You wake up, and check your phone, and see a new condemnation. Some awful person has said something outrageously insulting. Something actually evil, if you think about it. Something that belittles, dehumanizes, and/or argues against the freedom and agency of a whole category of people.

You add your voice to the furious chorus in response. How can you not? These people may never understand how wrong they are, they’re too ignorant and wedded to their idiocy for that, but they need to know that they are opposed, and their opponents are legion.

We all know what you mean when you say ‘these people.’ The ones who voted for those awful faces on every news site and TV channel, the ones whose names alone cause you to clench with fury. The ones responsible for the awful, unforgivable things happening at the border. The ones responsible for the reports of violence in the streets.

If pushed you’d probably admit that only some of These People are genuinely evil. More than you could have imagined in your worst nightmares five years ago, but still, only some. Others may be prisoners of their upbringing, or their ignorance, or victims of their own hardships, lashing out wildly. But what they all seem to have in common is an incapacity for compassion.

It’s easy to distance yourself from Them. It’s hard not to. The overwhelming majority of the people with whom you actually interact are Us.

You know you should try to feel compassion for Them, as you should for everyone. Not sympathy. Sympathy is very different. But your religion, or your spirituality, or your morality, or simply your belief, teaches you compassion for all. But how can you hold compassion for people who seem incapable of compassion themselves? People who don’t condemn, who actually cheer, what’s happening at the border?

And so every online outrage leaches a little more compassion away, widens and deepens the abyss between Us and Them a little further. You know intellectually that many of these viral outrages stem from bots, programmed by trolls or worse, and each new one does not represent every member of … them.

But you can’t help but grow more certain with each new outrage, in your heart if not your head, that there is a Them. That there are no longer people with whom one can reasonably disagree. That there are now only Us, and Them.

You realize when you think about it that this makes it easier to give people who are notionally Us a pass when they too behave with a flagrant lack of compassion, or judge people’s whole lives by their worst moments, or prioritize the purity of the process they have decreed over any actual results accomplished.

You realize that the growing abyss between Us and Them makes both sides close ranks, makes it harder for people who are Them and yet who have uneasy, even horrified feelings about what’s happening at the border in their name, to at least speak against it. They should anyway. Of course they should. But people are weak. The easier something becomes, the more that people do it.

You understand, on some level, that the online divide is different from the awful things actually happening offline. That the latter matters, deeply, and the former … not so much. That the former distracts both sides from great systemic injustices which have learned to lie hidden in bland terminology, coolly steering clear of the outrage of Us versus Them.

But you slept poorly, you’re exhausted, and you already have so much to do, so many duties to attend to at your frustrating job, so many worries to keep at bay, once you get out of this bed. Maybe all that is because of those systemic injustices, but those are a rot, those are cancer, those are bone-deep, and the evils at the border are an open wound about which something must done immediately. They are responsible for those evils. They must be fought and stopped.

So you add your voice to the furious chorus. And you give more money to those fighting the real fight at the border, because you know that’s what’s actually important. And maybe before you roll out of bed you pause to wonder how much the great online divide represents reality, or how much it prefigures reality; whether They really have all lost their minds and their moral compasses.

And you can’t help but wonder: even if they haven’t, what can now be done?

You wake up, and check your phone, and see a new condemnation. Some awful person has said something outrageously insulting. Something actually evil, if you think about it. Something that belittles, dehumanizes, and/or argues against the freedom and agency of a whole category of people.

You add your voice to the furious chorus in response. How can you not? These people may never understand how wrong they are, they’re too ignorant and wedded to their idiocy for that, but they need to know that they are opposed, and their opponents are legion.

We all know what you mean when you say ‘these people.’ The ones who voted for those awful faces on every news site and TV channel, the ones whose names alone cause you to clench with fury. The ones responsible for the awful, unforgivable things happening at the border. The ones responsible for the reports of violence in the streets.

If pushed you’d probably admit that only some of These People are genuinely evil. More than you could have imagined in your worst nightmares five years ago, but still, only some. Others may be prisoners of their upbringing, or their ignorance, or victims of their own hardships, lashing out wildly. But what they all seem to have in common is an incapacity for compassion.

It’s easy to distance yourself from Them. It’s hard not to. The overwhelming majority of the people with whom you actually interact are Us.

You know you should try to feel compassion for Them, as you should for everyone. Not sympathy. Sympathy is very different. But your religion, or your spirituality, or your morality, or simply your belief, teaches you compassion for all. But how can you hold compassion for people who seem incapable of compassion themselves? People who don’t condemn, who actually cheer, what’s happening at the border?

And so every online outrage leaches a little more compassion away, widens and deepens the abyss between Us and Them a little further. You know intellectually that many of these viral outrages stem from bots, programmed by trolls or worse, and each new one does not represent every member of … them.

But you can’t help but grow more certain with each new outrage, in your heart if not your head, that there is a Them. That there are no longer people with whom one can reasonably disagree. That there are now only Us, and Them.

You realize when you think about it that this makes it easier to give people who are notionally Us a pass when they too behave with a flagrant lack of compassion, or judge people’s whole lives by their worst moments, or prioritize the purity of the process they have decreed over any actual results accomplished.

You realize that the growing abyss between Us and Them makes both sides close ranks, makes it harder for people who are Them and yet who have uneasy, even horrified feelings about what’s happening at the border in their name, to at least speak against it. They should anyway. Of course they should. But people are weak. The easier something becomes, the more that people do it.

You understand, on some level, that the online divide is different from the awful things actually happening offline. That the latter matters, deeply, and the former … not so much. That the former distracts both sides from great systemic injustices which have learned to lie hidden in bland terminology, coolly steering clear of the outrage of Us versus Them.

But you slept poorly, you’re exhausted, and you already have so much to do, so many duties to attend to at your frustrating job, so many worries to keep at bay, once you get out of this bed. Maybe all that is because of those systemic injustices, but those are a rot, those are cancer, those are bone-deep, and the evils at the border are an open wound about which something must done immediately. They are responsible for those evils. They must be fought and stopped.

So you add your voice to the furious chorus. And you give more money to those fighting the real fight at the border, because you know that’s what’s actually important. And maybe before you roll out of bed you pause to wonder how much the great online divide represents reality, or how much it prefigures reality; whether They really have all lost their minds and their moral compasses.

And you can’t help but wonder: even if they haven’t, what can now be done?

“How Will The Movies Survive The Next Ten Years?” demands the New York Times, in a series of interviews with 24 major Hollywood figures. Good question! I’ve been asking it myself, here, for six years now. Very unlike music, television, books, and home video, the theatrical movie experience has proved remarkably resistant to online disruption…

…so far.

I’ve argued before that Hollywood and Silicon Valley have many parallels: VCs are like studios, angel investors are like individual producers, founders are like directors, etcetera. However, they also have some striking differences. For most of the last 25 years, the cost to launch a groundbreaking, potentially world-shaking startup has decreased — though that may well be changing — whereas the total cost to make, market, and distribute a theatrical release has decidedly not.

Furthermore, movie theaters, built around repeat screening of 90-to-180-minute self-contained films, face new direct-to-streaming-services competition with far more range, from bingewatching 22-episode series to short clips on YouTube. Even in the arena of “movies” as we know them, this competition seems exponentially more intense every year — there’s no way “Bright” and “Bird Box” would have been direct-to-Netflix as little as five years ago — and will hit a whole new fervor with the launch of the Disney Plus launch date later this year.

We can analogize that, maybe, to some extent, to downloadable software vs. software-as-a-service. There can be only one winner, right? Right? And note that, despite the runaway successes of Avengers: Endgame and Captain Marvel, 2019’s US box office is still tracking a full 10% behind last year‘s. There may be a trend here.

It seems that Hollywood is finally aware of the change. Some striking quotes from that NYT piece: “This is the biggest shift in the content business in the history of Hollywood” — Jason Blum. “For a long time, people have been saying the business is changing, but that’s undeniable now” — JJ Abrams. “I don’t feel particularly optimistic about the traditional theatrical experience” — Jordan Horowitz, producer of La La Land. “There’s a lot more work, but it’s a lot harder to make money on anything.” — Elizabeth Banks.

…But with risk comes opportunity, especially for people who haven’t had much before.
“I’ve seen a lot of female filmmakers get opportunities at Netflix and Amazon that they haven’t gotten through the studio system. So I’m very, very happy about the new shape our industry is taking” — Jessica Chastain. ‘A really huge studio told us, “Hey, a woman of color should be the lead of this movie.” And we went, “Great!” I don’t think we would have heard that five years ago from a major studio’ — Kumail Nanjiani

Perhaps “Hollywood,” as the maker and purveyor of huge-budget, huge-footprint, in-theaters-everywhere entertainment, is indeed a dinosaur finally starting to diminish … but if streaming services are allowing more and more people to create scripted entertainment of every kind, on every budget, then their success is no bad thing. I don’t think movies are going to die. I think there will long be people like me, who so prefer the immersive experience of a theater to the in-passing one of streaming at home that we’re willing to pay for it.

But I can envision a future in which a Hollywood Movie is no longer the alpha king of cultural experiences — where, instead, shared worlds spread across many entertainment form-factors, including lower-cost ones, made by a diverse crowd of contributors, take prime position in our collective mindshare. In that future, theatrical releases become a relatively niche market compared to streaming.

In such future the theatrical business model will change, too, and rightly so. I’m still baffled why I couldn’t see the last season of Game of Thrones in any nearby theater, for instance. But there will be far more kinds of entertainment to choose from, undercutting the century-long dominance of “three acts in two hours,” from far more kinds of people. Even to a hardcore cinemaphile like me, the more I think about such a future, the more it seems better to me than the status quo.

Spotify seems to have learned little from the Facebook developer platform’s scandals despite getting a huge boost from the social network in its early days. Spotify has been caught allowing record labels to grab tons of unnecessary user data and permissions to even control their accounts just so people can “pre-save” upcoming song releases.

An investigation by Billboard’s Micah Singleton found major label Sony’s app for pre-saving demanded access to users’ email address, what you’ve listened to and saved to your library, playlists you’ve made or subscribed to, artists you follow, and what you’re playing right now. It also asks to be able to take actions on your behalf including change who you follow, add or remove songs from your library, create/edit/follow playlists, and even control Spotify on your devices.

An example of Universal Music Group’s pre-save app that asks for unnecessary user data and access permissions

This means that by agreeing to use a pre-save feature, a record label could index you music tastes and determine your current mood for marketing purposes, subscribe you to all of their artists and playlists, force you to create playlists that include their artists or add them to your existing playlists, and delete or unfollow any music or artists represented by their competitors.

Since users often speed through platform app permission screens assuming they’re just asking for what’s required, many likely gave up valuable data about themselves and the ability to manipulate their accounts without fully understanding what was happening. Other major labels like Warner and Universal’s pre-save apps like this one similarly ask for 10 types of permission — most extraneous.

In reality, the only permission a pre-save app should need is to be able to add the song you wanted to pre-save to your library. Anything else is theoretically prohibited by Spotify’s developer policy section 5.2: “You will only request the data you need to operate your Spotify Developer Application.” If you’ve used these apps, you can go into your Spotify account settings here to remove their access.

In a post-Cambridge Analytica world, platforms like Spotify should know better than to let developers run amok without proper oversight. That’s why I was so disappointed when Spotify refused to provide a statement, explanation, or even talk with me about the issue.

Offering a flexible developer platform has plenty of advantages for users. Apps for DJing with streaming music, discovering new bands, or synchronizing playback with friends could be built with rightful and transparent use of Spotify’s APIs. But for something as simple and common as volunteering to have a new song from your favorite band show up in your library on the day it’s released shouldn’t become a lure for an exploitative data grab.

That’s why Spotify should build its own in-house pre-save app that labels could all use to pre-promote their releases. Approved labels and their artists should be able to punch in their upcoming single’s Spotify URL and get a shareable link back that they can distribute through social media or wherever that only grants permission to pre-save that specific song, and that expires once that action is completed.

Spotify is widening its subscriber lead over Apple Music

Otherwise, Spotify risks losing all the goodwill its built up with listeners by being a music-first company compared to competitors like Apple and Google where music is a rounding error. Apple Music provides app developers with less data about users.

Just today Apple Music announced it has 60 million subscribers, lagging increasingly further behind Spotify which now has 100 million subscribers and 217 million total monthly users. Spotify already dominates cultural mind share for streaming, having used the playlists it controls to become a hit-maker and gain leverage over the labels for royalty negotiations. But turning a blind eye to shady developers just because they own the music it streams could make listeners question their loyalty and stray to Apple, which is notoriously serious about privacy.

If Spotify is unwilling to push back on data abuse by its record label partners, then it’s undeserving of users’ ears and subscription dollars.

There is so much to write about Libra, and so much which has already been written misses the mark, mostly, I think, because most pundits haven’t spent much time in the developing world, which is very clearly the target market here. Just look at its launch video:

I’ve seen apocalyptic reactions warning of Libra ushering in a new dystopia: the alleged logic appears to be 1) Libra will immediately conquer the world 2) Libra comes from Facebook 3) Facebook is evil 4) it’s the end of the world! I am most baffled by that first postulate. If you’re a rich Westerner, there are already dozens of payment systems out there, most of which offer huge advantages compared to Libra, such as reversible / contestable transactions, frequent-flier miles, and credit lines.

I’ve seen dozens of technical and regulatory and political and high-level analyses of Libra, many of which are worthwhile, but so far, little which has dwelt on its actual intended users, according to the white paper: the unbanked. That isn’t quite the category for whom Libra is something new, interestng, and important. But no one else seems to be talking about this. It’s strange to see this cornucopia of hotly argued reactions which go deep on pretty much everything but its actual users.

The white paper cites 1.7 billion people as “unbanked,” a number which is … questionable. Its source is the 2017 World Bank Global Findex database. “Aha,” you might think, “that sounds pretty definitive and recent,” and it does — but the same source also notes that 515 million people became “banked” between 2014 and 2017. By the time Libra actually launches, the “1.7 billion unbanked” might have dropped by fully half. Not because of banks: because of mobile money providers.

From its birth with M-Pesa in East Africa, mobile money has expanded massively worldwide. Orange Money in West Africa, Ovo in Indonesia, Paytm in India, and of course WeChat and Alipay in China: money on your phone is nothing at all new in most of the developing world.

This might make you think that Libra already has a legion of competitors who speak the local languages, understand the markets, and have pervasive distribution, just as in the rich world — but no. The whole point of Libra, after all, is that it’s not a local currency, but a global currency, which is both its competitive advantage and its Achilles heel. And its true market isn’t the unbanked per se; it’s people who might have a mobile money account, but no straightforward access to any global currency.

Why would that access matter? Because international remittances, transfers to the developing world from (usually) family members in the rich world, total half a trillion dollars a year, much of which is sent by slow, high-fee processors such as Western Union. The Libra whitepaper, accordingly, prominently cites “remittances” in its problem statement …

… but makes only a few handwavey mentions of exchanges. Why does that matter? Because remittances are indeed a huge marked () but as I’ve argued before, “yes, it’s great if you can send five thousand FaceCoin to your family in Ghana for an 0.1% fee. But then your family in Ghana has to somehow convert them to cedis at an exchange — a task which is, as of this writing, likely to be slower, much clumsier, far more user-hostile, and very possibly even more expensive than the usual medium(s) of remittances.”

“So what,” you might think, “doesn’t matter if the local businesses take Libra.” But a) it’s very hard to get every local business in a developing country to accept a new payment method b) eventually they too will have to pay exchange fees, in order to pay local taxes. (Before any dreamers suggest governments accept taxes in Libra and use it as a national currency, I assure you they won’t be eager to give up all control over their monetary supply.)

So for truly mass adoption, especially for business and institutional transactions, the exchange experience will be absolutely key. There’s a lot of competition in the remittance space, and they usually handle the actual currency exchange for you. It seems like Facebook is implicitly relying on the marketplace to provide highly competitive, liquid, effective, efficient, well-publicized Libra-to-local exchanges in every nation where it is used. Maybe. But that’s asking for a lot.

On the smaller scale, though — individuals and families — Libra makes a lot more sense. It won’t replace M-Pesa, but I don’t think it’s trying to. Instead Libra wants to be to M-Pesa what the US dollar is to the Kenyan shilling. Libra could become the global mobile reserve currency, maybe not for institutions, but for individuals. And on that level, exchanges are less important.

The US dollar is acceptable, and transferable, in small amounts almost everywhere around the world; there’s hardly a poor country where it doesn’t act as a de facto shadow currency. (I’ve been to places where taxi drivers are experts on the various different issuances of the US $20 become some are easier to forge than others.) Furthermore, it’s often hoarded purely because it’s hard currency, unlike the local currency — consider Venezuela, or Zimbabwe, even Argentina.

I expect the same will be true of Libra. Individuals won’t need to open an account at any exchange; instead they’ll follow the Local Bitcoins model, and just transfer Libra to a local moneychanger, who will receive their Libra and send back local currency in exchange for — hopefully — a very competitive fee.

If that happens, if Facebook’s sheer size and reach makes that option near-universally available, then even if Libra doesn’t catch on in the rich world, or with businesses and institutions, then for the first time ever, individuals and families around the world will be able to receive, save, spend, and exchange a global hard currency, immediately, across borders, using only their phones, for fees (hopefully) drastically less than e.g. Western Union — without having to deal with the volatility, limited utility, and user-hostility of decentralized cryptocurrencies. That would be a huge deal, and a great good thing.

It’s by no means guaranteed. Much about Libra remains uncertain. It will somehow have to crack the extremely tough nut of the identity problem. And while not technically part of Facebook, it still comes from Facebook, a company increasingly despised by politicians and regulators (and journalists), which is at least one strike against it from the beginning, and makes many people question the true motives behind Libra.

But let’s not throw the proverbial baby out with the bathwater. If Libra manages to succeed, at scale, it will be massively important and highly important to an enormous number of people around the world. Be skeptical, by all means. Be concerned about privacy. Ask pointed questions. Remain well aware that it is not a decentralized solution and may never be. I’m with you: I’m a well-documented harsh critic of Facebook myself.

But in your rush to outrage and condemnation — as righteous as those might feel — please don’t ignore Libra’s potential to do a whole lot of good for many millions of the world’s poorest and most vulnerable. Do you think a decentralized, permissionless, censorship-resistance version would be better? I agree! Call me when one is anywhere near as usable as Libra is likely to be.

Everyone’s worred about Mark Zuckerberg controlling the next currency, but I’m more concerned about a crypto Cambridge Analytica.

Today Facebook announced Libra, its forthcoming stablecoin designed to let you shop and send money overseas with almost zero transaction fees. Immediately, critics started harping about the dangers of centralizing control of tomorrow’s money in the hands of a company with a poor track record of privacy and security.

Facebook anticipated this, though, and created a subsidiary called Calibra to run its crypto dealings and keep all transaction data separate from your social data. Facebook shares control of Libra with 27 other Libra Association founding members and as many as 100 total when the token launches in the first half of 2020. Each member gets just one vote on the Libra council, so Facebook can’t hijack the token’s governance even though it invented it.

With privacy fears and centralized control issues at least somewhat addressed, there’s always the issue of security. Facebook naturally has a huge target on its back for hackers. Not just because Libra could hold so much value to steal, but because plenty of trolls would get off on screwing up Facebook’s currency. That’s why Facebook open sourced the Libra blockchain and is offering a prototype in a pre-launch testnet. This developer beta plus a bug bounty program run in partnership with HackerOne is meant to surface all the flaws and vulnerabilities before Libra goes live with real money connected.

Yet that leaves one giant vector for abuse of Libra: the developer platform.

“Essential to the spirit of Libra . . . the Libra Blockchain will be open to everyone: any consumer, developer, or business can use the Libra network, build products on top of it, and add value through their services. Open access ensures low barriers to entry and innovation and encourages healthy competition that benefits consumers” Facebook explained in its white paper and Libra launch documents. It’s even building a whole coding language called Move for making Libra apps.

Apparently Facebook has already forgotten how allowing anyone to build on the Facebook app platform and its low barriers to ‘innovation’ are exactly what opened the door for Cambridge Analytica to hijack 87 million people’s personal data and use it for political ad targeting.

But in this case, it won’t be users’ interests and birthdays that get grabbed. It could be hundreds or thousands of dollars-worth of Libra currency that’s stolen. A shady developer could build a wallet that just cleans out a user’s account or funnels their coins to the wrong recipient, mines their purchase history for marketing data, or uses them to launder money. Digital risks become a lot less abstract when real-world assets are at stake.

In the wake of the Cambridge Analytica scandal, Facebook raced to lock down its app platform, restrict APIs, more heavily vet new developers, and audit ones that look shady. So you’d imagine the Libra Association would be planning to thoroughly scrutinize any developer trying to build a Libra wallet, exchange, or other related app, right? “There are no plans for the Libra association to take a role in actively vetting [developers]” Calibra’s head of product Kevin Weil surprisingly told me.  “The minute that you start limiting it is the minute you start walking back to the system you have today with a closed ecosystem and a smaller number of competitors, and you start to see fees rise.”

That translates to ‘the minute we start responsibly verifying Libra app developers, things start to get expensive, complicated, or agitating to cryptocurrency purists. That might hurt growth and adoption.’ You know what will hurt growth of Libra a lot worse? A sob story about some migrant family or a small business getting all their Libra stolen. And that blame is going to land squarely on Facebook, not some amorphous Libra Association.

Image via Getty Images / alashi

Inevitably, some unsavvy users won’t understand the difference between Facebook’s own wallet app Calibra and any other app built for the currency. ‘Libra is Facebook’s cryptocurrency. They wouldn’t let me get robbed’ some will surely say. And on Calibra they’d be right. It’s a custodial wallet that will refund you if your Libra are stolen and it offers 24/7 customer support via chat to help you regain access to your account.

Yet the Libra Blockchain itself is irreversible. Outside of custodial wallets like Calibra, there’s no getting your stolen or mis-sent money back. There’s likely no customer support. And there are plenty of crooked crypto developers happy to prey on the inexperienced. $1.7 billion in cryptocurrency was stolen last year alone, according to CypherTrace via CNBC. “As with anything, there’s fraud and there are scams in the existing financial ecosystem today . . .  that’s going to be true of Libra too. There’s nothing special or magical that prevents that” says Weil, who concluded “I think those pros massively outweigh the cons.”

Until now, the blockchain world was mostly inhabited by technologosts, except for when skyrocketing values convinced average citizens to invest in Bitcoin just before prices crashed. Now Facebook wants to bring its family of apps’ 2.7 billion users into the world of cryptocurrency. That’s deeply worrisome.

Facebook founder and CEO Mark Zuckerberg arrives to testify during a Senate Commerce, Science and Transportation Committee and Senate Judiciary Committee joint hearing about Facebook on Capitol Hill in Washington, DC, April 10, 2018. (Photo: SAUL LOEB/AFP/Getty Images)

Regulators are already bristling, but perhaps for the wrong reasons. Democrat Senator Sherrod Brown tweeted that “We cannot allow Facebook to run a risky new cryptocurrency out of a Swiss bank account without oversight.” And French Finance Minister Bruno Le Maire told Europe 1 radio that Libra can’t be allowed to “become a sovereign currency”.

Most harshly, Rep. Maxine Waters issued a statement saying “Given the company’s troubled past, I am requesting that Facebook agree to a moratorium on any movement forward on developing a cryptocurrency until Congress and regulators have the opportunity to examine these issues and take action.”

Yet Facebook has just one vote in controlling the currency, and the Libra Association preempted these criticisms, writing “We welcome public inquiry and accountability. We are committed to a dialogue with regulators and policymakers. We share policymakers’ interest in the ongoing stability of national currencies.”

That’s why as lawmakers confer about how to regulate Libra, I hope they remember what triggered the last round of Facebook execs having to appear before congress and parliament. A totally open, unvetted Libra developer platform in the name of “innovation” over safety is a ticking time bomb. Governments should insist the Libra Association thoroughly audit developers and maintain the power to ban bad actors. In this strange new crypto world, the public can’t be expected to perfectly protect itself from Cambridge Analytica 2.$

Get up to speed on Facebook’s Libra with this handy guide:

I played Pokémon GO this weekend, because I was babysitting my nephew, and I couldn’t help but be reminded what a cultural force it was when it launched three years ago. Hundreds massed near San Francisco’s Ocean Beach every day to hunt. Huge crowds sprinted through Central Park to catch a Vaporeon. Disapproving finger-pointers penned whiny moral panics and sermons about how it encouraged crime and provoking danger.

One thing that was not controversial, though, was the belief that it was a harbinger, the thin edge of the AR wedge, only the first of many crossover games and universes. If you had told anyone then that, three who years later, Pokémon GO would remain the only real example of a widely publicly successful AR / VR app, you would have been laughed out of most rooms.

And yet, here we are. Pokémon GO is still a hit (and remains fun!) but was not the vanguard of an AR/VR onslaught. Magic Leap — which by 2016 had already raised $1.4 billion! — remains at best a disappointment. Which is almost too kind a word for Oculus. AR as an industry has, to oversimplify, largely pivoted to business / work / industrial uses, in the hopes an actual market appears there. What happened?

Note that this isn’t unique to augmented / mixed / virtual reality. 2016 was also that Meerkat, 2015’s hottest app, died, because livestreaming video, while it has its valid niche, was not the future of communications. It was also, at the same time, the year that chatbots were going to take over the world. You may have noticed that in fact they did not.

Looking back, is it really that surprising that Pokémon GO was a one-off, rather than the first ripple of a massive wave of change? Or that AR/VR have faltered and failed to meet expectations? Or that Meerkat and chatbots did not define how we would communicate in the future?

Of course it’s not. The history of innovation is a history of throwing new things at the wall and seeing if they stick — or, more accurately, throwing them into a crowd and seeing how the crowd reacts. Most bets on the big, household-name tech startups of the last two decades weren’t bets on their technologies but on how people would react to them. This especially applies applies to this year’s crop of IPOs — Uber, Lyft, Slack, Pinterest — but also to Twitter and Facebook, and even, to a lesser extent, Apple and Amazon. (Though interestingly not so much to Google, beyond the insight “people will use the Internet to search for stuff.”)

Of course sometimes the crowd ignores the offering flung into its midst. Or they choose one from an apparently similar array and turns its collective back on the rest. Are we really so surprised by this aspect of human nature?

We shouldn’t be. But to an extent we are — because, at least until 2016, the Valley’s techno-optimism had pervaded the rest of the world as well, journalists and politicians and the like. It was based on two pillars:

1. the genuine belief that technology was transforming erything around the world, including politics, culture, and finance, and these changes were almost invariably net positive
2. the surprisingly hard-headed financial analysis of venture capitalism, whose business model consists of being maximally optimistic about 100 different things while knowing that only 10 will actually succeed and 1 will succeed wildly, because in tech that one wild success more than pays for the 90 abject failures.

I don’t need to tell you that 1) is, at best way way more complicated that it seemed, and at worst horrifyingly wrong, while the worst aspects of politics / culture / finance as we knew them turned out to be ferociously intransigent and as able to infect the tech industry right back; meanwhile, the world has wised up to 2), now correctly recognizing VC optimism as a business model rather than a prophecy.

That doesn’t mean technology has lost its potential to be transformative in a positive way. But it means we’ve all grown more skeptical, more judicious, less reflexively optimistic. This is no bad thing. It means, for instance, if and when the next AR/VR hit finally arrives, we should all be better able to distinguish between silly moral panics and truly worrying consequences. At least let’s hope so. Because while the former are very real, so are the latter.

Every time I see a “the future of work is remote” article, I think to myself: “How backwards! How retro! How quaint!” That future is now, for many of us. I’ve been a fully remote developer-turned-CTO for a full decade. So I’m always baffled by people still wrestling with whether remote work is viable for their company. That jury rendered its verdict a long time ago.

One reason companies still struggle with it is that remote work amplifies the negative effects of bad practices. If everyone’s in one place, you can dither, handwave, vacillate, micromanage, and turn your workplace into an endless wasteland of unclear uncertainty, punctuated by ad-hoc last-second crisis meetings — and your employees will probably still conspire against your counterproduction to get something done, albeit much less than what they’re capable of.

If they’re remote, though, progress via conspiracy and adhocracy is no longer an option. If they’re remote, you need decisive confidence, clear direction, iterative targets, independent responsibilities, asynchronous communications, and cheerful chatter. Let me go over each of those:

Decisive confidence. Suppose Vivek in Delhi, Diego in Rio, and Miles in Berlin are all on a project. (An example I’m drawing from my real life.) It’s late your time. You have to make a decision about the direction of their work. If you sleep on it, you’re writing off multiple developer-days of productivity.

Sometimes they have enough responsibilities to have other things to work on. (More on that below.) Sometimes you don’t have to make the decision because they have enough responsibility to do so themselves. (More on that below.) But sometimes you have to make the business-level decision based on scant information. In cases like this, remember the military maxim: “Any decision is better than no decision.”

I’ve long thought that much of the world can be explained by feedback loops. Why are small companies nimbler than large ones? Why are private companies generally more efficient than governments? Primarily because in each case, the former has a better feedback loop. When faced with a baffling question — such as, “why do online companies do such a terrible job at dealing with abuse?” — it’s often helpful to look at the feedback loops.

Let’s look at the small vs. large and private vs. government comparisons first, as examples. Small companies have extremely tight feedback loops; a single person makes a decision, sees the results, and pivots accordingly, without the need for meetings or cross-division consensus. Larger companies have to deal with other departments, internal politics, red tape, the blessing of multiple vice-presidents, legal analysis, etc., before they can make meaningful changes.

Similarly, if a private company’s initiative isn’t going well, its revenue immediately begins to plummet, a very strong signal that it needs to change its course quickly. If a government initiative isn’t going well, the voters render their verdict … at the next election, mingled with their verdicts on all the other initiatives. In the absence of specific and meaningful external feedback, various proxies exist … but it’s difficult to definitively determine actual signal from noise.

And when a social-media platform, especially an algorithm-driven one, determines what content to amplify — which implicitly means deciding which content to de-amplify — and which content to ban … what is its feedback loop? Revenue is one, of course. Amplifying content which leads to more engagement leads to more revenue. So they do that. Simple, right?

Ahahahahahaha no, as you may have noticed. Anything but simple. Content which is amplified is often bad content. Abuse. False news. Horrifyingly creepy YouTube videos. Etcetera.

Suppose that (many of) the employees of these platforms genuinely wish to deal with and hopefully eliminate these problems. I know that seems like a big supposition, but let’s just imagine it. Then why have they consistently seemed so spectacularly bad at doing so? Is it purely because they are money-grubbing monsters making hay off bullying, vitriol, the corrosion of the social contract, etc.?

Or is it that, because it did not occur to them to try to measure the susceptibility and severity of the effects on their own systems by bad actors, they had to rely on others — journalists, politicians, the public — for a slow, imprecise form of feedback. Such as: “your recommendation algorithm is doing truly terrible things” or “you are amplifying content designed to fragment our culture and society” or “you are consistently letting assholes dogpile-abuse vulnerable people, while suspending the accounts of the wronged,” to name major criticisms most often leveled at Google, Facebook, and Twitter respectively.

But this is a subtle and sluggish feedback loop, one primarily driven by journalists and politicians, who in turn have their own agendas, flaws, and their own feedback loops to which they respond. There is no immediately measurable response like there is with, say, revenue. And so whatever they do in response is subject to that same slow and imprecise feedback.

So when Google finally responds by banning right-wing extremism, but also history teachers, which is clearly an insanely stupid thing to do, is this a transient, one-time, edge-case bug, or a sign that Google’s whole approach is fundamentally flawed and they need to rethink things? Either way, how can we tell? How can they tell?

(Before you object, no, it’s not done purely by algorithms or neural networks. Humans are in the loop — but clearly not enough of them. I mean, look at this channel which YouTube recently banned; it’s clear at first glance, and confirmed by subsequent study, that this is not right-wing extremism. This should not have been a tough call.)

I’ve long been suspicious of what I call “the scientific fallacy” — that if something cannot be measured, it does not exist. But at the same time, in order to construct meaningful feedback loops which allow your system to be guided in the desired direction, you need a meaningful measure for comparisons.

So I put it to you that a fundamental problem (although not the fundamental problem) with tackling the thorny problem of content curation in social media is that we have no way to concretely measure the scale of what we’re talking about when we say “abuse” or “fake news” or “corrupted recommendation algorithms.” Has it gotten better? Has it gotten worse? Your opinion is probably based on, er, your custom-curated social-media feed. That may not be the best source of truth.

Instead of measuring anything, we seem to be relying on Whack-a-Mole in response to viral outrage and/or media reports. That’s still much better than doing nothing at all. But I can’t help but wonder: do the tech platforms have any way of measuring what it is they’re trying to fight? Even if they did, would anyone else believe their measurements? Perhaps what we need is some form of trusted, or even crowdsourced, third-party measure of just how bad things are.

If you would look to make a meaningful difference to these problems — which are admittedly difficult, although, looking back at the banned history teacher’s YouTube channel, perhaps not so difficult as the companies claim — you could come up with a demonstrable, reliable way to measure them. Even an imprecise one would be better than the “outrage Whack-a-Mole” flailing quasi-responses which seem to be underway at the moment.

Sharing with everyone is passé and more than a little bit scary these days. We want to send photos to friends without posting them publicly. We want to reminisce without being permanently defined by our timelines. And we want the utility of apps without giving away our contact info to developers.

The problem is that this philosophy is hard to monetize for a social network that needs to maximize broadcasted content and engagement to score ad views. But it’s easy to monetize if you sell the phone and then let people be as private as they want on it. That’s why today at WWDC, Apple showed off changes that turn iOS into the asocial network — software that mimics the tools of Facebook but without the pressure to overshare.

Most stunningly, Apple will require apps that offer third-party login options like those from Facebook and Google to integrate its new Sign In With Apple feature that lets users hide their email addresses from developers. It’s a power move that makes Facebook look wreckless with your contact info by comparison.

Privacy has been a core Apple talking point for years, from the iPhone’s secure enclave and FaceID to message encryption to protection against tracking. But those safeguards have been focused on getting out of the way to let Apple’s products to ‘just work’. Increasingly, Apple is moving privacy further forward in the user experience to highlight how you can get more out of sharing less. That’s a wise strategy since the company has proven its inability to build full scale social networks out of Ping, Apple Music Connect, and iMessage.

“At Apple, we believe privacy is a fundamental human right and we engineer it into every single thing we do” said Apple SVP Craig Federighi .  Mark Zuckerberg declared “The future is private” at Facebook’s F8 conference a month ago, but proved it wasn’t his company’s past or present by failing to launch products that protect users. Now like Google did at I/O a few weeks ago with a slew of privacy tech launches, Apple is actually living up to its talking points with today’s beta release of iOS 13.

Photo Message Recommendations – When you bring up the Share Sheet for a photo or video in iOS 13, Apple will recommend people to send it to over iMessage or Mail based on who you frequently share with and if friends appear in the content. With a few taps you can privately deliver your imagery to a slew of your closest friends and favorite group chats, which could eliminate the need to post it more widely on Facebook or Instagram.

Asocial Media Tools – Instagram offers no way to download a photo or video you edit without first posting it to the feed first. That greedy growth hack leaves room for Apple to usurp more of the creative process. iOS 13 will let you edit videos for lighting, color, contrast, and more plus rotate clips you accidentally shot sideways — all which Instagram and Facebook can’t do. Forgoing the social network side lets Apple focus on tools that you’re free to use however you want.

And with the new Photo Day feature, Apple automatically hides and emphasizes different photos from each day to create magazine-style layouts. These ignite nostalgia and create a visual diary without the embarassment of all that content being on social media to power those TimeHop and Facebook On This Day features.

Memoji – To date, Apple’s interest in animated avatar masks that look like you has centered around FaceTime and video messages. But now it’s realizing how these virtual mini-me’s can enhance privacy while connecting more deeply. iOS 13 will let you opt to share your name and Memoji (or a real photo) as your message thread thumbnail in iMessage so new conversation partners like group chat friends-of-friends can better identify you without showing strangers your actual face. And Memoji can now be used as pre-generated stickers in chat, making it a direct competitor to Snapchat’s Bitmoji and Facebook’s Avatars that just launched today.

AirPods Audio Sharing – What if instead of trumpeting what you’re listening to on social media or fumbling to text a song link to a friend, they could just instantly pipe the sound into their headphones too so you’re rocking out in sync? That’s how the upcoming AirPods Audio Sharing works to let you exchange music privately over Bluetooth without exposing your guilty pleasure jams.

Sign In With Apple, Not Facebook

Apple’s most brazen attack saw it call out the social network by name on screen at WWDC. Flashing logos for “Sign In With Facebook” and “Sign In With Google” that are popular for joining new apps without setting up an account, Federighi noted that “This can be convenient, but it also can come at the cost of your privacy. Your personal information sometimes gets shared behind the scenes. These logins can be used to track you.”

As an alternative, Apple is launching “Sign In With Apple”. It uses FaceID in lieu of asking you to create a new username and password to register for a third-party app. Federighi told users they can opt to hide their email addresses from app developers and instead have Apple provide a randomized proxy address that forwards to their real one. That means users can permanently block spam messages from the app, prevent the developer from sharing or selling their contact info, and avoid being targeted with marketing via their email address as with Facebook Custom Audience ads. 

The announcement drew the loudest cheers of any at WWDC. And it seems Apple is determined to wring as much competitive advantage out of its Sign In feature as possible. You might imagine that adoption by developers would be outside of Apple’s control, and it’d have to prove it drove more lifetime value than login options that always provide a user’s real email.

But while Apple failed to mention this on stage, the fine print of its developer news brief notes that “Sign In with Apple will be available for beta testing this summer. It will be required as an option for users in apps that support third-party sign-in when it is commercially available later this year.”

That’s right. Apple is going to force developers to add its sign in tool. It’s also requiring use of its new location sharing permissions screen that offers one-time access for developers instead of just permanent snooping. But for now, Apple doesn’t specify exactly how. That means the tech giant will have to convince developers to offer Sign In With Apple as prominently as Facebook and Google’s options…even though privacy could be detrimental to their business.

Sure, developers want to maximize signups by minimizing onboarding friction, which is why Sign In With features that don’t make you remember more passwords have grown popular. Adding the Apple sign-in option should theoretically help. But developers also rely on sucking in email addresses to wake up lapsed users with message blasts, target them and people similar to them with reengagement or install ads, and exclude existing users to save money when buying ads to recruit new users.

If developers fear Sign In With Apple’s proxy email address feature will hurt them by cannibalizing registrations made with Facebook or Google that don’t offer users a way to hide their real contact info more than the convenience of a third sign-in option will help, they may try their best to bury or minimize the mandatory feature. Apple might have to incentivize growth for developers in other ways, such as heavily promoting them in the App Store if they prioritize its login option to offset the lifetime value per user decline from the loss of contact info. Unless compelled by some moral imperative, developers aren’t likely to risk their business any more than they have to in the name of privacy.

It’s here that Apple will learn that taking the high road can have its speed bumps. It might monetize selling hardware, but its developer partners often still rely on constantly grabbing our attention.

Privacy is often an abstract concept to the mainstream consumer, that doesn’t dictate their decisions, judging by Facebook’s continued user growth. That’s why promotional campaigns around the philosophy of privacy can seem to have little impact. But by building products and platforms that are objectively more useful yet more privacy-friendly than those of competitors, Apple can allow natural market forces to sweep users in the right direction — which just happens to lead into its shiny retail stores.

May was a momentous month, which marked a victory for sanity and pragmatism over irrational paranoia. I’m obviously not talking about politics. I’m talking about Microsoft finally — finally! but credit to them for doing this nonetheless! — removing the password expiration policies from their Windows 10 security baseline.

Many enterprise-scale organizations (including TechCrunch’s owner Verizon) require their users to change their passwords regularly. This is a spectacularly counterproductive policy. To quote Microsoft:

Recent scientific research calls into question the value of many long-standing password-security practices such as password expiration policies, and points instead to better alternatives … If a password is never stolen, there’s no need to expire it. And if you have evidence that a password has been stolen, you would presumably act immediately rather than wait for expiration to fix the problem.

…If an organization has successfully implemented banned-password lists, multi-factor authentication, detection of password-guessing attacks, and detection of anomalous logon attempts, do they need any periodic password expiration? And if they haven’t implemented modern mitigations, how much protection will they really gain from password expiration? …Periodic password expiration is an ancient and obsolete mitigation of very low value

If you have a password at such an organization, I recommend you send that blog post to its system administrators. They will ignore you at first, of course, because that’s what enterprise administrators do, and because information security (like transportation security) is too often an irrational one-way ratchet because our culture of fear incentivizes security theater rather than actual security — but they may grudgingly begin to accept that the world has moved on.

Instead: Use a password manager like LastPass or 1Password. (They have viable free tiers! You really have no excuse.) Use it to eliminate or at least minimize password re-use across sites. Use two-factor authentication wherever possible. Yes, even SMS two-factor authentication, despite number-porting and SS7 attacks, because it’s still better than one-factor authentication.

And please, if you work with code or data repositories, stop checking your passwords and API keys into your repos. I’m the CTO of a consultancy and you would be amazed how many times clients come to us with this unfortunate setup. Repository access is not fine-grained, repos are very easily copied and/or their copies misplaced, and once you’ve checked in credentials they can be annoyingly tricky to truly delete. Using even something as simple as environment variables instead is a huge step up, and also makes your life simpler in many ways when working across multiple environments.

Perfect security doesn’t exist. World-class security is hard. But decent security is generally quite accessible, if you faithfully follow some basic rules. In order to do so, it’s best to keep those rules to a minimum, and get rid of the ones that don’t make sense. Password expiration is one of those. Goodbye to it, and good riddance.

We used to think that as video games matured, as a medium, they would become more like Hollywood, becoming more focused on character development, plot reversals, and tight, suspense-driven narratives, rather than action set pieces alternating with cinematic cut scenes. Hoo boy, were we wrong. Instead the exact inverse has happened. Action movies have become more like video games. And you know what, this is no bad thing.

I thought of this while watching John Wick 3 last night. (Which I loved, as I did 1 and 2.) It’s not just that its ballet of bullets — especially the one with the dogs — are so like video games, in both structure and form, that they seem to have been practically been torn from a controller; you can practically see health bars and Stun markets hovering over the heads of the characters.

It’s also that the series’s primary costars, after Keanu — with apologies to Halle Berry and Ian McShane — is not any other individual character, but the world of John Wick, the Continental, and the High Table. Worldbuilding has long been a first-class citizen in video and tabletop role-playing games; now it has graduated to movies as well.

Speaking of role-playing games, ensemble-cast movies are more and more like them as well. Consider the Fast and Furious movies, or Game of Thrones. Each has a core group who are clearly the “player characters,” as well as disposable villains and extras who are “NPCs.” Each starts with the characters at a relatively low level of skill/power, and over the course of the series grow to worldshaking might.

In The Fast & The Furious Vin Diesel’s character is a really good driver and mechanic; by the time we get to The Fate of The Furious he’s a superspy capable of singlehandedly opposing entire intelligence agencies. In Game of Thrones we watch Arya become a high-level assassin before our eyes, and Jon Snow happens to become one of the deadliest swordsmen in all of Westeros, casually dispatching dozens of enemies, often several simultaneously, while rarely even breaking a sweat, because — well, there’s no real reason for it, other than that’s what happens to player characters, isn’t it? They level up and become the best.

That didn’t use to be the case. Jason Bourne and James Bond were superspies, but they didn’t really get better over the course of their series, or become so ridiculously puissant that they can casually take out a dozen heavily armed/armored expert fighters in thirty seconds, singlehandedly, as Shaw does in the trailer of the new Fast & Furious movie. Most of Jason Bourne’s action sequences are escapes; most of John Wick’s are hunts. And of course “one hunting a horde” has been the basic mode of first-person shooters since long before Doom.

Does the introduction of these new tropes / styles / narrative conceits make things worse? Well — not necessarily. The Bourne series is a lot grittier, in terms of emotional resonance and suspense, than the John Wick series, but the latter is far more stylish, semiotically rich, and immersive. I love them both about equally. It would be a shame if the only kind of action movie we ever saw from here on in was the stylized un/hyperreality of John Wick — but similarly it would be a shame if Hollywood had never made those movies on the grounds they were too brutally unrealistic.

Ultimately, video games have expanded Hollywood’s possibility space, and to my mind that’s always a good thing. Is it a universal rule that when technology introduces a new medium of storytelling, old media soon adopts the new medium’s styles and tropes? Did plays become more like novels after Don Quixote? Did radio become more like television after TV was introduced? And if/when we figure out the most compelling structure(s) for AR/VR storytelling, will video games become more like that? It seems fairly inevitable to me that the answer is yes.