Mere hours after pressing ‘Publish’ on the previous mini-article concerning walled gardens, an article on TechCrunch, this morning, clarified the situation we have more or less been suspecting for a while now: that Apple, after deprecating UDIDs (one of the things they truly did well in iOS from the beginning), they will start rejecting apps after the backlash caused by lawsuits, noise and a few rogue developers that seemed keen to take advantage of their users and use their private information in ways they didn’t agree (and which are illegal in more ways than one).

The situation with unique device identifiers is an important one. On one hand, user privacy should be the number one concern of platform owners/builders like Apple, Google and Microsoft. It isn’t, for their software can do pretty much whatever it wants with the users’ private information, as we have seen several times these past few years. On the other, developers have many uses for an immutable, unique identifier for devices; from providing metrics for their own use, understanding the patterns of use of their applications, improving ad targeting, enforcing proper use of their applications and communities among others. Of course, it can also be a tool aiding in unsolicited tracking and profiling of users, of a range of personal information violations etc.

When Google came out with Android, they failed to provide any sort of unique device identifier of any significance to their developer community. They did provide several ways for developers to get some seemingly unique identifier, but those were easily modifiable, sometimes were not set at all or set to the same value across all devices sold by an OEM. In addition they would get reset after a factory wipe, etc. Developers resorted to DIY identifiers, scoured and composed from several unique component identifiers available to them by the system, such as the IMEI in phone devices, or the MAC address of the WiFi network interface in others. Then Google released Android 2.3 which included a unique identifier which, while better than the previous ones, was still not 100% robust.

Microsoft has belatedly joined the new-walled-garden era, first with Windows Phone 7 and now with Windows 8. The ‘new’ API and model for applications, Metro, goes one step further by not providing any single unique device identification capability to developers (there are some exceptions, but they are truly exceptional and as of right now undocumented). The only thing close to user/device authentication is ‘Microsoft Account’ (formerly Windows Live, Passport etc. etc.) integration which is probably useless for 99% of the cross-platform applications available out there, that have a need for some sort of unique identification of their users/devices.

It’s the permissions stupid.

The whole situation boils down to botched design in terms of permission control, abuse by advertising, analytics and developers and extremely late regulatory and social reaction to the above, perhaps combined with a pretty simple way to raise barriers to entry to the competition while ‘solving’ the issue of privacy. All platforms have some sort of privacy/permission control, but none have a good one. Android has a pretty comprehensive permission system that assumes that before installing an application each user bothers to read a silly list of permissions (many of which they will probably not understand) and once they accept they will perpetually want to grant all those permissions to said application. There is no fine grained permission control post installation, no possibility to grant or revoke individual permissions to applications before they are launched (something like “I would like to allow App X to use my network connection, but not my location or my address book data”). iOS is also similarly badly designed: there is no explicit permission asked or required for using the network connection, a slew of personal data, several APIs, storage etc., except for location, where iOS does a much better job than Android, probably because of the high-profile exposure that their data-collection ‘functionality’ took a few years ago. At the same time, both platforms actively transmit information gathered by your device, be it nearby BSSIDs (the identifiers of wifi networks, akin to ethernet MAC addresses) or Cell IDs (the unique identifiers of nearby cellular transmitter/antennae) so that they improve their ‘network-based’ geolocation service. Google fares better in this respect, as they allow you to disable this; Apple doesn’t, as far as I know.

Then comes Microsoft, the ailing software behemoth that only recently decided that Balmer’s rhetoric about the iPhone’s failings, the iPad not gaining any significant traction etc. was totally wrong after all, and that they should jump on the tablet bandwagon, not in the way they’ve been trying to do for about a decade, but the way Apple did with their own version of a walled garden, doing away with the desktop paradigm and providing a dumbed down, simpler interface that does away with compatibility, file-systems etc and uses a locked down, app store/marketplace based model to ensure software legitimacy and boost profits. So Windows Phone 7 and Windows 8 provide new sets of APIs and a new ‘application environment’ called Metro. In the Windows 8 version, the æsthetics borrow much more than its name from Windows Phone 7, the company’s revamped operating system for mobile phones that, while a decent effort, doesn’t seem to be doing that great on the market. Metro on Windows 8, however, is not a finished product by any means, and probably won’t be ‘finished’ (that is of a sufficiently high quality) until Windows 9 is released in a few years from now. Metro on Windows 8 also has permissions, like Android, but does away with unique device identifiers and any sort of meaningful API to get any sort of replacement of one. It also allows the user to revoke a permission (say, for the location), but only after the application has be executed, which kind of defeats the purpose.

My experience with the ‘next-generation’ platforms I have programmed on until now strongly suggests that the companies and people designing them have no idea about the implications of their work. They are experimenting, releasing APIs, platforms and products without thinking them through, or the impact their software has on the users, developers building applications using them or the overall social effect of their design decisions. In the case of Android, many more developers have access to IMEIs, MAC addresses and other, arguably much more sensitive information about devices and their users than they would have, had Google paid some attention and provided a unique, immutable pseudo-random unique device identifier from day one. It is also surprising how bad their permissions system is, given that they at least went through the trouble of designing one in the first place. In the case of Microsoft, the complete lack of such a mechanism, may eventually play its part in hurting the company’s efforts to enter the game (they already are extremely late). And finally, Apple, the market leader that did so many things right in the first place, is risking pissing off everybody from small independent companies that helped build the platform, to its greatest non-platform owning competitors that can see through the excuse of legal heat from regulators and the government, their hypocrisy on protecting the users’ privacy and who may call their action as an excuse to block them out of their platform. At the end of the day, the three big players in this market still get all your information, and their expansion into advertising, mobile payments, e-commerce and every single part of the software ecosystem possible means that they have the greatest incentive to (ab)use it.

In the end, all of the privacy problems that location, unique device identification and access to other personal information may give rise to are easily solvable by a modern, smart permission system that gives the user the power to deny, revoke or grant permissions to individual applications post installation, including system software/applications, thus creating a level playing field where the user would decide what kind of access to provide to whom. That would be a clear demonstration, on the platform owners’ part, that they truly care about users’ privacy and not just creating barriers to entry to the competition and their bottom line.

Γράφει το σχετικό άρθρο του BBC:

But to meet targets on renewable energy, the scientists say a grid is required that will take energy from the areas with an abundance of sun, wind and tidal power to those without.

Βρίσκω την ιδέα αρκετά ενδιαφέρουσα αλλά κυρίως στρατηγικά άρτια και ουσιαστικότερη, πέραν του συνηθισμένου, της αλλοτριωμένης εγχώριας σκέψης σε ό,τι αφορά την ευρύτερη ενεργειακή πολιτική της Ευρώπης αλλά και τις προοπτικές της Ελλάδος: μια μικρή χώρα με σημαντικές κοινωνικές και οικονομικές προκλήσεις που προέρχονται τόσο από τη γεωγραφία της, τον ‘πολιτισμό’ της, τα βαθιά ριζωμένα προβλήματά σε θεσμούς, νόμους και νοοτροπία όσο και από τη θέση της στην ΕΕ. Μια χώρα που τυγχάνει ιδιαίτερα ευνοϊκών χαρακτηριστικών που δυνητικά θα μπορούσαν να τη κάνουν πρωτοπόρα στον χώρο των ανανεώσιμων πηγών ενέργειας καθώς και βασικό εξαγωγέα ενέργειας στην υπόλοιπη Ευρώπη.

Ας δούμε όμως τα νούμερα: Με σαφώς μικρότερες ενεργειακές ανάγκες τον χειμώνα από τις περισσότερες χώρες της Ευρωπαϊκής Ένωσης, λόγω του Μεσογειακού κλίματος και των ήπιων χειμώνων, και συνάμα τεράστιο δυναμικό ανανεώσιμων πηγών ενέργειας [βλ. π.χ. εδώ για μια γρήγορη περιγραφή του ηλιακού ενεργειακού δυναμικού της χώρας, PDF], ο τομέας της ενέργειας θα μπορούσε κάλλιστα να αποτελέσει βασικό καταλύτη ανάπτυξης και βελτίωσης της ελληνικής επαρχίας αλλά και της οικονομίας την επόμενη εικοσαετία.
»

…or how ‘Le Sénat français a décidé de violer la législation europeénne’.

Sarkozy’s authoritarianism seems to be behind this. Yet it puzzles me how violating EU legislation can be so easily accepted by the Senate:

« 1° La suspension de l’accès au service pour une durée de trois mois à un an assortie de l’impossibilité, pour l’abonné, de souscrire pendant la même période un autre contrat portant sur l’accès à un service de communication au public en ligne auprès de tout opérateur ;

It seems to me that this is in direct violation of Amendment 138 of 2002/21/EC — you’d think they hadn’t read it:

(ga) applying the principle that no restriction may be imposed on the fundamental rights and freedoms of end-users without a prior ruling of the judicial authorities, notably in accordance with Article 11 of the Charter of Fundamental Rights of the European Union on freedom of expression and information, save when public security is threatened, in which case the ruling may be subsequent.

emphasis mine.

It’ll be interesting to see whether they actually do something with this, or whether this ‘illegal’ law will be used only as a deterrent. If they do, I’d be so happy to see someone take the French Government, their ISP and any other third party involved in this to the ECJ and win.

Η δικτυακή ουδετερότητα είναι ένα ζήτημα που φέρνει κοντά πολύ κόσμο που κατανοεί την αξία της ελευθερίας του επιχειρείν, της έκφρασης και της επικοινωνίας στο διαδίκτυο, ανεξαρτήτως της ευρύτερης ιδεολογίας του και πολιτικών θέσεων.

Θεωρητικά, η βέλτιστη προσέγγιση στο θέμα της ουδετερότητας — και με την οποία τείνω να συμφωνήσω — θέλει τη πολιτεία να εξασκεί ουσιαστικά τον ρόλο του ρυθμιστή και μετέπειτα να αφήνει την αγορά να λειτουργήσει όπως αυτή μπορεί. Πρακτικά κάτι τέτοιο είναι αδύνατο, καθώς η αγορά των τηλεπικοινωνιών είναι σαφώς ολιγοπωλιακή, με ελάχιστους συμμετέχοντες, λιγότερους κυρίαρχους και φοβερά εμπόδια εισόδου για νέες επιχειρήσεις. Στη πράξη οι πολιτικοί διεθνώς παίρνουν θέση συμμαχώντας είτε με τη Μεγάλη_Βιομηχανία είτε με τα συμφέροντα και επιθυμίες του κόσμου, όμως στην Ευρωπαϊκή Ένωση παρατηρείται κάτι διαφορετικό: μια ισορροπημένη, διπλωματική ίσως και εν γένει αόριστη φλυαρία που ευελπιστεί να καθησυχάσει τόσο τους πολίτες που αγαπούν, εργάζονται και βασίζονται στο διαδίκτυο για την ενημέρωση, επικοινωνία, ψυχαγωγία και επιμόρφωσή τους, αυτούς που μέχρι σήμερα λατρεύουν την ελευθερία που η άναρχη δομή του τους παρέχει και, στον αντίποδα, τις μέχρι σήμερα εύπορες και δικτυωμένες πολυεθνικές επιχειρήσεις που βλέπουν σε αυτή την ελευθερία το μεγαλύτερο εμπόδιο για ακόμη μεγαλύτερο κέρδος.
»