Many (news(y)) websites have become highly irritating to browse: when you scroll down towards the end of an article you’re reading they append a next article underneath it, and if you scroll past the end of the article change the URL in your browser’s address bar. Below is an example I encountered today.

That is highly irritating, as the browser is my tool, not theirs.

  • It regularly frustrates bookmarking (if you hit a bookmarklet at the end of an article it saves the url of the next article),
  • it creates an endless scroll experience (a dark pattern copied from the likes of FB), where news sites get an opportunity to present content they selected by algorithm that you weren’t looking for.
  • it doesn’t influence the back button. Hitting that brings you to an unexpected place therefore, as you may not realise you’re in an endless timeline and think you somehow landed in a different article,
  • if you use your browser’s default setting you won’t have noticed that the URL has changed as the address bar will only show the domain, not the full URL.

This behaviour is based on HTML5 pushstate, which allows a site to interact with your browser history. This can be used to e.g. decrease load times of additional pages and content. The endless scrolling however feels like a dark pattern usage of this possibility to me.

In keeping with Doc Searls’ Castle Doctrine of browsers, I’d like to block this behaviour.

Options that are available seem to be:

  • Use a reader view. This seems to break bookmarklets though, which is one of the nuisances I’m trying to fix
  • Block all javascript and use a whitelist. Seems drastic, though it’s something I’m increasingly leaning towards over the past few years. Alternatively I could use a blacklist.
  • Use ad blockers by adding rules for the specific scripts causing this.

Reader view is useful, but not for this specific issue. Adding rules to my adblocker might be feasible, but assumes that I can easily spot a) which sites do this b) which script on their site is doing it, in order to block it. Using a blacklist for Javascript only needs me to spot sites that do this, which is half the hassle of adding filters to my adblocking. Blacklisting some sites for javascript is also less inconvenient than blocking all javascript and whitelist exceptions. So for now that’s the way forward. Bloomberg, the source of the example given above, is now on the blacklist.

Since the summer I am holding three questions that are related. They all concern what role machine learning and AI could fulfil for an individual or an everyday setting. Everyman’s AI, so to speak.

The first question is a basic one, looking at your house, and immediate surroundings:

1: What autonomous things would be useful in the home, or your immediate neighbourhood?

The second question is more group and community oriented one:

2: What use can machine learning have for civic technology (tech that fosters citizen’s ability to do things together, to engage, participate, and foster community)?

The third question is perhaps more a literary one, an invitation to explore, to fantasise:

3 What would an “AI in the wall” of your home be like? What would it do, want to do? What would you have it do?

(I came across an ‘AI in the wall’ in a book once, but it resided in the walls of a pub. Or rather it ran the pub. It being a public place allowed it to interact in many ways in parallel, so as to not get bored)

Much easier than regulating to break up Facebook, just regulate to force them to make an API for us to get data in and out. We can break them up ourselves once we have that. (source)

Neil is right, an effective way to break-up big tech monopolies is requiring they have API‘s. (Much like key government data sets across the EU will be required to have API’s from 2021 based on the 2019 PSI Directive)

A monopolistic platform that has an API will be effectively broken up by its users and by app builders as they will interact with bits and pieces from various platforms as they see fit.

That FB and Twitter e.g. have been on a path over steadily reducing public API access over time shows you the truth of that.

(Adversarial) interoperability and standards are key elements in avoiding vendor lock-ins. This is true for ‘smart home’ appliance silos just as much as for webservices.

If you don’t have an API you’re not a platform (platforms are after all bases to build/grow things on, if you stunt that ability you’re not a platform). If you’re not a platform, you’re fully liable for your user uploaded content. How’s that for a trade-off?

All platforms should be required to join the API family…

2019-07-16_04-51-20
Picture taken earlier this month at La Folie de Finfarine in Poiroux

This from Wendy Grossman hits the nail quite precisely on its head.

The problem isn’t privacy,” the cryptography pioneer Whitfield Diffie said recently. “It’s corporate malfeasance.”

This is obviously right. Viewed that way, when data profiteers claim that “privacy is no longer a social norm”, as Facebook CEO Mark Zuckerberg did in 2010, the correct response is not to argue about privacy settings or plead with users to think again, but to find out if they’ve broken the law.

I think I need to make this into a slide for my stock slide deck. It’s also I think why the GDPR focuses on data protection and the basis for data usage, not on privacy as such.

(Do add Wendy Grossman’s blog net.wars to your feedreader.)

Read net.wars: Hypothetical risks

Hotel keys
Hotel keys, photo by Susanne Nilsson, license CC BY-SA

Everybody hates the keycard, says the NYT, and talks about using your phone instead. There are a few reasons why using your phone as a hotel key is not something I do, or would do.

One reason is provided by the hotels promoting this themselves:

And, since the keys are downloaded electronically through a hotel app, the host has a presence on the guests’ phones, and can offer other exclusive services, like promotions and a chat feature.

Presence on my phone, that sounds rather ominous. Let me count the hotel apps I currently allow on my phone…. 0.

Unless there’s an opt-in for each single additional ‘service’ as part of a hotel’s ‘presence’ on my phone, it is in breach of the GDPR wherever I travel. Do hotel chains really want to expose up to 4% of their annual turnover to liability risks?

The ones I’ve encountered worked through bluetooth. That opens up a wide range of potential vulnerabilities. I never have bluetooth switched on (nor wifi when not in active use, for that matter), and there are very good reasons for that. There might be other bluetooth devices nearby pretending to be my hotel door to get access to my phone, or piggyback on my room door’s communication. A plastic card and a room door never have that issue. NFC based ones have less of these issues, but still bring their own issues.

A vulnerability in a hotel’s mobile app now also becomes a vulnerability for your hotel key as well as for your phone. It also means a phone will contain data traces of any hotel you may have used it as a key. That is a privacy risk in itself, not only to yourself, but potentially as well to people you have encountered. (E.g. investigative journalists would be risking the anonymity and privacy of their sources that way.)

Another reason is, also when I travel alone I have 2 plastic key cards. I keep them in different places, so I have a back-up if one of them gets out of my hands. Having just my phone is a single point of failure risk. Phones get left in hotel bars. Phones slip out of pockets in taxi back seats. Phone batteries die.

That is the third reason, that phone batteries die, especially on intensive work days abroad. Already that is sometimes problematic for mobile boarding passes for e.g. a second leg of a trip after a long haul flight (such as last month on a trip to Canada), or an evening flight home.
When staying in a hotel, after a long day, I sometimes need to leave a phone to charge in my room (sometimes the room safe has a convenient power outlet), while I go have a coffee in the lobby. This month during holidays I left my phone charging during dinner in a hotel in Rouen, as well as in an apartment on the Normandy coast, while we headed out for a walk on the beach.
So when I read in the article “What is also great is that I don’t find myself forgetting my key in the room as I always have my phone with me“, I take that to mean “you can’t leave your room when your phone needs charging” and “you can’t return to your room if your phone battery died”.

Phones and hotel keys all have their vulnerabilities. Putting a key card on your phone doesn’t remove the existing vulnerabilities of existing key card systems, but transfers and adds them to the vulnerabilities of your phone, while also combining and increasing the potential negative consequences of one of those vulnerabilities becoming actualised.

Read Everybody Hates the Key Card. Will Your Phone Replace It? (nytimes.com)

Technology that allows hotel guests to use their phones as room keys is expanding, taking aim at those environmentally unfriendly plastic cards.

Very unsure what to think about Tim Berners Lee’s latest attempt to, let’s say, re-civilize the web. A web that was lost somewhere along the way.

Now there’s a draft ‘contract for the web‘, with 9 principles, 3 each for governments, companies and citizens.

It’s premise and content aren’t the issue. It reads The web was designed to bring people together and make knowledge freely available. Everyone has a role to play to ensure the web serves humanity. By committing to this Contract, governments, companies and citizens around the world can help protect the open web as a public good and a basic right for everyone., and then goes on to call upon governments to see internet access as a core necessity and a human right that shouldn’t be censored, upon companies to not abuse personal data, and on citizens to actively defend their rights, also by exercising them continuously.

There’s nothing wrong with those principles, I try to adhere to a number of them myself, and have been conveying others to my clients for years.

I do wonder however what this Contract for the Web is for, and what it is intended to achieve.

At the Contract for the Web site it says
Given this document is still in the process of negotiation, at this stage participants have not been asked to formally support or oppose the document in its current form.

Negotiation? What’s there to negotiate? Citizens will promise not to troll online if governments promise not to censor? If a company can’t use your personal data, it will no longer be an internet service provider? Who is negotiating, and on behalf of whom?
Formally support the contract? What does that mean? ‘Formal’ implies some sort of legal status?

There are of course all kinds of other initiatives that have voluntary commitments by various stakeholders. But usually it clearly has a purpose. The Open Government Partnership for instance collects voluntary open government commitments by national governments. Countries you’d wish would actually embark on open government however have left the initiative or never joined, those that are active are a group, (not all), of the willing for whom OGP is a self-provided badge of good behaviour. It provides them an instrument to show their citizens they are trying and doing so in ways that allows citizens to benchmark their governments efforts. Shields them against the notion they’re not doing anything. It does not increase open government above what governments were willing to do anyway, it does provide a clear process to help build continuity, and to build upon other member’s experience and good practices reducing the overall effort needed to attain certain impacts.

Other initiatives of this type are more self-regulatory in a sector, with the purpose of preventing actual regulation by governments. The purpose is to prevent exposing oneself to new legal liabilities.

But what does the Contract for the Web aim for? How is it an instrument with a chance of having impact?
It says “this effort is guided by others’ past work on digital and human rights” such as the Charter of Fundamental Rights of the EU and the EU GDPR. What does it bring beyond such heavy lifting instruments and how? The EU charter is backed up by the courts, so as a citizen I have a redress mechanism. The GDPR is backed up by fines up to 4% of a company’s global annual turnover or 20 million whichever is bigger.

How is it envisioned the Contract for the Web will attract more than those stakeholders already doing what the contract asks?
How is it envisioned it can be a practical instrument for change?

I don’t get a sense of clear purpose from the website. In the section on ‘how will this lead to change’ first much is made of voluntary commitments by governments and companies (i.e. a gathering of the willing, that likely would adhere to the principles anyway), which then ends with “Ultimately it is about making the case for open, universal web that works for everyone“. I have difficulty seeing how a ‘contract’ is an instrument in ‘making a case’.

Why a contract? Declaration, compact, movement, convention, manifesto, agenda all come to mind, but I can’t really place Contract.

What am I missing?

Untitled Forms / 20090924.SD850IS.3202.P1.SQ / SML
Please sign at the dotted line, before you go online?.
Image ‘untitled forms’ by See-ming Lee, license CC BY SA