Canadian Android Carrier Forcing Firmware Update. A Canadian carrier wanted users to download a firmware upgrade that fixed a glitch prohibiting users from dialing 911, so it made the upgrade mandatory. Seems reasonable. But it bundled in an update that “prevent[ed] users from ever gaining root access to their phones.” Sneaky—one more way that contingent generativity really is contingent, even for savvy users.

Biggest Mobile Operators Join Forces On App Store Project. A few dozen mobile operators have come together to try to create a mobile developer’s dream: a set of standards for applications that would work across phones and mobile OSes, and a single app store (with a single approval process) in which to sell those apps. This could be a good thing if it worked—developers might have more say in big-picture application development, and single carriers or hardware manufacturers would have less ability to be a development chokepoint. (It would also be nice for consumers, generally making the smartphone world look more like the PC world.) I’d be more excited if efforts to create uniform mobile standards weren’t so difficult and historically so unsuccessful.

Demand for Android Phones Makes “Monstrous” 250% Jump. Another developer’s dream (perhaps), Android, is seeing significant growth. “Android has finally caught consumer interest,” according to a research firm. Also, Android users are almost as happy as iPhone users with their phone (72% to 77%).

Big Brother Is Here, Families Say. This story is so bizarre, I don’t know what to make of it. A school in Philadelphia gave out laptops without telling the students or their families that the cameras could be remotely activated. The idea was to use the cameras if the laptops were stolen, but one family claims a camera was used to spy on a student. If true (details are cloudy), that would (a) be mind-bogglingly dumb on the school’s part, and (b) reminiscent of this (ubiquitous cameras) and this (remote activation) in the book. Check out the Onion’s take here.

Microsoft takes the StopBadware Approach Further. Last week, MS obtained a restraining order to deactivate 277 domain names it had linked to the Waledec botnet. Severing the connection between drones and the mothership goes beyond tactics employed by the Google/StopBadware Project.  It effectively makes the targeted websites invisible, instead of slapping a prominent warning label on them. Although MS attempted to cut off only addresses used exclusively for spam, it appears that the single U.S.-based target may be a legitimate site, if a hapless drone.  While owners have the opportunity to reclaim their addresses, MS’s actions raise questions of proportionality and whether cooperation and information-sharing between prominent Internet denizens, such as MS and Google, if possible, would result in more efficient and just solutions. Their approach also highlights the tension between the need for secrecy to effectively attack the spam network and the notice usually required prior to legal action.

One step behind. Thesixtyone.com, a site that allows the public to listen to, rate, and buy largely indie music, is looking for a hacker that can break up the bot-powered voting rings seeking to game their democratic rating system.  A laudable goal, but one spammers have already begun to circumvent by using real people instead of bots.

Passing through the cloud. Katherine Boehret recently reviewed Pogoplug, a device that makes files web-accessible without actually storing them in the cloud.  While this type of solution doesn’t address data-portability concerns surrounding extraction of personal data in usable form – to allow seamless transition between social networking sites, for example – it does let the user to maintain more control over data instead of entrusting it entirely to the cloud.  This control prevents third parties from holding data hostage and from losing, allowing government access to, selling, or mining personal information; but users can still access their files from almost anywhere.

Please think twice. A website launched last week illustrates the risk of publicly sharing information online.  Pleaserobme.com aggregates Twitter posts that contain location-sharing information from Foursquare in a chronological list to show the potential for exploitation by Internet users with malicious intentions.  While it’s probable that only a small set of burglars will take advantage of this information, the site is an example of a grassroots campaign to raise awareness of potential problems for users who don’t recognize how the information they freely give can be mined.  Whether this awareness leads them to alter their behavior or simply “get over it” is up to the individual.

Facebook messaging glitch. A subset of Facebook users experienced firsthand the risk of entrusting control of personal messages to third parties.  Last Wednesday, FB accidentally sent the private messages of a “small number” of users to strangers instead of the intended recipients.  Unlike well-publicized security breaches of credit card companies and banks, the misdirected messages were largely personal in nature and contained little identifying information, so the risk of actual injury is low.  But that may not be very comforting to those who had intimate details divulged to strangers.  Some of the accounts indeed provoke a gut-level enquiry as to how privacy violation should be measured.  On the flip-side, the occasional misrouting of a letter by the Post Office doesn’t give rise to much concern – and in that case the sender is usually clearly identifiable – so why should electronic mail be afforded greater scrutiny?

—By Jennifer Halbleib and Elisabeth Oppenheimer

The Month of Apple Bugs. For one month, researchers released information every day on different bugs that infect Apple products (OS X, Safari, apps for Macs, etc.). They say they’ve found public release gets quicker results than “responsible disclosure” (i.e., just telling the vendor). That’s one model for cybersecurity…

There’s lots of coverage out there about the Supernova conference, “a forum to examine all of the opportunities and challenges created in the Network Age.” Here’s JZ’s talk (starting around minute 29) and a good text summary, along with some reactions:

Pondering a Rogue Cloud wonders what government and industry pressures cloud computing providers will face.

Beware the Rise of Closed Platforms “But further, Vogels [Amazon CTO] said that users should feel comfortable trusting Amazon because the company’s mission is to be a ‘customer-centric company.’ Which seemed to be exactly Zittrain’s point.”

Cloud Computing an Option for Disaster Recovery Vogels discusses one of the big upsides of cloud computing—your data might be safer. We’ve discussed this topic here.

And bonus JZ links: a talk at Singularity University on Civic Technologies and the Internet, and an interview with Amanda Congdon on cloud computing (with spooky music).

—By Elisabeth Oppenheimer

Generative Irrelevancy. Tim Sturgill considers Google’s video touting Chrome OS. He worries that it may be the “final nail…in the generative coffin,” but he also sees the virtue of moving beyond traditional OSes. See also JZ’s take on Chrome OS.

iDroid App Rejcted by Apple. Well, duh. Apple rejects an app that essentially just displays an ad for the Droid smartphone. “I kinda have to side with Apple on this one, although I think it would have been smarter for them to let the app through.”

iPhone or Droid. xkcd on the debate between the iPhone and the Droid.

iPhone upgrades – A One-way Control-Freak If you don’t like an update to the iPhone OS and want to revert to an earlier version, it’s going to be tricky. “We’re being told that such control is for our own good … [B]ut there are many of us who would prefer the freedom to take our own chances.”

App Rejections iPhone app developer starts a blog chronicling reasons for app rejections or slow acceptances, with the reasons for the decisions, in the hopes of helping people figure out “what you can (and can’t!) get away with.”

—By Elisabeth Oppenheimer

As the team explains:

[W]e always encourage people to ask these three questions before starting to use a product that will store their data:

1. Can I get my data out at all?
2. How much is it going to cost to get my data out?
3. How much of my time is it going to take to get my data out?

The ideal answers to these questions are:

1. Yes.
2. Nothing more than I’m already paying.
3. As little as possible.

The Data Liberation Front explains the motivation for doing this in the usual Google manner: Don’t be evil. Don’t trap consumers into products they don’t want to be using.

This is a great step, and a real benefit to the users who want to have choices. Kudos to Google.

One thing to pay attention to, though: the DLF has made it possible to liberate ad-campaign data on AdWords by exporting it in a CSV file. Ben Edelman, a Harvard Business School professor (and sometime Zittrain co-author) who’s been studying online advertising, is skeptical of how well the “liberation” product works for AdWords. He thinks that CSV exports are clumsy, time-consuming, and error prone, whereas an API-based export could be powerful tool for advertisers. API-based export is technically possible, but apparently prohibited by Google’s terms and conditions. Without a good way of syncing data across platforms, he argues, advertisers tend to stick solely with Google. In short, he says, “I credit Google’s efforts to facilitate data portability in its ancillary businesses, like document sharing and image hosting. But when it comes to the one business where Google makes billions of dollars—and where Google has 70%+ market share—Google’s actions reveal the company’s willingness to put its own bottom line before advertisers’ interests and, for that matter, fair competition.” Google argues in reply that CSV export is perfectly workable, and that, in fact, many advertisers do use the AdWords editor to run campaigns for multiple platforms.

The disagreement points out that data portability isn’t an on/off issue—it’s a spectrum, and it bears watching how Google and its competitors fall out along that spectrum.

—By Elisabeth Oppenheimer

There are a few definitions out there – not surprising, since “cloud” is a metaphor that could work for several phenomena.  One, known in Internet engineering circles, refers to the “middle” of the Internet – that place amidst the hops data can take from sender to receiver that is remote from both of them. A second definition thinks of cloud as “swarm” – so distributed computing or data storage, where lots of computers might host a bit of code (think SETI@home and Harvard’s IIC) or data (think Tribler). (Interestingly, this is the opposite of the first definition: it contemplates everything but the middle.)

A third definition, more in use in discussions of the cloud today, speaks to an asymmetry between sender and receiver: one is a client – the “user” of a service – and the other is the service itself.  Examples are you and your gmail (your mail is stored in “the cloud,” in that case at Google); an online Flash game at sites like FlashArcade; and Microsoft’s “Office Live,” where your documents and spreadsheets are both stored and used online with Microsoft.  The latter is sometimes called software-as-a-service (awkwardly, “SaaS”), denoting that the code for it is running in a central place – where a vendor can shape and update it at any moment – rather than on your own PC or other device.

This idea of cloud computing is increasingly prominent because it’s finally attainable. For many people Internet access is ubiquitous and continuous. With Net access a constant – often achieved through smartphones, where an absence of a wi-fi signal need not mean no access, since the cellular network can still be used – there’s less of a need to have a PC or other device be self-sufficient.  Data and code can be accessed and run far away, with the user barely noticing the difference, and there are lots of pluses to doing things this way, even as I’ve made the case that this shift carries risks that should be dealt with.

But there’s another factor at work that pushes outward the definition of “cloud computing.” It arises from the adoption of what I call “tethered appliances.” These are devices where the code and data may well remain near the user, so they do not at first glance fit into any of the definitions of the cloud. Think Amazon Kindles, where your books can be kept on the device (and thus accessed on an airplane without Net access); iPhones, where you download “apps” to run on your phone; and TiVos, where your recorded shows are stored on a hard drive inside the box.

But in a key respect – that of your freedom to control your code and data – these devices act like cloud services.  That’s because the vendors have privilege to say how they will operate long after you’ve brought the devices home, updating the way the devices work, and their contents, over the Internet or a cellular network. Sometimes that control is total. For example, no outside code is permitted on a Kindle or TiVo.  Sometimes it is partial: Apple allows outsiders to code for the iPhone, but code must be vetted by Apple and distributed exclusively through the iPhone apps store.  For all of these devices, it’s more like allowing Amazon and TiVo and Apple to set up a beachhead in your home (or pocket), a little server of their own that’s a cloud service that happens to be near you:

[W]e need to rethink our vision of the network itself. “Middle” and “endpoint” are no longer subtle enough to capture the important emerging features of the Internet/PC landscape. It remains correct that, from a network standpoint, protocol designs and the ISPs that implement them are the “middle” of the network, as distinct from PCs that are “endpoints.” But the true import of this vernacular of “middle” and “endpoint” for policy purposes has lost its usefulness in a climate in which computing environments are becoming services, either because individuals no longer have the power to exercise meaningful control over their PC endpoints, or because their computing activities are hosted elsewhere on the network, thanks to “Web services.” By ceding decision-making control to government, to a Web 2.0 service, to a corporate authority such as an OS maker, or to a handful of security vendors, individuals permit their PCs to be driven by an entity in the middle of the network, causing their identities as endpoints to diminish. The resulting picture is one in which there is no longer such a clean separation between “middle” and “endpoint.” In some places, the labels have begun to reverse.

So when I say I’m troubled about the cloud, it’s a shorthand for being troubled about consigning some of our longstanding technological freedoms to others. They can affect (for their own reasons or by government order) our digital environment in real time. This is comparatively new in the public’s experience of technology, even as we’ve seen forms of cloud computing within firms for years – places where we might naturally not care as much about personal freedom, since the computers (and most of the activity taking place on them) belong to the company. I don’t begrudge operators of cloud-based services from rejecting this expansion of the definition. For their purposes, it can make sense to distinguish between stuff stored at home and far away, whether or not a home device is controlled remotely by a vendor. But for the areas many of us should be caring and thinking about, a tethered appliance is tantamount to being in the cloud, and the sea change this represents has to be dealt with, especially since it’s appealing for so many other reasons – such as security and convenience.