Category: Technology

Mar 26 2018

Facebook As The Ultimate Surveillance Machine

Whenever someone tells me about the progress humans have made, I remind them that since the beginning of humans, man has been trying to kill his neighbor to take over his backyard. And yes, as Amy likes to regularly remind me, it’s often men doing the killing.

Simultaneously, governments around the world have spent zillions of dollars building surveillance systems since the beginning of – well – humans. Or at least since the beginning of governments.

In 14 years, Facebook has created the most incredible and effective surveillance machine in the history of humankind. And we, the humans, have given the machine much of the data. John Lanchester has the best article on this I’ve read to date titled You Are the Product in the London Review of Books. It’s long – 8674 words – but worth reading every one of them. The magical paragraph is in the middle of the article and follows.

“What this means is that even more than it is in the advertising business, Facebook is in the surveillance business. Facebook, in fact, is the biggest surveillance-based enterprise in the history of mankind. It knows far, far more about you than the most intrusive government has ever known about its citizens. It’s amazing that people haven’t really understood this about the company. I’ve spent time thinking about Facebook, and the thing I keep coming back to is that its users don’t realise what it is the company does. What Facebook does is watch you, and then use what it knows about you and your behaviour to sell ads. I’m not sure there has ever been a more complete disconnect between what a company says it does – ‘connect’, ‘build communities’ – and the commercial reality. Note that the company’s knowledge about its users isn’t used merely to target ads but to shape the flow of news to them. Since there is so much content posted on the site, the algorithms used to filter and direct that content are the thing that determines what you see: people think their news feed is largely to do with their friends and interests, and it sort of is, with the crucial proviso that it is their friends and interests as mediated by the commercial interests of Facebook. Your eyes are directed towards the place where they are most valuable for Facebook.”

Jean-Louis Gassée, always the provocateur, is blunt: Mark Zuckerberg Thinks We’re Idiots. It’s another article worth reading, but if you just like pull quotes, the best one shows up early in the article.

“As Facebook’s leader, Zuckerberg resolves to get things straightened out in the future (“it’s my job, right?”) while he delivers a callcenter-style broken record reassurance: “Your privacy is important to us”. Yes, of course, our privacy is important to you; you made billions by surveilling and mining our private lives. One wonders how aware Zuckerberg is of the double entendre.”

For a more balanced, but equally intense view, Ben Thompson at Stratechery has a long post titled The Facebook Brand. It explains, in detail, how easy it was for any developer to get massive amounts of data from the Facebook Graph API between 2010 and 2015 (where Ben suggests that Facebook was willing to give everything away.) If you don’t want to read the article, but are interested in an example of the Facebook Graph Extended Profile Properties,  here it is.

Ben’s conclusion is really important.

“Ultimately, the difference in Google and Facebook’s approaches to the web — and in the case of the latter, to user data — suggest how the duopolists will ultimately be regulated. Google is already facing significant antitrust challenges in the E.U., which is exactly what you would expect from a company in a dominant position in a value chain able to dictate terms to its suppliers. Facebook, meanwhile, has always seemed more immune to antitrust enforcement: its users are its suppliers, so what is there to regulate?

That, though, is the answer: user data. It seems far more likely that Facebook will be directly regulated than Google; arguably this is already the case in Europe with the GDPR. What is worth noting, though, is that regulations like the GDPR entrench incumbents: protecting users from Facebook will, in all likelihood, lock in Facebook’s competitive position.

This episode is a perfect example: an unintended casualty of this weekend’s firestorm is the idea of data portability: I have argued that social networks like Facebook should make it trivial to export your network; it seems far more likely that most social networks will respond to this Cambridge Analytica scandal by locking down data even further. That may be good for privacy, but it’s not so good for competition. Everything is a trade-off.”

In the meantime, Facebook is arguing with Ars Technica about whether or not Facebook scraped call, text message data for years from Android phones. Facebook is pretty insistent that it isn’t. But, given that Facebook quietly hid webpages bragging of its ability to influence elections, it’s hard to know who to believe.

In shocking news, Facebook is now under federal investigation by the Federal Trade Commission. I’m sure they will get to the bottom of this quickly. I wonder if the NSA is going to have to delete all the Facebook data they’ve slurped up over the years after this is over.

Comments
Mar 21 2018

Privacy and Facebook – The Non-Surprise

In 2008, I gave a talk at my 20th-year reunion at MIT Sloan. The title of the talk was something like “Privacy is Dead” and my assertion, in 2008, was that there was no longer any data privacy, anywhere, for anyone.

I’ve been living my life under that assumption since then.

The current Facebook scandal around Cambridge Analytica, and – more significantly – data privacy, shouldn’t be a surprise to anyone. All of my experiences with companies around Facebook data over the years have been consistent with what is nicely called “data leakage” from Facebook out into the world. Facebook’s privacy and data settings have always been complex, have changed regularly over the years, and are most definitely not front and center in the Facebook user experience. And, that data has been easily and widely accessible at many moments in time to any developer who wanted access to it.

Answer the following questions:

  • Do you know what your Facebook privacy settings are?
  • Are your Facebook privacy settings to your liking?
  • Do you understand the implications of your Facebook privacy settings?
  • Do you think your data has always been subject to these current settings?

If the answer to all of these questions is yes, good on you. But, my answers are no to all of them and, unless you do some real work, you probably are answering no to at least two or three of them.

I haven’t used Facebook for a while. I broadcast my blog posts to it, but I’ve never really figured out how to engage properly with it in a way that is satisfying to me. Periodically I think about deleting my Facebook account, but since I’ve been operating under the assumption that privacy is dead since 2008, it doesn’t really bother me that my Facebook data is out in the world.

As I read articles about the current version of the Facebook Data Privacy Meltdown (or whatever name it is ultimately going to get this time around), I’m fascinated by the amplification of “nothing new going on here, but now we are outraged.” A pair of  articles that are a little off the beaten path (just watch CNN if you want the beaten path on this one) include:

The meme of #DeleteFacebook is making the rounds but it’s not new either. Here’s one from 2012.

I’m not sure what I’m going to do, but I do know that I’m not surprised.

Comments
Mar 14 2018

ICO Advertising On Google

Google just banned ICO and cryptocurrency-related advertising. For the official policy, see Financial Services: New restricted financial products policy (June 2018).

Oh – and happy Pi Day. And MIT Admission Notification Day. And Einstein’s birthday. And Amy’s half birthday. And the day that Stephen Hawking transitioned to the next quantum energy level.

I never understood why ICO advertising has been allowed. I’ve heard the phrase “wild west” applied to ICOs for the past few years and it’s clear the regulatory regimes are finally hustling to catch up with the phenomenon. Up to this point, the phrase “consumer protection” hasn’t really been in my head around ICOs, but it is today.

When I was in college and my early 20s, I read Forbes Magazine religiously. Dave Jilk turned me on to it when I was a freshman (he was a senior) and from 1983 to 1995 I read almost every issue cover to cover. The pink sheet and penny stock phenomenon crested in the 1980s with intricate pump and dump schemes, boiler rooms, and an entire layer of the investment banking industry that promoted worthless public companies. Forbes covered this extensively and by the time firms collapsed and people went to jail I had a healthy skepticism about broad-based advertising and promotion scheme around any financial instrument.

When I first heard the phrase “ICO” three or four years ago, my immediate thought was something like “that’s just an invitation to the SEC to regulate that. Why do a play off the acronym IPO – call them something innocuous like “Papayas” instead. Knowing the SEC would move very slowly, I didn’t pay much attention. Last year, the SEC finally started putting out some vague statements that are now starting to get crisper and more precise.

From where I sit, it seems like similar rules to selling private equity should apply to ICOs. In addition, there are some rules associated with selling public equity that should apply. In both cases, the idea of advertising an ICO is ludicrous to me.

When a company we are investors in is raising a new round of financing, I’m not allowed to even write a blog post about the financing, let alone run an advertisement about it. Tweeting isn’t allowed. Neither is giving a speech in a public forum. Promoting it on Youtube would bring down the wrath of Jason Mendelson on my head.

Now that we are a “registered investment advisor” (since we also invest in other venture funds), we have an entire compliance infrastructure that I have to go through to even get blog posts approved (like the one about Glowforge yesterday) when I simply mention a company of ours on the web. While I can argue that the regulations around what I can write and/or promote are over-reaching, they are the rules that I, and our companies, have to live with.

The idea that a company can do an ICO, raise money, and ignore this set of rules makes no sense to me. I can imagine a category (currently being called “utility tokens”) that look more like frequent flyer miles or tokens at a video arcade than equity, but the boundaries around this are very blurry to me right now.

Anyone that is paying attention to cryptocurrencies and ICOs knows that there is a huge amount of fraud going on. A Google search on ICO Pump and Dump turns up a bunch of current stuff that is fascinating to read. Telegram, which is home to a huge ICO that is ongoing, is a popular platform for organizing ICO pump and dump schemes. If you think this kind of action is healthy long term, just go watch The Big Short.

I learned the phrase “buyer beware” in my early 20s while reading all those Forbes Magazines. Today, we have John Oliver to help us out.

Comments
Mar 2 2018

Why Biohacking and Bodyhacking Are The Wrong Words

We (the tech industry) like to label everything. I attribute the source of this desire and need to Regis McKenna although he may have just been the genius that amplified it.

The labels I dealt with early in my professional career (the 1980s) included micro computers, mini-computers, artificial intelligence, expert systems, neural networks, middleware, super computers, parallel computing, and killer app. Oh – and groovy. And music by Boston, Journey, Rush, Pink Floyd, and AC/DC.

When we invested in Fitbit in 2010, the phrase we used to describe the product was human instrumentation. If you read the original post, you’ll be amused by the lack of marketing language for what, in a few years, would evolve through labels like quantified self and wearables. And yes, I still call it human instrumentation (as a subset of human computer interaction), since that’s the part that is interesting to me.

BodyHacking and BioHacking and trendy labels for this. They’ve long been a favorite troupe of the sci-fi that I enjoy and are now regularly showing up in sci-fi movies. One of the annual conferences, BDYHAX, even has a description that fits with the notion of transhumanism.

BDYHAX is 3-day celebration of human enhancement, transhumanism, and biohacking. With a special focus on DIY healthcare and other body hacks, BDYHAX brings together industry experts, curious newcomers, and everyone else in between.

Mom / Dad – do these words skeeve you out? I’m betting they do. Or, at the minimum, you feel detached from them. It is, in this way, that I think the tech industry, with their labels, are doing humanity a great injustice on this topic.

Here are some common bodyhacks that we’ve been doing for a long time.

  • IUD
  • Glucose monitor
  • Hip replacement
  • Dental implant
  • Tattoo
  • Pacemaker

You get the idea.

I think part of the problem might be gender. Go read the following post by Kate Preston McAndrew titled Vagina, vagina, vagina.* (the subtitle is “Redesigning the pelvic exam experience“). Kate starts the post strong.

“Gender disparity is real, and traditionally, medical equipment designers have tended to have penises. That is problematic on a general level, but specifically, it means that problems that are specific to vaginas are often ignored or overlooked.”

I hadn’t connected this issue to the labels we use until I read the post. The post is outstanding, especially in the use of language and the unfolding of the thought process around the product. While reading it, I felt like I was in an alternate universe from the typical conversation I have about products. It was awesome.

Tech (hardware and software) is being interwoven into everything we do as a human species. To make this accessible to everyone, maybe we should start working a little harder on the words. More meaning, and less either (a) tech or (b) marketing. Ponder that all your cryptowarriors out there. Or members of any particular technology company mafia. And those of you in ecosystems.

What are you really trying to say?

Comments
Jan 24 2018

Tax and Bitcoin (and other Cryptocurrencies)

Did you sell any bitcoin (or other cryptocurrencies) in 2017? If you did, do you know how to pay taxes on the transaction(s)?

I’m going to guess that a lot of people in the US that fit in the category of having sold some bitcoin in 2017 haven’t spent a millisecond thinking about what tax they might owe. There are probably others who feel like they shouldn’t have to pay any tax because they believe bitcoin is outside the reach of the government. And then there are others who believe the theoretically anonymous elements of the cryptocurrency they are trading should prevent anyone – especially the government – from finding out about what they are up to.

Two interesting articles came out in the past week. The first, When Trading in Bitcoin, Keep the Tax Man in Mind, is an excellent overview that addresses the following questions.

  • I sold some Bitcoin last year. What do I need to do?
  • I bought a computer (or another product or service) using Bitcoin. Are there tax implications?
  • I’ve successfully ‘mined’ Bitcoins. Now what?
  • I was paid in Bitcoin. Are there any special tax consequences?
  • What if I paid someone else in Bitcoin for their services?
  • Can I reduce my tax bill by donating my cryptocoins?
  • Will I receive any tax forms from my exchange? Do I have to track my own transactions?

The second article, Why the I.R.S. Fears Bitcoin, is an Op-ed in the NYT that I have mixed feelings about. While there are a number of scenarios about how to evade taxes, it ultimately leads to a proposal:

“A smarter response would be for the government to switch from taxing income when it is received to taxing income when it is spent. Many economists support moving to this kind of consumption tax, but it would require a major overhaul of the tax code.”

The “shift from a consumption tax” from an “income tax” is an endless debate that I’ve been hearing since I first started reading Forbes Magazine in college over 30 years ago. So, while logical, it feels like you could potentially compress the article into an argument for a consumption tax.

But, I loved the final paragraph.

“More generally, cracking down on tax evasion will require that the community learn to trust government. Since this goes against the very ethos of the cryptocurrency movement, it poses the most difficult — but no less necessary — challenge.”

The rabbit hole goes deep.

Comments
Dec 13 2017

Did Tech Companies Ever Have Our Best Interests At Heart?

An adapted essay from Noam Cohen new book The Know-It-Alls: The Rise of Silicon Valley as a Political Powerhouse and Social Wrecking Ball showed up several weeks in the New York Times in the article Silicon Valley Is Not Your Friend. It’s an important one to read slowly and carefully as there are several key points in it.

In the last week, two early Facebook execs made remarkably critical statements about what they were involved in helping create. It started when Sean Parker talked with Axios about how Facebook exploits human psychology.

“I don’t know if I really understood the consequences of what I was saying, because [of] the unintended consequences of a network when it grows to a billion or 2 billion people and … it literally changes your relationship with society, with each other … It probably interferes with productivity in weird ways. God only knows what it’s doing to our children’s brains.”

Then, the other day, Chamath Palihapitiya gave a talk at Stanford Graduate School of Business where he said:

“I think we have created tools that are ripping apart the social fabric of how society works”

A decade ago at my MIT Sloan 20th Reunion, I gave a lecture where I said that “privacy was dead, we just don’t know it yet.” I had no idea how prescient that statement would be, but even in 2008, I had a deep unease that we had no real idea what the next decade would bring.

It’s here. When Web 2.0 began in the mid-2000s, there was incredible enthusiasm about how technology was going to change everything. Google’s “Do No Evil” mantra was on everyone’s lips as a rallying cry for Silicon Valley entrepreneurs to “change the world” and “make a dent in the universe.” Twitter was becoming the world’s town hall and helping facilitate revolutions like the Arab Spring.

Amy and I were sitting in front of our computers on Sunday working on some stuff. During a pause, we started talking about how different things are from when we first started dating 28 years ago.

I woke up thinking about that this morning. Now that the five most valuable companies in the world are tech companies (Apple, Alphabet, Microsoft, Amazon, and Facebook with Tencent and Alibaba coming on strong) and the total market cap of cryptocurrencies also being in that league, it’s hard to deny the extreme influence of these companies on our society. As I sit at my desk, typing on my Apple Computer into WordPress in a Chrome browser, listening to music I asked Amazon to play throughout my house, well, you get the idea.

The blog post title is a rhetorical question, so I’ll let you answer it in the comments if you want …

Comments
Nov 29 2017

Apple Platform Layer Bugs

The word “platform” used to mean something in the technology industry. Like many other words, it has been applied to so many different things to almost be meaningless.

Yesterday, when I started seeing stuff about the MacOS High Sierra blank root password bug, I took a deep breath and clicked on the first link I saw, hoping it was an Onion article. I read it, picked my jaw up off the floor, and then said out loud “Someone at Apple got fired today.”

Then I wondered if that was true and realized it probably wasn’t. And, that someone probably shouldn’t be fired, but that Apple should do a very deep root cause analysis on why a bug like this could get out in the wild as part of an OS release.

Later in the day, I pulled up Facetime to make a call to Amy. My computer sat there and spun on contacts for about 30 seconds before Facetime appeared. While I shrugged, I once again thought “someone at Apple should fix that once and for all.”

It happened again a few hours later. Over Thanksgiving, I gave up trying to get my photos and Amy’s photos co-managed so I finally just gave all my photos to Apple and iCloud in a separate photo store from all of Amy’s photos (which include all of our 25,000 or so shared photos.) I was uninstalling Mylio on my various office machines and opening up Photo so that the right photo store would be set up. I went into Photos to add a name to a Person that I noticed in my Person view and the pretty Apple rainbow spun for about 30 seconds after I hit the first name of the person’s name.

If you aren’t familiar with this problem, if you have a large address book (like mine, which is around 20,000 names), autocomplete of a name or email in some (not all) Mac native apps is painfully slow.

I opened up my iPhone to see if the behavior on the iPhone was similar with my contacts and it wasn’t. iOS Contacts perform as expected; MacOS Contacts don’t. My guess is totally different people (or teams) work on code which theoretically should be the same. And, one is a lot better than the other.

At this point, I realized that Apple probably had a systemic platform layer engineering problem. It’s not an OS layer issue (like the blank root password bug) – it’s one level up. But it impacts a wide variety of applications that it should be easily abstracted from (anything on my Mac that uses Contacts.) And this seems to be an appropriate use of the word platform.

Software engineering at scale is really difficult and it’s getting even more, rather than less, challenging. And that’s fascinating to me.

Comments
Oct 16 2017

Digital Security Is Not Working Very Well

We live in a digital world with a false sense of security. While watching Blade Runner 2049 I smiled during a scene near the end where Deckard says to K, “What Have You Done?!?!?” I expect that this false sense of security will still exist in 2049 if humans manage to still be around.

The first big piece of security news this weekend was ‘All wifi networks’ are vulnerable to hacking, security expert discovers. It only a Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping, but, well, that’s most Wi-Fi networks. If you want the real details, the website Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse goes into depth about KRACK Attacks. And yes, KRACK is already up on Wikipedia.

Here’s the summary, which is mildly disconcerting (that’s sarcasm if you missed it …):

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks. For more information about specific products, consult the database of CERT/CC, or contact your vendor.

I was cruising along in my naive security bliss this morning when I saw the article Millions of high-security crypto keys crippled by newly discovered flaw. It turns out that a key RSA library that is widely used has a deep flaw in it and has been being used to generate weak keys since 2012.

A crippling flaw in a widely used code library has fatally undermined the security of millions of encryption keys used in some of the highest-stakes settings, including national identity cards, software- and application-signing, and trusted platform modules protecting government and corporate computers.

The weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. The five-year-old flaw is also troubling because it’s located in code that complies with two internationally recognized security certification standards that are binding on many governments, contractors, and companies around the world. The code library was developed by German chipmaker Infineon and has been generating weak keys since 2012 at the latest.

I’m sure there will be a lot more written about each of these flaws in the next few days. I expect every security vendor is hard at work this morning figuring out what to patch, how to do it, what to tell their customers, and how to get all the patches out in the world as fast as possible.

The constraint, of course, will be on the user side. A large number of customers of the flawed products won’t update their side of things very quickly. And many more bad guys now have a very clear roadmap for another attack vector with high vulnerability.

Be safe out there. Well, at least realize that whatever you generate digitally isn’t as safe and secure as you might think it is.

Comments
Oct 6 2017

RIP AOL AIM

Among all the distressing news of the world, I heard today that AOL Instant Messenger is shutting down on 12/15/17.

AIM was the first instant messenger I used. My AOL account handle was bfeld, which stuck and is generally my handle for all things (like Twitter) unless someone else grabbed it, in which case it’s bradfeld.

On 9/11/01, I was in NYC. I had taken a redeye the night before so I took a nap in the hotel room after I checked in and slept through the first World Trade Center tower collapse. When I woke up I was disoriented from my redeye and totally confused (like many) as to what was going on. I called Amy and caught her on the way to the airport (she was heading to NYC) and had been trying to reach me but couldn’t. There were tears but we figured out enough that she turned around and went home.

That was the last phone call I was able to make for a while. I was in the Benjamin Hotel and the phone wasn’t able to dial out. My cell phone couldn’t get a signal. As a last resort, I turned on my computer to see if I could connect to the hotel Internet.

That worked just fine. All of my IM apps opened up (AOL, Yahoo, Microsoft, and ICQ). Email worked fine also.

So for the rest of 9/11, until I went to Jenny Lawton’s house in the evening with Paul Berberian and Nick Cuccaro to get Jenny’s car and drive home to Boulder, I hovered over my computer.

AOL IM was probably 10x more active than the other IM apps combined. Amy and I went back and forth in real time throughout the day. My Mobius partners were equally distributed across AOL and Yahoo and a few randoms were on Microsoft and ICQ.

The little yellow AIM man was burned into my brain that day. I can’t imagine getting through 9/11 without him – and AIM.

AIM – you served me well for many years. Thank you. May you rest in peace for all of digital eternity.

Comments
Sep 20 2017

I’m Not Buying An iPhone 8

For starters, let’s look at some Golden Retriever puppies instead.

I watched most of the Apple announcement last week (I was on vacation and hanging out waiting for Amy, so I just plopped down on the floor and watched Special Events on the Apple TV channel.) I fell asleep for a few minutes part way through it. I turned it off about halfway through the iPhone X announcement.

I’ve been an Apple user for many years now. Every few years, I switch to an Android phone for a month (whatever the newest model is) but always end up going back to my iPhone. Whenever each new iPhone model has come out (for at least the past five years) there’s been a mad rush among my partners to make sure all of us have a new phone the day they ship. I even sported a rose gold one during one upgrade cycle just because I could.

When Amy and I went to lunch after the iPhone 8 and X announcement, she asked me if I was going to get a new iPhone. I said no. I realized I was profoundly uninspired – both by the new phone and the way the Apple team presented it. I’d go so far as to say I was bored, which as a lifetime nerd, is unusual when Amy lets me hang out and do anything related to computers (including watching TV about computers.)

Amy then said, “I didn’t mean the 8, I meant the X.”

For some reason, I’m completely uninterested right now in the iPhone X. I don’t know why. It might be the presentation. It might be that’s it’s not available for another few months. It might be that I just spend too much money and time fixing my iPhone 7+ screen (twice) after dropping it. Why twice? Because the first time I stupidly sent it over to one of the non-Apple “we can fix your iPhone for you for less money” stores who replaced the glass but totally screwed up a bunch of other things (the home button, the touch dynamics, and the edge feel of things.) That resulted in me buying a new iPhone 7+. Dumb Brad – just to go the Apple store even if it’s five miles further away and you have to drive instead of walk.

On the other hand, iOS 11 just installed on my phone while I was writing this post. A cursory glance shows that it’s working fine but other than different fonts, new icon styling, shading on an iMessage reply, and a different control center, it looks the same so far. At least I can play with fun new apps like Occipital’s TapMeasure to see how ARKit works.

I’m perplexed by the current Apple release cycle dynamics. I know they’ll mint money with the new phones, but my feeling of disappointment lingers as a user. Suddenly, I’m more inspired by Amazon’s new hardware.

Comments