Who is the product? Who is the customer? Do you even care?

Facebook, how big?

Facebook has obtained more than $500M from investors to grow facebook.com to the size it is today, and has not taken a single penny from any of its users. In order to pay back the investors for their extraordinary risky investment, the investors must be looking for something like 10x cash back.  That’s more than $5 billion! Of course it’s currently valued at over $50B. Just hold that thought for a second.

Now a second thought: billions of people can use email and not have to be part of one, single, organisation. How can that be?

Email is essentially a protocol. It’s called SMTP and is described by various RFCs. Any server that supports the SMTP protocol can advertise its MX record via DNS and receive email for that domain. Any client that ‘talks’ SMTP can send email to any SMTP server (it can reach). In fact, the SMTP client (or email client) can talk to its local SMTP server which will then forward on the email to its final destination.

This is, of course, a distributed system.  Due to an open protocol anybody can set up an email server and play in the big email ecosystem. Of course, the original inventors of the SMTP protocol didn’t envisage SPAM as we know it, and thus it was designed for a naive, friendly, co-operative world, where email users wouldn’t spam each other. i.e. academia.

Facebook is set up as a business. It has its customers’ interests to serve so that it can be a profitable company and return its investors money and provide a return for its financial stakeholders. The problem is, is that Facebook users are not the customer. They are the product that is sold to the actual customers who (I suspect) are advertisers. Thus, Facebook’s values aren’t necessarily aligned with their users, which means, almost inevitably, privacy is not Facebook’s key concern.

So if with Facebook, the users are the product, what are they actually selling? The social graphs its users create, along with the logged minutiae of the their lives, could just be the product that Facebook is, and will continue, to sell to advertisers. Your privacy is Facebook’s product. Your social graph (in theory) has value to advertisers. Do you want to exchange your privacy to multitudinous corporations for free access to, well, Facebook?

But the main problem with Facebook is that, in order to do Facebook with somebody else, you have to have an account at Facebook.com. It’s a closed system. Notice the difference to email? I don’t have to have an account at (the fictitious) email.com to send emails to other people. That would be absurd!

History has a habit of repeating itself. Remember CompuServe? AOL? MSN (pre-internet)? CIX? These were all silos. CompuServe had special pages only subscribers could see. Of course, they all went the way of the dinosaur, or were heavily modified, because the Internet was more useful. And Facebook is simply a better CompuServe or AOL.

Still, you may ask, “what’s wrong with a better AOL or CompuServe?”

Proprietary Silo vs Open Data and Open Protocols

Before answering that question, let’s consider what the alternative to Facebook or Twitter would be like. By way of analogy let’s look at Twitter vs status.net.

Twitter and status.net basically do the same thing: they are broadcast micro-blogging systems that let you send the equivalent of an SMS over the Internet to your followers. The best known example of status.net is identi.ca.

If you want to be part of the Twitter-verse you have to get an account at the sole provider of twitter-ness: twitter.com. Every tweet you send goes through twitter.com, is stored there, analysed and also provided to other (rich) organizations via the Twitter fire-hose. Not a great deal of privacy there, apart from the notional privacy that you can ‘protect’ your account. It’s still going through twitter.com.

status.net is like Twitter except that it is both an Open Source project and a Open set of Protocols. The difference is that status.net is like email; it’s a protocol that anybody can implement. You could subscribe to any status.net server and still be followed by any other status.net user in the world. Therefore, your tweets, or rather dents would only go through the distributed servers, the same as email today.

Another advantage of a distributed network is that it’s more resilient to failure. Twitter went down on Christmas day because every tweet goes through twitter. Email didn’t go down, except maybe a few distributed nodes did – but email didn’t fail en masse.

So back to Facebook and silos? I definitely want to put an activity stream (or lifestream) on the web. I currently use twitter for that because so many of my friends do. I also want to be able to put the odd photo up, publish a free/busy calendar, and enable old friends and new ones to find me and get in contact. But I don’t want Facebook to own that information. I want to own it. I want it under my own control, possibly in my own appliance running somewhere on the net. A distributed system that talks to other systems to exchange the data all under my control, with my privacy settings which won’t suddenly change because an over-arching corporation needs to sell more of my privacy.

Of course, it is coming, and there’s even some competition in the space. onesocialweb and Diaspora are both trying to solve the Facebook problem. The Freedom Box project, inspired by Eben Moglen, is also trying to work in that space. These will be tools that work in a distributed fashion.

When will it displace Facebook and Twitter? I think the jury is definitely out on that one; AOL, MSN, Compuserve, MySpace: the Internet is littered with the corpses of previously all-mighty corporations that owned the space.

Personally, I want Facebook to fail. I want a future where people control their own information. I want the semantic web and the power of pull, not the push-web. I want my appliance with my data and my control and I’m prepared to pay for it. I guess I’m going to have to wait a bit!

There’s just something very wrong with the banking industry. In virtually every other industry corporate failure (or basically going bust) is the market punishing poor decision making by that organisation’s management. It’s a good thing. A company makes some bad decisions and the people in charge get feedback about those decisions in their company losing customers, money, both or even just going bust. A company making good decisions is rewarded in the market and keeps going.

And a company going bust is actually good feedback; it’s doing something wrong in the market. The people working in it should be released back into the labour pool where they can be employed by other companies that are making the right decisions in the market. This, of course, requires a near-perfect market where lots of little companies are providing services in the market.

However, in the UK, Northern Rock, RBS, Lloyds et al. made incredibly poor decisions about how to invest their money.  The lost staggering amounts of money on their little pyramid scheme when over-inflated property prices crashed and mortgages were defaulted on by people who should never have been given the mortgage in the first place.  Pure Greed.  But it would’ve been okay if their gambling had paid off.  They didn’t, and the banks didn’t get to feel the pain of their mistakes.  And that’s because, we, the tax payer bailed every-last-one-of-them out.

So they’ve learnt nothing. In fact they’ve been rewarded for their incompetence. Not only do the banks get to lose bigger-than-telephone-number amounts of money, but they now know, if they do, they’ll simply get their customers to bail them out one way or another.

What’s the solution? I don’t know, but one method might be to make them small enough so that when they fail, we get a ripple and not a tsunami. And maybe regulate them so that the gamblers don’t get to take down the mortgage providers, day-to-day business providers, and the consumer/retail banks. Obviously, it’s more complex than this, but it might be a step in the right direction.

Apparently, said buskers have to audition for a place in the city so that they can play! This is to ensure that they are up to scratch and fit with the city.

I’m frankly astonished that councils would have a busking policy, auditioning buskers, probably having an council officer administer the policy and then having various people checking that buskers have a license. What a waste of money. Let the market decide. Bad buskers will not get any money and move on. Good ones will earn money and stay. The public can decide.

Thankfully, Newcastle upon Tyne has a sensible attitude; apparently, it doesn’t believe that busking is something that should be licensed.

Don’t get me wrong; I think Alexander Hanff does great work campaigning on privacy issues.  I just wonder if, in this case, he’s seeing stuff that simply isn’t there.

For anyone who doesn’t know, Googlegate is about Google collecting un-encrypted WiFi data whilst roaming the streets with their StreetView project. Apparently, according to Privacy International et al., they have been doing this with criminal intent to record the bits of data intentionally so that they can find out more about us.

It appears that, whilst driving along, the software listened for WiFi broadcasts, discarded ALL those that were encrypted, and stored the packets, in entirety, of those that were not encrypted. This, according to conspiracy theory, means they knew that they couldn’t use the encrypted ones, and therefore were intentionally storing the unencrypted ones, even though they could have got the SSID from the encrypted WiFi broadcasts. This is the smoking gun.

Personally, I have no idea what Google were thinking, but I’m going to hazard some guesses.

WiFi access points. What kind are generally encrypted and what kind are generally open? Most home routers supplied by networks to consumers in the last few years are almost always encrypted now. If you buy off the shelf then you have to make a choice on whether to encrypt. Every Starbucks, hotel, cafe, airport, and other public access WiFi is unencrypted. Unencrypted WiFi seems like an invitation to join it, doesn’t it? It’s providing a service that you can connect to.

If I was writing software I’d probably make the decision that if anybody bothers to encrypt their WiFi then they probably don’t want their SSID used either. Hence I’d discard those packets. Also, for my roving software, to keep it simple, I’d probably just store the whole packet and pull out the SSID later during analysis. Storage is cheap. It’s easier to do, and you’d want your 24/7 software to be simple just so that it stands a better chance of not crashing. And, if it’s simpler, then it’s quicker and cheaper to write and test. Particularly if the brief is: “collect the SSIDs and geolocations of unencrypted WiFi stations”.

Why collect the SSIDs in the first place? Android phones and location services. It seems to me that it’s simply about better location services and getting more accuracy. Cell towers + SSIDs helps to place you on the map.

Should Google be collecting all this data in secret? No, I don’t think so. Are they an evil company? No, I doubt that too. Are they a large (huge?) organisation intent on making a profit? Damn right, and that’s something we should worry about. Have they got a good privacy record? Not really, especially after the Buzz debacle. Should we watch them like a hawk? Definitely. Was Google stupid? Without a doubt. But are they criminal?

My wife talks about ‘cock-up or conspiracy’. It’s a bit like ‘never attribute to malice what can adequately be attributed to stupidity’. I think Google cocked up, not that it was some conspiracy to collect our WiFi transmissions and analyse them. Still, paranoid people tend to see conspiracies everywhere.

Piracy evokes images of beards and cutlasses on the high seas, where pirates board ships, steal galleons and generally go about their pirating business.  Updated to modern times, it involves boarding ships with guns and knives, kidnapping crews and demanding vast ransoms for the return of said crew, ship and contents.  Nowhere in these scenarios is piracy the same as copying a digital file.

Piracy != copyright infringement and sticking ‘digital’ in front of it doesn’t either.  Copyright infringement is not the same as ‘stealing’ or ‘theft’.  If I steal something from you, I deprive you of the use of whatever it is I’ve stolen.  If I copy a file, YOU still have the original, and can do everything that you could originally do with it.

So why are they using the word ‘piracy’?  Well it could be so that the media want people to think of copyright infringement as ‘theft’, want us to draw an equivalence with stealing, want us to think it is as bad as real piracy.  But what copyright infringement really is is the civil infringement of a monopoly granted by the government to groups that publish works.  I’ll say it again. It’s a government granted monopoly on creating artificial scarcity in order to extract proportionately higher ‘rents’ or profits than could otherwise be achieved.  It was given to printers in the 18th century to stop cheap knockoffs and encourage them to print books.  It’s got about as much relevance to the 21st century as the law about having a man with a red flag walk in front of a car did in the 20th centuary.

And the Digital Economy Bill?  Don’t get me started. I’ll just end with this:

“a bill proposed by the unelected, debated by the ignorant and voted on by the absent” #debill /via @Glinner & @alnya /via @davidwren