HP‘s TouchPad and Palm devices may be long and gone, but webOS
(the mobile OS that these devices ran off of) has been alive and well
despite its hardware extinction, mostly thanks to its open-source
status. Open webOS, as its now called, went into beta in August, and now a month later, a final stable build is ready for consumption as version 1.0.
The 1.0 release offers some changes that the Open webOS team hopes
will offer major new capabilities for developers. The team also mentions
that over 75 Open webOS components have been delivered over the past 9
months (totaling over 450,000 lines of code), which means that Open
webOS can now be ported to new devices thanks to today’s 1.0 release.
In the video below, Open webOS architect Steve Winston demoes the
operating system on a HP TouchSmart all-in-one PC. He mentions that it
took the team just “a couple of days” to port Open webOS to the PC that
he has in front of him. The user interface doesn’t seem to be performing
super smoothly, but you can’t really expect more out of a 1.0 release.
Winston says that possible uses for Open webOS
include kiosk applications in places like hotels, and since Open webOS
is aimed to work on phones, tablets, and PCs, there’s the possibility
that Open webOS could become an all-in-one solution for kiosk or
customer service platforms for businesses. Obviously, version 1.0 is
just the first step, so the Open webOS team is just getting started with
this project and they expect to only improve on it and add new features
as time goes on.
A few months after the iPad came out, computer makers who had made
convertible laptops started phasing them out, believing the iPad usurped
their need. What's old is new again: several computer makers are
planning to introduce new Windows 8 convertible laptops soon after Microsoft makes the OS official on October 26.
I agree with the assessment that the iPad stymied the need for
convertible laptops; if you need a keyboard with the
lighter-than-a-convertible iPad, or even an Android tablet, you could
buy an auxiliary Bluetooth QWERTY keypad. In fact, your bag would
probably be lighter with an iPad and an ultrabook both contained
therein, as opposed to a single convertible laptop.
But if these new hybrids succeed, we can't keep calling them
"convertible laptops" (for one thing, it takes too long to type). So,
I'm inventing a new name for these sometimes-a-laptop,
sometimes-a-tablet combo computers.
"Laptabs!"
It's a name I'd trademark if I could (I wish I'd made up "phablet,"
for instance). Please cite me if you use it. (And don't get dyslexically
clever and start calling them "tablaps" — I'm claiming that
portmanteau, too.)
Here's the convertible rundown on the five laptabs I found during
last months IFA electronics showcase in Berlin, Germany — some have
sliding tops and some have detachable tabs, but they're all proper
laptabs.
1. Dell XPS Duo 12 It looks like a regular clamshell at first
glance, but the 12.5-inch screen pops out and swivels 360 degrees on its
central horizontal axis inside the machined aluminum frame, then lies
back-to-front over the keyboard to create one fat tablet. The idea isn't
exactly original — the company put out a 10.1-inch Inspiron Duo netbook
a few years back with the same swinging configuration, but was
discontinued when the iPad also killed the netbook.
2. HP Envy X2 Here's a detachable tablet laptab with an
11.6-inch snap-off screen. Combined with its keyboard, the X2 weighs a
whopping 3.1 pounds; the separated screen/tablet tips the scales at just
1.5 pounds. Its heavier-than-thou nature stems from HP building a
battery into both the X2's keyboard and the screen/tablet. HP didn't
have a battery life rating, only saying the dual configuration meant it
will be naturally massive.
3. Samsung ATIV Smart PC/Smart PC Pro Like the HP, Samsung's
offering has an 11.6-inch screen that pops off the QWERTY keypad. The
Pro sports an Intel Core i5 processor, measures 11.9 mm thick when
closed and will run for eight hours on a single charge, while its
sibling is endowed with an Intel Core i3 chip, measures a relatively
svelte 9.9mm thin and operates for a healthy 13.5 hours on its battery.
4. Sony VAIO Duo 11 Isn't it odd that Sony and Dell came up
with similar laptab appellations? Or maybe not. The VAIO Duo 11 is
equipped with an 11.1-inch touchscreen that slides
flat-then-back-to-front so it lies back-down on top of the keypad. You
also get a digitizer stylus. Sony's Duo doesn't offer any weight
advantages compared to an ultrabook, though, which I think poses a
problem for most of these laptabs. For instance, both the Intel i3 and
i5 Duo 11 editions weigh in nearly a half pound more than Apple's
11-inch Mac Book Air, and at 2.86 pounds, just 0.1 pounds lighter than
the 13-inch MacBook Air.
5. Toshiba Satellite U920t Like the Sony Duo, the Satellite
U920t is a back-to-front slider, but lacks the seemingly overly complex
mechanism of its sliding laptab competitor. Instead, you lay the U920t's
12.5-inch screen flat, then slide it over the keyboard. While easier to
slide, it's a bit thick at 19.9 mm compared to Duo 11's 17.8 mm depth,
and weighs a heftier 3.2 pounds.
Choices, Choices And More Choices
So: a light ultrabook, or a heavier laptab? And once you pop the tab
top off the HP and Samsung when mobile, your bag continues to be weighed
down by the keyboard, obviating the whole advantage of carrying a
tablet.
In other words, laptabs carry all the disadvantages of a heavier
laptop with none of the weight advantages of a tablet. Perhaps there are
some functionality advantages by having both; I just don't see these
worth a sore back.
Check out the gallery below for a closer look at each laptab written about here.
"It's the first time that such a system has been tried outdoors," said biologist Jean-Marc Landry, who took part in testing on a Swiss meadow this week. In the trial, reported by the country's news agency ATS, around 10 sheep were each equipped with a heart monitor before being targeted by a pair of Wolfdogs -- both of which were muzzled. During the experiment, the change in the flock's heartbeat was found to be significant enough to imagine a system whereby the sheep could be fitted with a collar that releases a repellent to drive the wolf away, while also sending an SMS to the shepherd. The device is aimed at owners of small flocks who lack the funds to keep a sheepdog, Landry said, adding that it could also be used in tourist areas where guard dogs are not popular. A prototype collar is expected in the autumn and testing is planned in Switzerland and France in 2013. Other countries including Norway are said to be interested. The issue of wolves is a divisive one in Switzerland where the animals appear to be back after a 100-year absence. On July 27 a wolf killed two sheep in St Gall, the first such attack in the eastern canton. (c) 2012 AFP
sheep to warn shepherds of wolf attacks by SMS
August 4, 2012
Testing is under way in Switzerland where sheep can alert shepherds of an imminent wolf attack by text message
Enlarge
"It's the first time that
such a system has been tried outdoors," said biologist Jean-Marc Landry,
who took part in testing on a Swiss meadow this week.
In the trial, reported by the country's news agency ATS, around 10 sheep
were each equipped with a heart monitor before being targeted by a pair
of Wolfdogs -- both of which were muzzled.
During the experiment, the change in the flock's heartbeat was found to
be significant enough to imagine a system whereby the sheep could be
fitted with a collar that releases a repellent to drive the wolf away,
while also sending an SMS to the shepherd.
The device is aimed at owners of small flocks who lack the funds to keep
a sheepdog, Landry said, adding that it could also be used in tourist
areas where guard dogs are not popular.
A prototype collar is expected in the autumn and testing is planned in
Switzerland and France in 2013. Other countries including Norway are
said to be interested.
The issue of wolves is a divisive one in Switzerland where the animals
appear to be back after a 100-year absence.
On July 27 a wolf killed two sheep in St Gall, the first such attack in
the eastern canton.
(c) 2012 AFP
"It's the first time that
such a system has been tried outdoors," said biologist Jean-Marc Landry,
who took part in testing on a Swiss meadow this week.
In the trial, reported by the country's news agency ATS, around 10 sheep
were each equipped with a heart monitor before being targeted by a pair
of Wolfdogs -- both of which were muzzled.
During the experiment, the change in the flock's heartbeat was found to
be significant enough to imagine a system whereby the sheep could be
fitted with a collar that releases a repellent to drive the wolf away,
while also sending an SMS to the shepherd.
The device is aimed at owners of small flocks who lack the funds to keep
a sheepdog, Landry said, adding that it could also be used in tourist
areas where guard dogs are not popular.
A prototype collar is expected in the autumn and testing is planned in
Switzerland and France in 2013. Other countries including Norway are
said to be interested.
The issue of wolves is a divisive one in Switzerland where the animals
appear to be back after a 100-year absence.
On July 27 a wolf killed two sheep in St Gall, the first such attack in
the eastern canton.
(c) 2012 AFP
sheep to warn shepherds of wolf attacks by SMS
August 4, 2012
Testing is under way in Switzerland where sheep can alert shepherds of an imminent wolf attack by text message
Enlarge
Facedeals - a new
camera that can recognise shoppers from their Facebook pictures as they
enter a shop, and then offer them discounts
A promotional video created to promote the concept shows drinkers
entering a bar, and then being offerend cheap drinks as they are
recognised.
'Facebook
check-ins are a powerful mechanism for businesses to deliver discounts
to loyal customers, yet few businesses—and fewer customers—have realized
it,' said Nashville-based advertising agency Redpepper.
They are already trialling the scheme in firms close to their office.
'A search for businesses with active deals in our area turned up a measly six offers.
'The
odds we’ll ever be at one of those six spots are low (a strip club and
photography studio among them), and the incentives for a check-in are
not nearly enticing enough for us to take the time.
'So we set out to evolve the check-in and sweeten the deal, making both irresistible.
'We call it Facedeals.'
The Facedeal camera can identify faces when
people walk in by comparing Facebook pictures of people who have signed
up to the service
Facebook recently hit the
headlines when it bought face.com, an Israeli firm that pioneered the
use of face recognition technology online.
The social networking giant uses the software to recognise people in uploaded pictures, allowing it to accurately spot friends.
The software uses a complex algorithm to find the correct person from their Facebook pictures
The Facebook camera requires people to have authorised the Facedeals app through their Facebook account.
This verifies your most recent photo tags and maps the biometric data of your face.
The system then learns what a user looks like as more pictures are approved.
This data is then used to identify you in the real world.
In a demonstration video, the firm behind the
camera showed it being used to offer free drinks to customers if they
signed up to the system.
The first crypto war revolved around the hardware-based Clipper Chip
and coercing companies to deploy broken encryption with backdoors to
enable domestic State spying. Fortunately, the good guys won.
The next crypto war is still a war of the government against its own
citizens but this time enlisting the corporations, including social
networks, as direct agents of the State. What some have dubbed Crypto Wars 2.0 manifests itself in the current litany of legislative acronyms designed to confuse and befuddle.
Sometimes I think legislative bills are named with a Twitter hashtag
in mind. Although it doesn’t always work out favorably for the name
deciders, hashtags do generally assist in the coalescing of Internet
organizers around the world. Since passage of the Cyber Intelligence Sharing and Protection Act by the U.S. House of Representatives in April, #CISPA has been everywhere. Thankfully, twin legislative initiatives SOPA and PIPA were dropped in January. Also, let’s not forget the gradual expansion of CALEA and the Lieberman-Collins Cyber Security Act and the NSA-centric McCain Cybersecurity Act.
Even the seemingly unpatriotic USA PATRIOT Act of 2001 is a garbled backronym that would make George Orwell proud: Uniting (and) Strengthening America (by) Providing Appropriate Tools Required (to) Intercept (and) Obstruct Terrorism Act.
The Electronic Frontier Foundation recently posted an FAQ
arguing that CISPA would allow companies to review and then to hand
over customers’ personal information, logs, and email to the government.
That is a fairly broad and comprehensive mandate.
What has gone largely unnoticed in this torrent of analysis, however,
is that privacy tools for individuals already exist and they have so
for many years! Quietly anticipating encroachment against basic Internet
liberties, concerned cyber privacy advocates has been coding and
releasing the tools that allow for private electronic communication and
private web surfing. Proposed legislation like CISPA may or may not pass
and become law, but if it does we have to understand the new landscape.
Your privacy is up to you!
1. Email Privacy – Naked email is like a postcard for anyone to read. Pretty Good Privacy
(PGP), an open source software program created by Phil Zimmermann in
1991, is the global standard for point-to-point encrypted and
authenticated email. Hushmail is an OpenPGP-compatible web-based email platform that does not have access to your user password for decryption. Both products, when used correctly, offer subpoena-proof email communication.
2. File Privacy – Your files might be
stored in the encrypted cloud but that doesn’t mean that they’re 100%
safe for your eyes only. Free and open-source TrueCrypt allows you to encrypt folders or entire drives locally prior to syncing with Dropbox. BoxCryptor also facilitates local file encryption prior to cloud uploading and it comes with added compatibility for Android and iOS.
There is an alternative to the dual-application process described
above. Although most cloud-based storage services transfer over an
encrypted session and store data in an encrypted form, the files are
still accessible to the service provider which makes the data vulnerable
to court-ordered subpoena. In order to rectify this, two different zero-knowledge data storage companies provide secure online data backup and syncing – SpiderOak and Wuala. For obvious reasons, there is no password recovery and employees have zero access to your data.
3. Voice Privacy – Wiretapping will become more prevalent in the days and months ahead. From the creator of PGP, Zfone is a new secure VoIP phone software product utilizing a protocol called ZRTP which lets you make encrypted phone calls over the Internet. The project’s trademark is “whisper in someone’s ear from a thousand miles away.” You can listen to Zimmermann present Zfone at DEFCON 15.
Also utilizing ZRTP, open-source Jitsi
provides secure video calls, conferencing, chat, and desktop sharing.
Because of security issues and lawful interception, Tor Project’s Jacob
Appelbaum recommends using Jitsi instead of Skype.
Designed specifically for mobile devices and utilizing ZRTP, open-source RedPhone from Whisper Systems is an application that enables encrypted voice communication between RedPhone users on Android.
4. Chat Privacy – Encrypting your chat or instant messaging sessions is just as important as encrypting your email. Cryptocat
establishes a secure, encrypted chat session that is not subject to
commercial or government surveillance. Similar to Cryptocat, the older
and more durable Off-the-record Messaging (OTR) cryptographic protocol generates new key pairs for every chat implementing a form of perfect forward secrecy and deniable encryption. It is available via Pidgin plugin.
5. Traffic Privacy – The final step in the process is geo-privacy, which refers to the protection of ‘information privacy’ with regard to geographic information. Virtual Private Networks, or VPNs, have been used consistently for anonymous web browsing and IP address masking. Just make sure that your VPN provider does not log IP addresses and that they accept a form of payment that does not link you to the transaction.
Additionally, the Tor Project
provides free software and an open network for privacy-oriented
Internet usage. Intended to protect users’ personal freedom, privacy,
and ability to conduct confidential business, Tor (The onion router) is a
system that improves online anonymity by routing Internet traffic
through a worldwide volunteer network of layering and encrypting servers
which impedes network surveillance or traffic analysis.
I encourage everyone to become familiar with these basic tools for
privacy. The important disclaimer is that in order to circumvent these
privacy technologies, your password can be obtained in a variety of ways
that are extremely intrusive and beyond the realm of casual day-to-day
usage, such as hardware keyloggers
or ceiling-mounted cameras. Furthermore, browser-based cryptography
carries the added risk of spoofed applets being delivered to your
desktop by court order or by malicious actors but this risk can be
mitigated by maintaining trusted source code locally or by verifying
compiled code against a digital signature. The mission statement from
Tor Project director Jacob Appelbaum still stands, “Make the metadata
worthless essentially for people that are surveilling you.”
Interior navigation is only just coming into its own,
but IndoorAtlas has developed a technology that could make it just as
natural as breathing -- or at least, firing up a smartphone's mapping
software. Developed by a team at Finland's University of Oulu,
the method relies on identifying the unique geomagnetic field of every
location on Earth to get positioning through a mobile device. It's not
just accurate, to less than 6.6 feet, but can work without help from wireless signals
and at depths that would scare off mere mortal technologies:
IndoorAtlas has already conducted tests in a mine 4,593 feet deep.
Geomagnetic location-finding is already available through an Android
API, with hints of more platforms in the future. It will still need some
tender loving care from app developers before we're using our
smartphones to navigate through the grocery store as well as IndoorAtlas
does in a video
He called himself “MSP,” and he appeared out of nowhere, launching a
one-man flame war against a sacred cow of hardcore computing: the
command line.
The venue was TuxRadar, a news and reviews site that shines a
spotlight on the Linux operating system and other open source software.
The site had just published a piece
in praise of the command line — where you interact with a computer by
passing it line after line of text, rather than using a graphical user
interface, or GUI. “The command line isn’t a crusty, old-fashioned way
to interact with a computer, made obsolete by GUIs, but rather a
fantastically flexible and powerful way to perform tasks,” the site
said.
Then MSP appeared with his flame thrower. “There seem to be a number
of obvious errors in the introduction to this article,” he wrote. “The
command line is a crusty, old-fashioned way to interact with a computer,
made obsolete by GUIs, but a small hardcore of people who refuse to
move on still use it.”
As he likely expected, the Linux-happy commenters at TuxRadar didn’t
take kindly to his “corrections.” Dozens vehemently defended the command
line, insisting it still has a very important place in the world of
computing. And they’re right. Though the average computer user has no
need for a command line, it’s still an essential tool for developers and
system adminstrators who require access to guts of our machines — and
it’s not going away anytime soon.
“People drive cars with steering wheels and gas pedals. Does that
mean you don’t need wrenches?” says Rob Pike, who was part of the team
at Bell Labs that developed the UNIX operating system and now works at
Google, where he oversaw the creation of the Go programming language.
Back in ’70s and early ’80s, if you used a computer, you used a
command line. DOS — the disk operating system that runs atop IBM PCs —
used a command line interface, and that’s what UNIX used too. But then
came the Apple Macintosh and Microsoft Windows, and by the mid-’90s,
most of us had moved to GUIs. The GUI is more effective when you’re
navigating an operating system you’re not exactly familiar with, but
also when you’re typing large amounts of text. Your word processor, for
instance, uses a WYSIWYG, or what-you-see-is-what-you-get graphical
interface.
“Try creating a complex document in a mark-up language using a text
editor,” writes one commenter on TuxRadar. “It can be done, but
generally using a graphical WYSIWYG interface is a far faster and
accurate approach.”
GUIs have even reinvented the world of software development,
beginning with tools like Visual Basic, before extending coding tasks to
the average joe with new-age tools such as Scratch and Google’s App Inventor.
But among hardcore computer types — i.e., the audience reading
TuxRadar — the command line persists. If you’re a developer or a
sysadmin, there are times when it makes more sense to use the command
line interface, or “shell,” built into operating systems like Linux and
UNIX. “It depends on what you’re doing,” Pike tells Wired. “All
computing, at some level, is abstraction and yet deep down beneath there
are hardware instructions doing the job. It depends on the level you’re
working at.”
In some cases, command line interfaces provide access to lower levels
of a machine’s software and hardware. And they’re often easier to
manipulate with “scripts,” mini text programs that automate processes
for system adminstrators and others.
“Anyone insisting the command line is a relic of a by-gone time is
hopelessly deluded,” argues another commenter in the Tuxradar debate. “I
have a very nice [desktop] set up at home, with lots of graphical
applications, but I just find it quicker to write scripts and use the
shell than to hunt through menus to find what I want.”
But in other cases, geeks like command lines just because you have to
know what you’re doing to use it. You have to know the commands. You
can’t hunt and peck like you do with a GUI.
Pike calls the kerfuffle sparked by MSP a “sterile debate.” But MSP
insists that the command line should disappear. The problem, he writes,
is that GUIs just aren’t as effective as they should be. “When people
using a particular system say ‘the command line is better because it can
do things you can’t do in the GUI’ they are not talking about the
strengths of the command line interface, but about the shortcomings in
the GUI,” he says.
OK. Fine. But until the GUI evolves again, the command is here to stay.
The techno-wizards over at Google X, the company's R&D laboratory working on its self-driving cars and Project Glass,
linked 16,000 processors together to form a neural network and then had
it go forth and try to learn on its own. Turns out, massive digital
networks are a lot like bored humans poking at iPads.
The pretty amazing takeaway here is that this 16,000-processor neural
network, spread out over 1,000 linked computers, was not told to look
for any one thing, but instead discovered that a pattern revolved around cat pictures on its own.
This happened after Google presented the network with image stills
from 10 million random YouTube videos. The images were small thumbnails,
and Google's network was sorting through them to try and learn
something about them. What it found — and we have ourselves to blame for
this — was that there were a hell of a lot of cat faces.
"We never told it during the training, 'This is a cat,'" Jeff Dean, a Google fellow working on the project, told the New York Times. "It basically invented the concept of a cat. We probably have other ones that are side views of cats."
The network itself does not know what a cat is like you and I do. (It
wouldn't, for instance, feel embarrassed being caught watching
something like this
in the presence of other neural networks.) What it does realize,
however, is that there is something that it can recognize as being the
same thing, and if we gave it the word, it would very well refer to it
as "cat."
So, what's the big deal? Your computer at home is more than powerful
enough to sort images. Where Google's neural network differs is that it
looked at these 10 million images, recognized a pattern of cat faces,
and then grafted together the idea that it was looking at something
specific and distinct. It had a digital thought.
Andrew Ng, a computer scientist at Stanford University who is
co-leading the study with Dean, spoke to the benefit of something like a
self-teaching neural network: "The idea is that instead of having teams
of researchers trying to find out how to find edges, you instead throw a
ton of data at the algorithm and you let the data speak and have the
software automatically learn from the data." The size of the network is
important, too, and the human brain is "a million times larger in terms
of the number of neurons and synapses" than Google X's simulated mind,
according to the researchers.
"It'd be fantastic if it turns out that all we need to do is take
current algorithms and run them bigger," Ng added, "but my gut feeling
is that we still don't quite have the right algorithm yet."
At today’s hearing
of the Subcommittee on Intellectual Property, Competition and the
Internet of the House Judiciary Committee, I referred to an attempt to
“sabotage” the forthcoming Do Not Track standard. My written testimony
discussed a number of other issues as well, but Do Not Track was
clearly on the Representatives’ minds: I received multiple questions on
the subject. Because of the time constraints, oral answers at a
Congressional hearing are not the place for detail, so in this blog
post, I will expand on my answers this morning, and explain why I think
that word is appropriate to describe the current state of play.
Background
For years, advertising networks have offered the option to opt out
from their behavioral profiling. By visiting a special webpage provided
by the network, users can set a browser cookie saying, in effect, “This
user should not be tracked.” This system, while theoretically offering
consumers choice about tracking, suffers from a series of problems that
make it frequently ineffective in practice. For one thing, it relies
on repetitive opt-out: the user needs to visit multiple opt-out pages, a
daunting task given the large and constantly shifting list of
advertising companies, not all of which belong to industry groups with
coordinated opt-out pages. For another, because it relies on
cookies—the same vector used to track users in the first place—it is
surprisingly fragile. A user who deletes cookies to protect her privacy
will also delete the no-tracking cookie, thereby turning tracking back
on. The resulting system is a monkey’s paw: unless you ask for what you want in exactly the right way, you get nothing.
The idea of a Do Not Track header gradually emerged
in 2009 and 2010 as a simpler alternative. Every HTTP request by which
a user’s browser asks a server for a webpage contains a series of headers
with information about the webpage requested and the browser. Do Not
Track would be one more. Thus, the user’s browser would send, as part
of its request, the header:
DNT: 1
The presence of such a header would signal to the website that the
user requests not to be tracked. Privacy advocates and technologists
worked to flesh out the header; privacy officials in the United States
and Europe endorsed it. The World Wide Web Consortium (W3C) formed a
public Tracking Protection Working Group with a charter to design a technical standard for Do Not Track.
Significantly, a W3C standard is not law. The legal effect of Do Not
Track will come from somewhere else. In Europe, it may be enforced directly on websites under existing data protection law. In the United States, legislation has been introduced in the House and Senate
that would have the Federal Trade Commission promulgate Do Not Track
regulations. Without legislative authority, the FTC could not require
use of Do Not Track, but would be able to treat a website’s false claims
to honor Do Not Track as a deceptive trade practice. Since most online
advertising companies find it important from a public relations point
of view to be able to say that they support consumer choice, this last
option may be significant in practice. And finally, in an important recent paper,
Joshua Fairfield argues that use of the Do Not Track header itself
creates an enforceable contract prohibiting tracking under United States
law.
In all of these cases, the details of the Do Not Track standard will
be highly significant. Websites’ legal duties are likely to depend on
the technical duties specified in the standard, or at least be strongly
influenced by them. For example, a company that promises to be Do Not
Track compliant thereby promises to do what is required to comply with
the standard. If the standard ultimately allows for limited forms of
tracking for click-fraud prevention, the company can engage in those
forms of tracking even if the user sets the header. If not, it cannot.
Thus, there is a lot at stake in the Working Group’s discussions.
Internet Explorer and Defaults
On May 31, Microsoft announced that Do Not Track would be on by default
in Internet Explorer 10. This is a valuable feature, regardless of how
you feel about behavioral ad targeting itself. A recurring theme of
the online privacy wars is that unusably complicated privacy interfaces
confuse users in ways that cause them to make mistakes and undercut
their privacy. A default is the ultimate easy-to-use privacy control.
Users who care about what websites know about them do not need to
understand the details to take a simple step to protect themselves.
Using Internet Explorer would suffice by itself to prevent tracking from
a significant number of websites.
This is an important principle. Technology can empower users to
protect their privacy. It is impractical, indeed impossible, for users
to make detailed privacy choices about every last detail of their online
activities. The task of getting your privacy right is profoundly
easier if you have access to good tools to manage the details.
Antivirus companies compete vigorously to manage the details of malware
prevention for users. So too with privacy: we need thriving markets in
tools under the control of users to manage the details.
There is immense value if users can delegate some of their privacy
decisions to software agents. These delegation decisions should be dead
simple wherever possible. I use Ghostery
to block cookies. As tools go, it is incredibly easy to use—but it
still is not easy enough. The choice of browser is a simple choice, one
that every user makes. That choice alone should be enough to count as
an indication of a desire for privacy. Setting Do Not Track by default
is Microsoft’s offer to users. If they dislike the setting, they can
change it, or use a different browser.
The Pushback
Microsoft’s move intersected with a long-simmering discussion on the
Tracking Protection Working Group’s mailing list. The question of Do
Not Track defaults had been one of the first issues the Working Group raised when it launched in September 2011. The draft text that emerged by the spring remains painfully ambiguous on the issue. Indeed, the group’s May 30 teleconference—the
day before Microsoft’s announcement—showed substantial disagreement
about defaults and what a server could do if it believed it was seeing a
default Do Not Track header, rather than one explicitly set by the
user. Antivirus software AVG includes a cookie-blocking tool
that sets the Do Not Track header, which sparked extensive discussion
about plugins, conflicting settings, and explicit consent. And the last
few weeks following Microsoft’s announcement have seen a renewed debate
over defaults.
Many industry participants object to Do Not Track by default.
Technology companies with advertising networks have pushed for a crucial
pair of positions:
User agents (i.e. browsers and apps) that turned on Do Not Track by default would be deemed non-compliant with the standard.
Websites that received a request from a noncompliant user agent would be free to disregard a DNT: 1 header.
This position has been endorsed by representatives the three
companies I mentioned in my testimony today: Yahoo!, Google, and Adobe.
Thus, here is an excerpt from an email to the list by Shane Wiley from Yahoo!:
If you know that an UA is non-compliant, it should be fair to NOT
honor the DNT signal from that non-compliant UA and message this back to
the user in the well-known URI or Response Header.
Here is an excerpt from an email to the list by Ian Fette from Google:
There’s other people in the working group, myself included, who feel that
since you are under no obligation to honor DNT in the first place (it is
voluntary and nothing is binding until you tell the user “Yes, I am
honoring your DNT request”) that you already have an option to reject a
DNT:1 request (for instance, by sending no DNT response headers). The
question in my mind is whether we should provide websites with a mechanism
to provide more information as to why they are rejecting your request, e.g.
“You’re using a user agent that sets a DNT setting by default and thus I
have no idea if this is actually your preference or merely another large
corporation’s preference being presented on your behalf.”
And here is an excerpt from an email to the list by Roy Fielding from Adobe:
The server would say that the non-compliant browser is broken and
thus incapable of transmitting a true signal of the user’s preferences.
Hence, it will ignore DNT from that browser, though it may provide
other means to control its own tracking. The user’s actions are
irrelevant until they choose a browser capable of communicating
correctly or make use of some means other than DNT.
Pause here to understand the practical implications of writing this
position into the standard. If Yahoo! decides that Internet Explorer 10
is noncompliant because it defaults on, then users who picked Internet
Explorer 10 to avoid being tracked … will be tracked. Yahoo! will claim
that it is in compliance with the standard and Internet Explorer 10 is
not. Indeed, there is very little that an Internet Explorer 10 user
could do to avoid being tracked. Because her user agent is now flagged
by Yahoo! as noncompliant, even if she manually sets the header herself,
it will still be ignored.
The Problem
A cynic might observe how effectively this tactic neutralizes the
most serious threat that Do Not Track poses to advertisers: that people
might actually use it. Manual opt-out cookies are tolerable
because almost no one uses them. Even Do Not Track headers that are off
by default are tolerable because very few people will use them.
Microsoft’s and AVG’s decisions raise the possibility that significant
numbers of web users would be removed from tracking. Pleasing user
agent noncompliance is a bit of jujitsu, a way of meeting the threat
where it is strongest. The very thing that would make Internet Explorer
10’s Do Not Track setting widely used would be the very thing to
“justify” ignoring it.
But once websites have an excuse to look beyond the header they
receive, Do Not Track is dead as a practical matter. A DNT:1 header is
binary: it is present or it is not. But second-guessing interface
decisions is a completely open-ended question. Was the check box to
enable Do Not Track worded clearly? Was it bundled with some other user
preference? Might the header have been set by a corporate network
rather than the user? These are the kind of process questions that can
be lawyered to death. Being able to question whether a user really meant her Do Not Track header is a license to ignore what she does mean.
Return to my point above about tools. I run a browser with multiple
plugins. At the end of the day, these pieces of software collaborate to
set a Do Not Track header, or not. This setting is under my control: I
can install or uninstall any of the software that was responsible for
it. The choice of header is strictly between me and my user agent. As far as the Do Not Track specification is concerned,
websites should adhere to a presumption of user competence: whatever
value the header has, it has with the tacit or explicit consent of the
user.
Websites are not helpless against misconfigured software. If they
really think the user has lost control over her own computer, they have a
straightforward, simple way of finding out. A website can display a
popup window or an overlay, asking the user whether she really wants to
enable Do Not Track, and explaining the benefits disabling it would
offer. Websites have every opportunity to press their case for
tracking; if that case is as persuasive as they claim, they should have
no fear of making it one-on-one to users.
This brings me to the bitterest irony of Do Not Track defaults. For
more than a decade, the online advertising industry has insisted that
notice and an opportunity to opt out is sufficient choice for consumers.
It has fought long and hard against any kind of heightened consent
requirement for any of its practices. Opt-out, in short, is good
enough. But for Do Not Track, there and there alone, consumers
allegedly do not understand the issues, so consent must be explicit—and opt-in only.
Now What?
It is time for the participants in the Tracking Protection Working
Group to take a long, hard look at where the process is going. It is
time for the rest of us to tell them, loudly, that the process is going
awry. It is true that Do Not Track, at least in the present regulatory
environment, is voluntary. But it does not follow that the standard
should allow “compliant” websites to pick and choose which pieces to
comply with. The job of the standard is to spell out how a user agent
states a Do Not Track request, and what behavior is required of websites
that choose to implement the standard when they receive such a request.
That is, the standard must be based around a simple principle:
A Do Not Track header expresses a meaning, not a process.
The meaning of “DNT: 1” is that the receiving website should not
track the user, as spelled out in the rest of the standard. It is not
the website’s concern how the header came to be set.
True, as Tom Henderson, principal researcher for ExtremeLabs and a colleague, told me, there’s a “Schwarzschild
radius surrounding Apple. It’s not just a reality distortion field;
it’s a whole new dimension. Inside, time slows and light never escapes–
as time compresses to an amorphous mass.
“Coddled, stroked, and massaged,” Henderson continued, “Apple users
start to sincerely believe the distortions regarding the economic life,
the convenience, and the subtle beauties of their myriad products.
Unknowingly, they sacrifice their time, their money, their privacy, and
soon, their very souls. Comparing Apple with Android, the parallels to
Syria and North Korea come to mind, despot-led personality cults.”
I wouldn’t go that far. While I prefer Android, I can enjoy using iOS
devices as well. Besides, Android fans can be blind to its faults just
as much as the most besotted Apple fan.
For example, it’s true that ICS has all the features that iOS 6 will eventually have, but you can only find ICS on 7.1 percent of all currently running Android devices. Talk to any serious Android user, and you’ll soon hear complaints about how they can’t update their systems.
You name an Android vendor-HTC, Motorola, Samsung, etc. -and I can
find you a customer who can’t update their smartphone or tablet to the
latest and greatest version of the operating system. The techie Android
fanboy response to this problem is just “ROOT IT.” It’s not that easy.
First, the vast majority of Android users are as about as able to
root their smartphone as I am to run a marathon. Second, alternative
Android device firmwares don’t always work with every device. Even the
best of them, Cyanogen ICS, can have trouble with some devices.
Another issue is consistency. When you buy an iPhone or an iPad you
know exactly what the interface is going to work and look like. With
Android devices, you never know quite what you’re going to get. We talk
about ICS as if it’s one thing-and it is from a developer’s
viewpoint-but ICS on different phones such as the HTC One X doesn’t look or feel much like say the Samsung Galaxy S III.
A related issue is that the iOS interface is simply cleaner and more
user-friendly than any Android interface I’d yet to see. One of Apple’s
slogans is “It just works.” Well, actually sometimes it doesn’t work.
ITunes, for example, has been annoying me for years now. But, when it
comes to device interfaces, iOS does just work. Android implementations,
far too often, doesn’t.
So, yes, Android does more today than Apple’s iOS promises to do
tomorrow, but that’s only part of the story. The full story includes
that iOS is very polished and very closed, while Android is somewhat
messy and very open. To me, it’s that last bit-that Apple is purely
proprietary while Android is largely open source-based-that insures that
I’m going to continue to use Android devices.
Now, if only Google can get everyone on the same page with updates and the interface, I’ll be perfectly happy!
