Showing all posts tagged social-media:

Algorithmic Networks and Their Malcontents

The thing that really annoys me about the death of Twitter1 is that there is no substitute. As I wrote:

none of these upstart services will become the One New Twitter. Twitter only had the weight it had because it was (for good and ill) the central town square where all sorts of different communities came together. With the square occupied by a honking blowhard and his unpleasant hangers-on, people have dispersed in a dozen different directions, and I very much doubt that any one of the outlet malls, basement speakeasies, gated communities, and squatted tenements where they gather now can accomodate everyone who misses what Twitter was.

It’s worth unpacking that situation to understand it properly. Twitter famously had not been growing for a long time, leading users to speculate that:

Maybe we already saw the plateau of the microblog, and it turns out that the total addressable market is about the size that Twitter peaked at. It is quite possible that Twitter did indeed get most of the users who like short text posts, as opposed to video (Tik Tok), photo (Instagram), or audio.

In their desperation to resume growing, Twitter started messing with users’ timelines, adding algorithmic features that were supposedly designed to help users see the best content — but of course, being Twitter, they went about it in a ham-fisted way and pissed off all the power users instead of getting them excited.

The thing is, Twitter is far from the only social network to fail to land the tricky transition to an algorithmic timeline. All of the big networks are running scared of the Engagement that TikTok is able to bring, but they seem to have fundamentally misunderstood their respective situations.

All of the first-generation social networks — Twitter, Facebook, LinkedIn — rely on the, well, network as the key. You will see posts from people you are connected to, and in turn the people who are connected to you will see your posts. Twitter was always at a disadvantage here, because Facebook and LinkedIn built on existing networks: family and friends for Facebook, and work colleagues and acquaintances for LinkedIn. Twitter always had a "where do I start from?" problem: when you signed up, you were presented with a blank feed, because you were not yet following anybody.

Twitter flailed about trying to figure out how to recommend accounts to follow, but never really cracked that Day One problem, which is a big part of the reason why its growth plateaued2: Twitter had already captured all of the users who were willing to go through the hassle of figuring that out, building their follow graph, and then pruning it and maintaining it over time. Anyone less committed bounced off the vertical cliff face that Twitter offered in lieu of an on-ramp.

The Algorithm Shall Save Us All!

TikTok was the first big network to abandon that mechanism, and for good reason: at this point, all the other networks guard their users’ social graphs jealously for themselves. It is hard to bootstrap a social network like that from nothing. Instagram famously got its start by piggybacking on Twitter, but that’s a move you can only pull off once. Instead, TikTok went fully algorithmic: what you see in your feed is determined by the algorithm, not by whom you are connected to. The details of how the algorithm actually works are secret, controversial, and constantly changing anyway, but at a high level it’s some combination of your own past activity (what videos you have watched), the activity of people like you, and some additional weighting that the network applies to show you more videos that you might like to watch.

This means that a new account with no track record and no following will be shown a feed full of videos when they first sign in. The quality might initially be a bit hit or miss, but it will refine rapidly as you use the platform. In the same way, a good video from a new account can break out and go viral without that account having to build a following first, in the way they would have had to on the first-wave social networks.

When people started talking about algorithmic timelines like this, Twitter thought they had finally struck gold: they could recommend good tweets, whether they were from someone the user followed or not. This would fill those empty timelines, and help onboard2 new users.

The problem is that users who had put in the effort to build out their graph placed a lot of value in it, and were incandescently angry when Twitter started messing with it. I liked Old Twitter because I had tuned it, over more than a decade, to be exactly what I wanted it to be, and I know a lot better than some newly-hatched algorithm what sort of tweets I want to see in my timeline.

An algorithmic timeline doesn’t have to be bad, mind; Twitter’s first foray into this domain was a feature called "While you were away" that would show you half a dozen good tweets that you might have missed since you last checked the app. This was a great feature that addressed a real user problem: once you follow more than a few accounts, it’s no longer possible to be a "timeline completionist" and read every tweet. Especially once you factor in time zones, you might miss something cool and want to catch up on it once you’re back online.

The problem was the usual one with algorithmic features, namely, lack of user control. Twitter gave users no control over the process: the "While you were away" thing would appear whenever it cared to, or not at all. There was no way to come online and call it up as your first stop to see what you had missed; you just had to scroll and hope it might show up. And then they just quietly dropped the whole feature.

Sideshow X

Twitter then managed to step on the exact same rake again when they rolled out a fully-algorithmic timeline, but, in response to vociferous protests from users, grudgingly gave the option of switching back to the old-style purely chronological one. Initially, it was possible to have the two timelines (algorithmic and chronological) in side-by-side tabs, but, apparently out of fear that the tabbed interface might confuse users, Twitter quickly removed this option and forced users to choose between either a purely chronological feed or one managed by a black-box algorithm with no user configurability or even visibility. Of course power users who used lists were already very familiar with tabs in the Twitter interface, but this was not a factor In Twitter’s decision-making.

To be clear, this dilemma between serving newbies and power users is of course not new nor unique to Twitter. This particular variation of it is new, though. Should social networks focus on supporting power users who want to manage their social graph and the content of their feed themselves — or should they chase growth by using algorithms to make it as easy as possible for new users to find something fun enough to keep them coming back?

There is also one factor exacerbating the dilemma that is somewhat unique to Twitter. Before That Guy came in and bought the whole thing, Twitter had been consistently failing to live up to an IPO valuation that was predicated on them achieving Facebook levels of growth. Instead, user growth had pretty much stalled out, and advertisers looking for direct-action results were also not finding success on Twitter in the same way as they did on Facebook or Instagram. The desperation for growth was what drove Twitter to over-commit to the algorithmic timeline, in the hope of being able to imitate TikTok’s growth trajectory.

There is irony in the fact that an undersung Twitter success story saw them play what is normally more a Facebook sort of move, successfully ripping off the buzzy new entrant Clubhouse with their own Twitter Spaces feature and then simply waiting for the attention of the Net to move on. Now, if you want to do real-time audio, Twitter Spaces is where it’s at — and they achieved that status largely because of Clubhouse’s ballistic trajectory from Next Big Thing to Yesterday’s News, with the rapidity of the ascent ruthlessly mirrored by the suddenness of the descent.

A more competently managed company — well, they wouldn’t have been bought by That Guy, first of all, but also they might have learned something from that lesson, held firm to their trajectory, and remained the one place where everything happened, and where everything that happened was discussed.

Instead, we have somehow wound up in a situation where LinkedIn is the coolest actually social network out there. Well done, everyone, no notes.


🖼️ Photos by Nastya Dulhiier and Anne Nygård on Unsplash


  1. Yeah, still not calling it X. That guy destroyed my favourite thing online, I’m not giving him the satisfaction. 

  2. Verbing weirds language. 

Can You Take It With You?

Here’s a thought: could Threads be a test case for social graph portability?

I am thinking here of both feasibility (can this be done technically) and demand (would the lack of this capability slow adoption). I am on record as being sceptical on both fronts, pace Cory Doctorow.

the account data is not the only thing that is valuable. You also want the relationships between users. If Alice wants to join a new network, let's call it Twitbook1, being able to prepopulate it with her name and profile picture is the least of her issues. She is now faced with an empty Twitbook feed, because she isn't friends with anyone there yet.

People like Casey Newton are asserting that Instagram can serve as a long-term growth driver for Threads, but I’m not so sure, precisely because of the mismatch in content. I don’t use Instagram, but what I hear of how people use it is all about pretty pictures and, more recently, video.

This is the point I made in my previous post: should a relationship in one social network be transitive with a different network? Does the fact that I like the pretty pictures someone puts out mean that I also want to consume short text posts they write? Or is it not more likely that my following on Threads would be different from that on Instagram, much as my following on Twitter is?

The closest direct comparison to the sort of fluid account portability that Cory Doctorow advocates for would be in fact if it were possible to import my Twitter following directly into Threads or Bluesky, since those services are so very similar. Even such a direct port would still run afoul of the dangling-edges problem, though: what if the person I have a follow relationship with on Old Twitter isn’t on I Can’t Believe It’s Not Twitter? Or what if they have different identities across the two services?

I still have questions about how much actual demand is out there for the format that Twitter (accidentally) pioneered. Maybe we already saw the plateau of the microblog, and it turns out that the total addressable market is about the size that Twitter peaked at. It is quite possible that Twitter did indeed get most of the users who like short text posts, as opposed to video (Tik Tok), photo (Instagram), or audio2.

On the other hand, I am also not too exercised about the fact that Threads users are already spending less time in the app. It’s simply too early to tell whether this is an actual drop-off in usage, or just normal behaviour. Users try something once, but they have not had the time to form a habit yet — and there isn’t yet the depth of content being generated on Threads to pull them into forming that habit.

Anyway, this question of portability or interoperability between networks is the aspect of the Threads story that I am watching most closely. For now, I continue to enjoy Mastodon, so I’m sticking with that, plus LinkedIn for work. When the Twitter apps shifted to 𝕏, I deleted them from my devices, and while I have viewed tweets embedded in newsletters, I haven’t yet caved in and gone back there.


🖼️ Photo by Graham Covington on Unsplash


  1. Twitbook: that’s basically what Threads is. I hereby claim ten Being Right On The Internet points. 

  2. Audio is interesting because it feels like it is still up for grabs if someone can figure out the right format. Right now there is a split between real-time audio chat (pioneered by Clubhouse, now mostly owned by Twitter Spaces), and time-shifted podcasts. I think it’s fair to say that both of those are niches compared to the other categories. 

Pulling On Threads

No, I have not signed up for Threads, Facebook’s1 would-be Twitter-killer, but I couldn’t resist the headline.

I am also not going to get all sanctimonious about Facebook sullying the purity of the Fediverse; if you want that, just open Mastodon. Not any particular post, it’ll find you, don’t worry. Big Social will do its thing, and Mastodon will do its thing, and we’ll see what happens.

No, what I want to do is just reflect briefly on this particular moment in social media.

Twitter became A Thing due to a very particular set of circumstances. It arrived in 2006, at roughly the same time as Facebook was opening up to the masses, without requiring a university email address. Twitter then grew almost by accident, at the same time as Facebook was flailing about wildly, trying to figure out what it actually wanted to be. Famously, many of what people today consider key features of Twitter — at-replies, hashtags, quote tweets, and even the term "tweet" itself — came from the user community, not from the company.

This was also a much emptier field. Instagram was only founded in 2010, and acquired by Facebook in 2012. LinkedIn also stumbled around trying to get the Activity Feed right, hiding it before reinstating it. Mastodon was first released in 2016, but I think it’s fair to call it a niche until fairly recently.

The lack of alternatives was part of what drove the attraction of early Twitter. Brands loved the simplicity of just being @brand; you didn’t even have to add "on Twitter", people got it. Even nano-influencers like me could get a decent following by joining the right conversations.

Bring Your Whole Self To Twitter

A big part of the attraction was the "bring your whole self" attitude: in contrast to more buttoned-down presentations elsewhere, Twitter was always more punk, with the same people having a professional conversation one moment, and sharing their musical preferences or political views the next. Twitter certainly helped me understand the struggles of marginalised groups more closely, or at least as closely as a white middle-class cis-het2 guy ever can.

This "woke" attitude seems to have enraged all sorts of people who absolutely deserved it. The problem for Twitter is that one of those terrible people was Elon Musk, who not only was a prolific Twitter user, but also had the money to just buy out the whole thing, gut it, and prop up its shambling corpse as some sort of success.

The ongoing gyrations at Twitter have prompted an exodus of users, and a consequent flowering of alternatives: renewed and more widespread interest in Mastodon, the launch of Bluesky by Twitter founder Jack Dorsey (and if that endorsement isn’t enough to keep you away, I don’t know what to tell you), and now Threads.

Where Now?

My view is that none of these upstart services will become the One New Twitter. Twitter only had the weight it had because it was (for good and ill) the central town square where all sorts of different communities came together. With the square occupied by a honking blowhard and his unpleasant hangers-on, people have dispersed in a dozen different directions, and I very much doubt that any one of the outlet malls, basement speakeasies, gated communities, and squatted tenements where they gather now can accomodate everyone who misses what Twitter was.

The point of Twitter was precisely that it brought all of those different communities together — or rather, made it visible where they overlapped. Now, there is not the same scope for spontaneous work conversations on the various Twitter alternatives, because LinkedIn is already there. In the usual way of Microsoft, they have put in the work and got good — or at least, good enough for most people’s purposes. You can follow influential people in your field, so the feed is as interesting as you care to make it (no, it’s not just hustle-porn grifters). Those people have separate lives on Instagram, though, where they post about non-work stuff, with a social graph that only overlaps minimally with their LinkedIn connections.

Would-Be Twitter Replacements

So, my expectation is that Mastodon will continue to be a thing, but will remain a niche, with people who like tinkering with the mechanics of social networks (both the software that runs them and the policies that keep them operating), and various other communities who find their own congenial niches there. Me, I like Mastodon, but there is a distinct vibe of it being the sort of place where people who like to run Linux as a desktop OS would like to hang out. Hi, yes, it me: I did indeed start messing with Linux back in the 90s, when that took serious dedication. It also has a tang of old Usenet, something that I caught the tail end of and very much enjoyed while it lasted. Lurking on alt.sysadmin.recovery was definitely a formative experience, and Mastodon scratches the same itch.

Threads will have at least initial success, thanks to that built-in boost from anyone being able to join with their Instagram account — and crucially, their existing following. There is an inherent weirdness to Threads being tied to Instagram, of all Facebook’s properties. Instagram is fundamentally about images, while Threads is aiming to be a replacement for Twitter, which is fundamentally about text. Time will tell whether the benefit of a built-in massive user base outweigh that basic mismatch.

The long-term future of Threads is determined entirely by Facebook’s willingness to keep it going. Not many people seem to have noted that signing up for Threads is a one-way door: to delete your Threads account, you have to delete your whole Instagram account. This is a typical Facebook "We Own All Your Data"3 move, but also guarantees a baseline of "active" accounts that Facebook can point to when shopping Threads around to their actual customers — advertisers.

Bluesky? I think it’s missed its moment. It stayed private too long, and fell out of relevance. The team there got caught in a trap: the early adopters were Known Faces, and they quite liked the fact that Bluesky only had other people like them, with nobody shouting at the gates. Eventually, though, if you want to grow, you need to throw open those gates — and if you wait too long, there might be nobody outside waiting to come in any more.
I may be wrong, but that’s what it looks like right now, in July 2023.


🖼️ Photo by Talin Unruh on Unsplash.


  1. I’m not going to give them the satisfaction of calling them "Meta" — plus if they’re not embarrassed by the name yet, they will be pretty soon. 38 active users, $470 in revenue (not a typo, four hundred and seventy dollars). By the numbers, I think this may be the rightest I have ever been about anything. 

  2. Not a slur, don’t fall for the astro-turfing and engage with the latest "controversy" — and if you’re reading this in the future and have no idea what I’m talking about, thank your lucky stars and move on with your life. 

  3. We won’t get into the fact that Threads wasn’t even submitted for approval in the EU. The reason is generally assumed to be that its data retention policy is basically entirely antithetical to the GDPR. However, since it doesn’t really seem to differ significantly from Instagram’s policy, one does wonder whether Instagram would be approved under the GDPR if it were submitted today, rather than being grandfathered in as a fait accompli, with ever more egregious privacy violations salami-sliced in over the years by Facebook. 

Twitter of Babel

It's fascinating to watch this Tower of Babel moment, as different Twitter communities scatter — tech to Mastodon, media to Substack Notes, many punters to group chats old & new, and so on.

Twitter used to be where things happened, for good or for ill, because everyone was there. It was a bit like the old days of TV, where there was a reasonable chance of most people around the proverbial office water cooler having watched the same thing the previous evening. We are already looking back on Twitter as having once filled a similar role, as the place where things happened that we could all discuss together. Sure, some of the content was reshared from Tumblr, or latterly, TikTok, but that's the point: it broke big on Twitter.

Now, newsletter writers are having to figure out how to embed Mastodon posts, and meanwhile I'm having to rearrange my iPhone screen to allow for the sudden explosion of apps, where previously I could rely on Twitter in the dock and an RSS reader on the first screen.

Whether Twitter survives and in what form, it's obvious that its universality is gone. The clarity of being @brand — and not having to specify anything else! — was very valuable, and it was something that Facebook or Google, for all their ubiquity, could never deliver.

There is value in a single digital town square, and in being able to be part of a single global conversation. Twitter was a big part of how I kept up with goings-on in tech from my perch in provincial Italy. Timezones aside, Twitter meant that not being in Silicon Valley was not a major handicap, because I could catch up with everything that was begin discussed in my own time (in a way that would not have been possible if more real-time paradigms like Clubhouse had taken off).

Of course town squares also attract mad people and false prophets, for the exact same reason: because they can find an audience. This is why it is important for town squares to have rules of acceptable behaviour, enforced by some combination of ostracism and ejection.

Twitter under Musk appears to be opposed to any form of etiquette, or at least its enforcement. The reason people are streaming out of the square is that it is becoming overrun with rude people who want to shout at them, so they are looking for other places to meet and talk. There is nothing quite like the town square that was Twitter, so everyone is dispersing to cafes, private salons, and underground speakeasies, to continue the conversation with their particular friends and fans.

These days few of us go to a physical town square every day, even here in Italy where most of the population has access to one. They remain places where we meet, but the meeting is arranged elsewhere, using digital tools that the creators of those piazzas could not even have immagined.

As the Twitter diaspora continues, maybe more of us — me included! — should remember to go out to the town square, put the phone away, and be present with people in the same place for a little while.

Then, when we go back online — because of course we will go back online, that's where we live these days — we will have to be more intentional about who we talk to. Intentionality is sometimes presented as being purely positive, but it also requires effort. Where I used to have Twitter and Unread, now I have added Mastodon, Artifact, Substack, and Wavegraph, not to mention a reinvigorated LinkedIn, and probably more to come. There is friction to switching apps: if I have a moment to check in, which app do I turn to — and which app do I leave "for later"?

This is not going to be a purely negative development! As in all moments of change, new entrants will take advantage of the changed situation to rise above the noise threshold. Meanwhile, those who benefited from the previous paradigm will have to evolve with the times. At least this time, it's an actual organic change, rather than chasing the whims of an ad-maximising algorithm, let alone one immature meme-obsessed billionaire man-child.


🖼️ Photo by Inma Santiago on Unsplash

Old Views For Today's News

Here's a blog post I wrote back in 2015 for my then-employer that I was reminded of while recording the latest episode of the Roll For Enterprise podcast. Since the original post no longer seems to be available via the BMC web site, I assume they won't mind me reposting it here, with some updated commentary.
cia.png

xkcd, CIA

There has been a certain amount of excitement in the news media, as someone purportedly associated with ISIL has taken over and defaced US Central Command's Twitter account. The juxtaposition with recent US government pronouncements on "cyber security" (ack) is obvious: Central Command’s Twitter Account Hacked…As Obama Speaks on Cybersecurity.

The problem here is the usual confusion around IT in general, and IT security in particular. See for instance CNN:

The Twitter account for U.S. Central Command was suspended Monday after it was hacked by ISIS sympathizers -- but no classified information was obtained and no military networks were compromised, defense officials said.

To an IT professional, even without specific security background, this is kind of obvious.

shucking-a-tutorial.jpgPenny Arcade, Brains With Urgent Appointments

However, there is a real problem here. IT professionals also have a blind spot here: they don't think of things like Twitter accounts when they are securing IT infrastructure. This oversight can expose organisations to serious problems.

One way this can happen is credential re-use and leaking in general. Well-run organisations will use secure password-sharing services such as LastPass, but many times without IT guidance teams might instead opt for storing credentials in a spreadsheet, as we now know happened at Sony. If someone got their hands on even one set of credentials, what other services might they be able to unlock?

The wider issue is the notion of perimeter defence. IT security to date has been all about securing the perimeter - firewalls, DMZs, NAT, and so on. Today, though, what is the perimeter? End-user services like Dropbox, iCloud, or Google Docs, as well as multi-tier enterprise applications, span back and forth across the firewall, with data stored and code executed both locally and remotely.

I don't mean to pick on Sony in particular - they are just the most recent victims - but their experience has shown once and for all that focusing only on the perimeter is no longer sufficient. The walls are porous enough that it is no longer possible to assume that bad guys are only outside. Systems and procedures are needed to detect anomalous activity inside the network, and once that occurs, to handle it rapidly and effectively.

This cannot happen if IT is still operating as "the department of NO", reflexively refusing user requests out of fear or potential consequences. If the IT department tries to ban everything, users will figure out a way to go around the restrictions to achieve their goals. The risk then is that they make choices which put the entire organisation and even its customers at risk. Instead, IT needs to engage with those users and find creative, novel ways to deliver on their requirements without compromising on their mandate to protect the organisation.

While corporate IT cannot be held responsible for the security of services such as Twitter, they can and should advise social-media teams and end-users in general on how to protect all of their services, inside and outside the perimeter.

There are a still a lot of areas where IT is focused on perimeter defence. Adopting Okta or another SSO service is not a panacea; you still do need to consider what would happen when (not if) someone gets inside the first layer of defence. How would you detect them? How would you stop them?

The Okta breach has also helpfully provided an example of another important factor in security breaches: comms. Okta's comms discipline has not been great, reacting late, making broad denials that they later had to walk back, and generally adding to the confusion rather than reducing it. Legislation is being written around the world (with the EU as usual taking the lead) to mandate disclosure in situations like these, which may focus minds — but really, if you're not sufficiently embarrassed as a security provider that a bunch of teenagers were apparently running around your network for at least two weeks without you detecting them, you deserve all the fines you're going to get.

These are no longer purely tech problems. Once you get messy humans in the mix, the conversation changes from "how many bits of entropy does the encryption algorithm need" to "what is the correct trade-off between letting people get their jobs done and ensuring a reasonable level of security, given our particular threat model". Working with humans means communicating with them, so you’d better have a plan ready to go for what to say in a given situation. Hint: blanket denials early on are generally a bad idea, leaving hostages to fortune unnecessarily.

Have a plan ready to go for what you will say in a given situation (including what you may be legally mandated to disclose, and on what timeframe), and avoid losing your customers’ trust. Believe me, that’s one sort of zero trust that you don’t want!

Help, I'm Being Personalised!

As the token European among the Roll For Enterprise hosts, I'm the one who is always raising the topic of privacy. My interest in privacy is partly scarring from an early career as a sysadmin, when I saw just how much information is easily available to the people who run the networks and systems we rely on, without them even being particularly nosy.

Because of that history, I am always instantly suspicious of talk of "personalising the customer experience", even if we make the charitable assumption that the reality of this profiling is more than just raising prices until enough people balk. I know that the data is unquestionably out there; my doubts are about the motivations of the people analysing it, and about their competence to do so correctly.

Let's take a step back to explain what I mean. I used to be a big fan of Amazon's various recommendations, for products often bought with the product you are looking at, or by the people who looked at the same product. Back in the antediluvian days when Amazon was still all about (physical) books, I discovered many a new book or author through these mechanisms.

One of my favourite aspects of Amazon's recommendation engine was that it didn't try to do it all. If I bought a book for my then-girlfriend, who had (and indeed still has, although she is now my wife) rather different tastes from me, this would throw the recommendations all out of whack. However, the system was transparent and user-serviceable. Amazon would show me transparently why it had recommended Book X, usually because I had purchased Book Y. Beyond showing me, it would also let me go back into my purchase history and tell it not to use Book Y for recommendations (because it was not actually bought for me), thereby restoring balance to my feed. This made us both happy: I got higher-quality recommendations, and Amazon got a more accurate profile of me, that it could use to sell me more books — something it did very successfully.

Forget doing anything like that nowadays! If you watch Netflix on more than one device, especially if you ever watch anything offline, you'll have hit that situation where you've watched something but Netflix doesn't realise it or won't admit it. And can you mark it as watched, like we used to do with local files? (insert hollow laughter here) No, you'll have that "unwatched" episode cluttering up your "Up next" queue forever.

This is an example of the sort of behaviour that John Siracusa decried in his recent blog post, Streaming App Sentiments. This post gathers responses to his earlier unsolicited streaming app spec, where he discussed people's reactions to these sorts of "helpful" features.

People don’t feel like they are in control of their "data," such as it is. The apps make bad guesses or forget things they should remember, and the user has no way to correct them.

We see the same problem with Twitter's plans for ever greater personalisation. Twitter defaulted to an algorithmic timeline a long time ago, justifying the switch away from a simple chronological feed with the entirely true fact that there was too much volume for anyone to be a Twitter completist any more, so bringing popular tweets to the surface was actually a better experience for people. To repeat myself, this is all true; the problem is that Twitter did not give users any input into the process. Also, sometimes I actually do want to take the temperature of the Twitter hive mind right now, in this moment, without random twenty-hour-old tweets popping up out of sequence. The obvious solution of giving users actual choice was of course rejected out of hand, forcing Twitter into ever more ridiculous gyrations.

The latest turn is that for a brief shining moment they got it mostly right, but hilariously and ironically, completely misinterpreted user feedback and reversed course. So much for learning from the data… What happened is that Twitter briefly gave users the option of adding a "Latest Tweets" tab with chronological listing alongside the algorithmic default "Home" tab. Of course such an obviously sensible solution could not last, for the dispiriting reason that unless you used lists, the tabbed interface was new and (apparently) confusing. Another update therefore followed rapidly on the heels of the good one, which forced users to choose between "Latest Tweets" or "Home", instead of simply being able to have both options one tap apart.

Here's what it boils down to: to build one of these "personalisation" systems, you have to believe one of two things (okay, or maybe some combination):

  • You can deliver a better experience than (most) users can achieve for themselves
  • Controlling your users' experience benefits you in some way that is sufficiently important to outweigh the aggravation they might experience

The first is simply not true. It is true that it is important to deliver a high-quality default that works well for most users, and I am not opposed in principle to that default being algorithmically-generated. Back when, Twitter used to have "While you were away" section which would show you the most relevant tweets since you last checked the app. I found it a very valuable feature — except for the fact that I could not access it at will. It would appear at random in my timeline, or then again, perhaps not. There was no way to trigger it manually, or any place where it would appear reliably and predictably. You just had to hope — and then, instead of making it easier to access on demand, Twitter killed the entire feature in an update. The algorithmic default was promising, but it needed just a bit more control to make it actually good.

This leads us directly to the second problem: why not show the "While you were away" section on demand? Why would Netflix not give me an easy way to resume watching what I was watching before? They don't say, but the assumption is that the operators of these services have metrics showing higher engagement with their apps when they deny users control. Presumably what they fear is that, if users can just go straight to the tweets they missed or the show they were watching, they will not spend as much time exploring the app, discovering other tweets or videos that they might enjoy.

What is forgotten is that "engagement" just happens to be one metric that is easy to measure — but the ease of measurement does not necessarily make it the most important dimension, especially in isolation. If that engagement is me scrolling irritably around Twitter or Netflix, getting increasingly frustrated because I can't find what I want, my opinion of those platforms is actually becoming more corroded with every additional second of "engagement".

There is a common unstated assumption behind both of the factors above, which is that whatever system is driving the personalisation is perfect, both unbreakable in its functioning and without corner cases that may deliver sub-optimal results even when the algorithm is working as designed. One of the problems with black-box systems is that when (not if!) they break, users have no way to understand why they broke, nor to prevent them breaking again in the future. If the Twitter algorithm keeps recommending something to me, I can (for now) still go into my settings, find the list of interests that Twitter has somehow assembled for me, and delete entries until I get back to more sensible recommendations. With Netflix, there is no way for me to tell it to stop recommending something — presumably because they have determined that a sufficient proportion of their users will be worn down over time, and, I don't know, whatever the end goal is — watch Netflix original content instead of something they have to pay to license from outside.

All of this comes back to my oft-repeated point about privacy: what is it that I am giving up my personal data in exchange for, in the end? The promise is that all these systems will deliver content (and ads)(really it's the ads) that are relevant to my interests. Defenders of surveillance capitalism will point out that profiling as a concept is hardly new. The reason you find different ads in Top Gear Magazine, in Home & Garden, and in Monocle, is that the profile for the readership is different for each publication. But the results speak for themselves: when I read Monocle, I find the ads relevant, and (given only the budget) I would like to buy the products featured. The sort of ads that follow me around online, despite a wealth of profile information generated at every click, correlated across the entire internet, and going back *mumble* years or more, are utterly, risibly, incomprehensibly irrelevant. Why? Some combination of that "we know better" attitude, algorithmic profiling systems delivering less than perfect results, and of course, good old fraud in the adtech ecosystem.

So why are we doing this, exactly?

It comes back to the same issue as with engagement: because something is easy to measure and chart, it will have goals set against it. Our lives online generate stupendous volumes of data; it seems incredible that the profiles created from those megabytes if not gigabytes of tracking data have worse results than the single-bit signal of "is reading the Financial Times". There is also the ever-present spectre of "I know half of my ad spending is wasted, I just don't know which half". Online advertising with its built-in surveillance mechanisms holds out the promise of perfect attribution, of knowing precisely which ad it was which caused the customer to buy.

And yet, here we are. Now, legislators in the EU, in China, and elsewhere around the world are taking issue with these systems, and either banning them outright or demanding they be made transparent in their operation. Me, I'm hoping for the control that Amazon used to give me. My dream is to be able to tell YouTube that I have no interest in crypto, and then never see a crypto ad again. Here, advertisers, I'll give you a freebie: I'm in the market for some nice winter socks. Show me some ads for those sometime, and I might even buy yours. Or, if you keep pushing stuff in my face that I don't want, I'll go read a (paper) book instead. See what that does for engagement.


🖼️ Photos by Hyoshin Choi and Susan Q Yin on Unsplash

Interoperable Friendship

Whenever the gravitational pull of social networks comes up, there is a tendency to offer a quick fix by "just" letting them integrate with each other, or offer export/import capability.

Cory Doctorow tells an emotional tale in Wired about his grandmother's difficult decision to leave all of her family and friends behind in the USSR, and concludes with this impassioned appeal:

Network effects are why my grandmother's family stayed behind in the USSR. Low switching costs are why I was able to roam freely around the world, moving to the places where it seemed like I could thrive.

Network effects are a big deal, but it's switching costs that really matter. Facebook will tell you that it wants to keep bad guys out – not keep users in. Funnily enough, that's the same thing East Germany's politburo claimed about the Berlin Wall: it was there to keep the teeming hordes of the west out of the socialist worker's paradise, not to lock in the people of East Germany.

Mr Zuckerberg, tear down that wall.

As appealing as that vision is, here is why interoperability won't and can't work.

Let's take our good friends Alice and Bob, from every cryptography example ever. Alice and Bob are friends on one social network, let's call it Facester. They chat, they share photos, they enter a bunch of valuable personal information. So far so good; information about each user is stored in a database, and it's pretty trivial to export user information, chat logs, and photographs from the system.

Here's the problem: the account data is not the only thing that is valuable. You also want the relationships between users. If Alice wants to join a new network, let's call it Twitbook, being able to prepopulate it with her name and profile picture is the least of her issues. She is now faced with an empty Twitbook feed, because she isn't friends with anyone there yet.1

Alice and Bob's relationship on Facester is stored in a data structure called a graph; each link between nodes in the graph is called an edge. While this structure can be exported in purely technical terms, this is where things start getting complicated.

What if Alice and Bob's sworn enemy, Eve, registers on Twitbook with Bob's name? Or maybe there's simply more than one Bob in the world. How can Twitbook meaningfully import that relationship from Facester?

There are various policies that you could come up with, ranging from terrible to more terrible.

If both Alice and Bob go to a certain amount of effort, entering their Facester profile info on Twitbook and vice versa, the export and reimport will be able to reconcile the data that way — but that's a lot of work and potential for error. What happens if even one of your friends hasn't done this, or gets it wrong? Should the import stop or continue? And does the destination network get to keep that dangling edge? Here in what we still call the real world, Facebook already creates "ghost profiles" for people who do not use its services, but whose existence they have inferred from their surveillance-driven adtech. These user records have value to FB because they can still be used for targeting and can have ads sold against them.

Alice and Bob's common friend Charlie has chosen not to register for Twitbook because they dislike that service's privacy policy. However, if either Alice or Bob imports their data from Facester into Twitbook, Charlie could still end up with one of these ghost profiles against their wishes. Contact data are not the property of the person who holds them. Back to the real world again, this is the problem that people have with the likes of Signal or Clubhouse, that prompt users to import their whole address book and then spam all of those people. This functionality is not just irritating, it's also actively dangerous as a vector for abuse.

Another terrible policy is to have some kind of global unique identifier for users, whether this means mandating the use of government-assigned real names, or some global register of user IDs. Real names are problematic for all sorts of reasons, whether it's for people who prefer to use pseudonyms or nicknames, or people who change their name legitimately. Facebook got into all sorts of trouble with their own attempt at a real-name policy, and that was just for one network; you could still be pseudonymous on Twitter, precisely because the two networks are not linked.

People do want to partition off different parts of their identity. Maybe on Facester Alice presents as a buttoned-up suburban housewife, but on Twitbook she lets her hair down and focuses on her death metal fandom. She would prefer not to have to discuss some of the imagery and lyrics that go with that music at the PTA, so she doesn't use the same name and keeps these two aspects of her personality on separate networks. Full interoperability between Facester and Twitbook would collapse these different identities, whatever Alice's feelings on the matter.

Some are invoking the right to data portability that is enshrined in GDPR, but this legislation has the same problem with definitions: whose data are we talking about, exactly?

The GDPR states (emphasis mine):

The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.

Applying this requirement to social networks becomes complicated, though, because Alice's "personal data" also encompasses data about her relationships with Bob and Charlie. Who exactly does that data belong to? Who can give consent to its processing?

GDPR does not really address the question of how or whether Alice should be allowed to obtain and reuse data about Bob and Charlie; it focuses only on the responsibility of Facester and Twitbook as data controllers in this scenario. Here are its suggestions about third parties’ data:

What happens if the personal data includes information about others?

If the requested information includes information about others (eg third party data) you need to consider whether transmitting that data would adversely affect the rights and freedoms of those third parties.

Generally speaking, providing third party data to the individual making the portability request should not be a problem, assuming that the requestor provided this data to you within their information in the first place. However, you should always consider whether there will be an adverse effect on the rights and freedoms of third parties, in particular when you are transmitting data directly to another controller.

If the requested data has been provided to you by multiple data subjects (eg a joint bank account) you need to be satisfied that all parties agree to the portability request. This means that you may have to seek agreement from all the parties involved.

However, all of this is pretty vague and does not impose any actual requirements. People have tens if not hundreds of connections within social networks; it is not realistic that everybody get on board with each request, in the way that would work for the GDPR's example of a joint bank account, which usually involves only two people. If this regulation were to become the model for regulation of import/export functionality of social networks, I think it's a safe bet that preemptive consent would be buried somewhere in the terms and conditions, and that would be that.

Tearing down the walls between social networks would do more harm than good. It's true that social networks rely on the gravity of the data they have about users and their connections to build their power, but even if the goal is tearing down that power, interoperability is not the way to do it.


UPDATE: Thanks to Cory Doctorow for pointing me at this EFF white paper after I tagged him on Twitter. As you might expect, it goes into a lot more detail about how interoperability should work than either a short Wired article or this blog post do. However, I do not feel it covers the specific point about the sort of explicit consent that is required between users before sharing each others' data with the social networks, and the sorts of information leaks and context collapse that such sharing engenders.


🖼️ Photos by NordWood Themes, Alex Iby, and Scott Graham on Unsplash


  1. Or she doesn't follow anyone, or whatever the construct is. Let's assume for the sake of this argument that the relationships are fungible across different social networks — which is of course not the case in the real world: my LinkedIn connections are not the same people I follow on Twitter. 

The Wrong Frame

The conversation about the proposed Australian law requiring Internet companies to pay for news continues (previously, previously).

Last time around, Google had agreed to pay A$60m to local news organisations, and had therefore been exempted from the ban. Facebook initially refused to cough up, and banned news in Australia — and Australian news sites entirely — but later capitulated and reversed their ban on news pages in Australia. They even committed to invest $1 billion in news.

One particular thread keeps coming up in this debate, which is that news publications benefit from the traffic that Facebook and Google send their way. This is of course true, which is why legislation that demands that FB & Google pay for links to news sites is spectacularly ill-conceived, easy to criticise, and certain to backfire if implemented.

Many cite the example of Spain, where Google shuttered the local Google News service after a sustained campaign — only for newspapers to call on European competition authorities to stop Google shutting its operation. However, it turns out that since the Google News shutdown in Spain, overall traffic to news sites went largely unchanged.

Getting the facts right in these cases is very important because the future of the web and of news media is at stake. The last couple of decades have in my opinion been a huge mistake, with the headlong rush after ever more data to produce ever more perfectly targeted advertising obscuring all other concerns. Leaving aside privacy as an absolute good, even on the utilitarian terms of effective advertising, this has been a very poor bargain. Certainly I have yet to see any targeted ads worth their CPM, despite the torrent of data I generate. Meanwhile, ads based off a single bit of information — "Dominic is reading Wired" (or evo, or Monocle) have lead me to many purchases.

The worst of it is that news media do not benefit at all from the adtech economy. Their role is to be the honeypot that attracts high-value users — but the premise of cross-site tracking is that once advertisers have identified those high-value users, they can go and advertise to them on sites that charge a lot less than top-tier newspapers or magazines. The New York Times found this out when they turned off tracking on their website due to GDPR — and saw no reduction in ad revenues.

Of course not every site has the cachet or the international reach of the NYT, but if you want local news, you read your local paper — say, the Sydney Morning Herald. Meanwhile, if you're an advertiser wanting to reach people in Sydney, you can either profile them and track them all over the web (or rather, pay FB & G to do it for you) — or just put your ad in the SMH.

Hard cases make bad law. The question of how to make news media profitable in the age of the Web where the traditional dynamics of that market have been completely upended is a hard and important one. This Australian law is not the right way to solve that question, even aside from the implications of this basically being a handout to Rupert Murdoch — and one which would end up being paid in the US, not even in Australia.

Let us hope that the next government to address this question makes a better job of it.


🖼️ Photo by AbsolutVision on Unsplash

The Framing Continues

The framing of Australia's battle against Google and Facebook continues in a new piece with the inflammatory title Australian law could make internet ‘unworkable’, says World Wide Web inventor Tim Berners-Lee.

Here's what Sir Timothy had to say:

"Specifically, I am concerned that that code risks breaching a fundamental principle of the web by requiring payment for linking between certain content online"

This is indeed the problem: I am not a lawyer, nor do I play one on the internet, so I won't comment on the legalities of the Australian situation — but any requirement to pay for links would indeed break the Web (not the Internet!) as we know it. But that's not the issue at risk, despite Google's attempts to frame the situation that way (emphasis mine):

Google contends the law does require it to pay for clicks. Google regional managing director Melanie Silva told the same Senate committee that read Berners-Lee’s submission last month she is most concerned that the code "requires payments simply for links and snippets."

As far as I can tell, the News Media and Digital Platforms Mandatory Bargaining Code does not actually clarify one way or the other whether it applies to links or snippets. This lack of clarity is the problem with regulations drafted to address tech problems created by the refusal of tech companies to engage in good-faith negotiations. Paying for links, such as the links throughout this blog post, is one thing — and that would indeed break the Web. Paying for snippets, where the whole point is that Google or Facebook quote enough of the article, including scraping images, that readers may not feel they need to click through to the original source, is something rather different.

Lazily conflating the two only helps unscrupulous actors hide behind respected names like Tim Berners-Lee's to frame the argument their own way. In law and in technology, details matter.

And of course you can't trust anything Facebook says, as they have once again been caught over-inflating their ad reach metrics:

According to sections of a filing in the lawsuit that were unredacted on Wednesday, a Facebook product manager in charge of potential reach proposed changing the definition of the metric in mid-2018 to render it more accurate.

However, internal emails show that his suggestion was rebuffed by Facebook executives overseeing metrics on the grounds that the "revenue impact" for the company would be "significant", the filing said.

The product manager responded by saying "it’s revenue we should have never made given the fact it’s based on wrong data", the complaint said.

The proposed Australian law is a bad law, and the reason it is bad is because it is based on a misapprehension of the problem it aims to solve.

In The Frame

Google and Facebook have been feuding with the Australian government for a while, because in our cyberpunk present, that's what happens: transnational megacorporations go toe-to-toe with governments. The news today is that Google capitulated, and will pay a fee to continue accessing Australian news, while Facebook very much did not capitulate. This is what users are faced with, whether sharing a news item from an Australian source, or sharing an international source into Australia:

Image

I see a lot of analysis and commentary around this issue that is simply factually wrong, so here's a quick explainer. Google first, because I think it's actually the more interesting of the two.

The best way to influence the outcome of an argument is to apply the right framing from the beginning. If you can get that framing accepted by other parties — opponents, referees, and bystanders in the court of public opinion — you’re home free. For a while there, it looked like Google had succeeded in getting their framing accepted, and in the longer run, that may still be enough of a win for them.

The problem that news media have with Google is not with whether or not Google links to their websites. After all, 95% of Australian search traffic goes to Google, so that’s the way to acquire readers. The idea is that Google users search for some topic that’s in the news, click through to a news article, and there they are, on the newspaper’s website, being served the newspaper’s ads.

The difficulty arises if Google does not send the readers through to the newspaper’s own site, but instead displays the text of the article in a snippet on its own site. Those readers do not click through to the newspaper’s site, do not get served ads by the newspaper, and do not click around to other pages on the newspaper’s site. In fact, as far as the newspaper is concerned, those readers are entirely invisible, not even counted as immaterial visitors to swell their market penetration data.

This scenario is not some far-fetched hypothetical; this exact sequence of events played out with a site called CelebrityNetWorth. The site was founded on the basis that people would want to know how rich a given famous person was, and all was well — until Google decided that, instead of sending searches on to CelebrityNetWorth, they would display the data themselves, directly in Google. CelebrityNetWorth's traffic cratered, together with their ad revenue.

That is the scenario that news media want to avoid.

Facebook does the same sort of thing, displaying a preview of the article directly in the Facebook News Feed. However, the reason why Google have capitulated to Australia's demands and Facebook have not is that Facebook is actively trying to get out of dealing with news. It's simply more trouble than it's worth, netting them accusations from all quarters: they are eviscerating the news media, while also radicalising people by creating filter bubbles that only show a certain kind of news. I would not actually be surprised if they used the Australian situation as an experiment prior to phasing out news more generally (it's already only 4% of the News Feed, apparently).

There has also been some overreach on the Australian side, to be sure. In particular, early drafts of the bill would have required that tech companies give their news media partners 28 days’ notice before making any changes that would affect how users interact with their content.

The reason these algorithms important is that for many years websites — and news media sites are no exception — have had to dance to the whims of Facebook and Google's algorithms. In the early naive days of the web, you could describe your page by simply putting relevant tags in the META elements of the page source. Search engines would crawl and index these, and a search would find relevant pages. However, people being people, unscrupulous web site operators quickly began "tag stuffing", putting all sorts of tags in their pages that were not really relevant but would boost their search ranking.

And so began an arms race between search engines trying to produce better results for users, and "dark SEO" types trying to game the algorithm.

Then on top of that come social networks like Facebook, which track users' engagement with the platform and attempt to present users with content that will drive them to engage further. A simplistic (but not untrue) extrapolation is that inflammatory content does well in that environment because people will be driven to interact with it, share it, comment on it, and flame other commenters.

So we have legitimate websites (let's generously assume that all news media are legit) trying to figure out this constantly changing landscape, dancing to the platforms' whims. They have no insight into the workings of the algorithm; after all, nothing can be published without the scammers also taking advantage. Even the data that is provided is not trustworthy; famously, Facebook vastly over-inflated its video metrics, leading publications to "pivot to video", only to see little to no return on their investments. Some of us, of course, pointed out at the time that not everyone wants video — but publications desperate for any SEO edge went in big, and regretted it.1

Who decides what we see? The promise of "new media" was that we would not be beholden to the whims of a handful of (pale, male and stale) newspaper editors. Instead, we now have a situation in which it is not even clear what is news and what is not, with everybody — users and platforms — second-guessing each other.

And so we find ourselves running an experiment in Australia: is it possible to make news pay? Or will users not miss it once it's gone? Either way, it's going to be interesting. For now, the only big loser seems to be Bing, who had hoped to swoop in and take the Australian web search market from Google. The deal Google signed with News Corporation runs for three years, which should be enough time to see some results.


🖼️ Photo by Markus Winkler on Unsplash


  1. Another Facebook metric that people relied on was Potential Reach; now it emerges that Facebook knowingly allowed customers to rely on vastly over-inflated Potential Reach numbers