Now I love me a good piece of Apple information just like the next guy, they’re just too hard to resist as they’re some damn fine blog fodder. Still for the most part I steer clear of product speculation and rumours simply because I’m not really interested in writing on fluff and my posts would be lost in the deluge of other blogs parroting the same “facts”. Still every so often I come across a bit of Apple news that deserves reporting on, like how people were getting the whole Antennagate thing wrong, and yesterday brought across another piece of news that had all the tech bloggers in a tizzy.
Yet again I feel they’ve all got it wrong.
What I’m talking about is the the iOS location fiasco that’s currently winding itself up in the media today. In essence its been shown that iOS devices have a log of all your location data from the day you first turned on your phone. The file in question resides on your phone but is copied across to your PC when you sync with iTunes. If you’ve selected to encrypt your backups the file will be encrypted but it is stored in plain text on your phone. People are crying foul over how Big Brother Apple is tracking them and how this is a major breach in privacy and you’d be forgiven for thinking that if you didn’t bother going beneath the surface of these stories.
Now I was considering writing about this yesterday (instead choosing to post some inane dribble, sorry) but I had really no desire to comment on something that seemed like a non-issue. Whilst I’m not keen for someone to follow my every move I was pretty sure that the location database that people were mucking around with was more than likely a cache of previous location data, most likely used in future GPS calculations to improve accuracy. Additionally there was absolutely no evidence that this database had ever made its way to Apple or anyone else for that matter and the only program that has the demonstrated ability to read those files can only do so if its unencrypted and not on your iPhone.
The privacy issue is a different beast however but in reality no one would try to use something like that location cache to track you. Whilst sites like Please Rob Me might provide insight into how such data could be used for nefarious purposes the thing is that most crime will still be committed the old fashion way, by going up to your house and seeing if anyone is there. Hiding all your location information from online sources won’t help combat this problem and the only way this database file could be used against you was if someone had direct access to your phone or PC, the former which indicates your phone has been stolen (got a pin code on that buddy?) and the latter that they’re already in your house (got a password on your PC?).
Of course in doing my research for this post today I came across a few other posts detailing my exact predictions of what the problem might be. People familiar with the matter investigated the Android platform to see if something similar was being done on their end and sure enough there was. The difference between the Apple and Android was that Android had a hard limit set on the number of records whereas the iPhone had no such limit. More than likely Apple will set an upper limit on the number of location records that are kept in the log files in the next iOS update so that people don’t get all butthurt about it again, even though there was nothing wrong in the first place.
Apple products seem to have the uncanny ability of drumming up a PR storm no matter what minor thing happens with them. Whilst this particular ability is primarily positive for Apple it seems even the Apple opposition falls prey to going hyperbolic on any little flaw in the iOS platform, creating fiascos out of what are merely features of the platform. This is why I steer clear of many Apple related articles, there’s simply too much group think on either side of the fence for there to be any proper discussion. So hopefully my little blog here has helped clarify that big brother isn’t watching you and we can all go back to our normal lives and not have to worry about Big Brother Apple watching us in our sleep.
You can still wear the tinfoil hat though, it’s sexy.
So I’ve got a thing for information that’s got some location meta data, that’s no secret. You’d then think that I’d be drooling over all these hot location based applications that are constantly popping up all over the place but for the most part I’m indifferent to them. That’s not to say I don’t know about them, I probably know more about them than what’s considered healthy, just that I can’t seem to find a use for them no matter how hard I try. I’ve been on Foursquare for quite a while now and whilst I have a few friends on it there’s not enough of them to make the service useful nor interesting, especially when most of them only check-in when they see me doing it.
I mulled this over recently with an old friend of mine who’s also been on the service for a while and he echoed my sentiments. Whilst Foursquare might be growing users in other locations its popularity here made it something of a non-event, even amongst those who were inclined to try something like that out. We both agreed that if more people were using something like Foursquare its utility would increase dramatically but couldn’t see it happening any time soon. The idea of Facebook doing something in this space had been around for a while but with no word from them on what they were doing (apart from outside speculation) I put it all down to rumour milling.
That was until just recently when Facebook released their Places application.
Now whilst the service isn’t available here in Australia yet there’s been enough coverage of it in the news to get a good idea about what it actually entails. For the most part it’s the barebones features of all the popular location applications, just good old fashioned check-ins. The only innovative part that Facebook deserves credit is for being able to check-in friends with you which, whilst sure to draw the ire of your more private friends, helps to reduce the real anti-social part of checking in. Apart from that you wouldn’t be far off the mark from calling this Foursquare without any of the game aspects, except for the fact that it’s more appealing than its predecessors.
The biggest hurdle to overcome with any new social application is one of a critical mass of users¹ and Facebook Places solves this by having all my friends as potential users of the application. I’ve had a tough time trying to convince other people to use yet another social app at the best of times but rarely have I heard about a new feature on Facebook before one of my social circle is using it. The check-in a friend feature also means that I can basically goad them into using it by tagging them when we’re doing something together and if they don’t appear in the check-in I know that they’d rather not participate. It’s quite an unobtrusive way of getting people into the check-in mindset.
I’m interested in seeing where they take the application from here. Facebook have shown that they want to be more active in the location space but don’t seem to be too interested in trying to dominate it. I say this because at their launch event they had all the big location players there with them to talk about the future of location now that Facebook was getting involved. Realistically it looks like Facebook is taking aim at being the platform for check-ins and letting others do the hard work of innovating around it. Mostly this is because they want to own the check-in data which will make them more valuable to their advertisers and investors. They’re also transferring the risk of developing check-in based applications to third parties and you can bet your bottom dollar that if any of them make a killer feature that Facebook has to have they’ll be knocking at their door, cheques in hand.
I might not see more of my friends venturing out into the fringe world of social applications but I’m sure I’ll have a few of them checking in as the feature makes its way down under. Facebook has demonstrated yet again that the big players aim to be the platform of the Internet and the small players are the ones that innovate around them. As the service expands I can see it becoming the defacto place for place information, fulfilling that vision of a grand central database someone had not so long ago.
¹You could also argue that something that has utility can also drive adoption as much as critical user mass does. I’d agree with that since the only reason I got into Twitter was to join this blog to Facebook and the social part came a long time later. A great example of an application that’s popular because of its utility first is Evernote although its recent popularity could easily be attributed social factors.
The last couple weeks have seen me make some pretty amazing progress with the new version of Geon. I’ve settled on a name for the service, managed to get a 4 letter TLD to host it under and the Silverlight client has seen a massive redesign that drove a complete rework of the underlying API. It’s been quite a learning experience and I’ve encountered quite a few problems along the way that have served to give me some insight into the issues that the big guys probably had when they were first starting out. Whilst the system currently only has a user of one (well 3, the Anonymous user, myself and a friend’s identity I stole to test out some features) I still got to thinking about the authenticity of my data and how I was going to manage that.
I first encountered this when I was coding up the login system for Geon. Originally it was based around the built in Windows Communication Framework Authentication Servicewhich, whilst being a down right pain to get working initially, provided all the necessary security for my web application without me having to think about how it got the job done. Unfortunately though this wouldn’t work too well when I moved away from the .NET platform, namely to either Android or the iPhone, as they don’t have any libraries that support this. So as part of my complete client redesign I thought it best to not rely on anything that I couldn’t use on my other platforms and that meant building the Silverlight client as if it was a mobile phone.
In all seriousness I would’ve been completely lost if I hadn’t stumbled upon Tim Greenfield’s blog, specifically this postwhich outlined the core ideas for implementing a secure login system that uses RIA services. After doing some rough designs and mulling the idea in my head for a couple weeks I got a working implementation of it a couple weeks ago, allowing a user to login without having to rely on the built in Microsoft frameworks. Initially everything was looking good and I went ahead coding up the other parts of the application thinking that my bare bones implementation would suffice for the use cases I had in mind.
However after a while I began to think about how easy it would have been to a nefarious (or just plain curious) user to be able to wreck untold havok on my system. You see the login function needed 4 parameters: the user name, password, IP address and whether or not this session should be remembered next time the user visits the page. The IP address was for security as if someone manages to get your session ID they could theoretically use that to hijack your session and do all sorts of mean things with your account. In my implementation the IP address was passed up as part of the request which meant that anyone looking to perform a session hijack would simply have to pass up the valid IP for that session and I’d be none the wiser. Realising that it would be an issue I implemented server side IP detection which would make it quite a lot harder to get the magic combination session ID and IP address correct, making my service just that more secure.
This got me thinking about the authenticity of the data which I was going to be collecting from my users. I’m not putting any limitations on where people can post but I’m going to be flagging people as “out of area” when they’re posting or responding to something that’s not near their current location. However since I want to make the API open I have to make the co-ordinates part of the update request which will unfortunately open it up to the possibility of people faking their location. Not that there would be a whole lot to gain from doing so but if my feed reader has taught me anything recently its that the geo-social networking space is constantly grappling with this issue and there’s really no good solution for it.
There seems to be two schools of thought on the idea of data authenticity when it comes to the location space. The Foursquare approach is one of mostly indifference as whilst they have a cheater code to deal with people trying to get that elusive mayor title they seem to have no problem with those who check-in where their friends are or if you create a fake venuefor others to check in to. I’m not surprised at their reaction as both of those kinds of behaviour mean people are using their service and are finding new, inventive ways of using it which could potentially translate into new features for their service. The second is of strict “no fakery here” policy that Gowalla has taken with their 6 commandmentsof their API. Whilst they’re still opening themselves open to abuse the no tolerance policy on it suggests that they value data integrity much higher than Foursquare. Clamping down on fake check-ins would mean that their data is more reliable and thus more valuable than Foursquare’s but that comes down to what you’re using it for, or who you’re selling it to.
Personally I’m in favour of the Gowalla route but only because there’s little value in faking location data in my application. Sure there are potential scenarios where it might be useful but since I’m not placing any restrictions (only identifying out of area people) I can’t really see why anyone would want to do it. That might change when I put in the social game mechanics in and I actually get some users on the service but that’s a bridge I’ll cross when I come to it. Right now the most important thing is trying to get it out the damn door.
I’m hoping that will be soon as once I get the core in I get to buy a Macbook Pro to code on, yay! 😀
There’s been many times when I’ve caught myself with some kind of random idea for a product, service or whatever that I’ve quickly thrown on an ever growing pile of ideas. It doesn’t seem to take long for that one idea that I’ve had to turn from something I thought that I only thought of to someone else’s business venture upon which time I curse myself for not following through on it. Granted many of these ideas have been kicking around in my head for years without them coming to fruition and my recent attempts to develop one of them has been quite the eye opener, showing me that ideas are great and all but implementations are still king.
This is one of the biggest challenges that anyone will come up against when trying to develop a product or service: someone has already done it before. In this world that thrives on innovation being the first to market with a new widget is a powerful force and almost guarantees you the lion’s share of the early adopter market. The problem here is though that being first to market with something means one of two things: either you’re creating a market that didn’t exist before (see Apple and Nintendo as good examples of this) or you’ve seen an established market and noticed something sorely lacking, which pits you against established players in this space. In both these cases if you’re just starting out at being an entrepreneur your friends, family and potential business partners will more than likely shoot a skeptical eye your way telling you that there’s no way it could work.
For the most part they’re right, in a traditional business world starting from scratch is a pretty risky business and whilst the jury is still out on how you can judge failure rates of new companies it’s no secret that you’re more likely to fail than succeed. To an investor a business plan that builds on proven methods will look a lot more attractive as there’s a much better chance that they’ll get a return on their money even if it would be smaller than something that could be perceived as a higher risk. Consequently this has the effect of stifling innovation for certain high risk ventures, although that trend is starting to change.
In the tech industry at least this can be attributed to investors gaining back the confidence they lost in the tech industry back in the dot com bust. After the crash many investors sought more stable investments (and look how that turned out!) and shied away from funding what looked like high risk ventures. As a consequence many hungry start up founders started to make do with a lot less and this drove a phenomenal amount of innovation. Primarily this was to attract their once bitten investors back into the fray and the last couple years has seen the resurgence of the high tech start up craze that we lived through only a decade ago.
For those looking to lash out into the world of tech start ups this means that for any idea that you might have you’re going to be compared to those who’ve come before you. That doesn’t necessarily mean that you’re destined to fail, it just means that you’ve got your work cut out for you if you’re looking to make an impression in the tech world. Innovation in this fast paced tech world is the name of the game and whilst any market you may care to get into (hats off to you if you manage to create one) may appear to be completely saturated that doesn’t mean you can’t succeed in that space. It all comes down to how you differentiate yourself from the pack.
Maybe this blog post is more for my benefit than anyone else’s as I’m currently staring right down the barrel of trying to attempt such a feat myself. The location space is heating up like crazy and all the large players in other spaces are already integrating location based services into their current offerings. Initially this was a boon for me but I’ve come to realize it first as a hindrance to me progressing my core functionality (Oh another information feed with co-ordinates in it, better integrate that one too!) and secondly as another blow against a product I’m looking to deliver. Realistically though I know what I want to do is different enough from every one else to warrant at least an attempt to make it successful and should it fail I’ll be that much wiser about the whole process, ready to try over again with yet another idea.
Realistically I’d need a team of 100 people to try all the ideas I have, so I could be in this cycle for quite some time 😉