Here we go again: another messaging app, more illusions of privacy and security

Posted on by

Post updated — see below.

Simon Davies has an interesting take on the fallout from Facebook’s acquisition of WhatsApp.

In one of the most persuasive displays ever of the market power of consumer privacy, Facebook’s recent $19BN acquisition of the popular messaging app WhatsApp appears to have been given the thumbs-down by millions of users.

While it may be too early to produce a conclusive analysis, there are solid indications that the trend of new sign-ups to messaging apps over the past two weeks has overwhelmingly favoured the privacy-friendly Telegram app and has shifted decisively away from WhatsApp. Telegram has reportedly picked up between two and three million new users a day since the purchase was announced just over two weeks ago.

Davies says that “Telegram has built a range of attractive privacy features, including heavy end-to-end encryption and a message destruct function. As a result, many privacy professionals regard the app as the market leader for privacy.”

Hmmm… Davies points out that a German product test group recently criticised Telegram, on the grounds that

Telegram ist als einzige der getesteten Apps zumindest teil­weise quell­offen. Eine voll­ständige Analyse der verschlüsselten Daten­über­tragung war jedoch aufgrund der nur partiell einsehbaren Software-Programmierung nicht möglich…

…which I interpret as a view that judgement has to be withheld because the Telegram code is not fully open source — and therefore not open to independent scrutiny.

Anyway, intrigued, I downloaded the IoS version of the Telegram App to see what the fuss was about. The download was quick and efficient. The interface is clean. To get started you enter your mobile number and Telegram sends you a code when you then enter to confirm that it is indeed your phone. It then asks for access to your phone contacts which, it tells you, will be stored in the Cloud in heavily encrypted form…

Oh yeah? Can’t you just imagine the hoots of laughter in Fort Meade!

LATER: A colleague who is less linguistically-challenged than me writes:

I’m not sure that Simon Davis or you got the right angle on that test.de report on WhatsApp and alternatives. It’s true that test.de didn’t like it much, but their point about open source in the part you quoted is actually quite positive – it’s saying saying that it’s the only one of the apps they looked at that was even partly open source. A translation of the bit you quoted would be something like , “Telegram is, at least, the only one of the apps we tested that is partly open source. However, because the programming is only partly transparent, a complete analysis of its encrypted data transmission was not possible.” And the next sentence goes on to say, “But the testers can rule out the possibility that it transmits data unencrypted.”

That’s actually more positive than what they say in the corresponding section about any of the other apps, where they generally say they aren’t open source so that the testers can’t be sure that some data are not transmitted in unencrypted form.

Obviously that’s not a killer point for the German testers, however, because the only app they didn’t regard as having important problems is Threema, which isn’t open source.

What they didn’t like about Telegram is that:
* You have to choose explicitly to use encrypted transmission by choosing the “Secret Chat” option.
* The app automatically stores all your address book (contact) entries without asking you or asking the other people in the address book.
* In their conditions of use, users agree that the software house can store the user’s address book entries. No official address details (‘Impressum’) are given for the software house and there’s no contact adrdess where you can ask questions about data protection.

He’s put his finger on the biggest problem, in a way, which is not just that the App’s owners require you to upload your contact information in the Cloud, but that by accepting this requirement you compromise all those contacts without their knowledge or consent. This is the point that Eben Moglen was making in his wonderful Snowden lectures when he pointed out that acceptance of Gmail’s Terms and Conditions allows Google not only to read your own mail, but also that of your correspondents, none of whom have consented to that. (Though no doubt a slick lawyer will try on the argument that anyone who emails someone with a Gmail address implicitly gives his/her consent.)

Oscar Nights

Posted on by

Is it time for the Oscars again? Surely not? How time flies when you’re enjoying yourself. Our research project has been running a little film season on the general theme of ‘conspiracy’ (last week’s was All the Presidents Men) and we had a slight struggle to get them screened because “it’s the run-up to the Oscars” — which apparently meant that The Management thought that every screen under their control should be showing a nominated film, rather than some boring old celluloid film from the Dark Ages before CGA.

Where was I? Oh, yes, the Oscars. I’m not much of a film-goer and I detest awards ceremonies, whether in the UK (the BAFTAs) or the US. So imagine my delight at discovering (courtesy of The Browser) this wonderful essay by Raymond Chandler on the 1948 Oscar ceremony. “It isn’t so much that the awards never go to fine achievements”, he writes, “as that those fine achievements are not rewarded as such.

They are rewarded as fine achievements in box-office hits. You can’t be an All-American on a losing team. Technically, they are voted, but actually they are not decided by the use of whatever artistic and critical wisdom Hollywood may happen to possess. They are ballyhooed, pushed, yelled, screamed, and in every way propagandized into the consciousness of the voters so incessantly, in the weeks before the final balloting, that everything except the golden aura of the box office is forgotten.

[…]

If you think most motion pictures are bad, which they are (including the foreign), find out from some initiate how they are made, and you will be astonished that any of them could be good. Making a fine motion picture is like painting “The Laughing Cavalier” in Macy’s basement, with a floorwalker to mix your colors for you. Of course most motion pictures are bad. Why wouldn’t they be? Apart from its own intrinsic handicaps of excessive cost, hypercritical bluenosed censorship, and the lack of any single-minded controlling force in the making, the motion picture is bad because 90 per cent of its source material is tripe, and the other 10 per cent is a little too virile and plain-spoken for the putty-minded clerics, the elderly ingénues of the women’s clubs, and the tender guardians of that godawful mixture of boredom and bad manners known more eloquently as the Impressionable Age.

And this:

It doesn’t really seem to make much difference how the voting is done. The quality of the work is still only recognized in the context of success. A superb job in a flop picture would get you nothing, a routine job in a winner will be voted in. It is against this background of success-worship that the voting is done, with the incidental music supplied by a stream of advertising in the trade papers (which even intelligent people read in Hollywood) designed to put all other pictures than those advertised out of your head at balloting time. The psychological effect is very great on minds conditioned to thinking of merit solely in terms of box office and ballyhoo. The members of the Academy live in this atmosphere, and they are enormously suggestible people, as are all workers in Hollywood.

Lots more in that vein. Wonderful stuff, which made me laugh out loud and reminded me that there is nothing — but nothing — to beat a good writer in disdainful mood.

Mobile phones: huge industry, no new ideas

Posted on by

This morning’s Observer column.

Leave aside the fact that it was Apple that triggered the most recent explosion in the mobile industry – the smartphone revolution – and ponder what was actually on show in Barcelona. The answer, in the words of one astute and unsentimental observer, Professor Barry Avery, was: “Many phones, little innovation.” (Shades of Yeats’s pithy description of his – and my – native land: “Great hatred, little room.”)

“The message coming out of this year’s event,” wrote Avery, “is that while there are lots of new phones coming, we shouldn’t expect a great technological leap from any of them. Most of the phones are incremental updates, running the latest version of Android’s mobile phone operating system KitKat.”

Avery is too polite. The truth is that the mobile phone industry has run out of ideas. Every single smartphone in the market is basically just a variation on the Apple iPhone theme. And the variations, such as they are, are looking increasingly – and desperately – baroque…

The real significance of WhatsApp

Posted on by

I’ve been convinced for ages that the advertising-based business model of most web services is ultimately going to wither away for two reasons: it depends for its survival on the ruthless exploitation of people’s privacy; and it will have to increase its intrusiveness in order to generate the returns that investors require – which means that users will become increasingly hostile to it, and eventually seek alternatives.

It’s also seemed obvious to me for a long time that, in the end, cyberspace will have to resemble Meatspace in one respect – namely that if you want to have something that costs money to create, then you will have to pay for it.

What’s so refreshing about WhatsApp is that its co-founders understood that from the beginning. People who use the service will have to pay (modestly) for the privilege. There’s such a refreshing honesty about that, compared to the manipulative dishonesty of what Jaron Lanier calls the “siren servers”.

None of this is new, of course: wiser people than me – for example Doc Searls – have been saying it for years, as Zachary Seward points out in a splendid post on Quartz.com.

He writes about the “disquieting suspicion” that, in the long run, advertising simply might not work for the mobile web.

“No one wakes up excited to see more advertising, no one goes to sleep thinking about the ads they’ll see tomorrow,” Koum wrote in 2012. It echoed a prophesy that writer Doc Searls made about the web all the way back in 1998: “There is no demand for messages.”

Of course, Searls wasn’t talking about the kind of person-to-person messages that WhatsApp specializes in. Rather, he was pushing the idea that the internet would lead to the erosion of mass media where messages—think corporate marketing or political messaging—could be imposed on people no matter what. That happened to an extent, but most of the web’s big businesses—Facebook chief among them—can fairly be described as mass media. At any rate, they have been successful selling ads.

What if things are different—and much closer to Searls’s vision—on the mobile internet? [Jan] Koum [WhatsApp’s co-founder] certainly thinks so: ”Cellphones are so personal and private to you that putting an advertisement there is not a good experience,” he said last year. He has described mobile messaging as a utility akin to water or gas.

The impending STEM crisis

Posted on by

My Observer comment piece about what’s happening to postgraduate student numbers in UK universities.

Here’s an interesting fact: for the last five years in UK universities, foreign postgraduate students have outnumbered British ones. International student numbers have grown by 90% in the past decade while the number of homegrown students has fallen by 12% in the past three years. And this despite the best efforts of the government and the Border Agency to dissuade students from coming to the UK.

The disproportionate growth in foreign postgraduates is good news for UK universities (because overseas students pay hefty fees), but bad for the society that supports those institutions. And it looks as though the situation will get worse.

Read on

Internet giants: capitalism red in tooth and claw

Posted on by

This morning’s Observer column.

Like the other titans of the online world – Google, Facebook, Yahoo and to a lesser extent, Microsoft – Amazon is driven by data and algorithms. But not entirely. What many of its customers may not realise is that the results generated by Amazon’s search engine are partly determined by promotional fees extracted from publishers. In his book The Everything Store: Jeff Bezos and the Age of Amazon, Brad Stone describes one campaign to exert pressure for better terms on the more vulnerable publishers. It was known internally as the gazelle project, after Bezos suggested “that Amazon should approach these small publishers the way a cheetah would pursue a sickly gazelle”. (With a nice Orwellian touch, company lawyers later changed the name to the “small publisher negotiation programme”.)

That’s a revealing metaphor: capitalism red in tooth and claw. And it’s a useful antidote to the soothing PR of the corporations that now dominate our networked world…

Read on

LATER: Ram Reddy emails to point out Jeff Bezos’s wife’s very critical review of Brad Stone’s book — published on the book’s Amazon.com site. Excerpt:

Everywhere I can fact check from personal knowledge, I find way too many inaccuracies, and unfortunately that casts doubt over every episode in the book. Like two other reviewers here, Jonathan Leblang and Rick Dalzell, I have firsthand knowledge of many of the events. I worked for Jeff at D. E. Shaw, I was there when he wrote the business plan, and I worked with him and many others represented in the converted garage, the basement warehouse closet, the barbecue-scented offices, the Christmas-rush distribution centers, and the door-desk filled conference rooms in the early years of Amazon’s history. Jeff and I have been married for 20 years.

While numerous factual inaccuracies are certainly troubling in a book being promoted to readers as a meticulously researched definitive history, they are not the biggest problem here. The book is also full of techniques which stretch the boundaries of non-fiction, and the result is a lopsided and misleading portrait of the people and culture at Amazon. An author writing about any large organization will encounter people who recall moments of tension out of tens of thousands of hours of meetings and characterize them in their own way, and including those is legitimate. But I would caution readers to take note of the weak rhetorical devices used to make it sound like these quotes reflect daily life at Amazon or the majority viewpoint about working there.

Interestingly, when she came to look for a publisher for her own novel, she took it to an old-fashioned bricks ‘n mortar publisher: Knopf.

WhatsApp: in the end, money talks

Posted on by

The thing I liked most about WhatsApp is that it had a sustainable business model that did not require it to screw its users: you paid for it, just like you pay for electricity or petrol in the offline world. And now it’s been gobbled up by one of the “siren servers” that makes its money by spying on its users. Bah!

I also admire Jan Koum, WhatsApp’s co-founder and CEO, who seems to me to be one of the sanest people in the Valley. This interview (with Kara Swisher) gives a flavour of the man.

When are leaks legitimate?

Posted on by

Thoughtful review by Jack Shafer of Rahul Sagar’s Secrets and Leaks: The Dilemma of State Secrecy (Princeton University Press, 2013, 304 pp. $35.00).

Sagar asks, when is it legitimate for an official to disclose secrets? His answer is both conventional and brave — because he must know how many readers will find examples that call his reasoning into question. Unauthorized disclosures of classified material should remain illegal, he writes, because no one official can know with any certainty which disclosures will ultimately serve the public interest. Having made the case for keeping the laws against leaking secrets intact, Sagar then sets five conditions a disclosure must meet before officials can disregard the laws: the disclosure must reveal real wrongdoing or the abuse of public authority, it must be based on evidence rather than hearsay, it must not threaten public safety disproportionately, it must be limited in scale and scope as much as possible, and the leaker must unmask himself and take his lumps to prove that he made the disclosure in good faith and not to gain advantage for himself or his allies.

The Snowden affair happened too late for Sagar to include it in Secrets and Leaks beyond a throwaway footnote, but it makes for an obvious and interesting test of Sagar’s framework. Snowden’s unilateral disclosures do not come close to clearing Sagar’s standard for legalization: as an NSA worker bee, Snowden was in no position to balance the public-interest repercussions of his acts. Nor do they clear Sagar’s first condition for justifiability: although the mass surveillance Snowden revealed may have come as a disconcerting shock to many of his fellow citizens, it might not have been illegal.

Shafer goes on to apply Sagar’s other tests to Snowden and makes some interesting points. He finds that some of them aren’t really relevant or useful. So we’re back to the intractable problem of how to deal with excessive secrecy in a democratic society.

Sagar devotes a chapter to why the regulation of secrecy can’t be turned over to the courts — they lack the expertise and the training to parse secrets, and they are supposed to be open institutions, doing their business in public. Nor can Americans expect Congress to do much better than the executive branch, he argues in another entire chapter. Congress can serve as a watchdog, but there is no reason to think it “will behave any more responsibly than the president,” especially when it knows that outsiders will not be able to second-guess its decisions. That leaves whistleblowers and the press to hold the president accountable for his handling of secrets. Sagar shuns this option. Although he approves of leaks that prevent abuses of power, he believes (along with many others in and around government) that journalists lack the necessary understanding of the big picture to responsibly pass unauthorized disclosures on to the public.

I disagree (but then, as a journalist, I would), because from where I sit, it seems the press has actually been quite conscientious in this regard — for example, in its reporting on the files stolen by the army private now known as Chelsea Manning. In January 2011, my Reuters colleague Mark Hosenball, a national security reporter, cited internal U.S. government reviews that assert that the massive leaks of diplomatic cables by Manning “caused only limited damage to U.S. interests abroad” and “made public few if any real intelligence secrets.” As with the publication of the Pentagon Papers, the leaks created more embarrassment than damage.

As for the Snowden leaks, it’s too early for journalists and others to discount the damage they may have done to U.S. national security. But rare is the leaker whose output unites almost half the House of Representatives, as well as the top Internet companies — Google, Microsoft, Facebook, Apple, Twitter, LinkedIn, Yahoo, and AOL — which issued a joint statement in early December protesting the government spying revealed by journalists working with Snowden.

This is a very good review which makes uncomfortable reading because it suggests that the ‘democratic dilemma’ of how to balance secrecy with accountability and openness might actually be insoluble. Some of the most vociferous establishment attacks on the Guardian‘s Editor, Alan Rusbridger, focus on the proposition that he is not in a position to judge whether a particular disclosure will endanger national security. But the weakness of that position is its assertion that only those who are within the secret circle are capable of making the judgement call. And, because of the necessity for secrecy, they can never explain their reasoning to us: in the end, that proposition boils down to “trust us”. But we have no idea if they are worthy of that trust, and sometimes they have clearly shown that they are not.

Lost in translation

Posted on by

It seems that my column about the anniversary of the BBC Micro has wound up in unexpected places. Today I received this charming email from a Greek who has been struggling to understand my references to (Sir) Clive Sinclair.

Good day.

Would you be so kind to explain this sentence?

“One was Sinclair Research, the eponymous vehicle of Clive Sinclair, a self-made man who worshipped his creator.”

I’m poor in english, but friends of mine who are good enough to work as teacher and translator, are met problems with understanding too.

Well I admit, the “vehicle” is just comprehensive metaphor for company, that allows its creator to move forward bot in professional and social planes. But “eponymous”? Did you meant company gave its name to products or made Clive famous?

Next problem is right after second comma: “a self-made man who worshipped his creator”. I think, the “self-made man” is mr. Sinclair. What about worshipping then? I even peeked in wikipedia, but there is nothing about religious motives of Sinclair nor his family traditions.

My reply:

Thanks for your email.

  1. “vehicle” is indeed a metaphor for his company, which was the corporate extension of SInclair’s personality.

  2. “a self-made man who worshipped his creator”. This an English joke, I’m afraid. Clive Sinclair is indeed a self-made man in the sense that he came from a relatively obscure background. But he also has a very high opinion of himself. A polite way of putting it would be to say that he does not suffer from a lack of self-esteem.

No religious connection is implied by the joke.

Best

John

It’s a reminder of how difficult translation is. And how impossible culturally-specific jokes are for non-native speakers.