I had a slightly weird encounter yesterday with Google Social Search. This is a beta product (which in Google-land doesn’t really mean anything) that shows you results from your search that are found via your “social circle.” I ran a search and noticed this new and unusual thing at the bottom of the first page of results.

At first, I thought it was amusing. Then I thought it was creepy. Then I decided it was just annoying. Let’s examine the meaning of this service by going through each of these points in turn.

Amusing: My search was a catch all for material on an academic subject. It doesn’t matter which one. School’s out but I’ve been gong to school so long, sometimes my brain just gets in that mode. I had already tried searching Google Scholar and found some interesting stuff, and a lot of other stuff that I could not afford to buy. The ridiculous price of so many scholarly and scientific publications is a pet peeve of mine (I don’t mind them making a buck. I just mind that they jack up the prices so high that published research is effectively hidden from most of the world, especially me). So since I didn’t have hundreds of dollars to shell out for a very few articles that might or might not be relevant, I decided to broaden the search and see what regular Google would bring up.

There was a lot of useless cruft, as there generally is. But at the bottom of the page I noticed my boss’s name. That seemed odd to me. His blog (http://ribbonfarm.com) is well read but I didn’t think it was that popular or that relevant to my search that it would be on the front page of the search results! So I looked at the referenced post. It was 2 years old, I had read it when it was new, and it was completely irrelevant.

Then I noticed the header that said something about my social circle. Hmmm. Yes, my boss and I have chatted using Google chat. We don’t very often, partly because our work is covered by a non-disclosure agreement, so over an uncontrolled forum like Google chat (or anybody else’s chat) there’s a limit to what we can say without violating confidentiality. So we do most of our discussions over work-based email. We don’t do them in person because we work in different states and rarely see each other but that’s neither here nor there.

We come here to the question of the definition of “social circle.” My boss is a good guy and I consider him a friend, so I don’t have a problem with him being included in my social circle (This is an important thing. We’re both highly opinionated and a bit hard headed. If we weren’t on pretty friendly terms, we’d probably kill each other). I have had bosses in the past who would make me feel exactly the opposite. I work in the IT field, where 24/7 availability is more or less the norm. That means sometimes you use non-work channels to get in touch with people. This means that Google’s definition of a social circle may contain any number of inappropriate people. What about the times I’ve emailed tech support at some company, or complained about a product? They are decidedly NOT part of my “social circle!”

On Google’s page describing the social search (http://www.google.com/support/websearch/bin/answer.py?hl=en&answer=165228) which I found after some hunting, there is a description of how to remove irrelevant stuff like that from the circle of friends so it won’t be considered in social search results. It seems to be possible to just tell Google not to use someone when doing this search, though I haven’t tried it. What this means to me is that this feature I didn’t ask for puts the onus on ME to fine tune it to avoid seeing results I don’t want. Picture me banging my head against a wall at this point. I won’t actually do it because I hate pain but come on!

Actually, after looking over the options for how to remove such things from my social circle (and the little disclaimer that says it can take weeks for them to actually disappear from your search results. Way to be responsive Google! Thanks!) I’m thinking the only real option is to not use Google. For anything. Because they cull everything you use for social connections.

This brings us to my next emotion about social search: CREEPY.

The use case they describe in their documentation is getting a movie review. They say that movie reviews from your friends will be more relevant to you than movie reviews from some unknown professional reviewer somewhere. Well, there’s a good point there. I have no respect at all for professional reviewers. The other night a friend and I were watching a movie review TV show and I remarked that when the critics use terms like, “real emotion,” “honest” and “true to life” you couldn’t pay me enough to watch whatever it is they’re reviewing. Those may be fine artistic qualities but do not, in my experience, make the product very entertaining. Unless you’re the kind of person who thinks that emptying a box of Kleenex because you’re crying so hard is a lot of fun. That’s not me.

On the other hand, I have NEVER IN MY LIFE USED GOOGLE TO FIND A MOVIE REVIEW. Are there a lot of people doing that kind of thing? Why? The world is full of movie review sites. I would expect that anyone who is interested in movie reviews is already familiar with rottentomatoes.com or similar sites. There’s no need to search for that. I’d be interested to see what numbers Google has for those types of searches. In other words, does this use case have any relationship to reality or is it just an excuse to jump on the social networking bandwagon?

Facebook, the current leader of social networking technology, has gotten into repeated trouble for taking people’s information about themselves and their friends and using it for more than just to let people share a laugh with their friends. When Google rolled out the execrable Google Buzz, they got in to similar product because users of Gmail (myself included) thought they were getting an email service and did not expect or intend to be advertising their whole lives to the world (see my post about Buzz here).

So now they’re doing it again. You search for stuff and they show you irrelevant results from people you have had some contact with in the past, no matter how slight or even hostile that contact may have been. Does Google understand that what they’re doing this way is actually CHANGING your social circle?

Just as an experiment, I signed up for a service called Gist a while back. It aggregates stuff from the contacts you supply to it and tries to rank them for importance. One of the things I noticed was that the service gauged importance by how often some of these people posted to their blog or to Twitter, not by how often they had contact with me. So people I have only very slight contact with were shown very high in the listings merely by virtue of being busy. People I’ve had contact with but hardly ever think of were ranked as important, while those I truly care about were virtually ignored.

There may be tools to fix these rankings. I don’t know or care. I’m just trying to illustrate a point that Google social search does something similar. People I may have never had much contact with in the past, because they were never more than casual contacts, could still have their stuff show up in my search results, simply because they are active in blogging or Twitter or some other such thing. And, like anything else in search, putting them on the front page gets them more clicks, thereby increasing their importance (at least as far as Google is concerned). There is also likely to be a psychological effect that the people whose stuff you click on increase in importance in your mind (There’s an opportunity for someone to do an interesting thesis here).

Google has turned and information search into a social feedback mechanism. I’m not comfortable with this at all.

True, to some extent, all social networking does this. On Facebook I have connections to people I haven’t seen in years, or have only met a couple times. On LinkedIn I have quite a few connections to people I have never met and only know by reputation. But that’s what LinkedIn is for, so it’s okay. On Facebook, my connections are intended to carry some emotional import and I appreciate the news updates, even from people I don’t know incredibly well. It’s a chance to get to know them better and I like that.

But search? When I run a search for no sql databases, or research on trusted systems, or encryption libraries or any of a billion other topics that might grab my attention for a few minutes (All of the ones I’ve mentioned are related to courses I’ve taken, or to my job, or both), having my relationships vetted and subtly influenced at the same time is NOT what I want.

Here’s another little bit that has problematic implications: “If someone you don’t know shows up in your social search results, it’s likely that they’re connected to someone you do know.” So now Google is recommending friends. It’s annoying enough when Facebook does that. No, I don’t want to connect with the lead singer of a band that my family is all connected to (unless it’s Flogging Molly). You see, most of my family is half my age and has one millionth of my knowledge of and taste in music. Leave me alone!

Which brings us to the annoying part. There are probably many people who think that having this sort of thing integrated into search results is interesting and fun. There are probably even situations where I would find it worthwhile. I can’t think of one but it’s possible. But Google didn’t ask me if that was what I wanted. I don’t see a place where I can choose “add social search to my results.” And it didn’t show up at all in a test search I ran just a minute ago. I have no idea why not. The ways of Google are not our ways. Their thoughts are not our thoughts.

If they’re thinking at all beyond the dreaded programmer’s cry, “Hey! I just thought of a cool new feature!”

The big tech story of the week is the one about Google making people mad with it’s new “Buzz” service. The most interesting aspect of this story is that everyone seems to have gotten it wrong.

Here’s the short version of the story: Google has some new social media application that makes all your email contacts into “friends” in the social networking sense and a lot of people objected to that, claiming that email contacts should be kept private, not advertised to the world as a friends list. This is stupid on so many levels – Google, their users, all the “analysts” – it’s hard to know where to start. So I’ll start at the beginning as far as I knew it.

The other morning, as I do most mornings, I brought up my gmail account and glanced to see if there was anything new. There was some kind of banner or thing about something called “Buzz.” I immediately thought “Hmm. Could this be a whack at Yahoo’s boring Buzz bookmarking service?” But no. I saw that my boss had already been there and made a comment. I also saw that to reply to his comment I had to create a “profile” that would make all of my email contacts into friends who I could then get Buzzy with, or some such thing.

I decided not to create the profile because I don’t use my gmail account for general email purposes. I have a yahoo account for that. My gmail account is mostly for poetry and other writing. I use it to communicate with the members of the Science Fiction Poetry Association, a lot of editors and a few close friends and family. It’s the kind of account – intentionally – receives the kind of joke emails that people forward all the time. In other words, while it’s a public address, I tend to use it for more private purposes.

Weirdly, Buzz shows that I have 6 followers, including 4 who do not have public profiles – which I also do not have. How do you follow someone who does not have a profile to follow? And if you don’t have a profile, how is it possible to follow someone else without a profile? What the hell is going on here?

Anyway, notice the one interesting bit here: The complaint the privacy advocates have is that this new Buzz thing is advertising information people want kept private and that Google should have given them more warning of that fact. Google did give warning – enough that I decided not to sign up for the thing (but it still tells me there’s new stuff for me to look at there, which I find truly annoying). But, apparently, a lot of people failed to notice the warning and are mad AT GOOGLE FOR THEIR OWN FAILURE TO READ.

Don’t take my word for it. Here are some links to stories about privacy concerns with Gmail Buzz:

• http://www.theregister.co.uk/2010/02/11/google_buzz_privacy/
• http://www.businessinsider.com/warning-google-buzz-has-a-huge-privacy-flaw-2010-2
• http://abh-news.com/google-buzz-privacy-issues-for-gmail-users-1126.html
• http://www.washingtonpost.com/wp-dyn/content/article/2010/02/12/AR2010021201490.html

Believe it or not, this was highly predictable. At a previous job I used to take help desk calls sometimes (It wasn’t exactly my job but it had to be done). One of the things I found amazing was how often someone would call up complaining about an error message when they tried to do something and then not know what the error message was. The conversation went something like this:

Idiot User: “Hi. I’m trying to use [name application here] and it doesn’t work.”
Me: “What do you mean it doesn’t work? Does it give you an error message?”
Idiot User: “Yeah. It does.”
Me: “What does the error message say?”
Idiot User: “I don’t know. I just clicked okay.”

Of course, it’s impossible to diagnosis a problem when the only symptom is that you clicked okay but that’s not important right now. What’s important is that it is perfectly and absolutely normal for people to look for that little “okay” button and click it WITHOUT READING ANYTHING ELSE. For Google’s Gmail Buzz and any other service anyone ever wants to create the implication of this long standing and widely known user behavior is that people will almost alays accept the defaults, even if it is not in their best interests to do so.

As Facebook has shown many times and Google has proved yet again, when people accept the defaults without even looking at them and later find out there was something about those defaults they didn’t like, THEY’LL BLAME YOU, NOT THEMSELVES. Therefore, as Facebook has had shoved in their faces over and over again, forcing users to opt in instead of allowing them to opt out, saves you a lot of bad publicity and hassle down the road.

Yes, the users messed up by not reading. Google’s even bigger mistake was expecting the users to read in the first place (btw: This is an easy mistake to make and despite having articulated the lesson here, I can not claim to be too smart to be immune from this same error. Funny, huh?)

But there’s more that Google did wrong on this one and to understand that, we need to spend a few words discussing social networking theory and practice. Most of the world was introduced to social networking by websites like MySpace, Facebook and Twitter. However, the theory of social networks is not new nor is it restricted to the Internet. The social sciences have long studied the way humans for associational networks and how information and influence travels along those networks.

Also, completely independent of social networking websites, there has long been interest in the way email can be used to learn about a person’s social network. Who do you receive the most emails from? Who do you send the most emails to? A lot can be learned about relationships by studying these things.

I was first exposed to these ideas years ago when I was testing a demo of software being sold to law enforcement as an aid to complex investigations. One of the things the software did was take phone records as input and produce a visual depiction of communication patterns. The idea was that this was how police could find out who was really running the gang they were investigating (though really it would only discover who was running the operations, rather than who was calling the shots but that’s another story). The application to email is obvious.

And this is where Google really tripped up. They have wanted to get involved in the social networking arena for some time (check out orkut.com, for example) but have never found anything that caught fire. Then some genius found out about social science research into using email to examine people’s social networks and thought, “Hey! We’ve already got all their social network info! All we have to do is start using it!”

This completely overlooked an aspect of email that comes up very often when dealing with users (yes, back in my pseudo help desk days): The expectation of privacy. The upshot is that, no matter how many times you tell people that the company reserves the right to monitor their communications, and no matter how often you explain to them that nothing on the internet is truly private, people still think of their email as being private communications. They put their most personal stuff into email, things they wouldn’t want anyone else to know about.

It’s not all just forwarded jokes. It’s stuff that gets dragged into court in cases of sexual harassment, divorce, fraud, product tampering, negligence, even murder (In an unusual twist to that with immense privacy implications, see here). Everything people would ever talk about, and anyone they would ever talk to, can be discovered in their email, including their deepest and most humiliating secrets.

Even people who don’t have humiliating secrets to hide can be very touchy about their email. Even if they only use it for work, that doesn’t mean they want the boss reading it. The flip side to privacy is trust. When someone snoops into someone else’s email, or their contacts, or their desktop files, or whatever, the person whose stuff is being snooped feels distrusted. The response is generally anger.

Contrary to the popular formulation, privacy is important to nearly everyone, not just those who have something to hide. And by exposing people’s email contacts in one huge batch, Google ran head on into this deep need for privacy. They got anger in return. This is the real story. It’s not that Google failed to display their instructions in neon with all kinds of opt in notices to force people to think about what they were doing. It’s that by touching email AT ALL, Google made people worry about who they trusted and who trusted them. Consequently, Google lost trust from some of its users.

In this particular aspect, the users are not at fault. Google made the enormous mistake of thinking of email as a resource to be leveraged. Ironically, they tried to develop a social networking feature without giving enough thought to the social context.

The really funny part about this is that they needn’t have bothered. My second thought when I first saw that there was such a thing as Gmail Buzz, was, “I already have this stuff on Facebook. I don’t need yet another social network.”

UPDATE (same day): I found a link wayyyyy down at the bottom of my gmail page that said “turn off buzz.” So I did. That’s one annoyance out of the way!

UPDATE 2 (also the same day): How did I get all the way through this post without commenting that the backlash on this issue was like Google walked into a buzzsaw?

Two unrelated things clicked in my head today as actually being related on a theoretical level. Thing one I spent some time the other day looking over the websites of some potential vendors. I’ve done this sort of thing lots of times before. As per usual, I was unimpressed by the websites themselves (which may or may not say much about the company itself). Thing two: Someone cracked the algorithm for cell phone signal encryption (really a sort of hiding) to the internet. Both these things show the conflict between the old industrial era way of doing things (let’s call it web 0.5) and the newer Twitter-ified way of doing things (web X.0). It tells us a lot about the changing generations and the growing struggles of the information age.

After that slightly pompous lead in, it’s tempting to just stop but I’ll add some detail, starting with the cell phone encryption code, which is a pretty big deal news-wise. The biggest weakness of cell phone security – and it’s a very big weakness – is that, in order to work, cells broadcast their signal in all directions at once. It’s not like the old fashioned landline phones that send their signal down a wire. In order to intercept the signal of one of those old phones, you have to tap the physical wire. In order to intercept a broadcast signal, on the other hand, you just need to be within range with the right equipment.

For a couple decades now, most cell phones have attempted to evade broadcast interception by (somewhat) randomly changing frequency multiple times during every transmission. That way it’s very hard to intercept more than a single tiny portion of the signal, hopefully too tiny a portion to make sense out of the message. The flaw in this scheme is that for the message to be received, the other end (the cell tower) must be able to follow all the frequency hops and put the complete transmission back together. So both ends need to be synchronized. True randomness is impossible.

News came out the other day that Karsten Nohl, a researcher with the A5/1 security project, has developed a way to crack that frequency hopping protection and released it to the public (See here and here and especially here or just google “GSM crack” for a horde of other sources). The first question that came up was, “Is it ethical to make dangerous information public?” This is an old debate in security circles. On one side are the people who believe that it is always wrong to make life easier for hackers, that keeping systems and methods secret is an essential part of protection. On the other side (and the side I’m on) are those who say that secrecy gives mostly the illusion of protection and that learning from failures is an essential tool to building better systems.

But there’s another, more basic, way of looking at this conflict, which brings me to the other thing I mentioned, looking at the websites of vendors. What the vendors were for is unimportant. What is important is that I found all of the websites to be visually very nice, sometimes using state of the art technology, professionally designed and almost completely devoid of useful information. I’ve done these sorts of surveys numerous times both as part of my job and through the course of formal education and there is nothing unusual about these findings.

Companies tend to design their websites as very fancy advertising brochures. They have a link for investors. They have a link to logos or names of famous clients. They have a link to information about “our team” or some such. They may have a link to their blog, though it’s not much like a real blog because it contains almost exclusively corporate cheerleading and marketing approved advertising copy. They might have a link to a twitter stream but that’s just another promotion channel to them. What they don’t have is the kind of information customers really want and that was once envisioned as being available through means like Amazon customer reviews and ratings. There’s no way to find out anything about the products, services or company that is not directly approved as part of the “corporate message.”

Ten years ago none of this would have been a big issue. Companies were considered to be riding the wave of Internet innovation if they had a website at all. The marketing brochure approach to web communication was considered a professional and effective thing to do. This is no longer true on an Internet where Facebook and Twitter are generating more traffic than every other corporate website combined. But note my criticism above of the way that blogs and twitter feeds are usually implemented. Even when they do them, they don’t do them in a way that seems to me to give people what they want: Actual communication.

If you’re one of those people who says things like, “I don’t get Twitter. Who cares what you’re about to have for lunch?” You may have a future in corporate communications – if there is such a future to be had. Because what ties together the current state of corporate websites AND the hacking of 20 year old cell phone code AND the debate over disclosure vs secrecy is the thing that seems to me to separate a successful Internet presence today  from the methods and even personalities of the last century:

The old way emphasizes control. Control of the message. Control of presentation. Control of the program code and the way people interact with the product and the other people. The new way demands giving up a large measure of control in favor of more fluid and fluidly evolving communication.

I highlighted that point because I believe it is key to success on the Internet as it is developing and is something even very large companies need to understand and cope with over the coming years. Probably because of the presence of the Internet in their lives, younger people seem to be much more likely to take the less control is better side of most issues (we’re talking about technology and interacting with others and with companies, here, not about politics). This has profound implications for the future, both near term and long term.

It means, I believe, that attempts to maintain complete control over the corporate message or even over source code of products are, over time, going to become harder to do (there will be leaks and hacks) and more repugnant to the public. As the older generations (ie: mine) grow old, retire, die, the people who will become the prime consumers and decision makers, will have lived most of their lives under the assumption that the old levels of control are both impossible and undesirable. Sure, as they age, they will want more control. But they will be aiming at a lower bar than previous generations. Someone who grew up with twitter will never have the same view of communications (corporate or otherwise) as people who used to buy newspapers printed on physical paper.

I mentioned newspapers for a reason. I believe the failure to understand the loss of control is one of the central problems the newspaper industry has right now. I don’t know the answer yet but, hopefully, I’ve framed the problem in a way that will help people work on that.

Arguably the biggest buzzword in computing today is “cloud computing.” Other candidates include “real time web,” “social computing” and (my favorite) “monetization.” Briefly, cloud computing means deploying internet based applications and services in a way that abstracts hardware needs out so that dependence on any particular server is limited and adding more servers (or virtual servers) makes scaling relatively easy. The example of cloud computing I am personally most familiar with is Amazon Electronic Compute Cloud which hosts the web site I have been developing at my job (Trailmeme). There are numerous others.

A recent study reported at Dark Reading claims that adoption of cloud computing is being hampered by concerns about security. I think this at least somewhat misleading.

The article gives two numbers related to this. First, almost exactly half of companies are not using the cloud and do not plan to at this time. The second number is that half of those mention security as one of their reasons for not rushing to adopt cloud computing. The conclusion of the article is that security is a major concern in cloud computing. I wish this were true but I don’t believe it.

The obvious problem with this is the math. One half of one half means that only one quarter (0.25 or 25% for those who went to public school) considered security a significant point against cloud computing.  But it goes deeper than the math. When most people think of security in the cloud what do they think of? What do they think of when they consider security at all?

Security professionals may be able to describe specific concerns such as side channel attacks on shared hosts in Amazon’s virtualization structure (see article here. Later news indicated the vulnerability had been fixed. See here) or denial of service attacks on the infrastructure itself. There may also be questions about how targeted services such as Microsoft SQL Azure are locked down against hacking (That’s one I have wondered about but haven’t had time to examine in depth). They may also worry about backups and disaster recovery. This is a legitimate concern when storing anything on someone else’s servers.

Information technology professionals who are not security specialists probably also have many of the same questions, if they have time to explore them. In my experience, those in IT often find themselves wishing they could devote more time and energy to security but unless management is willing to reduce the priority of some project, security gets a “patch and pray” approach more often than not.  Management claims to value security but rarely understands it deeply enough to know how to factor it in to their estimates of time and resources required (notice how kind I’mbeing here. I haven’t called anyone an idiot in this entire post, so far! But from what I’ve seen of the corporate world, the management attitude towards security is usually something like this).

Anyway, I have many questions about what people mean when they say that security is a reason for not using cloud computing. Do they mean it’s the most important reason? Or is it just one reason of several? Do they mean they heard that the cloud isn’t safe and they’re afraid? Do they mean that they are perfectly satisfied with their current security and don’t want to have to set up a new system (that should be an important one)?

Security should be an important consideration when choosing a technical platform. Maybe the conclusion of the article is backwards, in that case. Maybe instead of lamenting that too many people are worrying about the security of cloud computing, maybe they should worry that not enough are worrying about it. Either way, I’m not convinced people are worrying about the right things, even if they say they are worried about security.

At the beginning of the movie The Longest Day, the Germans have broken an important code the Allies use to communicate with the French Resistance. At least they think they have. They believe that when a line from a particular poem is read on the radio, it will be the signal that the invasion of France (D-Day) is imminent. They don’t know what the French resistance fighters are supposed to do about it, where it will happen or much of anything else, but they will at least know the time with possibly as much as several hours of warning.

It’s possible that the message carries information about specific assignments or even where to find further instructions. The movie (one of those rare masterpieces, by the way, that may be more interesting just to listen to, than to watch) does not go into detail about the communications network that put these codes in place, or the people who were imprisoned, tortured or murdered by the Gestapo to find ways to weld the scattered cells into a guerilla army that could be set in motion so well at the required time.

That brief scene, though, and others, such as the one where resistance members hear the coded signal, should help teach us something that’s been missing from the commentary about the really interesting role of Twitter in the protests in Iran this week. That lesson is that spontaneous revolutions are not just uncommon, they are almost impossible in a modern police state.

The short version of what’s happening: There was an election in Iran that many people viewed as rigged. Rather than accept the result, supporters of the main opposition candidate protested. There have been huge rallies in the streets around Iran for days now. There have also been reports of the government shooting at protesters, beating them up, dragging them (or people suspected of supporting them) out of their homes (or their dorms, in many cases). There was even one report of an official killed in a “suspicious car accident“, the implication being that he was unofficially murdered by the government.

Meanwhile, Twitter has emerged as an important source of news from inside Iran with activity sometimes hitting the level of thousands of Tweets per minute. As of this writing (Saturday afternoon, June 20, 2009) the #iranelection tag is still the number one trending topic on Twitter. A glance at the Internet/Twitter aspect of the situation:

• Some information on Twitter has come from inside Iran. Some has been in support, some against, some real, some false.
• At one point there were many Tweets and re-tweets about how to contribute to distributed denial of service and other attacks on government sites in Iran (See here and here).
• The Iranian government has tried to block access to Twitter and similarly subversive sites, but that actually began before the election. See for example here.
• Twitter delayed scheduled maintenance so as not to interfere with the Internet arm of these election protests. Reportedly, this was at a request from inside the U.S. State Department.

One other notable response to the huge Internet presence of the Iranian protests was Facebook’s very fast rollout of a Farsi language version of its service. This could be seen as a sincere attempt to give the protesters a platform that can help them organize and communicate. It could also be a very cynical attempt to exploit the situation for growth, or merely a realization that a previously overlooked market is bigger than previously thought. Personally, I think it’s a mixture of all of the above.

This brings us to the point where I point out that almost all of the analysis I’ve seen of Twitter and the Iranian election protests has been wrong (Except for this excellent piece here). We may or may not be witnessing a real revolution in Iran. If the government succeeds in putting down the unrest, the resentments that fostered it will not disappear, they will go underground. That’s the way totalitarian governments like it. They believe that the majority of people just sort of follow the herd and if the only herd that’s not in prison is run by the government, that’s the one they’ll follow.

Where the discussions of the Internet’s role in general and Twitter’s in particular go wrong is in acting as if the volume of traffic is an indicator of its importance. It is not. It’s an indicator of passion. Twitter can help organize protests by broadcasting their timing and location to anyone who has a phone or a web browser. That “everyone” includes the government and the counter-protesters as well. This is a crucial point: It’s much less demanding technically to run a search on Twitter to find out where to send the goons to greet the next big protest than to tap the phones of a few thousand known dissenters and follow them.

Likewise, if you want to infiltrate a revolution, setting up a Facebook page or a Twitter profile loaded with false subversive messages to establish credibility is much easier than spending months or years living a fake life, trying to finagle an introduction to a friend of a friend of a friend who might be involved in the resistance (or might also turn out to be working for the Secret Police). Some of the old KGB informers must be turning green in their graves (pun not intended) with envy at the ease of it all.

This is the point I was trying to make with the reference to The Longest Day, above: That real revolutions tend to take years of quiet and hideously dangerous organization to build. They don’t happen because a bunch of people on Twitter all say, “I don’t like this government. Let’s overthrow it!” In a country like Iran, someone who puts up a message like that runs the risk of a severe beating, imprisonment or death if the government comes to believe they mean it.

That’s why the resistance in The Longest Day (and even in real life!) consisted of small groups of people who did not know each other or even respond to the same codes. When the government tortures someone into betraying the revolution, if they only know 3 other people who are involved, that’s all the people the revolution will lose. If they have a hundred thousand Twitter followers, the potential loss is much greater. And the government will quickly figure out that it doesn’t have to kill all 100,000 of that person’s Twitter followers. It only has to kill the ones of those who have the most followers. The top of the food chain is easy to find when easily available software can graph an online social network in a few moments. See for example Twitter Friends.

My guess is, therefore, that if Iran has any smart people who really want a revolution, those people aren’t using Twitter or Facebook to draw attention to themselves. Popular unrest can be a powerful force. So, unfortunately, is the stubbornness of a violent and autocratic government. It’s possible that the current unrest will gain some concessions from the government. It’s very unlikely the government will fall (though I wouldn’t rule it out). Twitter and the Internet in general help give the people a voice to raise up against oppression and that’s important. But it’s not a revolution and can even get in the way of one. Think about that.

Update  6/27/2009

It seems others are beginning to understand the double-edged nature of the sword of Internet-enabled revolution. Via Slashdot, we find a Wall Street Journal story about high tech used to fight the revolution (read it here. It’s interesting) and a Slate.com article describing ways the government of Iran is using Internet technology to break up the protests and identify protesters (here).

Nice to see the media starting to catch on, finally.

I read a few articles this week about the 60th anniversary of the George Orwell novel 1984 (including this interesting one at National Review Online) and one thing that struck me is that very few literary works get reviewed 60 years after their publication. Even fewer good ones get reviewed/taught/discussed 60 years later. Everybody knows at least a little about 1984, even those of us who have not yet read it (In school, I was in the class that was assigned Animal Farm instead. Interesting book. Hated the pigs).

But this is not a review of 1984. That would be silly since I just admitted I haven’t read it! But it seems I should. Traditionally, reading has been seen as a way of passing on culture – not the kind of culture that causes people to donate money to the opera or spend time at museums but the kind that shapes the way people think. That’s why an old fashioned Classical Education valued Socrates and Thomas Aquinas among others. Agree with them or not, these were smart people and excellent teachers.

Well, that’s the official story, anyway.

It’s interesting that the list of important books for a Classical-like education now includes 1984, a book that has infiltrated popular culture with phrases and ideas about the awfulness of a huge, all-controlling government, without actually doing much to discourage the growth of such governments. Don’t believe me? Use Google or whatever resource you want and try to develop a comprehensive database of government operated databases. Don’t forget to include notes about laws allowing or even requiring these to exist as well as the sources of information (such as intercepted emails, credit reports and public records such as court filings) that go into them.

Maybe, instead of discouraging those things, 1984 provided the inspiration. It has certainly inspired plenty of books and movies along similar themes. Arguably, the entire sub-genre of dystopian science fiction started with 1984. Personally, I always found that good science fiction taught more about people and society than the majority of the so-called classics I read in school. I preferred Asimov to Hemingway, Heinlein to Homer. (ANYONE to Homer, really, though a couple of the movie adaptations were somewhat enjoyable). Few English teachers sympathized with this view.

Maybe it’s different today. That’s something that would be interesting to hear: Are there more science fiction books infiltrating the things considered classics? Probably Fahrenheit 451. That’s the only one I can think of but I’m a student of computers and security, not literature (though I’ve also had some short stories and poems published – mostly fantasy stories and science fiction poems, believe it or not). In a world where Twitter is the new literature (see below) and cars and TV sets contain computer chips, there may one day soon be practical value as well as intellectual in science fiction classics about a robot uprising, or first contact.

Now if someone could feed 1984, or even some of the more traditional classics, into the 140 character chunks of a Twitter stream, maybe I would get around to reading it sooner.

Random sources of Twitter Literature (some of it surprisingly good, though no classics yet):

• Thaumatrope — I should mention this one has bought 2 of my pieces, one of which appeared on Christmas Eve last year.
  
• VeryShortStory
• Outshine
• nanoism

A doctoral candidate in Virginia developed a highly accurate (as far as we can tell) and probably one of a kind map of North Korea (Wall Street Journal article here). This may become important in light of other developments, including North Korea’s announcement of having done a second, successful underground test of an atomic bomb (see AP story here).

Earlier this year, researchers for the Open Security Foundation used seemingly unrelated newspaper articles to learn details of the Heartland Systems data breach, one of the biggest data hacking incidents yet known (Wired story here), before the breach was made public.

Both of these items reminded me of an old story about one of the first people to study serial murder. This was a detective (whose name I should be able to remember but can’t just now. Sorry!) who began studying newspapers from all over California in order to find similar murders that were not thought to be linked, as likely as not because they were in different jurisdictions so that the investigators involved did not even know about them. He discovered quite a few links no one else had noticed this way.

This sort of research to link up scattered, seemingly unrelated information is called open source intelligence gathering and we may not be far from the time when you can get a degree in it and (hopefully) lots of high-paying jobs. The term should not be confused with open source software or artificial intelligence. This intelligence is the kind that concerns intelligence agencies like the CIA. And the open just means not hidden.

Wikipedia defines open source intel as a “form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence. In the Intelligence Community (IC), the term “open” refers to overt, publicly available sources (as opposed to covert or classified sources); it is not related to open-source software or public intelligence” (Open Source Intelligence). Or, more understandably: OSI is the art of finding things out that are not explicitly published, without spies or wiretaps or other such arcane and often illegal methods. It’s taking bits and pieces of information that are publicly available and combining them to discover something more interesting, something that might be non obvious or even secret. This is a form of data mining that the Internet has made much much easier than it used to be, though that is only part of the equation.

The interesting thing is that not only does the internet make it easier to access open sources (see for example how mandatory legal disclosures are more and more moving online, bypassing those impossible to read little newspaper pages where they’ve been for decades here), it also makes it easier to get distributed teams of people working on a problem, purely for the love of probing a mystery or solving a problem.

In the first example above, Curtis Melvin collates information provided by people from all over the world (sometimes known to him, sometimes anonymous), checks what he can and has used that information and Google Earth to make what may be the most accurate map of North Korea in existence. Agencies like the CIA may have more accurate ones but it seems at least possible that, if they do, it’s because they built on his work. There just aren’t enough people who’ve been to North Korea (and come back) for the pool of those really knowledgeable to be all that big.

This goes beyond concepts like Web Mining (which is similar but limited to web pages) and Crowd Sourcing (which is generally thought of more in a business context, though it doesn’t have to be) to create new information that certain people (Kim Jong who?) might prefer stayed hidden. Sometimes this is attributed to the power of the Internet but don’t forget the drive, curiosity and ingenuity of the people doing the work.

I think we’re at the beginning of seeing what this sort of distributed mania can do with all the info that’s shimmering out there in the matr in the Internet.

If I were a sneakier sort of person, I would say that what Melvin has built is the beginnings of a good escape map.

See what open source intel can do?

So there’s a story going around that Time Warner Roadrunner is proposing instituting tiered service in Rochester, NY. The levels would start at $29.95/month for up to 5 GB of data transfer and go up to $54.90/month for 40GB of data. There would also be fees for going over your monthly allotment. More details here and here.

This would directly affect me, so I’m not exactly an unbiased observer. But in an unbiased way, my first thought on seeing this structure was, “Between YouTube, Facebook and online Mah Jong or what have you, who on Earth actually uses a lousy 5 gig?” It may sound like a lot to people who don’t know any better but take it from an old – professional – Computer geek. That one is a red herring. They don’t even mean it seriously.  Ignore it (except possibly to be offended by the mendacity of a company that pretends to be offering a low price option that, in effect, no one can use).

My second thought was that there is no need for tiered service. The infrastructure is there, in place. When a particular user downloads some huge file, there is no one in a control center yelling, “Scotty! We need more power! Hurry or she’s gonna blow!” There is no danger that the pipes are going to burst because there are too many electrons going through them. The system works just as well at a user’s first gigabyte downloaded as their hundredth. Tiered usage is a bookkeeping device, completely unrelated to the stresses and strains on the system.

As I said, this will directly affect me and I’m not happy about it. I work from home more often than not. And I take online classes. I can use a half gig (500 mb, 0.5 gb) in a day without even trying. I can do that without downloading any Linux ISOs or software, or using Internet phone (skype – I’ve thought about it but haven’t tried it yet) or viewing YouTube videos or other streaming media, believe it or not. I know this because I have a bandwidth meter installed on my main computer. I’m just that kind of guy. People who use streaming media are likely to use much more.  And pay more. This is starting to sound like a bad thing, especially in a recession.

Being a writer and blogger, it follows that I believe in making my voice heard about things. So I went to the TW web site and sent them an email expressing my thoughts about this thinly disguised rate hike:

There’s a story in the news that Rochester Time Warner Roadrunner is going to introduce a tiered pricing scheme with charges for use over certain amounts. This is a truly sleazy grab for money without actually doing anything to earn it. Rather than improving infrastructure or making some effort to provide value for customers, TW simply proposes to punish them for using already existing service.

It is especially interesting that such a blatant example of corporate greed would be introduced so soon after congress and the administration created a media firestorm over the greed of bank executives taking huge bonuses. Is TW TRYING to provoke increased regulation? Perhaps I’ll write my representatives, or the NY Attorney General and ask for their opinions.

This action is not only anti-customer, it’s stupid.

Do yourselves a favor. Forget the whole tiered pricing idea.

The regulatory aspect is interesting. President Obama has expressed interest in bringing broadband Internet access to all Americans. Congress has held hearings on the subject. There has been an ongoing debate over Internet regulation for a number of years. Raising rates in such a ham-handed way at such a bad time for the economy and at a time when government seems predisposed toward more regulation seems … what’s the word? Idiotic? Imbecilic? Self-destructive?

Moronic. Also annoying. And potentially really expensive.

It occurs to me that cell phone companies have been fighting this same fight – and losing – for a long time. If they weren’t losing, they wouldn’t have started offering plans with features like free nights and weekends, rollover minutes and free family calling. Is that the direction Time Warner really wants to go, continually introducing new rate plans in order to fend off growing customer rage? That just doesn’t sound like a smart business plan to me.

Here are some links to protest sites:

• stopTWC!
• Time Warner Cable Road Runner Bandwidth Cap
• Kiss my ass, Time Warner
• Facebook boycott TW group
• Road Runner Is For The Birds: Time to Fly Away! (Rochester Edition)

For the record, it’s not the increase in prices I object to, though I’m never happy to pay more. It’s the increase in prices with no commensurate improvement in service (And I haven’t even gone in to any of the horror stories about my experiences with Roadrunner customer service!). It’s the being taken advantage of that I object to.

In general, I’m opposed to government interfering in the private sector. They cause credit crunches and disastrous housing bubbles and recessions and things. But if the government comes down on Time Warner for this blatant abuse of its customers, even while opposing the regulation, I’ll find watching TW squirm hilarious.

Thanks to my job at Xerox, I had the fun and interesting experience the other day of answering some questions emailed to me by Amanda Morin, half of the Ruby team at About.com. This is new stuff to me. Some of the questions made me feel like I was doing a midterm in grad school! But the end result is not too bad, though she (probably wisely) cut my comment about scaling Java in comparison to Ruby (anyone who knows me, knows I’m other than a fan of Java).

The basic questions were about Ruby and about Cloud Computing. What do you know but 2 days after answering all those questions, I run across an article that states the obvious but little thought of idea that cloud computing may be a new thing for business but it’s old news for cyber criminals. What do you think a botnet is but a resource cloud? Wish I had seen it before! Oh well, check out the article Botnets and illicit file swapping: the original “cloud computing” and an older take at Cloud Computing: Invented By Criminals, Secured By ???

In addition to interviewing me, Amanda interviewed Hampton Catlin, who (unlike me) really knows what he’s talking about. There’s a series of articles on the subject. Go see the articles. Learn something and make it look like someone out there has an interest in what I have to say (It’s okay to pretend).

Interviews with me

• Cloud Computing and Ruby: Interviewing Dave Vandervort
• What is Cloud Computing? Interviewing Dave Vandervort of Xerox Innovation Group

Other bits of the series (also interesting, though not as much):

• What is Cloud Computing
• Cloud Computing and Ruby: Interviewing Hampton Catlin

updates

3/25/2009: Fixed bad link on “What is Cloud Computing” That was mistakenly pointing to the Hampton Catlin interview.

We commonly refer to computer programs that spread and cause trouble in terms of diseases; we call them viruses and we say that a computer that has one is infected. Lots of things spread, though. Butter. Ideas. Economic downturns. Clouds of nerve gas. But there are a more limited number of things that spread between people.

Twitter had a problem today. Not just today but that’s when it seemed to come to a head. (If you don’t know Twitter, all you need to know is that

Twitter without Don't Click

people send very short messages that will be seen by their friends who “follow” their posts, or by anyone who looks at the stream of all posts. More on Wikipedia at http://en.wikipedia.org/wiki/Twitter). This was both hilarious and disturbing. Hopefully that’s not a comment on life, the Internet, or Twitter itself.

What happened was that Twitter was hit by a piece of program code that used a simple social engineering trick to fool people into activating it, so it could reproduce. It showed a link that said “Don’t click this link.” Of course people did click the link, allowing the code to insert itself into their feed, where all their followers would see it – and passive-aggressively do what they knew they shouldn’t and replicate the link still farther.

Fortunately, there were no horrible consequences to this little game. It seems to have caused some extra traffic on Twitter (maybe a lot of extra traffic) and the good folks behind Twitter say they’ve now blocked it (see http://blog.twitter.com/2009/02/clickjacking-blocked.html. More information on ReadWriteWeb at http://www.readwriteweb.com/archives/dont_click_no_really_dont_even.php).

There has been a less mischievious but also less funny thing spreading on Facebook lately, too (no, I’m not going to define Facebook too. If I have to stop and define everything, how long will it be before I wear out my parentheses?). It’s called 25 things. People post a note telling 25 things about themselves, then tag (as in “tag, you’re it!) 25 of their friends who are then supposed to do the same thing. Basically, it’s a chain letter (For the record, I don’t participate in chain letters. Ever).

Interestingly, though, a recent article in Slate (http://www.slate.com/id/2211068) described it as something else and actually tried to gather data on how it spread. The something else it was called, was a “meme.” A meme is basically an idea, usually one embedded in the culture, or skating across the top of one as in, “Where’s the beef?” Or, “We’re gonna need a bigger metaphor.” (Paraphrasing. Try Googling “Big shark” if you can’t place it.)

Unlike Twitter’s Don’t Click, 25 Things did not suddenly appear in its final form. It went through several phases, starting out as “16 random things about me” and morphing through several other forms over a period of several months before it finally caught fire. The Slate article includes an interesting graph that shows almost no instances of 25 Things for a couple months. Then, at the end of January, there is an enormous spike, which rapidly died off. One of the reasons for a die-off like that is saturation. Once you’ve already been hit something like 25 Things, you don’t care if someone tags you again. You’ve already paid your dues. The same is mostly true for Don’t Click. It’s not really very entertaining. Once you’ve clicked it, you know that clicking it again will not be particularly interesting.

In the Slate article, the changes in 25 things were likened to evolution and to the progress of disease. Both of these are weak, though the disease comparison is somewhat interesting, especially in light of Twitter’s infection today. A study published in the Lancet not too long ago (Emerging infections: a perpetual challenge) discussed how the progress of emerging diseases has remained remarkably similar for thousands of year. The authors studied historical records of the plague that decimated Athens in the 4th century BC, the Black Plague that pruned the population of Europe, Asia and possibly Africa in the 14th century, the Yellow Fever epidemic in the U.S. in the 18th century and several more.

They found a remarkably stable set of factors that contributed to the way these horribly destructive diseases spread. Those factors included travel, especially for trade. War and famine were also important factors as was, somewhat surprisingly, the weather. They also found that the lack of the will among public officials to enact really effective containment measures was significant, as was the way existing public health facilities, if any, were sometimes overwhelmed by the sheer number of victims.

Most of these factors have allegories on the Internet (except maybe the weather). But do they have any resemblance to the spread of ideas? 25 Things is an idea. It depends on people wanting to share with others. Don’t Click is the opposite. It insinuates itself into the system by way of trickery. If they are diseases, then 25 Things is like an STD while Don’t Click is more of a common cold.

I’m not sure what that would make, say, democracy. A major skin rash? One that people are willing to die for, though. While some other people will do almost anything to prevent it or undermine it. Maybe the disease thing only applies to little ideas. Open Source software is another idea that doesn’t quite fit the disease model. These ideas are more like animals, like an invading species that gets a toe hold in one small part of an ecosystem and spreads out from there.

The idea of reaching a great tipping point, or growth spike, has more to do with the increased population than with transitory infection. The big difference is that an infection can be cured but a macro-scale population of creatures will generally continue to grow. Right up until a big meteor hits and wipes out all life on the planet. That part is no fun at all.