[HN Gopher] A legislative path to an interoperable internet ___________________________________________________________________ A legislative path to an interoperable internet Author : wallflower Score : 218 points Date : 2020-10-18 14:41 UTC (8 hours ago) (HTM) web link (www.eff.org) (TXT) w3m dump (www.eff.org) | 0xquad wrote: | I generally support the EFF and think netizens need far more | protections than they have, and those need to come through | legislation. But I don't get why this mandated interoperability | is a good idea. | | Mandating data portability is one thing, but having the | government decide that a company must provide an api seems absurd | to me (so far: it's a new idea to me). | | In the meantime, dear EFF: - Why hasn't the EFF created | boilerplate privacy agreement clauses that companies could adopt | to prove their ubiquitously claimed "utmost concern for user | privacy"? - Why isn't there a vision of how companies could | maintain the provenance under which each datum has been acquired | (and therefore when they can/can't be shared/sold/etc.)? - What | meaning does any privacy agreement have (no matter how consumer | friendly) if it can be changed at any time? - Why do NO companies | promise to protect user data in the event of an acquisition (in | fact they promise the opposite). | | These seem like action items right down EFF's lane and I keep | waiting year after year for the basics to be covered. I criticize | as a friend (and small donor). | chosen1111 wrote: | Including sites like Gab and Bitchute? | thekaleb wrote: | As far as I understand it gab does use open protocols. | ilaksh wrote: | It's nice to see a reminder every once in awhile that some people | in government are actually competent. It's strange that it seems | like actions on major structural issues are so delayed and rare | or ineffectual, but at least some people do make an appropriate | effort sometimes. | | I generally don't donate to anyone but I am going to send the EFF | a few dollars in case it helps them promote this bill. | esoterae wrote: | There's a number of quiet warnings in my head that this is too | overbroad. Don't get me wrong, I think something like this should | happen 100%. But this seems to cast too wide a net. | | What about my bank? They have >100M users, and with an | app/service portal, they'll be required to be "interoperable". I | don't want my bank or my bank info to be interoperable. I also | don't want my bank to have an interoperability interface; as an | internet plumber, I fully realize the first thing you need to | have a blockage is a pipe with something in it. | | What about content delivery? Will I be able to play music/movies | hosted by my subscription provider through a 3rd party? This | calls into question some difficult problems around licensing that | may be impossible to satisfy via existing, established contracts; | don't paint a content provider into a corner of guaranteed | noncompliance. | | Where is the definition of "interoperability"? | | This will be a field day for an endless bevy of corporate lawyers | to say "Oh XYZ isn't a service with users. It's available to | users of ABC service, which is fully compliant with the | interoperability rules as required by blah blah." | | I applaud the effort and think this is a priceless next step in | helping define where we should go next, but I'm only hearing | possibility and daydreams, not concrete implementation. | eitland wrote: | > What about my bank? They have >100M users, and with an | app/service portal, they'll be required to be "interoperable". | | Banks around here (Norway) are required to provide API access | because of Eu regulations (yeay EU, sometimes you are a great | idea even if I'm happy that we aren't a member) and I can | already see accounts from other banks I have used before. | | > I also don't want my bank to have an interoperability | interface; as an internet plumber, I fully realize the first | thing you need to have a blockage is a pipe with something in | it. | | Couldn't this be used as an argument against every | standardization effort? | betamaxthetape wrote: | > What about my bank? They have >100M users, and with an | app/service portal, they'll be required to be "interoperable". | I don't want my bank or my bank info to be interoperable. | | Here in the UK we have something like that, called Open | Banking[1]. IMHO the most noticeable benefit to consumers is | that many of apps from the UKs largest banking providers now | allow you to view your accounts from _all_ your banks through | their app (traditionally you could only view accounts you held | with that bank). I believe that some budgeting / spending- | tracking apps also take advantage of it to amalgamate | information from all of your accounts. | | [1] https://www.openbanking.org.uk/ | munfred wrote: | If you look at section 2 of bill S.2658[0], you will see that | the bill only applies to "Large Communications Platform | Providers". You bank is not that. Spotify and Netflix are not | that. The bill doesn't apply to them. And note that the current | threshold is 100M monthly active users _in the United States_ | *. A third of the population using the communications platform | monthly. Relevant passage of section 2: (7) | LARGE COMMUNICATIONS PLATFORM.--The term "large communications | platform" means a product or service provided by a | communications provider that-- (A) generates | income, directly or indirectly, from the collection, | processing, sale, or sharing of user data; and | (B) has more than 100,000,000 monthly active users in the | United States. | | --- | | Original bill text: [0] https://www.congress.gov/bill/116th- | congress/senate-bill/265... | JoshTriplett wrote: | > (A) generates income, directly or indirectly, from the | collection, processing, sale, or sharing of user data; and | | OK, this is _substantially_ better than any other proposal I | 've seen. It means that any platform that _doesn 't_ make | money off of user data (e.g. one that makes money in some | more ethical way) is exempt. | megous wrote: | Delegability: Yes, please. :) I like writing a small apps that | scrape some service's data to my local DB and then use the data | locally (being able to combine them in my own ways). | | Imagine a postgresql database where bunch of these scraping | interfaces load data into per-service schemas, and you can then | join/union across schemas, integrating data from several | different online services in creative ways. | | Too bad this bill is targeted at huge services only. Though those | are mostly the ones that try to obfuscate and hinder access to | data. | | I can already use up one hand counting the webistes that just | deleted all user contributed content or disappeared for other | reasons where if I didn't do this, the content would be lost | completely to me. Or services (like online banking) that just | offer 2-3 year history, and you need to pay to access older data. | | Just allow users to write their own clients. | Animats wrote: | Data portability, yes. No big argument there. Back-end | interoperability, yes. No more locking out TweetDeck, and common | applications for all message transports. | | In particular, back-end interoperability needs to be mandatory | for Internet of Things stuff. The lifespan of a cloud service is | short, maybe 5 years. That's a big problem for house components. | | Delegability needs thought. There's bots. There's Snooping as a | Service. Technically, back-end interoperabilty implies the | ability to delegate. It's more of a contractual issue. Can a | service forbid it? Intermediaries and aggregators have their own | headaches. | upofadown wrote: | >...email servers have been slow to adopt even basic, point-to- | point encryption with STARTTLS. | | You need to give more credit than that. STARTTLS adoption is well | over 90% now. Yes, it is unathenticated so that it only protects | against passive listening, but that is still a huge improvement. | | Authentication only would apply to the mail servers anyway. | Further worthwhile improvement would require authentication of | end users. Not sure how you can legislate that in a useful way. | dane-pgp wrote: | > STARTTLS adoption is well over 90% now. | | That makes me wonder if it would be reasonable for a diverse | group of email providers (large and small) to announce that | they will add a 1 hour delay to emails received from or sent to | servers that don't support STARTTLS. Perhaps each year that | delay could double, until those non-compliant services became | basically unusable. | | To make this change even less controversial, users could be | given the option to whitelist certain email addresses so that | exceptional use cases could still be supported. | offtop5 wrote: | >Now imagine that a user on one platform can interact with any of | the other platforms through a single interface. | | I love the spirit here, but I think everyone here is aware that | outside of mainstream networks like Twitter you have other | networks which are just full of rampant hate speech. | | If you tell Facebook they have to support allowing hateful users | to contact their own, Facebook no longer has any ability to | moderate anything. I would love social media which wasn't | controlled by a single Mega company, but I'm just not sure how | this could exist. | | I have heard of projects, say a local group of college students | set up zoom socializing, which does provide a much needed | alternative. But I just don't think this can scale, once you have | no obligation to the group to be a decent human being, it becomes | extremely easy to be nasty and mean. | | I'm lucky enough to be a part of one zoom ( for now, I met the | owner in real life) community. He has to personally let everyone | else in to the room, and he's already had to ban a few people for | over the top racism. | | Before you know it everyone is meaner on social media than they'd | ever be in the real world . It's at the point where I don't want | to feel my mind with that, therefore I just don't partake. | | If this ever was something Facebook had to do, within hours you'd | be flooded with bots dming you nonsense. As is Facebook has major | issues with Spam and abuse, what's the stop someone from creating | a service which just sends bots in to hurl racist insults | grishka wrote: | Federated social media works around this just fine. Any server | can ban any other server breaking its rules. | | Yes, a federated system will inevitably be abused by malicious | actors because of its inherent openness. But if it's closed the | way it is now, then it is abused by the company that owns each | platform. If I had to choose, I'd absolutely pick spam over | ads, tracking, and dark patterns. Spam is at least easier to | deal with and universally hated by everyone while most people | don't even realize they're being tracked at all times. | offtop5 wrote: | You can also just not use social media. | | No one forces you to use Facebook. I respect the right of | Facebook to not want to be over ran with hate speech. | | It's a nominal task to spin up a fresh server everytime you | get banned. The only effective way to stop said spam would be | for FB to have a limited white list of vetted partners. So | your back where you started . | grishka wrote: | > You can also just not use social media. | | And use what instead? | | > No one forces you to use Facebook. | | What are your choices, exactly, if all your friends use it? | So you're either on Facebook, or you're missing out and | inconveniencing your friends. There's currently no third | option. | Dahoon wrote: | >You can also just not use social media. | | Have you tried that? Lots of stuff that shouldn't be on | Facebook is, like state/government/etc. using it for lots | of different purposes. It's like saying "you could also | just not have a phone/computer/internet/heat". | root_axis wrote: | Applying laws based on MAUs doesn't seem like a reasonable | approach. MAUs are a self-reported and subjectively defined | metric and the MAU threshold is arbitrarily chosen. Technology | laws should not be applied based on apparent popularity. | | I think a better version of this legislation would apply to any | corporation that collects PII or collects browser activity | outside of 1st party domains, in order to serve ads to users. | munfred wrote: | This has actually also be proposed by Mark Warner in 2018 on a | whitepaper titled "Potential Policy Proposals for Regulation of | Social Media and Technology Firms": | https://www.warner.senate.gov/public/_cache/files/d/3/d32c2f... | | It discusses 20 topics for potential legislation, listed below. | Look at items 13 and 16 in the whitepaper, they go very much | along the lines of what you said. 1) Duty to | clearly and conspicuously label bots 2) Duty to | determine the origin of posts and/or accounts 3) Duty | to identify inauthentic accounts 4) Make platforms | liable for state-law torts (defamation, false light, public | disclosure of private facts) for failure to take down deep fake | or other manipulated audio/video content 5) Public | Interest Data Access Bill 6) Require Interagency Task | Force for Countering Asymmetric Threats to Democratic | Institutions 7)Disclosure Requirements for Online | Political Advertisements 8) Public Initiative for Media | Literacy 9) Increasing Deterrence Against Foreign | Manipulation 10) Information fiduciary 11) | Privacy rulemaking authority at FTC 12) Comprehensive | (GDPR-like) data protection legislation 13) 1st Party | Consent for Data Collection 14) Statutory determination | that so-called 'dark patterns' are unfair and deceptive trade | practices 15) Algorithmic auditability/fairness | 16) Data Transparency Bill 17) Data Portability Bill | 18) Interoperability 19) Opening federal datasets to | university researchers and qualified small businesses/startups | 20) Essential Facilities Determinations | ThePhysicist wrote: | Data portability in the GDPR aimed at this (as the article says), | but it was far too weak to have any effect and it seems no one | cares about really implementing it. The only services that | implemented something that resembles data portability are e-mail | providers, and there it works mostly because there already is an | underyling protocol that is built with federation in mind. | | We really need more open protocols to make this happen. A doable | strategy could be too look at markets with a lot of existing | solutions (e.g. chat, task management, note taking, scheduling, | document management, file syncing) and force the players to | formulate a protocol that everyone adheres to. Since that will | take a long time it's probably only doable for the core services, | but having something like this e.g. for chat services would be | incredibly useful. | munfred wrote: | Here is the full text of the ACCESS Act of 2019 bill: | https://www.congress.gov/bill/116th-congress/senate-bill/265... | | I highly recommend that everyone reads it - it is extremely | short, well written, and probably the single most important piece | of legislation to HN folks in the past decade. | | As the bill is right now, it require communications platforms | with 100M monthly active users in the US to make their services | interoperable with other platforms. The bill presumes that | platforms using open protocols already (like email) are fine. | Facebook and it's messenger platform is likely to be the only one | meeting the threshold. | | I'm not American, but if you are and you care, I would suggest | you to call your representative and explain why you support (or | not) this bill. Remember that as it goes through congress, it | can, and most likely will, be heavily edited or gutted to fit the | many competing interests whispering in their ears. If you think | the bill is good as is, tell them that! Personally, I think the | bill is perfect, except for the 100M user threshold to start | demand compatibility, which I think should be lowered to 10M. | camgunz wrote: | This bill is pretty smart (agreed about the limit though, I'd | even put it at 1M MAU). Could it be we're finally at a point | where Congress is listening to competent tech lobbying instead | of just megacorp media/tech companies? | munfred wrote: | I'm every bit as surprised as you. I don't think it's a | significant fraction of congress though, I think it's | specifically senator Mark Warner. He did work with tech | before, and my take is that he knows what he is talking about | and was waiting for a good political moment to present such | unpalatable proposals (unpalatable to the tech companies, | that is). | | See his Wikipedia article: https://en.wikipedia.org/wiki/Mark | _Warner#Early_life,_educat... | | Last year he (meaning, most likely his staff under his | supervision) put out a "whitepaper" outlining 20 possible | proposals to regulate social media and tech companies. | Notably, 4 of the things discussed were introduced as bills | in one form or another. | | I posted about them last year, see the discussion and links | here: https://news.ycombinator.com/item?id=21389809 | dangus wrote: | > Facebook and it's messenger platform is likely to be the only | one meeting the threshold. | | And iMessage! There should absolutely be a requirement to have | it interoperate with other platforms. | goBackwards00 wrote: | I don't support this as, excepting in medical and large infra | where common languages improve important outcomes, API | interoperability of consumer bullshit is an arbitrary goal. | | We keep legislating pointless high level goals. | | I'd rather legislate high level goals like M4A, free education. | | I refuse to put political agency into logistical normalization | for big business who can afford to do it themselves. | | And I don't believe forcing social norms on humans is | acceptable in general. Indeed, I think it's a truism our | biology will always resist. | | This is bill is too narrowly scoped to web technologists | concerns. After 20+ years in software, I've learned | technologists are no more important to any big picture as | anyone else. | | Air travel and medical science did this on their own. There's | no reason private enterprise of dubious value to society need | governments mandates for trading gifs. | | It's electrons in a circuit already. There's your generic | interface. | | Given recent economic success and shallow human egos, software | people have slid into a dopamine fueled circular mirage, | decoupled from reality. | vsskanth wrote: | Can interoperability and data portability still be | legislatively mandated if APIs were ruled copyrightable in the | Supreme Court (Oracle vs Google) ? | | Can monopolies go further and claim their user graph and user | data is also under copyright ? | xg15 wrote: | As the courts only interpret the existing law, couldn't the | bill simply restrict the copyright on APIs enough to avoid | those kind of contradictions? | chabad360 wrote: | Sure, the bill would need to include a clause that specifies | that the API must not be copyrighted, or something to that | effect. | nobody9999 wrote: | >Sure, the bill would need to include a clause that | specifies that the API must not be copyrighted, or | something to that effect. | | I don't believe that would be an issue, since Federal | government works are not entitled to copyright and are in | the public domain[0]. | | [0] https://en.wikipedia.org/wiki/Copyright_status_of_works | _by_t... | munfred wrote: | Those are good questions. My take is that it would be similar | in spirit to the way government can act to prevent price | gouging with drug patents. Notice that platforms are allowed | to charge and regulate access to the API, but it has to be | "reasonable". Here is what is stated on section 4 on | interoperability: | | ------------ | | SEC. 4. INTEROPERABILITY. | | (a) General Duty Of Large Communications Platform Providers. | --A large communications platform provider shall, for each | large communications platform it operates, maintain a set of | transparent, third-party-accessible interfaces (including | application programming interfaces) to facilitate and | maintain technically compatible, interoperable communications | with a user of a competing communications provider. | | (b) General Duty Of Competing Communications Providers.--A | competing communications provider that accesses an | interoperability interface of a large communications platform | provider shall reasonably secure any user data it acquires, | processes, or transmits. | | (c) Interoperability Obligations For Large Communications | Platform Providers.-- | | (1) IN GENERAL.--In order to achieve interoperability under | subsection (a), a large communications platform provider | shall fulfill the duties under paragraphs (2) through (6) of | this subsection. | | (2) NON-DISCRIMINATION.-- | | (A) IN GENERAL.--A large communications platform provider | shall facilitate and maintain interoperability with competing | communications services for each of its large communications | platforms through an interoperability interface, based on | fair, reasonable, and nondiscriminatory terms. | | (B) REASONABLE THRESHOLDS, ACCESS STANDARDS, AND FEES.-- | | (i) IN GENERAL.--A large communications platform provider may | establish reasonable thresholds related to the frequency, | nature, and volume of requests by a competing communications | provider to access resources maintained by the large | communications platform provider, beyond which the large | communications platform provider may assess a reasonable fee | for such access. | | (ii) USAGE EXPECTATIONS.--A large communications platform | provider may establish fair, reasonable, and | nondiscriminatory usage expectations to govern access by | competing communications providers, including fees or | penalties for providers that exceed those usage expectations. | | (iii) LIMITATION ON FEES AND USAGE EXPECTATIONS.--Any fees, | penalties, or usage expectations assessed under clauses (i) | and (ii) shall be reasonably proportional to the cost, | complexity, and risk to the large communications platform | provider of providing such access. | | (iv) NOTICE.--A large communications platform provider shall | provide public notice of any fees, penalties, or usage | expectations that may be established under clauses (i) and | (ii), including reasonable advance notice of any changes. | | (v) SECURITY AND PRIVACY STANDARDS.--A large communications | platform provider shall, consistent with industry best | practices, set privacy and security standards for access by | competing communications services to the extent reasonably | necessary to address a threat to the large communications | platform or user data, and shall report any suspected | violations of those standards to the Commission. | | (C) PROHIBITED CHANGES TO INTERFACES.--A change to an | interoperability interface or terms of use made with the | purpose, or substantial effect, of unreasonably denying | access or undermining interoperability for competing | communications services shall be considered a violation of | the duty under subparagraph (A) to facilitate and maintain | interoperability based on fair, reasonable, and | nondiscriminatory terms. | | (3) FUNCTIONAL EQUIVALENCE.--A large communications platform | provider that maintains interoperability between its own | large communications platform and other products, services, | or affiliated offerings of such provider shall offer a | functionally equivalent version of that interface to | competing communications services. | | (4) INTERFACE INFORMATION.-- | | (A) IN GENERAL.--Not later than 120 days after the date of | enactment of this Act, a large communications platform | provider shall disclose to competing communications providers | complete and accurate documentation describing access to the | interoperability interface required under this section. | | (B) CONTENTS.--The documentation required under subparagraph | (A)-- | | (i) is limited to interface documentation necessary to | achieve development and operation of interoperable products | and services; and | | (ii) does not require the disclosure of the source code of a | large communications platform. | | (5) NOTICE OF CHANGES.--A large communications platform | provider shall provide reasonable advance notice to a | competing communications provider, which may be provided | through public notice, of any change to an interoperability | interface maintained by the large communications platform | provider that will affect the interoperability of a competing | communications service. | | (6) NON-COMMERCIALIZATION BY A LARGE COMMUNICATIONS PLATFORM | PROVIDER.--A large communications platform provider may not | collect, use, or share user data obtained from a competing | communications service through the interoperability interface | except for the purposes of safeguarding the privacy and | security of such information or maintaining interoperability | of services. | | (d) Non-Commercialization By A Competing Communications | Provider.--A competing communications provider that accesses | an interoperability interface may not collect, use, or share | user data obtained from a large communications platform | provider through the interoperability interface except for | the purposes of safeguarding the privacy and security of such | information or maintaining interoperability of services. | | (e) Exemption For Certain Services.--The obligations under | this section shall not apply to a product or service by which | a large communications platform provider does not generate | any income or other compensation, directly or indirectly, | from collecting, using, or sharing user data. | vsskanth wrote: | So Sec.4.2.B.iii says the large communication providers are | allowed to charge a fee to access the network but doesn't | say anything about the same charges being applicable to | themselves. Wouldn't this create a competitive advantage to | the larger network ? | | Also, it seems awfully similar to the treatment for | cellular communication providers. What are the differences | here ? Or would Verizon/ATT be rolled into this since the | statute just mentions large communications provider ? | jkarneges wrote: | > the bill is perfect, except for the 100M user threshold to | start demand compatibility, which I think should be lowered to | 10M | | I kinda like the high number, as it means the spirit is to | prevent monopolies, which is one of the most compelling reasons | for regulations to exist. Make the number too low, and it would | invite criticism from people about regulations being | overbearing. I don't know if that number is 100M, 10M, or 1M, | but just something to be mindful about. | | My sense is that if Facebook is legally forced to interop, then | all other smaller/future players will voluntarily interop | anyway. | xg15 wrote: | Different strokes for different folks as they say, but I | don't think "preventing monopolies" has to be the only | motivation of this bill. I think interopability (and as a | consequence, greatly improved customer choice and | competition) is a value in its own right. | WanderPanda wrote: | I am not too sure you can have that cake AND eat it | (historical datapoints suggest otherwise I think) | xg15 wrote: | Please explain. | laser wrote: | The anti-monopoly benefits of interoperability can be | offset by the regulatory capture of forced | interoperability if companies too small are subject to | such rules, placing them at a disadvantage relative to | largest players and increasing the likelihood that the | status quo remains in place. That's the "Can't have your | cake and eat it too" that's being referred to above I | think--in other words, if you regulate the second-tier | like the first-tier, the second-tier will never have a | chance at becoming the first tier. | nobody9999 wrote: | I think this bill is a great idea. it doesn't address all the | issues associated with locking users into these sites, and the | attendant influence and market power of them, but it's a good | start. | | I just emailed my senators and representative urging them to | support this bill. In those emails (the text of which is | reproduced below), I address some of the reasons I think it's a | good idea and make some suggestions for amendments to it. | | What additional reasons do you have for supporting (or not) this | bill, and what other amendments would you suggest? | | Text of email to my House/Senate representatives: | | I strongly urge you to support the ACCESS Act (S.2658 - | Augmenting Compatibility and Competition by Enabling Service | Switching Act of 2019) introduced by Senator Warner and encourage | your colleagues to do so as well. | | The bill requires that large communications platforms such as | Facebook and Twitter provide mechanisms for other platforms to | interoperate with their platforms. | | This is important for several reasons: | | 1. The sheer size of these platforms lock your constituents into | them, creating huge barriers to entry for competitors and | stifling competition in the Social netwotking market; | | 2. The ACCESS Act would create a mechanism for other platforms to | interoperate with these huge platforms, some of which already | exist and others which could provide users not only with superior | capabilities, but also with the ability to exert more control | over their personal data and information (cf. Diaspora, | https://joindiaspora.org ); | | 3. These huge platforms have enormous control, not only over the | news and information that their users see, but also over the | marketplaces created by their sheer size. Requiring them to | freely interoperate provides an opportunity to create a true | public commons divorced from any particular corporate entity; | | 4. As we've seen in the recent (and not so recent) past, these | platforms exert an enormous amount of influence and have a huge | economic impact on us. As such, there have been calls to break up | these companies to limit that impact and influence. I posit that | creating an environment which will significantly reduce barriers | to entry into this space will encourage competition and limit the | impact/influence of these corporations, while creat new | opportunities, new jobs and a broader set of voices on the | Internet. | | I'd further urge you to introduce amendments to this bill to | accomplish the following: | | 1. Reduce the size of impacted platforms from 100,000,000 users | to 100,000. This would allow a rich ecosystem of communication | and social networking platforms that can interact and give | everyone an opportunity to connect with others in a | decentralized, open way. It would also provide strong incentives | for entrepreneurship in this space and encourage innovation and | competition; | | 2. In addition to tasking the National Institute for Standards | and Technology with creating the protocols and interfaces | required to implement this bill, invite the Internet Engineering | Task Force (IETF) to participate as well. The IETF | (https://ietf.org/about/ ) are the people who have, for more than | 30 years, been developing, documenting and implementing the | technical standards that have made the Internet the economic and | cultural dynamo it is today. | | Please make this a priority, because broad-based, open | communication, discussion and the potential for enhanced personal | privacy are critical to our democracy and cultural cohesion. | cblconfederate wrote: | The proposal makes no mention of who owsn the data and what it's | worth. Why not instead legislate the ownership of the data by the | users? The users should decide whether take their data, | exclusively or not, to the platform they like more, or even | better, to the platform that pays them more. Posts, friendships, | pictures etc , all of this is valuable IP that can be traded with | social networks. Let them compete who is going to win more users | on a monetary basis. It's time we move on from the model that | mercilessly squeezes user's IP for profit while giving back only | "free services". The cost of free services has dropped | substantially, yet the compensation of users has remained | steadily at $0 | crazygringo wrote: | I think the goals here are laudable, but the cynic in me worries | about the details. | | Data portability is easy to implement (and has been by some | companies). | | But back-end interoperability and delegability are tricky not | just because of technical challenges (those can be solved), but | mainly because of _abuse and spam_. | | If, all of a sudden, any other service can like and comment on | Facebook posts without having a Facebook account... I don't see | how this doesn't become a spam/abuse-fest overnight. | | My $0.02 is that there's a much simpler solution hiding in plain | sight: just stop giving legal copyright/hacking/ToS protection to | sites with third-party-generated content that the site didn't | license. | | In other words, if someone wants to build an app that downloads | your Spotify playlist data by impersonating you... or scrape | Craigslist listings... or copy Yelp reviews... then _nothing is | legally in the way_. Not copyright, not anti-hacking laws, not | ToS. | | Services are free to rate-limit or ban you if they catch you... | but if you can get around that then the information/interaction | is yours. | | This feels like a much more "free market" approach. It doesn't | rely on trying to build laws that will be bad compromises and | outdated by the time they're passed. Rather it involves _undoing_ | existing laws and protections that are producing harm. | | (To be clear, copyright still applies to things that are paid for | or licensed -- movies, songs, articles, etc.) | ClumsyPilot wrote: | Banning people using an API doesn't sound very free market | | The ideas of "Free market" evolved before EULA type bullshit | did, I don't think original creators of the idea would approve | of them. | [deleted] | crazygringo wrote: | To the contrary -- the "free" in "free market" refers to | freedom. So if a service wants to ban a user, then that's | pretty much the definition of a free market. | | Similarly, a user is free to try to get around the ban by | using a different IP address, etc. | | Both sides here would be free to do what they want without | the law taking sides. But at a technical level, because anti- | scraping measures aren't that hard to defeat, it means that | users and competitors will be the primary beneficiaries here. | ClumsyPilot wrote: | So I am ok to use my 'freedom' and pay someone to cut your | supply of cement, so that you can't compete with me in | construction? Where is the boundary between 'free market' | and narket manipulation, and how do you prove the latter? | | This happens all the time, Intel, paid computer | manufacturers not to use AMD chips. | | As for the bans and circumvention idea - I would like a | stable and reliable system that's guaranteed to work, not a | constant game of cat and mouse. | klyrs wrote: | > I would like a stable and reliable system that's | guaranteed to work, not a constant game of cat and mouse. | | I'd love if the internet wasn't a neverending cat and | mouse game... but what about spam? | klyrs wrote: | "If you're going to be an asshole to my customers, gtfo of my | bar" predates the concept of an EULA, and IMO, the freedom of | association is a necessary component of a free market. | xg15 wrote: | > _Services are free to rate-limit or ban you if they catch | you... but if you can get around that then the information | /interaction is yours._ | | So what you're saying is, you'd like to encourage a | technological arms race between intrusion detection systems and | hackers, without any legal repercussions for either side - and | this should somehow be in the interests of users. | | I don't know why we'd need a "free market" approach, but this | is just lawlessness. | | The result will be that legitimate users get the worst of both | worlds: If I want to download my own Spotify playlist myself, | I'll be out of luck - because my dead-simple Wget call will be | no match for Spotify's bot detection. There is nothing I could | legally do to make Spotify give me a copy of my own playlist - | I'll have to pay some third-party service that has the | necessary know-how to evade the detection and scrape the data | for me. | | Meanwhile, some hacker could use the same service to | impersonate me or steal my data - and I'd again have no legal | recourse because, hey, no protection, what the hacker did was | perfectly legal. | | Why would I want any of this? | crazygringo wrote: | We already have that technological arms-race, and users | already win. Just look at the continuing existence of | "youtube-dl" for example. | | Fundamentally services can't be too restrictive and still | work, so users come out ahead. | | Also while hacking into a system is legal, theft/fraud/etc. | is not. If the hacker does anything with your data, there are | already laws against that. | sjy wrote: | The article advocates for this, calling it "competitive | compatibility," but noting "it's not enough to legalize | competitive compatibility, since the platforms have such an | advantage in technical resources that serious competitors' | attempts to interoperate face enormous engineering challenges." | jaggirs wrote: | This is good and all, but there is a much simpler solution to | this problem and others: | | Progressive taxation of companies | | I know this sounds outrageous, but hear me out. What if | monopolies split _themselves_? Wouldn 't that be great? Does the | same company really have to make the phone _and_ the charger? No, | but there are 2 reasons apple does: | | 1. Collaboration between the phone department and the charger | department is slightly easier. | | 2. They can abuse their monopoly on iphone chargers to force you | to pay more for them. | | Apple makes about 30 billion on iphones per quarter. Assuming all | iphones were $600 (which they arent) and everyone uses 2 chargers | per iphone (because the first one broke) priced at $20, apple | would be making $2 billion from chargers. | | Say, if they didn't abuse their monopoly position for chargers | they would make only $1.8 billion from them. | | This is $2.0 billion - $1.8 billion = $0.2 billion less revenue. | | Now if you just tax apple progressively such that taxes for 32 | billion in revenue are more than $0.2 billion higher than paying | taxes for 30 billion in revenue, apple will split into | iphoneapple and chargerapple by themselves! | | Now in practice you might not want to tax revenue but for example | the value of the company or something else. | | Also you don't want the 'split' companies to still behave like | they are one company, this means that you want the split-off | company to have different shareholders from the main company, | because otherwise they would just behave in mutual interest. | | More in line with the topic, netflix might decide to split into a | 'movie suggestions algorithm' service and a 'movie streaming' | company. | | Google would split into a gazillions of different companies. | | But some interoperable internet legislature might be a little | more realistic :) | lucian1900 wrote: | And with that 0.2 billion Apple (along with several others) | will make sure no such law is passed. | | If a law like you propose was possible, then it would already | be possible to split the monopolies. Neither can happen until | workers are actually in control of the state, as opposed to the | current dictatorship of monopolists. | IshKebab wrote: | Sure, Apple will split into iPhoneApple and ChargerApple... | after signing an exclusive 100 year contract for ChargerApple | to be the sole supplier of chargers to Apple, for a fixed | price, blah blah blah trivial workaround. | pessimizer wrote: | If we think the advantages of monopoly power are undesirable, | we should tax them. Don't fine them for _abusing_ monopoly | power; it 's an asset, tax them just for _having it._ Same | thing that Sanders said about the banks - tax them for simply | being large, and they 'll break themselves up. | | edit: If walled gardens had to pay taxes on their moats, they'd | stop digging them. | Fnoord wrote: | The way it works now is as follows: | | * Monopolies by themselves are OK | | * Abusing monopoly power in one market to leverage an unfair | advantage in another market is NOT OK. | | In the case of the latter there ain't a tax (the irony is | that large behemoths are already avoiding paying their fair | tax). A tax lcould also morally legalize the behaviour (moral | is important in antitrust behaviour look at the claws/lobby | of tobacco firms). | | On the contrary, it is a fine by a government subjected by a | court of law. Every government has to start this lawsuit | themselves though. It takes a lot of effort, time, money. On | top of the fine, action as a result of being found guilty can | be demanded as well (see history of US phone companies). | munfred wrote: | I find this idea really interesting! Do you have any reference | on studies that have looked into the idea or places that have | implemented it? | cvdub wrote: | Would this apply to iMessage? | munfred wrote: | As the bill S.2658 text currently stands [0], if iMessage has | more than 100M monthly active users, then yes. It is hard to | find such statistics on a quick search, but the surest way to | make sure it applies to iMessage is to call your representative | and tell them the threshold should be lowered from 100M to 10M | MAU :) | | [0] https://www.congress.gov/bill/116th-congress/senate- | bill/265... | thekaleb wrote: | A quick Google search shows that iMessage does have the | prerequisite 100 million active users. | unilynx wrote: | What did you find? I only see a global number, but this | proposal requires 100million MUA in the USA | | With some quick searches, multiplying iPhone's 39% | marketshare with 328million Americans gets me to | 127million, but that's probably too high - not everyone has | a smartphone, and how many users actually use iMessage at | least once a month, and not say, WhatsApp exclusively ? | sedatk wrote: | iMessage exists on iPad and Macbooks too. | klyrs wrote: | > If Facebook is to make its encrypted chat services | interoperable with third parties, it must reserve the right to | aggressively fix bugs and patch vulnerabilities. Sometimes, this | will make it difficult for competitors to keep up, but protocol | security is not something we can afford to sacrifice. | | This looks like a barn door, not a loophole. What would stop | major players from updating their proprietary protocol on a daily | basis? The overhead of staying on top of a dozen big social media | sites' protocols would be absurd. | | I agree with the need for security, and I see that the industry | has failed to update email; but I see that more as a consequence | of the industry continually trying to "disrupt" email through the | creation of walled gardens. | munfred wrote: | As pointed out, in section 4 of S.2658 this is explicitly | prohibited: | | C) PROHIBITED CHANGES TO INTERFACES.--A change to an | interoperability interface or terms of use made with the | purpose, or substantial effect, of unreasonably denying access | or undermining interoperability for competing communications | services shall be considered a violation of the duty under | subparagraph (A) to facilitate and maintain interoperability | based on fair, reasonable, and nondiscriminatory terms. | chabad360 wrote: | From what I understood from the content of the bill, it seems | that there is a clause that prevents companies from | aggressively modifying their API to prevent interoperability. | Lammy wrote: | Fun fact: Within Facebook's task-tracking system there is/was a | "wishlist"-priority task with planned details for how to change | Messenger's MQTT protocol to break third-party clients if need | be. As far as I know this was never acted upon because Pidgin- | like third-party clients never became popular for Messenger | MQTT like they were for the old now-deprecated XMPP Messenger | gateway. | fiddlerwoaroof wrote: | Wait, FB Messenger has a semi-standard API now? | oconnor663 wrote: | No, it used to support XMPP, but that support was | eventually removed: | https://news.ycombinator.com/item?id=9266769 | fiddlerwoaroof wrote: | I knew about that: the talk of MQTT made me think that | there was some improvement in the situation. | Lammy wrote: | I wouldn't call it that, but this might be usable for you: | https://github.com/dequis/purple-facebook | | Or maybe not: https://github.com/dequis/purple- | facebook/issues/496 | | https://www.facebook.com/notes/facebook- | engineering/building... | munfred wrote: | No it doesn't, you need to impersonate an user and login | with your password in order to relay messages outside of FB | messenger. That said, it has been done: | https://github.com/tulir/mautrix-facebook | ViViDboarder wrote: | As I'm reading S4c2c it looks like this would be prohibited. | | https://www.congress.gov/bill/116th-congress/senate-bill/265... | klyrs wrote: | That's certainly the intent, but as it's written, (by my lay- | reading) it appears that the burden of proof would rest upon | a single change, and not a sequence of changes -- any one may | be innocuous, but their sum may not be. And where a single | actor may not run afoul, I can imagine a conspiracy of big | players making changes which collectively burden smaller | players. I would _greatly_ prefer a consortium or better, an | independent standards body. ___________________________________________________________________ (page generated 2020-10-18 23:00 UTC)