Yesterday, my phone suddenly started downloading something called “Facebook build (somethingorother).” It didn’t show any progress, wouldn’t go away, and I worried that maybe it was a piece of malware or something buggy. A quick search turned up nothing. A later search found other people asking what this was. Late last night, there were articles about “Hey, why is Facebook updating itself!”

It turns out that yes, Facebook is now downloading its own updates on Android phones and tablets instead of just pushing them out through the relevant app stores (Google Play and Amazon, mainly). I’m sure they thought it was a great idea — web browsers like Firefox and Chrome have been doing this for several years on the desktop.

The problem is that it violates expectations of what the app will do, and where your software is coming from.

Imagine your car’s manufacturer issues a recall. Now imagine three scenarios:

Scenario 1: You receive a notice of the recall, asking you to make an appointment to bring the car in for maintenance. (For those of you who don’t drive, this is how it normally works.)

Scenario 2: You receive a notice offering to send a technician out to do the repairs at your home or workplace. (This would be awesome, but impractical.)

Scenario 3: You’re sitting in the living room when you hear a noise from the garage. You go out to investigate and find someone messing with your car.

That’s what this feels like.

It’s one thing to offer software through third-party channels. The fact that it’s possible is one of the reasons I prefer Android to iOS. In that case, notifying me of updates, maybe even simplifying the download would be very convenient — if I know ahead of time that it’s going to happen. And if they’re not switching channels on me. A download coming from some new location, but claiming to be a familiar piece of software, and a notice telling you to install it? That’s how trojans work.

In short, it’s a violation of trust…and if there’s one thing we’ve learned about Facebook over the last few years, it’s that the social network has enough problems with trust.

Spectrum on the Floor (Not Pink Floyd)

You’ve probably heard about Instagram’s new terms of service, which claim the right to sell your photos. [Update: Instagram has posted a “that’s not what we meant!” statement and promised to revise that section.]

To help us deliver interesting paid or sponsored content or promotions, you agree that a business or other entity may pay us to display your username, likeness, photos (along with any associated metadata), and/or actions you take, in connection with paid or sponsored content or promotions, without any compensation to you.

Monetization is one thing, but selling my creative output, using it or my likeness for advertising, without my permission? That’s stepping over the line. Add this to the recent decision to hide image previews from Twitter, and a pattern emerges of a service that was once open and free starting to close ranks.

I’m not personally worried about Instagram in particular. I’ve only really dabbled in it over the last few months, treating it most of the time as a first draft for Flickr. I have maybe 50 photos and a handful of followers, and most of the people I follow there are also on other networks. If Instagram doesn’t back down or clarify the language [Update: they did], I can easily repost the photos I want to keep online and go somewhere else.

I am worried about the trend it highlights: You can’t always rely on social media.

And I am worried about the fact that these changes were announced after the Facebook acquisition went through, and after Facebook revised their terms so that they no longer have to put new terms of service to a vote. I’ve got a lot more invested in Facebook than I have in Instagram.

Where Have All The Photos Gone?

GloomI used to blog about web browsers at Spread Firefox and Opera Watch. Both sites are long gone. Countless articles I’ve linked to have vanished as publishers restructured or went out of business.

I’ve got an extensive LiveJournal from a few years back. It’s still there, but when I let my paid account lapse, I started moving over some of the less personal, more tech- and entertainment-focused posts (like convention reports) to this site, just in case a BOFH deletes it, or they change their terms of service to something unacceptable.

The question “Who owns your data?” has been repeated so often over the years that I can’t look up the post I’m thinking about, which advocated open file formats over proprietary ones (like Microsoft Office) on the basis that you should always be able to find a reader for a text document, but if you lose access to Word, or if Microsoft decides to drop support for an older format, you’re at their mercy.

The problem with social networks as services is that, like with those proprietary file types, you’re at their mercy. Want to search for a three-year-old Tweet? Tough. Facebook changed their privacy settings again? Oops. Twitter decides they don’t want apps like yours to exist, so they close off part of their API? Bye! The site you posted all your photos to decides to close up shop? *Poof!* There go your photos.

So What’s the Alternative?

Train ArrivingWhen it comes down to it, the only way to be sure you aren’t going to be exploited or abandoned is to do it yourself.

Blogging is basically the same as social networking, except distributed:

  • People publish written posts, photos, videos, and more.
  • Other people comment on them.
  • You can “share” a post by linking to it, and pingbacks/trackbacks will let them know you’ve done so.
  • You can subscribe to someone’s updates through RSS, and services like RSSCloud and PubSubHubub can make updates appear quickly.
  • Services like OpenId make it possible to authenticate visitors, which means you can start locking down who gets to see what.

The upside is that you, not Facebook or Google or Twitter, have full control of your content. The downside is that you have to exercise that control. You have to maintain the infrastructure, you have to guard against attackers, you have to filter out spam, you have to do your own backups, and you have to know at least something about the system under the hood.

We keep going to social networks because they’re so damn convenient. They take care of all that, and make your stuff easier for people to discover as a bonus.

But when you leave the network — or when it leaves you — what happens to all your photos, status updates, rants, raves, and commentary?

Who owns your profile?

Fury after Facebook messes up smartphone users’ address books:

Remember how Facebook sneakily changed your default email address to @facebook.com? … Some smartphone users…are reporting that their on-phone address books have been silently updated to make @facebook.com email addresses the default way to send a message to their contacts.

The lesson: Whenever you change something, always consider the impact on things that depend on it.

This reminds me of the ill-fated Network Solutions attempt to replace failed DNS lookups with responses directing web browsers to search pages, not considering that web browsers aren’t the only software that uses DNS, or that some of that software might depend on accurate “this domain does not exist” info.

Originally posted on Google+

I’ve lost some confidence in USPS’s delivery confirmation service.

Even though we put mail delivery on hold while we were on vacation, USPS claims that delivered a package at 4:08pm on Saturday.

So, either they didn’t honor the mail hold and delivered it…in which case who knows where it is now…or they did honor the mail hold and falsely marked the package as having been delivered…in which case who knows where it is now.

At least it wasn’t anything important.

My suspicion is that it was “delivered” to the local post office, and that they haven’t sent us the accumulated mail like they were supposed to. Which means now I need to figure out which office handles our incoming mail and get there during business hours.

Update:

That package I mentioned finally showed up — three days after the end of the vacation hold and five days after delivery confirmation tracking claimed it had been delivered.

So now I know that delivery confirmation doesn’t actually confirm delivery. I wonder what it does confirm.