Something’s afoot on the internets. Something pretty significant, and yet for reasons I can’t completely understand, there hasn’t been that much chatter about it.

SOPA, the Stop Online Piracy Act, was introduced into the US House of Representatives near the end of 2011, and if things proceed as they have been, it could soon be law.

I won’t explain in detail what this potential legislation actually says. But the long and short of it is as follows:

Long: Wikipedia Entry

Short: WordPress’ official statement plus an explanatory video

Even shorter: If this law passes, companies (as well as the US government) will be able to shut down websites which they feel are infringing copyright law.

On the surface, this seems like a pretty rational thing to do. However, the text of the legislation is so vague that doesn’t actually do anything to stop piracy at all. What it does do is give the US government and any company the ability to bury other companies in lawsuits and red tape, effectively suing them out of business. ISPs can be ordered by the government to block access to the domain names of any offending websites (though you’ll still be able to access them directly via their IP address). It also represents a shift from pursuing individuals who post copyrighted material, to targetting the entire website that hosts it.

This is not about a few rogue websites that host ripped DVDs or decryption software. In fact, this legislation has attracted the attention of more than a few large organizations. Observe:

SOPA Opponents List

There’s even an app available in the Android marketplace that lets you see if a company is on the SOPA supporters list (strangely, there’s no such thing in the Apple App Store, even though Apple is on the SOPA opponents list): Android App

Still need a reason to care about this? Think about any site you’ve used in the past whose sole purpose is to share media/info/ideas with others. This includes:

- YouTube
- Flickr
- Scribd
- SoundCloud
- Twitter
- Tumblr
- Facebook
- Wikipedia
-… etc etc etc (See the SOPA opponents list I pointed out earlier)

Now think about what your experience on the internet would be like with most of those websites blocked or sued to the point that they can no longer operate online.

This is not good. This is less about stopping piracy than it is about giving unprecedented power to corporations/government to deem what is and isn’t appropriate for people to consume online. This is about allowing an industry to quash fundamental mechanisms of free expression in order to protect profits.

It’s no surprise that this isn’t getting much coverage in the media, because the media stands to profit from SOPA being passed, but that’s not really the point. Mainstream media/business is intertwined with the same online, social mechanisms that will suffer as a result of SOPA; there are 80,000 people talking about the NFL, and 264,000 people talking about Coke on Facebook right now. Yet both of these companies support SOPA, which would threaten to wipe out those conversations – and the corresponding data. Data which they rely on to drive their advertising initiatives.

Given the list of companies that have lent their support to this bill, I’m not sure that a boycott is a practical way to respond, especially since the number of companies disappearing from this list continues to change. Although if you can manage without engaging any of these companies, by all means go for it. What would help is for people to be vocal. This will affect a significant number of people in some way, shape, or form. If you’re reading this right now, you’re most likely one of them. If you live in the US, write to your congressperson. For everyone else, write about it through whatever channel you deem appropriate.

For the average person who lives their life “online“, proper password management is one of those things that fall into the “Never skip breakfast” category. You know you’re supposed to listen, but you rarely pay attention. It’s a hassle more than anything else. Sometimes the number of email messages in my inbox that start with “You have requested to reset your password…” outnumber all others. Equally abundant are the number of applications out there that promise to handle all of your passwords so that you never have to. To my knowledge, not a single one of them has caught on (probably for fear that you might forget the password to that all-encompassing app one day).

Hollywood and hardware alike have long promised highly advanced, incredibly slick looking ways of securing access to data. Everything from retinal scanners and voice-print identification to facial recognition software has been touted as the next wave in identity protection. However, aside from appearances in commercial and military applications (and on ThinkGeek), none of these shiny gadgets are in widespread consumer use. Even fingerprint scanners haven’t really blossomed as much as once expected.

So what do you do? How do you find that sweet spot between “Idiot-proof to manage/remember” and “Fort-knox secure?”

Firstly, let’s think about the way we access secure data – email, website content, bank accounts, etc. Successfully doing so usually requires matching one value with another (username/email and a password); a pairing that in theory, is known only to the user. One remains constant and is publicly exposed in most cases (the username), while the other one (the password) changes. Methods for [humans] generating passwords usually involve remembering something unique to the user, combined with some obfuscating characters that make random guessing harder for the would-be password cracker, human or otherwise. The name of your cat using numbers for letters, plus the last four digits of your wife’s birth date. Your childhood nickname plus the number of siblings you had (multiplied by 3). Sounds reasonable, though recent reports show that some users aren’t quite so savvy:

Images from Tom’s Hardware

It’s quite a hassle! Considering the number of websites and applications people access on a daily basis, it’s no wonder some people cave and do a 2-finger dance down the number row in order to generate a password that isn’t hard to remember (for the user, or the identity thief.) Well, there is an idea which I’ve always thought could pass the test of being user-friendly and relatively secure (perish the thought). It uses an existing piece of technology – Security Questions – in a slightly different way. Security Questions are usually used to validate the identity of a user that has already entered a correct username/password combination; a “just in case” measure. It’s supposed to be an easily identifiable piece of information which is also unique to the user.

There are LOTS of little bits of information like this, which we constantly keep stored in our heads. A long forgotten (and sometimes hated) nickname, the address of our favourite greasy spoon, the number of days till retirement, and so on. Well, what if passwords were done away with entirely, and the system were to ask us for 1, 2, or more of these questions from a pre-set list that you could modify at any time? The system presents you with the random question (in Captcha form if you like), you enter the correct answer(s), and you’re in. On the off chance you get one wrong, you’re given a certain number of alternates. Higher level security systems might require more answers. The benefit to a system like this is that there is no longer a 1:1 relationship between the 2 values used to authenticate a user. It can be 1:2, 1:30, 1:100…or 1:X. The number of possible question-answer pairs is up to the system architect. If they wants to get fancy, they could use any number of ways to manage the list of questions and answers. Store them separately and match them using a unique hash, or put them together in a database as an object and match them to the user, for starters.

Every time a user tries to gain access to a system, a different different question is asked. Consequently, a different answer must be given depending on what question the system asks. It’s as if you’re carrying around a set of keys and the system prompts you which lock to open. For added security, every time a question-answer pair is added to the list, an attribute of the entire list can be changed (think checksums) which makes previous attempts to crack the entire list useless. This is a lot of work up front for the user, granted. But it pays off… IF the system is designed to be portable. People HATE going through the hassle of setting up passwords for single user accounts, let alone several. So, much like importing bookmarks across browsers, there needs to be a way to shuffle the question/answer list around from app to app. Of course, portability means maintaining standards across the board, and well… we all know how well standards are adhered to on the web.

This type of security system is not fool-proof however (I challenge you to find one that is), and it will inevitably come under assault as people ask the following questions:

Q: What happens if someone guesses the answer to your security question?
A: This is no different than someone guessing your password, and only if they happen to be prompted with the appropriate question. Further, they may be able to guess one answer, but can they guess 2, 3, or more?

Q: The list of answers is still vulnerable though! People know that city names are likely the answers to questions like “Where were you born?” What good is that?
A: Simple answers in and of themselves are fairly weak, but it’s up to the user to choose multiple question and answer pairings that are both secure and easy to remember. As well, it’s up to the user to determine the format of the answers. The answer to “What city were you born in?” doesn’t have to be “Toronto.” It could be “That city I was born in”, or “Monkeytown” or “Rigel IV” for that matter. As long as it’s the answer you designated, everything’s fine.

Q: What happens if you don’t want a question in the list any more?
A: … delete it.

The fundamental difference with this concept is that the “lock” isn’t one static thing that can be pored over and studied in an attempt to break it. It constantly changes, and yet remains easy to manage. Another significant difference is that the focus isn’t on making passwords themselves harder to “guess.” Rather, it’s about changing the way we think about passwords in general, and moving away from the traditional “lock-and-key” model, in order to make accessing sensitive data a simpler process without sacrificing security.

It’s entirely possible that I’ll review this in a few months, and file the idea away on a shelf next to my plans for Hamburger Earmuffs and Electric Paperclips. But until that time, I invite your thoughts and opinions.

I recently took a look back at my life around 1990-2000, in which my identity was stamped into a ribbon by a barely-functional label maker. The treks to the food court to consume food which is only now kicking me in the rear. That rayon-polyester smell that never, ever seemed to fade. Upon reflection, I realized that I have an incredible disdain for department stores that remains with me to this day, specifically the monolithic dinosaurs that reside in many shopping malls.

Now, there’s nothing wrong with any specific store/brand per se. I have no particular qualms with the Hudson’s Bay Co., or Sears or Walmart or what have you. It’s the actual physical structures themselves that have managed to foster a growing revulsion within me. So I suppose that makes this more of a gripe about mall architecture moreso than anything else. Walk into one – any one at all – and it’ll strike you immediately; this is exactly the same building that you visited as a child (experiences in your area may vary of course). The tiles, the floor, carpet, walls, even the shade of artificial light that soaks each floor is exactly the same as it was in the 1980′s, when 256 shades of beige defined an entire palette of color. Even the sounds are the same. Any time I hear Chuck Mangione’s “Feels So Good”, I cringe just a wee bit.

Mall designs rival casinos in their ability to trap customers inside and force them to wander around until something catches their attention. No clocks, no windows to the outside, minimal straight pathways from end to end. Get them inside, keep them inside. The next time you’re inside, see how many seconds it takes you before you can turn 360 degrees and not be able to see which way is out. Even the escalators are a trap. Sure they pair them together; one up, one down. However, they alternate between floors so that in order to traverse more than one [floor], you have to wander through more merchandise (design, schmesign, there’s got to be any number of ways to accommodate this).

As if the above weren’t enough to induce a degree of sensory aversion, there’s also the insanity of the December shopping season. Grandmas turn rabid, sock and/or underwear retailers roll in mountains of money, parking lots turn into… parking lots. Malls become even more wretched at this time of year, as retailers everywhere deploy the ultimate Jedi Mind Trick, convincing consumers that they’re getting a much better deal than math and statistics would have you believe. It takes a bit of time after busy holiday season (which I refer to as “the Shopocalypse”) to wind down, for things to revert back to a relative state of calm. No more retina-burning LED decorations, disinterested mall Santas, or endless loops of “Silent Night” by Boyz II Men.

On a final note, I discovered that I’m not the only one who has this particular affliction. A quick Google search led me to Jeremy Michaels’ blog post on just this very idea: Department Store Phobia

This article caught my eye today: Online Advertising Revenues Climb Out Of The Trough, Boosted By Search, Display, And Video

I found it interesting because I work in an industry closely tied to online advertising. But how close? Without going too far into the details, my employer is in the Digital Signage space. Thus every piece of media we produce either links to, or connects with advertising in some way shape or form. But is it online? What does that even mean anymore?

In my previous post, I suggested we do away with the term “Digital” as its meaning has become too convoluted and disconnected from reality to have any… well… meaning. I propose the same with “Online.” On the surface, it seems like a term with a fairly clean and simple meaning; you’re either online, or offline. Or are you?

Smartphones, wifi, GPS, Satellite Radio, RFID, Web-enabled TV, …Web-enabled FRIDGES. All of these have rendered the idea of being “offline” almost meaningless. If you lose your network connection to your desk/laptops, its entirely possible that you have a completely separate connection available on your mobile devices. Even newspapers are becoming ever more available on eReaders and mobiles.

As far as advertising goes, what this means is that the distinction between “online” and “offline” also needs to change. “Offline” advertising then, is essentially anything on paper or slapped up on a wall. Everything else… EVERYTHING is online. So what this makes me think, is that if “online” ad revenue is starting to “climb out of a trough” (especially during the current climate), what on Earth is happening to ad dollars from other “traditional” or “offline” forms of media? Further, now that you can have circuitry embedded in the surface layer of a contact lens, how long will it be before display advertising can be targetted to specific eyeballs?

Why would you even bother with paper or brick-and-mortar advertising at that point?

2010: A new year, a new decade. It’s also an opportunity for us to eschew some of the vocabulary that has rotted since it attached itself to the lexicon of the industry over the last few years. We’re all painfully aware of some of the offending terms and phrases. “2.0″, “Smartphone”, “Twitter/Facebook/Google” (as verbs instead of nouns), … and my least favourite of the bunch…

Slap this term onto just about any product and you’re guaranteed to increase its [sales] appeal. Back when I worked in retail, I used to joke with my co-workers about adding the term “digital” to certain items just to see what would happen (we sold recreation/games related items at the time – pool tables, board games and such). People responded to it then, when it largely applied to products. People still respond to it now, as the term has spread like a virus to describe just about anything. You can’t have HDTV unless you have a “digital” cable box. Most billboards are being replaced by “digital” signs. Telcos boast about running their services on “digital high-speed networks” (at least they do north of the border). In fact, the term even defines the industry that I have been a part of for the last 9 years; “Digital” Marketing.

The following is (by and large) the accepted dictionary definition of the term “digital”:

1: (adj) digital (displaying numbers rather than scale positions) “digital clock”; “digital readout”
1: (adj) digital (relating to or performed with the fingers) “digital examination”
1: (adj) digital (of a circuit or device that represents magnitudes in digits) “digital computer”

Going by those definitions one can see that there is, at best, a tenuous connection between the term and how it is applied in common usage. For most, the term digital has come to mean something similar to the following:

“Anything to do with modern technology, gadgetry, computers, circuits, sci-fi, fast cars, outer space, and shiny things.”

Truth be told, this is still how I communicate all that is digital to some members of my family that are … less “with it”, but that’s both for their own good and my own sanity. I digress.

There is an argument to be made for the fact that “digital” (by definition #3 anyways) does in fact describe the mechanism that drives a LOT of the products and services we use. Pulses of electrons – 1′s and 0′s – provide the core syntax of the binary language, and it is this language that was first described as being digital. Thus, any bit of technology that made use of that language also had the unfortunate privilege of being described as such.

It’s time to stop. 1n 2010, using the term “digital” to increase the selling power of anything makes about as much sense as extolling the liquid properties of water. In fact, I would further suggest that if that’s the only thing you can think of to make your widget stand out from the rest, it’s probably not worth purchasing in the first place.

So, following by example, from now on AppTheta will no longer carry the Digital bit in its by-line. I promise to give the associated image a proper edit when I’m in front of a machine that sports something a tad more functional than MSPaint.

However, I was organizing/clearing out some items in Gmail the other day, when my eyes casually fell upon the indicator at the bottom of the screen that lets you know how much space you have left in the ever-expanding Google datastore. “You…blablabla…3% of 7400MB. Wow, 7400MB is a lot of-…wait. 3% I’ve got about 250MB of stuff on here.” I sat back and thought about that number, drawing relatively silly, almost cartoonish analogs just to get a sense of how much data that really is.

~230 floppy disks (remember those?).
~17,000 average (15K) Word documents, or about as many email messages of similar size.
~125,000 Twitter posts (to get even sillier, this is roughly equivalent to 14 tweets per hour, for a year)

That’s quite a bit of data!

…Sorry.

Then I wondered what I would say if a company were to come to me and say “Hey. So would you let me follow you around for a year and record what you say 14 times an hour? Oh and we’re not going to pay you for this information either. Oh and we’re also going to use this info to show you some advertising here and there.” Were I walking around just going about my daily life, I *might* have a problem with this. I mean, I don’t know if my shower-stall rendition of “Poker Face” is anything I want people listening to, never mind recording (Note: I do not actually sing in the shower.)

But the fact of the matter is, as I mentioned before, I’m making a conscious decision to post information online. As such, I’m aware that when using a Google service/product (for free), that information might actually be looked at. This is not to say that I’m allowing them to do whatever they want with it, mind you. Depending on the context (more on that in a second), I usually take a conservative approach and just presume that whatever post online will be considered public domain. Period.

What’s this about context you say? Well, truth be told, there are in fact some small corners of the internet that are marginally more “obscure” than others. I’m not talking about seedy underground file-sharing sites or any other “non http” source. I’m referring to the fairly niche clusters of community-oriented sites, blogs, forums and portals that serve members with similar interests. ArsTechnica, xkcd, Orchid Forums, and even certain social networking groups are just a few examples. Popular in their own right, and yet focused enough to attract users who search for information within a particular subset of info.

This is not to say that you shouldn’t be cognizant of material that you post in these instances, but it does tend to be the case that the level of familiarity amongst users in these sub-cultures is high enough to allow certain things (Vacation photos, discussions regarding family members etc…) to pass. But I digress.

As time goes on, more and more of your information is going to end up in the cloud. It is inevitable. The netbook segment of the hardware market is exploding. Businesses are adopting cloud infrastructure, enabling their employees more flexibility and freedom to work wherever they want to, physically separated from their information/data. Data storage limits are at a point where petabyte thumb drives (~1,000,000 Gigabytes, people) aren’t that far off. As far as cost/benefit goes, it just makes more sense (for now). We look at the concept of “unlimited storage space” today, in very much the same way we looked at the concept of smart-phones 5 years ago. Nifty sounding tech, but there are too many limitations to make it feasible for the consumer market… look how that turned out. So as this data migration occurs, it just makes sense to realize that parts of our identity are going to do the same.

I’m allowed 2 TNG references in once post.

Wired Article: Twitter To Make Money In 2010 With ‘Non-Traditional’ Ads: Biz Stone

Stone stressed the company mantra was that it was in no hurry to come up with a business plan, and needn’t be.

“There are no dates when we need to break even. We have plenty of money in the bank,”

Ok, I get this. You need a plan before you can go out and start generating revenue. But the general tone seems to indicate that while they’re doing all of this planning, the rest of the world is going to sit around and wait for them. I know that there aren’t that many direct competitors with the big T, especially those that have as deep pockets. I just don’t know if this seemingly laissez-faire attitude is the right way to go though. It doesn’t take long for the lions to realize there’s slow moving prey on the savannah.

Granted, Twitter’s recently acquired another 100 million dollars in funding without breaking a sweat. That beats my recent efforts by… about 100 million (you know, give or take). I’m definitely going to be keeping an eye open to see what their “non-traditional” advertising model is all about. Personally, I’d like to see something along the lines of flyers being dropped from giant neon zeppelins shaped like blue, fire-breathing Twitterbirds.

Just a few quick thoughts about URL shortening services, like the explosively popular Bit.ly, and it’s lesser known rivals Ow.ly, TinyURL and others.

They’ve become the standard mechanism by which people share links via microblogs like Twitter, and they’re even being adopted on forums, and other social networking sites.

As fantastic as they are for compressing unwieldy links that can end up being hundreds of characters of long (think driving directions from Google Maps), they can also be somewhat dangerous. See, I used to be (and still am) one of those people that would visually inspect a link and try to deduce whether or not I’d be clicking through to something interesting, or if I’d be greeted with flashing neon backgrounds and promises of “sexy singles in my area.” This is actually quite helpful in avoiding links that are most often, inadvertently sent through instant messages or email, by users that have fallen victim to a worm or a virus of some sort.

But with a nice, neat, short URL, there’s no way to tell the difference between the benign and malevolent. I realize that some of the bigger players are offering up ways to preview the contents of the URL beforehand (see TweetDeck’s preview URL function as an example of this.), but this does little to deter the average user from blindly clicking on a link from someone that’s considered a “trusted” source.

I see a lot of room here for 3rd party developers to hook into URL shorteners to expand preview functionality in order to minimize the clickthroughs for these virtual wolves in sheep’s clothing. Perhaps making more use of alt-tags to display long URLs, or color-coding the short URL in such case that it’s been reported as malicious/dead. Those of us in the digital space have spent years being indoctrinated against the use of “mystery meat” navigation. Links (image or otherwise) should be clear enough so as to eliminate, or at least minimize ambiguity for the user. URL shortening in its present incarnation just seems like a step away from that.

Where I went wrong:

Prior to it’s explosion in 2008-2009, Twitter had been around quietly adopting a modest userbase since about 2006, playing off of the same basic model as other microblogging platforms like Pownce, Identi.ca and others. Outside of the blogosphere though (yes, that was me you heard sighing at another term I despise using), virtually nothing was known about it. When I first started looking into the service, my guess was that the VAST majority of users would be essentially be of the “fast-food” variety. Get in fast, get a quick bite, get that heavy, bloated feeling as you wonder why you’re there in the first place, and then get out.

I also assumed that commercial entities/businesses would fail to see value in it, based on the fact that the business world is just NOW starting to understand the benefits of social tools. Further, I assumed the celebrosphere (… give me that one at least? They’ve done a LOT worse.) would embrace Twitter for as long as takes FOX to cancel a series, and be done with it.

Well,… not so much. Though current numbers suggest that there are crests and troughs with regards to who uses Twitter and for how long, there are FAR many more persistent users than I thought there would be (to be conservative) figure 1 million people broadcasting their lives in little micro-bursts over the course of the last year).

Amongst the masses is an unexpected group of users; the same businesses that I thought would have turned a blind eye to this thing. Sony Pictures, Time Magazine, the Discovery Channel, the Beeb… the list goes on. Mind you, there are a few that I totally expected to be there from the start (Explore Music and iTunes Trailers being among them).

As far as celebrity involvement that pushes beyond the boundaries of toy-dog updates and upcoming project promos? They’re there as well, and the list extends beyond the usual suspects. People like ICE-T (yes that ICE-T) broadcast daily images, quotes, and fields questions in between filming on set. “DJ” John Larroquette is among the many people posting their latest musical selections using Last.fm’s popular service. Drew Carey recently offered to donate $1 for every follower he obtained (up to 1,000,000) to the Live Strong Foundation. I can’t be the only one who finds that even slightly innovative.

Where I was right:

Even given a level of interaction and involvement amongst the Twitter community that is MUCH deeper than I anticipated, the overall environment is still dominated by spectators and transient users. Amongst my own very meager following, I’ve had people post once or twice and then go dead silent ever since. This is expected though, regardless of the technology or service that you look at (How many people out there have a blog with less than 3 posts?). However, I think this will change once a much tighter integration between mobile services and handsets is introduced. Twitter has to be part of every mobile device out there, by default, full stop. Further, proper data plans and pricing need to be there to support it (especially in Canada.)

A significant percentage of accounts out there are spambots (especially porn related spam bots). That’s just reality. Where technology evolves, porn will follow. Like it or not, the adult industry is a leader in technology development and innovation, and their balance sheets will indicate nothing less. There are a few tools and services out there that attempt to minimize the intrusion (no pun intended), but by and large it’s best to just click and unfollow these sexy, language challenged sirens when they come knocking.

Lastly, the following remains true about Twitter: For every person out there that “gets” it, I can guarantee you that there are probably 5 more that don’t. I’m gradually making my way over to the “get it” camp, but I’d still need to see exactly where this company is going in the next 12 months before the lightbulb goes to go off in my head. Is there a business model, or is it all about building a userbase? Does it maintain its residence as a “site”, or does it truly make its home on mobiles? How will commercial interests be accommodated?

As far as I’m concerned, this is still very much a “wait and see” game.

That’s pretty much how I felt about Google Wave when I first looked received my invite. It could be awesome… later, once I actually figure out what to do with it. But because it’s in limited beta right now, there aren’t really enough people that I can interact with in order to take advantage of all of its features. … Ok, a chemistry set isn’t really a social device, but you get my drift.

Don’t get me wrong. I “get” why it’s awesome. I just haven’t been able to experience it for myself. Depending on how long it’s in beta (which is likely to be quite some time, given their track record with their other products) I suppose the userbase will grow, and soon we’ll all be engaged in really rich conversations about the most recent episode of House, or how much I loathe green peppers or something.

That’s one of the things that amuses me about the mass audience (myself included). We seem to crave really cool, ever advancing technology to perform the simplest of tasks. The vast assortment of new applications dedicated to interesting ways to churn out 140 character posts on Twitter is proof of this. What do any of these apps do that’s really THAT much different from sending a text message to one or more people? Further, given that there IS a difference, how many of us take full advantage of even the most basic features? Given the iconic nature of the image below, I’m willing to bet it isn’t many.

If you’ve seen any of the trailer videos for Google Wave, they make a pretty good case for how it could be used in the course of daily events. A near seamless blending of email/IM/texting etc., making the sharing of information that much easier. But given the ever present challenge of convincing people to change their online habits (IE is still the leading web browser, despite Firefox/Chrome/Safari being better products in my opinion), I’m a little apprehensive about how fast this will take place. This isn’t merely a new tool, it’s a new toolset that’s going to require people to change the way they think about how they communicate.

I guess, as with most things, we shall wait and see. If anyone else out there has access to Wave and wants to give it a spin, drop me a line at my Gmail account (Chris DOT Baboolal).