September 30, 2015

How ISPs Will Royally Sucker the Internet, Thanks to Ad Blocking

Largely lost in the current controversies about users blocking ads from websites is a dirty little secret -- users are about to be played for suckers by the dominant ISPs around the world, and ad blocking will be the "camel's nose under the tent" that makes these ISPs' ultimate wet dreams of total control over Internet content come true at last.

There have been a number of clues already, with one particularly notable new one today.

The big red flashing warning light is the fact that in some cases it's possible for firms to buy their way past ad blockers -- proving demonstrably that what's really going on is that these ad blocking firms want a piece of the advertising pie -- while all the time they wax poetic propaganda about how much they hate -- simply hate! -- all those ads.

But these guys are just clowns compared to the big boys -- the dominant ISPs around the world.

And those ISPs have for so very long wanted their slices of that same pie. They want the money coming, going, in and out -- as SBC's CEO Edward Whitacre noted back in 2005 during their takeover of AT&T, when he famously asked "Why should [Internet sites] be allowed to use [my] pipes for free?" -- conveniently ignoring the fact that his subscribers were already paying him for Internet access to websites.

Now -- today -- ISPs sense that it's finally time to plunge their fangs into the Net's jugular, to really get the blood gushing out into deep scarlet pools of money.

Mobile operator Digicel announced today that they intend to block advertising (except for some local advertisers) on their networks across the South Pacific and Caribbean, unless -- you guessed it -- websites pay them to let their ads through.

And while their claimed targets are Google, Facebook, Yahoo, and the other major players, you know that it will never stop there, and ultimately millions of small businesses and other small websites -- many of them one person operations, often not even commercial -- who depend on those ads will be decimated.

Germany's Deutsche Telekom is known to have been "toying" with the same concept, and you can be sure that many other ISPs are as well. They're not interested in "protecting" users from ads -- they're all about control and extorting money from both sides of the game -- their subscribers and the sites those subscribers need to access.

Where this all likely leads is unfortunately very clear. No crystal ball required.

Some sites will block ISPs who try this game. Broad use of SSL will limit some of these ISPs' more rudimentary efforts to manipulate the data flows between sites and subscribers. Technology will advance quickly to move ads "inline" to content servers, making them much more difficult to effectively block.

But right now, firms such as Israeli startup Shine Technologies are moving aggressively to promote carrier level blocking systems to feed ISP greed.

Yet this isn't the worst of it. Because once ISPs have a taste of the control, power, and money - money - money that comes with micromanagement of their subscribers' Internet access and usage, the next step is obvious, especially in countries where strong net neutrality protections are not in place or are at risk of being repealed with the next administration.

Perhaps you remember a joke ad that was floating around some years ago, showing a purported price list for a future ISP -- with different prices depending on which Internet sites you wanted to access. Pay X dollars more a month to your ISP if you want to be permitted to reach Google. Pay Y dollars more a month for Facebook access. Another Z dollars a month for permission from your ISP to connect to Netflix. And so on.

It seemed pretty funny at the time.

It's not so funny now -- because it's the next logical step after ISP attempts at ad blocking. And in fact, blocking entire sites is technically usually far easier than trying to only block ads related to particular sites -- most users won't know about workarounds like proxies and VPNs, and the ISPs can try block those as well.

These are the kinds of nightmarish outcomes we can look forward to as a consequence of tampering with the Internet's original end-to-end model, especially at the ISP level.

It's a road to even more riches for the dominant ISPs, ever higher prices for their subscribers, and the ruin of vast numbers of websites, especially smaller ones with limited income sources.

It's the path to an Internet that closely resembles the vast wasteland that is cable TV today. And it's no coincidence that the dominant ISPs, frantic over fears of their control being subverted by so-called cable TV "cord cutters" moving to the Internet alone, now hope to remake the Internet itself in the image of cable TV's most hideous, anti-consumer attributes.

Nope, you don't need a Tarot deck or a Ouija board to see the future of the Internet these days, if the current patterns remain on their present course.

Whether or not our Internet actually remains on this grievous path, is of course ultimately in our hands.

But are we up to the challenge? Or are we suckers, after all?

I have consulted to Google, but I am not currently doing so.
All opinions expressed here are mine alone.

Posted by Lauren at 03:47 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

September 28, 2015

Law Enforcement's Love/Hate Relationship with Cloud Auto Backup

There's a story going around today regarding an individual who was arrested and charged with assaulting a police officer when authorities arrived over a noise complaint. But cellphone video recorded by the arrestee convinced a judge that police had assaulted him, not the other way around. What's particularly unusual in this case is that the arrestee's cellphone had "mysteriously" vanished at the police station before any video was discovered.

So how was the exonerating video ultimately resurrected? Turns out it was saved up on Google servers via the phone's enabled auto backup system. So the phone's physical vanishing did not prevent the video from being saved to help prevent a serious miscarriage of justice.

Lawyers and law enforcement personnel around the world are probably considering this story carefully tonight, and they're likely to realize that such automatic backup capabilities may be double-edged swords.

On one hand, abusive cops can't depend on destroying evidence by making cellphones disappear or be "accidentally" crushed under a boot. Evidence favorable to the defendant might still be up on cloud servers, ready to reappear at any time.

But this also means that we may likely also expect to see increasing numbers of subpoenas triggered by law enforcement, lawyers, government agencies, and other interested parties, wanting to go on fishing expeditions through suspects' cloud accounts in the hopes of finding incriminating photographic or video evidence that might have been auto-backed up without the knowledge or realization of the suspects.

While few would argue that guilty suspects should go free, there is more at stake here.

The fact of such fishing expeditions being possible may dissuade many persons from enabling photo/video auto backup systems in the first place -- not because they plan to commit crimes, but just based on relatively vague privacy concerns. Even if the vast majority of honest persons would have no realistic chance of being targeted by the government for such a cloud search, an emotional factor is likely to be real for many innocent persons nonetheless.

And of course, if you've turned off auto backup due to such concerns, video or other data that might otherwise have been available to save the day at some point in the future, instead may not be available at all.

Adding to the complexities of this calculus is the fact that most uploaded videos or photos on these advanced systems are not subject to the kind of strong end-to-end encryption that has been the focus of ongoing controversies regarding proposed "back door" access to encrypted user data by authorities.

Obviously, for photos or videos to be processed in the typical manner by service providers, they will be stored in the clear -- not encrypted -- at various stages of the service ecosystem, at least temporarily.

What this all amounts to is that we're on the cusp of a brave new world when it comes to photos and videos automatically being protected in the cloud, and sometimes being unexpectedly available as a result.

The issues involved will be complicated both technically and legally, and we have only really begun to consider their ramifications, especially in relationship to escalating demands by authorities for access to user data of all kinds in many contexts.

Fasten your seatbelts.

I have consulted to Google, but I am not currently doing so.
All opinions expressed here are mine alone.

Posted by Lauren at 08:05 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

September 19, 2015

You'll Probably Hate this Posting about Ad Blockers and Ad Blocking

This is a discussion that I really wish didn't need to take place at all.

But we're here, and while understanding how we got to this point is obviously crucially important, mapping the way forward is even more of a priority.

By now you may know that I've taken a rather hard -- and in some quarters quite unpopular -- stance against ad blockers and ad blocking.

Luckily, I'm not running a popularity contest. So I want to briefly explain some aspects of my reasoning on this.

I'm not claiming any brilliant philosophical insights, but I do perhaps bring two aspects to the table of some value. One is historical perspective, thanks to having been hanging around the Net pretty much since its beginning.

The second aspect is the continual flood of unsolicited email (and sometimes phone!) queries that I receive about Google, broader Internet issues, and other tech-related topics. This provides me with an enormous amount of data concerning Internet users' thinking and worries. It's all self-selected of course -- so cannot be used for statistically valid extrapolations -- but it does cover the gamut in useful ways.

The ad blocking crisis -- and I do believe we are now on the cusp of a true crisis in this regard -- has been long coming.

There's no denying that in many ways Web ads have flown out of control. People used to complain about relatively lightweight static banner ads. But the rise of large, pre-loaded (and perhaps the worst sin of all, autoplaying with audio) full-motion video ads was the straw that broke the camel's back for many users. Browser developers have moved rapidly to provide their own mechanisms to prevent those from suddenly blaring out of your speakers unexpectedly, but there's no denying the existence of an "arms race" in ads, particularly from less savory sources.

But we get into trouble rapidly if we try treat all ads and all ad networks as being inherently evil, and the collateral damage to the forces of "goodness and niceness" (as Maxwell Smart used to say) can be devastating.

Because all ad networks and all ads are definitely NOT created equal.

And despite the statements of many ad blocking proponents who claim to only be concerned about "bad" and "misbehaving" ads, or slower page load speeds, or ad-enabled malware, my view is that in most cases these claims -- and the circumstances that flow from them -- are both cavalier and hypocritical.

Email I've been receiving on this topic over the last few days has broken down mainly into two categories.

First, there are the small websites, often one-person sites, or husband and wife, who operate on essentially a "hobby" basis and are terrified of losing even the relatively small amount they receive from ads that help them keep their heads above water and the websites on the air.

Ad blocking proponents by and large are taking a remarkably evil attitude toward such sites, saying things like "if you can't find other ways to make money go out of business" -- or much stronger language.

Outside of the fact that many of these sites aren't even businesses in the first place, just informational and/or fun hobby sites, the reality is that replacement income models for the existing ad regimes do not exist for most of these websites in a practical sense.

Rupert Murdoch and other giant media conglomerates will find ways to adjust and survive, but for the little guys the situation is much more bleak.

Paywalled subscription models are utterly impractical for most of them -- the uptake would be minuscule. Micropayment systems have been a parade of failures, and none exist today with sufficient reach to be of any value at all in these circumstances, even assuming enough people would bother signing up to pay through them in the first place -- a highly doubtful proposition.

This "let the little sites die" attitude on the part of so many ad blocker fans seems most odd given that many of these same people and groups have long at least paid lip service to the concept of diversity on the Web. They've complained that the "big guys" have all the advantages -- even as blocking advocates push a tech that would inevitably funnel an even larger percentage of Net revenues to the media giants as small sites are starved out of existence.

Nor do these proponents seem to care about Internet users who do not have the disposable income to pay actual cash to access sites that they formerly got for free via ads.

Remarkably, at the same time they complain about "walled gardens" or "in-app purchase abuse" -- blocking proponents advocate a blocking regime that will potentially wreck the key aspect of the Net -- open websites themselves -- that have been the one most dependable aspect of open information on the Net since the dawn of the first websites.

And claims that some new revenue mechanism will come along to save small sites sound to my ears like suggesting you'll come up with a cure for the patient after they're dead -- so "nothing to worry about, right?" -- wrong!

Apple's new iOS 9 ad blocking push threatens to be the inflection point that transforms ad blocking from a relatively niche application class to much more of a default situation.

And let's be clear about this. While Apple's actions have been widely characterized as an assault against Google, they can also be viewed as even more of an assault on the entire Internet and the ability to access information openly without sites having to pay Apple for the privilege of reaching users.

Already, "Wired" has published an article that explicitly can only be viewed today if you have an iPhone running iOS 9!

Which brings us to the second category of relevant email I've been receiving lately -- messages from the ad blocking proponents themselves -- many of whom insist that they are technically competent and only would block "bad" ads -- not ads that they personally found to be acceptable and pure of heart.

I don't believe most of them, because in so many cases there's an implicit (or even explicit!) subtext that they feel somehow "privileged" and above the fray, deserving of getting everything they want for free. And yes, many of these ad block proponents are launching into "information wants to be free" tirades that cover reading websites while blocking ads, stealing music and movies, and all the rest.

These ad blocking groupies also tend to make propagandist, false statements about the tracking and ad targeting models associated with ad networks, failing to note that the reputable networks maintain user anonymity in their systems, don't sell user data to third parties, and are vastly more protective of user data than your friendly bank or credit card company who often happily sell fully-identified -- not anonymous! -- data to third parties in enormous quantities.

But let's leave these "technically competent" ad blocker fans aside for the moment.

Because as ad blocking rapidly goes mainstream and even installed by default, the majority of users are never going to change the ad blocker settings to let "good" ads through.

What's more, you can be sure that the most popular ad blockers will be the ones that attempt to block ALL ads, just as a cable TV channel with commercials would quickly be abandoned for a channel with the same programming without commercials.

Already we've seen the author of a blocking app that had over several days become the most popular application in the Apple App Store actually and admirably withdraw it, expressing what we could call "developer's remorse" over the collateral damage his app could do. But plenty of blocking apps written by far less ethical authors were ready and waiting to take up the slack.

For sites without other income possibilities, there are a number of ways they can try fight back, all of them unfortunate.

They can try block users who are using ad blockers. Some sites are already doing this (including some major sites on some materials). They could dramatically slow down page speeds to users with blockers.

They could start running sleazy paid "native advertising" -- fake articles that are actually paid placements and would be unblockable by conventional ad blockers, causing users to effectively trade ads that they knew were ads for ads that they probably won't realize are ads at all.

My guess though is that associated pleas to users to turn off ad blockers will meet with deaf ears. Most people won't bother, but will still express endless indignation as their personally favorite small sites gradually wink out of existence, along with most of the Web's diversity.

I don't have a magic wand solution to any of this, but I will openly admit that the pervasive hypocrisy I hear from some of the most vocal proponents of ad blocking strike me as deeply selfish and ugly.

Yesterday I created a new Google+ community to discuss these issues, and hopefully to perhaps perceive the start of a path toward workable and practical solutions. It's at:

and you're most welcome to join the discussion there.

In the meantime, please keep in mind that the ads you block may very well be paying one way or another for the content that you and many other people most care about.

Remember, we still don't know how to put Humpty Dumpty back together again.

I have consulted to Google, but I am not currently doing so.
All opinions expressed here are mine alone.

Posted by Lauren at 11:05 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

September 18, 2015

New G+ Community: Ad Blocking Policy Discussions

The widespread use of Web ad blocking technologies carries immense implications for the future of the Web in particular and the Internet in general. While alternative funding models exist for some (especially larger, corporate media) sites, many smaller and/or independent sites do not have alternatives to advertising for even paying their basic bills, risking an enormous loss of diversity on the Web.

Let's discuss the issues:


Posted by Lauren at 02:15 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

September 11, 2015

Why We Positively, Absolutely, Can't Trust the Government with Encryption

By now you're hopefully aware that the U.S. federal government is engaged in a major effort to pressure technology firms like Google and Apple to provide "backdoors" into encryption systems (particularly for mobile devices) that are increasingly designed so that the firms themselves cannot even decrypt the data without cooperation from the devices' owners. Simultaneously, there are efforts to pressure Congress into mandating such backdoors if the firms refuse to voluntarily cooperate.

Despite the fact that essentially every reputable security, encryption, and privacy expert agrees that it is technically impossible to design such a backdoor that would not massively increase the potential for black-hat hacking -- and so dramatically decrease the security of these systems -- law enforcement continues to imply that if you don't see things their way -- well, perhaps you're not a loyal American.

This was very nearly stated explicitly by the FBI and CIA directors at the Intelligence and National Security Summit in Washington yesterday, where the men bemoaned negative public opinion, "deep cynicism," and "venom" directed at the backdoor access plans -- with CIA Director John Brennan suggesting that persons promulgating these views "may be fueled by our adversaries."

Mr. Brennan's remark is reminiscent of President Richard Nixon's paranoid delusions that antiwar Vietnam protesters were all the puppets of ghostly Communist agents.

Well, Mr. Brennan, let me help set you straight regarding your comment, which I believe many of us in the technology community find to be extremely misguided and offensive.

We don't have any foreign masters. We simply don't trust you.

And it's not just you. Almost everywhere we look at the intersection of technology and any agencies involved even peripherally in law enforcement activities, there's a long list of lies, errors, mismanagement, screw-ups, and abuses galore.

It's an ironic situation to be sure, given that the technology displaying these very words at this very moment can trace their ancestry to a Department of Defense computer networking project.

But the sad truth is that at every level of government, no matter whether Democrats or Republicans are in power, it's generally the same story.

It starts at the local level, with municipalities lying to citizens about red light cameras, license plate readers, cellphone interceptors, and other police surveillance systems.

At the state level it moves up to abuse and foul-ups of DMV databases and more.

And at the federal level the list is almost too long to even begin.

The recently revealed Office of Personnel Management hack exposed the personal data -- including sensitive security clearance applications and related forms -- of perhaps four million people or more. A 29-year-old contractor waltzes out of NSA with a thumb drive filled with reams of the agency's most sensitive documents.

No -- Mr. CIA Director and Mr. FBI Director -- you're not going to sell us your foreign influence bogeymen this time.

We simply believe that we cannot trust government agencies to have the honesty and competency to be entrusted with keys to our own encryption -- the security of which is rapidly becoming a fundamental requirement of our day-to-day lives.

Frankly, even if there were a magic wand that could create that impossible backdoor system in a seemingly secure and safe manner -- we still wouldn't and couldn't entrust you not to find avenues to abuse it.

This is overall a very unfortunate state of affairs, because yes, we know that encryption may be leveraged for evil in very serious ways.

But you still can't get blood out of a stone.

The technical reality is that the kinds of encryption backdoors you want cannot be made secure and would themselves represent horrific security risks.

Perhaps someday you'll find ways to earn back our trust. But all the trust in the world won't change the technical realities that make encryption backdoors a non-starter.

And the sooner you understand these truths, the better it will be for us all.

I have consulted to Google, but I am not currently doing so.
All opinions expressed here are mine alone.

Posted by Lauren at 06:58 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein