i-eclectica.org

After three years of research and development on a distributed storage system, Dominik Grolimund and his collaborators are ready to unveil the result: Wuala. Wuala is a new way of storing, sharing, and publishing files on the internet. Unlike traditional online storage systems, Wuala is decentralised and can harness idle resources of participating computers to build a large, secure, and reliable online storage. This enables its users to trade parts of their local storage for online storage and it allows us to provide a better service for free. In this Google Tech Talk, Grolimund explains what Wuala is and how it works; he also also show a demo of the application. Be warned though - it really is a tech talk … most of the maths and concept details went right over my head. Nevertheless: I think the video gives a good overall understanding, even for a non-geek like me .

For some strange reason it seems to be difficult lately to sometimes play YouTube videos on this site; if you get an error message saying that “this video is no longer available”, click here to go directly to the YouTube website where - it is available. Very annoying bug …

[via Dare Obasanjo aka Carnage4Life] - Facebook just sucks!

Facebook Beacon is Unfixable

Earlier this week I wrote a blog post which pointed out that the two major privacy and user experience problems with Facebook Beacon where that it (i) linked a user’s Facebook account with an account on another site without the users permission and (ii) there was no way for a user to completely opt out of being tracked by the system. Since then Facebook has announced some changes which TechCrunch named Facebook Beacon 2.0. The changes are excerpted below

Notification

Facebook users will see a notification in the lower right corner of the screen after transacting with a Beacon Affiliate. Options include “No Thanks” that will immediately stop the transaction from being published. Alternatively closing or ignoring the warning won’t immediately publish the story, but it will be put in a queue

Second Warning

Presuming you’ve ignored or closed the first notification, Facebook warns users again the next time they visit their home page. A new box reminds you that an activity has been sent to Facebook. Like the first notification you can choose to not publish the activity by hitting remove, or you can choose to publish it by hitting ok.

…

Opt Out
Found via the “External Websites” section of the Facebook Privacy page, this allows users to permanently opt in or out of Beacon notifications, or if you’re not sure be notified. The downside is that there is no global option to opt out of every Beacon affiliated program; it has to be set per program. Better this than nothing I suppose.

The interesting thing to note is that neither of the significant problems with Beacon have been fixed. After the changes were announced there was a post on the CA Security Advisory blog titled Facebook’s Misrepresentation of Beacon’s Threat to Privacy: Tracking users who opt out or are not logged in which pointed out that the complaining about purchase history getting into the news feed of your friends is a red herring, the real problem is that once a site signs up as a Facebook affiliate they begin to share every significant action you take on the site with Facebook without your permission.

Which is worse, your friends knowing that you rented Prison Girls or Facebook finding that out without your permission and sharing that with their business partners, without your permission? Aren’t there laws against this kind of invasion of privacy? I guess there are (see 18 U.S.C. § 2710)

I wonder who’ll be first to sue Facebook and Blockbuster?

Anyway, back to the title of this blog post. The problem with Facebook Beacon is that it is designed in a way that makes it easy for Facebook Beacon affiliates to integrate into their sites at the cost of user’s privacy. From Jay Goldman’s excellent post where he Deconstructed the Facebook Beacon Javascript we learn

Beacon from 10,000 Feet

That basically wraps up our tour of how Beacon does what it does. It’s a fairly long explanation, so here’s a quick summary:

1. The partner site page includes the beacon.js file, sets a <meta> tag with a name, and then calls Facebook.publish_action.
2. Facebook.publish_action builds a query_params object and then passes it to Facebook._send_request.
3. Facebook._send_request dynamically generates an <iframe>which loads the URL http://www.facebook.com/beacon/auth_iframe.php and passes the query_params. At this point, Facebook now knows about the news feed item whether you choose to publish it or not.

When you read this you realize just how insidious the problem actually is. Facebook isn’t simply learning about every action taken by Facebook users on affiliate sites, it is learning about every action taken by every user of these affiliate sites regardless of whether they are Facebook users or not.

At first I assumed that the affiliates sites would call some sort of IsFacebookUser() API and then decide whether to send the action or not. Of course, this is still broken since the affiliate site has told Facebook that you are a user of the site, and depending on the return value of the hypothetical function the affiliate in turn learns that you are a Facebook user.

But no, it is actually worse than that. The affiliate sites are pretty much dumping their entire customer database into Facebook’s lap, FOR FREE and without their customers permission. What. The. Fuck.

The icing on the cake is the following excerpt from the Facebook Beacon page

Stories of a user’s engagement with your site may be displayed in his or her profile and in News Feed. These stories will act as a word-of-mouth promotion for your business and may be seen by friends who are also likely to be interested in your product. You can increase the number of friends who see these stories with Facebook Social Ads.

So after giving Facebook millions of dollars in customer intelligence for free in exchange for spamming their users, Facebook doesn’t even guarantee their affiliates that the spam will even get sent. Instead these sites have to pay Facebook to “increase the chances” that they get some return for the free customer intelligence they just gave Facebook.

This reminds me of the story of Tom Sawyer tricking people into paying him to paint a fence he was supposed to paint as part of his chores.

At the end of the day, Facebook can’t fix the privacy problems I mentioned in my previous post in a way that completely preserves their users privacy without completely changing the design and implementation of Facebook Beacon. Until then, we’ll likely see more misdirection, more red herrings and more violations of user privacy to make a quick buck.

This is kind of a milestone in web 2.0 development. Webware today reported that the first PC with Firefox and Skype burnt into ROM is available. The browser (a slimmed down version of Firefox) is part of the ASUS new P5E3 Deluxe/WiFi-AP, and it is part of an embedded version of Linux. The ideas is great if you’re running primarily web 2.0 applications, like Zoho, GoogleDocs or Meebo - it just takes 15 seconds to boot and your on the net. The system is also very secure because there is no hard drive access involved. (Booting into Windows is possible if people want to install it on a hard drive).

Drawbacks: it’s still too expensive because it is built into a high end motherboard (US$ 350), which also means that it’ll end up in top-end machines that will consume a lot of power. Furthermore, the particular Firefox version, while being equipped with a Flash plugin, does not allow the adding on of otrher extensions or plugins - which is a total pain. It seems though that the company providing Linux and Firefox (DeviceVM) is realising the limitations of the marriage between it’s OS and the P5E3 Deluxe. It plans to extend the availability of the embedded OS/browser to laptops (where it really belongs), with the current release projection being the first quarter of 2008 - which makes me think whether buying an Apple is really a good choice .

The company is also adding more features to its pre-boot OS. In addition to Firefox and Skype, future revisions will get DVD and CD players, the Pidgin IM client, and the capability to play media files from the host machine’s hard drive. To save electricity, a future revision of the P5E3 product will enable the Asus motherboard to drop into its lowest power mode when running the browser. (And even that is probably overkill for the lightweight OS.)

[go to Webware to read the full article]

The video below shows how the embedded OS will run on a laptop with a DeviceVM/Splashtop desktop.

In “Taking the ‘Inter’ out of Internet: TiVo-Rhapsody deal just another nail in the Internet’s coffin?“, David Berlind looks at current trends that move away from on of the founding principles of the Internet: interoperability of network protocols. While we have web 2.0 or mashups that make net use more versatile, we also have companies like eBay or TiVo/Real Networks excluding competitors from participating in data exchange based on their protocol versions. David is concerned that net users in future will have to make more and more choice decisions, like using Skype and/or gTalk or interacting on marketplaces based on eBay and/or CheckOut protocols. I’m afraid he’s right - protecting profit margins and shareholder value will continue to be more important than consumer/customer convenience and ease-of-use. His vision of many Internets rather than just one is quite real.

TechRepublic published an informative article on the upcoming battle between WiMAX and 3G. The article ways up the pros and cons of both technologies, reserving its judgment though in the end. It nevertheless is a good introduction into the next great technology battle.

—————-
Now playing: Múm - Dancing Behind My Eyelids
via FoxyTunes