooks into my iTunes library. Add lyrics. My own album artwork. None of this is possible on the iOS/iPadOS Music app.

Then there’s constantly having to specify that I’d like something opened in a browser window, not in an app. Or vice versa. It’s exhausting.

iPadOS supports a wide variety of hardware accessories, but you still can’t connect an external webcam to an iPad – the OS just doesn’t recognise it.

Finally, the iPad should have more than enough power to drive an external display – and it does – but iPadOS only supports a single aspect ratio, so the display on widescreen monitors is letterboxed.

Federico Viticci’s iPad setup. See the wide unused vertical areas on the monitor.

You can do (almost) everything on the iPad today that you can on the Mac. It just takes a lot more mental energy to accomplish.

(Part 2 follows)

Categories
Data Custody Decentralisation and Neutrality The Next Computer

More “smart” device woes

A problem with Amazon Web Services caused several appliances to go offline. Some of them, like the Roomba vacuum, have physical buttons and could still be used without the app-based remote. Others, like Amazon’s own Ring ‘smart doorbells’, stopped working altogether.

Our previous coverage on smart devices rendered dumber than dumb by outages or outright corporate policy changes: