Pluses and Minuses

Facebook Vs Google, Round 2

The whole world seems to be going gaga over the new kid on the block, Google’s Facebook Killer, Google+. I have tried it, since I hardly every like verdicts (they sound good in retrospect, but most people eat their own words when they don’t go right), I would just share some thoughts.

Overall, Google has delivered a kickass product. It’s a great bit of engineering. For the first time in its life, Google seems to have come out of its engineering style product development and has delivered something that is quite well polished. There are hardly any kinks, the product has been thought through well, including deep integration across all google services. It’s even gone ahead and published Google+ like themes for Gmail and Gcalendar. It takes a lot to introduce a new product across all your properties (the top bar in Gmail, Google Search etc.) on day one, and I commend Google on its confidence. And its welcome change from half dash efforts earlier (Buzz, and Orkut while well done was abandoned).

At the same time, however, the product lacks any irresistible feature that will make me switch. The usual: wall/stream, notifications, @/+ etc. have been added. Circle’s is great UI but not something facebook won’t have in two weeks. Sparks and Hangout are cool, but not at the core of social networking. I don’t think I will ever have the time or inclination to “hangout” on the web with friends, unless its work. And if its work, I would rather keep out of Google+. Sparks is something that I have still not understood, and it seems something Google News should have added.

Moving the Social Web is a Mountain. I don’t imagine people suddenly switching to the new kid on the block. There are pictures, friends and family on facebook which people wouldn’t switch on day one, and I doubt given the way facebook is so deeply integrated in most people’s lives (its the first website I open after email), I doubt making the switch will be that easy. I also don’t expect my mom, my dad and so many other people to just jump on Google+, also because of its (slightly) geeky interface.

Getting rid of baggage is also a good thing.  That said, I do want a place where my new social life is better mirrored. Facebook seems to have so much baggage now – people I may not even interact with, that having a place where I can interact with a fewer people is actually better. I have heard horror stories of people meeting you after years and still knowing what you are upto (and you knowing nothing about them!). In a world where your friendships become limited to what you know from your facebook newsfeeds, having a new place to locate new content is a welcome change. I also want a place where I can interact with people with whom I share some interests and keep it distinct from the rest of the world.

Is Google trying too many things? An obvious question comes to mind. Google is planning to fight Facebook & Twitter in social, Groupon in local offers, Microsoft in enterprise and search, and everybody else in Silicon Valley somewhere or the other. Suddenly, the company that started with “Don’t be Evil” has enemies all over and is fighting all fronts.

Competition is good for Facebook. I think its going to keep it on its toes as it has suddenly in the last few months become the monopoly on your social connections. It needs to think of quite a few things – helping us keep our friends graph better organized, surfacing new and better content (I hate the spam on facebook!), and figuring out ways to become more pervasive (are we going to see facebook browser toolbars soon?).

Bad news for Twitter. The one to lose out the most may just be Twitter. What works for twitter is the one way friendship that geeks love, and celebrities take recluse in. If Google is able to capture these well (circles is in some way one way relationship – the friend connection in G+ is quite complex), it will mean people won’t mind moving to it. In this three way world of Twitter/Facebook/Google, it will be Twitter which has the least stickiness, most spam, and no way of monetizing. The dollars twitter would have hoped to get, would now get split even more. If twitter has to stay afloat, it will definitely need to start thinking quickly.

Apple’s Vision of the Cloud and why its flawed

Apple's iCloud Service

Yesterday, Apple announced its new iCloud service along with a lot of improvements to the Max OS X and iOS 5, and while I did like what I saw, there are a number of reasons I may not use it.

First, what I liked:

  1. I like Apple’s vision of the cloud, as against Google’s. I don’t think the cloud is going to replace our rich applications. Having used both cloud as well as native rich apps – rich apps are here to stay the cloud will make them stronger. They are a lot easier to use, documents look a lot better and they are far more handy. A browser based app may be present as a fallback option when you don’t have anything handy but that’s far from becoming the default.
  2. I like Apple’s cloud being a personal cloud rather than complicating with as a “family cloud” or “friends cloud”where everything automatically gets shared with everybody. I think that just befuddles the hell out of things and these have never taken off.
  3. The iCloud makes the cloud wire-free. You no longer need to connect your PC / iPhone / iPad and sync all of them. Just importing pictures from a camera is such a big chore usually and Apple’s a master at cutting out chores.
  4. The iTunes Match service is a killer. Of course, I still wonder how they managed to negotiate out such a deal with the music publishers but the fact that they did, and hid all the junk under the carpet is very commendable.
And now, what I don’t like:
  1. Apple’s Cloud is closed. It essentially locks me in to Apple’s technology. As a person, I like to keep trying out new things – I use a
    PC, an iPad and a Blackberry and I am usually happier to navigate diversity, and the iCloud service means that I either need to change my habits or look for alternatives (Hey you dropbox, instapaper, remember the milk – you still have a future!). I would like to write a document on my PC – read it on my iPad, edit it there and use it on the go with my Blackberry. With Apple’s iCloud, my world would begin and end with Apple, which is a compromise I am unwilling to make.
  2. Apple iCloud doesn’t give me any integration options. There doesn’t seem to be a way for app developers to retrieve stuff from the cloud onto other platforms. This is precisely why I don’t use Google’s Buzz but I use facebook or twitter – because they are everywhere!
  3. I still can’t get over MS Office. I have not really found an alternative that can make me switch – openoffice, google office, pages – and I really wonder if I will be able to use anything else for sometime to come.
  4. iTunes doesn’t support enough regional content, and I hardly buy any music from there as a result. There’s a whole world out there beyond what we see – and I wouldn’t want to close my ears to it. Also, I would want my content to be available on my non Apple devices. And they may not be as good today, but I wouldn’t want to rule out innovation.
  5. Apple doesn’t give me a fallback web based interface for accessing my cloud stuff – a lot of times, I end up checking my mail from others computers since I travel a lot and find myself in places where Wifi is locked and I don’t have a data plan on my iPad/phone. I want at least some way to check things out.
I guess, I just like way too much diversity and I will continue to use all the other services that I used earlier – and use the iCloud only for things which don’t lock me in.

Digital Media Outlook Report 2009

Found this report by Siddharth Rao of Webchutney on TalkingTails. Very interesting to note that the largest advertisers in the offline world are only testing waters online right now – and the real online spend hasn’t really started. Most people are (still!) confused about what advertising online means and how it impacts their business – perhaps because the trickle effects of a banner AD are very small – when you conduct a TV/Print campaign people come into the stores and talk about it,, and the sales show a substantial positive impact of the campaign and the information about this goes up the organization hierarchy.

The same doesn’t happen in case of banner ads, and impact on revenues of a single ad/campaign is quite small and most marketing managers are unable to estimate how its affecting footfalls into its brick and mortar stores.

I believe a more effective means of tracking customers trickling into stores after an online campaign would definitely make a positive difference. Hopefully, with the advent and ubiquitous spreading of mobile phones, we’ll start seeing a difference in the Outlook Reports of 2011 and 2012!

[Suggest you click on the Menu (bottom-left) and read in full screen]

Google, SEO, Knol and the rest of the world

Google recently launched Knol, their wikipedia competitor which allows experts to own articles. The concept is interesting because Wikipedia allows free-for-all authorship, and by making the articles edited by experts and listing their owners clearly on the knol, Google hopes it will get higher quality content. The editors will stake their prestige on the quality of the content, and overtime Google could also share Adsense revenue with them.

However, a has also raised quite a storm in the teacup since people are speculating that Google will take undue advantage of its search traffic to drive usage of knol. Google has pretty much become the traffic policeman of the new web — telling people where to go, and getting them there through its vast knowledge of the contours of the internetland. However, as is often the case in India, what do you do when lawmakers become lawbreakers? When a cop’s car breaks traffic rules, do you give them a ticket? While I am hopeful Google will not quite reach the level of Indian police (or even Bennet, Coleman & Co.), but the question of Knol getting undue advantage (as against the much better established Wikipedia) can not be brushed aside.

The importance of Google’s dominance of the web came to the fore front yesterday during a discussion at the Open Coffee Club’s first meeting in Kolkata yesterday. Angshuman of Taragana complained that he had a hard time when Google dropped him out of their indexes for some reason he is yet to figure out. While he has several conjectures such as his wordpress translation plugin due to Google might have labelled all his pages as duplicate/spam, or changing his URL syntax using mod_rewrite, he couldn’t really figure out what the problem was. Using the webmaster tools wasn’t much help either. Finally, the way he resolved it was by telling the Google representative that he would stop his Adsense spending if his website wasn’t restored — he claims that is the only thing that works with Google. Being dumped by Google indices is quite scary for any website owner, almost like not being reachable from the Start button on a windows box, and there needs to be better mechanism to deal with such ‘mistakes’.

Microsoft has often been accused of using its Windows strength to push its other services, and now Google could do the same. While Google has been the poster child of the internet, and we all continue to use its services in good faith, ignoring trespasses into content creation space, brushing aside its transgressions as mere mistakes — one can hear whispers today and one expects them to soon transform into noises. The onus is on Google to uphold its “don’t be evil” philosophy, and communicate its positive action proactively to the rest of the world. It has already done well for the last few years, but the time has come to be more open, more forthcoming, and more accommodating, or might find itself in the same boat as what Microsoft, AT&T and other monopolies have been in the past.

Honey Bee Algorithm for Allocating Servers

I came across an interesting article in The Hindu (see the story from GaTech news; I couldn’t find the link on The Hindu website) today which described work done by Sunil Nakrani and Craig Tovey, researchers in GaTech, on using a decentralized profit-aware load balancing algorithm for allocating servers for serving HTTP requests for multiple hosted services on the Web. The interesting, thing is that the algorithm is based on how Honey Bees in a bee-hive decide where to collect nectar from. I decided to take a look at the paper.

Essentially, the forager bees collect information about how profitable a particular nectar source and how much is the cost involved in collecting from that source (round trip time). Based on a composite score, they perform a waggle-dance which essentially indicates what is the value of performing foraging where they have been. The inactive foragers can thereafter figure out where to go look for nectar.

The researchers modeled it in the server space by having an advert-board, where servers post profits from serving a request and the time required to serve it. Thereafter, the other servers can choose which colony (or service) they wish to be a part of. Existing servers can also move to another colony based on a probability determined from a look-up table indexed by the ratio of their profits by the profits of their colony.

Their results indicate that they do quite well compared to optimal-omniscient strategy (which knows the pattern of all future web requests) and better than existing greedy and static assignment strategy. Shows that we still have a lot to learn from nature!

One thing that flummoxed me though was that the original paper seems to have been published way back in 2003 (see Tovey’s publication page). I wonder why it got press publicity only now.

[The paper also cites a Harvard Business Review paper titled Swarm Intelligence: A whole New Way to Think About Business]

It all has to start with I, doesn’t it?

It always has to start with the self. The self is the center of the world in the brand new avatar of the Internet. While it feels gratifying to be acknowledged as The Master of the world, I would perhaps have been more comfortable just having the royal seal at my disposal. However, idempotent as we might be, we have to realize that in the increasingly fragmented world, we need better techniques of establishing ourselves. The self needs better means of self-expression and self-authority. And, thus, my first blog post in my new technical blog starts with a discussion of identity management systems on the Internet.

A discussion of identity management systems has to start with the Laws of Identity, penned by the grand daddy of all-things-identity at Microsoft, Kim Cameron. Unlike what people would expect, the laws are not written in a technical language with complex cryptographic equations making them esoteric, but rather in a very accessible language because they talk more about the philosophical aspect of identity rather than the technical, a very important consideration in the design of a mature technical system. The seven laws (over-simplifying them) are:

  1. User Control and Consent: The user is the King, the Queen and the Jack. The identity meta-system must recognize the user as being the final authority on whether he wants information to be disclosed, and ask him/her at every instance. It should also have means of protection against phishing and other attacks.
  2. Minimum Disclosure for a Constrained Use: Information disclosed should be the minimum required for the completion of the current task. Essentially, there should be no need of disclosing credit card information if you try to comment on this blog. Also, if a site just needs the single bit information whether a person is above 18 or not (as many do!), they should not ask for the date of birth, since that means divulging more information.
  3. Justifiable Parties: This is from the experience of the failure of the over-arching vision of the Microsoft Passport identity management system. The law states that there should be a justifiable need for an identity provider and its interactions to have identity information. Essentially, there is no need to unify my Social Security Number of Tax Identification Number with my MySpace account. Users may not be very comfortable having one identity system for all uses. I may not want to divulge my company identity when surfing objectionable material online.
  4. Directed Identity: This, to me, seems like a corollary to the laws 2 and 3 above. It says that there should be unidirectional identity handles which don’t reveal more information about the identity than that required. For instance, if my employer allows me to ex-officio access IEEE Journals, IEEE should not be able to get my identity handle, except for the information that I work for a particular company which allows me access. Also, identity providers should be like ‘beacons’ emitting identity information as allowed by the users, but establishing an identity relationship with it should be a uni-directional identity relationship. This is essentially to prevent correlation of identity-handles. Cookies are an example — while a cookie might authenticate a user in a widget, cookies cannot be shared across sites to avoid correlation. Of course, there can be ways to defeat this purpose and those are essentially the instances that are undesirable.
  5. Pluralism of Operators and Technologies: Cameron states that one single monolithic system can never be enough for all our identity needs. A person might definitely want to have separate providers (Windows Domain Authentication, Open ID, Paypal) and technologies (Kerberos, Web Services) for different use-scenarios and may not want to correlate them for obvious reasons.
  6. Human Integration: Cameron makes the point that we need better design of UI to prevent identity theft and ensure privacy during the interaction of the human and the terminal on which they authenticate themselves. There can be many a slip between the cup and the lip, and this is becoming all the more apparent thanks to phishing and other kinds of attacks. We need better methods to prevent identity systems masquerading as others, and more secure means of communication between the user and his terminal for identity information exchange (biometrics?).
  7. Consistent Experience across Contexts: Cameron tries to make a point for a universal identity information entry interface across the various kinds of identities we might like to maintain (professional, personal, financial), but the point seems more for Windows Info Card (I’ll talk about that later). It seems inspired by our carrying different kinds of identity cards in our wallets, such as the Driving License, employer ID card and so on each of which have the same experience (show the card and gain access).

It is great to have somebody’s wisdom and experience captured so concisely in a set of seven rules. That is what lets us stand on the shoulder of giants and build bigger and better technologies.

The laws seem simple, intuitive and practical, and are extremely general. I think that is its biggest undoing — since they do not give formal semantics of the laws in a mathematical language, it is very easy to have ambiguity and doubt in terms of their interpretation. (A mathematical formulation of something as general as identity is not very easy either). Also, since they are written in such general language, there can be very loop holes and an actual identity system would have to do a lot of thinking to make them very robust, secure and private. I would only request Cameron to explore writing more formal means of expressing these laws and have extensive case-studies (I may not have looked very carefully for them) and have more extensive discussion about privacy, security and so on — concepts that are becoming very pertinent by the day. I would also like to see more discussion from the perspective of the identity system — things such as identifying bots, using captchas, and establishing authenticity of information a user enters (is the user really over 18?). He should perhaps consider writing a book!

A theoretical discussion of identity systems is not of much use, so I would endeavor to discuss some systems in use today. The simplest by far is the simple login password form backed by a text file/database that you can implement in under an hour. My guess that is a pretty robust solution for most simple sites. The downside is a registration process and the need of remembering one more set of usernames and password. The fact that most of us practically use the same usernames and passwords for every site is a matter of convenience as well as a significant security threat. If any one of the sites of compromised (which is very much possible because such under-an-hour hacks can not possibly maintain the highest standards of software quality), the risk of all your accounts being compromised is quite high. Also, it is very difficult to ensure consistent interfaces, and security of transactions. Varying privacy policies might well mean that the user control on the information s/he has divulged to one party is rather suspect. However, they serve their own purpose. This method is quick and dirty — and works well in a rather large number of scenarios.

Of course, identity is very well understood in an enterprise setting. Kerberos and Lightweight Directory Accesss Procotol (LDAP) have been around for ages and have been the subject of a lot of research. There are standard implementations that can be used like a black box, and single sign-on within a single enterprise is probably a well-solved problem (that is a rather speculative statement). It is a much easier problem also because if we consider the scope of privacy and security etc. is a single enterprise intranet and the problem as well as their solutions are primarily technical. If, however, we consider a federated identity management system for the whole of internet, the scope is much larger, and the deliberations are not just technical, but philosophical as well, since it involves trust between parties who don’t trust each other :)

Another concept that tries to ensure convenience is Open ID - a federated identity management system. The aim is simple — to use identification information on one site to automatically establish it for some other sites. For instance, if you have WordPress blog and you want to leave a comment at LiveJournal, you can provide your WordPress blog URL and LJ automatically uses Web Services to establish identity. There is a user-consent phase and since it is not controlled by a single party, it is preferred by many (unlike Passport). The scheme works well for simple single sign-on areas which are public facing. This has recently been backed by AOL and Microsoft which has lent a lot of weight to the OpenID system. However, the system only establishes a basic protocol. The Open ID site unequivocally states that it is not a trust system and doesn’t try to control spam. I would also be worried about using it in a general setting because if one site gets compromised the taint can spread across the federated system (this probably needs to be studied more). Another problem is that, since Open ID itself is rather vague about security and a number of other points, I very much envisage individual corporations coming up with their own standards (much like Javascript) which would yield a number of child-protocols perhaps not interoperable.

Microsoft is promoting the Windows CardSpace (nee Information Card and many other names). This follows the common practice of lifting paradigms from the real world into the virtual. A user can have a number of cards provided by various Identity Providers which Windows would save securely. When a website (Relying Party) wishes to establish the identity of a user, he would be presented with a secure dialog where he can choose which identity information to transmit, much like you looking into your wallet and taking out either your business card or your Driving License as required. Microsoft provides a number of cryptographic protocols which form the bedrock of secure transmission, and the initiative can not be successful without the participation of the other parties involved (one of the biggest problems due to intense competition). I am sure it would satisfy Cameron’s laws since Cameron would have been obviously involved in the development process. However, I can very easily foresee myself lifting the problems from the real world as well — what happens when my wallet gets lost (laptop stolen, or even virus infected), people cheating about credentials, Relying Parties passing information around (that could compromise the whole system!).

On the Internet itself, identity for very specific applications has been worked out to a little extent. Paypal and Google Checkout establish your identity with respect to financial transactions, and have become hugely popular. One of the oldest technologies on the internet (email) still remains the most popular means for establishing your identity in the online realm. How much progress have we really made in the last decade or two?

Considering that identity is a problem which is not well solved even in the real world completely, my guess the virtual world will only lag behind. There are a lot of new technologies, ideas and we have to wait and see which ones click. However, my humble guess would be that as Cameron himself proffers that there should be a pluralism of operators and technologies. The application and the usage scenario should be clearly delineated before starting to design any system (which is so true!) and it is easier and viable to solve specific needs (financial identity, enterprise setting). Scoping the usage always makes the problem tractable and leads to success (perhaps after a few iterations). My concern is that none of the current technologies clearly scope their work and that would be my biggest gripe.

[Another review of identity related technologies at Read Write Web. There is a conference Internet Identity Workshop as well. If you want a fleeting identity to login to sites which unnecessarily want login, you can check out Bug Me Not. Thanks to Mohit for some initial pointers.]

Follow

Get every new post delivered to your Inbox.

Join 1,843 other followers

%d bloggers like this: