I Don't Want To Be A Nerd!

The blog of Nicholas Paul Sheppard
Archive for june 2015

Paywalls and adwalls re-visited

2015-06-28 by Nick S., tagged as commerce, privacy

Kat Krol and Sören Preibusch discuss "effortless privacy negotiations" (pp. 88-91) in the May/June 2015 issue of IEEE Security & Privacy. In doing so, they (inadvertantly) address some of the questions I wondered about in an article for The Social Interface last year — most notably, whether or not people would be willing to pay for services of the sort now provided by advertising, if it meant that they could obtain the services without handing over data to advertisers.

According to the research cited by Krol and Preibusch, most people would not, but a significant number of people would. I think I suspected as much when I wrote my article, but Krol and Preibusch propose a slightly different (but perhaps complementary) explanation for why they wouldn't: most people value the tangible and immediate gain of access to a service more than the nebulous and future risks of handing over private data.

In the same issue of Security & Privacy, Angela Sasse scolds security nerds for "scaring and bullying people into security" (pp. 80-83) with fearsome dialogues intended to warn people of the risks — again, mostly distant and nebulous — that they face in clicking on links that don't meet the approval of the security community. The same might be said of privacy nerds who demand that privacy policies be read and rejected if readers can imagine misuse of the policy.

Whatever the explanation for people who won't pay, those who would pay might wonder: where do I go if I want to search the web or join social media, but I don't want the ads? None of Google, Facebook, or Twitter will take my money!

Krol and Preibusch mention one (experimental) solution from Google, for whom Preibusch works: Google Contributor. According to Contributor's web page, subscribers to the service will see "pixel patterns" or "thank you messages" instead of ads on participating web sites. (This sounds a bit kludgy but I guess it's a start). But the article focuses on negotiation between users and service providers.

I've seen proposals for negotiating privacy settings before, but never found them particularly convincing: why would anyone agree to anything other than handing over the minimum amount of information required to get the job done? Krol and Preibusch identify the point I was missing: the participants need to negotiate not just the privacy settings, but the service they get in return for them. So those who'd rather pay than see targeted ads, for example, could negotiate untargeted service in return for a subscription. (This might not just be about privacy: my main objection to advertising isn't that I'm worried about the data collection involved, it's that I find it irritating.)

The title of Krol and Preibusch's article identifies the obvious weakness in all this negotiation: it takes a lot of effort to both provide and use such a flexible service. Of course reading and understanding current privacy policies requires a fair bit of effort too, which is partly why they remain largely unread and ununderstood. (The other part is that the reader can't do anything about them anyway, for which negotiation might offer some remedy.)

Still, well-designed computer systems can take a lot of the effort out of things that might otherwise be tedious and time-consuming. Krol and Preibusch don't describe any particular solutions; their article is more of a call-to-arms. I don't kow if negotiation is the solution — I'm at least as interested in Google Contributor, which has the advantage of existing — but Krol and Preibusch have at least renewed my interest in something I'd previously dismissed.

What is the proper way to look at privacy, secrecy and freedom?

2015-06-27 by Nick S., tagged as freedom, privacy

I've already written one entry inspired by a recent Conversation article in which Graham Murdock suggested that "surveillance threatens us with a new serfdom". It's not an easy article to understand, and I'm still uncertain if he is trying to cover too much in too little space, or has just mashed choice bits of history, politics and modern technology into an incoherent fantasy of totalitarian government. Whatever Murdock's intent, an alien reading the comments on the article would be certain that Australia and countries like it are totalitarian states.

I dithered for a while over whether I'd bother to write a comment of my own, in part because I wasn't sure I understood Murdock's point, in part because I wasn't sure I had anything (new) to say, and in part because I feared that questioning anti-surveillance rhetoric would have me perceived as a champion of totalitarian surveillance. The last motivation is the most interesting to me now, and ultimately led me to decide that I should comment by way of accepting my own criticism of the idea that secrecy protects us from discrimination. The same might be said of my previous blog entry, which contained a few rhetorical questions that I can imagine being answered with contemptuous and/or increduluous rants from anti-surveillance commenters and cyberlibertarians.

As it turned out, no one replied to my comment at all, so I either didn't offend as many people as I feared, wasn't as interesting as I'd hoped, or didn't make enough sense of my own. So what did I have to fear, if not ridicule from commenters who I've dismissed as ranters and fantasists anyway?

In working through my previous blog entry, I came to realise that a large part of my difficulty came from from trying to confront anti-surveillance rhetoric on its own terms, in which "surveillance" is presumed to imply arbitrary discrimination and persecution, and "privacy" is presumed to imply freedom. But the whole purpose of my critique is that this view is confused and unhelpful, not to mention absurd if its adherents really hold that Australia is a totalitarian state or anything close to one.

One cure might then be to eschew terms like "surveillance" and "discrimination", and instead draw on terminology developed within a more nuanced worldview. Of course I can't make everyone else adopt whatever terminology or worldview I choose, certainly not within the scope of a comment on an article. But this challenge does encourage me to think carefully about how I present my ideas.

Responding to Murdock's article, I cobbled together something about control of information, which is a bit of mish-mash of an idea that appeared (somewhat vaguely) in the article, and the view of privacy as being about use of information that we used when I was developing experimental privacy protection systems. I'm ultimately not all that happy with this response, though I hope I at least indicated that "privacy", "secrecy" and "liberty" might not have quite the straightforward relationship that anti-surveillance rhetoric supposes.

On freedom in the ninja-costume state

2015-06-18 by Nick S., tagged as freedom, government, privacy

In responding to a recent Conversation article on surveillance, I drew an analogy between the wearing of ninja costumes and secrecy-centred approaches to privacy. I've used this analagy several times elsewhere on this blog, but writing on The Conversation — where even comments probably receive far more attention than this blog — forced me to focus on the quality of the analogy.

In trying to portray rants about surveillance as simplistic and beside the point, I worked out a brief description of a world in which we used ninja costumes and ID numbers to prevent anyone finding out about us. I later wondered, off-line, if the imagined world was not just as absurd as I intended it to be, but also just as bad for freedom as the totalitarian state being imagined by the author of the article (Graham Murdock) and most of the other commenters. On the face of it, feeling compelled to wear ninja costumes and answer to ID numbers sounds very much like the dehumanised totalitarianism that Murdock and commentators say they fear.

Of course surveilling electronic networks doesn't work quite the same way as surveilling the streets: the kind of information involved is quite different, and computers can process and record much greater quantities of information than street-walking spies. But nor is it entirely different: both forms of surveillance can support the kind of arbitrary discrimination that anti-surveillance rants presume to be the goal of surveillance systems, and both can be combatted by a tell-nobody approach.

Re-reading my previous blog entries on privacy, I realised that I'd come across the key point in a Conversation article from Ashlin Lee and Peta Cook: a large part of freedom concerns the freedom to express oneself, and it is exactly this freedom that would be threatened by the ninja-costume state. Sure, the government would be unable to persecute any of its ninja-citizens, but no one would be able to do what they wanted to do anyway (unless all they wanted to do was to dress as ninjas).

Now suppose I encrypted and anonymised all of the entries in the blog, and all of my comments on the Conversation, just to make sure that no government or corporate overlords could pick me up in a crackdown on people with English names, long hair, or sceptical views on technology boosterism. I'd be free to have all the views I liked, but no one would be able to read them (they're encrypted), and no one would know that I'm a person who identifies with these characteristics. Is this a freedom worth having?

I suppose that critics of Lee and Cook's idea might argue that they want to express themselves to certain chosen people, but not to the world at large for fear of embarrassment or persecution. I can see a certain amount of pragmatic appeal in this position under various circumstances, but how does one identify those chosen people in the first place? And would not limiting our expression to only a select few like-minded fellow citizens leave us in a filter bubble from which we were unable to see perspectives other than our own?

Or perhaps we'd like to express ourselves to the world at large, but have the government and corporations politely ignore us. But, again, how do we choose those whose attention we want to attract and those by whom we wish to be politely ignored, and how do those parties know what we want of them? And, come to think of it, do we really want a government that ignores us anyway?

Standing up for advertising

2015-06-02 by Nick S., tagged as commerce

Three months ago, I wondered who would stand up for advertising and its role in funding news, entertainment and other things that we think of as being "free". David Glance's Conversation column this week drew a few commenters who are, indeed, prepared to stand up for advertising.

Glance himself wonders if ad-blocking software will kill off on-line advertising as a business model, which he has read to be struggling to be relevant in an article in The Atlantic. That the advertising revenues of Google and others have already survived ten years of ad-blockers leads me to be sceptical of the threat they pose, but here I'm more interested in the comments on the article.

William Ferguson wisely points out that the adherents of ad-blocking need to be careful what they wish for: those ads are what pay for the goodies, and without revenue the goodies cannot continue to be made. He draws specific attention to advertising's support for small-time developers who don't have the fee-charging power of major software development houses. Michael Cahill argues that "the use of adblock software is morally equivalent to any other form of piracy" in that it is effectively taking something without paying the price, and implies that he'd rather have the advertising than have to pay.

(As an aside, Ferguson also notes that "it is extremely rare for anyone to shell out a couple of dollars on a totally unknown product, even with refund periods", which itself says something about the cheapness of software-buyers. I, and I'm sure plenty of other people, routinely pay much more than this to try out a new beer, a new restaurant, or a new holiday experience, so why do we baulk at paying a couple of dollars to try out an app?)

Perhaps it's worth noting that both Ferguson and Cahill are content producers according to their taglines (a software developer and journalist, respectively), while their opponents appear to be content users or at least thinking only about how they can use content. Ferguson and Cahill want to be paid for what they do, and know that they couldn't continue to do it if there wasn't money for it. User-centred critics, on the other hand, assert that it can all be done for nothing, but are conspicuously silent about actually doing it.

While I may have less love for advertising than either Ferguson or Cahill — I usually take the paid version given the choice, and I dread the idea of having to make my living from advertising — we're all of one mind in recognising that art (and software) needs to be resourced in one way or another. My view of apparently-free content isn't even incompatible with theirs: those who live by advertising know all too well that it's not just there out of some perverse desire to annoy users, but in fact an integral part of providing the services we like to call "free".