It turns out that Cloudflare's proxies have been dumping uninitialized memory that contains plain HTTPS content for an indeterminate amount of time. If you're not familiar with the topic, let me summarize it: this is the worst crypto news in the last 10 years.
As usual, I suggest you read the HN comments to understand the scandalous magnitude of the bug.
If you don't see this as a news-opening piece on TV it only confirms that journalists know nothing about tech.
How bad is it, really? Let's see
I'm finding private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings. We're talking full HTTPS requests, client IP addresses, full responses, cookies, passwords, keys, data, everything
If the bad guys didn't find the bug before Tavis, you may be on the clear. However, as usual in crypto, you must assume that any data you submitted through a Cloudflare HTTPS proxy has been compromised.
Three take aways
A first take away, crypto may be mathematically perfect but humans err and the implementations are not. Just because something is using strong crypto doesn't mean it's immune to bugs.
A second take away, MITMing the entire Internet doesn't sound so compelling when you put it that way. Sorry to be that guy, but this only confirms that the centralization of the Internet by big companies is a bad idea.
A third take away, change all your passwords. Yep. It's really that bad. Your passwords and private requests may be stored somewhere, on a proxy or on a malicious actor's servers.
Well, at least change your banking ones, important services like email, and master passwords on password managers -- you're using one, right? RIGHT?
You can't get back any personal info that got leaked but at least you can try to minimize the aftershock.
Update: here is a provisional list of affected services.
Download the full list, export your password manager data
into a csv file, and compare both files by using
grep -f sorted_unique_cf.txt your_passwords.csv.
Afterwards, check the list of potentially affected iOS apps
Let me conclude by saying that unless you were the victim of a targeted attack it's improbable that this bug is going to affect you at all. However, that small probability is still there. Your private information may be cached somewhere or stored on a hacker's server, waiting to be organized and leaked with a flashy slogan.
I'm really sorry about the overly dramatic post, but this time it's for real.
Bots are the hot topic this 2016. They need no presentation, so I'm not going to introduce them. Let's get to the point.
We can all agree that bots are an interesting idea. However, there's this debate regarding whether bots are going to be the user interface of the future.
Many critics argue against a future where bots rule user interaction. Some are philosophical, others are somehow short-sighted, and many are just contrarian per se.
I'm not saying they're wrong, but they overlook some strong arguments that we should have learned by observing the history of computing.
What computer history taught us
The most important thing we learned since the 70s is that people do not want quicker and faster interfaces, they want better interfaces.
In the 80s, during the GUI revolution, they had critics too. GUI detractors claimed that the GUI was just a gimmick, or that real computer users preferred the command line. We should know better by now.
Critics were right in some points: GUIs weren't faster or more potent than the command line. However, this wasn't the winning argument.
GUIs won because the general public will always prefer a tool that is easier to use and understand than one which is more powerful but harder to use.
Are bots a command line?
See how there is a simile, but in fact, bots are the exact opposite from a command line.
Bot critics equate bots with CLIs and thus reach the conclusion that they are a step backward compared to GUIs. The main argument is that bots do not have discoverability, that is, users will not know what they're capable of since they don't have a menu with the available options. Whenever you're presented with a blank sheet, how to start using it?
However, I believe this comparison is wrong. People don't have a post-it note on their forehead stating their available commands, but we manage to work together, don't we?
We've been learning how to interact with people our whole lives; that's the point of living in society. When we walk into a coffee shop, we don't need an instruction manual to know how to ask for an espresso, or the menu, or request further assistance from the barista.
Bots can present buttons and images besides using text so, at the very least, they can emulate a traditional GUI. This is not a killer feature but contributes to refute the discoverability criticism and provide a transition period for users.
Bots lack metaphors, and that is their biggest asset
Bots will win because they speak natural language, even if it is only a dumbed down version. Their goal, at least in the beginning, is to specialize in one use case: ordering a pizza, requesting weather information, managing your agenda. After all, 90% of your interactions with your barista can be reduced to about ten sentences.
Being able to use natural language means there is no learning curve. And, for once in the history of computing, users will be able to use a UI that lacks what all other UIs required to function: metaphors.
This is critical since metaphors are what regular people hate about computers.
Who cares if one needs to press seventy buttons to order a pizza with a bot instead of just three with an app. People will use the product which is easier to use, not the one which saves them more keystrokes--not to mention that you can send commands with your voice. Didn't we learn from GUIs?
The death of the metaphor
Every metaphor has been moving both hardware and software towards a more human way of working.
Files, folders, commands, the mouse, windows, disk drives, applications, all these have been bright ideas that emerged at some point and then died when the next thing appeared. We even tried to style apps with leather and linen, buttons and switches to make them more understandable and relatable to the real world.
By definition, metaphors are a compromise. Both users and developers have a love-hate relationship with them, as they have been necessary to operate computers, but they also impose a barrier between thought and action.
Thanks to metaphors, this metallic thing which made funny noises and whose lights blinked continuously in 1975 has now evolved to a very easy to use smartphone. But that smartphone still clearly is a computer, with buttons, windows, and text boxes.
Bots, if done correctly, may be the end of the computing metaphor.
Metaphors have an expiration date
This is not intrinsic of computers.
At some point in time, a watch was a metaphor for counting time. We designed a device with a hand pointing to numbers from 1 to 12 and we matched it to the sun cycle. Advances in technology and culture have converted it in a fashion item and, while it still bears a metaphoric value, both four-year-olds and ninety-year-olds can use it without much thinking.
It's like driving: once you master it, your brain operates the car in the background. Your eyes still look at the road, but unless there is any unexpected issue, your conscious mind does not need to be driving.
I feel like the computing world, in general, is mature enough for this. Bots are a natural progression. They will not replace everything, like bicycles do not replace trucks. For most people, however, interacting with a computer as they do with a person is indeed the clincher
Ultimately, a tool is just a means to an end, and people want to do things, not mess with tools. Some of us engineers do, but we're in the minority.
Can we foresee the future?
So, why bots and not another UI?
I haven't reached this conclusion myself, strong as some arguments may be. I just follow the trend that thinkers have created.
The future is written in cyberpunk novels and philosophical AI movies, in music, in cinema. Not in blogs, not in engineer forums, not in the mind of some visionary CEO.
People will use what people want, and the best demand creation machine is imagination, in the form of art and mass media.
What people will want is what artists have represented: futuristic VR and human-like --but not too human-looking-- software
And now for the final question. Chat bots and expert systems have been around since the 1960s, so why is now the right time?
All paths lead to Rome
First and foremost, now is the right time because we believe it is. Everything is pushing towards chat UIs: big players, money, startups, the media.
Marketing and news articles can make people like things, hate things, and love things. People are told that they will be able to talk to their computers, and they've been baited with Siris and Alexas. Those are not perfect, but hint of a better future.
Consumers imagine a plan for a better future and generate demand. And demand is the driver of innovation. That's why in tech, self-fulfilled prophecies work, and predictions can be incredibly accurate even over hundreds of years
At a technical level, both hardware and software are advanced enough for real-time audio and text processing with natural language. APIs are everywhere, and some IA problems which were too hard ten years ago have been solved by either commercial packages or free software libraries
Finally, the customer's computing environment is as close to bots as it can be. Chat apps are the most used feature of a smartphone because they're straightforward and personal. People write or talk, and they get text or audio back. Not buttons, not forms, just a text box and a sentence.
My contrarian side feels a bit odd by tagging along the current big wave, but both rationally and by intuition I really do believe that now is the right moment. And I feel that I had to share my reasons.
For what it's worth, I'm putting my money where my mouth is, developing bots at Paradoxa. Who knows what will happen anyway. Undeniably, nobody has a crystal ball.
But isn't trying to predict the future enjoyable? Just imagining it is half the fun.
You probably know that the Internet was born as a military project. That its goal was to have a computer network that survived a nuclear attack. Therefore, the pipes that make the Internet work are scattered through all the world. Every computer is connected to each other in a grid, more or less.
In theory, it’s easy: to go from computer A to C, go to B. If B is down, you can probably be routed through D and F and reach C nonetheless. To learn which is the best route, you ask a router. Apply recursively, and that’s the Internet!
However, the Internet is a technology, not an application. The applications we use are email, the Web, the Usenet, etc. Many popular services are nothing else than an API running on the Web. And most are centralized: to use Gmail you need to connect to the Gmail server. Makes sense, right?
In fact, that is not necessarily so; it has traditionally been the exact opposite, especially with email.
Email, along with web pages, it is the last bastion of decentralization on the Internet. You can install some software and send a message from your email server to another on the other side of the world without any meddling from third party servers — routers aside.
Most users don’t do that, though. Centralized systems are convenient. Managing a private server is complicated, and it forces you to have a computer running 24/7 at home, or rent one. Why should you handle this? Let the professionals do it, and end users can connect to centralized servers when they need to access a service.
There is a decentralized Facebook, called Diaspora, and a decentralized Twitter called Twister. BitTorrent is a decentralized file sharing system, Aether is a decentralized discussion forum, and there is even a decentralized currency called Bitcoin.
With them, you can have your data on your personal computer, or a machine you trust, and send specific pieces to your friends computers, without going through a central server. These services aren’t very popular at the moment, but due to increasing espionage, data selling, moderation abuse and others, their usage will probably increase, and pave the way for similar solutions soon.
Let’s get back to email for a minute because, unfortunately, its decentralization is jeopardized by a few powerful actors. There are strong reasons to trust big email providers, especially to avoid spam and fraud. Sadly, some of the measures used to filter potentially harmful emails also hurt small, honest servers, who see how their emails get rejected or delivered directly to the spam folder.
I’ve experimented with email servers since I was in college. Back in 2001, you could install an MTA and start sending emails without much trouble. However, for recent projects like Puput, installing and maintaining the email server has been nightmarish.
We are preparing the details for a future post, but to summarize, after installing postfix, no fewer than eight steps were required to get our emails successfully delivered into our users inboxes.
Both startups and the big players offer email delivery services, and I admit that had it not been for my obstinacy, we probably would’ve used some of them.
However, being as we are a bit old-school, used that your server could be a first-class node of the internet, that proved to us a serious ethical dilemma. Either you succumb to using one of the few “trusted email servers” or you essentially risk getting banned from delivering your own email. It is not yet blackmail, but it’s close.
I don’t want to be dishonest, there are genuine reasons for this. Trying to recentralize email may probably be just a measure to combat spam. Probably. Because when the big players have such large incentives to kill their competition and become The One Email Provider in the world, each barrier counts. It is not far-fetched to think that, at least, there are conflicts of interest among these big players.
Some sysadmins capitulate and end up using XYZ Apps for Business, surrendering a bit of the Internet’s decentralization to that company. Again, it makes sense, both technical and economical. Don’t reinvent the wheel. But every small decision we take contributes to create the world we want to live in.
Being a monopoly is tempting, and XYZ already has a history of embracing services like the Usenet, chat and RSS to kill them shortly afterward and force users to move to their proprietary solutions. In the 90s, XYZ was Microsoft. Nowadays, it is the formerly not evil company — ironic value of this left to the reader’s criterion.
With the de-facto death of Jabber, email and The Web are essentially the only popular services that you can still run from your private box and interact with the outside world. IM and social networks have been taken over by a dozen of centralized and isolated services; we can’t let email suffer the same fate.
Maybe the future of communications is just around the corner. When all devices are permanently connected to the Internet in a robust way, we will probably carry an internet node in our pocket. Meanwhile, we will keep using just an internet access device and reaching a central server to get our data, trusting that this machine doesn’t misuse it.
This post was originally posted on Puput blog
Twitter recently changed their faves for likes with much controversy and bashing Facebook's Likes is already a meme. What's up with disliking Liking?
Are we more narcissistic than ever? Maybe we are. Public image has always been important for two groups: public figures and teenagers.
I find myself lucky to have been a teenager in a world without social media. Otherwise, everyone could have been my adolescent cringe-inducing posts that were lost in private ICQ and MSN chats.
People need to feel important, and the new coolness ranking is social media Likes. Years ago, it was (paper) facebook notes and signatures. That's how the world works now, and we can only react to it, not change it.
Us adults tend to frown upon a teen posting a vaguely suggestive picture for their friends to Like but can't seem to enjoy a vacation unless we're sure all our coworkers are green with envy at our beach pictures. We can't start eating until everyone has uploaded a pic of its dish to Instagram as if waiting till mom finishes her prayer.
Technology is always ahead of society. It takes some time for people to adjust to new customs. We added "texting" to the list of things that are rude while dining at a table, then allowed some exceptions for important messages. We considered that leaving a meeting for a phone call is unprofessional, then accepted that people can have legitimate reasons.
Some will eat their dishes cold for some ♥s; others will unhealthily link their self-esteem to a particular threshold of Likes, and people will publicly mourn their dead in exchange for some sympathy.
In the end, liking somebody's content is a way of showing that you care about that person. Sympathy makes us human. Some will argue that private things should be kept hidden, but what's wrong if broadcasting their lives make people happy?
Everyone has their individual reasons for providing a Like or not; likewise, they are free to choose whether to publicize a personal event or not. Those who advertise all their illnesses on Facebook are no different than grandmas who go to the park and compete with other grandmas in the so-called ailment Olympics.
People need sympathy; Likes is just the channel that we use in the 2010s to provide it.
Here's my new project: Puput, a service which lets you listen to your email when you have no internet.
I honestly think it's pretty cool, the project has a strong R+D component for which we filed a patent, and it has lots of potential to integrate into IMs like Slack and close the communication gap for people who are offline.
It's free, so please be my guest and give it a try! It's surprisingly awesome to be able to listen to your email when you're abroad without an internet connection.
Even though we have been absorbing a lot of startups-related material these last months, nothing will prepare you for a real product launch. Everybody says it, and I agree:
- The last 20% of the work consumes us 80% of the time. That is, UI, UX, the website, and the marketing strategy
- Selling is hard.
- Selling is even harder when you first invent a new technology and then try to find use cases for it. Yes, the lean startup recommends doing the opposite, it is a common first timer mistake :(
- I'll say it again, do product/market fit first, then start coding.
- Raising money is nearly impossible in the Spanish startup scene. Obviously we're nobodies, but I've also talked to many other founders, with great products, thousands of clients and two-digit monthly growth, who find it incredibly frustrating to raise even 200k€
- Launch day is scary so you find excuses not to launch. Adding more features is one of them. Establish hard deadlines and try to respect them as much as possible.
- It turns out it isn't that scary anyways, in fact, getting users and attention is difficult at first. Dying from success is unrealistically represented in sites like HN, it doesn't apply to 99% of the startups.
Anyway, launching a product is hard, teaches you many things about the world, and makes you respect people who have done it successfully.
Cheers to all first time founders.
If I am prime minister, I will make sure that it is a comprehensive piece of legislation that makes sure we do not allow terrorists safe space to communicate with each other. That is the key principle: do we allow safe spaces for them to talk to each other? I say no, we don't, and we should legislate accordingly.
What infuriates me the most is that is such a blind, selfish, first world argument. It implies freedom of speech is granted, ubiquitous, and irreversible, so those who want extra protection must be criminals. Mr. Cameron's statement also assumes that there is no middle ground, and all technologies that can be misused by some party should be illegal. You know, the Hitler-croquettes theorem: since Hitler liked croquettes, croquettes must be bad.
In some countries, the Government can kill you for your political views. Your neighbors can also kill you for what you are—gay, for example. Ill-named "activists" can kill you for private beliefs that don't affect other people, like your stance on abortion. Mafias can kill you for badmouthing. And these all happen in first world countries, can you imagine the rest of the world?
Requesting those people to abandon the tool that is currently saving their lives in exchange for the vague promise of finding terrorists is a false dichotomy. I can understand uneducated people considering this topic as black and white. But a Prime Minister? That's a supreme level of blindness.
Mr. Cameron and others surely understand how the world works. They know that hackings, theft, revolutions, and coups d'etat exist, and those who once were righteous, legal and legitimate may be prosecuted. Something being legal or punishable can quickly change, it is not written in stone, and definitely not universal.
Imagine a Christian in 2011 Syria. They lead an ordinary life, have a job, a Facebook, they send funny memes to their friends, they communicate online. Being a Christian something we can agree is a legitimate and harmless belief and, according to 2011 Syria's laws, legal.
Now meet ISIS. In just a year they have conquered a large portion of the territory and changed some laws considerably. Forbidding Christians in Syria to use encryption is, with Mr. Cameron's words, not allowing people a safe space to communicate with each other, and exposing them to ISIS. You see, in some cases, banning encryption helps terrorists.
That is not a paradox. Encryption is a tool, like a knife, a chainsaw or a Bic pen. Banning a tool has consequences, and arguing at a fallacy level with something as serious as the lives of people is deeply insulting.
We need encryption, period. Personal communications must be private, period. We can discuss the transparency/secrecy balance for governments, but that is a topic for another day.
Governments must find some other way of fighting crime than just exposing everybody naked to make it easier to pick the bad apples.
Encryption is saving lives of gays, Muslims, activists, individuals who are threatened. It is allowing Mr. Cameron to send private texts to their wife without The Sun intercepting them. It is what avoids ISIS to spy on the UK Ministry of Defence intelligence. Does he really not realize that? Is he not that bright? Is he ill-advised? Is he just a hypocrite?
Encryption is avoiding that in a massive wirelessly connected world anybody can listen to what everybody else is saying in any part of the planet. Do we allow safe spaces for people to talk to each other? I say yes, we do, and we should legislate accordingly
When it comes to privacy and accountability, people always demand the former for themselves and the latter for everyone else
There is no better companion for a long trip than a podcast. Familiar voices talking about familiar topics, listened on demand. Definitely better than turning the radio on and following some random program that's scheduled for that day at that time.
I've been podcasting since 2005 and my numbers have always been modest. I know I'm not that good, it's my hobby and it makes me happy. However, I've always wondered why people are turning away from the audio format, since it was so popular during the radio days. Maybe there was nothing better back then? Given the choice, nowadays the audience will prefer images, text and video over audio.
Now, I'd like to test the viability of podcasting as a format.
A game of numbers
In the US there are some shows which are more popular than ever, and even mid-range podcasters can produce with regularity and getting a fair number of sponsors. On the other hand, in Spain, I'd say 80% of the population doesn't know what a podcast is. They've never even heard the word.
For most of us, our audience is a niche. That usually means it's less abundant but more committed. Listeners are more vocal, participative, and opinionated than a general audience. They're sincere and give honest feedback. However, there is an audience ceiling for podcasters; depending on the topic, your download peak may never surpass 10k-50k hits.
There is still something that has yet not been tried here, to start a podcast with a radio superstar. In the US most senior podcasters are ex-radio hosts. Maybe if a popular host can publicly quit and announce that they'll start their own show, that could attract some audience to the format.
We find ourselves with a textbook "chicken or egg" problem. How can professionals jump to solo podcasting if it is impossible to earn a living? They can't quit their day job and work 9-5 preparing a show, either daily or weekly. There is just not enough money in the equation.
In my opinion, it is not really a technical issue. The days of needing to explain what a RSS is are long gone, thanks to iTunes, podcast apps and embedded audio players. I know a lot of non-tech people who listen to radio shows on the internet; that's what podcasting is for them. Off-schedule radio listening, plus some really bad amateurs. They are probably not wrong.
We won't know until some professional host tries to close the gap and see if audience trickles down to us amateurs. But who will be the first? Who will open the can of worms, um, sponsors, for them to see that podcasting is an acceptable medium to advertise on?
I started podcasting when I was 20 and it was—still is—a hobby. But my time is now more valuable, and while it's ok for hobbies to cost money, it is difficult to justify the hours it would take to emulate a professional effort and polished product. Simply put, if a podcaster can't earn a few hundreds of bucks a month to contribute to their regular income, it will never become more than a hobby.
I was mentioning before that niche audiences tend to be more cooperative. They give valuable feedback and fill the comment forms on our web pages.
Well, at least until the age of social media. Now everything has changed.
It used to be that you had a podcast, published it on your blog/website, and people left some comments. Now the tables have turned; the audience wants to leave the same comments, only on their own website. Which, for the overwhelming majority, is Twitter.
It makes some sense. People apparently prefer a crippled comment system, which not only has a character limit, but also makes it impossible to follow multiple branches of a debate. In reality, that system allows them to treasure all of the user opinions on a single place, which is their Twitter profile, akin to a personal website.
We—notice the first person plural—love the idea that someone else may browse our Twitter profile to learn our cool interests and read our witty criticisms of other people's work. That just doesn't happen, however.
Another interesting feature is that every time one at-mentions an author, they get notified and get to see your face on a profile picture and maybe drop a quick 'thanks', creating a feeling of self-importance. In blogs, you never know if your comment is even read.
That sounded a bit sarcastic but it's why Twitter has hundreds of millions of users; they are hoping for a retweet from their idols, big or small.
Here's my business card: Name, email, Twitter. Email is too serious, send me a tweet. So we do that, and Twitter has become a global identity. Not Facebook, not about.me, not OpenID, not Google Plus. Our Twitter handle is our online persona, we use it to network with strangers, so we want to use it as much as possible.
I really see the rationale behind it. It's literally our internet username. There is no other website since the dawn of the internet that has managed to be used as a global identification system, and many have tried really hard.
And, like that, Twitter killed the blog comments.
So, what now? Well, now we adapt to this new situation, simple as that. On the positive side, it has increased comment quantity, even if at the huge expense of quality. And, in a world where a podcast debating politics only used to get 0.1% of its audience to comment, that may be a good thing.
You know what else Twitter is killing? Organic search and directories. Content discovery is now done via social media, and that definitely is a good thing. An audience of 10 committed listeners who are referred by a friend who knows their taste is worth 1000 random visits from Google. Those 1000 visits will never even listen to a minute of your audio. They'll think, "bah, it's not text/video" and close the browser tab.
Generalizing, there are two kinds of audio listeners, the ones who have a podcast app with their favorite shows and have integrated podcast listening into their daily workflows, like running or commuting, and the rest. That majority are casual listeners, who aren't used to consume content in an audio format. It's not that they don't have the time; some people will block half their morning to watch a Minecraft show on Youtube, but won't listen to a 40-minute podcast on their way to school.
Well, unless they really like it. There's no trick here, people only do stuff that either makes them feel good, or they get paid for.
How to get people to quickly check out our 90-minute podcast? They can't just skim audio as if it were text.
Here's where micro podcasts may help. A micro podcast could be defined as an audio file with the following characteristics:
- Self contained, i.e. not an excerpt or a slice of a full show
- No longer than 5-7 minutes
- Has the same quality of a full show, including audio production and contents
My theory is that there is excellent podcast content, but unlike text and video, it is very difficult for a potential listener to decide if they are going to like it. Thus, they don't make the investment of listening to a couple long episodes to make that decision.
I'm currently experimenting with a podcast-in-a-tweet. It's like a regular micro podcast, but the main distribution channel is Twitter. The audio is actually hosted somewhere, but my marketing strategy is 100% focused on Twitter.
That's ideal because it appears in front of the audience exactly at a point when they are predisposed to consume content, since they are in fact browsing Twitter. Furthermore, they don't need to leave the page or perform another action, like subscribing or downloading a file.
Click and listen. Since the episode is very short, the user is still there, in front of a text box, when the show finishes. That directly invites the audience to participate and share while they are still inclined to do so, as opposed to long podcasts which are consumed in a scenario where the listener is unable to interact, like driving or jogging.
Us podcasters may succeed if we can lure the general audience into becoming sporadic audio consumers. Then we should fight to make them regular podcast listeners, but not before. We have to get the format out of the way, at least initially, and push our best content as digestible pills.
I don't know if that will work, it's a wild bet. Right now, since I just started, most of my audience still listens from a podcast app. I guess that old habits die hard, and a person who consumes many shows has little incentive to change their workflow. For them, the micropodcast is in the same category as a regular one, and treat is as such.
Let's try to reach out of our regular audience, the ones who don't have a podcast app. In a few months from now, and thanks to Twitter's new analytics, I'd love to see that the number of casual listeners surpasses the number of subscribers. My goal is not that they end up subscribing to the show, but rather to see a huge spike of social-driven listeners when a brilliant episode is produced, similar to what happens when awesome content is published in other formats.
If you are a podcaster or a listener, I'd love to hear your opinion. I really want to see people who never cared for audio listening to micro podcasts. That'd be an enormous achievement.
Can you imagine how awesome it would have been to be an entrepreneur in 1985 when almost any dot com name you wanted was available? All words; short ones, cool ones. All you had to do was ask for the one you wanted
But, but... here is the thing. In terms of the internet, nothing has happened yet. The internet is still at the beginning of its beginning. If we could climb into a time machine and journey 30 years into the future, and from that vantage look back to today, we'd realize that most of the greatest products running the lives of citizens in 2044 were not invented until after 2014
It looks like the new "encrypted by default" policy on smartphones is freaking out law enforcement agencies. Honestly, what were they expecting? They have been abusing laws and courts for so long that we are starting to take measures to let private companies protect us from our governments. How twisted is that, huh?
"When I see a police officer now, instead of protected, I feel threatened." That's a bit demagogic but bears some truth. People seem to have interiorized that concept and we now prefer to have some privacy, regardless of what police think. Yes, we are so busy caring for our safety that we don't give a crap if that interferes with the FBI —probably necessary— counterterrorism work.
But wait, is that true? I mean, isn't that reasoning a bit flawed? Are people stupid or careless?
When you think about it for a minute, there is a crucial point. Who is more likely to have resources to circumvent police investigations? Of course, professional criminals. That's why you can't make a backup of your DVDs, but pirates can. Professionals always find a way, it's regular citizens who have no means to protect themselves.
This is a comic I made in 2005 (click to zoom).
It says, "The EU wants to keep a record of phone calls, SMS and emails as a security measure against terrorism." Then, an Al-Qaeda terrorist who's planning to bomb the twin towers starts using carrier pigeons. Both his phone and computer are wired to the CIA, but that's of no use now.
As time told, they passed that law, and now everyone's communications are under police eyes. It's ironic, but nowadays the communications protocol which is the most protected by law is... postal mail.
In the end, it is a false sense of security. We have to give our laptop password to a random guy on an airport and let him check our email and pictures while real terrorists have a decoy encrypted partition. They can manage all the hassle, we can't, so they win.
Or better, they will carry paper documents in a briefcase. Expect next decades' spy films to stop portraying criminals as cyberpunk hackers and go back to the 50's analogic look. In the age of Apple Watches, nobody will suspect that a Casio watch hides a microfilm with the schematics for a bomb.
Marco posted about some internet drama and I found the second part of the post quite enlightening.
We allow people access to us 24/7. We're always in public, constantly checking an anonymous comment box, trying to explain ourselves to everyone, and trying to win unwinnable arguments with strangers who don’t matter in our lives at all.
That is exactly spot on, and that is why I always recommend disabling all notifications on your phone except for a few important people on Whatsapp. Otherwise, any random person on the internet can ruin your day at any time with an offensive comment on any public website.
Nice piece by Alexis C. Madrigal on why the email will live long and strong for many years to come. Furthermore, I agree with thim that all these startups trying to replace it with some other proprietary protocol are pretty much doomed.
IM didn't kill the email and it has been around since the nineties; phone messengers have taken some of its market quota and use cases, but THE messaging protocol is still email.
Who knows, maybe in five years I have to eat my words. Meanwhile, I'm positive that it was a good choice of a protocol for feenbox
In Spain we have an old proverb, La avaricia rompe el saco. Literally "greed bursts the sack"; it means that if you fill a purse with too many coins it will break and you will end up with none.
This week, the Spanish Congress passed a law with two main goals:
- Ban torrenting sites, i.e. that is link-only sites (not content hosts), which is a totally different topic.
- Make social aggregators pay media publishers for the use of news excerpts.
More details can be found on this Gizmodo article
If this weren't so serious I'd say that news lobbies pressing against the right to quote, you know, the one their business is based on, is ironic.
But this is so outrageously hypocritical that it's not ironic, it's immoral and vomitive. Disgusting. Greedy to the extreme. This is a capital crime against ethics.
So why did they just do that?
Last year, Google was forced to pay French publishers for use of their content. Spanish publisher lobby AEDE (lack of link intended) saw here a huge opportunity: let's do the same and get free money from Google.
Google is so big that's it's an easy target. Demagogy is so simple; Google is a tech giant that does fiscal engineering to avoid paying taxes and profits from our content. Yes, that's true. But Google does exactly what these publishers do: curate what others say and provide citations to strengthen and validate their job.
But then, Google's natural reaction would have been, "You don't want my traffic? Wish granted! Next time, be careful what you wish". However, AEDE had anticipated this, so with the new law content providers can't opt out by not linking to AEDE's affiliated media. F*ck off genie, we wished for infinite wishes!
It's so effortless to lobby in a corrupt and manipulated environment where politicians don't even know what a link is.
But wait, there's more.
- It has not been proved that content aggregation limits the editor's earnings. Of course; it's the opposite, it actually drives them more traffic—300M yearly visits, according to an admin of one of those sites.
- There is no basis to establish an inalienable compensation towards media editors and, if it were any, this new legislation is not the best way to go.
- The new law reduces legal security for Spanish internet companies.
- Media aggregation is necessary and positive from a "freedom of speech" standpoint. Unavailability of aggregators can drive small publishers to extinction and leave users without an important tool to diversify their media consumption.
Please read and think about the last point again, because it is very, very important.
Let's summarize what is happening here:
Big media editors AEDE, most of which pro-government, in collusion with the corrupt Spanish politicians have managed a masterstroke which they think will:
- Get them free money
- Destroy the discoverability of smaller media competitors, usually critical with the government
- Hinder the future of Spanish internet tech business, their main competitor
- Get more exposure, since readers won't have access to media agreggation and will resort to reading just one or two outlets
In reality, what is likely to happen is:
- Google will close Google News Spain, no big problem
- Spanish media aggregators will move their business abroad and won't contribute taxes to the country
- Tech enterpreneurs will realize that Spain is a shitty country to invest money on
- Without Google, the aggregators, and thanks to the increasing user boycott to AEDE media, those editors will lose traffic and money.
This is so, so sad.
It is clear that traditional media companies are suffering because of the internet revolution and need to fight in some way. However, they are cutting their own nose to spite the face. And, in the way, they are denying others a right, not a banal one, but the right to quote, which news business is built on.
I honestly think that traditional media is absolutely necessary even today. They are the ones who report, research, discover, analyze and interpret what's happening in the world. Specially in Spain, where we don't have these modern US internet-only media companies which don't just feast on press releases but do real journalism.
This is not a cry against traditional media. People, most of all, need them. But people also need aggregators to contrast different views on news. Aggregators need media because it's impossible to talk about news without a headline and an excerpt to reveal what's going on. And media, most of all, needs aggregators and people to survive in today's world.
Now the law has been passed. Though it needs to be ratified in the Senate, it is a pantomime because the majorities are the same as in Congress and also Congress has the last word even if the Senate votes against it (take that, Montesquieu!). What will media editors do when they start losing money and realize the harm they have done to themselves, the Government, Spanish media consumers and the Spanish tech industry?
Next time you think somebody is stupid, remember that the Spanish press just got in a war with Google, Facebook and Twitter because they want them to stop linking to their content.
Crazy world we live in, huh?