Communicating with the e-book mothership. If the latest must-read on Kindle is dotted with typos or has a few pages missing, there’s a good chance Amazon offers a patch to correct the error. It’s a handy Internet-enabled functionality, although one can imagine at the extreme authors continuing to update their work ad infinitum, making it impossible for a reader to say he or she has read an e-book since content is always subject to change. Information flows in the other direction on the Kindle superhighway too, as Amazon apparently keeps track of what readers are highlighting. There’s some creep factor in Amazon knowing what ideas Kindle readers think are important, even if the most highlighted passages are in works as deep as The Lost Symbol. But the information is also so interesting.

The remote control. In April, Sony quietly revised the End User License Agreement that came with the latest PS3 firmware update to allow the company to change how an owner’s console operates in whatever way it wants, no notice or permission required. Now the FCC, at the request of the MPAA, has given cable and satellite providers the right to remotely disable output connections on consumers’ set-top boxes, leading consumers to ask “What did I buy?”

Curated Computing is the new name in town for the experience provided by the tablet non-PC. This particular term is meant to accentuate the “less choice, more relevance” aspects of that experience. It rolls off the tongue more smoothly than “contingently generative” and sounds less regressive than an “appliance,” but it connotes somewhat life aboard the Axiom. However, its proponents suggest that curated computing devices are meant to exist alongside and supplement traditional PCs. Let’s call that a worthy goal and the best of both worlds.

iPhone pillow talk with Steve Jobs. A ValleyWag reporter last week exchanged late-night emails with a defiant Steve Jobs on the iPhone’s ability to give people “freedom from” data theft, battery hogs, and porn. The emails speak for themselves, giving a little insight into Jobs’ perspective on the benefits and aims of the iPhone. He gets a little snarky at the end, but then again it’s 2am when he’s responding, and he never has a chance to clarify his comments, unlike the Gawker reporter.

Android outsells iPhone. During the first quarter of 2010, phones with the Android OS grabbed 28% of the U.S. market share, surpassing iPhone’s 21% (RIM’s Blackberry is still at the top with 36%).  Although Android benefited from Verizon’s buy-one-phone-get-one-free promotion and iPhone continues to lead worldwide, it appears Google is getting closer in Apple’s rearview mirror.

McAfee prevents computers from booting up in new virus-protection strategy. Centralizing security software in a few big providers concentrates expertise to solve problems, while also meaning that there are only a few–albeit strong–security systems the bad guys need to breach in order to wreak widespread havoc.  But in a previously under-appreciated risk, a flawed update of widely-used antivirus software can cut out the middleman and accomplish the same havoc directly.  A McAfee software update mistakenly identified a critical file as a virus and quarantined it, causing computers around the world, many of which automatically install updates, to repeatedly attempt to boot up.  One source estimated that 800,000 PCs were affected.

Taking [re-]generativity seriously. A Connecticut mayor donated her kidney to a Facebook friend last month after seeing his desperate status update.  The patient’s doctor had suggested that he try publicizing his need through social media, using an online connection to a forge a real-world bond.

Canadian Android Carrier Forcing Firmware Update. A Canadian carrier wanted users to download a firmware upgrade that fixed a glitch prohibiting users from dialing 911, so it made the upgrade mandatory. Seems reasonable. But it bundled in an update that “prevent[ed] users from ever gaining root access to their phones.” Sneaky—one more way that contingent generativity really is contingent, even for savvy users.

Biggest Mobile Operators Join Forces On App Store Project. A few dozen mobile operators have come together to try to create a mobile developer’s dream: a set of standards for applications that would work across phones and mobile OSes, and a single app store (with a single approval process) in which to sell those apps. This could be a good thing if it worked—developers might have more say in big-picture application development, and single carriers or hardware manufacturers would have less ability to be a development chokepoint. (It would also be nice for consumers, generally making the smartphone world look more like the PC world.) I’d be more excited if efforts to create uniform mobile standards weren’t so difficult and historically so unsuccessful.

Demand for Android Phones Makes “Monstrous” 250% Jump. Another developer’s dream (perhaps), Android, is seeing significant growth. “Android has finally caught consumer interest,” according to a research firm. Also, Android users are almost as happy as iPhone users with their phone (72% to 77%).

Big Brother Is Here, Families Say. This story is so bizarre, I don’t know what to make of it. A school in Philadelphia gave out laptops without telling the students or their families that the cameras could be remotely activated. The idea was to use the cameras if the laptops were stolen, but one family claims a camera was used to spy on a student. If true (details are cloudy), that would (a) be mind-bogglingly dumb on the school’s part, and (b) reminiscent of this (ubiquitous cameras) and this (remote activation) in the book. Check out the Onion’s take here.

Microsoft takes the StopBadware Approach Further. Last week, MS obtained a restraining order to deactivate 277 domain names it had linked to the Waledec botnet. Severing the connection between drones and the mothership goes beyond tactics employed by the Google/StopBadware Project.  It effectively makes the targeted websites invisible, instead of slapping a prominent warning label on them. Although MS attempted to cut off only addresses used exclusively for spam, it appears that the single U.S.-based target may be a legitimate site, if a hapless drone.  While owners have the opportunity to reclaim their addresses, MS’s actions raise questions of proportionality and whether cooperation and information-sharing between prominent Internet denizens, such as MS and Google, if possible, would result in more efficient and just solutions. Their approach also highlights the tension between the need for secrecy to effectively attack the spam network and the notice usually required prior to legal action.

One step behind. Thesixtyone.com, a site that allows the public to listen to, rate, and buy largely indie music, is looking for a hacker that can break up the bot-powered voting rings seeking to game their democratic rating system.  A laudable goal, but one spammers have already begun to circumvent by using real people instead of bots.

Passing through the cloud. Katherine Boehret recently reviewed Pogoplug, a device that makes files web-accessible without actually storing them in the cloud.  While this type of solution doesn’t address data-portability concerns surrounding extraction of personal data in usable form – to allow seamless transition between social networking sites, for example – it does let the user to maintain more control over data instead of entrusting it entirely to the cloud.  This control prevents third parties from holding data hostage and from losing, allowing government access to, selling, or mining personal information; but users can still access their files from almost anywhere.

Please think twice. A website launched last week illustrates the risk of publicly sharing information online.  Pleaserobme.com aggregates Twitter posts that contain location-sharing information from Foursquare in a chronological list to show the potential for exploitation by Internet users with malicious intentions.  While it’s probable that only a small set of burglars will take advantage of this information, the site is an example of a grassroots campaign to raise awareness of potential problems for users who don’t recognize how the information they freely give can be mined.  Whether this awareness leads them to alter their behavior or simply “get over it” is up to the individual.

Facebook messaging glitch. A subset of Facebook users experienced firsthand the risk of entrusting control of personal messages to third parties.  Last Wednesday, FB accidentally sent the private messages of a “small number” of users to strangers instead of the intended recipients.  Unlike well-publicized security breaches of credit card companies and banks, the misdirected messages were largely personal in nature and contained little identifying information, so the risk of actual injury is low.  But that may not be very comforting to those who had intimate details divulged to strangers.  Some of the accounts indeed provoke a gut-level enquiry as to how privacy violation should be measured.  On the flip-side, the occasional misrouting of a letter by the Post Office doesn’t give rise to much concern – and in that case the sender is usually clearly identifiable – so why should electronic mail be afforded greater scrutiny?

—By Jennifer Halbleib and Elisabeth Oppenheimer

1. The platform offers fewer capabilities than non-Facebook apps or mobile apps; no rich interfaces; documentation and support is poor. The platform changes too often. It’s true that Facebook can’t take advantage of all the functionality that comes with mobility, and if an app doesn’t require mobility, there’s rarely a reason to develop it for Facebook instead of for the Internet generally. The documentation and support problems, though, are self-created.

2. There just aren’t that many opportunities for social apps beyond messaging, taking quizzes, and graphing your friends’ data. And apps aren’t crucial to the core Facebook experience. Maybe there’s some truth here, but I think the dearth of current good apps limits the imagination. Every now and then I’ll see something that seems uniquely suited to Facebook—say, a ridesharing application that allows you to arrange carpools with people you might not think to email and ask, but who aren’t complete strangers. Some of the data-compilation is also fascinating from a social-scientist perspective. If Facebook wanted to go around giving out prizes for the best app, I think they’d get some really cool stuff. As for the core Facebook experience, I think it’s very malleable (remember that Newsfeed didn’t always exist?).

3. There may be opportunities for good social apps, but we don’t know how to share data in a way that’s useful and respects privacy. This strikes me as a very valid point. Facebook has repeatedly lost credibility and trust in data-sharing disasters, notably Beacon, and apps still seek and distribute more data than they should. Even worse, they mess with people’s friends’ data. So users aren’t inclined to give app developers the benefit of doubt in releasing their information. This seems like a prime opportunity for Facebook or users to develop clear, enforceable privacy guidelines and explain how they relate to application development.

4. Because of the privacy concerns, there isn’t an efficient distribution network. As all of those quasi-viral apps proved back in the early days of Facebook appdom, it’s easy to strong-arm distribution of an app to thousands or millions of people. But users will also be upset when they figure out they’re essentially spamming their friends. The problem is to figure out how to encourage wide uptake without bombarding people with unwanted invitations or turning people into accidental spammers. (A related concern is that, as long as the spammy apps to dominate, people won’t want to go anywhere near the whole system.) I actually think app distribution is an area where Facebook is well-positioned relative to the Internet at large—it would be easy for Facebook to promote and collect popular apps in a way that would encourage people to download them (as the iPhone does). But they’ve chosen not to do that.

5. Apps have taken off; it’s a multi-million dollar industry. True, actually; virtual goods are a huge business, and the top apps have upwards of 20 million users. (Data here, and that website is probably the best for Facebook-related data.) Still, as the original article I posted pointed out, the redesign has hurt many developers. And, anecdotally, apps are just such a minor part of many users’ experience—even if a lot of money is being made now, that’s no reason not to try to make more.

The most open question here is whether social networking apps really have anything to offer. Beyond that, most of the concerns could be resolved by a social network management that really wanted to encourage application uptake. As far as Facebook goes, though, the new Facebook Connect system seems to aggravate many of these problems, particularly the lack of transparency and the privacy concerns (and the fact that it’s described so confusingly I can’t figure out what it actually does). But there’s a market to build here, whether Facebook is the one to build it or not.

—By Elisabeth Oppenheimer

More generally, I’ve never understood why Facebook apps didn’t take off. The idea had such potential—developers could take advantage of the social context in a unique way—but it seemed like 98% of the actual offerings were on the spectrum between boring and infuriating. Any ideas on why that is? Did anyone out there love (or continue to love) Facebook apps?

—By Elisabeth Oppenheimer

Facebook and other social networks have an especially tricky time in this zone, since so much user data is relational.  You upload a photo of you and me; I tag it with your name.  I leave Facebook — does your name disappear from the photo since I was the one who originally tagged it?  Should all traces of someone vanish from everyone’s news feed, or is the alert that X posted a photo (along with a thumbnail of the photo) a different contribution than … posting the photo?  Facebook possibly thought to avoid these issues — or at least retain maximum flexibility to answer them — by including the sweeping clauses about being able to retain our data forever.

One lesson is that plain English (and its other-language counterparts!) works better these days than legalese.  When talented lawyers sit down to draft something like a set of terms of service, they naturally want terms that protect their client as much as possible — both in its current practices and for any future practices it could conceivably undertake.  Plus they know that courts will hold this language against them in a dispute if there’s any wiggle room, since the company itself drafted it and the users couldn’t negotiate.  So the writers tend to (1) reuse terms from other companies’ agreements like old holiday fruitcakes getting passed around, since venerable terms must be good ones and (2) they write broadly and at length.  But now just one hawk-eyed person scrutinizing new terms can see them get broadened and raise an alarm to everyone else, thinking of all sorts of future actions the company just permitted itself to take — the way the lawyers themselves were thinking, too.  This is true even if the people running the company didn’t have anything more in mind than avoiding some class action lawsuit for using people’s data in ways that could be said to exceed the limits they’ve placed on themselves with their own terms.

Writing in plain language can better describe what the company is trying to do, and may even make a court more sympathetic if trouble arises.  That trend is probably increasing — consider Google’s warning upon installing its browser toolbar, which in “advanced” mode will send every visited Web site URL back to Google so that, among other things, Google can provide an icon showing the page’s popularity as it’s visited.  Google leads its privacy policy with “PLEASE READ THIS CAREFULLY — IT’S NOT THE USUAL YADA YADA.”  Mark Zuckerberg’s blog entry in response to the controversy is a welcome piece of plainspeak.

So — Facebook will go back to the drawing board and come up with something new, no doubt rightly more narrowly drawn.  In another post Zuckerberg said:

More than 175 million people use Facebook. If it were a country, it would be the sixth most populated country in the world. Our terms aren’t just a document that protect our rights; it’s the governing document for how the service is used by everyone across the world. Given its importance, we need to make sure the terms reflect the principles and values of the people using the service. 

Governing document is right.  That brings up two bigger picture issues worth highlighting out of what otherwise might be a garden-variety dispute about privacy terms that people can have with any of the companies to who they entrust their data.

First, if Facebook is analogous to a country, how to govern it?  There’s an amazing amount of energy devoted to arguing about who gets to control the top-level allocation of domain names, since they’re seen as a shared resource of the Net that can greatly affect people’s lives.  (I think that’s overblown, but that’s a different discussion.)  So what about a “community” like that of Facebook, where people invest their data — indeed, often their very identities.  When someone’s years’-long cultivated Facebook account is terminated for alleged objectionable behavior, is that a mere customer service issue, or ought it be thought of as something broader?  No one expects Facebook to be run by anyone other than its management and private owners (and perhaps someday its public shareholders), adjusting for market pressure from its users, but if the communities there are truly to flourish, perhaps it’s time to experiment with forms of self-governance.  Just as online multiplayer games allow worlds of users with different rules, and some incorporate users themselves into developing those rules, Facebook could experiment with some of the same things.  (So far online organizing on Facebook tends to be represented by the creation of groups with provocative titles and then a count of how quickly how many people sign up, an especially interesting metric since Facebook itself can tweak how often word of people joining a group appears in their friends’ newsfeeds.)  There may be a sweet spot somewhere between the status quo — where at least we know whom to blame or sue if we disagree with a Facebook policy — and, say, Wikipedia, where governance generally takes place in ways large and small among the thousands of people who edit its articles and work through the disputes that naturally arise there.

Second, it’s amazing how much people focus on Facebook’s use of data vs. uses by fellow users on Facebook.  I think “peer-to-peer” privacy violations will turn out to be the most interesting and pervasive, and that we ought to start working out how to handle these issues.  Even small tweaks in how a site like Facebook operates — such as who gets to tag and untag a photo and who is notified (or asked for permission) when tagging happens — can have a huge impact on the flow of data and identity.  (Facebook’s structure is highly innovative here — they’ve actually got pretty good instincts about people’s privacy preferences.)  This is especially true as more and more of our “mouse droppings” end up in social networks — automatically updated telemetry about our daily travels (think Google Latitude) or changes in who we’re friends with.  I’ve written a lot more about this in chapter nine of “The Future of the Internet — And How to Stop It,” available for free download,  (But you’re welcome to buy it, too, newly in paperback!)

Privacy “perfect storms” are good times to think about these matters — too often people are too busy shoveling out their data to really think through the implications of what they’re doing.  Now, with the pitchforks on this particular issue being mostly returned to holsters, we can debate.  …JZ

In other news, the writers and commenters at TechCrunch have been having a lively debate over whether a possible iPhone exploit (possibly allowing developers to update code without approval) is cause for concern. Jason Kincaid notes an interesting issue: on PCs, most users are trained to be wary of new code, and look for assurances of safety before the download applications. But because Apple’s platform is considered safe, people download apps without a second thought. This means that, in the event a malicious app is developed and slips through the imperfect approval process, the damage could be extensive. Apple can always yank back malicious apps once they’re discovered, but by then, the harm could be done.

Another walled garden, Facebook, has also found itself facing malicious code lately—so far, relatively tame. Do Facebook users—who are clearly trusting enough to expose lots of personal information to large networks—expect Facebook to be a safe space, free of malware? And if they discover it’s not, will that reduce their willingness to buy Facebook apps, halting the Web 2.0 party?

—Elisabeth Oppenheimer

The trademark claim always seemed the strongest to me — and the most easily cured.  We’ll see what shoe drops next as Hasbro mulls its options and decides whether it can still effectively pressure Facebook, which may not want to deal with a lawsuit, no matter how much they think they could prevail.

Scrabulous is disabled for US and Canadian users until further notice. If you would like to stay informed about developments in this matter, please click here.

The app is apparently doing IP geolocation to see whom to turn away; when I visit Facebook from a British IP address I can get to Scrabulous perfectly well.  In this sense Facebook hasn’t done anything, except perhaps tell Scrabulous that it had better shut out the North Americans or risk having Facebook kill the app entirely. Instead, Scrabulous itself appears to be taking the action.  The “click here” link in the message to North Americans curiously links to an IP address rather than a domain name — http://74.54.87.73/facebook/updateme.php — which contains a form for people to put in their email addresses for updates from the Scrabulous founders.

It’d be great to learn more about the dynamics among Scrabulous, Facebook, and Hasbro.  I’ll see what I can glean.

–JZ

Last week Hasbro introduced its own Scrabble version for Facebook, and Josh Quittner reports that Hasbro is now suing the Scrabulous makers — and is leaning on Facebook once again to kill the competing app.  Note that it’s an open question whether Scrabulous is infringing anyone else’s rights — my own take is that if it is, it’s in the name alone, and that by calling it “rainbows and buttercups” instead of “Scrabulous” there’d be little claim of brand confusion.  (A residual claim that the Scrabulous game board infringes the copyright held in the Scrabble game board could be addressed by making it so that players can lay out the board however they choose — just like I could build my own Scrabble board at home and have a fair use defense to a claim of infringement.)

But Facebook may not want to be stuck in the middle, and under a threat of a lawsuit itself might decide to simply kill the app.  Bill Gates never had to face this dilemma: Windows was loosely enough coupled to its apps that no one ever thought to demand that Microsoft kill undesirable or illegal apps running on its platform.  (This remains so even as the Windows update service offers a monthly “malicious software removal tool” that could presumably target anything …)  Stay tuned.

–JZ

As developers update their applications — including bug fixes — it can take up to a week for a new version to go live after being submitted to Apple.  Developers don’t know when new or updated apps will go live — complicating planning.  And they aren’t given live sales information, so they don’t know how their apps are doing.

Apple isn’t alone.  Facebook is ramping up efforts to pick winners and losers in its platform:

Facebook announced a series of new incentives for developers to write what it characterized as “meaningful” tools for the service. It said it would pick certain applications that meet a set of Facebook principles to be part of a new “Great Apps” program. Those applications will get higher visibility on the service and will be able to work more closely with Facebook. …

“They are trying to evolve to a place where the right companies get funded and they launch more ambitious features on the platform,” he said.

Facebook said it was also setting up another level of certification, called the Facebook Verification program, for applications that meet the basic criteria of being secure and trustworthy. These applications will get added visibility and a graphical “badge.”

Picking winners and losers: that’s exactly what generative platform makers don’t do, and a good thing, since obvious losers — Wikipedia, couchsurfing.com, instant messenger — can end up being winners.  The ability to “throttle” certain apps by giving them more or less newsfeed space is an interesting contrast to the Apple App Store’s all-or-nothing system of app approval.  People learn about new apps on Facebook when their feeds indicate that a friend has added or used it — and slowing down undesirable apps can have a huge impact on their uptake.  Throttling is a gentle way to handle spammy apps, and it could genuinely be used to improve the user experience — but the technique could be applied for any reason.

Remember the days when developers could write software for a machine and then share it or sell it by simply handing someone a diskette or CD, or providing a link on which people could click?  And when the most diabolical way for a platform maker to influence the spread of apps was through clumsy efforts to dictate what could and couldn’t be on the desktop of a Windows machine fresh from the factory?

–JZ