A year and a half ago, Eric Butler released a widely-discussed Firefox extension called “Firesheep“, which exploited a known weakness in many popular websites. The effect was that users could get one-click access to the accounts of other users making unencrypted connections to popular sites like Facebook or Twitter on public networks.
Firesheep worked so spectacularly because the problem it exploited was well-known among experts but poorly understood among the general public. That is to say, the problem was low-hanging fruit: even though the technology needed to hijack user sessions using cookies transmitted in the clear was universally available to the geeks with the expertise to use it, even popular sites had felt little pressure from their userbase to address the underlying problem. All Firesheep had to do was put a more usable interface on the well-understood tools, and it could catch the attention of people who weren’t previously interested in understanding the issue.
The problem that Girls Around Me has identified has the same combination of near-universal recognition in expert circles and general confusion outside of them. Most users cannot understand the privacy settings on most social networks. Worse, social network operators have a commercial incentive to make their settings deliberately confusing, and even to induce user “over-sharing”.
But once you understand the two problems, the difference between them is clear. The solution to the Firesheep problem — that sites were not using, or not using by default, encrypted connections after initial log-ins — is simple: use established encryption by default. ((In the interim, too, savvy users could install HTTPS Everywhere and protect their own connections with websites that supported encryption.)) Put another way, addressing the issue just required a bit of attention, expertise, and resources.
By contrast, the Girls Around Me problem is part of a fundamental trade-off in the way centralized corporate social networks work today. And the cost of addressing it is correspondingly high. It comes down to users controlling how their data is collected and used, a premise antithetical to the business of advertising companies like Facebook and Google.
But until it happens, and until default settings are protective of user privacy, nothing can prevent creepy situations like Girls Around Me from popping up. As long as these situations look like Girls Around Me — a publicly available application that depends on consistent API access, creeps everybody out, and gets written up in major publications — Facebook, Foursquare, et al, can address it with after-the-fact API cut-offs. But nothing prevents, say, individuals with the know-how from rolling their own stalker apps and flying under the radar.
There’s a common saying in jazz that it’s not about the notes you play, but the notes you don’t play. ((It’s sometimes attributed to Miles Davis, but who knows.))
Not only did they make an extremely compelling hour of radio about something that is really an internal affair, but they were also unusually symmetrical in their retraction; that is, they’ve given it as much space and prominence as the original story, which is admirable.
One aspect that makes the episode so interesting is the amount of silence they’ve left in the interview. When lies come to light, it’s an uncomfortable experience for everybody involved. This American Life did a great job of capturing that discomfort, and left more awkward silence than I’ve ever heard on a radio show. To get back to that jazz saying, it was the words they weren’t saying, the rests and pauses, that really told the story.
In that spirit, I’ve made a supercut of some of the longest expanses of silence on the show. I recommend listening to the full program. If you’ve already done that, you may find this interesting.
I’m sort of a QR code anti-hipster: I was into them before they were uncool. I actually think they’re a really nifty encoding that’s easy to read and write with the right tools, and useful for a handful of situations. But they’re so widely misused in marketing that most people never get to see one used properly.
But there is a way to use them properly! It’s just not the way marketers have been doing it. When is a QR code the right tool for the job? Well, it’s helpful to think about the limitations of the codes in the first place, instead of just wedging it in to every ad and package design.
The limitations
They look like robot barf. It’s true. So don’t count on it being a positive addition to packaging or ad design. If it’s useful that’s great, but it’s not a design element.
They’re almost impossible to memorize. It seems to me like a pretty bad idea to put a company or personal URL in a form that human beings can’t read. If people are already taking out their phones to scan, it’s a missed opportunity for them to write out the domain.
They are only scannable in limited circumstances. Like when people have a scanner app installed, data signal, are stationary relative to the code, and have time to take out and futz with their phone.
Almost nobody uses them. Even I know this.
Other properties
They use robust error correction. So there won’t be any typos or misread messages.
They add an extra requirement to decoding text. For marketing purposes, this is terrible. But in some circumstances, it can be useful to know that the decoder can choose not to read the message.
They’re easy to generate and scan. It doesn’t require much processing to encode or decode QR, and they can be made and read locally, without server access.
It’s easy to scan a lot of codes in a row. Scanning the first code involves taking the phone out of your pocket, selecting the app, and focusing the camera. But from there, the marginal cost is very low on additional codes.
Now, if the people using these codes thought about these qualities and picked them only when appropriate, there’d be no problem and no backlash. But alas. When might these be a good tool?
Nice uses
Cryptographic fingerprint checking. I use a great open source Android app called TextSecure, which allows you to exchange encrypted SMS with other users. But because it’s public key encryption, you have to verify the other person’s fingerprint. Fortunately, you can each just generate and scan QR codes to do so: in this case the alternative isn’t typing in a URL, but manually verifying 64 or so characters.
Sending links directly to your phone.Chrome to Phone has provided a nice alternative to this usage, but it doesn’t always do the job. Sometimes a QR code is the best way to get a URL, usually a long one, right over to the phone.
Selecting some items from a list of many. In South Korea, Tesco allows shoppers to scan codes on items in a subway ad in order to purchase them. Here the low marginal cost of code scanning comes in handy. Once the phone’s out, it makes sense to quickly scan each of them.
When “voluntary security” is an element. Weakly protecting secrets like the answers to quiz questions or hints/spoilers for a game calls for encoding that is easy to decode when wanted, and difficult until then. As long as the user isn’t accessing the content from her smartphone itself, a QR code could useful.
Accessing data which requires many dynamic URL parameters. Because it’s easy to generate QR codes for any length of URL, it could be really nifty to generate them on the spot for URLs that wouldn’t be easy to type in but that wouldn’t make sense to shorten in advance, as with URLs with many parameters. That could happen if, say, a person has selected and scanned a bunch of objects and she wants to see them in a virtual cart, or has filled out a form at an offline kiosk and needs to send the data up through their phone.
The point is, as maligned as QR codes have been recently, there are some jobs for which they’re just right. But as Jaron Lanier is quoted on the back of The Information Diet, “There is no such thing as a tool that is good even if used without conscious consideration.” The marketing guys have spoken, and they’re not ready to provide a counter-example.
Not to diminish Wikipedia’s importance in the encyclopedia world and Britannica’s decision, but there are a lot of reasons why a choice made in 1768 to distribute 32 volumes of printed book might be worth re-evaluating in 2012. Wikipedia’s open and collaborative authorship certainly has its advantages, but Carmody identifies a more important difference between the two organizations: Britannica’s business depended on the books being seen as a “marker of prestige.” As the PC toppled the encyclopedia as the “purchasable ‘edge’ for over-anxious parents,” the bundle fell apart and the value proposition no longer made sense for most of the market.
Far from being the inevitable victory of open over closed then, Britannica’s announcement represents the complex result of values decoupled. This story is especially important for independent bookstores and public libraries to understand; they are subject to the same forces.
A little over two years ago, Clay Shirky wrote a great essay about local bookstores as a social hub that speaks to this problem. In both cases, sales numbers are easily measured and easy to fixate on, but they are secondary to factors that are much less easily measured. For Britannica consumers, there’s the value of owning a 32-volume printed encyclopedia. That value might just not exist anymore; if that’s true, they’ve made the right decision to move away from a printed edition. (It’s probably true. According to the New York Times article about the announcement, less than 1% of Britannica’s revenue was coming from print sales.)
But there are still many compelling arguments for the side-effect values of a bookstore or library as an inviting physical space dedicated to the exchange of information, even as communities and their information consumption preferences change. Keeping the bookstore’s ability to deliver these values coupled with the sale of paper books would be a mistake.
Institutions like bookstores and libraries (and newspapers, record labels, movie studios, etc.) are all dealing to a greater or lesser extent with the problem of bundle failure. That is to say: they can no longer count on subsidizing the real value they deliver with more monetizable ancillary functions. Instead, they have to take a critical look at what people value about them and figure out how to charge for it.
I’m sure it was a hard decision after a quarter millennium of print, but Britannica made the right move jettisoning a product that people weren’t interested in to focus on the one that they were. I really want bookstores and libraries to continue to succeed in the years to come, in no small part because I value the products and services they provide that I can’t directly pay for. I hope they can do the introspection to separate their core values from their most easily-measured ones in order to make the difficult decisions to make it work.
I’ve been thinking a lot about two different kinds of tokens lately. One is a fare token, which I’ve been thinking about as it relates to public transit and locational privacy. Another is a currency token, which has come up in the last few weeks as I’m reading Debt by David Graeber. Obviously there’s some overlap there, but thinking about the ways in which they differ has been really interesting, and there’s enough weird history of each to fill a Thomas Pynchon novel.
Fare tokens are intriguing as artifacts of a transit system, which are pretty much always interesting to me. Like system maps, which I’ve also thought about a bit, fare tokens are necessarily unique to one place and provide a physical history of that system’s character and aesthetic. They’re also ephemeral, anonymous, and completely commoditized. There’s some sort of paradox there: something inherently interesting about objects that are so non-descript. (Rick Prelinger put it well in a story in the New York Times this weekend: “As time passes, the works we tried to junk often prove more interesting than the ones we chose to save.”)
As a privacy-preserving technology, fare tokens are great. Entrance into a public transit system should be a question of authorization: are you permitted to do what you’re trying to do? The answer to that should only be contingent on whether or not you’ve paid the fare, which is a piece of data the token can communicate just fine. Too often, though, fare systems first ask who you are. Swiping (or tapping) a fare card gives the system an identifier, which it runs against a database to see whether that identifier is tied to a paid fare. There are tempting reasons to go with the latter scheme — a lost card can be replaced because the value is recorded, and the system can gather and use data about riding patterns in order to target improvements — but there’s a trade-off with rider privacy.
(To my mind, the trade-off is akin to that between database loyalty programs, like Target’s recently documented “Guest ID” system and punch-card loyalty programs. Both provide rewards to return customers, but one is more privacy-friendly and generates less monetizable data.)
Of course, another issue with letting customers carry around the authorization information in their own token is that it depends on the issuer’s ability to reliably generate and verify their own tokens. One interesting anecdote I found out about this weekend was the New York City “Token War” with Connecticut. Tokens for Connecticut Turnpike tolls were the same size and shape as NYC subway fares but cost much less, which led to Connecticut Turnpike tokens ending up in NYCTA collection boxes. Connecticut promised to change the shape of their tokens, but failed to do so for years. I’m not sure how it ended: one NY Times article cited on the issue’s Wikipedia page but unavailable online suggests it happened when Connecticut discontinued their toll charges and paid the NYCTA for all the collected tokens; another article available online says it ended when the NYCTA rewired their turnstiles.
On the other hand, you’ve got currency tokens, which make up the field of “exonumia“. These tokens are like coins, but issued by somebody other than the government. Sometimes these tokens really take off, as in the case of the Strachan and Co Trade Tokens that were South Africa’s first circulating indigenous currency. ((It’s not often that Wikipedia disappoints, but I can’t find any real information there about these coins. Instead, there’s a charmingly Web 1.0 site, which I really like.))
In the US, there were a series of “hard-times tokens” which circulated as currency between about 1833 and 1843, and were only officially outlawed in 1857. One of the most prominent examples was the endearingly named Feuchtwanger cent, which is now pretty collectible by exonumismatists. Lewis Feuchtwanger’s story is interesting for his persistence in minting these coins and his attempts to get them recognized officially. His appeals to Congress give the story a Mr. Smith Goes to Washington vibe — a film whose plot also turns on a coin, albeit a tossed one.
In any case, the parallels between these hard-times tokens and cryptocurrencies like bitcoin seem straightforward, but they’re not ones I’ve seen pointed out elsewhere. Bitcoin’s got someproblems, but supporters who’ve read Cryptonomicon are quick to point out the benefits: things like anonymous transactions, the ground-up minting and lack of reliance on a centralized nation-state, and the security of the currency against counterfeiting. These are laudable goals, and maybe last delivered on in the hard times era. Lewis Feuchtwanger would be proud.