Sunday, December 20, 2009

Would you pay for Facebook?

It shouldn’t come as much of a surprise that we spend the majority of our waking lives trading resources, participating in several economies. The simplest example of this is the financial transactions we make. We trade a limited resource, money, for other limited resources, good and services. Everyday at work, we trade a very limited resource, time, for money. In addition to fiscal transactions, we constantly trade on social markets. We do what we can to do nice things for others (writing a note to let someone know when we appreciate something, fixing friends’ computers, etc.) in exchange for people being nice to us in return. The nicer you are to people, the more social capital you accrue and the more other people will want to be nice to you. In this case, we are trading on intangibles: we’re trading time/effort for good will, and maybe eventually, time/effort in return. But perhaps the most fascinating exchange we trade on – whether we realize it or not – is with your Internet usage, where we frequently trade a limited resource, information about ourselves, in exchange for services like Google and Facebook.

Google trades us something we want, the ability to give order to the vast expanse of the Web, in exchange for a little bit of ourselves, the knowledge that we seek added to a database that makes Google smarter by the second. As Google becomes smarter (as it learns more about us), we trade on our privacy. Make no mistake, Google and Facebook are not free: you’re paying, just not with money. So, I ask this: would you pay some nominal monthly fee to use Google or Facebook rather than surrender your privacy with each query?

Targeted advertisement is the bread and butter of sites like Facebook and Google. It’s not a secret that Facebook ads are presented to us based on information that we provide in our profiles. For example, if you tell Facebook that you’re over 21 years old and list your zip code, you may start to get ads for bars in your area. If you list drumming as one of your activities, you may start getting ads for the newest, coolest snare drum. If you get an email to your GMail account that references baseball, you may start getting ads for Phillies tickets. If you search the Web for “Hawaii,” you may have ads for travel agents flanking your search results. These instances are examples of what some think of as the constant watchful gaze of “Little Brother.” Whereas Orwell’s “Big Brother” refers to government-to-citizen surveillance, this younger sibling refers to business-to-consumer surveillance – capturing information about customers for use in generating revenue.

But what if you’re uncomfortable with all of your information being sold to advertisers? After all, most of the info that we post to Facebook is password-protected, intended for friends and family. We consider our search queries to be private (even though they are not), a map of our thought processes and the information that we seek. What if we don’t want this information harvested and used in commerce? Well, then someone would have to pay for all of these “free” services that we consume. Someone would need to compensate Facebook and Google for their server resources and staff and perpetual innovation. That someone would still be us, except if we didn’t pay with the slow erosion of our privacy, we would have to pay in good old cash.
So, the question becomes, would you do it? Would you pay $5/month for Facebook and $10/month for Google in exchange for preserving some degree of privacy? You probably pay for Netflix now (am I being presumptuous? I assume that most people have Netflix). Conversely, would you take your Netflix for free if all of the movies you watched were cataloged and used to sell you DVDs? I suspect that in the future, we will have to make a choice.

Wednesday, December 2, 2009

Teaching Traceability - When RO is RW

I introduced the students in my class to Google Analytics. The purpose of this exercise was not to demonstrate how to properly "monetize" (oh, man, do I hate that word) a site, but rather to demonstrate the breadth of information harvested, even when we just visit a site.

Analytics, using a small bit of Javascript code embedded in the website a user visits, gathers information such as the city/state/country of each visitor, the search terms they typed into their search engine to get to your site, the network they came from (e.g. which university's Internet connection they are using, Comcast, etc.), the amount of time they spent on the site, the way they got to the site (Facebook link, link from another web page, etc.). In other words, it harvests a lot of information about a site's visitors, potentially personally-identifiable information. The interesting part: most sites run this code, and you don't need to post any information about yourself to have information taken.

For me, being a datahead, I like to think in terms of read-only (RO) and read-write (RW) when it comes to information. In his book Remix, Lawrence Lessig speaks about RO culture vs. RW culture. He uses it to juxtapose the old paradigm of cultural consumption (listening to music, watching movies, reading text) - RO - with the modern process of collaboratively creating culture by using technology to create music, videos, and text that build upon other works (remixes) - RW. I know that this is technically inaccurate, but I often think of the old Web, Web 1.0, as being RO. Sure, anyone could post to it with a text editor (or Netscape Communicator) and an FTP client, but you had to know some HTML have have access to an animated GIF of a guy digging. :) That is, content was created by a small, select group of nerds. I think of the modern, Web 2.0 culture of being RW - it's trivial to write information to the web by filling out a form (blogs, comments, Facebook), no knowledge of the workings of HTML required. Therefore, it's more open, more egalitarian; anyone can contribute without having to be a tech guru.

That said, we often think of posting information to web to come from RW activities - updating Facebook/Twitter, posting to a blog, tagging a picture, etc. So, I find it both interesting and a little scary the amount of information we "post" to a site just by engaging in an RO activity, browsing web pages, classic Web 0.1. In a standard session of browsing the Web, you leave this information on every site that you visit, possibly more information than you intentionally post to your Facebook site - your current location, the terms you search for, etc. At least on Facebook, you consciously choose which information to post.

So, I guess the moral of the story is that everything you do on the web is RW. We constantly leave a breadcrumb trail as we visit sites, usually without knowing we're doing so. I'll show you how to leave less of a trail tomorrow.

Until then, I'm off to check my Analytics to see how you got to my site...

Monday, November 30, 2009

Higher Education "Opportunity" Act

One of the most egregious manifestations of RIAA corporate lobbying has to be the new burdens placed on universities to enforce copyright law. You see, last year, the Department of Education created the Higher Education "Opportunity" Act, amendments to the 1965 Higher Education Act, which sets the guidelines for a university to receive federal financial aid for its students (correct me if I got this wrong). Somehow, skillfully woven into the document, among requirements for federal aid (the same aid that allows most students to attend college), some new, unexpected requirements came forth from the aether. They require that the university:

A) "has institutional policies and sanctions related to copyright infringement and civil and criminal liabilities students may face for unauthorized distribution of copyrighted materials which includes unauthorized peer-to-peer file sharing and the prohibited use of the institution’s information technology system for those activities"

B)" will, to the extent practicable, offer alternatives to illegal downloading or peer-to-peer distribution of intellectual property, as determined by the institution in consultation with the chief technology officer or other designated officer of the institution "

C) "[will regularly provide] a description of
institutional policies and sanctions related to copyright infringement and civil and criminal liabilities students may face for unauthorized distribution of copyrighted materials which includes unauthorized peer-to-peer file sharing and the prohibited use of the institution’s information technology system for those activities"

D) will aggressively serve DMCA cease-and-desist warnings to students

OK, let's try to set ire and pathos aside for a minute and analyze this like rational human beings.

(A) places a burden on the university's IT department to deploy some tech solution to hunt down those "stealing" from the RIAA and the MPAA, thereby incurring significant cost and become vigilantes. Now some lawyers interpret that (D) can satisfy the requirement in (A). Serving DMCA warnings is nothing new for most universities, but, I can assure you from firsthand experience, the cost is not trival - many large universities can use more than an FTE on this (so figure almost 6 figures per annum, counting benefits). Also, what other industries are required to deploy these tech-based deterrents?

(B) effectively requires that universities, in addition to expending the cost of (A) and (D), look into solutions where we can pay the RIAA and MPAA to borrow their content (note the intentional and accurate use of "borrow"; no one would own it but them). Going this route would have one of two effects: sustaining even more of a financial burden or passing it along to students (as is the case in many new pooled models).

(C) requires us to teach a moral lesson. It reminds me of the debate where Jack Valenti, former head of the MPAA, asked Stanford University, after a student admitted to downloading music, "What are you teaching these kids? What kind of moral platform will sustain this young man in his later life?" (Lessig, Remix). And, what better way to teach morals than side by side with the creators of the DMCA? Seriously, though, give me another example of a case where a university is required to regularly attempt to "teach" students about not committing a crime.

So, let's say you think these clauses are garbage. The cost of noncompliance? The university losing all federal financial aid for its students. That is, taking away access to education for students who need assistance in paying for it.

Give me one good reason why these clauses belong in an act relating to federal funding of education - an act that parades under the moniker of "opportunity."

Sunday, November 29, 2009

Tor - Internet Proxy for Preserving Anonymity

In my previous post I promised to explore some ways that we can maintain anonymity on the Web, even in light of the numerous ways personal data is mined everyday. The key piece of personally-identifiable information that we scatter across the web (frequently without any thought) is our IP addresses. Almost every time you visit a website, your IP address is logged - a digital record that you have been to that site, that you have requested to view its content. It's trivial, in most cases, to find out who your Internet service provider (Comcast, Verizon, Time Warner, Qwest, etc.) is with this IP address. Someone who wants to bring a tort case against you or a governmental agency interested in you for any reason can subpoena your ISP for your identity - recall the link in my last post about National Security Letters. Therefore, if you want to maintain some semblance of privacy as you browse the Web, you cannot be leaving y0ur IP address at every site you visit.

One solution to obscuring your IP is using a web proxy, like Tor. When you use a proxy, all of your Web traffic passes through the proxy - that is, the proxy is the only server you connect to. Then, the proxy connects to any site you wish to visit on your behalf. Thus, if you were using a proxy and if all visitors to this blog were subpoenaed, your IP would not be there - just the IP of the proxy, who likely keeps no logs, and thus could not comply with a subpoena.

Tor is a good, free proxy service. The technology was originally developed by the U.S. Navy, and it is more complex than your average proxy. Tor bounces your Internet traffic to multiple relays all around the globe before connecting to your intended destination. You can learn about the Tor Network and the values it stands for here. To get started using Tor, you'll have to install a Tor client. I use a Mac, so I installed Vidalia.

Once you've got a Tor client installed, you can use it to connect to the Tor network. This is only half of what you need: you'll need to tell any programs - Web, torrent, IM, etc. - that you want to anonymize to use Tor. For Firefox, it's easy. Just install the Tor add-on. The nice thing about about it is that you can enable and disable Tor on the fly - you wouldn't want to keep Tor on all the time because it is very slow.

I just installed Tor recently to see what it's about. I notice that it has a few downsides:
1) it's very slow
2) many web pages detect your location (using your IP) and render the page differently depending on where you are coming from. While using Tor, web sites will detect your location as the location of your Tor proxy. Therefore, I noticed that several web pages were displaying themselves to me in German. (This goes to show how much information about you is used to determine your browsing experience.)
3) I read that some employers may not appreciate your use of Tor at work.

Anyway, for me, at least, the hassle of using Tor outweighs any benefits it serves. I like the ideology of Tor more than I actually find it useful to me. :)

Of course, I would be remiss not to note that there are certainly downsides to the proxy methodology: like many good ideas, it can be abused by those who seek to perform nefarious actions under the cloak of anonymity.

Saturday, November 28, 2009

The Value of Anonymity

This semester, I have been teaching a class titled "Privacy in a Networked World." The class explores the evolving expectation of privacy with regard to the Internet, in addition to areas where the right to privacy and freedom of speech come into conflict. On a related note, one of my research interests lately has been the enforcement of copyright/intellectual property laws vis-à-vis digital content - DMCA, etc. These two areas of study recently intersected for me as I was doing research on how copyright-enforcement entities frequently flirt with violating the privacy of their "suspects."

I began reading about Bit Torrent (a protocol for sharing files, sometimes copyrighted), with which, believe it or not, I have no firsthand experience. In the process, I read a post at Lifehacker about preserving anonymity online using Internet proxy servers. Apparently, the RIAA, MPAA, and other copyright-enforcement cartels actively monitor torrent users to locate their next victims. Given this, it's reasonable to assume that, if these entities track our activities online (thereby violating our privacy), there are others (governmental, commercial [think targeted ads], etc.) doing the same. So, the question becomes, can we preserve privacy online or do we give it up and accept the fact that "privacy is dead" and "get over it?"


First, in order to ward off any "if you've got nothing to hide..." arguments, let's take a step back and consider the value of privacy and anonymity online. Consider journalists in countries with staunch commitments to censorship - China, Iran, etc. These countries frequently intimidate and incarcerate (or worse) their political dissidents, usually for nothing more than what we would consider exercising basic, American First-Amendment rights. If disclosing the actual events that led to the Tiananmen Square incident could earn a Chinese journalist almost a decade in prison, there needs to be some kind of mechanism to ensure anonymity, and therefore freedom of information dissemination, online.

It’s certainly true that there are numerous tales of anonymity protecting free speech, like those of the Chinese journalist and the obvious example of Twitter’s role in protests of the Iranian elections. However, it’s important to also consider the right to privacy itself and what it is meant to prevent: a person being judged out of context. For example, if one has an interest in the Manhattan Project, he should be able to pursue his curiosity without his search queries for “atomic bomb” being construed to mean that he is attempting to build one. One mustn’t do much work to find cases of clandestine subpoenas from the Department of Justice seeking the identities of all visitors to a particular website.

In my opinion, while I see privacy online as a waning right in this era of DMCA and the Patriot Act, there are some actions we can take to prevent privacy violations from occurring – in addition to supporting the ACLU and Electronic Frontier Foundation in fighting injustices. Over the next couple of posts, I will outline some ways we can preserve anonymity and limit the privacy violations that have become commonplace.

Wednesday, July 29, 2009

Why my Blackberry Tour is awesome...

I can recall discrete points sprinkled over the timeline of my existence where I knew that something that I encountered would be life-changing. Examples: when a grade school teacher told me about a device called a "modem," the first time I opened yahoo.com in Netscape Navigator 1.0, the first time I heard of a DVD player, when I first met Noell, etc. (Noell, you should be honored to be listed among these other items :) )One less dramatic instance of this phenomenon was when I upgraded to my new Blackberry Tour.

Before upgrading, I had two iterations of the Palm Treo (650 and 700), which I loved. It was tough to make the move away from the Treo, but when my contract was up, I decided to give Blackberry a try. The verdict: why did I wait so long?

The Tour is awesome. And I will tell you why:

1) Form-factor - the Treo was one of the best phones I have ever used from a perspective of form-factor. I could walk around and use it with one hand and it had a tactile keyboard. The Blackberry is *almost* as good. The keyboard is great (nice textured keys) and I can use it with one hand, but I often get the urge to tap on the screen to select something - the Tour does not have a touch-screen.

2) Applications - I will do a separate blog post about some of the apps that I like, but here are the highlights:
- Google Talk
- AIM
- Google Maps
- UberTwitter
- Facebook
- Bloomberg
- Pandora

3) Message aggregation - All alerts (IM's, email from different accounts, Facebook alerts, etc) are visible in my messages screen. This weirded me out at first, but I have grown to love going to one place to see all alerts.

4) Battery life - I can get about 36 hours of good use out of a charge

5) The browser murders the Blazer web browser that haunted the Treo

Things I don't like:

1) BIS email - I hate that I can't set the interval of mail checking. It kills me that my email shows up around every 10 minutes or so. This will hurt my aspiration to keep up an email response time similar to my friends Al and Ira (around 2 min, on average [but it's only that high if you average in sleeping time]).

2) That it doesn't have or that I can't find speakerphone. I need that for conference calls.

3) That I cannot find a Yelp app for it

4) That the trackball thing can be a little unresponsive sometimes

5)And the biggest one, that Verizon attempts to charge monthly fees to use the device's built-in GPS and visual voicemail.

Overall, it is a great phone and I will certainly be posting more about it. I *highly* recommend that Tour if you're looking for a new phone.

Oh, man, I cannot tell you how much I love being able to Twitter anything that I find interesting as soon as I think of it (I live in perpetual fear that others will be deprived of my constant stream of clever thoughts). And, how much I love being able to IM while walking between buildings. And, how much I love listening to Pandora at the gym while answering email. And,...

--Chris

Friday, July 10, 2009

Priceline and BetterBidding

The Web, and the information it renders accessible, have a near-infinite amount of applications, the greatest of which is facilitating cheapness - er, frugality. With just an Internet connection and a little savvy, your run-of-the-mill cheapskate can grow into the uber-miser (the miser meister?). Today, I am going to give a quick lesson on one of my favorite methods to save a bundle.

I am big fan of traveling. There is not much I would rather do than pack up and go on an impromptu trip with the wife. Unfortunately, one of my least favorite things is paying for said vacation. Enter priceline.com. Priceline has been around since the time of the Stegosaurus, so you have probably heard of it. In addition to more traditional methods of booking hotels, flights, etc., they also have their signature model. Let's take a look at this model with regard to hotels.

In the Priceline model, you select the city you would like to go to, the dates when you want to go, the section of the city you would like to stay in, and the level of hotel (up to 5 stars) that you would like to stay at. Then, you enter the price you would be willing to pay for a room meeting the aforementioned parameters and enter your credit card info. If Priceline accepts your bid, your card is automatically charged and the hotel where you will be staying is revealed. If your bid is not accepted, you have to wait 24 hours to bid again or change your search parameters. This is to prevent you from starting your bid at $1 and incrementing by $1 until you find the sweet spot.

Pretty simple. But, how does one know that he or she is getting the best deal? It KILLS me to think that I got a good deal and to later find out that someone else got a better one - kills me.
OK, so we need some help.

Enter BetterBidding.com. BetterBidding is a simple discussion board where you can search for a city and find see what others were able to bid successfully for hotel rooms. It has three real uses: 1) to attempt to predetermine what the mystery hotel is, 2) to find out what others were able to successfully (and unsuccessfully) bid for a room, and 3) to brag about the deal that you got so that others can attempt to replicate it.

Give it a try. Go to betterbidding.com and search for some city. Check out the posts and you will get a better idea of what I mean.

Now that we have a rough idea of the range of successful bids and the possible hotels we could be dealt, we are in a better position to make a bid on a room. I usually try to adjust for day of week, season, and these days, for the sagging economy.

Recently, I was able to get the Sheraton Centre in downtown Toronto for $50USD/night (usually over $200) and the Hyatt in Buffalo for $40USD/night. Not bad.

In conclusion, I believe that some guy said that "variety is the spice of life." Rubbish. Competition is the essence of life and what better way to compete than to save a bunch of money and get to brag about it all in one fell swoop? I highly recommend that you attempt this method if you're going on a trip and you don't care at which specific hotel you stay. Obviously, this wouldn't be preferable for traveling to a conference where you want to stay at the hotel where the conference is being held.

Good luck, and let me know if you are able to score any good deals!

--Chris

NOTE: If you know of other innovative ways to cheap out, I would love to hear about them - really, please contact me ASAP. I could be wasting money as we speak!

Monday, July 6, 2009

Borrowing CD's

Good morning, everyone. I now fully awake and blogging from the balcony again. I saw an interesting ad on the way to the shore on Saturday. There was a little CD store with a sign offering "CD test-drives." You could, for $4, "borrow" a CD for 15 days and then either purchase it or return it.

Now, here is why this is interesting. I believe physical media to be dead, or at least on its deathbed awaiting its inevitable fate. I hate the idea of having put a physical disc into a media player to listen to music or watch a DVD. I find it to be the definition of primitive. So, what does one do if one runs a business predicated on an antiquated technology? Let people borrow CD's, take them home, and rip them to digital form for less than the cost of buying the album on iTunes.

Sure, this isn't what is explicitly advertised - but I'm pretty sure the intent is painfully obvious. Right, it's not legal - and I'm not condoning or endorsing it with this post. I am just saying that I understand the thinking behind it, it's clever, and it's interesting.

If we compare this model to other methods of obtaining music, it seems to do pretty well when graphed on the risk-to-reward Cartesian plane, mainly because there is about zero chance you will receive a pre-litigation letter from the RIAA.

Anyway, just thought you might find this interesting. (Again, I'm not endorsing this model so don't comment about how I am a jerk - well, to clarify, you can call me a jerk, but not for this reason.)

--Chris

Sunday, July 5, 2009

Smcfancontrol

I have a first-generation Macbook Pro (2006) and it has always run pretty hot. The underside gets pretty warm and the thin strip of casing between the keys and the display could cook a strip of bacon.

This hasn't been a huge inconvenience for me until recently, when I had to start running Second Life on my laptop for a work project. The problem with SL is that it is extremely graphics intensive, so the laptop reaches temperatures comparable to a solar flare. One of my friends told me about smcfancontrol, an application for the Mac that lets you control its fan speed. So, you can actually increase the fan speed to cool your computer faster, if need be.

Now, I am not usually a fan of overriding hardware controls, but in this case there definitely seems to be something wrong with how the fans are tuned. I usually only override fan speed when I'm running SL and the temp gets up around 70C.

One of the cooler things, I think, about SMC is that it displays the current internal temperature of your Mac, along with the current fan speed, in the menu bar. So, you can actually see what's going on inside your Mac.

Anyway, if you have a Mac that tends to run hot, this app might be of use. However, I make no claims of knowing the effect of using such a tool on your warranty. :)

Thursday, July 2, 2009

I'm back (again)

I figured, given that it's been almost a year since I have updated my blog (!), that I should update it before some sort of Blogger inactivity script shuts down my account. I'm getting ready to teach a course on how technology affects privacy and reputation ("Privacy in a Networked World").

While working on my syllabus, I came across a great quote in the book that I am using ("The Future of Reputation" by Daniel J. Solove). This quote is from Perry Barlow's Declaration of the Independence of Cyberspace. I love it:

"Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of the Mind. On behalf of the future, I ask you of the past to leave me alone. You are not welcome among us. You have no sovereignty where we gather.

We have no elected government, nor are we likely to have one, so I address you with no greater authority than that with which liberty itself always speaks. "

Here's the full text: http://homes.eff.org/~barlow/Declaration-Final.html

I think that is one of the more powerful pieces of writing I have seen in a while. I can't wait for the class to read it.

Anyway, good to see you again, and I will really try to keep the blog updated.

--Chris