Failcon Privacy Panel topic: why are location services ignoring these guys?

Stanford's privacy guys

Today I’ll be on a panel at Failcon about privacy. More on that in a second, but last week I visited the Gates Building at Stanford University. You know, that’s the building where Google’s founders went to computer science classes and developed Google.

While there I met a student, Arvind Narayanan, and a professor, Dan Boneh (you see them in the photo here) who showed me that they’ve developed a way to let people tell other people where they are located, or, especially, if Dan is near me so we can go and have lunch together. So? Doesn’t Foursquare do that? Doesn’t Google Latitude do that? Yes. But the system that Boneh’s team has developed does so without letting the host server or other users know. Whoa. How does it do that?

Well, through some neat cryptographic tricks. On the whiteboard they simplified it for me. Let’s say we were using Loopt and that Dan wanted to let me know where he was. He checks in, and a crypto key that I have would let me unencrypt his location without letting Loopt see that. It’s actually a lot more complex than that, and you can see how it works on the paper they drew up.

But after explaining it all to me, they said none of the location-based services were interested in it.

Why not? Well, there’s huge commercial value in knowing where you’re located and they just aren’t willing to build really private systems that they won’t be able to get at the location info. Think about a Foursquare where only your friends would be able to see where you were, but that Foursquare couldn’t aggregate your location together with other people, or where it wouldn’t be able to know where you are itself. They wouldn’t be able to offer you deals near you when you check in, the way it does today.

The truth is that both companies and consumers aren’t demanding these kinds of features, so until they do this neat idea will remain code on Dan’s whiteboard.

I think it’s interesting to see that not every idea leaves that whiteboard at Stanford and becomes a commercial success like Google was. It did take me back to about 13 years ago, though, when Larry Page and Sergey Brin probably sat in that same office writing code on the whiteboard and explaining it to their professors. What a place to visit.

Anyway, I’ve been thinking a lot about privacy lately. Turns out that even though I’m a very public person and don’t personally use many privacy settings on, say, Facebook or other services (in fact, I usually turn them off) there ARE some reasons for the industry to focus on privacy. Why?

Well, privacy goes beyond just keeping the government out of our bedroom. Here’s some ways I see privacy now:

1. Noise control. I love sharing my kid’s photos with you. But, I bet that you aren’t all that interested in them. So, can you tell the system “I like when that Scoble guy talks tech, but not when he talks kids?” Not really today. To me that’s privacy and yes, I know, most of you don’t see it as a privacy issue. It’s the control of what appears on your screen. Why should someone else be able to shove something onto your screen you don’t want?

2. Audience control. There are some things that we want to aim at only a certain audience. This is actually what most people think of when they think of privacy. Can they publish a photo and only have their close personal friends see it? Or, can they publish a photo and have only their dad see it? Over on Facebook, for instance, I have a group for my family and I can publish stuff into it. But am I sure that stuff I put there will only be seen by my family? Not really. They could copy the screen and publish it elsewhere. Mark Zuckerberg, for instance, last night, told us all where he was eating thanks to Facebook Places. Did he really want that to be reblogged and retweeted? I don’t know, because Facebook doesn’t have good enough audience control mechanisms.

3. Timing control. I love using Glympse to tell my friends where I am (you can even use it to let everyone know, or keep it just to some private small group or one person). On it you can set how long that information will be available. That’s timing control and has nothing to do with the other two pieces of privacy. I wish more systems had timing controls like this, especially location systems. Imagine if Foursquare only let you look at someone else’s location info for, say, two hours. That would keep you from going back and making a historical record, which could help house thieves figure out when you won’t be home.

4. Government control. This is what a lot of people think is privacy. Is your data being looked at by a governmental agency? Even public data. We’d love to know, but I think the cat is out of the bag on this one and we just have to assume they are looking at all of our data.

5. Service control. If I check in on one system, does it spray that info to other systems that I might not want to know? That’s happening more and more frequently. For instance, just last week I learned that Zagat and Starbucks made deals with Foursquare. Did you know that? Do you know where your data is traveling and being sold to? Did you know that if you tweet on Twitter that your Tweets can show up on Bing and Google? Most people don’t really know that and being able to control that would be nice, but, again, another cat out of the bag and I don’t see us getting that control back.

6. Commercial control. Which advertisers get to track us? See our data? Push ads in our face? Etc. These two guys at Stanford also developed a system that would give you control of that, but that’s even less likely to be picked up by industry so I didn’t even cover that here. Why? Momentum and prior art. At least in location business we’re all building our behaviors now, so we have a chance to change them. But their ideas involve new browsers and new technology to put us in control and that just won’t happen.

7. Bedroom control. This is the last bastion of privacy. Is there a reasonable expectation of privacy behind walls? Well, yes. But we are developing technologies that can see through fences, through bushes, and through walls. These technologies won’t be limited to governments soon either because of high cost or other barriers. If you can shine a laser through your windows, you can see and hear a lot more than most people might think. Add radar, which even my car has on it now, and privacy can fall. This is one area that humans will resist the most, but it’s still going to see attacks due to technology.

Out of all these areas, the one that personally interests me the most is noise control. Most people don’t see that as a privacy issue, but it’s the issue that concerns me the most.

What about you? What’s privacy to you? And do you see the industry ever caring enough to visit those two guys at Stanford and using their code?

I don’t, which is why their visits to various location players and other tech companies will continue to get ignored. Sorry guys.


First look at Aro: another example of why chaos on Android is good

There’s been a lot of chatter lately from Apple about why Android’s platform chaos is bad. What is chaos? Well, it’s the fact that every Android phone isn’t the same.

My Samsung, for instance, has tons of icons and apps and even a different look and feel than other devices from other manufacturers. That’s chaos. It’s generally bad to someone who sees a device as art, like Steve Jobs does, and it makes it harder to support. After all, if someone is having a problem, if all devices are the same, it’s easier to figure out. But if every device is different, it’s harder to figure out what’s causing the problem.

Underneath there’s chaos too as developers have to handle different devices and make sure their code still works on all of them.

Looked at it these ways, chaos is bad!

But where is chaos good? Well, two companies demonstrate how chaos is good: The first is Swype, which makes a much better keyboard for some Android devices. When I visited them a few months ago they had it working on iPhone and iPad, but they couldn’t get approved by Apple. You should watch that video to get an idea of how it works (you swipe your finger over the keyboard rather than poking at it and trying to hit small targets with your fingers) and why it’s so much faster than other virtual keyboards.

You can just hear Steve Jobs yelling in pain as he watches that video “what do you mean there would be two different keyboards on my devices? Hell no!”

But today we have another example of why chaos is good on Android: Aro. What is Aro? It’s a new personal information manager. Basically it takes over your email, your contacts, your calendar, and makes them all better and easier to use. How does it work?

It stores all that data in a new database that analyses all that info semantically. Do you see the chaos yet? Lots of chaos. First it replaces all those pieces of the cell phone, and can even hook into the phone dialer. Steve Jobs would +never+ allow that, would he? Second, it stores your data in a new cloud-based database. That brings into focus new privacy and backup concerns (they answer those on the video, but they are new concerns that don’t exist on the iPhone). More chaos.

Anyway, the video with Aro’s CEO, Jonathan D. Lazarus, is long (46 minutes) but Aro is the most innovative thing I’ve seen done for mobile phones lately, so I think it deserves a long look. If you only have a few minutes, pop over to about 5:55 into the video where you’ll see a demo of Aro.

What does Aro do? If, say, Bill Gates sends Steve Jobs an email, copies me, and is talking about Larry Ellison, Larry’s name will have a little square around it. Click on that square and a new UI fans out, letting me see other info. It’s like Rapportive or Xobni, but done much better and for the mobile interface. It makes your phone much more productive than it would be otherwise and that’s why I feel it’s so important.

One aside, this video is the first I did with Apple’s iMovie 11, so it’s in high-def. One problem. It took dozens of hours to import, edit, process, and upload, so I doubt I will use HD for these longer videos.