Rahul Gaitonde1/ Recently finished "Where’s my Flying Car – A memoir of Futures Past" by J Storrs Hall.
— Ben Reinhardt (@Ben_Reinhardt) September 6, 2020
It's simultaneously extremely critical of the state of atom-based technology and presents a precise and aggressively optimistic vision of possible futures.
BOOK REPORT THREAD 🧵
Startup Twitter is a lot about constant hustle. There is hardly ever much said about self-care though (even when there is, it becomes competitive). At least at some point I hope there’ll be as much virtue-signalling by the same folks about downtime as there is for hustling.
Once, a long time ago when Whatsapp was independent, their founders wrote:
We knew that we could charge people directly if we could do all those things. We knew we could do what most people aim to do every day: avoid ads. No one wakes up excited to see more advertising, no one goes to sleep thinking about the ads they’ll see tomorrow.
The company they did NOT want to become? One where
…their engineering team spends their day tuning data mining, writing better code to collect all your personal data, upgrading the servers that hold all the data and making sure it’s all being logged and collated and sliced and packaged and shipped out… And at the end of the day the result of it all is a slightly different advertising banner in your browser or on your mobile screen.
But this week in 2021, Whatsapp backed away, temporarily, from a change in their privacy policy. Newspaper ads clarifying the change didn’t work well enough, so we’re now at another blog post:
… we don’t keep logs of who everyone’s messaging or calling. We also can’t see your shared location and we don’t share your contacts with Facebook. his update does not expand our ability to share data with Facebook… we’re also going to do a lot more to clear up the misinformation around how privacy and security works on WhatsApp…
This is a company, sold by its founders to Facebook, now having to fight against the widespread perception that its a siphon for data to its parent.
That 2012 blog post, which quoted Fight Club, was a glimpse of an alternate way the decade could have unfolded: one where Whatsapp made money and the mere act of people writing and talking with each other wouldn’t be a stream of activity and metadata.
Part of why we don’t think online privacy is a big deal is because for so many years we have signed away our privacy by agreeing to terms and conditions we don’t understand. We no longer think there’s anything wrong with this and cannot imagine any other model.
But the way in which terms of use are presented to us makes it impossible to truly understand what we are getting into.
The writer of this well-written piece says that informed consent is the basis of any contract that two parties sign. With much of the online services we interact with, we do not give such informed consent:
One, it is simply not practical to read, process and understand the average service’s terms of use. They are several hundred or several thousand words long, often ambiguous, displayed when you’ve already begun the installation or signup process, and require you and me, the users, to keep track of future changes made to the terms.
Two, it’s all or nothing. Even if you don’t understand the terms, you aren’t allowed to use the application or service. There is no middle ground, no customization, no negotiation. If you’re an existing customer and don’t agree to a new change to the terms, which were made unilaterally, you’re supposed to exit the service. Whether you’re allowed to take your data with you, and whether and how long your data is kept around is once again entirely up to the service provider.
This not only makes everyday conveniences difficult, when it comes to what the writer calls mandatory applications, like a contact tracing app during a pandemic, it is outright disenfranchising.
I recently read, in the context of sexual consent, that a yes has no meaning if no is not a safe option. Our relationships with tech companies are unbelievably unequal – we have no real ability to say no. And our collective individual loss of privacy is directly – though not exclusively – due to our woeful lack of understanding of this lack of consent.
We recently discussed how it was shortsighted to delete Whatsapp in regard to changes to its privacy policy and potential sharing of data with its parent Facebook: your data’s being sucked up by Facebook in so many other ways that your Whatsapp activity is just a small part of it.
On a chat group, one of my friends asked
Do you think someday Facebook could charge someone to keep all their data private? Do you think it’s possible for any of these tech companies to say “pay USD 50 per month or we’ll reveal your truth?”
To that,
That’s ominous and I don’t rule it out. It has one, possible major, possibly fatal downside – it can be only pulled off once because it’s a bait and switch. Once the switch is public, fewer people – if any – will bite the bait, no?
But we’re also seeing a less obvious but perhaps equally insidious: the free plan and the ‘ad-free’ paid plans. If one had to describe this arrangement in more plain terms, it’s one that demands a continuing payment to stop the hijacking of privacy and attention.
Apple often talks about how its ability to meld hardware and software means there are some experiences it alone can create. I know from over a decade’s experience for this to be true, from large technological leaps to small everyday delights.
In Tim Cook’s Apple, hardware and software also meld with services.
I recently bought my parents the iPad Air (2020) from the Apple India online store, which opened in September 2020. It was delivered by a national Indian courier company, and I received an SMS from the courier when my parents accepted the delivery. But minutes later, I also received this email:
This wasn’t a paper slip inside the box with a URL (or QR code) that I’d have to scan on my phone or type on my computer or iPad. This is Apple syncing its online store, third-party delivery and customer service into a single experience that unfolded by itself.
This is true delight.
Why is it hard to find beautiful products that are respectful of their users’ privacy and are designed to last?
There’s such an opportunity for something that looks as good as the Nest, but doesn’t require two-factor authentication to replace. I didn’t want to call it dumb but beautiful, so let’s say “autonomous and beautiful” appliances and home devices. I still want it to be smart, but if you’re going to have the risk profile of a device that connects to the internet, it needs to be worth it, like Brilliant, Sonos, smart TVs, or connected cameras.
– Matt Mullenweg
One argument is that design talent is expensive, and that they work at those very companies whose idea of advanced equals internet connectivity.
Free/Open Source Software has disproved this for engineers. For over three decades it’s shown that the world’s best engineers can work on products that respect security, privacy and work independently of the Internet. It could be equally true of designers, and there are in fact well designed open source software products – take the Firefox browser or the KDE desktop environment or the NextCloud suite. One problem is that it isn’t mainstream yet.
The main problem, I think, is that great companies stay independent for shorter and shorter times. Nest was an independent company was less than four years from its founding to its acquisition by Google. That’s less time than you expect your thermostat to last. I have more to say on this but I’m organising my thoughts at the moment.
This New York Times article talks to people who own bitcoin but cannot access them because they’ve forgotten the keys to their bitcoin wallets. Some of these people have all but lost thousands of bitcoin, which are worth hundreds of millions of dollars today. I personally know someone who was gifted a hundred or so bitcoin when they were worth a dollar each, and has since been unable to recall how to access them.
The genius of bitcoin – and therefore the problem – is that has no issuer, like a central bank. Inherently, there is no equivalent of a bank account that holds bitcoin, and no bank that you can visit or call to have your password restored. It is as decentralised as the Internet is, and people have over and over extolled bitcoin as being able to be your own bank.
But one man’s freedom is another man’s overhead. As more people hold bitcoin and other cryptocurrency, they will turn to entities to manage it for them. Specialised cryptocurrency custodial services have existed for years now, and mainstream financial institutions like Fidelity already offers it. J P Morgan is seriously evaluating it; a solution from the 130 year old Northern Trust is pending approval. It’s likely that between new and old world financial entities, most cryptocurrency will be held in custody like more traditional securitised assets.
Digitally-native things are alike in this regard. You can own them if you like, but it’s a lot easier to have a third party hold them in custody for you.
Twenty years ago it was highly uncommon for the entity that gave you your email address to give you any sort of storage service for your email. You’d download your email to your computer through POP3 and it’d be wiped off the email provider’s servers . You truly owned your email – and were responsible for it. Today most people don’t even have a email client on their laptops or desktops, preferring to use web-based email with data stored entirely online. Even the email app on your phone doesn’t store all email offline, only the most recent. Your email provider is also your email custodian.
IRC messaging was similar. Many private/hobbyist IRC servers simply didn’t have the capacity to store chats. It was your IRC client stored chat logs offline, limited only by your computer’s hard drive size. But today, chat apps like Facebook Messenger and Whatsapp store chat logs entirely online, even if they claim they are end to end encrypted.
In the early days of digital cameras – the 1990s and 2000s, your photo library would exist solely on your hard drive. You had total control over the import and organisation of your photos – and consequently had total responsibility. My desktop machine crashed in 2008, leaving me with no photos from before that time – a terrible loss. Now, chances are you use either iCloud Photos or Google Photos for the massive amounts of photos your phone takes, and leave organisation to their AI while paying for online storage. They are your photo and memory custodians.
Finally, your documents, contacts, calendars all have online custodians, usually but not always Apple or Google. This is even though you could store them on your hard drive or self-host your sync server, it’s just too much work for most people.
Whether we realise it or not, whether we like it or not, we live in the Custodial Internet. We pay our custodians in cash or in data, often both.
Like people will doubtless do with bitcoin, we should evaluate custodians for our other data carefully. That data holds our relationships, our memories, our creative output, our wealth, our plans – in sum, our life.
Simple was one of the original app-first banks with a focus on transparency and user experience. It announced recently that it would be shutting down.
I think it’s unfortunate. Simple was the model for the startup I’m at today, which had set out to build what is now called a “neo-bank”. Its 2014 sale to the European bank BBVA was a big inspiration.
I found this most notable about Simple’s demise:
The Portland company faltered as it tried to resolve a central tension over whether it was foremost a bank or a tech company.
That paragraph linked to a Jan 2019 article that explored this further:
Simple has long struggled with the central question of whether its priorities lay in banking or technology. A bank must be dependable, steady and unfailingly reliable. It’s holding people’s money, after all.
A tech company is a different beast, nimble and imaginative, revolutionary and willing to accept failure so long as it innovates.
To Reich [the founding CEO], there was no question about Simple’s identity: It was, and would always be, a tech company. Last year’s overhaul was engineered to make that plain, sacrificing a measure of growth to focus on developing and introducing new banking services.
Over a decade ago the Internet legend Yahoo! famously tackled the same question – was it a tech company or a media company? As it spent years navel-gazing attempting to answer what should never have been a question, it found itself becoming increasingly irrelevant, ultimately being sold for parts.
In my experience there is such a thing as company DNA. When a startup’s founded as a tech company, I don’t think it can ‘become’ anything else.
If you find yourself asking if you’re a tech company or you’re X, you’re in big trouble.
The Ars Technica website has a solid explanation of Whatsapp’s new privacy policy changes, which involve sharing extensive data about your Whatsapp usage with Facebook, Whatsapp’s parent company.
Whatsapp has been sharing data with Facebook since 2016, but earlier you had one chance to opt out of it. With the prompt you saw last week, it’s now mandatory – if you didn’t opt in this time, you won’t be able to use the app after 8 Feb 2021.
Now. Whatsapp claims it cannot read the actual contents of your chats – the company says those are encrypted end to end, in a way that even Whatsapp/Facebook can’t unscramble, in fact using technology from the privacy-focused app Signal.
But metadata – “data about data” – is not encrypted. This is your activity in the app:
All of this is sent as one long, continuous stream of data. The plan is almost certainly to match this with similar data collected by the Facebook and Instagram apps, and the thousands of other apps that use the Facebook ‘SDK’ for ads/tracking, to build a detailed picture of you.
So. Now that you know this, should you move off Whatsapp to Signal, as Elon Musk suggested on Twitter?
Use Signal
— Elon Musk (@elonmusk) January 7, 2021
In general, no. You shouldn’t move off Whatsapp and move to Signal.
Is this you?
If you’ve answered Yes or even I’m not sure to some of these questions,, the Whatsapp policy change really doesn’t make much difference. You’re already sharing data – lots of it – with the Facebook family. Deleting WhatsApp is plugging a few squares in a sieve.
I’m not judging you. Our relationship with technology, especially social media, is highly asymmetric. It isn’t practical for you and me to understand the average privacy policy fully, leave alone that the onus of tracking frequent changes to it is on us. Repeat for each app that we use, and the tracking code from different other companies that that app uses.
Even if you’ve wisened up, even if you’re now uncomfortable with the amount of data the Facebook family of apps collects about you, chances are your friends, family, professional groups don’t care as much – they’ll still happily use them, and they’ll expect you to ‘be’ on these apps too.
Quitting Whatsapp is most effective when you quit the rest of Facebook too. It’ll take time. It’ll take some convincing, it’ll take some re-evaluation of relationships. But you can make it work.
It’s taken even Facebook a few years to hook you enough to get the sheer amount of data it has on you. Give yourself time to rid yourself of it too.
Update: A friend asked me if Facebook was able to collect any less data if one used Instagram in a browser as opposed to the app:
“I signed up [on Instagram] using an email address I created specifically for IG, but it doesn’t take Zuck to figure out that the overlap between the people I talk to on Whatsapp and those that this IG account interacts with means that we’re the same person.”
“Your interaction on Instagram the service reveals more about you than the specific devices you use it on. Sure, the IG app can tell your location more accurately than IG in a browser window can, because the former uses GPS and the latter looks up your IP in a database. But IG in the browser still knows when you log in and for how long, whose profiles you lurk on, what your friend network is and suchlike.”
“When you upload a photo, IG can tell a lot from the photo’s EXIF data: the precise model of the camera you used, phone or otherwise, where you were when you took it, when you took it, among other things. IG can run facial recognition algorithms on them to draw an even more detailed picture of your network. But both of these have little to do with whether you use the app or the browser.”
“If someone spots you at a cafe, you aren’t better hidden if you pulled up to the cafe in an uber as opposed to drove there. The fact remains that you were there and someone saw you. (I am rather bad at analogies but I think this one might actually work)”