The Laboratorium
November 2007

Self-Presentation Fiasco at Facebook


Laboratorium reader JL:

Well, what I found most distasteful was the masking of pure commercialism with the rhetoric of democracy and candor. What you’re buying is depicted as what you’re doing, with the underlying assertion being that you are what you buy, and if the purpose of Facebook is to share with everyone who you are (present yourself to be), then very naturally, what you have chosen to buy is a facet of who you are.

I think their moves undermine Facebook, because, as I understand it, with Facebook, it’s all about self-fashioning: YOU determine the image that you will present to others. But with [Beacon], Facebook decides for you how you constitute yourself, and they take away your ability to fashion yourself. Your audience will now know every movie you attend, every item to buy. You lose the ability to try on an identity: Maybe I went to the Dylan movie, but I didn’t like it; it’s not part of me. Maybe I bought a triple X DVD, but actually, I really don’t want the world to know about it—or I don’t want them to know I bought acne medicine or whatever. and so on.

That strikes me as exactly right; it explains not just this privacy trainwreck at Facebook, but the previous one as well.

Automated Content Access Problems


I’m reading the new Automated Content Access Protocol. It’s a proposed protocol by which content providers will tell Google how to do its job. I’m optimistic about the idea, but this spec is … strange.

The problem ACAP is trying to solve is that some people put stuff online that they don’t want search engines to pay attention to. There are a lot of good reasons to do this:

  • Telling search engines not to follow links in your blog comments is one way of keeping link-spamming scoundrels at bay.

  • Some search engine robots are bad houseguests; they put their muddy boots up on the couches and issue way too many requests at a time.

  • Like bread, some content gets stale, and you want visitors to the site to look at a fresher version.

  • The content is semi-private; not worth password protecting, but not really meant for everyone to trawl through, either.

  • Robots are often stupid, and could use unambiguous signs telling them to come in through the door, not the skylight.

There are also some more nakedly economic reasons, not all of which are bad:

  • You want people to know about your stuff so that they come to your site and look at your ads. People who look at cached copies on the search engine side don’t see the ads.

  • You provide recent content (like news) for free. After a while, the content goes behind a paywall. Once it does, search engines keep clear!

  • Search engines make truckloads of money, and as a hardworking content provider, you’d like a cut of the action.

Heretofore, the main protocols for telling search engines what to do and what not to do — robots.txt and the Robots META HTML tag — haven’t been particularly fine-grained. The search engine companies have been allowing providers to create quasi-proprietary “sitemaps,” but those tend to be optimized towards telling the search engine in great detail what it should look for, rather than telling it where not to look. The result is that content providers, in general, have faced a tradeoff between opting out of the search economy entirely (a sure ticket to oblivion in this day and age) or opting in on terms they’re dissatisfied with. Some, like Copiepresse have thrown conniption fits about it, but others have actually done something about the weather and come up with ACAP.

Robots.txt was a fascinating example of decentralized decision-making; no one requires sites to use it or search engines to respect it, but everyone does, pretty much as a matter of course. (Mine, for example, is as simple and generous as possible.) There are hints, here and there, that robots.txt might be so universal that it could ripen into something legally significant. Restrictions not expressed in it would be unenforceable; restrictions that are expressed in it would be mandatory. ACAP is an attempt to create that sort of universal regime all at once. Fiat ACAP, fiat lex.

ACAP, therefore, is two things. First, it’s a dialect for search engines and websites to communicate, so that everyone can Just Get Along (TM). Second, it’s an implicit threat. Play along on our terms or else.

Hence my interest.

I’m realizing that this thing wasn’t written by web people.

  • Take 2.5.3.1, which allows sites to express time limits for how long a document may be indexed. The time limits are expressed in days. Days. How hard would it have been to add hours and minutes? To use UTC times? To express what time zone a given date refers to? Not hard at all. But no one did, which says to me that the working group wasn’t pushed very hard by people who really design Internet software for a living.

  • Then, 2.5.3.2 defines a syntax that “will generally only be interpreted by prior arrangement.” This makes no sense. If a part of your protocol has semantics such that the people using the protocol need to strike a side bargain that sets out when to use it, it shouldn’t be in the core syntax. Either work out the issues (here, unspecified “security” concerns), or kick the syntax out to an extension. This kind of indecisive hedging violates Postel’s robustness principle to “Be liberal in what you accept; be conservative in what you send.”

  • In general, I don’t get the sense that ACAP was carefully drafted to think through the issues of which statements should be expressed as permissions and which as restrictions. There are notes in the spec using phrases you never want to see in a spec, such as “it is not clear,” debating whether X or Y feature should be a condition attached to an allow, a prohibit, or something else entirely. I like the transparency for a work in progress, but still, if these issues are that unresolved, this is a discussion draft, not an “implementation version.”

  • The lack of examples in the spec is annoying; the naming is worse. Take:

    The basic usage type present enables expression of a general permission or prohibition to present a particular resource in any way. “Present” is a bad word to use as a verb in this kind of a spec; it’s too easy to confuse with the adjective that means “missing.” “Display” might have been better (although they do not the problem of “display”ing nonvisual material; “return” is plausible; even “represent” might be clearer in this context.

  • Also … What we have here is a failure to generalize. An engine can be told that it can or cannot present the following versions of a resource:

    • original
    • currentcopy
    • oldcopy
    • snippet
    • extract
    • thumbnail
    • oldsnippet
    • extract (again)
    • thumbnail (again, with a different definition)
    • link
  • This is such a confused list, I don’t know where to begin. The list mixes up age, summarization, and media types. Which of snippet, extract, and thumbnail applies to video content? Baking old and current, into the different versions, rather than just making them additional modifiers, causes needless confusion. It’s actually reasonably easy to reformat this list along orthogonal axes; I hope that ACAP does just that before anyone wastes too much effort trying to implement this chaotic mishmash.

  • max-length is defined only for textual content. Max-size might have made sense for thumbnails, y’know?

  • In my world, if your spec repeatedly contains the words, “This … feature … is not yet fully ready for implementation,” you are not permitted to claim, “The ACAP Pilot Project has created the v1.0 of the Automated Content Access Protocol in time, on budget and with unprecedented collaboration and support from the industry.”

  • “Although in theory the usage type other [i.e. the default fall-through case] could be used in a permission field,t here is no known use case for doing so.” Garbage. If I used ACAP on my site, I’d use ACAP-allow-other to signal an approval of whatever innovative things that search engines might come up with to make my site easier to use and more accessible. But leave it to a publisher-funded group to believe that there’s no “use case” for embracing the unknown or for voluntarily sharing without restriction.

I admire the working group’s attempts to specify ACAP in a way that will minimize conflicts with crawlers that only understand robots.txt-speak. Personally, I would recommend that anyone writing an ACAP file use ACAP-permissions-reference in their robots.txt to send all crawlers that speak ACAP to an external file that consists of pure ACAP. That way, each kind of crawler reads only the file format it speaks natively, minimizing conflicts.

All in all, it’s an interesting start. I’m concerned that the publishers will soon argue that failure to respect every last detail expressed in an ACAP file will constitute automatic copyright infringement, breach of contract, trespass to computer systems, a violation of the Computer Fraud and Abuse Act (and related state statutes), trespass vi et armis, highway robbery, land-piracy, misappropriation, alienation of affection, and/or manslaughter. But still, that argument isn’t ACAP’s fault, and as a language for clearing the channels of publisher-search engine communication, it has substantial promise.

The Tide Rises


Due to a rash of comment spam, I’ve had to turn on CAPTCHAs. I hope this holds the bad guys at bay for a while. My apologies for the new tone of distrust on the comment form.

Mo’s Bacon Bar I give it 2 stars


Yes, its a chocolate bar with bacon bits embedded in it. Yes, the two tastes actually do meld (salt is the essential link). And yes, I like both bacon and chocolate. But no, it doesn’t really work. One square was enough.

Do You Think It Has Peanuts?


I have before me a can of peanuts, from the Peanut Shop. The first-listed ingredient is “super extra-large Virginia peanuts.” The can also states, “Warning: contains peanuts.” Moreover, they were prepared on shared equipment used to process peanuts.

They’re trying to send a message, but I’m not quite sure what they mean to say.

Apocalypse Now I give it 3 stars


Classic, lots of great moments and images, and we’re glad we saw it, but still, it’s a taut 100-minute film hiding inside of a very messy 150-minute film. Yes, yes, the druggy pretentious ponderousness is part of the mythos. But that stuff hasn’t aged well, not at all. Set a good editor loose on it, and maybe you could reconstruct a true masterpiece.

The Lord of the Rings (The Complete Recordings) I give it 5 stars


I make no secret of my enthusiasm for Peter Jackson’s Lord of the Rings trilogy. There’s a lot to love about them: a convincingly detailed imagined world, a respectful but surefooted screenplay adaptation, an outstanding ensemble cast, and quite a few genuinely bravura sequences. But more than anything else, what made the movies cohere was Howard Shore’s operatic score.

Once you include the extra footage on the DVD Extended Editions, Shore wrote ten hours of music for the trilogy. There may not be a single wasted note anywhere in it. The scores have dozens and dozens of themes and motifs, each with specific thematic associations, all joined together in a web of interrelated musical material. Shore employs any number of exotic instruments, soloists, and choirs to give each moment the precise timbre it needs. The scores are operatic in their grandeur, drama, and depth.

As the movies came out, each was accompanied by a one-CD soundtrack album. These limited versions were great as highlight reels, but the abridged format necessarily sacrificed a lot of the richness of Shore’s compositions. Over the last three years, though, Shore and film-score musicologist Doug Adams have produced a true set of complete soundtrack albums. Each comes on as many CDs as the job takes—four in Return of the King’s case! Now that the complete set is available, you can hear every note that made it into the films, and even a few that didn’t. With this proper treatment, the scores breathe naturally. These complete editions make it clear that Shore’s Lord of the Rings music is one of the great all-time achievements of film scoring.

Individual links:
The Fellowship of the Ring (The Complete Recordings)
The Two Towers (The Complete Recordings)
The Return of the King (The Complete Recordings)

Hollow Unicorns


Richard Dawkins says:

[N]ot every English sentence beginning with the word “why” is a legitimate question. Why are unicorns hollow? Some questions simply do not deserve an answer.

Greg Knauss replies:

Why is a unicorn hollow? Since there is no such thing as a unicorn, it obviously cannot be filled with unicorn guts, because without unicorns there can be no unicorn guts. Therefore, it must be hollow.

Barristers Aplenty


Congratulations to the New York Law School class of 2007 on their performance on the bar exam. They achieved a 90% pass rate, a superior performance even by the high standards of the New York state bar and of the many other fine law schools in the state. There are many outstanding young men and women who’ll now be joining the legal profession. This is the culmination of a lot of hard work on their part, and this visible sign of success is a tribute to their knowledge, judgment, and determination. Huzzah for them!

I Defy Critics, Age Naturally


CNN.com is currently running a story, presumably unironic, entitled “Vietnam memorial defies critics, turns 25.” I like the Vietnam Memorial and admire its powerfully moving design, but still. Even allowing that inanimate objects can “defy” anything, aging is a peculiarly quiet way of showing defiance.

The Future of Reputation I give it 3 stars


I’m sorry, Dan, but I couldn’t help but come to this book with unrealistically high expectations. After all, the author of A Taxonomy of Privacy, The Digital Person, and A Model Regime of Privacy Protection brings to the table a pretty good, well, reputation. Unfortunately, this latest book offers not so much a definitive knock-down solution to the problems of privacy and reputation online (you see what kind of a standard I’m holding you to, now), as, well, some basically good ideas that are already out there.

Of course, many of those ideas are out there thanks to Dan Solove himself, but this is a tough town, and what have you done for me lately? The basic problem here is that this book is a summa of a lot of Solove’s thinking about online privacy, particularly as articulated in his blogging. For those of us who’ve been playing along at home, well, this book isn’t for us. It’s for all the rest of those folks out there, who haven’t thought much, if at all, about the dangers of the rapid spread of rumor and innuendo in the online age. Curse you all, for making it necessary for a perfectly good academic to write a general-audience book. But if you listen to what he has to say, you’ll learn much, and we’ll all be better off.

Most of the recommendations in The Future of Reputation are good solid sense and I won’t dwell on them: * Victims of defamation or privacy intrusions online should be required to take reasonable steps to get the original poster to take the material offline before they can sue. But that requirement would be waived if doing so would be futile because the cat is irreparably out of the bag. * Section 230, as interpreted by some courts, goes too far when it immunizes actors who choose to allow false and hurtful material to remain online, even though they could easily remove it and know that it’s both harmful and unjustified. * Lior Strahilevitz’s social networks theory of privacy gives us a useful, workable middle ground between treating all information as only either public or secret. * Suits for privacy and defamation torts should more often allow plaintiffs to keep their names out of the public record. * Social networking sites could often do a better job at asking, or indeed, requiring users to make sure that what happens in Vegas, stays in Vegas.

The one place where he loses me is in some of his discussion of the New York Subway Flasher. This fellow exposed himself to a woman on the subway, who took a photo and posted it to Flickr. (The photo looked disturbingly like a former meta-meta-boss of mine, but that turned out to be an unfortunate coincidence.) Lots of linkage ensued, and also a Daily News cover.

Solove treats the story as an example of shaming vigilantism, akin to Dog Poop Girl. In part, it was. But let’s not overlook the fact that part of the point of the publicity was to try to catch the perv-perp. It worked, too. Other women recognized the picture and came forward. He turned out to have a previous indecent exposure conviction, and he was arrested and convicted for this one. While Solove is right to be concerned about people taking the law into their own hands, the law itself here worked because of the massive widespread online distribution of this mug’s picture.

The more interesting part of the book, for me, was the first half, wherein the author discusses principles and problems, rather than solutions. What struck me most is that the privacy chapter is a failure, while the shaming chapter is a success.

I want to have a strong theory of privacy. I really do. And yet, I’m getting increasingly uncomfortable with a lot of the standard justifications of strong personal privacy. When you think about it, and I mean really think about it, what exactly is the privacy interest in preventing people from taking pictures of me on the toilet? Solove runs through many of the standard theories—bad judgments based on incomplete knowledge, contextual identities, identity change over time, irrational reasoning by others, preservation of diverse behaviors, second chances, autonomy, the oppressive feeling of being watched, and others.

But they all feel incomplete, or misdirected. If people make misjudgments about me based on incomplete information, isn’t the solution to supply them with the full context, not to take away what little information they do have about me? If we’re talking about others’ irrational reasoning about me, isn’t the problem the irrationality, not the information used as an input to it? If we’re concerned about identity change over time, isn’t it sufficient for me to say that my identity is changing, so please update your priors? And so on and so forth. It’s not that the concerns feel wrong. It’s just that the privacy violation always seems to be secondary to some deeper way in which society is messed-up. Privacy protection is the law of the second-best.

I’m starting to think that it turns out be very hard to make an argument for strong privacy within many of the frameworks we lawprofs are accustomed to use. Individual autonomy is an attractive liberal-democratic value. But it’s other people who hem in my autonomy unfairly; private information is just an enabler. It’s tempting to say that private information is somehow part of your personality, and is therefore yours. But saying so is also, so far as I can tell, philosophically incoherent and utterly useless in explaining is what the boundaries of the private ought to be. And as for economic efficiency, it’s all unanswerable empirical questions. Maybe society does have a strong interest in knowing what dark deeds I’ve been up to. If you think of all the joy that the Star Wars Kid has brought to millions of Internetizens, you can make a reasonable economic case that the poor kid should have been compelled, at gunpoint if need be, to make the video and release it to the world.

The answer to this puzzle may lie in the very next chapter. When the book turns to vigilante shaming campaigns, suddenly the ethical arguments feel firmly grounded again. The book opens with the image (yes, literally, on page 3) of Dog Poop Girl for a reason. The point is that while some shame over letting your dog poop on the subway and refusing to clean it up is appropriate, an Internet-wide campaign of shame is out of all proportion to the offense. These attacks—and Solove documents a nice range of cases, from mild in-person rebukes to the terrifying Nuremberg Files—have none of the due process controls that keep legal responses (at least in theory) tethered to the severity of the wrong.

More than that, there’s something frightfully ugly about them. People get irrationally, scarily angry when they join in making fun of (or screaming at) someone’s original misbehavior online. The various posts and comments Solove quotes show a profoundly uncharitable, indeed often actively malicious, streak. More than once, I started reading one of his stories with a feeling of righteous anger, only to feel abashed, and them a little ashamed myself, as I saw what extremes of emotion other people who’d given into that same righteous rage went to. These are mobs, he notes (one quoted commeter says “lynch mobs”), and they do not show humanity at its finest.

This, then, may be a more convincing theory of privacy. It’s harder to say why I have an interest in preventing you from taking pictures of me on the toilet than it is to say that your interest in seeing those pictures is illegitimate. You’ll use it to express disgust and sadism, to laugh at me and to take pleasure in my degradation. That’s bad. It oughtn’t be encouraged. As between my desire to keep a matter secret and your desire to use that matter to harm me for their own amusement, we can break the tie on the grounds that my desire is civilized but yours isn’t. (My concern with the standard theories of privacy is precisely a sense that they might not offer a principled way of breaking this tie in general.)

It’s possible to make this move—from looking at the victim to looking at the victimizer—across other standard explanations of privacy. The theory of privacy as personhood as it is sometimes stated may be silly, but there’s something more to the idea that living in a society often means that others have the power to effectively define who you are. Unless we give you some wiggle room, they’ll unfairly tell you who you are by treating you in certain ways.

Or, take the idea that people make irrational conclusions based on incomplete information. It can often be hard (especially in a society committed to free speech) to stop them from jumping to conclusions, so privacy regulations are a second-best way of keeping them from getting a jumping-off point. The confusion only enters when we think that the harm is the leak of information itself, rather than the ill-motived things people do with the information. I say ill-motived because in many cases there’s a kind of disregard involved: a lack of sufficient concern for another to bother thinking carefully about the whole person behind one embarrassing detail.

My point, perhaps, is just that it seems a more satisfying explanation for the kind of thinking we normally engage in where privacy is concerned than the usual philosophico-legal suspects who get trotted out any time the word “privacy” comes up. By thinking carefully about online privacy and online mobs, Solove helped me articulate this idea of privacy as a way to prevent the formation of mobs. It may be unoriginal, or bunkum, but it’s interesting. And that’s good enough for me.

Only three stars, though. I said I had unrealistically high expectations.

Is Gold Farming Mandatory? A Question in Applied Virtual World Ethics


The following propositions are at least plausibly true:

  • Most virtual world participants seek either entertainment (“players”) or employment (“professionals”).
  • Gold farming is generally carried out by professionals.
  • Professional gold farmers are generally from developing countries.
  • Professional gold farmers are generally in their jobs voluntarily.
  • Professional gold farmers are generally, by the standards of their countries, in “good” jobs, with reasonable pay, decent working conditions, and job tasks that might under some circumstances be considered fun.
  • Players are generally in the developed countries.
  • Developed-country players are generally economically better off than developing-country professional gold farmers.
  • Professional gold farmers are made significantly better off when players buy gold from them, primarily because the gold trade generates their “good” jobs.
  • A player who buys farmed gold with money available for entertainment is not made significantly worse off by the transaction.
  • A large-scale gold trade generally makes a virtual world less fun for players, but it does not make the world so unfun that most of them would choose to quit.

At least on some ethical theories, is it not therefore mandatory to purchase farmed gold? If you use money you’d spend on your personal entertainment to do it, you make the gold-farming sellers better off, cause no significant harm to yourself, and hurt only the entertainment of the other players. Suppressing the trade in farmed gold means impoverishing people in developing countries—for the sake of players’ fun. It’s possible to justify that, but it takes some contortions.

Some people will object that the inhabitants of a virtual society should have the right to choose the rules they will live by. That objection begs the question of who the inhabitants are, and why the interests of the gold-farming poor can be ignored. If the claim is that by entering into the virtual world, all participants have agreed to a rule against gold farming, the reply is that the choice to enter or not to enter is not as meaningfully free for the professional as it is for the player.

This question is one instance of the larger question of global inequality and justice. Indeed, recognizing the larger question provides a stronger counter-claim: there might be better ways to alleviate inequality than by buying farmed gold. (On the other hand, gold farmers are to most accounts highly industrious and developing sophisticated computer skills, so this might be a comparatively effective form of wealth transfer. Back to the first hand, the developed-country middlemen or developing-country elite capital owners might be taking most of the surplus. And so on and so on.) What gives the social question of farmed gold its piquancy is the collision of player and professional, so that the one might seem to have a special ethical duty to the other, a duty that both transcends the general moral claim of redistribution and is also profoundly shaped by it.

Of course, this is only the weak version of the argument. The strong version maintains that one has a duty not merely to buy farmed gold in the worlds one participates in, but in fact to join virtual worlds for the sole purpose of buying farmed gold. Morally mandatory leisure, if you will.

Our (God)father of Music


As inspired by Frank:

Our Cartel, which art in lala-land,
Platinum be thy records.
Thy lawsuits come,
Thy process be served,
On users as as upon innovators.
Give us this day our daily alterna-pop,
And forgive us our infringements,
As we forgive those who infringe upon us.
And lead us not into bankruptcy,
But deliver us from decoy tracks.
For thine is the music,
The power and the politicians.
Forever and ever.
Amen.

Switchover Complete?


I think I’ve successfully completed a behind-the-scenes server move. Let me know if anything seems gaflooey around here.