Thursday, September 10. 2015
Last night we had our September Social Business Meetup, with Euan Semple being our speaker for the evening (he spoke on Pigs, Lipstick & Dinosaurs - see relevant blog posts here, here and here)
Anyway, in the Q&A&D afterwards, people noted the way Twitter seems to be increasingly being used by people to try and signal they are "more X than thou". I have seen the effect, and it does seem to be an increasing "thing" on Social Media - but I can't prove it as it's very hard to write algorithms to sort genuine opinions from these signals, so I started looking for a reason as to the "why".
So, I was scrabbling round the Web to see if there was any information on this, and one term I came across was "Virtue Signalling" and that made me realise that this was covered already in a classic piece of game theory in signalling - "weak tells"
In Game Theory, you can signal an intent - a "tell" in the parlance - that may or may not be genuine. The way you tell if the "tell" is genuine or not is to measure its strength, and this is measured as the cost to the signaller. A "strong tell" is typically by someone who will "put their money (or other assets, reputation, time etc) where their mouth is". A weak tell is a signal with little cost to the user.
For example, Slacktivism (or its online variant, Clicktivism) is a classic "weak tell" play, in that it is typically a very small amount of effort required to show support for X online - a short amount of time needed to like a petition or click a survey or turn an avatar into particular colour/symbol, with no financial requirement and no comeback (the demand is usually to spend Other People's money & time, in fact). This means the campaign garners the maximum possible supporters, which is then stronngly trumpeted. To say it is popular on Social Media is to put it mildly. Of course, if you ever try and convert that support to any "strong" tell by asking for money (or time, or personal details, or similar) support drops off very fast.
Anyway, it became clear to me that "Virtue Signalling" (or "Smugupmanship" and "the Tyranny of the Like"- other terms I found) is a sort of "added value bonus" to a weak tell - not only can you profess your credentials at no cost, but you can simultaneously elevate yourself to be even better at being X than anyone else. A trick like this - essentially a bonus boost to social currency - is clearly going to spread, and spread fast, on most social media.
What is more interesting to us though, being analytics fans, is that from a Social Media analytics view is that this phenomena distorts "sentiment", which of course everyone analysing Social Media is desperate to get right. For example, when we analysed Twitter for UK election intentions, it came out strongly Liberal Democrat in 2010 and strongly Labour in 2015. In both cases the strength of support for the Tories (who hold many "hard to admit to in public" opinions) came as a big surprise, especially in 2015.
Now we made the assumption at the time that Twitter was largely populated by more liberal people, rather than a truly representative mix of the population - but this analysis would suggest that another contributing factor is that some people either (i) are too nervous to oppose what seems like a groundswell of support, as they can't tell weak tells from strong, and also there is quite a contingent who "tweet liberal, vote Tory".
It is more prevalent where there is politics of some sort or another (so "the right thing" is defined), and seems to be more of a "thing" on networks where people are known, and not anonymous, as far as I can see. Social Media's obsession with identity and transparency, in other words, is probably driving behaviours that give the opposite of clarity and honesty.
For what its worth, this effect is why all democratic systems eventually moved to anonymous voting (secret ballots) rather than a show of hands, when it was realised that public displays of opinion can be influenced and thus do not yield the true "wisdom of the crowd".
Sunday, September 6. 2015
This is just a quick note on my own experiences and not a full review
I have upgraded my second best work computer from W7 to W10 and initial impressions are good. In fact, all pro so far.
The start button seems to be back by default and uses part of the pop-up menu to show Windows 8 style tiles. I am not a huge fan of having pre-set content pushed to my desktop, but they could be quite nice once personalised.
The upgrade process was quite painless and has automatically picked up my "pro" licence, so I can used Bitlocker. In fact, this is a feature enhancement, as Bitlocker was only available (to encrypt drives) on Windows 7 Enterprise and Ultimate. (Since W7, all versions have been able to read Bitlocker removable drives.) One of my colleagues did report that his licence was lost and he ended up with the basic version of W10, although there is an option to ask Microsoft to issue the correct licence to fix this.
W10 offers two ways to back up, with the legacy W7 "Backup and Restore" or the native "File History". Both of these can work to a network location (although this may not be true on the basic version of W10.)
The UI has a nice clean style, in spite of my attempts to clutter the desktop with random icons!
Last but not least, there is an option to revert or roll back to (in my case) Windows 7. I haven't tested this, but it could be a useful feature if issues arise. Of course, the usual health warnings apply and you should back up your system and especially, your data before upgrading. The Windows 7 "Create a System Image" is probably best if you need to do a clean restore shortly after upgrading. The main drawback is that it is only a snap shot and would overwrite any data updates from the time of the system image to the time of the restore.
I have learnt to be wary of Windows updates, especially after Vista and Windows 8.0. However, Microsoft seem to have gone for continuity this time and I am cautiously optimistic. I will report back once I have had a chance to play with the upgrade.
Friday, September 4. 2015
I have written a fairly detailed analysis of the impact of Transaction Costs on New Ways of Working on the Agile Elaphant blog, its a response to Esko KIlpi's essay that is part of the O'Reilly WTF project.
I never know whether to reproduce the full text on both blogs, but usually don't - the full essay is thus over there, but here is the expurgated version. In essence, Kilpi's argument is that technology is dropping transaction costs outside the Firm faster than within it (There is a more detailed explanation of Ronald Coase's Transaction Cost dynamics of Firms in the other post), and thus the structure will shift from Firms as intermediaries between customers & suppliers to other economic entities. Kilpi argues:
What really matters now is the reverse side of the Coasean argumentation. If the (transaction) costs of exchanging value in the society at large go down drastically as is happening today, the form and logic of economic entities necessarily need to change! Coase’s insight turned around is the number one driver of change today! The traditional firm is the more expensive alternative almost by default.
What I really like about this analysis is that it's based on business operational thinking, which in my view is what will define what works. I do have some caveats with the line of reasoning, however:
Firstly, ”If” – as in “If the (transaction) costs of exchanging value in the society at large go down drastically”. This “If” has a rider, which is there will only be a shift "Also If" the transaction costs of Firms do not reduce, i.e. are not equally affected by these same technologies. If those In-Firm transaction costs also go down, using the same sorts of technology, then there will not be a great shift to "exchanging values in the society at large".
Secondly, what are these replacement economic entities going to look like when the firm sheds transcations? Who will operate and own them? Will they be bedded in the "society at large" or not? There is an implication in Kilpi's work that these are not intermediary structures, and the overall WTF essay assumes they will be set in some new style of (implied more egalitarian?) network, as many of the Sharing Economy proponents believe. Except that these "platform" businesses are exactly the same as Olde Firms except they use this newfangled Internet thing, but now with Apps.
However, if you look at the example given in the essay as a harbinger of the new – Uber – this is clearly not really the case. Uber is clearly just another Firm. As to value exchange, it remains a centrally placed intermediary. All links lead to and from Uber. All transactions (logistical and financial) are routed through Uber's servers, within its own network. If this is a network economy, it is a highly centralised and closed network, with all nodes owned and run by Uber. All that "society at large" is doing is supplying or ordering a taxi ride and paying for it at the edge of the network, as it did before, just that now its ordering by App transactions rather than 'phone or hail ones.
In this case one "traditional" Firm, the original Taxi Company (or in fact many Taxi Companies), have just been replaced with another, newer, one - Uber. A new Firm has used new technology to reduce the transaction costs in a well worn existing business model (order taxi - route taxi - pay taxi) and is now using good old fashioned In-Firm competitive advantage to take market share from existing Firms with higher transaction costs. Uber only needs a “very different kind of management” insofar as it is managing more machines, less people in its workflow. It's network is a good old heirarchical network, just more automated.
Same web, different spider.
In summary, my view of the piece is that it risks assuming that any change to traditional Firms will deliver a societal network, i.e. the replacement to The Firm will be a better thing. But it's far from clear that Uber at al are "better things", they are in reality just "New Firms" where a large proportion of their cost savings come not from the technology driven transaction cost reductions due to ICT, but the labour and regulatory savings they use by arbitraging current laws and regulations.
And this has been true overall in "Innovationary Business Models" for many a decade. The big driver of outsourcing and offshoring was lower regulatory and labour costs, especially in developing countries, and not the transaction cost reduction from adoption of ICT on every desk and cheap global telephony. What has really changed in UberFirms is who the employees nominally work for, their working conditions, and which regulations the UberFirms believe they can avoid.
However, there is already starting to be pushback from existing competitors, regulators and employment institutions to ensure a more equal playing field. This is why, as these efforts are starting to level the field, some of the Uber-alles plays have already had to shut up shop. Uber's own model is under attack and it is having to shift more of its resources into lobbying, undercutting competitors and public pressure to keep the arbitrage gap open (....long enough to IPO at Unicorn valuations ).
In short, its not quite clear how sustainable the UberFirm model really is. Most do not have the database Google has, the warehouses Amazon has, or the music rights Apple has. They have a temporary advantage via regulatory arbitrage, but that will go, sooner rather than later, I think. They have freelance taxi drivers (or name your UberClone service supplier type here) and customers, but both of these are free agents and as faithful as the next service drop needed. They have a matching algorithm and an App, and can take credit card payments, but this is not rocket science to build.
I was having a useful Twitter discussion with fellow London blogger & VC Nic Brisbourne about current players competing by adopting some of the same technologies/working practices He made the good point about scale, i.e. - taking Taxis for an example again - how big do you have to be before you can implement Uber technology and counter them. Nic's other argument is that a large player gets a network effect in attracting customers
Its hard to tell, but the predictions I would make for taxis are:
- There is a declining benefit curve - ie at some point, far smaller than a Global Uber, you can offer a similar service at a competitive price.
- I'd wager a "London Cab App" would be useful enough and big enough for 14m Londoners, thats a big enough market in a cloud driven world where nearly everyone has a smartphone. Sure some Global Warriors would want a Global TaxiCo, but most people on the planet would run with one from their city nearly all of the time.
- Question of course is will anyone build, say, a London Cab App service in time to head off Uber.
- But over time this is a low barrier to entry business - over time, as technology develops, it will get easier to offer services at smaller scale so even more local cab co's can offer similar services.
In short, its not impossible that today's Taxi firms will still be tomorrow's, if they can also embrace the technology.....I'd also bet that this set of observations is largely applicable to most of the prospective UberFirms.
But lastly, I can't see any scenario where the Work -The Future is dominated by a rosy world of value additive, societally sharing networks with single agents and microfirms gaining the surplus, the trend if anything is to UberFirms - so talk of the extinction of Firms is somewhat premature.
Update - article in FT explains how Uber is running into trouble with regulation in Europe. I am more curious about why US city regulation seems to be unable to stop them than EU regulation working, to be honest.
Thursday, September 3. 2015
This is a lovely piece in Vanity Fair about whether there is an emerging Silicon Valley Bubble or not. They report on Andreessen Horowitz' Scott Kupor's recent talk:
It always is....or at least the reasons why "it's different" are different every time anyway The piece continues:
.....and charts highlighting the decrease in tech I.P.O.’s, the metric that eventually pierced the froth in March of 2000. Back then, a company went public almost every single day; now it was down to about once per week. This time around, he noted, the money was flowing backward. Rather than entering a company’s coffers in the public markets, it was making its way to start-ups in late-stage investments. There was little, he suggested, to worry about.
At this point may I raise the Mandy Rice Davies riposte....
We first saw early bubble signs in 2010, the hardest thing is to work out "when" it will pop. I'm a great believer in 7 year cycles from genesis to nemesis because its a mystical number with a great pedigree, every 7 years the Queen of Faerie pays a tithe to Hell, and besides its the 4th prime number and I like 4 as well:)
Maybe a better strategy than trusting amateur numerology is to try and avoid the fallout - the article quotes Marc Cuban, who points out:
“The biggest of all losers will be anyone who has borrowed money to invest in private companies,” he told me. “You were stupid. You blew it. You lost. That simple.”
Chances are though, that the biggest losers will be the "other people" when those investors that use "other people's money" invest, too late in the cycle, without really understanding the game.
Wednesday, August 26. 2015
No sooner to we pontificate on MumsNet et al on Monday, than they hit the headlines again with a second DDoS attack within a week, brought the system down on Monday night - Times:
Mumsnet has been hit by a second wave of cyberattacks after a hoax campaign this month led armed police to the home of its founder.
From an information security point of view it's an "interesting" problem - the truth is that people with IT skills can create quite a sophisticated digital attack these days at fairly low cost and effort. The big players spend a lot of money on their defences, but how does a "midcap" digital enterprise protect itself without spending all its money on sophisticated technology and an army of skiled techies?
From what has been written so far there seem to be three main areas to look at:
(The Swat attacks are reprehensible, but they are not specifically due to system hacking per se - that has a separate risk profile, ie the amount of personal data that is publically available and triangulatable - see a talk we gave on that over here)
Surviving DDoS attacks is non trivial, but it is the simplest problem to solve, as it is purely technical - in essence one needs a hybrid architecture of a scalable cloud based infrastructure to be able to deal with the volumes, and an on site system that keeps the lights on and is watching for the probe hacks that will often come under the cover of the DDoS.
Data theft attacks are more subtle, and hackers often use the confusion created by a DDoS. If a company is hacked, it is highly likely that links will be redirected to false sites in order to phish for more data. This data often comes in droves after a DDoS attack as people try to log in to re-establish contact while there is still systemic confusion. The "worst case" attack is that an internal system has been subverted, typically a careless (or occasionally malicious) employee is the problem. This is exacerbated by modern "bring your own device" policies. In these cases they key is to ramp up secure procedures and discipline, and unfortunately also impacts users.
But ultimately, the cost of maintaining continual high security is, well, high, and no system is 100% secure against determined attack - it is also necessary to try to neutralise both the reasons for being attacked, and/or the attackers. It would appear that it's some posters on MumsNet who say things that these activists don't like, and thus the activists are mounting these attacks. The problem with activists (of all stripes) is that they probably won't go away anytime soon. As yet its not clear where they are coming from, but it is even harder to manage this process if attacks are coming from other countries.
We think this will be an emerging trend, the use of (fairly low cost & effort) cyber-attacks to stop people one doesn't agree with having their say (or in the case of Ashley Madison, doing things one disagrees with) as it plays to an increasing tendency towards online polarisation and intolerance. Unfortunately the "systemic" endgame solutions will be some time away - which doesn't help the companies being attacked early up. MumsNet has some tough decisions to make on content vs discontents.
Monday, August 24. 2015
We have been reflecting on the data breaches at Mumsnet and Ashley Madison as well as the user revolt over Spotify’s attempt at a data land grab. We are still at the start of the information age and users are still learning the value and power of personal data. We believe that there are some lessons to learn here.
Lesson 1 - nothing is secure! We should know this by now! Even the NSA is not secure, as Edward Snowden helpfully demonstrated. Once you have given your information to a third party you have lost control of it, so take care about who you trust and what you tell them. For example, does my cable company need to know my real date of birth? Invent an “Internet Birthday” and only tell banks and governments your real DOB (banks so your credit check works and governments as they get grumpy when citizens don’t co-operate!)
Ashley Madison were bordering on the insane to claim (as reported by the Independent) that their servers where “kind of untouchable”. The only untouchable server is turned off, buried and disconnected!
Even after the data breach, the Ashley Madison website has pictures of padlocks and assurances of discretion. However, if you think that the value of the information to the user and compare it to the funds available to Ashley Madison to keep it secure, it doesn’t add up. The fact that a user’s email is “on the list” has potentially life changing consequences. At least, it will risk their relationship and family. Some people might say that they deserve that, although for the purposes of this post, we are not making moral judgements and just considering the relative value of information in different contexts. However, most people would be concerned about those users who have listed gay preferences and are therefore exposed to physical danger in the countries where they live (as reported in the same Independent article.)
Of course, if you live in the wrong country, there are all sorts of lists that might get you into danger. Political activism in repressive countries is one of the things that the TOR Router was invented for, although it’s better known in the mainstream media for facilitating unsavoury transactions on the “dark web”. Data security is not the same as anonymity and in the case of paid-for services, anonymity is only an option if you can pay by Bitcoin.
Lesson 2 - users should consider how damaging a piece of information would be if revealed. This is really a variation on lesson 1, but with an emphasis on risk management. Because we mediate an increasing proportion of our lives via the Internet, there is more and more information that could potentially be taken out of context. This might be a youthful indiscretion posted on social media and picked up by a potential employer. It may be photos intended only for your partner. It may be that you are on a list of activists or a site like Ashley Madison. Most people would not want any of these things shared, but users can be naively trusting. You need to ask if the protection of said information will be given the same priority as you would give it and given the persistent nature of digital information, for how long?
The Mumsnet Data Breach provides an interesting contrast. Although users may have been inconvenienced by the breach, there is nothing on Mumsnet that anyone would be ashamed to own up to, or at least is not in (semi) public view already. From the reports, the only valuable information that seems to have been revealed from Mumsnet are personal details such as user email / password combinations and some postcodes. As Mumsnet have reset all their passwords, this only becomes a problem for users that use the same password for many sites. Unfortunately a depressing number of people do this and are vulnerable to breaches and phishing.
Lesson 3 – use a different password for each site. If you can’t remember that many passwords, append your password with some letters from the site name e.g. “passwordMU” (by the way “password” should not be used as a password!) This approach will stop automatic bots from reusing your password on other sites. Alternatively, use the browser function to store passwords. I would recommend Firefox as it allows you to share passwords across several systems using a “zero knowledge” protocol, meaning that their servers can never know your passwords (even if hacked.)
I haven’t talked about banking or financial websites and apps so far. From a user’s point of view (at least for the time being) the risk is more about inconvenience that loss of funds. The banks are still bearing the loss of data breaches to keep consumer confident in on-line banking. To be fair to the banks, there are also improving on-line security with two factor authentication as standard for most on-line banking systems.
Lesson 4 - Email addresses are not secure identifiers. As email addresses are public, it’s quite easy to “borrow” email addresses. Spammers do this all the time as real email addresses stand more chance of traversing spam filters, especially if they are previously known to the intended recipient. There are reports that some of the email addresses on the Ashley Madison list were not put there by their legitimate owners. Of course, they would say that wouldn’t they! However, I am inclined to be sympathetic to such claims as Ashley Madison did not require emails to be verified and their “freemium” model is likely to attract “spam” profiles. These may be to initiate “Nigerian” scams, build botnets, etc.
Lesson 5 - This is well made by Paul Mason in the Guardian and is about the value of aggregated data. The examples of passwords and specific data points (“this user is an adulterer”) are easy to see. What is less obvious is how seemly innocuous data (location, buying patterns, etc) can by combined to make predictions about users and gather intelligence. On one level this is just creepy. For example, predicting women are pregnant before they know themselves. However, given what we know about the power of loyalty cards, it is more than likely that harvesting such rich data will give huge insight into our behaviour and intensions, conscious and unconscious.
We are moving towards a world of “total information awareness” - in fact, the name of a post-9/11 spying programme but nicely descriptive. Although recent events have highlighted the risks, there could be many positive sides. For example, your doctor could call you to say that you might be ill, rather than the other way around. However, we should go into this brave new world with our eyes open.
Thursday, August 20. 2015
Grauniad reports that Google now has to cut links ti stories talking about the right to be forgotten:
I wonder if Google will be ordered to to remove links to our story about '‘right to be forgotten’ removal stories own ' removal stories'. Ah, the curse of recursiveness....
But this is the EU law - so of course, by using a Google browser from another country or Google.com this will not happen, as it does not apply (Yet - the EU is trying to make Google implement Right to be Forgotten across all its assets).
Or just access another browser without assets operant in the UK that needs not follow the law - DuckDuckGo, for example.
Quack Est Demonstratum...
Wednesday, August 19. 2015
Comparison of Byzantine and Osmanli Leadership Social Networks
I've been looking at research around what can be discerned about organisations and their effectiveness due to various organisation structures, and this paper, Calculating Byzantium, by Johannes Preiser-Kapeller
of the Institute for Byzantine Studies, Austrian Academy of Sciences came up. Compared to much of the worthy stuff and (frankly) dross I've been reading, it was fascinating, just the sort of thing Broadstuff readers may enjoy. The other useful thing about networks of the past is that you know what happened next, so thay are, to some extent, predictive.
It has a section looking at the social networks of the Byzantine Emperor and the Osman Turk statelet (one day to be the Ottoman Turks) who were eventually to overrun Byzantium (there are also some other interesting sections about calculating ancient social networks, fits nicely into Jared Diamond & Robin Dunbar's work).
The two commanders' network diagrams are shown in the picture above, and what is clear is the Turkish command system is smaller and - looking at the stats (see below) has many advantages. The paper notes that:
It's easy to jump into the assumption that the Turks are far more integrated, clearly far more information can be moved fast, and thus the Turkish system is more flexible, more responsive, more effective, and the inevitable Fall of Byzantium is merely a matter of time (took c 100 years from this period to get parity, mind you, and another 100 to finally take Byzantium out - a lesson that big old dinosaurs are still no pushover for fast moving startups).
But there are a few caveats:
Firstly, Byzantium at this time was a bigger, far more complex state than Osman's Turkish statelet so needed more people to run it and - very unusually - was running with 2 Emperors (older one + nephew) and broke into a ruinous civil war in 1328 (half way through this map's timespan) so the network would be massively bi-modal, with 2 opposing camps, by definition.
Secondly, the Byzantine system had been relatively stable for 800 years (just how they managed that that would really be worth studying) so its not a slam dunk that Osman's system was "better", Byzantium had seen the likes of Osman (and far worse) come and go many times over the centuries. Arguably he got lucky, being around just at the time the Empire was busy tearing itself apart (and Andronikus II was by all acounts one of the crappest Emperors they ever had) and other challengers - the Venetians, Bulgarians and various Latins - were also attacking it at the same time.
Thirdly, as the paper notes, in Osman's network "the potential flows of power and resources are more centralised in the hand of the ruler". This works if the leader is able, and can keep on top of the decision flow. Not so good a system if the leader is not so able, and/or the system becomes more complex.
If there was a modern lesson for the "flexible structured, small and nimble giant killer startup school" its that its not enough to be just that to succed, your large and ossified dinosaur opponent also needs to be in total disarray internally, and probably beset on a number of other fronts simultaneously. That the Ottoman state system started to look more and more like the Byzantine as it grew is a salutary lesson.
Or, to rephrase, that the [Insert your favourite Unicorn] system started to look more and more like the [insert your most hated Corporate Dinosaur] as it grew is a salutary lesson.
Thursday, August 13. 2015
It would appear Facebook's Messenger service not only knows your location, but packages it in the data stream when polled. The fate of the prospective Facebook Intern, Aran Khanna who found this out and built an App on the back of it, however, is more interesting - Boston.com:
The app also showed the locations, which were accurate to within three feet, in a group chat with people he barely knew. That meant complete strangers could hypothetically see that he had messaged them from a Starbucks around the corner, while he could see that they had messaged from their dorms.
And, in classic Facebook one step back, two steps forward mode, after Shooting the Messenger (App Maker) they then...
...released a Messenger app update trumpeted as follows in a news release: “With this update, you have full control over when and how you share your location information.”
The lesson, should you wish to learn it - again - is that Facebook's view on your privacy is to exploit it until caught at it, and even then to try everything to keep it ongoing.
The other lesson, of course, is that Social Media SNAFUs must always be blamed on the Intern
Wednesday, August 12. 2015
The Online Trust Alliance — a group made up of such staunch civil liberties and privacy advocates as Target Stores (?), Microsoft and home security firm ADT — on Tuesday released a draft of its IoT Trust Framework (PDF), which offers voluntary best practices in security, privacy and what OTA calls "sustainability" (read "lifecycle management") for home automation, and wearable health/fitness technologies.
More about it here, in summary:
The OTA guidelines set a high bar for IoT device makers. On the security front, the framework calls on manufacturers to employ end-to-end encryption, including device connections to mobile devices and applications and wireless communications to the cloud or other devices. Device makers should include features that force the retirement of default passwords after their first use and to configure multiple user roles with separate passwords for administrative and end-user access.
About time. Of course, it means tearing up some of the favoured #IoT business models du jure, so will probably be seen more in the breach than the observance, but it's a start.
Sadly, the one thing we have learned about the Consumer from countless loyalty schemes and social media systems is that they largely don't understand the importance of privacy and will sell their data for a pittance.
More Broad Stuff
Poll of the Week
Will Augmented reality just be a flash in the pan?
Creative Commons Licence
Original content in this work is licensed under a Creative Commons License