Communicating with the e-book mothership. If the latest must-read on Kindle is dotted with typos or has a few pages missing, there’s a good chance Amazon offers a patch to correct the error. It’s a handy Internet-enabled functionality, although one can imagine at the extreme authors continuing to update their work ad infinitum, making it impossible for a reader to say he or she has read an e-book since content is always subject to change. Information flows in the other direction on the Kindle superhighway too, as Amazon apparently keeps track of what readers are highlighting. There’s some creep factor in Amazon knowing what ideas Kindle readers think are important, even if the most highlighted passages are in works as deep as The Lost Symbol. But the information is also so interesting.

The remote control. In April, Sony quietly revised the End User License Agreement that came with the latest PS3 firmware update to allow the company to change how an owner’s console operates in whatever way it wants, no notice or permission required. Now the FCC, at the request of the MPAA, has given cable and satellite providers the right to remotely disable output connections on consumers’ set-top boxes, leading consumers to ask “What did I buy?”

Curated Computing is the new name in town for the experience provided by the tablet non-PC. This particular term is meant to accentuate the “less choice, more relevance” aspects of that experience. It rolls off the tongue more smoothly than “contingently generative” and sounds less regressive than an “appliance,” but it connotes somewhat life aboard the Axiom. However, its proponents suggest that curated computing devices are meant to exist alongside and supplement traditional PCs. Let’s call that a worthy goal and the best of both worlds.

iPhone pillow talk with Steve Jobs. A ValleyWag reporter last week exchanged late-night emails with a defiant Steve Jobs on the iPhone’s ability to give people “freedom from” data theft, battery hogs, and porn. The emails speak for themselves, giving a little insight into Jobs’ perspective on the benefits and aims of the iPhone. He gets a little snarky at the end, but then again it’s 2am when he’s responding, and he never has a chance to clarify his comments, unlike the Gawker reporter.

Android outsells iPhone. During the first quarter of 2010, phones with the Android OS grabbed 28% of the U.S. market share, surpassing iPhone’s 21% (RIM’s Blackberry is still at the top with 36%).  Although Android benefited from Verizon’s buy-one-phone-get-one-free promotion and iPhone continues to lead worldwide, it appears Google is getting closer in Apple’s rearview mirror.

McAfee prevents computers from booting up in new virus-protection strategy. Centralizing security software in a few big providers concentrates expertise to solve problems, while also meaning that there are only a few–albeit strong–security systems the bad guys need to breach in order to wreak widespread havoc.  But in a previously under-appreciated risk, a flawed update of widely-used antivirus software can cut out the middleman and accomplish the same havoc directly.  A McAfee software update mistakenly identified a critical file as a virus and quarantined it, causing computers around the world, many of which automatically install updates, to repeatedly attempt to boot up.  One source estimated that 800,000 PCs were affected.

Taking [re-]generativity seriously. A Connecticut mayor donated her kidney to a Facebook friend last month after seeing his desperate status update.  The patient’s doctor had suggested that he try publicizing his need through social media, using an online connection to a forge a real-world bond.

Canadian Android Carrier Forcing Firmware Update. A Canadian carrier wanted users to download a firmware upgrade that fixed a glitch prohibiting users from dialing 911, so it made the upgrade mandatory. Seems reasonable. But it bundled in an update that “prevent[ed] users from ever gaining root access to their phones.” Sneaky—one more way that contingent generativity really is contingent, even for savvy users.

Biggest Mobile Operators Join Forces On App Store Project. A few dozen mobile operators have come together to try to create a mobile developer’s dream: a set of standards for applications that would work across phones and mobile OSes, and a single app store (with a single approval process) in which to sell those apps. This could be a good thing if it worked—developers might have more say in big-picture application development, and single carriers or hardware manufacturers would have less ability to be a development chokepoint. (It would also be nice for consumers, generally making the smartphone world look more like the PC world.) I’d be more excited if efforts to create uniform mobile standards weren’t so difficult and historically so unsuccessful.

Demand for Android Phones Makes “Monstrous” 250% Jump. Another developer’s dream (perhaps), Android, is seeing significant growth. “Android has finally caught consumer interest,” according to a research firm. Also, Android users are almost as happy as iPhone users with their phone (72% to 77%).

Big Brother Is Here, Families Say. This story is so bizarre, I don’t know what to make of it. A school in Philadelphia gave out laptops without telling the students or their families that the cameras could be remotely activated. The idea was to use the cameras if the laptops were stolen, but one family claims a camera was used to spy on a student. If true (details are cloudy), that would (a) be mind-bogglingly dumb on the school’s part, and (b) reminiscent of this (ubiquitous cameras) and this (remote activation) in the book. Check out the Onion’s take here.

Microsoft takes the StopBadware Approach Further. Last week, MS obtained a restraining order to deactivate 277 domain names it had linked to the Waledec botnet. Severing the connection between drones and the mothership goes beyond tactics employed by the Google/StopBadware Project.  It effectively makes the targeted websites invisible, instead of slapping a prominent warning label on them. Although MS attempted to cut off only addresses used exclusively for spam, it appears that the single U.S.-based target may be a legitimate site, if a hapless drone.  While owners have the opportunity to reclaim their addresses, MS’s actions raise questions of proportionality and whether cooperation and information-sharing between prominent Internet denizens, such as MS and Google, if possible, would result in more efficient and just solutions. Their approach also highlights the tension between the need for secrecy to effectively attack the spam network and the notice usually required prior to legal action.

One step behind. Thesixtyone.com, a site that allows the public to listen to, rate, and buy largely indie music, is looking for a hacker that can break up the bot-powered voting rings seeking to game their democratic rating system.  A laudable goal, but one spammers have already begun to circumvent by using real people instead of bots.

Passing through the cloud. Katherine Boehret recently reviewed Pogoplug, a device that makes files web-accessible without actually storing them in the cloud.  While this type of solution doesn’t address data-portability concerns surrounding extraction of personal data in usable form – to allow seamless transition between social networking sites, for example – it does let the user to maintain more control over data instead of entrusting it entirely to the cloud.  This control prevents third parties from holding data hostage and from losing, allowing government access to, selling, or mining personal information; but users can still access their files from almost anywhere.

Please think twice. A website launched last week illustrates the risk of publicly sharing information online.  Pleaserobme.com aggregates Twitter posts that contain location-sharing information from Foursquare in a chronological list to show the potential for exploitation by Internet users with malicious intentions.  While it’s probable that only a small set of burglars will take advantage of this information, the site is an example of a grassroots campaign to raise awareness of potential problems for users who don’t recognize how the information they freely give can be mined.  Whether this awareness leads them to alter their behavior or simply “get over it” is up to the individual.

Facebook messaging glitch. A subset of Facebook users experienced firsthand the risk of entrusting control of personal messages to third parties.  Last Wednesday, FB accidentally sent the private messages of a “small number” of users to strangers instead of the intended recipients.  Unlike well-publicized security breaches of credit card companies and banks, the misdirected messages were largely personal in nature and contained little identifying information, so the risk of actual injury is low.  But that may not be very comforting to those who had intimate details divulged to strangers.  Some of the accounts indeed provoke a gut-level enquiry as to how privacy violation should be measured.  On the flip-side, the occasional misrouting of a letter by the Post Office doesn’t give rise to much concern – and in that case the sender is usually clearly identifiable – so why should electronic mail be afforded greater scrutiny?

—By Jennifer Halbleib and Elisabeth Oppenheimer

Mike Petrucci’s AppMakr Saga. Mike Petrucci decided to use AppMakr to put together an app aggregating his Twitter, blog, etc, feeds…only to have Apple reject it because it wasn’t of general interest. That’s a big difference between iPhone apps and, say, web apps (blogger has definitely never rejected someone for being of limited interest). It’ll be interesting to see what line Apple decides to take on this, and how AppMakr and similar companies push them.

Apple orders Android mention scrubbed from App Store. Speaking of Apple…they order a developer to take “Finalist in Google Android’s Developer’s Challenge!” out of the description of its app. Just silly.

In Europe, Challenges for Google. Much attention has been paid to Google’s business in China, but Europe (particularly Italy) poses difficulties, too—different copyright laws, different privacies laws, and different free speech traditions.

Google Buzz Privacy Issues Have Real Life Implications. However, Google has more pressing privacy concerns to worry about this week, with the rollout and reaction to Google Buzz. Google generally does just fine releasing a half-baked product and cleaning up the details later, but that’s a terrible idea when the rollout includes auto-sharing previously private information. It’s disturbing that this concern made it past however many rounds of internal testing Google did.

—Elisabeth Oppenheimer

1. The platform offers fewer capabilities than non-Facebook apps or mobile apps; no rich interfaces; documentation and support is poor. The platform changes too often. It’s true that Facebook can’t take advantage of all the functionality that comes with mobility, and if an app doesn’t require mobility, there’s rarely a reason to develop it for Facebook instead of for the Internet generally. The documentation and support problems, though, are self-created.

2. There just aren’t that many opportunities for social apps beyond messaging, taking quizzes, and graphing your friends’ data. And apps aren’t crucial to the core Facebook experience. Maybe there’s some truth here, but I think the dearth of current good apps limits the imagination. Every now and then I’ll see something that seems uniquely suited to Facebook—say, a ridesharing application that allows you to arrange carpools with people you might not think to email and ask, but who aren’t complete strangers. Some of the data-compilation is also fascinating from a social-scientist perspective. If Facebook wanted to go around giving out prizes for the best app, I think they’d get some really cool stuff. As for the core Facebook experience, I think it’s very malleable (remember that Newsfeed didn’t always exist?).

3. There may be opportunities for good social apps, but we don’t know how to share data in a way that’s useful and respects privacy. This strikes me as a very valid point. Facebook has repeatedly lost credibility and trust in data-sharing disasters, notably Beacon, and apps still seek and distribute more data than they should. Even worse, they mess with people’s friends’ data. So users aren’t inclined to give app developers the benefit of doubt in releasing their information. This seems like a prime opportunity for Facebook or users to develop clear, enforceable privacy guidelines and explain how they relate to application development.

4. Because of the privacy concerns, there isn’t an efficient distribution network. As all of those quasi-viral apps proved back in the early days of Facebook appdom, it’s easy to strong-arm distribution of an app to thousands or millions of people. But users will also be upset when they figure out they’re essentially spamming their friends. The problem is to figure out how to encourage wide uptake without bombarding people with unwanted invitations or turning people into accidental spammers. (A related concern is that, as long as the spammy apps to dominate, people won’t want to go anywhere near the whole system.) I actually think app distribution is an area where Facebook is well-positioned relative to the Internet at large—it would be easy for Facebook to promote and collect popular apps in a way that would encourage people to download them (as the iPhone does). But they’ve chosen not to do that.

5. Apps have taken off; it’s a multi-million dollar industry. True, actually; virtual goods are a huge business, and the top apps have upwards of 20 million users. (Data here, and that website is probably the best for Facebook-related data.) Still, as the original article I posted pointed out, the redesign has hurt many developers. And, anecdotally, apps are just such a minor part of many users’ experience—even if a lot of money is being made now, that’s no reason not to try to make more.

The most open question here is whether social networking apps really have anything to offer. Beyond that, most of the concerns could be resolved by a social network management that really wanted to encourage application uptake. As far as Facebook goes, though, the new Facebook Connect system seems to aggravate many of these problems, particularly the lack of transparency and the privacy concerns (and the fact that it’s described so confusingly I can’t figure out what it actually does). But there’s a market to build here, whether Facebook is the one to build it or not.

—By Elisabeth Oppenheimer

More generally, I’ve never understood why Facebook apps didn’t take off. The idea had such potential—developers could take advantage of the social context in a unique way—but it seemed like 98% of the actual offerings were on the spectrum between boring and infuriating. Any ideas on why that is? Did anyone out there love (or continue to love) Facebook apps?

—By Elisabeth Oppenheimer

Lost in the Cloud

Cambridge, Mass.

EARLIER this month Google announced a new operating system called Chrome. It’s meant to transform personal computers and handheld devices into single-purpose windows to the Web. This is part of a larger trend: Chrome moves us further away from running code and storing our information on our own PCs toward doing everything online — also known as in “the cloud” — using whatever device is at hand.

Many people consider this development to be as sensible and inevitable as the move from answering machines to voicemail. With your stuff in the cloud, it’s not a catastrophe to lose your laptop, any more than losing your glasses would permanently destroy your vision. In addition, as more and more of our information is gathered from and shared with others — through Facebook, MySpace or Twitter — having it all online can make a lot of sense.

The cloud, however, comes with real dangers.

Some are in plain view. If you entrust your data to others, they can let you down or outright betray you. For example, if your favorite music is rented or authorized from an online subscription service rather than freely in your custody as a compact disc or an MP3 file on your hard drive, you can lose your music if you fall behind on your payments — or if the vendor goes bankrupt or loses interest in the service. Last week Amazon apparently conveyed a publisher’s change-of-heart to owners of its Kindle e-book reader: some purchasers of Orwell’s “1984” found it removed from their devices, with nothing to show for their purchase other than a refund. (Orwell would be amused.)

Worse, data stored online has less privacy protection both in practice and under the law. A hacker recently guessed the password to the personal e-mail account of a Twitter employee, and was thus able to extract the employee’s Google password. That in turn compromised a trove of Twitter’s corporate documents stored too conveniently in the cloud. Before, the bad guys usually needed to get their hands on people’s computers to see their secrets; in today’s cloud all you need is a password.

Thanks in part to the Patriot Act, the federal government has been able to demand some details of your online activities from service providers — and not to tell you about it. There have been thousands of such requests lodged since the law was passed, and the F.B.I.’s own audits have shown that there can be plenty of overreach — perhaps wholly inadvertent — in requests like these.

The cloud can be even more dangerous abroad, as it makes it much easier for authoritarian regimes to spy on their citizens. The Chinese government has used the Chinese version of Skype instant messaging software to monitor text conversations and block undesirable words and phrases. It and other authoritarian regimes routinely monitor all Internet traffic — which, except for e-commerce and banking transactions, is rarely encrypted against prying eyes.

With a little effort and political will, we could solve these problems. Companies could be required under fair practices law to allow your data to be released back to you with just a click so that you can erase your digital footprints or simply take your business (and data) elsewhere. They could also be held to the promises they make about content sold through the cloud: If they sell you an e-book, they can’t take it back or make it less functional later. To increase security, companies that keep their data in the cloud could adopt safer Internet communications and password practices, including the use of biometrics like fingerprints to validate identity.

And some governments can be persuaded — or perhaps required by their independent judiciaries — to treat data entrusted to the cloud with the same level of privacy protection as data held personally. The Supreme Court declared in 1961 that a police search of a rented house for a whiskey still was a violation of the Fourth Amendment privacy rights of the tenant, even though the landlord had given permission for the search. Information stored in the cloud deserves similar safeguards.

But the most difficult challenge — both to grasp and to solve — of the cloud is its effect on our freedom to innovate. The crucial legacy of the personal computer is that anyone can write code for it and give or sell that code to you — and the vendors of the PC and its operating system have no more to say about it than your phone company does about which answering machine you decide to buy. Microsoft might want you to run Word and Internet Explorer, but those had better be good products or you’ll switch with a few mouse clicks to OpenOffice orFirefox.

Promoting competition is only the tip of the iceberg — there are also the thousands of applications so novel that they don’t yet compete with anything. These tend to be produced by tinkerers and hackers. Instant messaging, peer-to-peer file sharing and the Web itself all exist thanks to people out in left field, often writing for fun rather than money, who are able to tempt the rest of us to try out what they’ve done.

This freedom is at risk in the cloud, where the vendor of a platform has much more control over whether and how to let others write new software. Facebook allows outsiders to add functionality to the site but reserves the right to change that policy at any time, to charge a fee for applications, or to de-emphasize or eliminate apps that court controversy or that they simply don’t like. The iPhone’s outside apps act much more as if they’re in the cloud than on your phone: Apple can decide who gets to write code for your phone and which of those offerings will be allowed to run. The company has used this power in ways that Bill Gates never dreamed of when he was the king of Windows: Apple is reported to have censored e-book apps that contain controversial content, eliminated games with political overtones, and blocked uses for the phone that compete with the company’s products.

The market is churning through these issues. Amazon is offering a generic cloud-computing infrastructure so anyone can set up new software on a new Web site without gatekeeping by the likes of Facebook. Google’s Android platform is being used in a new generation of mobile phones with fewer restrictions on outside code. But the dynamics here are complicated. When we vest our activities and identities in one place in the cloud, it takes a lot of dissatisfaction for us to move. And many software developers who once would have been writing whatever they wanted for PCs are simply developing less adventurous, less subversive, less game-changing code under the watchful eyes of Facebook and Apple.

If the market settles into a handful of gated cloud communities whose proprietors control the availability of new code, the time may come to ensure that their platforms do not discriminate. Such a demand could take many forms, from an outright regulatory requirement to a more subtle set of incentives — tax breaks or liability relief — that nudge companies to maintain the kind of openness that earlier allowed them a level playing field on which they could lure users from competing, mighty incumbents.

We’ve only just begun to measure this problem, even as we fly directly into the cloud. That’s not a reason to turn around. But we must make sure the cloud does not hinder the creation of revolutionary software that, like the Web itself, can seem esoteric at first but utterly necessary later.

Jonathan Zittrain, a law professor at Harvard, is the author of “The Future of the Internet — And How to Stop It.”

* Here is a new video with Prof. Z navigating the screen and explaining how to use Herdict.

* Helping us get the word of Herdict out to the herd-at-large, Shep has taken on some impressive language skills (and more impressive gender changes) to promote Herdict in a number of different languages for the Berkman YouTube channel.

Currently videos are available in Mandarin Chinese, Spanish, Malagasy, Italian, Hindi, and Korean. Also, we have a growing library of subtitled versions available on dotSUB , which includes Arabic, Bengali, Danish, Flemish, French, Hungarian, Russian, Portugese, Castilian, and Indonesian, just to name a few. For those who missed it, here is the original video.

-yvette wohn

Facebook and other social networks have an especially tricky time in this zone, since so much user data is relational.  You upload a photo of you and me; I tag it with your name.  I leave Facebook — does your name disappear from the photo since I was the one who originally tagged it?  Should all traces of someone vanish from everyone’s news feed, or is the alert that X posted a photo (along with a thumbnail of the photo) a different contribution than … posting the photo?  Facebook possibly thought to avoid these issues — or at least retain maximum flexibility to answer them — by including the sweeping clauses about being able to retain our data forever.

One lesson is that plain English (and its other-language counterparts!) works better these days than legalese.  When talented lawyers sit down to draft something like a set of terms of service, they naturally want terms that protect their client as much as possible — both in its current practices and for any future practices it could conceivably undertake.  Plus they know that courts will hold this language against them in a dispute if there’s any wiggle room, since the company itself drafted it and the users couldn’t negotiate.  So the writers tend to (1) reuse terms from other companies’ agreements like old holiday fruitcakes getting passed around, since venerable terms must be good ones and (2) they write broadly and at length.  But now just one hawk-eyed person scrutinizing new terms can see them get broadened and raise an alarm to everyone else, thinking of all sorts of future actions the company just permitted itself to take — the way the lawyers themselves were thinking, too.  This is true even if the people running the company didn’t have anything more in mind than avoiding some class action lawsuit for using people’s data in ways that could be said to exceed the limits they’ve placed on themselves with their own terms.

Writing in plain language can better describe what the company is trying to do, and may even make a court more sympathetic if trouble arises.  That trend is probably increasing — consider Google’s warning upon installing its browser toolbar, which in “advanced” mode will send every visited Web site URL back to Google so that, among other things, Google can provide an icon showing the page’s popularity as it’s visited.  Google leads its privacy policy with “PLEASE READ THIS CAREFULLY — IT’S NOT THE USUAL YADA YADA.”  Mark Zuckerberg’s blog entry in response to the controversy is a welcome piece of plainspeak.

So — Facebook will go back to the drawing board and come up with something new, no doubt rightly more narrowly drawn.  In another post Zuckerberg said:

More than 175 million people use Facebook. If it were a country, it would be the sixth most populated country in the world. Our terms aren’t just a document that protect our rights; it’s the governing document for how the service is used by everyone across the world. Given its importance, we need to make sure the terms reflect the principles and values of the people using the service. 

Governing document is right.  That brings up two bigger picture issues worth highlighting out of what otherwise might be a garden-variety dispute about privacy terms that people can have with any of the companies to who they entrust their data.

First, if Facebook is analogous to a country, how to govern it?  There’s an amazing amount of energy devoted to arguing about who gets to control the top-level allocation of domain names, since they’re seen as a shared resource of the Net that can greatly affect people’s lives.  (I think that’s overblown, but that’s a different discussion.)  So what about a “community” like that of Facebook, where people invest their data — indeed, often their very identities.  When someone’s years’-long cultivated Facebook account is terminated for alleged objectionable behavior, is that a mere customer service issue, or ought it be thought of as something broader?  No one expects Facebook to be run by anyone other than its management and private owners (and perhaps someday its public shareholders), adjusting for market pressure from its users, but if the communities there are truly to flourish, perhaps it’s time to experiment with forms of self-governance.  Just as online multiplayer games allow worlds of users with different rules, and some incorporate users themselves into developing those rules, Facebook could experiment with some of the same things.  (So far online organizing on Facebook tends to be represented by the creation of groups with provocative titles and then a count of how quickly how many people sign up, an especially interesting metric since Facebook itself can tweak how often word of people joining a group appears in their friends’ newsfeeds.)  There may be a sweet spot somewhere between the status quo — where at least we know whom to blame or sue if we disagree with a Facebook policy — and, say, Wikipedia, where governance generally takes place in ways large and small among the thousands of people who edit its articles and work through the disputes that naturally arise there.

Second, it’s amazing how much people focus on Facebook’s use of data vs. uses by fellow users on Facebook.  I think “peer-to-peer” privacy violations will turn out to be the most interesting and pervasive, and that we ought to start working out how to handle these issues.  Even small tweaks in how a site like Facebook operates — such as who gets to tag and untag a photo and who is notified (or asked for permission) when tagging happens — can have a huge impact on the flow of data and identity.  (Facebook’s structure is highly innovative here — they’ve actually got pretty good instincts about people’s privacy preferences.)  This is especially true as more and more of our “mouse droppings” end up in social networks — automatically updated telemetry about our daily travels (think Google Latitude) or changes in who we’re friends with.  I’ve written a lot more about this in chapter nine of “The Future of the Internet — And How to Stop It,” available for free download,  (But you’re welcome to buy it, too, newly in paperback!)

Privacy “perfect storms” are good times to think about these matters — too often people are too busy shoveling out their data to really think through the implications of what they’re doing.  Now, with the pitchforks on this particular issue being mostly returned to holsters, we can debate.  …JZ

In other news, the writers and commenters at TechCrunch have been having a lively debate over whether a possible iPhone exploit (possibly allowing developers to update code without approval) is cause for concern. Jason Kincaid notes an interesting issue: on PCs, most users are trained to be wary of new code, and look for assurances of safety before the download applications. But because Apple’s platform is considered safe, people download apps without a second thought. This means that, in the event a malicious app is developed and slips through the imperfect approval process, the damage could be extensive. Apple can always yank back malicious apps once they’re discovered, but by then, the harm could be done.

Another walled garden, Facebook, has also found itself facing malicious code lately—so far, relatively tame. Do Facebook users—who are clearly trusting enough to expose lots of personal information to large networks—expect Facebook to be a safe space, free of malware? And if they discover it’s not, will that reduce their willingness to buy Facebook apps, halting the Web 2.0 party?

—Elisabeth Oppenheimer

The trademark claim always seemed the strongest to me — and the most easily cured.  We’ll see what shoe drops next as Hasbro mulls its options and decides whether it can still effectively pressure Facebook, which may not want to deal with a lawsuit, no matter how much they think they could prevail.