> And, for the any employees still at Twitter, don’t underestimate the power of a pocket veto.
This is something I've been repeating to some of my younger colleagues.
Engineers aren't really fungible resources, to the extent that these projects require. Ask any manager how easy it is to swap "allocated resources", and they'll probably sigh heavily.
People are afraid that if they don't follow their manager's every request, they will be fired. But remember that hiring is hard, and managers are loath to fire someone they've already spent so much effort finding, hiring, and onboarding. Finding someone else to do it can take weeks, months, or longer! Which in many cases risks killing the project altogether.
Even if you're at the bottom of the chain, as the person who does the actual implementation, you have a lot of power on what gets prioritized.
Reminds me a little of the story [1] about how in 2005 the execs at Google had a meeting to figure out what to call "Satellite View" in Google Maps. One faction did not like the name "Satellite View" because it was technically incorrect as many of the images had been taken from airplanes, not satellites. But the proposed alternatives like "Aerial photography" all sounded awkward. Right before the meeting ended Sergey Brin decided it would be called "Bird Mode."
Later on when the engineering team was actually implementing it they thought Bird Mode sounded dumb and just called it Satellite View. And so it has been ever since.
An object on a suborbital trajectory is by definition not a satellite.
As a practical matter, there's a differing relationship with atmosphere. Planes depend on air to produce lift and sustain flight, but satellites are either inconvenienced by air, or entirely unaffected by it.
Altitude, atmospheric effects, and relative angular velocity are all factors in photography. Imaging from orbital platforms is also cheaper than airborne reconnaissance (per square meter, although the up-front capital investment is greater), covers a wider variety of purposes, and you don't have to worry about airspace violations; however, it may provide poorer definition, especially the more affordable commercial satellite imagery, and cannot compensate for cloud cover. So the distinction is significant on technical, operational, financial, and political levels.
Compensation for cloud cover in the visible spectrum is achieved by just picking an image from some of the next satellite passes. Also, there are active illumination imaging instruments (e.g. SAR) that can penetrate through clouds and see at night.
Atmospheric correction however is really an issue and often results in distinct patches on the "satellite" view
Well, with the same camera, you get 100 times higher resolution from 1 km than from 100 km. But a satellite in a polar orbit overflies the whole Earth, typically, every few weeks (though keyhole-type satellites only photograph a very narrow track) while in many cases the only available aerial imagery is years or decades old. And a satellite can fly over restricted airspace (the only way to stop it from doing so, even for its owner, would be to blow it out of orbit) while doing that in an airplane is likely to get you thoroughly murdered and possibly result in a diplomatic incident.
The result is that satellite photographs are much more frequent and have much better coverage, while aerial photographs have much higher resolution. The dishonest naming of the Google Maps feature has given people extremely unrealistic expectations of what satellites can do, which results in difficulty in selling actual satellite photography products when they don't match what people have come to expect from GMaps.
You can, and satellite optics typically are a lot bigger than aerial photography optics, but the wavelength of light and the sizes of satellites you can afford to launch still impose a practical limit. For US companies, laws impose another limit.
You can and there were / are 7-8 Hubble sized telescopes in orbit, with somewhat other optics and sensors looking in the other direction. Most likely the same is true for siblings of JWT.
The further you get from the object you're photographing, the closer your photo gets to an orthographic projection instead of a perspective projection.
The first incarnation of Google maps used low resolution Landsat imagery for most of the US. Massachusetts stood out distinctly with a different color palette because they had a public dataset of higher quality aerial imagery for the whole state.
Going down the captain pedant conversation path here, but technically all satellites also need to burn energy to stay in orbit or will eventually fall. The only ones who don’t have achieved escape velocity
Some Lagrange points are stable and therefore will not decay toward the Earth outside of other factors. (Because these systems are never sufficiently isolated, in the eternal view, therefore, also still require energy, though much, much less.) Though, of course, an object at a Lagrange point may still not technically be a satellite of earth. https://solarsystem.nasa.gov/faq/88/what-are-lagrange-points (though by the NASA definition above I'd argue that they are)
To further add some (maybe helpful) pedantry, the boundary between an airplane and a satellite is usually taken to be the point at which the velocity required to remain aloft via aerodynamic lift exceeds the orbital velocity if there were no atmosphere.
No, they don’t. In the absence of drag, which only the lowest satellites have, they just stay up there forever. The fuel is needed for orbit changes and correcting drift due to gravitational instabilities.
IANAP ("I am not a physicist"), but any two objects in orbit around their common center of gravity are slowly radiating energy into space in the form of gravity waves. This is why LIGO reports its chirps. Of course, this isn't very much energy, but given enough time all should orbits collapse.
I am a physicist. The gravitational energy loss from planet + satellite scale orbiting bodies is so small as to be orders of magnitude less than, say, the influence of gravitational anomalies like the Himalayas, or the tidal pull of the Moon.
Are any of them truly free of drag? Like, are there 0 molecules of atmosphere at some height, or just entirely negligible amounts of atmosphere for all practical purposes?
Earth orbits around the Sun and the Sun orbits around the center of the galaxy so from a certain perspective all pictures humans have ever taken are satellite pictures.
"Aerial" isn't directly related to airplanes. It means in the air. Unless you consider low earth orbit outside of the atmosphere, which is somewhat debated.
It's disturbing that execs are wasting time in a meeting over a low level decision like that. Leave it to the product manager and designer to figure out.
That's textbook bike shedding, and maybe it's why they seem to struggle with actual important things, like dealing with search spam.
One of my proudest moments was about seven years ago. I was two years into my career as a junior software engineer with no academic background in programming. I was by any measure an impostor and I worked very hard to learn and impress and earn the luck I was given with that job.
A PM, one who I liked and wanted to impress all the time, came to me asking for help to get git commit history for each person on our wider team “to measure how productive everyone is being.”
Despite being anxious about “what-ifs” like being blacklisted or some other concepts I knew nothing of, I gently explained why it would be a bad metric. I remember even saying, “some of the best engineering someone can do is to write negative lines of code.” I felt so wise despite being so green.
He pressed the matter and I calmly said that I said my part and I’ll play no role in this.
I asked around weeks later and apparently he approached nobody else and the issue was dropped.
Maybe this is a mundane anecdote or I’m not telling it properly but I’m still so proud that I was even capable of seeing the ethical dilemma, let alone acting correctly on it. Those years were full of “I have no clue what normal looks like in this industry.”
I feel somewhat confident in saying that experience emboldened me to do the right thing even if it was scary. Sometimes I worry that I fly too close to the sun with my attitude of “you won’t fire me.” But so far it’s worked.
it's also a bad metric? cleanup is nice but # of lines is still not a good measure of good code or even good.. anything. i went a month or more without writing any code because i was just writing docs
They are terrible metrics. To use a worn aphorism: Measuring productivity by lines of code is like measuring progress on an airplane by weight. Obviously using "more weight" as a metric is bad because it will result in a plane that won't fly. Slightly less obviously "less weight" is also a bad metric, because you'll end up with a plane made from paper and twigs where the wings will shear off if you look at it wrong.
You want to aim for a plane with the right weight, but you only know what that is by working out the entire design. Similarly you want to aim for the right number of lines in your code base, but you can only know what that is by working out the entire design.
# of lines of codes is a super-valuable metric when used relatively to compare two different things in software.
For example, I worked a .NET project with a central form that had close to 30K lines of code. This was 10x in comparison with anything else in the app. This is clearly a "whale" of a problem.
The lines-of-code comparison made it much easier for non-technical staff to now understand why this "one form" (really dozen of different functions contained in a single form) was troublesome in terms of fixes, enhancements etc. and also why no one wanted to touch it.
Parent explained in a metaphor how both metrics (more lines, less lines) can be bad.
Maybe engineer A has a easy feature to do. Lots of lines of code but it's smooth sailing. Another engineer, B, has a tricky bug fix to do, which requires him to read documentation, navigate the fode, reproduce the issue, until he published a fix with a handful of lines of code.
Who's the better engineer, A or B?
Even if we consider the average over time, one may be getting more tricky features than other. Or spending time in tasks such as hiring, mentoring, etc, which is worth a lot to companies.
Maybe it helps you understand if you think about how easy they are to game. You could just as well create useless lines of documentation as you could create useless lines of code.
Goodhart's law says:
"When a measure becomes a target, it ceases to be a good measure".
I believe that you maybe misread me, which usually means that I haven't made myself clear enough.
I'm not saying "LoC is a bad metric because it can be gamed". Most metrics can, if you work hard enough.
I'm saying "LoC is a bad metric because it can be gamed by a child within a couple of minutes".
It's the difference between lock made of a tin sheet and a proper heavy-duty steel lock. People like the lockpicking lawyer can still pick the latter, but the former is so weak that it should never be relied upon.
It depends on how junior the engineer is. My first job out of college, I was asked to write some code to cheat a benchmark, basically detect when a particular benchmark program was running and only then put the software into an alternate "fast path" that would result in better benchmark results. I agonized over this and didn't want to refuse. This was my first real job as a professional developer, and I didn't want to make waves. Eventually I got the nerve to tell my boss I was uncomfortable with the assignment, and he said "Oh, no problem at all! We keep our devs happy here." and assigned me onto another task. Joe, three cubicles down was more than happy to write the benchmark-cheating code.
Probably more than likely it's not generalizable to real world conditions.
Benchmarks are meant to be reproducible, meaning perfectly predictable. CPUs have things called branch predictors which try to predict what the software is going to do and try to do the calculation ahead of time resulting in (hopefully, if it predicted right) faster execution time. If you know which 'branches' a benchmark goes down, you can make a program which can coax the branch predictor to always make the right guesses for a given benchmark.
A program branches whenever you encounter some sort of conditional if-else statement.
Some optimizations might only apply to certain inputs that are used by benchmarking software. Or the driver makes unfavorable power tradeoffs to maximize performance when a benchmark is running. For example, if the driver knows a benchmark is single threaded, it can artificially throttle other cores and boost the core the benchmark is running on. There's more extreme stuff like GPU drivers replacing shaders (benchmarks don't care about graphics quality) or pre-rendering frames. https://videocardz.com/74912/professional-overclocker-demons...
I have successfully implemented pocket vetoing at the most immoral company I worked for, it was a brief stint (caused by the moral issues) where I could play around not delivering all the features management wanted to gouge their customers by playing with other priorities.
You don't need to do it, you don't even have to explicitly say no, you can just always find (or create) work that's more important to do than breaking your own morals. The worse that can happen is someone else gets the hot potato.
> managers are loath to fire someone they've already spent so much effort finding, hiring, and onboarding
Caveat: this applies to perms. It doesn't apply nearly as much to contractors (as my many experiences with saying "No, but..." to managers and being canned can attest.)
> But remember that hiring is hard, and managers are loath to fire someone they've already spent so much effort finding, hiring, and onboarding. Finding someone else to do it can take weeks, months, or longer! Which in many cases risks killing the project altogether.
Anecdata. One of my colleague got fired for not meeting expectations at his level for two consecutive halves. From what I've seen, he was competent and provided value to the project. Some companies have high turnover and are functioning with the idea that everyone is replaceable.
> Engineers aren't really fungible resources, to the extent that these projects require. Ask any manager how easy it is to swap "allocated resources", and they'll probably sigh heavily.
I'm hearing Meta, Stripe, Google, Netflix, Lyft and Uber are hiring like crazy for amazing salaries. Not only that but one basically just needs to sort of show up half the time and surf the net 99% of the time there.
Browsing some online code communities would lead someone to believe that faang and silicon valley companies are the only employers in our industry, and if your employed anywhere else you are probably on the verge of homelessness
“We should know when users leave their house, their commute to work, and everywhere they go throughout the day. Anything less is useless. We get a lot more than that from other tech companies.”
This should be posted absolutely everywhere with this as the hook. This type of request and the admittance that companies give even more than that all the time is headline news worthy.
This is why I never use native apps on my phone. The experience sucks but I muddle through using the web for reading Twitter, reddit, etc.
I am constantly, constantly bombarded with "this looks better in the app! please just run our app!!" as I browse. Still I refuse--with the web I at least know they can't harvest information about everything I'm doing. There are still some privacy concerns of course but it's much better to have the web as a firewall of sorts.
Twitter and (old)reddit are better as mobile websites in every way.
We have 30 years of browser UX development, culminating in tabs and multitasking tools that allow you to open things to read later, wait while they load on a slow connection or form a queue of things to read.
Mobile apps for every social media site loose all of that. They are worse than useless. There is this internal fear at social media companies, they want to prevent their users leaving their little walled garden. That or the religious drive for managers to reach target metrics creates a net negative feedback loop for user satisfaction.
Social media apps have no multitasking features (at least last time I used them). It's absurd.
I've only used the twitter mobile website for the last three years. Will never install the app again.
(Aside: my (ridiculous) conspiracy theory is that React Native is an attempt to distract developers from the advantages of a WebView based app development process that would eventually lead to the success of PWAs, locking devs into the app stores as a distribution channel)
It's incredibly interesting that consumer operating systems have done nothing to try to catch the web browsing experience. They've let themselves go no where. Tabs, multi-document interfaces, managing many files at once, is just not something the OS is good at.
I remember the couple months or years where each Chrome tab was it's own app instance. I thought it was incredibly ambitious & interesting to make the OS try to deal with tabs, be a manager. And indeed Google backed it out. And so as usual, Android is in the background of daily life, hardly ever touched or used, and I just stay in Chrome almost all day letting it define every bit of my computing existence.
The web experience just has so many more hooks & so much more power, than these little self-defined bespoke inward experiences. Because so much part because browser gives us such basic & flexibility utility as we compute & surf.
Thanks for the good post, enjoyed reading very much, & two thumbs up!
Why torture yourself with any reddit website though? Popular websites like reddit have multiple open source native apps. Just slap F-Droid on your Android and download Redreader, Slide or any of the 10+ clients you find.
If you don't care about being logged in libreddit is even better, especially for especially for image-heavy subs. https://farside.link/libreddit should get you a currently working instance.
i.reddit.com is amazing but broken in small ways. you can't sort comments or browse multis. Also, trying to pull comments beyond a page breaks in some places.
The funniest thing is that this trickles down to small SAAS companies, all of whom think they need two native apps. Talking to them about it is illuminating. Their app doesn't need to:
- use bluetooth, accelerometer data, or anything else not exposed to a browser
- spy on their user closely to generate valuable data (your app is the product, not the user)
- be discovered in the apple or google app stores. Relatively expensive, niche, high touch, business to business apps are not impulse buys for bored managing directors.
And their dev team is usually already over burdened just dealing with the web stuff.
But still they pour money into the two native apps bucket. Before they're even profitable...
I wonder how much this "IT LOOKS BETTER IN THE APP" propaganda is affecting their business sense. Twitter and Facebooks business model is a bit different from B2B SAAS SME.
When you need to do anything actually useful in these apps they typically send you to a browser anyway. Or worse, you have to do so yourself because you discover something isn't fully implemented in the app part way through using it.
Recently a coworker was struggling to change some personal details online and got stuck in a loop of no access due to multi-factor authentication. The phone helpdesk kept directing them back to the site to get stuck again. The solution? In this case the app's lack of support was a blessing. Personal details could be easily changed there because the app hadn't implemented multi-factor authentication.
As someone who works with mobile apps that use Bluetooth, I would be very happy to just write one app in the browser if that was available. However we are not there yet, so two native apps it is.
As a mobile dev, it's sometimes frustrating finding interesting work and BLE seems to be one area where businesses are willing to do something useful outside of duplicating simple REST calls and occasional multimedia uploads so the app can be at parity with the limitations of a website. Most product people are limited in their thinking of what's even possible because of their narrow usage of the capabilities.
Our phones are packed with sensors, and are more powerful than the computers that landed us on the moon. Apps can be so much more than dumb pipes for simple data upload and download from a server.
I agree, the whole mobile ecosystem feels just gross to me. Microtransactions, everyone pushing their shady app instead of a website, navigating the app stores feels like wading in a swamp where everything wants to kill me.
I predicted that it would end up this way way back in the 2000s when mobile was “the future” and was going to supplant all other forms of computing. I just saw it as obvious due to the walled garden nature of the system. It prohibits so much innovation so all we get is surveillance and addictionware plays.
I really think so, so I'm running /e/ OS with F-Droid as the app store. Thanks to the preinstalled microg, it can even run normal Android apps just fine, and with the built-in privacy settings I can disable trackers inside the few apps I opted to install from the normal Play store.
I typically prefer app UI and use permissions to control my data. If I set iOS to deny location data to Twitter, then Twitter cannot log my location even if the mobile app runs code to do so.
There is a lot that a website can do to profile you too.
While I agree in principle, wouldn’t it be true that cookies from e.g. Safari aren’t going to be readable by an external app, the way they could be from an iframe or whatever the cross-site tracking tricks are today?
same, my Wife who has 2-3 dozen apps is asking me why do you not use apps?(I have <10 apps on my phone) and I said I do not trust my data for one second with alot of these unscrupulous apps. I have a strong bias towards privacy - caveat emptor.
As an aside, if you use iOS, Banish will nuke those “open in app” popups. Costs one $2 payment, which I was more than happy to give to a dev working on a useful product. Works very well, and gets updated quickly when it doesn’t.
And this is also why sites like twitter and reddit are absolutely insistent and completely obnoxious if you don't use their apps... even though their service could and should run extremely well as a plain webpage.
The webbrowser limits their ability to spy on you dramatically.
Apps cannot run constantly in the background, they're very much at the whim of the Operating System and must register background operations and complete them usually in ~30s before being killed.
They also can't collect any information in the background they couldn't in the foreground. Like apps can't tell which apps you open, can't tell what info you put into other apps, can't track you across other apps etc.
Actually upon further looking at the docs I don't think they can collect any information in the background.
Like the app has to register as being allowed in background mode, upon which if a push notification is sent to it the OS wakes it up for ~30 seconds to make an API call or set data. But there's no UI shown, there's no ability to track which app is open, or even if the device is awake or asleep. It's not like the apps are able to run code in the background whenever they choose.
not including apps with Allow in Background location permission, like bicycle tracking apps etc. but those are done with explicit permission from the user.
Seconded. Nearly no apps are doing anything that warrants a "native" experience, they're glorified document viewers and form fields. Fuck 'em, I'd rather stop using a service than install an app.
My android phone's apps must ask for permission to use some of this data (location, microphone, filesystem, etc.), and android provides the options "always", "only when using the app", "this time only", and "never"; which seems to help with this problem, though I'm sure it's nowhere near a silver bullet. When I leave my home I only feel (mostly) untracked if I do so without my phone and only buy things with cash, which is almost non-existent behavior for myself and the people I know.
Apps don't have access to device IDs other than IDFA, which can be reset at any time by the user.
> wake/sleep/network events, etc
Apps can't tell if the device has been woken up or put to sleep, apps only have access to their own application state events like didEnterForeground and didEnterBackground.
Apps can tell if the device's internet has been connected or disconnected, I didn't know that was not possible on websites.
As someone who disables JavaScript while browsing, I find it disappointing that you are encouraging more developers to build web apps rather than a native experience.
I can't really inspect or block things in the iPhone browser either. The javascript is opaque and I can't easily inspect what it's doing or what it sends.
Web apps have a lot of access to your data as well, especially your location data.
Not if you deny the sites access to your location data, the permission for which is denied-by-default and is never, ever actually necessary for anything.
Because I honestly never know whether or not an app has permission or not to access my location. App permissions are granted when the app is installed, not when it's run. Furthermore, apps update silently, and are they giving themselves new permissions or not with each update? If I have given an app permissions to access my location, how do I see that, and how do I revoke it? And if I don't manually close the app, is it still running in the background accessing my location at all times? For how long? For websites, these questions are easy to answer. For apps, I find it to be an utter mystery. App permissions are mess; better than free-for-all OSes like Windows, but worse than the web.
> App permissions are granted when the app is installed, not when it's run
This is not the case in iOS, and I don't believe it's the case in android either, IIRC. You can also always audit app permissions via the settings app.
> how do I revoke it
Settings app. No idea how I'd do it in the browser, FWIW. Nor how I'd audit what permissions an app has.
> it still running in the background accessing my location at all times
Apple has a "allow location access only while running [in the foreground]" option as well. Not sure about Android.
> Furthermore, apps update silently, and are they giving themselves new permissions or not with each update?
They are absolutely not doing this. Security auditors would be screaming from the rafters if Apple or Google allowed app updates to change their permissions settings.
Who said websites have to use JS? Your argument is orthogonal to companies using apps to harvest user information, and being blocked by web platform there. There's no reason Facebook, Twitter, etc. has to use JavaScript in their web experience.
What angers me the most about this, is this type of topic is exactly what should be taught in a required class on ethics for engineering degrees, but is completely missing.
Engineering programs do include a required ethics class. But with a cynical lens, it's only required because the bodies that license engineers and permit them to practice require that course in order for a school's degrees to be accredited. Once an engineering graduate is licensed and practicing, they're on the hook to follow a standard of practice that includes ethics. If they violate that, their licensing body has the legal teeth to punish them in a variety of ways (e.g. fines, removing their license). Also, employers who do engineering work have to agree to a similar deal with the licensing body. If they force engineers to act unethically, those engineers can report them to the licensing body who also has the legal teeth to go after them in a variety of ways. It's not a pretty system but it generally does an okay job.
The ethics course itself is a very small piece of the puzzle. Even if every software engineer had to take an ethics course, there's still a huge power imbalance between the average engineer and their employer. Ethics are great and all, but without a legally backed standard of practice to protect those engineers, widespread violations are more or less inevitable. You can stand up and refuse to do work because it goes against what you learned in your ethics class, but your employer can just find someone who doesn't feel as strongly about that. That still happens in traditional engineering fields, but there's at least a legal/regulatory framework in place to discourage it.
Some jurisdictions "solve" this by lumping software engineering in with other disciplines and making the same licensing bodies deal with it. This is also a big mess. Those bodies are normally led by "traditional" engineers who barely understand software, their standards/legislation were written before software-specific issues (e.g. mass surveillance) were relevant, and their processes don't move fast enough to deal with a rapidly changing field like software engineering. It may be possible to fix all this or create similar organizations and legislation specific to software, but it's not trivial.
Yes it should be semester 1 in every single CS and SE course.
Sadly, there are very few resources; textbooks and professors
qualified in software engineering and ethics, and the adjacent
political, social and economic realms to fill this.
I'm really, honestly doing my best with this problem.
The subject area is massive. The issues are horrendously complex. The
targets keep moving (each day we seem to set a new bar for what
shitfuckery is acceptable).
Also writing a book on Ethics For Hackers that is not prescriptive or
too personal value-laden is extraordinarily hard (and it makes it
worse that I am an opinionated bastard)
HN remains one of my best resources for "pragmatic" ethics, and so I
thank you all.
> Yes it should be semester 1 in every single CS and SE course.
to, what, make sure it is forgotten by the time you graduate?
is there even any evidence that making somebody take a class on ethics will make them more ethical? most college courses are grading you on your ability to write about a subject, not on how much you care about it, or decide to alter your future behavior.
> to, what, make sure it is forgotten by the time you graduate?
That seems a little dismissive. Did you forget everything you were
ever taught? I doubt it. Maybe let's be charitable toward others.
> is there even any evidence that making somebody take a class on
ethics will make them more ethical?
Yes of course. Same as there's evidence that teaching cookery makes
better chefs and people who take a driving lesson crash their cars
less. Education is a real, actual thing, as you well know.
> most college courses are grading you on your ability to write about
a subject, not on how much you care about it, or decide to alter
your future behaviour.
Most college courses are rubbish. They're training camps there to take
your money and give you a piece of paper to boost your fragile ego. I
know that because I'm a university professor. You can read what I
think about the current state of education the Times HE.
Maybe one in five students actually take anything meaningful from
school. They're the ones who care about stuff and focus on their
future behaviour as successful individuals and members of society
rather than on ephemeral "knowledge" or getting grades. Don't fall for
the certificate scam and don't let schooling get in the way of your
education.
> making somebody take a class
Now, that's a telling word you use. Not wishing to psychologise, but
are you maybe afraid of someone making you take a class in this
useless subject?
If so I agree with you. "Ethics" is widely abused as a stand-in for
whimsical "policy" that can't be backed up rationally, or to conceal
hidden political agendas. Many classes are tedious finger-wagging
checklists and plenty of "ethics boards" are sham kangaroo-courts run
by cardigan wearing Kevins and Karens [1] who sit down with tea and
biscuits to decide the future of a department of PhD's based on how
they "feel" about some keywords in a checklist (I've sat in those
meetings).
You should be afraid of "ethics" when someone else co-opts it as way
to tell you how to think.
That's not what my project is about. If you're sceptical about ethics
in tech you'd probably like it. It's about ethics empowering you as
a decision maker - to back that up with 8000 years of human wisdom -
to be wholeheartedly motivated by projects that can make the world a
better place, and confidently, courageously say no to tedious
dehumanising schemes of extraction and surveillance that passes for
computing these days.
I know it certainly was covered in mine, it shared half a module with academic writing.
But I think by the time of starting third level education, something like this is too late to change someone's moral decision making, so I don't really think it had any effect on anyone in that course.
> by the time of starting third level education, something like this
is too late to change someone's moral decision making
That's an interesting reflection. It depends on whether you see ethics
as rational and actively learned, or formative conditioning.
It's why such a project is harder than I imagined, and also why I
tried (only somewhat successfully) to avoid prescriptive narratives.
The overlap between psychology (behaviour, which can be changed) and
moral feelings is complex.
I think the best we can do is lay bare some uncomfortable truths; how
people have seen things historically, what the likely outcomes of our
behaviours will be, and how we delude ourselves otherwise.
What I see in tech is that there's a lot of "moral armour" -
comfortable things we tell ourselves, distorted rationalisations,
fallacies, short-term economic justifications - that kind of thing can
be improved, unlearned and replaced by a better framework by appeal to
the rational adult mind.
I think this forum in particular often considers self-interest as the only rational option, and so appealing to the rationality of such people as a way for ethical outcomes is a fool's errand. It's why "but it's legal" is often offered up here as a defense for companies criticised for unethical behaviour.
My best guess as to why people are so willing to act as if ethical criticisms are not valid is that the commenters self interest sees themselves as a potential future benefactor of similar actions and so they see the rational behaviour as being to defend it in case they could benefit from doing the same.
I'm not saying that people cannot ever be convinced to change their outlook here, but that doing so for an adult is a way more involved, individual process that requires input from people the person in question respects, which is way more than a university ethics course can hope to achieve.
Just setting aside time for it in the curriculum would be a huge improvement. Even a single class session of student driven discussion and debate, anything. We don't have to let the perfect be the enemy of the good.
> Also writing a book on Ethics For Hackers that is not prescriptive or too personal value-laden is extraordinarily hard
Ethics and personal values are the same thing. It would be impossible to write a book on Ethics for [any audience] that didn't consist entirely of personal values. Similarly, since ethics are necessarily subjective, it is impossible to write about ethics in a non-prescriptive way.
There's actually an entire chapter on that subject; the difference
between morals, ethics, norms, laws and best practices, throughout
history and in "post-modern relativist" times. You'll either love it
or hate it, depending on how open your mind is.
It troubles me when someone proclaims such glib ease. I read maybe 10
different sources, philosophy books, old and modern, and numerous
debates on the subject precisely because some people think "oh that's
easy" - a symptom of our deflationary society which itself is an
interesting predicament.
What do those Greek and Latin words mean? Mos comes from "mores and
customs" whereas ethics (from Ethikos) means character in the mind of
an individual. That sets a distinction between normative and
subjective standpoints. However "Western" sense this is reversed. We
are comfortable talking about "your morals"my morality" as subjective,
relative positions, but reserve the word ethics for something
supposedly more objective, scientific, and therefore presumably more
widely agreed.
And that's just the surface of it. Resolving the actual documented
uses of "morality" versus "ethics" in case studies reveals a whole
lot more. Some distinctions assign the qualities of rightness and
wrongness to morality, but the terms goodness and badness to ethics.
And then the are are the entirely subtle but profound distinctions
Plato and Emmanuel Kant make about the mental/spiritual realm of
ethics versus Aristotle's primary focus on how actual people might
behave. Or a modern moral philosopher like Jonathan Haight's
distinctions between morals and ethics.
The bottom line is it's not that important so long as you're
consistent. However it is useful to have different concepts and to
set them out as philosophical tools. So "especially easy" - I don't
think so :)
I gave you the correct source. The -ic- in ethikos forms an adjective from the noun, just like the Latin form -alis that you see in "morals". There is of course zero semantic distinction between a noun and its own adjectival form.
If you look up "moralis" in Lewis and Short, you'll see a citation noting that the word was coined by Cicero as part of a protest against the idea that Latin was unsuited to the purpose of discussing philosophy (popular opinion at the time being that you had to use Greek for that purpose). It begins by noting that "mores [are what] the Greeks call ethe".
The Greek and Latin words are translations of each other, and both refer to habits and norms. It is true that in modern English norms are a distinct concept from ethics. (Not true in Greek!) But it is not true that in modern English morals and ethics are distinct from each other.
The ACM Code of Ethics (notably section 1.6 "Respect privacy") certainly forbids this sort of behavior.
I'm still waiting for ACM to audit the practices of Facebook, Google, Twitter, etc. and then apply penalties (conference and publication bans, membership revocations, digital library bans, etc.) as appropriate.
At the very least they should call out examples of unethical behavior - which currently includes many common practices in tech companies.
This is by far the most important point that is completely missing from the ethics course I took.
Sexual harassment is bad. Victims have an ethical obligation to report the harassment. The result will be HR protecting themselves, likely via moving the harassed person to a new team or making their life suck in other ways. The only path forward after is to fight, likely in/with the threat of courts. Social fall out (because a manager or their skip level's life got harder) is almost guaranteed. A product deadline may be missed. The blame is often directed at the victim and not directed at the person who was harassing. I have watched this play out multiple times.
In this way, reporting someone for sexual harassment is a sacrifice. So while there may be a moral impetus to report, there is a cost to do so, and the end result is not an ethical question, but a cost benefit analysis.
The cost benefit analysis is then hampered by short term vs long term thinking. If nobody reports it, the abuse continues. If everyone reports it, then some of the abusers would likely be punished. The individual cost of reporting is high, and so a person would rather move on than fight. The abuser then continues to abuse.
The end result is that the ethics themselves are obvious and uninteresting, but it is the economic factors and game theory factors that bring all the meaning to any type of pragmatic discussion of ethics.
What was in your engineering ethics course, then? Ours was pretty much summarized by "Rich assholes will try to convince your boss to convince you to do some evil shit in the name of money. It is your obligation to reject such requests". Followed by a painful amount of tragic examples. Like, this may have been the only message of the entire course. The Ethics course in the Philosophy department was way more engaging, because it had a bit more variety.
My course was very much a "don't do bad things because there could be bad consequences" type of course without too much ambiguity as to what the right action was and definitely no reference to topics relevant to software engineering.
It was not a "why do good people end up performing unethical actions, and how you can prevent yourself from equivocating and rationalizing unethical actions as well" course.
I took an ethics course in undergrad (don't recall whether it was required, but I can't think of anyone in my major+year who didn't take it). This was before mobile apps as such, but we discussed (among other things) both spyware and use of what would come to be called "big data" in law enforcement.
I had to take an ethics course as part of an engineering degree. This was before mobile apps really existed so it didn't include an example like this. Don't most schools require an ethics course?
It would be useful.. but really there needs to be much better laws controlling user data. If Google and Apple want to monopolize their users with the app store, then I think they should have to pony up for much stronger liability in these cases. They're only enabling this behavior to gain profit.
Some context for those who skipped the article: The major telco said other tech companies regularly collect and sell them this type of granular data harvested from users' phones.
Many free wifi places will track and report movements with the wifi area. Using bluetooth in addition. Shopping malls in particular can use this to find where people congregate.
Can probably be related to email addresses too, and hence shared with every other mall with same ownership as well as the company that provides the free wifi.
Maybe they were getting this from some ad networks like Taboola or Outbrain - but then those networks don't usually have enough info to really identify you.
Sure, if they were giving your IP to a telCo who can map your IP to a name if you're a customer - that's identifying you.
It's HIGHLY unlikely this happened at the usual suspects (FAANG).
There are a bunch who basically pay apps to use their api and then take the data.
Apple was right to kill that imho. IIRC that was foursquare's pivot
There is also lot/lon in programmatic bid requests, but I don't think they're super accurate or granular and lots of fraud. (could be wrong, just from my small experience buy side using DSPs seeing lots of lat/lons being smack in the middle of a city)
Yes, it's incredibly unlikely. So unlikely that it's basically impossible.
They explicitly and unambiguously deny doing it; if that was incorrect, there would be a huge regulatory and public backlash. (Think of what happened with the Cambridge Analytica case, despite Facebook's hands being pretty clean on that). No disgruntled ex-employees blew the whistle on this but did on other issue), which suggests it probably didn't happen.
Selling ads is very profitable. Selling data directly risks that business for little gain. In addition to the backlash when that data selling were revealed, it risks somebody else using the data sold by Meta to outcompete them on ad targeting.
> it risks somebody else using the data sold by Meta to outcompete them on ad targeting
Bingo. They're unlikely to be selling the data because those data are their secret sauce. They are as economically incentivized to build sociopathic models on you as they are to keep your data out of anyone else's hands.
Even economically, it seems unlikely they would. The data is their moat and it's what they can use to target people with ads. Selling it seems counterproductive.
What I'm confused by is why the telco needs twitter to get that info. I work for a data warehousing/sql consultancy and our biggest client is telco's who have to track everyone in order to comply with subpoenas. They already have all the data about where every one of their users has been.
Not trying to defend the telcos, but I think they're trying to figure out where to prioritize upgrading their infrastructure based on where their customers spend most of their time - and more importantly, where their COMPETITORS' CUSTOMERS spend most of their time.
If they know that, they can target those areas and then heavily advertise that they have better service than their competitors in those areas lol.
Historically they could do that by old fashioned research and surveying. But that's expensive. I imagine getting this data from everyones' phones is a lot cheaper and easier.
If that's the case, I don't think their desire is necessarily _evil_, but very misguided lol.
The "native" location data that Telcos have is not very precise - think of accuracy of a few city blocks. That is good enough precision for traditional subpoenas, but not for the kind of application the author described.
Also telcos only have data for their customers - this gets them access to competitors' customers.
With 4G the problem has been "what lane are you in?". One of the things that can be done with that data... If you can figure out what lane a user is in, you can target (visually) digital billboards to that lane, covering all lanes with different images/ads, through some weird refraction. I knew of a company that was working on that problem 8-10 years ago out of the South. No idea if they solved the problem.
A mind-bending digital info screen, developed in partnership with Misapplied Sciences and dubbed Parallel Reality, will debut in beta form on June 29 near the Delta Sky Club in Concourse A of the McNamara Terminal.
According to a news release, numerous passengers can look at the same screen at once, and each passenger will see personalized flight information that the other people looking at the screen will not see, because they'll be looking at their own personalized flight info.
The Parallel Reality display conveys the same sort of stuff you find on traditional airport screens—about departure times, gate numbers, baggage carousel locations, and so on—but you don't have to scan lists of data because the screen semi-magically shows you only what you're looking for, while up to 100 other people are simultaneously looking at the same screen semi-magically showing them what they're looking for.
Since at least 3g there is a capability to request the phone to report GPS location to the telco. There is even a capability to override disabled GPS before doing that, presumably reserved for law enforcement/search and rescue.
> our biggest client is telco's who have to track everyone in order to comply with subpoenas.
Perhaps I am missing something, but I don't understand the intersection of why telco's are involved in serving subpoenas and the need to know the physical location of users. Are you referring to a log of networks / DHCP leases their customers were using at any given time?
Not serving subpoenas, responding to them. Police subpoena stuff like "everyone who was within x feet of this phone number or location between these times" and the telcos can't just say "we don't keep that data."
Subpoenas are based on information you have. Where is the law or regulation that says they need to keep it?
Telcos keep it because it helps them with network capacity planning and is incredibility financially lucrative when they want to sell the data. It's probably more to fill in their data product for malls and fine grained location than to do it for subpoenas, which if they had a choice would probably rather not have to do.
I'm not sure if it's a legal requirement or they just don't want to upset law enforcement. I guess maybe they're just keeping the data for other reasons and then law enforcement is jumping on that. All I know is they're using our data warehouse and having me write queries that answer those subpoenas when they come in.
Well I know that in the UK it is a legal requirement, but not sure about the US.
> the telcos can't just say "we don't keep that data."
Not sure what country you are in, though that is untrue in USA. Businesses keep whatever business records they desire, and some required regulatory/personnel data. Even if they have the data a USA attorney can try to argue that the request is unduly burdensome or too broad and ask court to quash subpoena.
> telco's who have to track everyone in order to comply with subpoenas.
Subpoenas are used to compel production of existing information. Speculatively creating info to comply with future theoretical request is not necessary. It's easier to not have the info and truthfully respond to subpoena with "no such data".
In the UK they are legally required to keep the data in order to respond to law enforcement requests. My understanding is that in the US they’re not required to, but at least the ones I work with do for whatever reason.
It's most likely that the Telco Director was lying out of his posterior, trying to scare Twitter into doing what they wanted with vague threats of "your competitor will get this money otherwise".
I suspect other tech companies were claiming that they would have this granularity eventually but never actually delivered. One of the things that happens at these (and the fact that he didn't "hear this" until on site) is that Sales promises everything with a flashy powerpoint, and then what is actually delivered is a "if someone tweets in the Verizon store and uses Verizon in the tweet, you can put an ad on that".
> it seems cute that the guy thinks the change in ownership somehow makes it "safer" for him to share inside details
If the change in ownership means "I am never going back, time to set that bridge on fire" he's absolutely right it's "safer". Or simply if he thinks "It is now acceptable to future employers to do this", it is also safer.
Or maybe it was something that he now sees as a greater threat, and therefore is worth mentioning even if is not safer or even riskier.
It depends on what you mean by liability. If you mean they have a 7+ year NDA, and the NDA covers undone features. then, yeah I guess Musk is more likely to sue. Maybe. Or maybe he'll love getting to shout how he would never do that, look how cool he is.
They (the telcos) only have stats on their customers. Twitter has it for anyone running twitter. Further, twitters location data is likely more accurate than the telco due to positioning from stuff like wifi names, local gps, etc.
when the covid-19 pandemic came into real force (May?) I definitely saw a sample report from MAPBOX that showed aggregate consumer movement in the New England area, with extensive, quantitative classification on visits to retail, restaurant and public sites like schools. The visual was each and every individual track, but as lines of the same color. So the data on each individual track was there, but not named in the report. There were hundreds of thousands of input tracks, for some time range. The context was "were people violating lockdown, travelling to what destination" .. retail and restaurant were very prominent in the report.
- the location logs would be collected by a simple application, witch imply the phone/phone OS itself can do that;
- they do refuse, Legal teams do not, but nothing state they can't satisfy the request TECHNICALLY.
In other words when people tend to disagree with my consideration of smartphone as macro-spy devices bought and kept up by those who get spied as opposite of classic spying gears should think about not only that, but what they do with their (well, not really their, since they are just formal but powerless owners) phones, things like pay taxes, act on their banks accounts, pre-heat/cool their cars etc.
Because such activities have a FAR bigger impact than mere position logs.
> “We should know when users leave their house, their commute to work, and everywhere they go throughout the day. Anything less is useless. We get a lot more than that from other tech companies.”
> This should be posted absolutely everywhere with this as the hook. This type of request and the admittance that companies give even more than that all the time is headline news worthy.
It's pretty well know, but it should be even more well known. IIRC, what's left of foursquare basically does that, lots of "free" apps do it (like weather, calculators, flashlights, etc.). It's the whole reason the "only allow location access when using the app," was invented.
I would have thought that a mobile telco could generate this data already just from what they need to route data (and voice calls) to each phone, at least to a somewhat coarse level, without needing to have apps upload this.
They were after data for other carriers and/or more enriched data than they could easily collect. They could use this data for their own marketing and/or network planning. e.g. “We have the least share in market M where some significant proportion of all cellular users , based on twitter data, love NASCAR and spend relatively a lot of time on their phones at racetracks and Walmart. Lets increase capex around race tracks, do a promo with NASCAR and Walmart, and buy some appropriate ads.”
Sale of data should be opt-in, not opt-out. Companies will find a way to go around this and we’ll have to catch up again, but it would be a good next step.
Even if we assume that the OP is telling exactly what happened rather than exaggerating (stories do tend to grow in the telling over 8 years), we don't actually know that this alleged data selling happened. All he knows is that somebody at a telco with an interest in getting Twitter's data claimed that the telco got more data from other companies. What other companies? No details. What data? No details. Was the guy from the telco telling the truth, or lying since that furthered their agenda? We have no way of judging that, and neither did the OP.
Spamming this submission with that hook (rather than the parts that the OP had actual direct knowledge of) is basically just spreading misinformation.
It's also, at best, a claim made by a (presumably non-technical) employee of one of these Big Tech companies' clients. It's entirely possible that they were able to benefit from the data that Google, Facebook, whatever collects while not having direct access to it in any form.
> We get a lot more than that from other tech companies.
Have any journalists and/or leakers exposed exactly what these tech companies are sharing? As much as I've heard about data collection and sharing by big tech, I feel like I don't see much in the way of samples or example data. Even the forced GDPR data releases I've seen haven't been extraordinarily in-depth. Surely there must be some articles out there that I'm missing?
It comes from the telcos directly (think Sprint phones with custom OS installs), it comes from popular mobile SDKs (e.g. why Yahoo bought Flurry), and it comes from apps who simply sell the data directly.
There is one journalist who actively covers this sort of PII/data-selling world: Joseph Cox at Vice [1]. The only US-based legislator who actively fights against this is Senator Wyden.
It's simple - an app asks for background location permissions, then uploads all the datapoints and timestamps the OS gives them to their servers, which is then resold with "anonymization" that just replaces any personal information with an impersonal unique identifier.
> Have any journalists and/or leakers exposed exactly what these tech companies are sharing?
I think that the answer to this is "yes, multiple times, often multiple times on the same companies up and down every level of the stack".
And some of the companies brag about their abilities. There was some surveillance company which was showing how Covid spread after spring break in Florida by gleefully posting screenshots from their tool that tracks individual phone locations.
> I think that the answer to this is "yes, multiple times, often multiple times on the same companies up and down every level of the stack".
Do you have a link? It's always sort of discussed as if everyone knows exactly what's happening, but I'm specifically looking for links that break it down.
Why wouldn’t you believe this was happening? Facebook bought a VPN provider with the explicit purpose of spying on its users and both Facebook and Google convinced users to use what was suppose to be an internal Enterprise Certificate to track users until Apple threaten to cancel the certificate.
For example, if the telco is already getting "a lot more than that from other tech companies", why do they also need Twitter's user location data? I understand "more is more", but the telco in the story sounded desperate to obtain Twitter's data.
A data science company I used to work for got hired in 2017 by a large American telco to handle this exact same sort of data coming from antenna location to do better ad targeting.
The reason why Verizon or AT&T do not have the ad capabilities of Google or Meta is because they are giant incompetent corporations that are incapable of developing anything in any area that didn't exist in the 1980s.
2015 to be precise, which is fairly late in the game. I was at a conference a few years prior to that and some guy was bragging about all the stuff they can find out about people based on their data this and data that.
There is some obsession amongst a subset of techies with knowing everything, and that extends to the daily minutiae of the lives of others.
The Tim Hortons mobile app in Canada did this very thing: monitoring your GPS location 24/7, and logging special events when you entered a competitor's store, like Starbucks.
correct me if i'm wrong but won't your phone prompt you to explicitly allow access to a service when the app requests it? When the Tim Hortons app asks to use your location can't you Just Say No? ...or at most allow once.
> When the Tim Hortons app asks to use your location can't you Just Say No? ...or at most allow once.
Let us know when you're in the drive through! Just say yes to this prompt.
[location prompt]
===
I've actually been curious about this for a bit, I need to dig in to some apps to see what they're doing. I've noticed, for example, the Chick-Fil-A app does that prompt, and then continues monitoring your location even after you've gotten your order and aren't near the restaurant anymore.
That why iOS has a lot of fine grain control now as well as prompts after the fact letting you know how many times the app has accessed your location, and check if you still want it to have it.
That's not the point, though. When people allow location permissions they would assume it's to help with ordering, not to track your position 24 hours a day. It's a violation of customers' trust.
totally agree but I think a quick fix could be to go through your list of apps and deny location services to all of them. Then, as you use them, selectively enable location services on an app by app basis taking trust into consideration. Granted, you're still trusting the operating system to be honest here and actually deny location services.
> "We've strengthened our internal team that's dedicated to enhancing best practices when it comes to privacy and we’re continuing to focus on ensuring that guests can make informed decisions about their data when using our app,"
This almost annoys me more than the original intent. They could at least own their actions instead of treating everyone like a moron.
> Most people don't really appreciate how close Twitter was to shutting down.
> Twitter was on its death bed and was desperate for money.
I worked at Twitter at the same time, and while the company definitely was going through a rough patch at that time, it was absolutely not anywhere close to 'shutting down' or 'on its death bed' financially.
Yeah this kind of thing is easily verifiable.. Per page 41 in their 2016 annual report, the balance of cash + short term equivalents went from $3.6 billion in 2014 to $3.5 billion in 2015 to $3.7 billion in 2016. Their annual GAAP loss was roughly 1/7th of that. Not the most profitable company in the world, but they had plenty of cash and hand and no real trouble fundraising.
So many of these stories are from someone who built the thing, profited, left, and then took up a new chapter of their career talking about how everything they did at <BAD COMPANY> was bad and that they should now receive funding, back pats, and NPR airtime for their new <GOOD COMPANY>.
My question is always: "So, are you going to give the money back?"
There really is a middle ground between just following orders and dedicating your life to sabotaging a company from the inside because someone there once thought about doing something that didn't 100% align with your personal mission.
You can refuse and you can quit.
More people need to read books on engineering ethics.
FWIW, you can use an extension like Redirector (https://einaregilsson.com/redirector/) to automatically redirect any Twitter URL to Nitter with the following:
Redirect: https://twitter.com/\*
to: https://nitter.net/$1
Hint: Twitter to Nitter
Example: https://twitter.com/yishan/status/1586955288061452289
Applies to: Main window (address bar)
I'm also using this for 'fixing' referral URLs but that's another story.
Nah, the difference is that nitter doesn't stop you from using it with a modal and a force stripping of the browser's progressively loaded content if you aren't logged in.
I've used nitter for a couple of years now instead of twitter because I have no intention of ever making an account.
If a person went as far as ordering a "Kyiv Mule" instead of a "Moscow Mule", I'd assume that they'd be the type of person to care about choosing the spelling preferred by Ukrainians instead of the one preferred by Russians.
Non-sequitur. The story is about middle management doing evil things for almost no incentive except a small pat on the back for padding a short-term revenue number, while the actual owner-leader who benefits the most shuts it down.
The people that LARP-ed as the resistance need a new enemy. Even today's elections are billed as threatening democracy if the plebs have the audacity to vote for the wrong people.
I don't think this is opinion that should be taken seriously - just tribal signaling.
And Elon Must is something even worse than a heretic - he is apostate. So he is obviously the worst/best person in the world for people that have no better things to do than to be passionate about the culture war that is going on.
All individuals are incentivized to do the wrong thing. CEO's are incentivized to sell data to make money. Engineers are incentivized to create bad software via making the people who pay them happier. Users are incentivized to give up their data in exchange for a free service. Politicians are incentivized by political donations and getting information they aren't constitutionally privileged to get.
Doing the ethical thing requires making less money (or losing money) for nearly all parties involved. Doing the right thing requires sacrifice.
In a happy world, the CEO has long term vision and sees the long term cost of loss of trust. The engineers see the ethical problem or betraying their peers and use their pocket veto to do the right thing. The user should be willing to pay a reasonable cost to receive the service they use. Politicians should see that the individual incentives harm the whole and create regulations that disincentivize the poor behavior.
Non-rhetorically: How do we ensure as a society that we live in the latter, and not the former?
I think the only way is to raise a generation of people who see data aggregation/brokerage and user-device-hijacking as immoral, much like how we raised people staring last century to view eugenics as immoral. The weird approach that Stallman has always taken is the only one that can win, as crazy as it seems.
We need religious fervor. We need to decry bundling spyware and "analytics" with free alarm clock apps as evil. Finally, we need "know-it-when-I-see-it" type Software Decency laws that we can leverage to fine evildoers into oblivion (of course, those will follow automatically if we succeed in moralizing the issue).
Twitter and tech companies are not the first industry to have ethical problems like this. This is a problem we've solved many times in the past with strict regulations and laws. Finding ethical people is expensive, but writing laws is cheap.
If actual data privacy laws existed in the US, this situation would never have happened. In the linked twitter thread, he says that "legal" said it was ok. That right there is the safety valve that we can control to keep corporations in check.
Why doesn't my local supermarket price gouge us when there's a hurricane about to hit? That's an obvious way to increase profits. In fact, if it weren't illegal to do that, I'd argue that any CEO who didn't do that for "ethical reasons" should be fired and possibly even sued by shareholders.
That’s what governments and laws are for. Expecting companies to work for the greater good is naive at best; and we shouldn’t really get upset when they don’t. That’s not their motivation, as you’ve highlighted.
Strong legislation and independent legislators are what’s needed
While I agree completely, it seems that legislative ability is captured by the upper class, reinforcing the cycle of self-enrichment at the cost of global good.
I guess the root question is: how should middle class people wage class warfare?
>Non-rhetorically: How do we ensure as a society that we live in the latter, and not the former?
Incentive alignment. Nothing short of hardcore government regulation of personal data, and the remuneration for (opt-in) usage of said data, will change anything.
For one story like this which emerges because the engineer refused, how many stories we will never heard about because it was simply done?
As software engineers, we are just like medical experts talking about the toxicity of cigarettes while ourselves buying cigarettes and distributing them to our own children.
> As software engineers, we are just like medical experts talking about the toxicity of cigarettes while ourselves buying cigarettes and distributing them to our own children.
It's even worse than that. Most of the people working in adtech are actually producing cigarettes, and laughing all the way to the bank. Many of them are on this very site.
Good reminder that while Google gets a lot of negative privacy attention it is telcos, ISPs, and lesser-known apps that are the most deplorable actors data collection and selling.
> As far as I know, the project actually got canned. Jack genuinely didn’t like it. I don’t know if this mindset will hold true with the new owner of Twitter though. I would assume Elon will do far worse things with the data.
yeah, this is a major concern of mine now. while a few months ago i had some minor concerns with elon discussing taking it over, his behavior since this started has elevated those concerns to an absolute red alert level. the kind of data he has access to is terrifying.
i’m predicting whatever it is will make the facebook/cambridge analytica thing look tame in comparison.
Desperate people do desperate things. He's staring down the barrel of a $1B/year debt service and a collapsing reputation. That reputation is how he convinces investors to keep giving him money while timelines keep getting pushed years into the future. He's the guy who landed two rockets on live TV (oversimplified, but you know reality distortion fields). If he becomes the guy who fumbled Twitter after playing up how good he would be for it, it's over.
This is how "Do No Evil" Google started mining data and buying up the nascent AdTech industry. They weren't mustache-twirling villains, they were desperate to save the company with antsy investors breathing down their necks. They had to do something to justify themselves to investors post-.com bust, and all that data was right there.
This is a stretch in my opinion. The biggest issue in this guys story was advertiser money. Musk agrees, hence why he's diversifying income by charging for the tick.
Weird that advertisers cut their money immediately.
Digital privacy is an illusion at this point. Our chips are backdoored, our fiber backbones are tapped, our VPNs are compromised, our forums are honeypots.
I think the benefits of increased government regulation on digital privacy outweigh the potential abuses at this point. What more is there for the government to see? They have everything and more.
Its not a question of abuse of power anymore. The PATRIOT Act has already given them unlimited power with no checks. Might as well have them use some of their power for something that benefits consumers.
It's a good case for reducing our defense budget, but if we get rid of our government then we no longer have a way to regulate the market. If we had better consumer protections then this wouldn't be a problem (surprise surprise - we don't).
This really isn't a just for Twitter; this is the danger of selling any application with a large install-base. Doesn't really matter if it's a social network app, borderline-useless mobile app, Facebook App (I'm looking at you, Cambridge Analytica), chrome extension, or pypi/npm module, all of these things are capable of collecting extremely fine-grained user detail, and selling it off.
It doesn't matter if the current owners don't/won't do it, there is essentially nothing that prevents someone else from buying it up, and doing nefarious things with the existing install base.
And as far as "Terms of Service" go, there is essentially nothing to prevent a future owner from updating the Terms of Service, and then doing the above.
Anyone using social media services need to pay attention to this story. When the profit margins shift ever so slightly, or say massively like with the Apple changes, then these companies will take meetings with executives like this Telco who wanted data on when people are going into their competitors stores. Unbelievable, or should I say, totally believable and totally expected.
> As far as I know, the project actually got canned. Jack genuinely didn’t like it.
> I don’t know if this mindset will hold true with the new owner of Twitter though. I would assume Elon will do far worse things with the data.
When has Elon been against user privacy? Also, isn't Elon good friends with Jack? I feel like they would see eye to eye with this. In fact Elon seems like the type that would try to champion emerging fads like crypto, differential privacy, and zero knowledge proofs. Harvesting data is boring and easy.
Get into a car accident, and want some blackbox data from your Tesla? Good luck - get ready for a lot of legal costs.
Get into a car accident, and it makes Tesla look bad? Tesla will hold press conferences and release your telemetry data to the media, whether you want them to or not. Exceptionally misleading data in some cases - one fatality collision where autopilot was being blamed, Tesla said "Woah, hold up. Not true. Driver was distracted. In fact, the car warned him to put his hands on the steering wheel before the collision!"
In reality, the car had issued -one- warning about the steering wheel, and none after that, and that one warning was -eighteen minutes- before the collision.
But are they selling that data, or using it to improve their products. There is a scale to privacy. With FOSS at one end, and Google/Facebook at the other. Apple is in the middle, and if Tesla keeps the data internal, then Tesla would be around the same place
I don't know, I'd argue that selling the data would be less offensive than using that data to disingenuously throw a customer under the bus for the sake of their own PR, actually.
And yet his first move after purchase is to charge for the blue check service. Bringing non-data mined revenue to Twitter is one of the keys for aligning the company with respecting privacy. Either way, stories like this are one reason you should avoid social media apps altogether and never allow an app to access location data, especially not while in use.
Trying to get more users to pay for the service (while notably not reducing their ad profile or how many ads they see) strengthens my point: he’s clearly trying to maximize the value of an unwise purchase, and leveraging every saleable form of personal information is an obvious next step.
You’re confusing the conditionality of these: they’re not in conflict. They’re both means to the same unavoidable end: Twitter needs to make money, probably even be profitable, in order to not pose a rise to Musk’s other ventures.
He can make people pay, or not, or jack up tracking, or not. It doesn’t matter to me! The point is solely that he needs to do something.
> Twitter needs to make money, probably even be profitable, in order to not pose a rise to Musk’s other ventures.
Twitter needs to earn a profit, sure. That has always been true though. One way to make the company profitable is to increase revenue, which the $8/month blue check fee aims to do. The other way to make the company profitable is to cut overhead, which the mass layoffs aim to do.
I still don't get the concern trolling about data mining Twitter data: it's been done since the platform began.
The only unethical thing about the original article is selling location and movement data that is individually trackable, which is what this article is talking about from years ago when they worked at Twitter, which upper management was in favor of until Dorsey allegedly stepped in to halt.
Nevermind that there are other social media apps likely doing this already and selling better, more fine-grained data than Twitter can. Twitter is not as personal or intimate as other social media apps are with regards to insight into personal, private data. Everything shared on Twitter is understood to be public. They don't have access to private TikTok videos, 'destructible' Snapchat messages, text message data between couples, personal health search engine queries, etc.
Companies such as Facebook didn't need to sell super private mineable data to data mining firms to manipulate public opinion on election day, they were maximally profitable when they did, but they did it anyway. Twitter didn't need to shadow or outright ban doctors and politicians, or inject state-sponsored context alignment messaging (propaganda) into the newsfeed that disagreed with their internal company political alignment, but they did it anyways.
Nothing at this point, could be worse than the status quo for social media companies.
Elon/Twitter isn't even in the ballpark of maximizing profits yet. They are just trying to make the 1-1.5B debt payment that's going to come due. That's going to require huge cuts we just saw, plus advertisers to stay on board, plus Twitter blue, plus whatever else he can cook up. And, it still might not be enough.
I upvoted you, because AFAICT you’re correct that they plan to reduce (but not eliminate) ads with the new “blue” model.
I’m interested to see the degree to which they reduce ads for paying users: having a split ad/payment model is famous for producing “self-consuming” incentives, since the users who demonstrate the most purchasing power are the ones you promise not to advertise to.
Everything published on Twitter except for DMs is open to the whole internet to crawl. It is a public platform. I think it's fair game to serve you ads about Doritos if you are tweeting about potato chips and following Frito Lays.
Location based, privately identifiable, data is a bridge too far for me. But we also know for a fact other social media apps already do this if Twitter's app does not already do this currently.
The hype about Twitter being an unwise purchase is just noise from the peanut gallery. You should take such noise with a grain of salt.
Twitter was always under pressure to maximize value to shareholders. Same with every other tech company. Different companies sometimes make different trade-offs. I fail to see why Musk is somehow going to do any worse than what we've seen from social media companies over the past 15 years. But I do think there's a reasonable chance he'll do better.
Here’s the thing: it can be a bridge too far for you! It’s certainly a bridge too far for me. But neither of us matter, because it’s not our money on the line. It’s his money, a lot of his money, and the longer it hangs the more systemic risk it poses to his other ventures.
When I say it was an “unwise purchase,” what I mean is this: the stock market did not think Twitter was worth that much. Even when Elon was legally committed to purchasing Twitter, the deal seemed so manifestly absurd to the market that the price did not rise to meet his offer (which is as close as you can get to free money in the market). Is that the peanut gallery? Sure, but in no larger a sense than that our entire economy and value drive is controlled by the same system.
What you fear from Musk is the current status quo for all social media and other data mining tech cos like Google and Amazon. I really don't get the deep concern here about Musk upholding the status quo. He cannot do worse than Google, Facebook, TikTok, etc. And whatever data mining is going to occur on your tweets will happen anyways. It's a very public platform, it does not even have the intimate relationship graph or intimate private dm access that other social apps have.
The stock market did think Twitter was worth that much a year ago (Q2 2021 mcap was $51B). Of course the entire stock market shed trillions in market cap this year as the Fed relentlessly hiked rates. Musk clearly was trying to get a steeper discount factoring for the macro environment after the original offer, but it didn't work out. Can't say I blame him, if you can stall things in court to get an extra 10-20% discount from a $40B purchase like that, it's worth a shot.
When you offer to buy up an entire company and all the liquid shares on the market, you have to pay a premium. That's always the case for any buyout. For a while it looked like Musk was going to get away with walking away from the deal. That's why the market walked away from "free money".
The media's job is to dramatize everything. Especially when it's the drama machine itself, Twitter, at the center of it all. The media will do everything in its power to portray the Twitter purchase as chaotic, haphazard, unplanned, ill-considered, etc, because their own engagement metrics are driven by such takes.
At any rate I repeat my assertion that no worse can be done by Musk that has not already been done by Twitter, Facebook, TikTok, Google, et al. There's little to exploit there that hasn't already been exploited. Perhaps his subscription revenue ploy will work and he'll monetize with micropayments and other integrations. I hope so. I think there's a chance that version of Twitter is healthier than the ad and blue check insider peddling platform that has existed. Not guaranteed but it's a chance.
> What you fear from Musk is the current status quo for all social media and other data mining tech cos like Google and Amazon. I really don't get the deep concern here about Musk upholding the status quo.
Musk's entire publicly stated justification for purchasing Twitter was doing better than the status quo. He harped for months about Twitter as a public service, the importance of transparency in moderation, made extraordinary claims about Twitter falsifying its ad and engagement numbers, and so forth.
"He can't be worse" is simply not the point. His stated goal was to be better; we've seen no earnest attempt to do so (and plenty of earnest attempts at value extraction).
> "He can't be worse" is simply not the point. His stated goal was to be better; we've seen no earnest attempt to do so (and plenty of earnest attempts at value extraction).
Sure, we have. We've seen him charge an earnest fee for a premium service that Twitter previously withheld behind a mysterious bureaucracy that arbitrarily decided who did and did not get a blue check mark. We found that employees at Twitter were charging as much as $15K to pull strings for people for that blue check.
That's already objectively better. $8 a month to verify you are who you represent yourself to be and to get less ads, more access to revenue generation features from your audience, etc? Sounds fine. It's absurd to have some mysterious service that no one really knows the rules or thresholds for. It creates the very pay for play schemes that were the status quo.
"For this to be true," Musk continued, "it is essential to show Twitter users advertising that is as relevant as possible to their needs. Low relevancy ads are spam, but highly relevant ads are actually content!"
Elon has never had a company that made money on ad revenue, despite every other tech CEO on earth trying to monetize in that direction.
So I agree, and feel like the default assumption is that he's going to try to get users to directly pay for content, which is what he's doing with Twitter Blue. We'll see if it works.
>“In today’s market, traditional local businesses need to be online to participate in the electronic commerce revolution,” said Elon Musk, founder and executive vice president of Zip2. “With Zip2’s Internet Start Program, our newspaper partners can offer their print advertisers an easy, low-cost way to take that first critical step.”
And now he's spent $44 billion buying a company that he knew primarily made its money from advertising and then spent his first week as owner complaining about advertisers leaving -- not something one who doesn't want to be in the advertising business normally does.
Ok... there were 3 months (dec 1998 - feb 199) that Elon owned a Zip2 which was advertiser-focused. He then sold the company and went and did something else.
I don't feel like this massively weakens my argument.
I'm not sure where your dates came from, they don't match what I've read. From what I can tell, the Musks' lost majority share in '96 (and Elon was replaced as CEO). Regardless, the business was built around businesses paying to appear from basically the get-go, and while Musk was not CEO for most of the company's existence, he still had considerable influence and when he disagreed with the company's direction, he led a coup to get the CEO replaced. Arguing that he didn't have influence or agree with the company's direction seems not particularly based in reality.
Twitter has around $1.3 billion in free cash flow not counting the one time settlement they did last year.
Now Musk is on the hook for over $1B in interest payments after buying Twitter and overpaying for it. Do you really think you can trust him to do what’s in the best interest of users?
If you think Twitter can get away with selling location data to 3rd parties and it not immediately leaking out is silly. Everyone is hunting for negative Musk stories.
That would be highly risky for Twitter to do and would seriously harm their reputation and therefore their business. So I'm personally doubtful.
This isn't as simple as make more money or not by pulling a lever.
> With Twitter's _change in ownership_ last week, I'm probably in the clear to talk about the most unethical thing I was asked to build while working at Twitter.
Generally not true/safe. Any NDA still in effect would be transferred to the new owner. If the author genuinely believes this, they may want to delete this tweet asap. If it's just rhetorical, well ok then.
Very true about the pocket veto, and I've said this to my team before - I can give advice, I can argue for my values, but my lever as a manager is hire or fire. I don't have time to do the implementation, and the person doing the implementation realistically is going to decide the inplementation. I can influence, but really, they decide.
> We ran an alternative by the telco. They didn’t like it and were frustrated. So was Sales. I was asked to go to telco’s HQ and figure out exactly what they want.
Sales. Sales at Twitter sells user data to Twitter's customers [who aren't necessarily even advertisers].
There’s a reason that it’s called the legal department and not the moral department. They’re paid for legal advice. What’s “right” and “wrong” only sometimes factors into that advice.
The worst part of these types of stories is every time I tell my non-tech friends and family about this stuff, the vast majority respond with: “so what?” They genuinely do not care about their own privacy from companies. Then they bash Facebook or who ever else is in the news most recently about misusing data and can’t connect the dots. It really feels like a losing battle of trying to save people from themselves. :(
> I wound up meeting with a Director who came in huffing and puffing.
> The Director said “We should know when users leave their house, their commute to work, and everywhere they go throughout the day. Anything less is useless. We get a lot more than that from other tech companies.”
If they have so much data on us, why is the ad targeting so laughably bad? Facebook has recently been pushing me to watch Hocus Pocus 2. -_-
There are tons of data brokers that get near real time user level location data from mobile apps (usually not from ‘name brand’ apps but from the long tail) and then sell this as aggregated data products to others: eg https://docs.safegraph.com/docs/monthly-patterns .
> One of the first areas I worked on was improving the way our mobile apps uploaded logs. Twitter, like most mobile apps, logs everything* users do – every swipe, tap, edit, delay, etc… – for debugging, metrics, and experiments.*
A reminder: use the mobile web version of any services you use, not the app, and use NextDNS to block all the tracker hosts at DNS level.
I'm confused by the bit that says it's ok now??? If an NDA applied before the buyout it still applies, so why mention it now? Attention? Confusion about how employee contracts and NDAs apply? Not entirely true?
What makes you think that? In contrast to Alexa, my Tesla does not show me any ads. And I’ve also not been followed around by ads targeted based on places I have driven by, eben though that would be a low hanging fruit if Tesla was run by Zuckerberg or Bezos.
“Selling ads” is not the appropriate analogue here. It’s selling precise location data. Tesla apparently does not currently sell location data from its vehicles, but it’s not inconceivable that they will one day, whether or not you perceive it in the form of in-car ads.
I'm no fan of Tesla, but they area hardly unique in having a car with an embedded cellular modem that is in constant communication back to the mothership. Indeed I challenge you to find ANY car for sale today that isn't automatically tethered to it's manufacturer. It's also why I have zero desire to change any of my older cars for something "better". I wish I could find a site that would catalog which cars out there can have their embedded cellular modems disabled and not freakout/threaten to stop working.
Certainly not. In this regard, Tesla is no worse (and very possibly better) than most other manufacturers. My point was about potential and future profit; that kind of data is hard to resist in a less hospitable market.
Were I to own a car, I’d probably in the same boat as you.
I would make this argument for all of silicon valley. We know for a fact Google and Facebook sell people out, actively, right now. We also know pre-Musk Twitter had a host of internal issues and questionable ethics.
I'm not sure what you are trying to say with this. Musk for a while was a fairly laudable person who garnered a lot of respect. He had a dignified public image. Sometime around the Thailand cave thing he went pretty off the rails and seems to likely have started a pretty serious drug problem.
Just like Rogan, the dilbert guy, and many others he seems to have gone from mostly reasonable to corrupted and self contradictory and it's not really clear how or why that happens. It's hard to know if he was always the way he appears to be now or if there was some kind of transformation.
The phrase I've heard is "audience capture": people who spend a lot of time in the public sphere end up tailoring their statements and behavior to whatever gets them the most engagement from their most responsive audience.
US entities sell data left and right, legally. Freakin DMV is selling personal data[0]. Internet providers are selling browsing data[1]. Absolutely nothing illegal about the Twitter request.
The author was asked to work on several unethical projects while at Twitter. As stated in the title, this is only "the most" unethical one. Did he refuse to fulfil the other requests.
I wonder how many stories like this are waiting to come out from the 2010s, the era that turned the internet into a centralized hellscape that ran on ads and creepy data collection.
This revelation just shows that doing the right thing depends on the accidental and rare "good guy" to hold their foot down. It's not something we can rely on.
The Elon Musk burn in that sense is distracting. He hasn't done anything in this direction yet. He very well may, but he hasn't. So it's a false accusation/speculation.
Counter to that, there is the fact that Twitter's legal and sales departments (pre-Musk) were totally cool with sending fine-grained location data to whoever pays for it.
Controversy should focus on actual events, not imaginary ones. As such, old Twitter has some explaining to do and it's worrying that no actual Telco is named. Finally, a quote like "other tech companies give us far more" should launch a swarm of journalists to dig as deep as possible.
> I wound up meeting with a Director who came in huffing and puffing.
> The Director said “We should know when users leave their house, their commute to work, and everywhere they go throughout the day. Anything less is useless. We get a lot more than that from other tech companies.”
First thing today I did, was uninstalling the Twitter app. Even if it's not in (who knows). Totally forgot about the big apps deals with the global spying business.
don't use official apps, and if that is not possible, use an ad blocker at the dns level, and give the app as little permissions as you can (be extra wary of giving it bluetooth, mic, location, and photos)
How #1: You have a smartphone, your smartphone has GPS, you have Twitter installed in your smartphone. Twitter requests your location, you approve that request = done
How #2: You have a smartphone, your smartphone has WiFi enabled. Your WiFi interface can see certain WiFi SSIDs. A Google car wardrived through your neighborhood saving all SSIDs of every Wifi and where they were last seen. Now location services has your location even with GPS disabled.
This take of "Elon will do a lot worse things with the data" is my own personal take on WHY Musk bought Twitter.
He's of a libertarian bent, so it could well be a real part of the story that he wants more free speech, and less censorship of similar folks.
However, I do believe he is playing that up to try and avoid any discussion of the monumental tranche of data he is sitting on top of and the potential value of it. I recall in the early days, the entire Twitter database was made available to researchers, who found they could predict overall market movement (up, down, some basic idea how much) about 3 days ahead of time by looking at sentiment trends.
All of that is worth "Take over the World" kind of money, where as the free speech stuff is, well. Worth percentage points at best.
> I would assume Elon will do far worse things with the data.
I notice here the casual dismissal of actual, observed harm for the sake of fantasies of future harm. I wish that the similar casual dismissal of government censorship laundered through private media monopolies came with some similar sort of fear of how President Trump or President DeSantis will handle their brand-new tools in a couple of years.
That being said, Democrats saw what Bush did with his unchecked executive powers, and didn't roll a thing back when they later had the Presidency and both houses of Congress. Instead, they continued doing politics by executive order, and cemented AUMF as a declaration of a permanent state of emergency.
For as much shit as GDPR gets (sometimes rightfully so), I'm really glad there is at least some data protection in the EU. The free-for-all that is hiding stuff in the TOS is atrocious and terrifying. Twitter and Facebook being each in control of one person at the top, each with "eccentric" tendencies, makes this situation really dystopian.
This is a perfect example of why EU implemented GDPR. We can't trust companies to protect their users. Once money is involved, the outcome often depends on a few conscientious employees with the strength to say "NO"
> Most people don't really appreciate how close Twitter was to shutting down. The 2016 election was the only thing that saved them and made them relevant again
So in the Good Timeline there's no Twitter _and_ no President Trump?
> I don’t know if this mindset will hold true with the new owner of Twitter though. I would assume Elon will do far worse things with the data.
The story is interesting, but this line is petty. It's also more than a bit ironic, given that the OP just spent N tweets describing how the previous management wasn't exactly setting high ethical bars.
The worst aspect of "Twitter culture" is the tendency -- illustrated here, perfectly -- to slander people, just to make the mob shake their pitchforks harder.
Whether she is a good or bad comedian is an opinion and she wasn't banned for changing her name. She was banned for impersonation. Last year more than 500k accounts were banned for that. It's not new.
From the head of Trust & Safety:
"First, impersonation has always been banned on Twitter. Misleading profiles make Twitter worse for everyone. Last year, we banned more than half a million accounts for impersonating people and brands."
I appreciate your optimism but it seems particularly naive.
Musk notably called someone he disagreed with a pedo guy solely because he was white and lived in Thailand and then paid a private detective 50k to try and prove his claim. He's spent the past few days doing similar and spreading falsities and generally posting in bad faith.
What makes you think he will suddenly change his ways?
I'm not Musk fanboy, but the leap in the end to put the dirt on him is outrageous ("I don’t know if this mindset will hold true with the new owner of Twitter though. I would assume Elon will do far worse things with the data.").
Let me try to summarize what author actually said in the end: "I left, I sent email to then CEO of twitter and PER MY KNOWLEDGE the project was canned, I don't know if it actually was. But new guy still could do worse things".
If you're so moral, why not blow whistle to public when you left previously, and not write unsubstantiated claims about new owner now.
Ex-Twitter employees blowing the whistle on the highly dodgy stuff they were asked to do during The Time when Twitter Was The Best Twitter and somehow attributing it to The Dark Now-Times Of Current Twitter is very 2022.
I don’t perceive the original author to be “putting the dirt” on Musk.
It is likely that the third-party partners who were interested in collecting that data remain interested. The leadership who formerly blocked access to that data has left, and the new ownership finds himself in need of new revenue streams. It seems like a reasonable time to call attention to the issue, though I agree with others in the thread that it should be a larger story not specific to a single platform.
> If you're so moral, why not blow whistle to public when you left previously, and not write unsubstantiated claims about new owner now.
The first tweet in that thread:
> With Twitter's change in ownership last week, I'm probably in the clear to talk about the most unethical thing I was asked to build while working at Twitter.
IMO this guy demonstrated an incredible amount of personal integrity here. He likely could have made a lot of money by building this out, but decided not to because he knew it was wrong.
This is why we need more laws and government regulation: people that do the right thing like this are very rare. Typical incentive structures don't optimize for these types of people, so legal ones need to exist to limit the damage that the inevitable bad apples will do.
"Please don't pick the most provocative thing in an article or post to complain about in the thread. Find something interesting to respond to instead."
This is something I've been repeating to some of my younger colleagues.
Engineers aren't really fungible resources, to the extent that these projects require. Ask any manager how easy it is to swap "allocated resources", and they'll probably sigh heavily.
People are afraid that if they don't follow their manager's every request, they will be fired. But remember that hiring is hard, and managers are loath to fire someone they've already spent so much effort finding, hiring, and onboarding. Finding someone else to do it can take weeks, months, or longer! Which in many cases risks killing the project altogether.
Even if you're at the bottom of the chain, as the person who does the actual implementation, you have a lot of power on what gets prioritized.
See also the oft-circulated OSS "Simple Sabotage Field Manual" http://svn.cacert.org/CAcert/CAcert_Inc/Board/oss/oss_sabota...