The Web Computer: Closed, Secure, and Tightly Controlled
Lately, people have been noticing that the big shift in computing - that is, moving our apps off the desktop and into the cloud - has more ramifications beyond what simply appears to be a return to a mainframe/thin client architecture. On the surface, today's web seems to be a developer's dream - there are more platforms than ever and everything has an API. Yet the darker side to this shift leaves developers with less control over the apps they build. Instead, they're at the whims of those that run the gated communities and closed platforms of today's web. Are we abandoning openness for the sake of security? And is that a trade-off we want to make?
As our former colleague, Josh Catone, notes over on SitePoint, the return to closed platforms could ruin the web. When apps are shifted to the cloud, the platform owners can exert control, shutting down apps they deem to be malicious...or even those that simply don't meet their terms of service. Says Josh, this "creates a tension between application developers and platform owners, and gives users the feeling that they don't actually own the applications they're using."
iPhone Users: Apple Knows What's Best For You
On the one hand, people acknowledge that a closed and tightly controlled platform has its benefits. Take the iPhone "kill switch," for example. Steve Jobs recently confirmed its existence, saying that it is necessary to have in case of a malicious program, like one that went after user's personal data, for example. "Hopefully we never have to pull that lever, but we would be irresponsible not to have a lever like that to pull," he says.
Yet Apple sees no problem pulling the lever that makes apps disappear from the App Store. As of today, they have already sucked several into the App Bermuda Triangle, including the notorious "I Am Rich App." Oh, but clearly, it's all done in our best interest, right? Apple is protecting us from ourselves? Surely, that Nullriver app that allowed for tethering our iPhones was a dangerous and malicious threat to our personal safety.
Gated Communities and The Ever-Changing TOS
But let's not just harp on Apple - they are by no means the only company with a kill switch. The disappearance of apps from MySpace and, more recently, Facebook, is a constant source of news. Of course, in most cases, their removal is due to a violation of the terms of service, but not always. Back in the day, MySpace was happily shutting down apps that competed with their own offerings, which led to the shutdown of apps from sites like Vidlife, Stickam, Revver, Photobucket, and Pyzam.
Then you have Facebook. Now that they have a healthy developer community, the company has decided to change the rules by which the developers must play. Where as before, apps were spread "virally" by incentivizing activity, now that is no more. In other words, developers will need to re-code their apps so they don't reward you for sharing the app with a friend by handing out virtual cash or unlocking more features for you.
While Facebook users that have been barraged by spammy app invites may embrace this change, the message to developers is clear: Facebook can, at any time, change the rules and put your app out of business.
Facebook is but one example, though. As Nick O'Neill recently noted, this same situation could apply to any cloud application - like those that run on Amazon's S3, for example. If Amazon deems an app to be malicious, they could just shut it down. "I think this is a riskier environment to run a business," says Nick.
But We're Safer, Right?
What do you get for giving up all this freedom and openness? Security and safety, of course. When things are locked down and tightly controlled, the benefit to the end user is security.
In fact, this idea that someone else, above and beyond the user, should have control over what's permitted to run on our machines, be them PCs or iPhones, is the driving force of change in today's new computing environment. To see what we mean, you have to read this interview with Jonathan Zittrain, cofounder of Harvard Law School's Berkman Center for Internet and Society, where he discusses how the internet and computing as we've known it was just a historical accident. "Bill Gates never dreamed of controlling Windows applications [like this]," he says, when speaking of the shift to these controlled platforms of the future.
Progress?
This new, controlled environment we're discussing here isn't just affecting a handful of web sites and the iPhone - it's shaping up to be the entire future of the web, too. But where can you draw the line between what's good for everyone versus what's good for you? How do you feel about the fact that you are no longer trusted to know what's best? How OK are you with letting others lock things down for you?
Perhaps the biggest question, though, is whether or not the move to this homogenized, restricted web is progress? Or is it that we're giving up our own control and freedom at a dangerous cost?
Image Credits: Computer Eye, Mikey G. Ottowa; Power button, Guilleramo; Man Laughing, Checiap
ShareRelated Entries
1 TrackBacks
TrackBack URL for this entry: http://www.readwriteweb.com/cgi-bin/mt/mt-tb.cgi/4662
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts
Good article. I'm thinking it's not positive. In the end open will beat closed. The first movers won't be the last movers.
Posted by: Kevin
|
August 15, 2008 11:09 AM
Great post, Sarah! (And I'm not just saying that 'cause you linked to me :D)
When I think about these new, gated platforms, I am generally reminded of AOL's closed version of the web in the 90s. It didn't work for them then, so I wonder why people think it will work now.
Then again, I say that right before I go feed my Scrabulous (er, I mean, Wordscraper) addiction on Facebook... so who knows.
I never thought about APIs this way. Thanks for sharing this, it's definitely something to think about. Although I have never been enticed to develop an application for a platform, this "security issue" will be another reason why I stay away from this path.
Yeah, that's (part of) why I'm not totally entrusting my stuff to the cloud services. And that's also part of why I'm running Linux instead of a proprietary OS like Windows or Mac. These companies may be able to restrict how you can use their platform/service, but they can only do that if you use their platform/service.
Nice post Sarah. Whether known or not, we've all agreed to a certain "social contract" with computing since even the earliest days. It's a natural part of the continuum, just as in civil society, you trade freedom for safety but then must constantly iterate to strike a balance.
One has to hope that as the social services and cloud computing offerings experiment with this balance, those that truly abuse will eventually be routed around. Even now you see early examples as iPhones are jailbroken, social graphs are extracted from services, and free (as in speech) services arise with similar functionality as older tightly controlled ones.
Protecting us from ourselves is almost as old as computing, privledged modes, private API's, and protected memory are just some examples.
Great article Sarah. I have to disagree with the statement that we're trading security for openness, though. If anyone other than myself has a kill switch on an app I own, then I don't see where I have gained any security at all.
I also don't agree with the view expressed in the comments that the 'open' guys will win out in the end. That's what we hope for, but in this century it's beginning to look alot like the last century: Whoever has the biggest bucks, wins.
I still have customers call who are using AOL and still don't get that That isn't the 'internet'. Last week a lady called and asked me if TW sells AOL what will happen to the internet? The couple hundred thousand readers here get it, but mainstream USA doesn't read RWW.
I'm with Blake, above. They can only kill your stuff if you let them.
partial tinfoil hat but just partial
Posted by: adolfo foronda
|
August 15, 2008 9:22 PM
A closed API does not mean it is secure.
A counter-example is sooooo frikken easy: ActiveX.
How tightly controlled and closed an API is has absolutely no relation to security.
Say that 100 times a day and it might eventually sink in.
Its a nice post and great article. I never thought this about APIs in this way. It's definitely something to think about. Although I have never been enticed to develop an application for a platform, this "security issue" will be another reason why I stay away from this path.