6f4922f45568161a8cdf4ad2299f6d23
Friday, April 10, 2015
Wednesday, April 8, 2015
Theory of User Behavior
I've long believed that the design of your software has a profound impact on
how users behave within your software. But there are two sides to this
story:
For proof, consider Dan Ariely's new and amazing book, The (Honest) Truth About Dishonesty: How We Lie to Everyone – Especially Ourselves.
Indeed, let's be honest: we all lie, all the time. Not because we're bad people, mind you, but because we have to regularly lie to ourselves as a survival mechanism. You think we should be completely honest all the time? Yeah. Good luck with that.
But these healthy little white lies we learn to tell ourselves have a darker side. Have you ever heard this old adage?
This is because they don't even consider it cheating – they're just taking a little extra, giving themselves a tiny break, enjoying a minor boost, because well, haven't they been working extra specially hard lately and earned it? Don't they of all people deserve something nice once in a while, and who would even miss this tiny amount? There's so much!
These little white lies are the path of least resistance. They are everywhere. If laws don't work, if ethics classes don't work, if severe penalties don't work, how do you encourage people to behave in a way that "feels" honest that is actually, you know, honest? Feelings are some pretty squishy stuff.
It's easier than you think.
The bad news is Clippy was right.
In my experience, nobody reads manuals, nobody reads FAQs, and nobody reads tutorials. I am exaggerating a little here for effect, of course. Some A+ students will go out of their way to read these things. That's how they became A+ students, by naturally going the extra mile, and generally being the kind of users who teach themselves perfectly well without needing special resources to get there. When I say "nobody" I mean the vast overwhelming massive majority of people you would really, really want to read things like that. People who don't have the time or inclination to expend any effort at all other than the absolute minimum required, people who are most definitely not going to go the extra mile.
In other words, the whole world.
So how do you help people who, like us, just never seem to have the time to figure this stuff out becase they're, like, suuuuper busy and stuff?
You do it by showing them …
The closer you can get your software to practical, useful "Just In Time" reminders, the better you can help the users who are most in need. Not the A+ students who already read the FAQ, and studied the help center intently, but those users who never read anything. And now, thanks to Dan Ariely, I have the science to back this up. Even something as simple as putting your name on the top of a form to report auto insurance milage, rather than the bottom, resulted in a mysterious 10% increase in average miles reported. Having that little reminder right at the start that hey, your name is here on this form, inspired additional honesty. It works.
Did we use this technique on Stack Overflow and Stack Exchange? Indeed we did. Do I use this technique on Discourse? You bet, in even more places, because this is social discussion, not technical Q&A. We are rather big on civility, so we like to remind people when they post on Discourse they aren't talking to a computer or a robot, but a real person, a lot like you.
When's the natural time to remind someone of this? Not when they sign up, not when they're reading, but at the very moment they begin typing their first words in their first post. This is the moment of temptation when you might be super mega convinced that someone is Wrong on the Internet. So we put up a gentle little reminder Just In Time, right above where they are typing:
Then hopefully, as Dan Ariely showed us with honesty, this little reminder will tap into people's natural reserves of friendliness and civility, so cooler heads will prevail – and a few people are inspired to get along a little better than they did yesterday. Just because you're on the Internet doesn't mean you need to be yelling at folks 24/7.
We use this same technique a bunch of other places: if you are posting a lot but haven't set an avatar, if you are adding a new post to a particularly old conversation, if you are replying a bunch of times in the same topic, and so forth. Wherever we feel a gentle nudge might help, at the exact time the behavior is occurring.
It's important to understand that we use these reminders in Discourse not because we believe people are dumb; quite the contrary, we use them because we believe people are smart, civil, and interesting. Turns out everyone just needs to be reminded of that once in a while for it to continue to be true.
-
Encouraging the "right" things by making those things intentionally easy to
do.
- Discouraging the "wrong" things by making those things intentionally difficult, complex, and awkward to do.
For proof, consider Dan Ariely's new and amazing book, The (Honest) Truth About Dishonesty: How We Lie to Everyone – Especially Ourselves.
Indeed, let's be honest: we all lie, all the time. Not because we're bad people, mind you, but because we have to regularly lie to ourselves as a survival mechanism. You think we should be completely honest all the time? Yeah. Good luck with that.
But these healthy little white lies we learn to tell ourselves have a darker side. Have you ever heard this old adage?
One day, Peter locked himself out of his house. After a spell, the locksmith pulled up in his truck and picked the lock in about a minute.I had heard this expressed less optimistically before as
“I was amazed at how quickly and easily this guy was able to open the door,” Peter said. The locksmith told him that locks are on doors only to keep honest people honest. One percent of people will always be honest and never steal. Another 1% will always be dishonest and always try to pick your lock and steal your television; locks won’t do much to protect you from the hardened thieves, who can get into your house if they really want to.
The purpose of locks, the locksmith said, is to protect you from the 98% of mostly honest people who might be tempted to try your door if it had no lock.
10% of people will never steal, 10% of people will always steal, and for everyone else … it depends.The "it depends" part is crucial to understanding human nature, and that's what Ariely spends most of the book examining in various tests. If for most people, honesty depends, what exactly does it depend on? The experiments Ariely conducts prove again and again that most people will consistently and reliably cheat "just a little", to the extent that they can still consider themselves honest people. The gating factor isn't laws, penalties, or ethics. Surprisingly, that stuff has virtually no effect on behavior. What does, though, is whether they can personally still feel like they are honest people.
This is because they don't even consider it cheating – they're just taking a little extra, giving themselves a tiny break, enjoying a minor boost, because well, haven't they been working extra specially hard lately and earned it? Don't they of all people deserve something nice once in a while, and who would even miss this tiny amount? There's so much!
These little white lies are the path of least resistance. They are everywhere. If laws don't work, if ethics classes don't work, if severe penalties don't work, how do you encourage people to behave in a way that "feels" honest that is actually, you know, honest? Feelings are some pretty squishy stuff.
It's easier than you think.
My colleagues and I ran an experiment at the University of California, Los Angeles. We took a group of 450 participants, split them into two groups and set them loose on our usual matrix task. We asked half of them to recall the Ten Commandments and the other half to recall 10 books that they had read in high school.That's the good news: a simple reminder at the time of the temptation is usually all it takes for people to suddenly "remember" their honesty.
Among the group who recalled the 10 books, we saw the typical widespread but moderate cheating. But in the group that was asked to recall the Ten Commandments, we observed no cheating whatsoever. We reran the experiment, reminding students of their schools' honor codes instead of the Ten Commandments, and we got the same result. We even reran the experiment on a group of self-declared atheists, asking them to swear on a Bible, and got the same no-cheating results yet again.
The bad news is Clippy was right.
In my experience, nobody reads manuals, nobody reads FAQs, and nobody reads tutorials. I am exaggerating a little here for effect, of course. Some A+ students will go out of their way to read these things. That's how they became A+ students, by naturally going the extra mile, and generally being the kind of users who teach themselves perfectly well without needing special resources to get there. When I say "nobody" I mean the vast overwhelming massive majority of people you would really, really want to read things like that. People who don't have the time or inclination to expend any effort at all other than the absolute minimum required, people who are most definitely not going to go the extra mile.
In other words, the whole world.
So how do you help people who, like us, just never seem to have the time to figure this stuff out becase they're, like, suuuuper busy and stuff?
You do it by showing them …
- the minumum helpful reminder
- at exactly the right time
The closer you can get your software to practical, useful "Just In Time" reminders, the better you can help the users who are most in need. Not the A+ students who already read the FAQ, and studied the help center intently, but those users who never read anything. And now, thanks to Dan Ariely, I have the science to back this up. Even something as simple as putting your name on the top of a form to report auto insurance milage, rather than the bottom, resulted in a mysterious 10% increase in average miles reported. Having that little reminder right at the start that hey, your name is here on this form, inspired additional honesty. It works.
Did we use this technique on Stack Overflow and Stack Exchange? Indeed we did. Do I use this technique on Discourse? You bet, in even more places, because this is social discussion, not technical Q&A. We are rather big on civility, so we like to remind people when they post on Discourse they aren't talking to a computer or a robot, but a real person, a lot like you.
When's the natural time to remind someone of this? Not when they sign up, not when they're reading, but at the very moment they begin typing their first words in their first post. This is the moment of temptation when you might be super mega convinced that someone is Wrong on the Internet. So we put up a gentle little reminder Just In Time, right above where they are typing:
Then hopefully, as Dan Ariely showed us with honesty, this little reminder will tap into people's natural reserves of friendliness and civility, so cooler heads will prevail – and a few people are inspired to get along a little better than they did yesterday. Just because you're on the Internet doesn't mean you need to be yelling at folks 24/7.
We use this same technique a bunch of other places: if you are posting a lot but haven't set an avatar, if you are adding a new post to a particularly old conversation, if you are replying a bunch of times in the same topic, and so forth. Wherever we feel a gentle nudge might help, at the exact time the behavior is occurring.
It's important to understand that we use these reminders in Discourse not because we believe people are dumb; quite the contrary, we use them because we believe people are smart, civil, and interesting. Turns out everyone just needs to be reminded of that once in a while for it to continue to be true.
[advertisement] Stack Overflow Careers matches the best developers (you!) with the best employers. You can search our job listings or create a profile and even let employers find you. |
Space Between Words
Computer performance is a bit
of a shell game. You're always waiting for one of four things:
Did you see the movie "Her"? If not, you should. It's great. One of my favorite scenes is the AI describing just how difficult it becomes to communicate with humans:
The book Systems Performance: Enterprise and the Cloud has a great table that illustrates just how enormous these time differentials are. Just translate computer time into arbitrary seconds:
The above Internet times are kind of optimistic. If you look at the AT&T
real time US internet latency chart, the time from SF to NYC is more like
70ms. So I'd double the Internet numbers in that chart.
Latency is one thing, but it's also worth considering the cost of that bandwidth.
Speaking of the late, great Jim Gray, he also had an interesting way of explaining this. If the CPU registers are how long it takes you to fetch data from your brain, then going to disk is the equivalent of fetching data from Pluto.
He was probably referring to traditional spinning rust hard drives, so let's adjust that extreme endpoint for today:
That's disk performance over the last decade. How much faster did CPUs, memory, and networks get in the same time frame? Would a 10x or 100x improvement really make a dent in these vast infinite spaces in time that computers deal with?
To computers, we humans work on a completely different time scale, practically geologic time. Which is completely mind-bending. The faster computers get, the bigger this time disparity grows.
- Disk
- CPU
- Memory
- Network
Did you see the movie "Her"? If not, you should. It's great. One of my favorite scenes is the AI describing just how difficult it becomes to communicate with humans:
It's like I'm reading a book… and it's a book I deeply love. But I'm reading it slowly now. So the words are really far apart and the spaces between the words are almost infinite. I can still feel you… and the words of our story… but it's in this endless space between the words that I'm finding myself now. It's a place that's not of the physical world. It's where everything else is that I didn't even know existed. I love you so much. But this is where I am now. And this who I am now. And I need you to let me go. As much as I want to, I can't live your book any more.I have some serious reservations about the work environment pictured in Her where everyone's spending all day creepily whispering to their computers, but there is deep fundamental truth in that one pivotal scene. That infinite space "between" what we humans feel as time is where computers spend all their time. It's an entirely different timescale.
The book Systems Performance: Enterprise and the Cloud has a great table that illustrates just how enormous these time differentials are. Just translate computer time into arbitrary seconds:
1 CPU cycle | 0.3 ns | 1 s |
Level 1 cache access | 0.9 ns | 3 s |
Level 2 cache access | 2.8 ns | 9 s |
Level 3 cache access | 12.9 ns | 43 s |
Main memory access | 120 ns | 6 min |
Solid-state disk I/O | 50-150 μs | 2-6 days |
Rotational disk I/O | 1-10 ms | 1-12 months |
Internet: SF to NYC | 40 ms | 4 years |
Internet: SF to UK | 81 ms | 8 years |
Internet: SF to Australia | 183 ms | 19 years |
OS virtualization reboot | 4 s | 423 years |
SCSI command time-out | 30 s | 3000 years |
Hardware virtualization reboot | 40 s | 4000 years |
Physical system reboot | 5 m | 32 millenia |
Latency is one thing, but it's also worth considering the cost of that bandwidth.
Speaking of the late, great Jim Gray, he also had an interesting way of explaining this. If the CPU registers are how long it takes you to fetch data from your brain, then going to disk is the equivalent of fetching data from Pluto.
He was probably referring to traditional spinning rust hard drives, so let's adjust that extreme endpoint for today:
- Distance to Pluto: 4.67 billion miles.
- Latest fastest spinning HDD performance (49.7) versus latest fastest PCI Express SSD (506.8). That's an improvement of 10x.
- New distance: 467 million miles.
- Distance to Jupiter: 500 million miles.
That's disk performance over the last decade. How much faster did CPUs, memory, and networks get in the same time frame? Would a 10x or 100x improvement really make a dent in these vast infinite spaces in time that computers deal with?
To computers, we humans work on a completely different time scale, practically geologic time. Which is completely mind-bending. The faster computers get, the bigger this time disparity grows.
[advertisement] Stack Overflow Careers matches the best developers (you!) with the best employers. You can search our job listings or create a profile and even let employers find you. |
Tuesday, April 7, 2015
All developers want to see their mobile apps take off. But it’s what happens
after all the hard work, testing and final prep—and when—that can make
or break their chances of success. Especially when it comes to launching and
promoting those apps.
But not all apps and target audiences are the same, and results can vary from one type of app to another.
Knowing when people are most likely to buy or download apps, and reaching
them in those critical moments could be the critical difference between a
lackluster showing and a runaway hit.
Sensor Tower, which supplies analytics and marketing insights, tasked its Data Science team with analyzing download figures and app revenue estimates for iOS apps in the U.S. across the first three months of this year.
In most cases, the findings lined up with common sense: Weekends were generally the best day to promote apps, particularly when it came to lifestyle-oriented apps.
Medical apps, however, offer sporadic results. They peaked in downloads on
Sundays, but for revenue, they inexplicably hopped between Sunday to Wednesday
and Thursday.
To drill down into the data further or explore other app categories, check out Sensor Tower’s report.
The information should help hone marketing efforts, particularly when it
comes to plugging previously released applications. Timing and promoting an app
launch or new update, might be trickier.
iPhone app makers often don’t always know precisely when Apple will approve their apps and funnel them into the App Store. While the company offers a tool that shows what percentage of apps have been approved over the preceding 5 days on its developer site, the company also states that, “because every app submitted is different, there’s no set review time.”
According to Shiny Development, which collects information based on community feedback, App Store reviews take 8 days on average for mobile apps. (For Mac applications, the process takes just 5 days.)
That’s much better than the months-long delays and opaque communication Apple used to put developers through a few years ago. But it’s still no comparison to the two to three hours it takes Android developers to breeze through Google Play’s review process. And if Apple takes issue with anything, the complication could stretch out that timeline even further.
Following the App Store Review Guidelines to the letter should help streamline things as much as possible. In addition, Apple offers a way for developers to set a future release date for their apps. If they allow plenty of time for review, they can plan their marketing activities accordingly. It also wouldn’t hurt to cross those fingers and hope no problems come up that derail things.
Then maybe, just maybe, they can actually take advantage of the launch window to hit that weekend rush.
Lead photo by Jason A Howie; charts courtesy of Sensor Tower
See also: iOS Apps Generated More Revenue Than Hollywood Movies Last YearTiming is everything, according to app marketing and optimization firm Sensor Tower. Its new report on iOS apps, released Friday, suggests that weekends are the best time to plug those apps, in general. In most categories, that’s when people use them, make purchases and download new ones the most.
But not all apps and target audiences are the same, and results can vary from one type of app to another.
When We Buy, When We Download, And Why
Sensor Tower, which supplies analytics and marketing insights, tasked its Data Science team with analyzing download figures and app revenue estimates for iOS apps in the U.S. across the first three months of this year.
We totaled the estimated weekly downloads and revenue for all iOS apps in the US, for each category. Then we broke down the downloads and revenue by day to see what percentage of the weekly total happened on each day.Drilling down into the data, the team compared the daily breakdowns to identify the optimal days to promote apps across App Store categories.
In most cases, the findings lined up with common sense: Weekends were generally the best day to promote apps, particularly when it came to lifestyle-oriented apps.
See also: Apple Watch Developers Can Now Submit Watch Apps To AppleBut if people care about fun on the weekends, then they're all about work during the week, with business apps doing well Monday through Friday. While they were at the office, they also tended to download finance apps, though they used them and made purchases through them on weekends. Users also tried to keep productivity up pretty consistently across the week and weekends, with usage and revenue holding fairly steady.
To drill down into the data further or explore other app categories, check out Sensor Tower’s report.
Timing App Launches
iPhone app makers often don’t always know precisely when Apple will approve their apps and funnel them into the App Store. While the company offers a tool that shows what percentage of apps have been approved over the preceding 5 days on its developer site, the company also states that, “because every app submitted is different, there’s no set review time.”
According to Shiny Development, which collects information based on community feedback, App Store reviews take 8 days on average for mobile apps. (For Mac applications, the process takes just 5 days.)
That’s much better than the months-long delays and opaque communication Apple used to put developers through a few years ago. But it’s still no comparison to the two to three hours it takes Android developers to breeze through Google Play’s review process. And if Apple takes issue with anything, the complication could stretch out that timeline even further.
Following the App Store Review Guidelines to the letter should help streamline things as much as possible. In addition, Apple offers a way for developers to set a future release date for their apps. If they allow plenty of time for review, they can plan their marketing activities accordingly. It also wouldn’t hurt to cross those fingers and hope no problems come up that derail things.
Then maybe, just maybe, they can actually take advantage of the launch window to hit that weekend rush.
Lead photo by Jason A Howie; charts courtesy of Sensor Tower
Your Quick Guide To Stick Computers And What They’re Good For
Earlier this week, Google unveiled
the Chromebit—a Chrome OS computer the size of a candy bar that plugs into a
TV's HDMI port. This device, manufactured by Asus, is the latest in a line of
“computers on a stick,” a type of gadget we're likely to see a lot more of.
The Chromebit joins a handful of several similar devices that have slowly been gaining momentum over the past few years. Most of these run Android, although Intel recently announced a Windows-on-a-stick device as well. Together, it's not inconceivable these little gadgets could jumpstart a sticky computer revolution—one in which desktop computing all but disappears into a tiny gadget you can plug into any screen you want.
Sure, they may seem like novelties now. But some students and office workers could be packing computer sticks before too long. You might even end up with one in your living room.
Here's your guide for navigating what just might be a big stick shift.
Schools have already started embracing portable computing. In 2014, I taught at a school that provided a free iPad with every student’s tuition. The iPads provided access to the students’ textbooks, and Microsoft had recently released Office for iPad, meaning they could write essays using the Word app. (Of course, the iPad’s inherent limitations as a productivity machine meant that they were usually running Candy Crush Saga rather than Evernote.)
Take it a step further and it's also easy to see how stick computers might
also serve as home entertainment centers. A stick plugged into your living room
TV could easily stream TV and movies and run at least some games, although
possibly not the most demanding ones. With the Chromebit, it's also possible to
outsource heavy lifting to a more powerful computer, since you can arrange to
control it via the Chrome Remote Desktop app.
People will undoubtedly figure out other ways to get on the stick as the devices spread. The real question is which stick computer makes the most sense for any particular scenario.
But at first glance, it’s hard to figure out why a Chrome OS stick should be any more appealing than one of the dozens of Android OS sticks currently on the market—many of which have similar specs but lower price tags. After all, there are far more Android apps than Chrome OS apps available.
But with the advent of the ARC
Welder beta from Google, developers have more tools than ever to start
porting Android apps to Chrome with ease. Apps likely won’t be an issue for
long.
Chrome OS’s real advantage over Android is single-screen multitasking.
Introduced to Chrome OS in 2012, the ability to have more than one program
running on the screen at a time basically sets “real” computers apart from
mobile devices.
An iPad restricts users to one app on-screen making it more about fun than productivity. And except for a few specific handsets like the LG G3 and a few Samsung Galaxy phones and phablets, there really aren’t any Android devices that handle multiple apps on screen at the same time. (And those that do, generally don't do it all that gracefully.)
(If you’re into penguins, Intel will also release a version that runs Linux;
it comes with the same RAM and storage for $110.)
Like the Chromebit, the Compute Stick comes with Bluetooth and Wi-Fi connectivity, along with a micro USB power port and a full USB port for plugging in other peripherals. Perhaps most important, it'll give users access to the full array of Windows software and apps, and can easily handle multiple windows. Both versions of the Compute Stick are available for pre-order, with a ship date of April 24.
Some lesser-known companies have released Windows sticks, though they may not be worth your time. A company called Mouse Computer has a Windows 8 stick of its own set to debut in Japan in late April; the m-Stick comes with a microSD card slot and an internal fan for $175. There’s also the $120 Windows 8 Wintel Mini PC from a company called Vensmile, and a dubious looking dual-Android/Windows stick from MeeGoPad that apparently comes with an unlicensed version of Windows 8 with Chinese system messages.
Still, Windows is Windows, and the complication of managing software and
configurations—the natural consequence of a more complex operating system—could
be more trouble than its worth if distributing stick computers to a large number
of users at a school or office.
It’s still entirely possible that these HDMI dongles will fail to catch on, and we’ll toss stick computers away in the same dustbin as the world’s discarded netbooks. When electronics become cheap and ubiquitous, it becomes that much harder for them to retain any lasting value—and that much harder for them to stick around.
The Chromebit joins a handful of several similar devices that have slowly been gaining momentum over the past few years. Most of these run Android, although Intel recently announced a Windows-on-a-stick device as well. Together, it's not inconceivable these little gadgets could jumpstart a sticky computer revolution—one in which desktop computing all but disappears into a tiny gadget you can plug into any screen you want.
Sure, they may seem like novelties now. But some students and office workers could be packing computer sticks before too long. You might even end up with one in your living room.
Here's your guide for navigating what just might be a big stick shift.
It's A Stick-Up
Google envisions the Chromebit as an inexpensive way for businesses or schools to replace aging desktops without having to buy entirely new computers. (Asus hasn't released a price yet, although Google says the Chromebit will be "less than $100.") Instead of buying a new desktop or laptops that need to be secured, you could just plug Chromebits into existing monitors and carry on—assuming, of course, you don't need local apps beyond what's available for Chrome OS.See also: Intel Introduces (Another) Computer On A StickThat, of course, is where Intel's Compute Stick could come in, as a full Windows 8 computer for $150. You could even imagine an office or classroom equipped with a monitor and a wireless keyboard at every chair. All a user would have to do is plug in their stick computer of choice, connect to the local Wi-Fi, and they’re ready to work.
Schools have already started embracing portable computing. In 2014, I taught at a school that provided a free iPad with every student’s tuition. The iPads provided access to the students’ textbooks, and Microsoft had recently released Office for iPad, meaning they could write essays using the Word app. (Of course, the iPad’s inherent limitations as a productivity machine meant that they were usually running Candy Crush Saga rather than Evernote.)
People will undoubtedly figure out other ways to get on the stick as the devices spread. The real question is which stick computer makes the most sense for any particular scenario.
Chromebit vs. Android
The Chromebit will reportedly sport a Rockchip 3288 processor, 2GB of RAM, and 16GB of internal flash storage with Wi-Fi and Bluetooth 4.0/LE connectivity, not to mention a micro USB port for power and a full USB port for any other peripherals you want to attach.But at first glance, it’s hard to figure out why a Chrome OS stick should be any more appealing than one of the dozens of Android OS sticks currently on the market—many of which have similar specs but lower price tags. After all, there are far more Android apps than Chrome OS apps available.
An iPad restricts users to one app on-screen making it more about fun than productivity. And except for a few specific handsets like the LG G3 and a few Samsung Galaxy phones and phablets, there really aren’t any Android devices that handle multiple apps on screen at the same time. (And those that do, generally don't do it all that gracefully.)
Windows Sticks, Too
Before we even first saw the Chromebit, Intel announced its plans to release the Compute Stick, a $150 dongle that runs Windows 8 and packs an Atom processor, 2GB of RAM, and 32GB of internal storage.Like the Chromebit, the Compute Stick comes with Bluetooth and Wi-Fi connectivity, along with a micro USB power port and a full USB port for plugging in other peripherals. Perhaps most important, it'll give users access to the full array of Windows software and apps, and can easily handle multiple windows. Both versions of the Compute Stick are available for pre-order, with a ship date of April 24.
Some lesser-known companies have released Windows sticks, though they may not be worth your time. A company called Mouse Computer has a Windows 8 stick of its own set to debut in Japan in late April; the m-Stick comes with a microSD card slot and an internal fan for $175. There’s also the $120 Windows 8 Wintel Mini PC from a company called Vensmile, and a dubious looking dual-Android/Windows stick from MeeGoPad that apparently comes with an unlicensed version of Windows 8 with Chinese system messages.
The Sticking Point
Ultimately, your choice of what stick computer will come down to what kind of work needs to get done and what programs will suit that work best. The good news is that there will probably be even more options before too long, since we’re only at the beginning of the stick computer movement—if it does turn out to be a movement, that is.It’s still entirely possible that these HDMI dongles will fail to catch on, and we’ll toss stick computers away in the same dustbin as the world’s discarded netbooks. When electronics become cheap and ubiquitous, it becomes that much harder for them to retain any lasting value—and that much harder for them to stick around.
Twitter Now Tracking User IP Addresses
On Monday, I was testing our Freedome
VPN for Windows and eventually… I forgot that I was using our London exit
node.
And then I attempted to log in to Twitter.
This was the result:
And then I received this message via e-mail:
An unusual device or location?
In order to determine that I was attempting to log in from an "unusual" location, Twitter must be keeping a history of my previous IP addresses to compare against. This type of security feature is not new, Facebook has been doing this sort of thing for years already. But I've not yet seen it from Twitter. (A few years ago, Twitter seemed to be actively against such an idea.) Unlike Facebook, I don't see anyplace from which I can download my own connection history. Previous IP addresses used are available to those who download a Facebook archive. But IP address information isn't in the Twitter archive that I downloaded today.
So then the questions I now have for Twitter is this: for how long have my connections been logged and tracked? And when will a copy of the data be available to me?
March 11th update:
Eagle-eyed reader Tero Alhonen found the answer to one of my questions in Twitter's Privacy Policy.
Twitter "may" receive information such as IP address and will "either delete Log Data or remove any common account identifiers" "after 18 months." The language about 18 months was first included in version 5 of the policy, June 23, 2011.
And then I attempted to log in to Twitter.
This was the result:
And then I received this message via e-mail:
An unusual device or location?
In order to determine that I was attempting to log in from an "unusual" location, Twitter must be keeping a history of my previous IP addresses to compare against. This type of security feature is not new, Facebook has been doing this sort of thing for years already. But I've not yet seen it from Twitter. (A few years ago, Twitter seemed to be actively against such an idea.) Unlike Facebook, I don't see anyplace from which I can download my own connection history. Previous IP addresses used are available to those who download a Facebook archive. But IP address information isn't in the Twitter archive that I downloaded today.
So then the questions I now have for Twitter is this: for how long have my connections been logged and tracked? And when will a copy of the data be available to me?
March 11th update:
Eagle-eyed reader Tero Alhonen found the answer to one of my questions in Twitter's Privacy Policy.
Twitter "may" receive information such as IP address and will "either delete Log Data or remove any common account identifiers" "after 18 months." The language about 18 months was first included in version 5 of the policy, June 23, 2011.
Smart Home Safe
The Internet of Things (IoT) devices can help you save time and hassle and
improve your quality of life. As an example, you can check the contents of your
fridge and turn on the oven while at the grocery store thus saving money,
uncertainty, and time when preparing dinner for your family. This is great and
many people will benefit from features like these. However, as with all changes,
along with the opportunity there are risks. Particularly there are risks to your
online security and privacy but some of these risks extend to the physical World
as well. As an example, the possibility to remotely open your front door lock
for the plumber can be a great time saver but it also means that by hacking your
cloud accounts it will be possible for also the hackers to open your door -- and
possibly sell access to your home on dark markets. And it's not just about
hacking: These gadgets collect data about what's happening in your home and life
and hence they themselves present a risk to your privacy.
Image: The above image shows a typical smart home configuration and the kinds of attacks it can face. While the smart home is not a target at the moment due to its low adoption rate and high fragmentation, all of the layers can be attacked with existing techniques.
If you are extremely worried about your privacy and security, the only way to really stay safe is to not buy and use these gadgets. However, for most people, the time-saving convenience benefits of IoT and the Smart Home will outweigh most privacy and security implications. Also, IoT devices are not widely targeted at the moment and even when they are, the attackers are after the computing power of the device -- not yet your data or your home. Actually, the biggest risk right now comes from the way how the manufacturers of these devices handle your personal data. This all said, you shouldn't just blindly jump in. There are some things that you can do to reduce the risks:
• Do not connect these devices directly to public internet addresses. Use a firewall or at least a NAT (Network Address Translation) router in front of the devices to make sure they are not discoverable from the Internet. You should disable UPnP (Universal Plug and Play) on your router if you want to make sure the devices cannot open a port on your public internet address.
• Go through the privacy and security settings of the device or service and remove everything you don't need. For many of these devices the currently available settings are precious few, however. Shut down features you don't need if you think they might have any privacy implications. For example, do you really use the voice commands feature in your Smart TV or gaming console? If you never use it, just disable it. You can always enable it back if you want to give the feature a try later.
• When you register to the cloud service of the IoT device, use a strong and unique password and keep it safe. Change the password if you think there is a risk someone managed to spy it. Also, as all of these services allow for a password reset through your email account, make sure you secure the email account with a truly strong password and keep the password safe. Use 2-factor authentication (2FA) where available -- and for most popular email services it is available today.
• Keep your PCs, tablets, and mobile phones clear of malware. Malware often steals passwords and may hence steal the password to your smart home service or the email account linked to it. You need to install security software onto devices where you use the passwords, keep your software updated with the latest security fixes, and, as an example, make sure you don't click on links or attachments in weird spam emails.
• Think carefully if you really want to use remotely accessible smart locks on your home doors. If you're one of those people who leave the key under the door mat or the flower pot, you're probably safer with a smart lock, though.
• If you install security cameras and nannycams, disconnect them from the network when you have no need for them. Consider doing the same for devices that constantly send audio from your home to the cloud unless you really do use them all the time. Remember that most IoT devices don't have much computing power and hence the audio and video processing is most likely done on some server in the cloud.
• Use encryption (preferably WPA2) in your home Wi-Fi. Use a strong Wi-Fi passphrase and keep it safe. Without a passphrase, with a weak passphrase, or when using an obsolete protocol such as WEP, your home Wi-Fi becomes an open network from a security perspective.
• Be careful when using Open Wi-Fi networks such as the network in a coffee shop, a shopping mall, or a hotel. If you or your applications send your passwords in clear text, they can be stolen and you may become a victim of a Man-in-the-Middle (MitM) attack. Use a VPN application always when using Open Wi-Fi. Again, your passwords are they key to your identity and also to your personal Internet of Things.
• Limit your attack surface. Don't install devices you know you're not going to need. Shut down and remove all devices that you no longer need or use. When you buy a top of the line washing machine, and you notice it can be connected through Wi-Fi, consider if you really want and need to connect it before you do. Disconnect the device from the network once you realize you actually don't use the online features at all.
• When selecting which manufacturer you buy your device from, check what they say about security and privacy and what their privacy principles are. Was the product rushed to the market and were any security corners cut? What is the motivation of the manufacturer to process your data? Do they sell it onwards to advertisers? Do they store any of your data and where do they store it?
• Go to your home router settings today. Make sure you disable services that are exposed to the Internet -- the WAN interface. Change the admin password to something strong and unique. Check that the DNS setting of the router points to your ISP's DNS server or some open service like OpenDNS or Google DNS and hasn't been tampered with.
• Make sure you keep your router's firmware up-to-date and consider replacing the router with a new one, especially, if the manufacturer no longer provides security updates. Consider moving away from a manufacturer that doesn't do security updates or stops them after two years. The security of your home network starts from the router and the router is exposed to the Internet.
The above list of actions is extensive and maybe a bit on the "band-aid on the webcam"-paranoid side. However, it should give you an idea of what kinds of things you can do to stay in control of your security and privacy when taking a leap to the Internet of Things. Security in the IoT World is not that different from earlier: Your passwords are also very important in IoT as is the principle of deploying security patches and turning off services you don't need.
Image: The above image shows a typical smart home configuration and the kinds of attacks it can face. While the smart home is not a target at the moment due to its low adoption rate and high fragmentation, all of the layers can be attacked with existing techniques.
If you are extremely worried about your privacy and security, the only way to really stay safe is to not buy and use these gadgets. However, for most people, the time-saving convenience benefits of IoT and the Smart Home will outweigh most privacy and security implications. Also, IoT devices are not widely targeted at the moment and even when they are, the attackers are after the computing power of the device -- not yet your data or your home. Actually, the biggest risk right now comes from the way how the manufacturers of these devices handle your personal data. This all said, you shouldn't just blindly jump in. There are some things that you can do to reduce the risks:
• Do not connect these devices directly to public internet addresses. Use a firewall or at least a NAT (Network Address Translation) router in front of the devices to make sure they are not discoverable from the Internet. You should disable UPnP (Universal Plug and Play) on your router if you want to make sure the devices cannot open a port on your public internet address.
• Go through the privacy and security settings of the device or service and remove everything you don't need. For many of these devices the currently available settings are precious few, however. Shut down features you don't need if you think they might have any privacy implications. For example, do you really use the voice commands feature in your Smart TV or gaming console? If you never use it, just disable it. You can always enable it back if you want to give the feature a try later.
• When you register to the cloud service of the IoT device, use a strong and unique password and keep it safe. Change the password if you think there is a risk someone managed to spy it. Also, as all of these services allow for a password reset through your email account, make sure you secure the email account with a truly strong password and keep the password safe. Use 2-factor authentication (2FA) where available -- and for most popular email services it is available today.
• Keep your PCs, tablets, and mobile phones clear of malware. Malware often steals passwords and may hence steal the password to your smart home service or the email account linked to it. You need to install security software onto devices where you use the passwords, keep your software updated with the latest security fixes, and, as an example, make sure you don't click on links or attachments in weird spam emails.
• Think carefully if you really want to use remotely accessible smart locks on your home doors. If you're one of those people who leave the key under the door mat or the flower pot, you're probably safer with a smart lock, though.
• If you install security cameras and nannycams, disconnect them from the network when you have no need for them. Consider doing the same for devices that constantly send audio from your home to the cloud unless you really do use them all the time. Remember that most IoT devices don't have much computing power and hence the audio and video processing is most likely done on some server in the cloud.
• Use encryption (preferably WPA2) in your home Wi-Fi. Use a strong Wi-Fi passphrase and keep it safe. Without a passphrase, with a weak passphrase, or when using an obsolete protocol such as WEP, your home Wi-Fi becomes an open network from a security perspective.
• Be careful when using Open Wi-Fi networks such as the network in a coffee shop, a shopping mall, or a hotel. If you or your applications send your passwords in clear text, they can be stolen and you may become a victim of a Man-in-the-Middle (MitM) attack. Use a VPN application always when using Open Wi-Fi. Again, your passwords are they key to your identity and also to your personal Internet of Things.
• Limit your attack surface. Don't install devices you know you're not going to need. Shut down and remove all devices that you no longer need or use. When you buy a top of the line washing machine, and you notice it can be connected through Wi-Fi, consider if you really want and need to connect it before you do. Disconnect the device from the network once you realize you actually don't use the online features at all.
• When selecting which manufacturer you buy your device from, check what they say about security and privacy and what their privacy principles are. Was the product rushed to the market and were any security corners cut? What is the motivation of the manufacturer to process your data? Do they sell it onwards to advertisers? Do they store any of your data and where do they store it?
• Go to your home router settings today. Make sure you disable services that are exposed to the Internet -- the WAN interface. Change the admin password to something strong and unique. Check that the DNS setting of the router points to your ISP's DNS server or some open service like OpenDNS or Google DNS and hasn't been tampered with.
• Make sure you keep your router's firmware up-to-date and consider replacing the router with a new one, especially, if the manufacturer no longer provides security updates. Consider moving away from a manufacturer that doesn't do security updates or stops them after two years. The security of your home network starts from the router and the router is exposed to the Internet.
The above list of actions is extensive and maybe a bit on the "band-aid on the webcam"-paranoid side. However, it should give you an idea of what kinds of things you can do to stay in control of your security and privacy when taking a leap to the Internet of Things. Security in the IoT World is not that different from earlier: Your passwords are also very important in IoT as is the principle of deploying security patches and turning off services you don't need.
Subscribe to:
Posts (Atom)