Apple changes its policy on iOS e-book and subscription sales. If a company has an iOS app and allows users to buy premium content, such as e-books to be displayed by the app, with purchases made via a Web site (and therefore avoiding giving Apple a cut), Apple now requires that the company also allow users to make those purchases in-app (where Apple takes 30% of the price). Magazine or newspaper subscriptions sold through a browser must be available for the same price or less in iTunes as well. And publishers can no longer embed links in their iOS apps to Web sites that sell content. Furthermore, customers must be asked and then agree to release their information to publishers when they buy content through iTunes, so publishers are less likely to get the valuable consumer data they want for targeted advertising.

Google launches subscription payment service. After Apple announced its iOS subscriptions model Google followed with its content payment system, One Pass. One Pass operates across platforms. Customers who purchase content through their Google accounts can access it on their computers, tablets, or smartphones (though presumably not on their iOS devices, though there’s no technical reason this has to be the case). A spectrum of models is available to publishers: they can sell by the article, offer subscriptions, or provide day passes, among other options. Unless a customer opts out, Google shares customer name, zip code, and email address with the publisher. For One Pass service, Google takes 10% of sales revenue.

RIM tablet rumored to run Android apps. RIM may be developing software that would allow its PlayBook tablet to run Android apps. The move would increase the number of apps that can run on PlayBook more than six-fold to over 130,000 apps, making it more attractive to consumers. The tablet, promoted as the company’s answer to the iPad, is slated for release this year.

Facebook and the bright side of human flesh search engines. A woman who found a camera in New York City identified its owner in three hours by posting pictures from its memory card to Facebook and tagging her friends to solicit their help in the search. Web sites designed to reunite owners with their lost property exist, but both the finder and the seeker must know of them and go to the same one. Facebook doesn’t suffer from either problem. Although Facebook is not a fully public forum – most users restrict access to their profiles in some way – in this case it ended up being a big enough network to connect a helpful New Yorker with a grateful French tourist.

Boston promises a pothole-reporting app. It’s probably not something that Apple would have developed on its own initiative: an app that detects and automatically reports potholes using GPS and accelerometer data from the driver’s phone is in the works by the city’s “Office of New Urban Mechanics.” (!) While an unsafe driver may be wary of sending such information to city officials, the app’s developers see it as a new form of civic engagement. Perhaps we’ll see a pothole-filling app next year.

Google adds new security and crowdsourced ranking features. Google has recently added two new features. The first feature lets people with Google accounts add a second password. An account holder generates this additional code every time he wants to login, receiving it on his phone. It expires after a few minutes – giving the user time to log into his Google account – and so dramatically reduces the chance that it will be phished. The second feature is a Chrome extension that allows searchers to block sites that they don’t want to see in their Google search results. The user reduces unhelpful content farm results in her own searches, and Google draws on the information to tweak its rankings to decrease global content farm contamination of results.

Corporate strategies for information security and transparency. As more and more information is stored in the cloud and shared through networks, companies are increasingly susceptible to accidental or intentional disclosure of sensitive information. The Economist reports that corporations are taking a range of approaches to address the problem, from technological restrictions and monitoring (software or hardware that limits or watches what employees do with data) to cultural awareness (explaining to employees how particular acts put data at risk) or openness (sanctioning the release of more information to promote trust). Meanwhile, 40,000 individual Gmail account holders lost their cloud-stored emails and contacts this week because of a bug in a software update. Google is in the process of restoring users’ data to them — from backup copies on tapes.

Android app hacked to repeatedly text premium numbers. Hackers, apparently in China, have inserted code into a legitimate Android app that causes it to continuously text premium numbers. The altered form of the (already free) Steamy Windows app is available on unauthorized app sites. Once a user installs it, the app sends text messages to premium numbers, running up the user’s bill. It also blocks incoming texts from the wireless service provider that would normally alert a user that he has exceeded his text message quota. The hackers get a commission for each text sent to the specified numbers. Unwitting Android owners are at greater risk of attack, because unlike iOS owners, they can download apps from third party sites in addition to the official marketplace.  That makes them more generative — but also less secure, leading to the “generative dilemma.” (cached) [Cached because the cloud-based host for the deep linkable version of the Future of the Internet — And How to Stop It has vanished — ironic (or fitting?), given the book’s warning about the dangers of cloud-based platforms.

PCs as an endangered species. As the evolution of computing devices marches forward, PCs may be headed for extinction. Smartphones and tablets are increasingly marketed as PC replacements. These mobile devices can be used on their own, but also connect to a range of peripherals — laptop shells, monitors, keyboards, mice, even docks that turbo-charge performance with extra CPUs — for a more PC-like experience. For example, Motorola’s Android-based Atrix smartphone can run the desktop version of the Firefox browser when docked, giving the user access to cloud-based services like Google Docs in addition to the apps installed on the phone. But Firefox doesn’t run off the Atrix, it runs off a minimal Linux machine in the dock. And the Android app ecosystem doesn’t yet match the diversity of PC applications. Still, as mobile devices and the Web 2.0 apps and services (cached) they support become more sophisticated, it’s likely that they will expand out of their niche and invade the habitat currently occupied by PCs.

—Jennifer Halbleib

Addressing the zombie invasion. U.S. officials are evaluating an Australian plan that targets the botnet epidemic. In particular, the American government is eying provisions that allow an ISP to notify customers with infected computers — since botnets typically run in the background of a user’s own applications, often the consumer is unaware that her PC has been taken over — and perhaps even quarantine maliciously co-opted machines by limiting online access. As the FOI book echoed in 2008, such a program increases security without resorting to perfect enforcement and may also encourage ISPs to provide consumers with tools to disinfect their computers, either as part of the service plan or for an additional fee.

iOS developer guidelines relaxed enough for torrent apps? Last week Apple approved its first BitTorrent app. But it turns out that Apple didn’t intend to allow torrent apps. Instead, the developer avoided the term “torrent client” in the app description, temporarily evading rejection. When Apple became aware of the app’s capabilities, it removed the app from the App Store.

Android apps share information. A Duke-Penn State-Intel study using the new TaintDroid tool revealed that half of thirty randomly selected popular Android apps send personal information such as location or phone number to ad networks, sometimes with surprising frequency. When an Android owner downloads an app, he or she has to give permission for the app to collect personal information. But from that sole initial disclosure it’s usually not clear when information will be accessed and how it will be used. Privacy policies are often unintelligible. Hopefully utilities like TaintDroid will soon be available in downloadable form to allow Android (and iPhone) owners to monitor in real time what information their apps are accessing.

Italy demands that Apple remove an offensive app from the App Store. Child pornography? No. Graphic violence? Not so much. Italy is upset that a travel app characterizes the country as the home of the Mafia (also of pizza and scooters). Since Italy knows Apple can remove the app, it may feel entitled to demand that the company do so whenever Italians’ dignity is the least bit bruised. In a walled garden, the country of Da Vinci need not cultivate perspective.

RIM jumps on the anti-fart app bandwagon. RIM takes the position that apps that keep users coming back and convince them to purchase upgrades or additional content are more valuable to RIM and developers than fart apps. But should the value of an app be determined ex ante by device-makers or set by user behavior? Good search and rating systems seem like a better way to run an efficient app store — one that allows both apps that provide “ongoing entertainment value” and inexpensive, one-off apps that may serve important, if temporary, functions. (Ever unexpectedly have to entertain a child for an afternoon?) Still, nice of CompuServeRIM to tell us what we want. Because listening to users and developers isn’t a plan that’s going to work.

Can a wireless provider block texts it doesn’t like? New York federal court was presented with that question in a case where T-Mobile blocked all texts from a texting service because one of the service’s clients provided information via text on legal marijuana dispensaries in California. Under the recently proposed Google-Verizon net neutrality principles (analyzed here), a wireless company would have latitude to discriminate based on the sender, recipient, or content of the message as long as its practice is transparent. But it’s hard to see how the discrimination in this case is required because of the “unique technical and operational characteristics of wireless networks.” We’ll have to wait to see how courts address the issue as the parties have settled the case. Although the full terms of the agreement weren’t disclosed, it “requires T-Mobile to stop blocking the New York-based EZ Texting service’s thousands of clients, if they meet T-Mobile’s approval. The medical-marijuana info service, which used texts to tell its users where the nearest medical-marijuana store was, remains blocked.” (emphasis added).

The future of HR. Social Intelligence will help potential employers determine whether you are a good hire and monitor you (with real-time updates) when you’re on the payroll by trolling your public social network profiles. “[C]ompany spokespeople emphasize liability. What happens if one of your employees freaks out, comes to work and starts threatening coworkers with a samurai sword? You’ll be held responsible because all of the signs of such behavior were clear for all to see on public Facebook pages. That’s why you should scan every prospective hire and run continued scans on every existing employee.”

iPhone expression that’s more than skin deep. Children and adults with disabilities affecting speech are converting their iPhones to alternative communication devices. Smartphone apps that are mobile, easy to use, and even cool give a voice to autistic kids and stroke victims alike.

—Jennifer Halbleib

I wrote the Future of the Internet — And How to Stop It, and its precursor law review article the Generative Internet, between 2004 and 2007. I wanted to capture a sense of just how bizarre the Internet — and the PC environment — were.  How much the values and assumptions of, metaphorically, dot-org and dot-edu, rather than just dot-com, were built into the protocols of the Internet and the architecture of the PC.  The amateur, hobbyist, backwater origins of the Internet and the PC were crucial to their success against more traditional counterparts, but also set the stage for a new host of problems as they became more popular.

The designers and makers of the Internet and PC platforms did not expect to come up with the applications for each — they figured unknown others would do that.  So, unlike CompuServe, AOL, or Prodigy, the Internet didn’t have a main menu.  And once for-profit ISPs started rolling the Internet out to anyone willing to subscribe, there came to be a critical mass of eyeballs ready to experience varieties of content and services — the providers of which didn’t have to negotiate a business deal with some Internet Overseer the way they did for CompuServe et al.  Some content and services could be paid for, at least as soon as credit cards could function cheaply online, and other could be free — either because of a separate business model like advertising, or because the provider didn’t feel inclined to monetize visiting eyeballs.  Tim Berners-Lee could invent the World Wide Web and have it run as just another application, seeking neither a patent on its workings nor an architecture for it that placed him in a position of control.  Today, of course, the Web is so ubiquitous that people often confuse it with the Internet itself.

When bad apples emerge on an unmediated platform — and they do as soon as there are enough people using it to make it worth it to subvert it — it can be difficult to deal with them.  If someone spams you on Facebook, the first step is to make it a customer service issue — complain to Facebook, and they can discipline the account.  If someone spams you on email, it’s much trickier, because there’s no Email Manager — just lots of email servers, some big, some little, and many of them with accounts hacked by others.  That’s one reason why a newer generation of Internet users prefers Facebook or Twitter messaging to old fashioned email.  Same for the PC itself: with no PC Manager, there’s no easy way to get help or exact justice when exposed to malware.  I worried that malware in particular, and cybersecurity in general, would be a fulcrum point in pushing “regular” people away from the happenstance of generative platforms designed by nerds who figured they could worry about security later.  Hence a migration to less generative platforms managed like services rather than products.

I understand and sympathize with that migration.  But it’s important to recognize its downsides — particularly if one is among the libertarian set, which has been comprised some of the most vocal critics of the Future of the Internet.  Whether software developer or user, volunteering control over one’s digital environment to a Manager means that the manager can change one’s experience at any time — or worse, be compelled to by outside pressures.  I write about this prospect at length here.  The famously ungovernable Internet suddenly becomes much more governable, an outcome most libertarian types would be concerned about.  Many Internet freedom proponents aren’t willing to argue for or trust those freedoms to a “mere” political process; they prefer to see them de facto guaranteed by a computing environment largely immune to regulation.

Lessig now seems to disagree with that; his view in Code 2.0 is that:

citizens of any democracy should have the freedom to choose what speech they consume.  But I would prefer they earn that freedom by demanding it through democratic means than that a technological trick give it to them for free.

It’s an interesting bookend to a small gem of an article he wrote in 1999, where he said:

The architecture of cyberspace embeds a set of values, as it embeds or constitutes the possible. But beyond the values built into this architecture, there are values that are implicated by the ownership of code. Its ownership can enable a kind of check on government’s power-a separation of powers that checks the extent that government can reach. Just as our Constitution embeds the values of the Bill of Rights while also embedding the protections of separation of powers,[] so too should we think about the values that cyberspace embeds, as well as its structure.

Randal Picker, in a terrific article revisiting the famed Sony case that upheld the right of manufacturers to make and sell VCRs, despite the fact that surely many people were using them to infringe copyright by recording shows for their personal libraries, outright welcomes new forms of regulation made possible by software becoming a service.  My brief response to (and disagreement with) his article is here, but both of us agree that new kinds of regulation lie in our future.

So, has the future happened?  Certainly young coders today are writing for the Facebook and iPhone apps platforms more than they are for Windows, OS X, or GNU/Linux.  Those platforms haven’t been “sterile” — e.g. resistant to all outside development, as the book’s introduction feared.  Rather, they’re what I called “contingently generative” and what Sarah Rotman Epps more pithily calls “curated computing.”  The idea is the same: to be generative enough to welcome outside coders — indeed, if wildly successful, to turn other platforms into ghost towns — but to be able to modify what they do at any time, before or after the fact.  Not only does that set the stage for monopolistic behavior — developers, many coding for fun, build empires that are then hard to move to a new platform when the rules change — but also for new regulation.  Android is an interesting development here — a sort of canary in the coal mine, as the Android platform contemplates more “off roading” by users, running unapproved apps, than the iPhone does.  It’s too early to say which model will prevail, especially as either one, being contingent, can evolve towards the other.  Steve Jobs could announce freedom to run outside code on iPhones tomorrow, and Google could revise Android so that only apps from the official Android store can persist.  Either vendor can kill an app, or the entire phone, at a distance, if it detects jailbreaking, or for any other reason.

In 2004, the Web was going strong, but much of our time was spent outside a browser: email was Outlook or Eudora, word processing was Word, spreadsheets were Excel, etc.  If you were given only a browser, there’s a lot of work you’d have a hard time doing.  Today that’s simply not true.  Google docs and spreadsheets are spreading, and Microsoft is hastening to catch up with Windows Live.  Yet some have trumpeted the end of the open Web, and cited the Future of the Internet to buttress their claims.  They have a point.  Just because something can be accessed by a Web browser doesn’t make it part of the Web.  (You can even just open a file on your hard drive using your browser, most easily if it ends in .html.)

If the services we migrate to online are still controlled and curated by only a handful of gatekeepers, we run all the risks, and stand to lose many of the benefits, of the generative Internet.  I’m not ready, as others may be, to say that essentially every new technology has its infancy and adolescence, where it’s chaotic and there are lots of players and lots of innovation, to be followed by boring adulthood as the losers lose and the few winners win and consolidate.  My hope was, and is, to be able to take on the “bad apples” problem in a way that doesn’t terribly compromise generativity — the way that Wikipedia, so far, has managed to stop spammers and vandals without wholesale abandoning the precept that anyone can edit a page, whether registered or not.  I wrote some thoughts on how to do that in the book, and have since followed up with a piece called “The Fourth Quadrant.”  It seems all the more pressing to me as concerns about cybersecurity, and now cyberwarfare, are very much on the mind of governments around the world.

I’m not exactly a pessimist.  I recognize, and celebrate, the fact that the digital environment of 2010 is the coolest, most interesting, most option-filled it’s ever been.  In that sense, mirroring the situation with Internet access despite censorship around the world, the slope of the generative curve is positive.  But, also mirroring the situation with censorship and filtering, I see the pieces further moving into place for a step change in how the Internet works.  In where new innovations come from.  And in how readily regulators can pull the plug on services and content they don’t like.  At its core, the Future of the Internet is an argument against complacency, and against the simplicity of thinking that if only market forces are allowed to work their magic, everything else we care about will more or less fall into place.

I look forward to the week’s discussions.  …JZ

Communicating with the e-book mothership. If the latest must-read on Kindle is dotted with typos or has a few pages missing, there’s a good chance Amazon offers a patch to correct the error. It’s a handy Internet-enabled functionality, although one can imagine at the extreme authors continuing to update their work ad infinitum, making it impossible for a reader to say he or she has read an e-book since content is always subject to change. Information flows in the other direction on the Kindle superhighway too, as Amazon apparently keeps track of what readers are highlighting. There’s some creep factor in Amazon knowing what ideas Kindle readers think are important, even if the most highlighted passages are in works as deep as The Lost Symbol. But the information is also so interesting.

The remote control. In April, Sony quietly revised the End User License Agreement that came with the latest PS3 firmware update to allow the company to change how an owner’s console operates in whatever way it wants, no notice or permission required. Now the FCC, at the request of the MPAA, has given cable and satellite providers the right to remotely disable output connections on consumers’ set-top boxes, leading consumers to ask “What did I buy?”

Curated Computing is the new name in town for the experience provided by the tablet non-PC. This particular term is meant to accentuate the “less choice, more relevance” aspects of that experience. It rolls off the tongue more smoothly than “contingently generative” and sounds less regressive than an “appliance,” but it connotes somewhat life aboard the Axiom. However, its proponents suggest that curated computing devices are meant to exist alongside and supplement traditional PCs. Let’s call that a worthy goal and the best of both worlds.

iPhone pillow talk with Steve Jobs. A ValleyWag reporter last week exchanged late-night emails with a defiant Steve Jobs on the iPhone’s ability to give people “freedom from” data theft, battery hogs, and porn. The emails speak for themselves, giving a little insight into Jobs’ perspective on the benefits and aims of the iPhone. He gets a little snarky at the end, but then again it’s 2am when he’s responding, and he never has a chance to clarify his comments, unlike the Gawker reporter.

Android outsells iPhone. During the first quarter of 2010, phones with the Android OS grabbed 28% of the U.S. market share, surpassing iPhone’s 21% (RIM’s Blackberry is still at the top with 36%).  Although Android benefited from Verizon’s buy-one-phone-get-one-free promotion and iPhone continues to lead worldwide, it appears Google is getting closer in Apple’s rearview mirror.

McAfee prevents computers from booting up in new virus-protection strategy. Centralizing security software in a few big providers concentrates expertise to solve problems, while also meaning that there are only a few–albeit strong–security systems the bad guys need to breach in order to wreak widespread havoc.  But in a previously under-appreciated risk, a flawed update of widely-used antivirus software can cut out the middleman and accomplish the same havoc directly.  A McAfee software update mistakenly identified a critical file as a virus and quarantined it, causing computers around the world, many of which automatically install updates, to repeatedly attempt to boot up.  One source estimated that 800,000 PCs were affected.

Taking [re-]generativity seriously. A Connecticut mayor donated her kidney to a Facebook friend last month after seeing his desperate status update.  The patient’s doctor had suggested that he try publicizing his need through social media, using an online connection to a forge a real-world bond.

Canadian Android Carrier Forcing Firmware Update. A Canadian carrier wanted users to download a firmware upgrade that fixed a glitch prohibiting users from dialing 911, so it made the upgrade mandatory. Seems reasonable. But it bundled in an update that “prevent[ed] users from ever gaining root access to their phones.” Sneaky—one more way that contingent generativity really is contingent, even for savvy users.

Biggest Mobile Operators Join Forces On App Store Project. A few dozen mobile operators have come together to try to create a mobile developer’s dream: a set of standards for applications that would work across phones and mobile OSes, and a single app store (with a single approval process) in which to sell those apps. This could be a good thing if it worked—developers might have more say in big-picture application development, and single carriers or hardware manufacturers would have less ability to be a development chokepoint. (It would also be nice for consumers, generally making the smartphone world look more like the PC world.) I’d be more excited if efforts to create uniform mobile standards weren’t so difficult and historically so unsuccessful.

Demand for Android Phones Makes “Monstrous” 250% Jump. Another developer’s dream (perhaps), Android, is seeing significant growth. “Android has finally caught consumer interest,” according to a research firm. Also, Android users are almost as happy as iPhone users with their phone (72% to 77%).

Big Brother Is Here, Families Say. This story is so bizarre, I don’t know what to make of it. A school in Philadelphia gave out laptops without telling the students or their families that the cameras could be remotely activated. The idea was to use the cameras if the laptops were stolen, but one family claims a camera was used to spy on a student. If true (details are cloudy), that would (a) be mind-bogglingly dumb on the school’s part, and (b) reminiscent of this (ubiquitous cameras) and this (remote activation) in the book. Check out the Onion’s take here.

Microsoft takes the StopBadware Approach Further. Last week, MS obtained a restraining order to deactivate 277 domain names it had linked to the Waledec botnet. Severing the connection between drones and the mothership goes beyond tactics employed by the Google/StopBadware Project.  It effectively makes the targeted websites invisible, instead of slapping a prominent warning label on them. Although MS attempted to cut off only addresses used exclusively for spam, it appears that the single U.S.-based target may be a legitimate site, if a hapless drone.  While owners have the opportunity to reclaim their addresses, MS’s actions raise questions of proportionality and whether cooperation and information-sharing between prominent Internet denizens, such as MS and Google, if possible, would result in more efficient and just solutions. Their approach also highlights the tension between the need for secrecy to effectively attack the spam network and the notice usually required prior to legal action.

One step behind. Thesixtyone.com, a site that allows the public to listen to, rate, and buy largely indie music, is looking for a hacker that can break up the bot-powered voting rings seeking to game their democratic rating system.  A laudable goal, but one spammers have already begun to circumvent by using real people instead of bots.

Passing through the cloud. Katherine Boehret recently reviewed Pogoplug, a device that makes files web-accessible without actually storing them in the cloud.  While this type of solution doesn’t address data-portability concerns surrounding extraction of personal data in usable form – to allow seamless transition between social networking sites, for example – it does let the user to maintain more control over data instead of entrusting it entirely to the cloud.  This control prevents third parties from holding data hostage and from losing, allowing government access to, selling, or mining personal information; but users can still access their files from almost anywhere.

Please think twice. A website launched last week illustrates the risk of publicly sharing information online.  Pleaserobme.com aggregates Twitter posts that contain location-sharing information from Foursquare in a chronological list to show the potential for exploitation by Internet users with malicious intentions.  While it’s probable that only a small set of burglars will take advantage of this information, the site is an example of a grassroots campaign to raise awareness of potential problems for users who don’t recognize how the information they freely give can be mined.  Whether this awareness leads them to alter their behavior or simply “get over it” is up to the individual.

Facebook messaging glitch. A subset of Facebook users experienced firsthand the risk of entrusting control of personal messages to third parties.  Last Wednesday, FB accidentally sent the private messages of a “small number” of users to strangers instead of the intended recipients.  Unlike well-publicized security breaches of credit card companies and banks, the misdirected messages were largely personal in nature and contained little identifying information, so the risk of actual injury is low.  But that may not be very comforting to those who had intimate details divulged to strangers.  Some of the accounts indeed provoke a gut-level enquiry as to how privacy violation should be measured.  On the flip-side, the occasional misrouting of a letter by the Post Office doesn’t give rise to much concern – and in that case the sender is usually clearly identifiable – so why should electronic mail be afforded greater scrutiny?

—By Jennifer Halbleib and Elisabeth Oppenheimer

Mike Petrucci’s AppMakr Saga. Mike Petrucci decided to use AppMakr to put together an app aggregating his Twitter, blog, etc, feeds…only to have Apple reject it because it wasn’t of general interest. That’s a big difference between iPhone apps and, say, web apps (blogger has definitely never rejected someone for being of limited interest). It’ll be interesting to see what line Apple decides to take on this, and how AppMakr and similar companies push them.

Apple orders Android mention scrubbed from App Store. Speaking of Apple…they order a developer to take “Finalist in Google Android’s Developer’s Challenge!” out of the description of its app. Just silly.

In Europe, Challenges for Google. Much attention has been paid to Google’s business in China, but Europe (particularly Italy) poses difficulties, too—different copyright laws, different privacies laws, and different free speech traditions.

Google Buzz Privacy Issues Have Real Life Implications. However, Google has more pressing privacy concerns to worry about this week, with the rollout and reaction to Google Buzz. Google generally does just fine releasing a half-baked product and cleaning up the details later, but that’s a terrible idea when the rollout includes auto-sharing previously private information. It’s disturbing that this concern made it past however many rounds of internal testing Google did.

—Elisabeth Oppenheimer

1. The platform offers fewer capabilities than non-Facebook apps or mobile apps; no rich interfaces; documentation and support is poor. The platform changes too often. It’s true that Facebook can’t take advantage of all the functionality that comes with mobility, and if an app doesn’t require mobility, there’s rarely a reason to develop it for Facebook instead of for the Internet generally. The documentation and support problems, though, are self-created.

2. There just aren’t that many opportunities for social apps beyond messaging, taking quizzes, and graphing your friends’ data. And apps aren’t crucial to the core Facebook experience. Maybe there’s some truth here, but I think the dearth of current good apps limits the imagination. Every now and then I’ll see something that seems uniquely suited to Facebook—say, a ridesharing application that allows you to arrange carpools with people you might not think to email and ask, but who aren’t complete strangers. Some of the data-compilation is also fascinating from a social-scientist perspective. If Facebook wanted to go around giving out prizes for the best app, I think they’d get some really cool stuff. As for the core Facebook experience, I think it’s very malleable (remember that Newsfeed didn’t always exist?).

3. There may be opportunities for good social apps, but we don’t know how to share data in a way that’s useful and respects privacy. This strikes me as a very valid point. Facebook has repeatedly lost credibility and trust in data-sharing disasters, notably Beacon, and apps still seek and distribute more data than they should. Even worse, they mess with people’s friends’ data. So users aren’t inclined to give app developers the benefit of doubt in releasing their information. This seems like a prime opportunity for Facebook or users to develop clear, enforceable privacy guidelines and explain how they relate to application development.

4. Because of the privacy concerns, there isn’t an efficient distribution network. As all of those quasi-viral apps proved back in the early days of Facebook appdom, it’s easy to strong-arm distribution of an app to thousands or millions of people. But users will also be upset when they figure out they’re essentially spamming their friends. The problem is to figure out how to encourage wide uptake without bombarding people with unwanted invitations or turning people into accidental spammers. (A related concern is that, as long as the spammy apps to dominate, people won’t want to go anywhere near the whole system.) I actually think app distribution is an area where Facebook is well-positioned relative to the Internet at large—it would be easy for Facebook to promote and collect popular apps in a way that would encourage people to download them (as the iPhone does). But they’ve chosen not to do that.

5. Apps have taken off; it’s a multi-million dollar industry. True, actually; virtual goods are a huge business, and the top apps have upwards of 20 million users. (Data here, and that website is probably the best for Facebook-related data.) Still, as the original article I posted pointed out, the redesign has hurt many developers. And, anecdotally, apps are just such a minor part of many users’ experience—even if a lot of money is being made now, that’s no reason not to try to make more.

The most open question here is whether social networking apps really have anything to offer. Beyond that, most of the concerns could be resolved by a social network management that really wanted to encourage application uptake. As far as Facebook goes, though, the new Facebook Connect system seems to aggravate many of these problems, particularly the lack of transparency and the privacy concerns (and the fact that it’s described so confusingly I can’t figure out what it actually does). But there’s a market to build here, whether Facebook is the one to build it or not.

—By Elisabeth Oppenheimer

More generally, I’ve never understood why Facebook apps didn’t take off. The idea had such potential—developers could take advantage of the social context in a unique way—but it seemed like 98% of the actual offerings were on the spectrum between boring and infuriating. Any ideas on why that is? Did anyone out there love (or continue to love) Facebook apps?

—By Elisabeth Oppenheimer

Lost in the Cloud

Cambridge, Mass.

EARLIER this month Google announced a new operating system called Chrome. It’s meant to transform personal computers and handheld devices into single-purpose windows to the Web. This is part of a larger trend: Chrome moves us further away from running code and storing our information on our own PCs toward doing everything online — also known as in “the cloud” — using whatever device is at hand.

Many people consider this development to be as sensible and inevitable as the move from answering machines to voicemail. With your stuff in the cloud, it’s not a catastrophe to lose your laptop, any more than losing your glasses would permanently destroy your vision. In addition, as more and more of our information is gathered from and shared with others — through Facebook, MySpace or Twitter — having it all online can make a lot of sense.

The cloud, however, comes with real dangers.

Some are in plain view. If you entrust your data to others, they can let you down or outright betray you. For example, if your favorite music is rented or authorized from an online subscription service rather than freely in your custody as a compact disc or an MP3 file on your hard drive, you can lose your music if you fall behind on your payments — or if the vendor goes bankrupt or loses interest in the service. Last week Amazon apparently conveyed a publisher’s change-of-heart to owners of its Kindle e-book reader: some purchasers of Orwell’s “1984” found it removed from their devices, with nothing to show for their purchase other than a refund. (Orwell would be amused.)

Worse, data stored online has less privacy protection both in practice and under the law. A hacker recently guessed the password to the personal e-mail account of a Twitter employee, and was thus able to extract the employee’s Google password. That in turn compromised a trove of Twitter’s corporate documents stored too conveniently in the cloud. Before, the bad guys usually needed to get their hands on people’s computers to see their secrets; in today’s cloud all you need is a password.

Thanks in part to the Patriot Act, the federal government has been able to demand some details of your online activities from service providers — and not to tell you about it. There have been thousands of such requests lodged since the law was passed, and the F.B.I.’s own audits have shown that there can be plenty of overreach — perhaps wholly inadvertent — in requests like these.

The cloud can be even more dangerous abroad, as it makes it much easier for authoritarian regimes to spy on their citizens. The Chinese government has used the Chinese version of Skype instant messaging software to monitor text conversations and block undesirable words and phrases. It and other authoritarian regimes routinely monitor all Internet traffic — which, except for e-commerce and banking transactions, is rarely encrypted against prying eyes.

With a little effort and political will, we could solve these problems. Companies could be required under fair practices law to allow your data to be released back to you with just a click so that you can erase your digital footprints or simply take your business (and data) elsewhere. They could also be held to the promises they make about content sold through the cloud: If they sell you an e-book, they can’t take it back or make it less functional later. To increase security, companies that keep their data in the cloud could adopt safer Internet communications and password practices, including the use of biometrics like fingerprints to validate identity.

And some governments can be persuaded — or perhaps required by their independent judiciaries — to treat data entrusted to the cloud with the same level of privacy protection as data held personally. The Supreme Court declared in 1961 that a police search of a rented house for a whiskey still was a violation of the Fourth Amendment privacy rights of the tenant, even though the landlord had given permission for the search. Information stored in the cloud deserves similar safeguards.

But the most difficult challenge — both to grasp and to solve — of the cloud is its effect on our freedom to innovate. The crucial legacy of the personal computer is that anyone can write code for it and give or sell that code to you — and the vendors of the PC and its operating system have no more to say about it than your phone company does about which answering machine you decide to buy. Microsoft might want you to run Word and Internet Explorer, but those had better be good products or you’ll switch with a few mouse clicks to OpenOffice orFirefox.

Promoting competition is only the tip of the iceberg — there are also the thousands of applications so novel that they don’t yet compete with anything. These tend to be produced by tinkerers and hackers. Instant messaging, peer-to-peer file sharing and the Web itself all exist thanks to people out in left field, often writing for fun rather than money, who are able to tempt the rest of us to try out what they’ve done.

This freedom is at risk in the cloud, where the vendor of a platform has much more control over whether and how to let others write new software. Facebook allows outsiders to add functionality to the site but reserves the right to change that policy at any time, to charge a fee for applications, or to de-emphasize or eliminate apps that court controversy or that they simply don’t like. The iPhone’s outside apps act much more as if they’re in the cloud than on your phone: Apple can decide who gets to write code for your phone and which of those offerings will be allowed to run. The company has used this power in ways that Bill Gates never dreamed of when he was the king of Windows: Apple is reported to have censored e-book apps that contain controversial content, eliminated games with political overtones, and blocked uses for the phone that compete with the company’s products.

The market is churning through these issues. Amazon is offering a generic cloud-computing infrastructure so anyone can set up new software on a new Web site without gatekeeping by the likes of Facebook. Google’s Android platform is being used in a new generation of mobile phones with fewer restrictions on outside code. But the dynamics here are complicated. When we vest our activities and identities in one place in the cloud, it takes a lot of dissatisfaction for us to move. And many software developers who once would have been writing whatever they wanted for PCs are simply developing less adventurous, less subversive, less game-changing code under the watchful eyes of Facebook and Apple.

If the market settles into a handful of gated cloud communities whose proprietors control the availability of new code, the time may come to ensure that their platforms do not discriminate. Such a demand could take many forms, from an outright regulatory requirement to a more subtle set of incentives — tax breaks or liability relief — that nudge companies to maintain the kind of openness that earlier allowed them a level playing field on which they could lure users from competing, mighty incumbents.

We’ve only just begun to measure this problem, even as we fly directly into the cloud. That’s not a reason to turn around. But we must make sure the cloud does not hinder the creation of revolutionary software that, like the Web itself, can seem esoteric at first but utterly necessary later.

Jonathan Zittrain, a law professor at Harvard, is the author of “The Future of the Internet — And How to Stop It.”

* Here is a new video with Prof. Z navigating the screen and explaining how to use Herdict.

* Helping us get the word of Herdict out to the herd-at-large, Shep has taken on some impressive language skills (and more impressive gender changes) to promote Herdict in a number of different languages for the Berkman YouTube channel.

Currently videos are available in Mandarin Chinese, Spanish, Malagasy, Italian, Hindi, and Korean. Also, we have a growing library of subtitled versions available on dotSUB , which includes Arabic, Bengali, Danish, Flemish, French, Hungarian, Russian, Portugese, Castilian, and Indonesian, just to name a few. For those who missed it, here is the original video.

-yvette wohn