Sunday, January 6, 2013

Who Really Owns Your Phone?

I was working on some text about interoperability on the web, and found myself getting up in arms about how far we've strayed from the initial ideals of the internet.  The web was founded on principles of open, democratic access.  Any computer could put up a website; given an internet service provider, any user could connect to it.

There has been a trend towards closed platforms controlled by a single company, the most popular being Apple's App Store.  These walled gardens offer many benefits -- users can (usually) trust the applications they install, there's one place to go to look for apps, and developers have a centralized place to focus on promotion.  Overall app stores greatly simplify the mobile app experience.

But of course, they have their downsides.  Namely, they are sucking away our freedom and rights to run whatever code we want on our devices.  Developers are subject to arbitrary rejections -- Omar said that a friend's app was recently rejected for being too "avant garde", whatever that means -- which keeps them out of the primary distribution channel, and not available to users at all.

So, just avoid the app store, right?  Not so easy.  The debate over HTML5 websites vs. native apps on mobile is an excellent example of this. HTML5 offers platform independence, ease of updating code, and freedom from app store censorship. Native means the app will be faster, work offline, and have more access to phone hardware.  Which app is going to be more pleasant for the user?

What really frightens me, and makes me feel incredibly hypocritical for writing this on a MacBook Air, is the thought that Apple might make this the dominant model for desktop apps, too.  They are already sort of trying with the App Store on OSX.  I definitely don't want an Apple approval process coming between my laptop and what code I can run.  To be fair, it's a bit worrisome that Google is trying to move to a world where I don't have any access to my hardware except through a (Google-controlled) web browser.

Downloading, compiling, and running arbitrary code is not just for hackers.  The ability to do this is vital for encouraging competition and giving users choice.

Similarly on the web, there's a movement to closed sites that hold our data hostage.  And even though they might offer ways to download our data in a lump, they don't offer easy connections to share and move data between services.  The worst is when they arbitrarily decide to treat services differently and promote or debilitate one over another; see the Instagram/Twitter fiasco.  More and more user creation is moving behind these walls, making it inaccessible to third party applications.  This stifles innovation -- we have to wait for a single company to decide to build and push out features, instead of farming out this work to the wide world of developers, and seeing what sticks.

Unfortunately I don't have any answers, just questions:

What kind of technology can we build that encourages and promotes interoperability in this new world? 

How do we solve the issues of safety and curation if we don't use app store walled gardens?  

What kind of understanding do users have about their choices, and how do we encourage them to make ones that are in their best long term interests?


  1. An interesting read, thanks! It reminds me Stallman's criticism for the cloud computing (

  2. I think that Google's developer switch is the most reasonable approach so far.

    Last time I read the ChromeOS docs, the spec mandates the presence of a developer switch on every ChromeOS machine. So far, it seems they're keeping their word on this:

    Speaking of being scared, have you seen that Microsoft is also mandating a Windows lock-in for Windows RT (ARM devices)?

  3. Victor I didn't know about the developer switch, thanks! It's good that people who know how can mess around with their hardware, but since it works like this:

    "The first time a Chrome Notebook boots in Developer Mode after leaving Normal Mode it will:
    * Show a scary warning that its software cannot be trusted, since verified boot is disabled (press Ctrl-D or wait 30 seconds to dismiss).
    * Erase all personal data on the "stateful partition" (i.e., user accounts and settings - no worries, though, since all data is in the cloud!).
    * Make you wait between 5 and 10 minutes to while it erases the data.
    * Boot from any self-signed image on its SSD, negating the security of verified boot."

    I don't think it's going to help with regular users being able to install programs that use their hardware more directly :(

  4. Stallman is kind of extreme! I think cloud computing is mostly great (though I hate the word "cloud").

  5. Yep, that's still how it works.

    What are you envisioning with regard to "use their hardware more directly"? There's NaCl (as you know :-P), WebGL, WebRTC, etc.

  6. Hi Dan! I think I'm speaking in more general/futurist terms. I'd hate to see a world where the only way for people to run programs is through a browser, specifically one controlled by one company.

    It's totally viable as one option among many (which it is right now, and a good one!). Though I would worry if it becomes predominant.

    Your question is really interesting. I wonder how rich the browser API would need to be so that, as an example, even if Company X decided Company Y's app sucked they couldn't do anything to keep users from installing it, and Company Y had enough default access to provide an interesting application.

    Like, users should always be able to change their MAC address, if they want, or run Tor, or share their internet connection.

  7. The worst is when they arbitrarily decide to treat services differently
    and promote or debilitate one over another; see the Instagram/Twitter
    fiasco. More and more user creation is moving behind these walls,
    making it inaccessible to third party applications.

    Glyn Willmoth