Amazon reviews now unreliable - negative reviews filtered (Anker example)

Amazon reviews have long been helpful to me, and were once a big part of Amazon’s value proposition.

That is no longer true. Amazon is filtering out negative reviews.

I learned this after attempting to review Anker bluetooth earbuds I bought for Emily’s birthday. The power switch was defective. That wasn’t a complete surprise, I have a similar pair and I often have to push 2 or 3 times. Anker should have spent another 10 cents on that part.

Amazon made the return easy, but when I tried to write a review I got this notice:

“Sorry we are unable to accept reviews for this product …”

I then switched to Emily’s account. There I was at able to start a review, and even able to give in a two star overall rating. When I clicked 1 star for material quality however the “unable to accept reviews” notification appeared:

This is, of course, worse than if Amazon removed all product reviews. They are promoting systemic bias in their closed world. The Fox model is catching on elsewhere, Apple is doing something similar with the Mac App store.

Managing the Facebook Problem

Facebook Reasserts Posts Can Be Used to Advertise. So if I click "Like" on a new offering by Encyclopedia Britannica, my Facebook friends (friends of friends of friends?) will see that in their ad stream and EB will be charged a click fee.

Since my Facebook friends and family members are into sex dolls and bondage they'll be terribly offended by my boring tastes and stop sending me party invitations.

It's the same story with Google+ of course, but G+ isn't a Problem. That's because by the time G+ came out we all knew the rules of the game. My 2011 TrueName G+ account lasted about two weeks; I use G+ services today through my John Gordon and corporate/professional identities.

The Facebook Problem is that I started using it when I was young and stupid - and I still value it. It's been a good way to keep our distant family members connected, and keep connections to old friends. Facebook Pages have worked well for the kids sports teams and especially for following notifications from local non-profits, selected businesses, and government.  

So... a bit of a conundrum. Were I to start using Facenbook today I'd use a 3rd synthetic identity, bringing the total [3] to four (each of these has its own Chrome Profile - which works better on Windows than OS X)

• Public geek: John Gordon. (Once we'd have said "intellectual", but geek is less pretentious and certainly accurate in my case.) I switched my blogs from my TrueName to John Gordon in June 2005.
• Corporate-Net/Professional: Today that's LinkedIn and a G+ account at this time.
• TrueName: This is John Gordon F.... Once it led to a web site, an Amazon account and a Google Profile. Most of those are gone.
• FriendsAndFamily: Something like John Lanan -- where the last name might be somewhat unique but not too unique.

So can I do with Facebook what I did with my net identity in 2005 [1]?

 

Maybe -- for the moment anyway. Facebook allows one username change and a "limited number" of name changes -- though the new name is supposed to be a RealName and was designed for American marriage/divorce practices. Pseudonym use is a violation of Facebook's TOS. (Remember the 2010 Google Buzz and 2011 G+ TrueName wars? Charles Stross's rant is still a classic, he's still not on G+ [2])

 

I may do the Facebook name change - at least as a stopgap measure. I already have a separate locked down pseudonymous Facebook account with zero followers, I'll migrate to that account for subscribing to Page activities and managing Pages. I'll remove my image and identifying information from Facebook, and switch the phone to a GoogleVoice/Hangout number associated with one of my many non-TrueName Google identities. My oldest child has a Facebook account, but I think the younger two will go elsewhere.

 

I rather doubt Facebook will miss me, but I will miss the good things Facebook brought me.

 

- fn - 

[1] My TrueName is fairly unusual, but happily there's now an actor with the same name. He's almost as handsome as I am, and his images have swamped mine. It didn't take long for Google to more or less forget about me, the dominant hit with my TrueName is my public LinkedIn profile. 

[2] Charlie has a popular Twitter account and might worry about where Twitter is going, but as an professional writer he can't separate his professional and personal identities as easily as I can. I think he's always considered his Twitter identity to be both a professional and public intellectual identity.

[3] I'm simplifying. My iPhone's user-resettable advertising identifier is an effective identity, and iCloud/AppleID is a non-public identity related to a set of services not including email.

See also

• A retrospective view of Microsoft's Hailstorm 5/2005: Once controversial, now quaint, even noble.
• Google's two factor authentication and why you need four OpenID accounts 9/2010. Credentials organized by security, which is a different dimension from identity organized by privacy. Not that the multi-dimensional identity-credential intersection is complicated or anything. My 2013 hacked Adobe credentials were Category I: "You want it? Take it." My mysterious 9/2010 Gmail account hack was Category IV.
• My Google profile -- another brick in the wall 12/2007. Before G+ I was 113810027503326386174, that identity link is now dead; it may have died when I turned of G+ on my TrueName account.
• Gordon's Notes: Why the name change? 6/2005
• Gordon's Notes: The Buzz profile problem: I am Legion 2/2010 - Google's first TrueName attempt. I like that old post of mine.

Update: As part of my migration I made a Facebook profile picture which no doubt violates TOS.

Here's the latest iteration -- my first ever use of Acorn.app (and not quite kosher because it's a section of an Apple owned desktop image, but I'm iterating...)

 

How Google can save itself - sell privacy.

It's been 3 years since the Google-Apple divorce, eight months since Google 1.0 died, and six months since I tried divorcing Google.

Divorcing Google, but planning to go out with something else. That hasn't worked out so well; Apple in particular is exploring new domains of pain.

Meanwhile, the less-facebooky parts of Google+  are improving, even as Twitter enlists with the Sith (don't they know there can only be two?).

So I'm thinking about trying to reconcile with Google - assuming she's still into geeks. How could Google win us/me back?

Google could sell privacy.

Let me explain. In the modern world two populations have privacy. One is poor, lives on cash and checks, and doesn't have a cell phone. The other is Romney-class wealthy. The rest of us are the Transparent Society. We can't buy privacy.

That is, we can't buy it now, but Google could sell it.

Google could sell a yearly G+ privacy subscription for something like $200 year per person or $400 year per family (wild ass guesstimates). For that amount we'd have full control over what we share, and we'd opt out of all advertising and marketing. We'd still be able to opt in to ads if we wanted, and of course there'd be no shield from subpoena. We'd be able to turn on the parts of G+ we want, and disable those we don't want. We might even have the optional use of disposable avatars or identities.

It sounds like a lot of infrastructure to build for a few users, but Google needs to sell into the German and EU market. Their privacy laws are much stricter than America's privacy "suggestions". Google would also like to provide services for the under 13 group, and even in the US that requires enhanced privacy protection. So they have to build this infrastructure anyway.

At a stroke, this would rebuild Google's geek appeal. Most would decide not to pay the price, but there would be no grounds for objections -- because Google's contract with its users would be transparent.

Some of us would pay.

You can do it Google. Save yourself and we'll be happy again.

Why quality collapsed in the bubble years: Akerlof and the last good toaster

Six years ago, I mourned for the demise of the last good toaster. I could find lots of cheap toasters, but they didn't last long.

It wasn't just toasters. Between about 1999 and 2009 the quality of a lot of goods seemed to collapse -- even as consumer prices fell. I wrote cranky posts about the "occult inflation of shrinking quality", but I seemed to be a chorus of one. It wasn't just toasters that disappointed, we couldn't buy a decent DVD/VCR or pencil sharpener or window unit air conditioner. Similar quality problems emerged with drywall and heparin [1] and, notoriously, just about every computer manufacturer on earth save one.

For us it felt like a market failure. We were willing to pay more money for higher quality, but there didn't seem to be a relationship between price and quality. Brands like SONY and Panasonic didn't mean much any more.

A few brands kept their reputation. Canon and Nikon held on, and a phone maker led by a difficult genius made a reliable battery charger and eventually became the world's most valued corporation.

I wonder if it was Apple's example that changed the picture. Because reading John Roberts [3], it seems we fell into Akerlof's quality trap (emphases mine) ...

... Trade may break down almost completely (Akerlof, 1970). If eliminating the asymmetry of information is not possible, then buyers will refuse to pay more than the expected value of goods, averaged across the different quality levels they expect to be offered. Then the best quality goods may not be offered at all, because they command only a middling price that does not reflect their true value. Consequently the distribution of qualities that are actually offered is worse than what is potentially available. Since the selection of products on offer is not representative of the underlying distribution of quality, but is instead an adverse selection, buyers will rationally lower their willingness to pay even further. Then, even more potential sellers of relatively high-quality items may no longer be willing to sell at the lower price. The overall result may be that nothing but very low quality items are available -- only lemons are on offer -- and markets fail to exist for high-quality products, although buyers are anxious to have such goods and would willingly pay enough for them to compensate the sellers if they were sure to get what they paid for. [3]

In a world where quality seemed to be unobtainable at any price, Apple offered relatively higher quality [4] products at a relatively higher price. I think they broke the cycle [5]. It probably helped that after the debt/real estate bubble burst consumers paid more attention to the costs of unreliable goods.

It's quite a story - a textbook illustration of research that earned Askerlof a share of the 2001 Nobel Prize in Economics. So why haven't we read about this from anyone but a crankish blogger? Where are the economists?

[1] The investigation continues incidentally - More Suppliers Linked to Heparin Contamination - WSJ.com.
[2] I've been told that it's now very hard to buy a reliable dish washer 
[3] Roberts, J. The Modern Firm. Oxford University Press 2004. p 82-83
[4] Apple, with a few exceptions, doesn't make very high quality products. Their software is notoriously buggy, and they made generations of laptops with flaky hinges. Compared to the competition though, they were sterling. 
[5] The cycle-breaking alone brought them success, but the mind-blowing innovation of the iPhone and iPad took them to the top.

Update: Shortly after posting this, I discovered that in 2007 I made the same connection to asymmetric information theory that Roberts detailed in his text. Maybe I should have been an economist.

Google and Facebook: how Chrome supports life with an dully evil corporation

Just three years ago Facebook's Gordon's Evil Score was 12, and Google was a mere 6. Today, 3 months after Google's day of infamy, I'd give Google 10, Facebook 8, and Apple a 6. (Philip Morris gets 15. Evil is relative.)

These days Facebook is less evil than Google 2.0, probably because Facebook has been on pre-IPO best behavior. Post-IPO I expect 'em to hang with Google in the gray zone of generic AT&T-style corporate badness. After all, both companies package and sell us.

So why is Facebook's badness boring, and Google's badness Bad?

It's because we always knew Facebook was evil. I never gave FB anything I couldn't walk away from. If Facebook went away tomorrow, I'd be slightly sad.

Google though, Google once made me smarter. Our family uses Google Apps. My shared images are in Google's web albums. A lot of my external memory is Google dependent (so losing Google Reader shares felt like a mini-lobotomy). Google search, born in the day of the ad-infested Portal, was beautiful.

Google though, Google was going to make free the world's knowledge.

Google though, Google wants to build a sentient AI. Do we want our first sentient AI born of our bad parents?

That's why Google's Page-driven race to the Darkseid matters a lot more than Facebook's perennial villainy. We loved Google, we trusted Google,  we married Goole and made Data together -- and we were chumps. (Some of us are still in denial.)

What now? Well, Google hasn't turned into Philip Morris -- and it probably never will. They've just become as evil as most publicly traded corporations -- and a lot of us work for those. Besides, we can't completely divorce. Think of the Data. [1]

So I'm still living with Google. Yeah, I did try Bing. Have you ever used Bing? Go and give it a try. I'll wait here for a while. Right. Even EvilGoogle is better than Bing.

I'm living with Google, but I'm keeping my distance. Coincidentally (?) Chrome recently made this much easier.

Chrome now supports client-side identity management. On my Mac the Preferences:Personal Stuff menu has a "Users" section. A "User" is simply a separate identity, where an "identity" is a set of cookies, credentials, bookmarks, cache and so on. Optionally, a "User" on Chrome can be associated with a Google account, and Chrome/Google credentials and bookmarks sync between those accounts. These don't have to be Google+ accounts [2]. If you link a Chrome User to a non-Google+ account, you're basically using GoogleMinus. That's what I do.

In Chrome I currently switch between 5 Users as needed, each with a paired Google account. One user is my original TrueName "113" Google account. I deleted that account's G+ Profile, so this "User" gives me something of an old-style GoogleMinus experience. This account owns my Google Docs, my Email, my Calendar, and way too many Google properties to remember (including the remnants of Google Reader social.)

I use my G+ John Gordon identity with Blogger [3] and Google Reader (I moved GR subscriptions over to this account). I have yet another identity associated with my corporate work, another with our family domain, and then 1-2 more to make it easy to switch between the kid's Google accounts [4].

Google Chrome has made it easier to live with Google 2.0, but it's an uneasy relationship. Evil Facebook is fine -- because I don't care. Evil Google is not a good long term relationship. I'm seeing other services now, services like Pinboard.in and the shared items I post there. It will take decades, but I'm hoping true alternatives to Google will emerge. Alternatives that charge real money for their services. That's how I'll know they're worth being with.

[1] It's no coincidence that when Google turned evil, the Data Liberation team fell silent.
[2] For now, though in future that might be impossible to avoid.
[3] Google's blogs can have multiple contributors, so I just made John Gordon an admin on blogs that started with John F. as admin. Early on Google forbade pseudonyms in G+ accounts; now they only require that pseudonyms "appear" to be well formed, generic names not associated with celebrities or historic figures.
[4] All through our family domain. They don't know the passwords.

See also:

Others

• Microsoft, Apple, and Google: where does the money come from? | ZDNet 2/2012
• The ‘Eggs In One Basket’ Index - SplatF 2/2012 Google is fully dependent on Advertising revenue
• Facebook, Google, and the Future of the Online 'Commons' 2/3/2012. Fallows is soft on Google. He hasn't come to terms with the new Google.
• Against the wall – Marco.org 2/1/2012 - no illusions here
• Google's Broken Promise: The End of "Don't Be Evil" (Gizmodo, 1/2012)

Me

• Gordon's scale of corporate evil - 3rd edition 11/2011
• Google 2.0 11/2011
• Dapocalypse now: Google's day of infamy 10/2011
• Google 1.0 is dead. When did it start dying? 11/2011
• Divorcing Google - and hoping for GoogleMinus 1/2012
• Responding to Facebook’s lions: Stop friends using the apps 12/2009
• I deleted my Google G+ Profile 11/2011

I deleted my Google G+ Profile

I visited my Google Profile today. It includes G+ posts, and more was public than I'd expected.

There's no longer a way to disable the Posts tab in Google Profile. I recall that was once optional.

I can, however, delete my Profile:

Downgrade from Google+

... Delete Google+ content or your entire Google profile If you delete Google+, Google attempts to restore your experience of other Google products to the way it was before you joined Google+ and to permanently delete your Google+ circles, posts, and comments. If you delete your Google profile, you delete Google+ as well as other services and their data that depend on a Google profile...

I'm going to give this a few days, but I expect I'll delete my TrueName Google Profile. I'll take the opportunity to take another step away from Google 2.0.

It's interesting to reread my first post on my Google Profile in 2007.

Today I have been re-christened 113810027503326386174. It is the ID Google assigned to the persona associated with Gordon's Notes and other blogs. I assume it will be the foundation for Google's future identity management services...

...I will need to add this new number to the page where I park all my public and related personas.

I really didn't expect Google to choose its current path.

In its place, at least for the moment, I have created a John Gordon profile, a companion to my blogs.

Update 12/6/2011: I've deleted my G+ Profile and G+ Content. The dialog I received said ...

Over the next few days, Google will attempt to delete all Google+ features and your Google+ data from your Google Account:

Your circles will be deleted, but people in your circles will remain in your Contacts.

Your +1's will be deleted.

Your posts and comments will be deleted and won't be available to anyone you shared them with.

Any profile information that you did not make public will be deleted.

Many Google+ social and sharing features will be disabled for you on other Google sites.

Content from other services, such as videos, will no longer be visible to people in those circles.

However:

No photos will be deleted: you can still access them in Picasa. To delete them, go to Picasa Web Albums.

Your connections to third-party services will not be affected. To manage them go to Connected accounts settings.

Your chat buddies in Google Talk and Gmail will not be deleted.

The sharing challenge: access, topic and identity. Why G+ fails.

Setting aside the act of mass datacide that moved Google up my corporate evil scale, G+ suffers from a fundamental Circle problem. It may be an attempt to work around Facebook patents rather than a misguided design, but either way it doesn't work.

G+ provides these tools for publication and subscription:

• A single identity. (In this case, identity is equivalent to a maximal set of Identity-Circles + Public)
• Circle: both Access Control and Topic definition and Subscription-filter option
• Person level blocks

These aren't sufficient. They put far too much of a burden on the publisher to create and maintain a multitude of Circles that pre-coordinate Access Control and Topic definition [1]. The pre-coordination work fails due to combinatorial explosion [2].

A full set of controls looks like this.

• Multiple identity: where identity is a set of access controls and topic definitions.
• Access controls: who can see what.
• Topic definitions: what are the topics, so subscribers who can see a stream can choose what they follow within that stream
• Person blocks: hide all comments from a person

A full set of controls seems more complex, but the workload largely falls on the Publisher, not the consumer -- and the combinatorial explosion problem is resolved. Subscribers choose which topic to follow. Unfollowing all topics is equivalent to blocking a person's posts but not their comments.

Google Reader Social had no access controls (that I remember), but it did allow multiple identities (an identity is equivalent to a subset of topics). The topic controls were very weak (subscribe to tags - almost never used), but the UI made it very easy to pick items of interest from a large stream. The G+ UI makes the combinatorial problem much more significant.

Google has promised pseudonym support. That will be roughly equivalent to a subset operation on Circles. Boolean operations on Circles would also somewhat alleviate the publisher combinatorial problem.

Alleviate, but not eliminate. Sooner or later, G+ will need to separate access control from topic definition.

(I'm grateful to a G+ comment from Peter C that helped me think this through.)

[1] Note too the 3 people on earth who'd probably appreciate this. This is identical to the pre- and post-coordination problems that bedevil anyone who works with concept based knowledge representation ontologies, including clinical terminologies/vocabularies like SNOMED and (yech) ICD-10-CM and ICD-10-PCS.
[2] A Sept 2011 WSJ post on "injury by falling turtle" in ICD-10-CM causes of injury illustrates this also. See #1.

Anonymous

Google is trying to enforce full transparency in their, large, corner of the web. I think they're making a terrible mistake.

I can see why they do it though. Most large sites can't handle the spam attacks routed through anonymous posting.

Gordon's Notes, though, we're not so big. Most of the comments I get are anonymous (excepting Martin and MaysonicWrites). Many of them are excellent. Fortunately Google's AI is now pretty good at killing the spam attacks, so I can easily manage the low volumes I get. [1].

Anonymity is something a *cough* specialty blog like GN can support.

[1] Sure would help if Google gave me an RSS feed of comment counts though - so i know there are new ones to inspect. As it is comments go immediately to recent posts and I get a notice by email, but older post comments can sit around until I notice and authorize them.

Your public Facebook posts - try this Google search

If you've ever used Facebook, log out of Facebook then try this search:

site:facebook.com "your name"

I don't share publicly - but I do post and comment on "Pages" which belong to organizations.Those pages are always public, so what I have written there is also public.

You can't make these posts non-public, but you can delete them. Log in to Facebook, then repeat the search. You should now see a delete box.

I found some posts could not be deleted. I got the "failed to hide minifeed story" bug on one.

PS. In the midst of this exercise my (true and unusual) name was registered as a Tidbits author with a 1996 article. This was a puzzling experience, because it was at first completely unfamiliar. As I read it, however, it became vaguely familiar. I remember the ideas, if not the article. I'm pretty sure it is mine. Weird.

Google's identity failure: recreating the joy of Buzz

Google + requires us to use our "true name". In may case John F, not "John Gordon" or any of my other aliases.

Charlie Stross has a good rant on why this is a bad idea. He finishes with a set of solid recommendations (emphases mine) ...

Google is wrong about the root cause of online trolling and other forms of sociopathic behaviour. It's nothing to do with anonymity. Rather, it's to do with the evanescence of online identity. People who have long term online identities (regardless of whether they're pseudonymous or not) tend to protect their reputations. Trolls, in contrast, use throw-away identities because it's not a real identity to them: it's a sock puppet they wave in the face of their victim to torment them. Forcing people to use their real name online won't magically induce civility: the trolls don't care. Identity, to them, is something that exists in the room with the big blue ceiling, away from the keyboard. Stuff in the glowing screen is imaginary and of no consequence.

If Google want to do it right, they're going to have to ditch their naming policy completely and redo from scratch.

To get it right, they need to acknowledge that not everyone has a name of the form John Smith or Jane Doe; that not everyone uses the same character set or same number of names. They might be able to get away with insisting on a name that appears on a piece of government-issued ID; but then they need to acknowledge that people have legitimate reasons for using one or more pseudonyms, allow users to register pseudonyms associated with that name, attach pseudonyms to different (or even overlapping) circles of friends, and give the user a "keep my real name secret" check-button. Then and only then they'll begin to develop a system that has some hope of working.

I can't improve on Charlie's rant. He's one of many, but he says it well.

Unfortunately, this isn't the first time Google got it wrong. They made the exact same mistake with the Buzz Profile. I wrote about that over a year ago ...

Gordon's Notes: The Buzz profile problem: I am Legion (feb 2010)

I am father, brother, in-law, son, and spouse. I am coach. I am volunteer. I am citizen and activist. I am a physician. I am an (adjunct) professor. I am an oddity in a large, conservative, publicly traded corporation. In the corporation I am a team member, known to some customers, occasionally publicly facing, known in various ways and various places. I have other roles and have had many more over time.

I am Legion. So are most middle-aged persons.

Only one person knows all the roles and all of the stories that are not excruciatingly boring (hi Emily).

That’s the problem with Google Buzz, and why my Google Profile doesn’t include my pseudonymous (John Gordon) blog postings or my Google Shared items.

Buzz is tightly linked to my Google Profile, and my Profile is trivially discoverable. I don’t want corporate HR or a customer or business partner to instantly know that I’m a commie pinko Obamafanboy with a dysfunctional Steve Jobs relationship.

I have LinkedIn as my bland corporate face, and, despite Facebook’s innate evilness, a FB profile for friends and family. Inside the corporation I’ve a blog that serves as a limited persona.

We all have many roles, identities, avatars, personae, limited liability personae, characters, facets and so on. The problem with Buzz today is that it’s tied to the Google Profile, and that profile is the closest thing to my unified public face. It crosses boundaries. So it can only hold the limited information channels that are available to all.

Google hasn't learned enough from the disastrous failure of Buzz. They're repeating old mistakes, and seeing old results. Already G+ activity seems to be falling, and losing people like Stross isn't helping.

This can be fixed. Like Charlie says - give us a hard identity that the police can track if need be. Tie it to credit cards. Heck, for a fee "validate it" so we can better protect ourselves against identity theft. Then give us as many pseudonyms as we want, and give us tools to manage them while keeping our TrueName to ourselves.

G+ impressions mine

With the help of a few friends, I somehow slipped through this narrow window into Google Plus (my G+ profile, which has lost its vanity URL for the moment) ...

Google+ For Businesses Coming Later This Year -- InformationWeek

... Google+, the company's recently introduced set of social communication services, briefly opened to new participants last night, between about 7pm PDT and 9:40pm PDT. Google engineering director David Besbris, in a Google+ post, said that the Google+ field trial is going well and that Google is seeking to double the undisclosed size of the field trial...

It's good. After Wave and Buzz failed, and Google Reader Share succeeded but got no love, G+ works. So far Streams is a smarter, better, version of Facebook personal Pages (no corporate/org/group equivalents, however). I don't think it's more complex that Facebook; FB at best is only transiently comprehensible. As soon as I figure it out, the rules change.

FB's constant attempts to hack their own customers has pissed off so many users, including my wife, that G+ has a pretty good chance to compete. At the very least, it should own the Android demographic. Whether iG+ gets the iPhone crowd or not depends on the shaky state of the Apple-Google detente. At the very least, G+ strengthens Apple's hand with both FB and Twitter.

Some quick impressions of my own ...

• I'm looking forward to the day when Google moves Google Reader Shares/Notes into the Streams framework, closes Buzz, and makes Streams/Sparks the "comment" framework for Google Blogs. Until then G+ will be fun to play with, after that I'll be spending a lot of time with it.
• Safari is showing page errors with G+. Unsurprisingly Chrome works best.
• It will be interesting to see how I manage the John Gordon/John F identity clash in G+. I think I should be able to make it work.
• Google Data Liberation has its own home on my post G+ Accounts page. It includes all Picasa web albums, my profile, my stream, by Buzz data and all circles and contacts. Very impressive.
• Profile settings says I can control which circles see parts of my Profile, but that's not working for me yet.
• The Privacy page is excellent.
• My Google Profile vanity URL now redirects to a G+ Profile with my old 1138 .... Google ID showing.

Of the coverage I've read, I like these best ...

• Google Plus: Why Facebook and Quora Should Worry by @ScepticGeek
• 10 Questions for Google’s “Head of Social” by @ScepticGeek (May 2010, interesting to reread now. Remember OpenSocial?)
• Google+ vs. Facebook: the Trust Factor - James Fallows
• Post by Yonatan Zunger - explains circles - bit head-spinning really. He's the engineering director for G+.
• Google+ - Wikipedia, the free encyclopedia

Why the United States Postal Service should manage our primary digital identity

For a non-expert, I do a fair bit of ruminating about the relationships between identities, credentials, and avatars/facets. Today a bug related to Google's (covert) Identity Integration initiatives, a recent flurry of stories on the endtimes of password based security, and the earth's orbit have got me chewing again.

I'll deal with the earth's orbit by making my solitary 2011 tech prediction. 2011 will be the year of two factor authentication and the gradual realization that management of digital identities is too important to be left to Google, Amazon and especially Citicorp, Facebook, and AT&T/Verizon.

So if we can't rely on Google (or Facebook) or Citicorp to manage our digital identity, including claim resolution and identity control, who can we rely on? What are the other alternatives, assuming that almost none of us will run an identity service out of our homes?

Obviously, government is an option. The (US) Federal government, for example, makes a robust claim on my identity. That claim, however, is so robust I would prefer to separate my obligatory IRS identities from all other identity related services. In any event direct US government identity management is a political non-starter. The right wing will start ranting about beastly numbers and rationalists will fret about the day Bush/Cheney II takes power.

That leaves business entities with strong governmental relationships, extensive regulation, and a pre-existing legal framework support that could be extended to support identity management.

An entity like, for example, the United States Postal Service (USPS).

You laugh. Ok, but consider the advantages:

1. The USPS has been in the business of managing confidential transactions for centuries.
2. There are post offices in every community that could support the person-present aspects of identity claims.
3. It's a regulated quasi-governmental agency that already exists.
4. The USPS manages passports
5. Much of the legal framework used to manage mail and address information could be extended to manage digital identities.
6. The USPS is dying and is desperate for a new mission.

I admit, it sounds crazy.

Except ... I'm far from the first person to think of this. It was proposed by (cough, choke, gag) Michael Chertoff ...

... former Department of Homeland Security Secretary Michael Chertoff ... mused that the USPS was ideally situated to take part in the evolution of the government’s role in validating identity. He points out that the Post office is already the primary issuer of passports – an extremely important piece of personal identity. In the speech he expands on that model as follows: “one of the things I hope to see is, as the Post Office re-engineers itself over the next, you know, few years, they increasingly look at whether they can be in the business of servicing identity management. They can – because every town has a post office.”....  DHS: Remarks by Homeland Security Secretary Michael Chertoff at University of Southern California National Center for Risk and Economic Analysis of Terrorism Events

I can't believe I find myself agreeing with Chertoff, but there you go. What a way to start 2011.

See also (Gordon's notes unless otherwise noted);

• The Buzz profile problem: I am Legion (2/2010)
• Trust and credential management: MyOpenID (9/2010)
• Google's two factor authentication and why you need four OpenID accounts [1]
• Gordon's Tech: Rogue Twitter/Google feedburner connection - first of the Great Google Identity Integration bugs (1/2011)
• Juggling identities: Udell, Cameron and Identity Woman (3/28/2008)
• Wanted: an identity management service. Business model included. (3/5/3008 - I suggest Denmark)
• Fraud technologies use persona cloning to attack social networks (11/2007)
• Gordon's Tech: After the Gmail hack - passwords and security (9/2010)
• Gordon's Tech: Yet another identity of mine: MyOpenID (12/2007, before I gave up on OpenID)
• Gordon's Tech: identity
• Gordon's Notes: Identity
• Gordon's Notes: Security

[1] Incidentally, now that my kateva.org Google Apps users have Blogger privileges, and since Blogger is supposedly an OpenID provider, I'm thinking of implementing this using Blogger/Google Apps/Kateva.org

Update 1/8/11: A few days after I wrote this news emerged of a federal identity and certificate management initiative. Maybe I'm psychic.

Transparent society: automated monitoring of employees

I own Minority Report. I need to watch it before it's entirely passe.

For example, Social Intelligence is marketing employee behavior data mining to corporations. Forget spotting terrorists with Total Information Awareness (oh, you've already forgotten?), it's much more profitable to spot employees with a substance problem. Plus, it doesn't freak out the Tea Party if corporations do it.

If corporations don't buy, SI argues, they'll be sued the next time an employee goes postal. They should have known, lawyers will argue (and they will).

SI is also opening a subsidiary that will use bots to generate optimal online identities; burying the signal in noise. This service will be sold to employees. (I'm pretty sure Stross covered this in Accelerando, but there's lots of prior art here.)

I was joking about the employee service. SI might as well do it though. If they don't, someone else will.

There are several business opportunities here. I'm particularly looking forward to the related hire-a-hacker fund. Ten thousand people will anonymously donate a dollar for an SI related initiative.

(via Schneier).

PS. The Schneier comment thread includes some examples of name collisions and identity errors. I have one of those. My true name is somewhat unusual, and one time I flew in to give a talk only to be met by two police officers. They were looking for me as a material witness in an arson investigation. I was dressed for the presentation, so their expressions were funny to watch. Evidently I didn't look like the guy they expected ...

The Transparent Society - 1920 edition

I've mentioned David Brin's prescient 1999 book, The Transparent Society, a few times. In today's panopticon it's a premature cliche, but he deserves credit for working through so many of its implications.

Credit is also due a work I learned of through a throwaway comment of Melvyn Bragg in a 1999 (30 min!) program on Utopias (Anthony Grayling, John Carey). Lord Bragg mentioned a 1921 novel by Yevgeny Zamyatin called "We". The novel is described in an Amazon review by Leonard Fleisig ...

... WE takes place in the twenty-sixth century where a totalitarian regime has created an extremely regimented society where individual expression simply does not exist. All remnants of individuality have been stripped from its inhabitants including their names. Their names have been replaced with an alpha-numeric system. People are not coupled. Rather, each individual is assigned three friends with whom they can have intimate relations on a rigid schedule established by the state. Those scheduled assignations are the only times the shades in a citizen's glass houses can be closed. Apart from those hourly intervals everyone's life is monitored by the state. As in Orwell's 1984, language has been turned on its head. Freedom means unhappiness and conformity and the submission of individual will to the state means happiness...

Yes, rather like Huxley or Clockwork Orange or 1984. Orwell was a fan but Huxley denied having read We. 

We certainly belongs in a "panopticon" reading list. Glass houses are the ultimate transparent society.

See also:

• We - full text pdf

How to use Amazon reviews

I wrote a negative Amazon review of Apple's battery charger (2/6 batteries were defective). As expected "0 of 2 people found the following review helpful".

This is very common with certain items, such as Apple products, Microsoft products, Christian conservative books, and other products that have "fans". It also happens with lawn mowers and dehumidifiers [1], but in those cases the negative feedback comes from manufacturer employees and retailers.

The "helpful" metric on Amazon reviews is not only worthless, it's harmful. It points people away from important reviews. It's also used to create reviewer rankings, so those are also worse than worthless. (By using these metrics Amazon is setting itself up for emergent fraud.)

There's another weakness of Amazon reviews -- name changes. Just as Google's Ballmer Schmidt tells teens they'll need to rename themselves as adults, so to do vendors change model numbers to dodge bad reputations.

There are workarounds for both problems. Here's how to use Amazon reviews:

• Always read the negative reviews, even on a 4.5 star product. The two star reviews are usually the best, some of the 1 star reviews are nonsensical.
• Remember statistics, a 50 review product will usually have meaningful negative reviews.
• Look at other models by the vendor to defeat name change strategies. Amazon keeps older model information around for a while, so you can usually find the previous model number. Vendors don't change their behaviors as quickly as they change their model numbers.
• When looking across a product category, sort the category by sales, not by average rating. The rating averages are not discriminating and are unreliable.
• Give more weight to True Name (authenticated) reviewers. If a review seems unusual, look at other reviews by the same person.

- footnotes

[1] Based on my experiences with appliance purchases over the past few years, I think Sears or even Best Buy are better options than Amazon -- because it is practical to use the warranty.

After the Google Hack: Life in the transparent society

My Google Account (Gmail and more) was hacked on 9/3/10, a day before I wrote about the risks of online backup.

I had a 99th percentile password. It had six letters, four numbers, no words or meaningful sequences. It wouldn't be in a dictionary. On the other hand, like Schneier and other security gurus, I didn't change it often. I also had it stored locally on multiple desktop and iPhone apps. As far as I know it wasn't stored on any reasonably current web app.

If my password had been a bike lock, it would have been one of those high end models. Enough to secure a mid-range bike on the principle that better bikes with cheaper locks were easy to find.

That wasn't enough. For some reason a pro thief [2] decided to pinch my mid-range bike. They didn't do any damage, they didn't seem to send spam [1]. They seem to have unlocked my bike, peaked around, and locked it again.

Why would a pro bother? Trust me, I lead an intensely narrowcast life. It's interesting to only a few people, and boring to everyone else.

On the other hand, it wasn't always so. "I coulda been a contendah." I knew people who have had interesting lives, I still correspond with some. If a pro was interested in me, it was most likely because of someone like that. My visitor was probably looking for correspondence. Once they found it, or confirmed my dullness, they wouldn't have further interest in me.

Fortunately even that correspondence is quite dull.

I've changed my password. The new one is 99.9th percentile. Doesn't matter, I doubt I'm much more secure.

This isn't a complete surprise. Passwords died as a high end security measure about ten years ago. What's more surprising, except in retrospect, is that you don't have to really do anything or be anybody to get some high end attention. You only have to be within 1-2 degrees of separation of someone interesting. Security and "interest" are "social"; even a dull person like me can inherit the security risk of an interesting acquaintance or correspondent.

Welcome to the transparent society. If you put something in the Cloud, you should assume it's public. Draw your own conclusions about the corporate Cloud business model and online backup, and remember your Gmail is public.

footnotes --

[1] Of course they could erase the sent email queue, but I haven't gotten any bounce backs. Anyway, there are much easier ways to send spam.
[2] Russian pro, Chinese government equivalent, etc. Why pro? Because the hacker didn't change my password after they hacked the account, they didn't trash anything obvious, they didn't send out spam, and the access was by an abandoned domain. I'm not vulnerable to keystroke logger hacks except at my place of employment and wifi intercepts are relatively infrequent. Still, it's all probabilities.

Cloud data: Should I trust (Simplenote) Simperium?

My memory prostheses got a nice upgrade when I integrated my Outlook and Palm/Toodledo "notes" into a single Cloud based repository with powerful OS X (Notational Velocity), Win (ResophNotes), and iOS (Simplenote.app) Clients.

I'm loving this ecosystem. There's speed, simplicity, data freedom, multi-platform and integration with Spotlight and Windows search (both ResophNotes and Notational Velocity can create local stores with each note a simple text file available for indexing and editing).

Did I mention Speed and Data Freedom? Just wanted to check. I'm copying a pasting notes from various scattered sources, building a single searchable repository of my memory extensions. It's a good complement to the memory stores distributed in my blogs and google reader shares and integrated via my Google Custom Search Page.

It's all good fun - until someone gets hurt. Tonight Simperium, the creators of Simplenote, had a single ominous blog post:

Simplenote will be unavailable on the App Store for (hopefully) a short period of time. We apologize to our potential new users. You're welcome to create an account in the meantime and we'll let you know when we're back.

Right. Simplenote, you see, owns that Cloud repository I mentioned. They've evidently been booted from the App Store. Their too-brief posting lends itself to grim interpretations.

I do so love the Cloud.

We must hope that Simperium "simply" violated an API rule with a new release, and that they'll be back soon -- hopefully with a longer news post. For now, however, a comment on my tech blog is especially relevant ...

Blogger:Migrating Notes comment: Martin: "... how can I trust the 'Simperium' entity without any further information available?"

Cough. Good question. How do we know, for example, that Simperium isn't a KGB front mining data to be used by Russian crime syndicates paying for Putin's personal submarine? Maybe "sImperium" is a clue.

The short answer is I don't trust them. I don't trust Google or Apple either Simperium, so it's nothing personal. Or, more correctly, I trust these companies to do what's best for the people who control them within the limits of what they think they can get away with.

So I don't put anything in my Simplenotes that I wouldn't put in my blog. I keep my passwords in 1Password, not in my Simplenotes. I also don't put anything in Simplenotes that I can't afford to lose. All my notes are synchronized by Notational Velocity (open source, the superb ResophNotes does the same thing for Windows) to a local store on my personal hard drive, where the UTF-8 plain text files are also backed up hourly.

I also know that Simplenote is used by some serious geeks, including the notorious John Gruber and the authors of ResophNotes and Notational Velocity. It it should vanish something like it would be recreated.

So I don't trust Simperium, but I'm not worried about them either.

Or at least, not panicky.

PS. All of this stuff is basically free. Simplenote.app is very cheap, and ResophNotes and Notational Velocity are free (donations accepted and encouraged - I gave!). The Simplenotes cloud service is normally free, I paid for premium service. This, by the way, is a bit worrisome. I'd rather Simperium had a clearer revenue stream.

Update 8/13/10: Simplenote responds in comments. They took themselves offline to fix an error in how they configured their update. I expect next time something like this happens their blog post will be more informative.

Update 8/23/10: Simplenote update just appeared in the App Store. So they're back at last.

--My Google Reader Shared items (feed)

China's water army and my e-cigarette post

A post I wrote on unregulated (Chinese, but really, everything is) electronic cigarettes received a lot of curiously phrased comments. I wonder if that was my first encounter with the water army (wumaodang variant)...

Blood & Treasure: water army

... Another wrinkle on the wumaodang phenomenon. Instead of the Chinese state hiring people to post favourable comments about government policy, you have shuijun, the “water army” paid by private companies to delete unfavourable comments about themselves and their products and services.

Related shakedowns include commercial websites spamming negative comments about companies in order to pressurize them into advertising on their site, and companies suing websites carrying genuine complaints on the grounds that they are faked, but basically to get them to censor themselves.

In a similar vein see Internet 2025 (very new and a classic already) and Bruce Sterling's (free) short story about post-apocalyptic astroturf - The Exterminator's Want-Ad.

China is the new California*.

* Land of the future.

Identity: Legion is a character defect?

Last February I wrote The Buzz profile problem: I am Legion.

It surprised me that I had to write the post. I thought it was self-evident that adults have many identities. Google's Buzz flop made me realize I was wrong. Obviously a lot of Googlers missed the obvious.

Google may be catching on. Not so Facebook's master - Mark Zuckerberg ...

An Internet Where Everyone Knows You’re a Dog — Crooked Timber

...While searching for evidence of Zuckerberg’s broader philosophy of information, a passage from David Kirkpatrick’s forthcoming book, The Facebook Effect, is quoted:

“You have one identity,” he emphasized three times in a single interview with David Kirkpatrick in his book, “The Facebook Effect.” “The days of you having a different image for your work friends or co-workers and for the other people you know are probably coming to an end pretty quickly.” He adds: “Having two identities for yourself is an example of a lack of integrity.”

Zuckerberg is famously young, and famously wealthy. He has not had to grow up; he may never have to grow up.

Adults have complicated lives. Adults have parents, and children and grandchildren, patients and students, employers and colleagues and staff, friends and neighbors. Adults live in a crowded world where wisdom and compassion means muting the self, juggling the complexity of contextual identity. What we used to call, in medical school, being professional.

Zuckerberg is not an adult. I know where he's coming from. As an aspergerish teenager I might have made the same mistake.  He'll likely grow up one day and realize he goofed.

Problem is, we can't wait. He's rich enough that growing up may take a very long time, and for that time he'll be running Facebook.

I'm winding down my Facebook presence; I'll let it die a natural death. If Google or someone else provides a smarter alternative, I'll encourage friends and family to switch.

Google's latest inadequate Buzz patch - Profile deletion

Google claims to be trying to fix the Buzz Problem, but they're refusing to reduce the link between a public Google Profile and any Buzz activity.

For Google the public Profile is the great search prize. They won't give this one up easily.

So at the moment the only way to truly remove your public Buzz trail is to delete your Google Profile:

Edit your (Google) profile - delete profile:

... This will disable Google Buzz integration in Gmail and delete your Google profile and Buzz posts. It will also disconnect any connected sites and unfollow you from anyone you are following...

You can now do this from your Google Dashboard, from Profile settings, and possibly from the Buzz tab displayed in Gmail (which I no longer see).

There are side-effects to Profile deletion. It appears it will not only remove your Buzz followers, it will also remove your Google Reader followers. It may also remove your authentication with various connected sites and your Gmail OpenID credentials. It also removes any value attached to your Profile before Google attached the Buzz stream to it.

Google needs to do two things that they are extremely reluctant to do:

• Near term: allow users to remove Buzz streams from the public profile.
• Longer term: allow users to associate multiple Google Profiles with a single Google account and to control which ones ares associated with various Google properties, authentication and sharing services, etc.

Until they do these things, they have earned their new Gordon's Corporate Evil Scale score of '8' - average for a publicly traded company and in spitting distance of Microsoft's '10'.

Update 2/20/10: A week after I removed my full name from my Google Profile a search on my name still retrieves the profile and the few Buzz posts I've left undeleted. Quite a screw-up.