In the “Cassandra” department
September 20th, 2009 | by elisabeth | Published in Future of the Internet | 3 Comments
In the book, JZ discussed why it is that even tech-savvy, cautious users can’t avoid malware:
[S]urfing the World Wide Web often entails accepting and running new code. The Web was designed to seamlessly integrate material from disparate sources: a single Web page can draw from hundreds of different sources on the fly, not only through hyperlinks that direct users to other locations on the Web, but through placeholders that incorporate data and code from elsewhere into the original page. These Web protocols have spawned the massive advertising industry that powers companies like Google. For example, if a user visits the home page of the New York Times, he or she will see banner ads and other spaces that are filled on the fly from third-party advertising aggregators like Google and DoubleClick. These ads are not hosted at nytimes.com—they are hosted elsewhere and rushed directly to the user’s browser as the nytimes.com page is rendered. . . . Web pages are like fast food hamburgers, where a single patty might contain the blended meat of hundreds of cows spanning four countries. In the fast food context, one contaminated carcass is reported to be able to pollute eight tons of ground meat. For the Web, a single advertisement contaminated with bad code can instantly be circulated to those browsing tens of thousands of mainstream Web sites operated entirely in good faith.
And now we see this, from the NY Times:
Some NYTimes.com readers have seen a pop-up box warning them about a virus and directing them to a site that claims to offer antivirus software. We believe this was generated by an unauthorized advertisement and are working to prevent the problem from recurring. If you see such a warning, we suggest that you not click on it. Instead, quit and restart your Web browser.
The problem with predicting that bad things will happen is that it’s unsatisfying to be right.
On another note, the NY Times reports that Amazon is refusing to to locate or remotely disable stolen Kindles. It would actually be quite easy for Amazon to do so—the same technology that allows for remote software updates, or for jailbroken iPhones to be turned into iBricks, could be used here. A reader could simply report a Kindle lost or stolen and provide a serial number to Amazon, and Amazon could shut it down. (Presumably, this would really limit the market for stolen Kindles.) It’s interesting to ask why Amazon won’t make use of the technology and take advantage of it in marketing (“device can’t be stolen or lost!”). Did they take too much public criticism for remotely removing Orwell’s books from the Kindle? Is the theory just that it’s always easier to stand aside? Any ideas?
September 21st, 2009 at 1:02 am (#)
Amazon probably don’t want to deal with the trouble of authenticating reports of stolen devices. They face lawsuits if they remotely disable the wrong Kindle… or the Kindle of the wife of an angry husband.
September 21st, 2009 at 11:25 am (#)
I applaud Amazon for refusing to take unilateral action on disabling Kindles. They did take a lot of criticism for remotely removing books, and perhaps they have learned a lesson.
Trying to decide what is an “appropriate” or “unappropriate” use is a slippery slope of any remote kill feature. Sure a thief should not be able to use a stolen Kindle, but what’s to stop those who love to send phony DCMA notices from sending fake stolen Kindle notices. Best not to have the feature at all, and if the feature already exists best to never use it.
In the end the best philosophy is to give the user complete control over their devices. I’d accept a tool that would allow a user to install a program on their own computer that would allow the user to register and then remotely kill any Kindle they own, but Amazon should never take that power into their own hands.
September 24th, 2009 at 10:30 am (#)
In some ways, I feel that Amazon is being unsympathetic here. However, in some ways, I don’t feel like they’re doing anything wrong. For example: if you buy a bike from a bike store, you don’t lock it up properly, and someone steals it, you don’t go back to the bike store and ask the previous owner to destroy its tires so the thief can’t ride it. Once you’ve purchased the bike, it stops being the property of the bike store and starts being your property. If it gets stolen, the responsibility is not on the bike store to recoup for your loss.
Playing both sides of the argument, though, one could say that the Kindle doesn’t completely belong to the buyer once it is bought, because Amazon can still remotely alter it. If you have the power to change that, does it mean you still own it?
I think Amazon is baulking for two reasons: 1, the kindle thief (or whomever they sell the stolen Kindle to) can still buy books. By disabling the stolen Kindles, Amazon loses revenue. 2. If you start here, where does it stop? Does Amazon become liable to send you another Kindle if yours is stolen? Will disabling stolen Kindles remotely be some kind of slippery slope for them?
I think Amazon should disable stolen Kindles, but the consumer is stupid if they think that Amazon is going to be “nice” to them.