2012.03.25

On Device Identifiers.

Mere hours after pressing ‘Publish’ on the previous mini-article concerning walled gardens, an article on TechCrunch, this morning, clarified the situation we have more or less been suspecting for a while now: that Apple, after deprecating UDIDs (one of the things they truly did well in iOS from the beginning), they will start rejecting apps after the backlash caused by lawsuits, noise and a few rogue developers that seemed keen to take advantage of their users and use their private information in ways they didn’t agree (and which are illegal in more ways than one).

The situation with unique device identifiers is an important one. On one hand, user privacy should be the number one concern of platform owners/builders like Apple, Google and Microsoft. It isn’t, for their software can do pretty much whatever it wants with the users’ private information, as we have seen several times these past few years. On the other, developers have many uses for an immutable, unique identifier for devices; from providing metrics for their own use, understanding the patterns of use of their applications, improving ad targeting, enforcing proper use of their applications and communities among others. Of course, it can also be a tool aiding in unsolicited tracking and profiling of users, of a range of personal information violations etc.

When Google came out with Android, they failed to provide any sort of unique device identifier of any significance to their developer community. They did provide several ways for developers to get some seemingly unique identifier, but those were easily modifiable, sometimes were not set at all or set to the same value across all devices sold by an OEM. In addition they would get reset after a factory wipe, etc. Developers resorted to DIY identifiers, scoured and composed from several unique component identifiers available to them by the system, such as the IMEI in phone devices, or the MAC address of the WiFi network interface in others. Then Google released Android 2.3 which included a unique identifier which, while better than the previous ones, was still not 100% robust.

Microsoft has belatedly joined the new-walled-garden era, first with Windows Phone 7 and now with Windows 8. The ‘new’ API and model for applications, Metro, goes one step further by not providing any single unique device identification capability to developers (there are some exceptions, but they are truly exceptional and as of right now undocumented). The only thing close to user/device authentication is ‘Microsoft Account’ (formerly Windows Live, Passport etc. etc.) integration which is probably useless for 99% of the cross-platform applications available out there, that have a need for some sort of unique identification of their users/devices.

It’s the permissions stupid.

The whole situation boils down to botched design in terms of permission control, abuse by advertising, analytics and developers and extremely late regulatory and social reaction to the above, perhaps combined with a pretty simple way to raise barriers to entry to the competition while ‘solving’ the issue of privacy. All platforms have some sort of privacy/permission control, but none have a good one. Android has a pretty comprehensive permission system that assumes that before installing an application each user bothers to read a silly list of permissions (many of which they will probably not understand) and once they accept they will perpetually want to grant all those permissions to said application. There is no fine grained permission control post installation, no possibility to grant or revoke individual permissions to applications before they are launched (something like “I would like to allow App X to use my network connection, but not my location or my address book data”). iOS is also similarly badly designed: there is no explicit permission asked or required for using the network connection, a slew of personal data, several APIs, storage etc., except for location, where iOS does a much better job than Android, probably because of the high-profile exposure that their data-collection ‘functionality’ took a few years ago. At the same time, both platforms actively transmit information gathered by your device, be it nearby BSSIDs (the identifiers of wifi networks, akin to ethernet MAC addresses) or Cell IDs (the unique identifiers of nearby cellular transmitter/antennae) so that they improve their ‘network-based’ geolocation service. Google fares better in this respect, as they allow you to disable this; Apple doesn’t, as far as I know.

Then comes Microsoft, the ailing software behemoth that only recently decided that Balmer’s rhetoric about the iPhone’s failings, the iPad not gaining any significant traction etc. was totally wrong after all, and that they should jump on the tablet bandwagon, not in the way they’ve been trying to do for about a decade, but the way Apple did with their own version of a walled garden, doing away with the desktop paradigm and providing a dumbed down, simpler interface that does away with compatibility, file-systems etc and uses a locked down, app store/marketplace based model to ensure software legitimacy and boost profits. So Windows Phone 7 and Windows 8 provide new sets of APIs and a new ‘application environment’ called Metro. In the Windows 8 version, the æsthetics borrow much more than its name from Windows Phone 7, the company’s revamped operating system for mobile phones that, while a decent effort, doesn’t seem to be doing that great on the market. Metro on Windows 8, however, is not a finished product by any means, and probably won’t be ‘finished’ (that is of a sufficiently high quality) until Windows 9 is released in a few years from now. Metro on Windows 8 also has permissions, like Android, but does away with unique device identifiers and any sort of meaningful API to get any sort of replacement of one. It also allows the user to revoke a permission (say, for the location), but only after the application has be executed, which kind of defeats the purpose.

My experience with the ‘next-generation’ platforms I have programmed on until now strongly suggests that the companies and people designing them have no idea about the implications of their work. They are experimenting, releasing APIs, platforms and products without thinking them through, or the impact their software has on the users, developers building applications using them or the overall social effect of their design decisions. In the case of Android, many more developers have access to IMEIs, MAC addresses and other, arguably much more sensitive information about devices and their users than they would have, had Google paid some attention and provided a unique, immutable pseudo-random unique device identifier from day one. It is also surprising how bad their permissions system is, given that they at least went through the trouble of designing one in the first place. In the case of Microsoft, the complete lack of such a mechanism, may eventually play its part in hurting the company’s efforts to enter the game (they already are extremely late). And finally, Apple, the market leader that did so many things right in the first place, is risking pissing off everybody from small independent companies that helped build the platform, to its greatest non-platform owning competitors that can see through the excuse of legal heat from regulators and the government, their hypocrisy on protecting the users’ privacy and who may call their action as an excuse to block them out of their platform. At the end of the day, the three big players in this market still get all your information, and their expansion into advertising, mobile payments, e-commerce and every single part of the software ecosystem possible means that they have the greatest incentive to (ab)use it.

In the end, all of the privacy problems that location, unique device identification and access to other personal information may give rise to are easily solvable by a modern, smart permission system that gives the user the power to deny, revoke or grant permissions to individual applications post installation, including system software/applications, thus creating a level playing field where the user would decide what kind of access to provide to whom. That would be a clear demonstration, on the platform owners’ part, that they truly care about users’ privacy and not just creating barriers to entry to the competition and their bottom line.

comments

» Independent companies

WSJ: Before Steve Jobs of Apple Inc. died, he approached you with a buyout offer. Why did you turn it away?

Mr. Ferdowsi: The problem that we’re trying to solve is a problem that only an independent company can solve. We want to let you use a Mac, or Windows PC, or iPad, or Android, without having to think about any of the technical details. It isn’t a problem any of those larger companies is going to be as inclined to solve in the same way we are.

A very very pertinent point, seeing that we’re experiencing a renaissance of massive, vertical closed systems, walled gardens and a childish desire to lock people into proprietary platforms that try to offer everything. Look at how Google, Facebook, Apple and now Microsoft are heavily promoting their respective ‘authentication’ platforms, playing the game of ignoring_the_competition. Facebook would certainly like you to use their APIs to authenticate your users, but they don’t have to try much because they have the most powerful database right now. Microsoft heavily promotes their ‘Microsoft Account’ (previously known by half a dozen names) and will do even more in Windows 8, while Apple makes ever increasing use of their Apple ID, across their products and services. Google, in lieu of their recent privacy terms update, needs no introduction I think with Google+ and every other service tied to a single Google account. The fact that Dropbox fully supports practically every single system platform I can think of using is reason enough for me to prefer it from competing services (Ubuntu One, Microsoft Skydrive, iCloud etc) and a refreshingly sane choice they made contrasted heavily by that of the established market leaders who fear of inadvertently promoting their competition.

comments

» Break free, create your own walled garden.

It’s ironic, how ‘ease’ becomes the noose that chokes innovation and development. AOL, Facebook, iTunes, they all offer closed, proprietary solutions to ‘problems’ that — in more ways than one — are not so hard to solve. Solutions that seem to ‘work’, that ‘succeed’ because the ‘trend’ is to embrace ‘easy’, as opposed to ‘moderately challenging’, because the ‘smart money’ is behind them and because of network effects.

In the last few years, that is after the wave of ‘Web 2.0′ (ironically, yet another ‘trend’ exploited by ‘experts’ that abused it for profit) subsided, Facebook started making serious money. Its real success as an advertising platform is not only arguably minimal, but quite controversial. It took a long time for the advertising industry and the hordes of marketing monkeys to embrace Facebook’s walled garden approach and doing what they do best, counting. Only this time it wasn’t ‘impressions’ or ‘clicks’ or ‘conversions’ they were counting, but ‘likes’, another frivolous metric that doesn’t really mean anything in the real world. Facebook apps, once touted as the next big thing and a threat for the web, were stillborn, largely because Facebook itself made significant steps to expand beyond the confines of its site, by creating interfaces, programmatic and user, for other platform-owners to embed in or integrate with their platforms. So we got a slew of ‘social plugins’, more ‘APIs’, etc. But there were some exceptions, like Zynga, a gaming company living inside Facebook.

Now, Zynga just launched Zynga.com. And it’s a big deal, because this is the first Facebook-dependent business of significant scale that expands beyond the confines of this walled garden du jour.

The whole ‘frenzy’ with Facebook in the ad world is now in its third year. As with AOL’s endeavours fifteen years ago, the Facebook frenzy may be past its prime; as a teenager of the early-to-mid 1990s, AOL ‘keywords’ seemed to me like a pointless exercise, yet another ‘top-down’, force-fed business model that people never cared about.

Clearly people care about Facebook; they care about the platform that connects them to people they love: their friends and their relationships, news from their social circles, people they’d like to know better or simply keep in touch. They could hardly care less about Facebook pages, Facebook ads, the Facebook business. Sadly, marketers and advertisers, typically the last group to perceive change — and perhaps the most dependent on ‘convention’ (make no mistake, Facebook is convention, as is Google), will take a bit longer to ‘wake up’. That Zynga chose to move beyond Facebook is undoubtedly a wake up call and a sign of maturity in an industry that more than often adopts the strategy of others, instead of coming up with its own.

comments

» Τουλάχιστον να γνωρίζουμε.

Πριν από περίπου ενάμιση μήνα ‘υποβαθμίστηκε’ η ταχύτητα της σύνδεσής μου στο σπίτι, για λόγους που μπορώ να αποδώσω μόνον στην ανικανότητα του ΟΤΕ. Παρ’ότι ενδιαφέρουσα περίπτωση που συνδυάζει τεχνική ανικανότητα και μια γερή δόση Κάφκα — δεν θα μπώ σε λεπτομέρειες (ζούμε άλλωστε μια ιδιαίτερα σουρρεαλιστική εποχή που κάνει ασήμαντη την εν λόγω προσωπική ιστορία), αποφάσισα να ψάξω λίγο online για παρόμοια προβλήματα, την θέση της ΕΕΤΤ για το χάλι των ευρυζωνικών συνδέσεων στην Ελλάδα κλπ.

Στο ψάξιμο βρήκα το εξής: Εν διαμέσου κρίσης, στα μέσα του καλοκαιριού που μας πέρασε ξεκίνησε την πιλοτική του λειτουργία το ΣΑΠΕΣ, το Σύστημα Αποτίμησης Ποιότητας Ευρυζωνικών Συνδέσεων της ΕΕΤΤ, το οποίο καταγράφει την ταχύτητα της ευρυζωνικής σας σύνδεσης και άπεικονίζει τα στοιχεία ως overlay σε χάρτη. Παρ’ότι τα αποτελέσματα είναι ακόμη σχετικά λίγα, η εικόνα είναι ενδιαφέρουσα και οι ‘μαύρες’ τρύπες, περιοχές με φοβερά κακή ποιότητα ευρυζωνικής σύνδεσης, πολλές.

Εαν δεν το γνωρίζετε ήδη, εγγραφείτε (είναι γρήγορο και σχεδόν ανώνυμο — χρειάζεται ένα email και την διεύθυνσή σας) και κάντε μια μέτρηση της ταχύτητας της σύνδεσής σας, ιδιαίτερα εάν αντιμετωπίζετε πρόβλημα με αυτή. Όσοι περισσότεροι συμμετάσχουν, τόσο περισσότερες πληροφορίες θα έχει η ΕΕΤΤ και ευελπιστώ πως αν υπάρξει καλή συμμετοχή ενδεχομένως να αποκτήσουμε καλύτερες συνδέσεις μια ώρα αρχύτερα.

1 comments

» Javaless Guardian

Guardian.co.uk is switching from Java to Scala. I’m surprised it took so long and that other Java shops are not following en masse — it could be because of how different and esoteric Scala can be, especially to Java programmers. The linked infoQ article contains an interesting discussion with the Guardian folks.

Programming enterprise web applications (or anything, for that matter) in Java is painful for anyone mature enough to have experienced the wealth and breadth of tools out there, given how primitive, verbose and unproductive it is, and how much it caters for the lowest common denominator of a programmer. That’s not to say that Scala is the best choice for everyone, let alone those not starting from scratch, but given the Guardian’s existing infrastructure and systems, I guess that it’s the best choice they could’ve made.

2 comments

» Google Art Project

Amazing work by Google, I hope it expands to other great museums all over the globe.

comments

» What about {Angle,Diamond} gradients?

In this draft CSS3 spec, preliminary support for gradients is defined. Where are diamond and angle gradients? They may not be used as much as the others, but I find it weird that they are not added to a newly spec’d standard, given that it’s not that hard to implement them.

comments

2011.01.13

Τέλος Εποχής για το VoIP στην HOL.

Λίγο πριν τους Ολυμπιακούς της Αθήνας, με το ADSL να γράφει μόνον έναν χρόνο ζωής στην χώρα μας, η Hellas On Line έκανε το αδιανόητο: πρόσφερε, μέσω του προγράμματος evoice, την δυνατότητα απόκτησης αριθμού αθηνών (213xxxxxxx) χωρίς πάγιο τέλος, βασισμένο σε SIP και με ιδιαίτερα ανταγωνιστικές χρεώσεις για αστικούς και υπεραστικούς προορισμούς.

Γνώρισα την υπηρεσία το φθινόπωρο του 2006, και έγραψα γι’αυτό λίγους μήνες αργότερα. Από το 2006, μόλις δυο χρόνια μετά την έναρξη του προγράμματος, ήταν σαφές πως η HOL δεν είχε ιδιαίτερο ενδιαφέρον για τις υπηρεσίες VoIP. Ήταν η εποχή που όλοι οι πάροχοι παπαγάλιζαν το double (και μερικές φορές το triple) play, ενώ η μισή Ελλάδα δεν ήξερε καν τι είναι το ADSL και η υπόλοιπη καταριόταν τις πανάκριβες τιμές, την κακή απόδοση και το απαρχαιωμένο δίκτυο.

Στα χρόνια που ακολούθησαν, η ΕΕΤΤ, ο ΟΤΕ και οι ‘εναλλακτικοί’ ομαλοποίησαν τις διαδικασίες φορητότητας, η αγορά ‘ωρίμασε’, οι υπηρεσίες βελτιώθηκαν. Μπορεί, στα μάτια ενός αδαούς, πολλά από τα πλεονεκτήματα μιας VoIP σύνδεσης να μην είχαν τόσο νόημα, στην εποχή των απεριόριστων κλήσεων, των φθηνών τιμών για διεθνείς κλήσεις και τους ‘γρήγορους’ χρόνους φορητότητας, όμως στην πραγματικότητα η πρωτοπορία της HOL με το eVoice στα μέσα της περασμένης δεκαετίας είχε τεράστιο νόημα τόσο οικονομικό όσο και εμπορικό· ήταν, δυστυχώς, κάτι που η HOL ως εταιρία ουδέποτε κατάλαβε ούτε αξιοποίησε όπως μπορούσε: ήδη από το 2006 ήταν σαφές πως το eVoice αποτελούσε μια ξεχασμένη υπηρεσία, ένα αποτυχημένο, θαραλλέο ίσως, ‘πείραμα’ που λειτουργούσε στο αυτόματο. Η εταιρία δεν έκανε καμία προσπάθεια διευκόλυνσης των πελατών της έτσι ώστε να κάνει την υπηρεσία ελκυστική. Για παράδειγμα, ήταν απίστευτα δύσκολο το να προπληρώσει κανείς ένα ποσό έτσι ώστε να μπορέσει να κάνει κλήσεις μέσω της σύνδεσής eVoice, όταν — σήμερα — εταιρίες όπως η viva έχουν κάνει την διαδικασία παιχνίδι. Δεν υπάρχει κανένας λόγος, πέραν της βλακείας, για τον οποίο αυτό δε θα μπορούσε να το είχε κάνει και η HOL πριν από τέσσερα χρόνια.

Πριν από λίγες ημέρες η εταιρία ενημέρωσε και τους τελευταίους συνδρομητές της υπηρεσίας πως αυτή έφτασε στο τέλος της και πως αν θέλουν, μπορούν να μεταφερθούν σε κάποιο από τα υπόλοιπα προγράμματα της HOL ή να μεταφέρουν τον αριθμό τους σε κάποιον άλλο πάροχο. Η αντιμετώπιση της υπηρεσίας από την εταιρία μπορεί ποτέ να μην ήταν η πρέπουσα, αλλά το τέλος της προδίδει άγνοια βασικών εμπορικών κανόνων και έλλειψη επικοινωνιακών ικανοτήτων: δεδομένου του ότι η υπηρεσία λειτουργούσε τόσο καιρό και εξυπηρετούσε, έστω και στον μικρό βαθμό που της επέτρεπε η HOL να λειτουργεί, κάποιους συμπολίτες μας, πόσο δύσκολο θα ήταν για μια εταιρία του μεγέθους της HOL να αρχίσει να χρεώνει ένα μικρό πάγιο, ακριβώς όπως κάνουν τόσες άλλες εταιρίες παγκοσμίως, συμπεριλαμβανομένης της προαναφερθείσας viva (ένα πάγιο της τάξεως του €1 μηνιαίως), επιτρέποντας σε αυτούς τους πελάτες τους να διατηρήσουν τον αριθμό τους και αποκομίζοντας κάποιο οικονομικό όφελος. Αν δε, το συνδύαζε με έναν μηχανισμό ηλεκτρονικών πληρωμών (‘απλά’ πράγματα που θα έπρεπε να είναι αυτονόητα εν έτει 2011) όπως π.χ. πιστωτική κάρτα, paypal, ηλεκτρονικός κωδικός μέσω τραπέζης, είμαι σίγουρος πως όχι απλώς θα κατάφερνε να διατηρήσει τους υπάρχοντες πελάτες της αλλά θα τους αύξανε εντυπωσιακά.

Την εποχή που όλοι, ιδιώτες και επιχειρήσεις, επιθυμούν την απεμπλοκή του λογικού από το φυσικό, την απεξάρτηση από την φυσική ‘γραμμή’, την γραφειοκρατία, την εποχή που η ικανοποίηση πρέπει να είναι στιγμιαία και η αναμονή απαράδεκτη, που όλοι επιλέγουν το διαδίκτυο για την επικοινωνία τους, την εποχή που το Skype δεν είναι μια τεχνολογική περιέργεια, αλλά mainstream τρόπος επικοινωνίας, το να καταργείς μια υπηρεσία VoIP που έφτιαξες πριν την εποχή της (αντί να τη βελτιώνεις και να την επαυξάνεις) και να προσπαθείς να πουλήσεις παλιομοδίτικες υπηρεσίες ‘φορητότητας’ και πακέτα double play σε ανθρώπους που κατά πάσα πιθανότητα ήδη τα έχουν, φαντάζει τουλάχιστον αφελές. Και δυστυχώς, τόσο η HOL όσο και οι περισσότεροι πάροχοι στην χώρα μας, δεν έχουν καταλάβει πως ο καθένας μας χρειάζεται ΜΙΑ σύνδεση, μια γραμμή, μια υπηρεσία double ή triple play, αλλά δεκάδες υπηρεσίες πάνω από αυτές. Η σύνδεση στο διαδίκτυο είναι η μοναδική υποδομή πάνω στην οποία θέλει, μπορεί και απαιτεί να μπορεί να κάνει ο καθένας μας τα πάντα.

3 comments

« Older
Download Spinalonga's Podsafe rock music for your podcast. From Athens, Greece, with love.'