Bookmarked The Tethered Economy (papers.ssrn.com)
Bookmarked for reading (found in Neil Mather’s blog). Actual cases of ‘tethered’ economic transactions where a buyer is bound into an ongoing relationship with the seller with an uneven power balance, are already easy to find: John Deere suing farmers for tinkering with their tractors (with Deere claiming they never sold a tractor but a license to operate the software on one), insurance and credit companies remotely disabling a car upon a late payment, or Amazon removing books you bought from your Kindle (1984, actually, of all possible books!)
Outright ownership, the right to fix, the right to tinker, are all essential things, and key ingredients to keep your (networked) agency. While I understand the business model decision behind software subscriptions, it does make me increasingly uncomfortable because of the forced ‘eternal’ relationship with the seller.
As sellers blend hardware and software—as well as product and service—tethers yoke the consumer to a continuous post-transaction relationship with the seller. The consequences of that dynamic will be felt both at the level of individual consumer harms and on the scale of broader, economy-wide effects These consumer and market-level harms, while distinct, reinforce and amplify one another in troubling ways.
Seller contracts have long sought to shape consumers’ legal rights. But in a tethered environment, these rights may become non-existent as legal processes are replaced with automated technological enforcement.
Hoofnagle, Chris Jay and Kesari, Aniket and Perzanowski, Aaron, The Tethered Economy (January 19, 2019). 87 George Washington Law Review 783 (2019), Case Legal Studies Research Paper No. 2019-10 , Available at SSRN: https://ssrn.com/abstract=3318712
It’s troubling too to think how this will encroach on more and more transactions, as so many things become are becoming so-called ‘smart’. As Paul says in his Info Civics article, “All authority is borrowed from the server, and so the users possess no authority of their own. As a result we must describe these services as authoritarian.” It’s provocative but I think the same could be applied here.
We have an interview with one of the authors, Aaron Perzanowski, here – therestartproject.org/podcast/crisis-copyright/.
I was surprised to receive a 2am automated message from ‘rocket.cat’ in our company’s self-hosted Rocket.chat instance. It was a notice from Rocket.chat alerting me that from now on registration is mandatory to use the Rocket.chat gateway to enable push notifications to mobile devices.
The reason we run our own instance is to be in full control of the data we share between ourselves in rocket.chat.
However, something that wasn’t clear to me before, push notifications in Rocket.chat involve multiple third parties without users giving explicit consent (which is very problematic in terms of GDPR). Especially as there is no way in Rocket.chat to finetune when/how you want to receive alerts, nor any meaningful instance wide settings, and the default is alerts get pushed always.
When you @user someone, or @all a channel, or even share any message in any channel, the server pushes an alert by default to the mobile devices of the users involved.
That push notification isn’t generated within your own server, or within the mobile applications after receiving the messages concerned directly from our server. It is generated by sending an alert to the Rocket.chat gateway. Through that gateway all alerts from every rocket.chat instance anywhere, self-hosted or not, pass. The connection is encrypted, but the content isn’t. The gateway then sends the alert onwards to Google and Apple, for them to generate the alert on the mobile devices involved when the mobile app isn’t running or in the background. Using Apple’s Push Notification Service and Google’s Firebase Cloud Messaging is common, I realise, but both allow encrypted and/or empty payloads, which doesn’t seem to happen here.
Rocket.chat put in the gateway as a workaround, where every alert gets send with their keys, to prevent independent instance owners needing to have their own keys to APNS and FCM (and as Rocket.chat suggests to compile their own mobile apps and have them accepted in the app store). I’m not knowledgeable enough about how push notifications generally work on mobile devices, but it surprised me that push notifications always require third party involvement this way.
Rocket.chat is now starting to enforce registration of instances to be able to use the gateway, because that gateway is becoming a major cost to them. Not surprisingly if all alerts of every single Rocket.chat user in the world pass through it. Because those costs are rising, they want to start charging for sending alerts above a certain threshold. To start charging they need you to register with them to both show you your usage and store your payment method.
I don’t like the existence of such a centralised bottle-neck. It also comes across as a next step of building on something that seems to have been implemented as a workaround fix to begin with.
This way, even if you run your own independent instance you’re still tethered to Rocket.chat the company indefinitely. It’s completely at odds with why we (and others I presume) run our own instance in the first place.
I therefore disabled all push notifications in our rocket.chat server.
“Software as a hostage” is a good way to formulate what is wrong with SaaS as part of the tethered economy.
De eerste zin van Cory Doctorow’s Unauthorized Bread beloofde al weer veel goeds. Het is één van de vier korte verhalen uit Doctorow’s boek Radicalized. Hoofdpersoon Salima is een immigrante die met haar zoontje op zoek is naar nieuwe woonruimte. Ze kan terecht in een enorme woontoren. De kleine appartementen zijn alleen bereikbaar via zogenaamde poor-doors, een liftensysteem wat er voor zorgt dat de rijke welgestelde inwoners van het complex niet in aanraking komen met de arme vluchtelingen die op de bovenste verdiepingen wonen. Omdat de rijkere bewoners voorrang hebben voor de projectontwikkelaars, krijgen zij eerder toegang tot de liften. Met name tijdens de piekuren in de ochtend en avond, kun je als minder welgestelde inwoner gerust een uur op je lift wachten.
Maar de reden om dit boek aan te halen is een term die ik bij zowel Neil als Ton las: The Tethered Economy. Producten die na aankoop gelinkt blijven aan de verkoper. Slimme lampen, thermostaten, auto’s, TV’s, wekkerradio’s, camerasystemen. Alle apparaten die toegang nodig hebben tot het internet om te functioneren, kun je hier onder scharen.
In Unauthorized Bread gaat Doctorow een stapje verder. De keukenapparatuur in de appartementen werkt alleen met geautoriseerde voedingsmiddelen. Je kunt niet zomaar elk brood in de broodrooster doen, alleen het brood wat door maker Boulangism wordt voorgeschreven. De vaatwasser gaat niet werken als er ongeautoriseerde bestek in staat. Salima en het zoontje van een vriendin leren zichzelf met online video’s hoe ze de software en DRM kunnen omzeilen, en helpen zo zichzelf en de rest van de appartementen. Tot het een kat-muis spel wordt met de software-ontwikkelaars en verhuurders van de woontoren, met alle uitleg die Cory Doctorow tussen de regels geeft over de gevaren van DRM.
Klinkt dat ver van mijn bed? Bedenk dan dat HP een abonnement op printcartridges aanbiedt. Zij houden aan de hand van je printgedrag voor je bij wanneer je nieuwe cartridges nodig hebt en sturen die automatisch toe. Handig en wie weet kun je met die cartridges zuiniger printen. Maar wat houdt HP bij over wát je print? Al is het maar een bestandsnaam. Ton geeft in zijn post het voorbeeld van een verzekeringsmaatschappij die op afstand je auto onbruikbaar maakt als je niet op tijd betaalt.
Het zijn kleine stappen die je als consument zet in en om je huis. Het begint met een paar slimme lampen, over een paar jaar mag je geen eigen gemaakte pannenkoekenmix meer gebruiken op je connected gasfornuis. Zijn we er dan klaar voor om de apparaten die we kopen te hacken en mogelijk onklaar te maken? Of kan de Tethered Economy nog worden omgebogen met betere regelgeving en een meer tech-savvy overheid?
Een deel van Unauthorized Bread gratis online te lezen, het hele boek Radicalized, met drie extra verhalen, is DRM-vrij te koop in de webshop van Doctorow.
I have been using TextExpander for a long time to speed up typing by using keywords for often used and repeating snippets.
Things like .TZ to type my name Ton Zijlstra, .url to type my blog’s url https://www.zylstra.org/blog, and .@blog for my blog’s mail addressblog@zylstra.org. That way filling out a comment form on a blog is .TZ .@blog .url, and then the comment.
With their latest release TextExpander has gone the route of so many software packages, and started charging a yearly subscription. I don’t mind buying software but paying yearly for the same package adds up quickly over the many software tools I use. I don’t mind the occasional payment for an upgrade (I happily pay Tinderbox $100 every time I do a major upgrade), but forcing a subscription on me is a form of economic tethering I fundamentally dislike.
So whenever a software tool moves away from ‘pay me once now, and pay again once you choose to upgrade’ to ‘let us set the frequency of payments’ I try to move away from that software tool. Currently I am moving my TextExpander snippets into Alfred, a tool that does the same thing next to doing a whole host of other things and that I also already had installed.