Tuesday, May 15, 2018

On the Duplex demo

Disclaimer: I worked for Google long ago, and I may work there again someday. I had nothing to do with Duplex.

The Google Duplex demo has caused some fairly heated & widespread reactions; to paraphrase, "The person on the other end doesn't know or consent to talking to a robot! This is a deceptive violation of their rights!" I think that I understand, a little, why people react this way, but on balance I find it logically ridiculous. I am also convinced that it will seem both logically and emotionally ridiculous to most people within a generation.

As someone in my 40s, I understand the relationship that 20th century people once had with their phones. I am old enough to remember "reach out and touch someone" being a thing that real people felt was the primary purpose of telephonic communication. However, over the course of my adult life, this use case has been utterly swamped by the rise of automated or semi-automated telephonic processes, constructed by immense and remorseless engines of bureaucratic modernity, that use the telephone as an electronic siphon to suck value out of my time: legally protected political robo-calling, flagrantly illegal commercial robo-calling, telemarketing driven by script-reading call center employees (who, in this role, are functionally biological components of a machine, not autonomous individuals), and a constant nagging flood of scam hangup calls.

Conversely, nearly all outbound phone calls that I make, except to close friends and family, now involve navigation through a robotic phone tree. In other words, I am interacting with a succession of artificial voices for many minutes before a usually-brief chat with a human being.

In other words, for any human being less than about 45 years of age, nearly all telephonic interactions in their adult life have been to a large degree robotic. It is hard to get up in arms because the robots are going to be slightly more fluent in the future. They have been getting more fluent all my life (for example, many phone systems can now recognize numbers that are spoken rather than dialed on a touch-tone pad). I don't care. Deep down, you probably don't either.

Search your feelings; you know it to be true. How many times in your life have you picked up the phone to a telemarketing call and thought to yourself, "Oh thank goodness, I am super glad to have been interrupted in this fashion because it's a human being talking to me rather than a robot? My heart brims over with joy!" None. Zero times. You have never thought this.

On the other hand, suppose you received a call that said: "Hey, just wanted to let you know that a recently deceased distant relative left you a one million dollar inheritance; a check and a letter with details will be arriving in your mailbox today. You don't have to do anything else but cash the check, thanks, take it easy!" You would not care whether the voice was a robot or a human being. You would be skeptical, but when you got the check and the letter, which said, "By the way, a robotic call was placed to your phone number earlier today to inform you that this letter would arrive so you wouldn't miss it," you would not think to yourself, "OMG, I feel so unbelievably violated because that voice was a robot! Fuck this stupid million dollar check and fuck the horse that it rode in on!"

The moral valence of a phone call is determined by the value that the participating parties get out of the call, not by whether one or both parties on the call are mediated by machines that are slightly more adept than the machines which existed in 1992.

Lastly, if the above doesn't convince you, here are two more quick reasons that the future will welcome talking bots:

  • People under 30 today ("millennials" or whatever you want to call them) hate making voice calls. They will probably welcome any opportunity to delegate this stupid chore.
  • People under 15 today will grow up taking bots for granted; for example, textual chatbots, or other types of bots in online games that they play. They will feel no horror at the idea that spoken-word bots can have warm, engaging voices.

Tuesday, March 20, 2018

How resistant is Bitcoin to government regulation?

Excavated from the drafts folder. I composed this in December 2017 (although I can't prove it) and I am publishing it now because recent news has rendered the postscript timely.

Bitcoin depends on the following three types of infrastructure:

  • Semiconductor fabrication plants.
  • Electric power plants.
  • Transoceanic fiber-optic Internet cables.

It depends on the first two of these to an unusual extent; the third simply comes along for the ride because Bitcoin is a global Internet-connected system.

You can't access these things, or the stuff that comes out of them, when governments really don't want you to, because they are big, expensive works of physical infrastructure. A government, or coalition of governments, with sufficient motivation and resources could introduce regulation upstream or downstream of any of these choke points that simply makes further Bitcoin mining non-viable.

"The Internet interprets censorship as damage, and routes around it" is true only up to a point. It is instructive to compare Bitcoin with child porn, a category of online activity that most governments are already highly motivated to stop. Governments have mostly succeeded in eliminating it from the non-darknet parts of the Internet; even sites like 4chan, which revel in their own transgressiveness, aggressively police child porn, because these sites run on servers that sit in datacenters in the physical world that are governed by laws just like everything else. Those servers are hooked up to the power grid and connected to the Internet by physical wires that belong to some utility. To maintain these connections, money changes hands, and a paper trail is generated that ultimately leads to the server operators. If you decide to be a badass rebel and distribute child porn under these conditions, you are looking forward to jail time.

It is true that child porn exchange still occurs online, but it occurs mostly on obscure systems that are specifically designed to be censorship-resistant at the expense of widespread availability. Bitcoin could be shut down or marginalized just as easily (where "marginalized" simply means that it is used as a transaction processing system only in highly unusual circumstances, rather than as a pillar of the economy).

In fact, it could be shut down much more easily. The resource cost to produce and distribute child pornography is nearly fixed: the size of a collection of digital imagery is essentially constant, and can be produced and distributed with extremely modest equipment. Basically, individual criminals can sustain a cottage industry indefinitely. By contrast, the exponentially increasing computational power demands of Bitcoin make it particularly vulnerable to regulation. If you cannot get your hands on an ever-increasing supply of semiconductor chips and electricity, you cannot mine Bitcoin, at least not at the scale that today's largest miners operate. Bitcoin mining is not a cottage industry; it is a large-scale industrial process, with datacenters as the factories. Large capital equipment is inherently easy to regulate. And replacing all of today's gigantic mining operators with small-scale, individual miners suffers from economic and engineering problems similar to those that you'd confront if you tried to replace a Google datacenter with ten million mobile phones (let alone trying to do that while dodging mining regulations).

Bitcoin has not been regulated because governments mostly do not care enough to regulate it (yet). The starry-eyed anarchist fever dreams of the most anti-statist libertarian early Bitcoin proponents were always total fantasies. If Bitcoin does not fail completely, then either it will be tamed into just another boring part of the existing world financial system, or else governments will wake up and cripple it.

p.s. Incidentally, since it is possible to encode data on the Bitcoin blockchain, an attacker with sufficient motivation and resources could save an instance of child pornography on the blockchain. Since every node maintains a copy of the entire blockchain, and Bitcoin lacks the ability to erase transactions, the entire Bitcoin network would be transformed at a single stroke into a child porn distribution system, rendering all Bitcoin node operators criminals. This might cost an incredible amount of money — millions of dollars to stash a single image of a few KB — but once done, it would irrevocably taint Bitcoin forever. This is an aspect of Bitcoin that is obvious on inspection, yet almost never discussed.

p.p.s. It happened.

This post closed to comments because Bitcoin attracts an unusually high ratio of vocal kooks.

Friday, January 19, 2018

The evolution of players in the American constitutional game

Another looming threat of Federal government shutdown prompts Timothy B. Lee to concur with the Yglesian view that American constitutional democracy is doomed — or, at least, in need of major structural changes:

The hour-by-hour style of conventional news coverage tends to obscure the big picture: the perpetual crises the US government has suffered over the last decade are a symptom of America’s deeply flawed constitutional system. This isn’t a new insight on my part. You can read Matt Yglesias’s classic 2015 write-up of the argument, which in turn draws on a large body of political science literature.

The basic issue is that the American system of checks and balances was designed for a nation without ideologically polarized parties. . . . The problem is compounded by the fact that it’s so hard to remove a bad president from office.

One seemingly-strong rebuttal to these arguments is that American democracy has survived for a long time, so probably the system is fine. The last Civil War veterans died in the 1950s; unlike most nations on Earth, America has no living citizens with a firsthand memory of existential risk to its constitution. This history of recent stability is probably the main reason that most Americans instinctively reject arguments, no matter how logically sound, that America's constitutional system is fundamentally flawed.

But this rebuttal has less force than it seems. The American constitution is a game, and political actors are players. When people play a game, it takes time to explore the available strategies. Partly this is because, even for relatively simple games, the space of strategies can be immense, requiring time to explore; partly this is because external forces, such as social norms, may prevent players from using optimal strategies initially. However, once a stronger strategy is discovered, it is difficult to stuff the genie back into the bottle; rewards accumulate for those who ruthlessly exploit the most lucrative methods of play, and those who use less optimal strategies are driven out.

A nice illustration of this dynamic can be seen in Google's training of its chess-playing program AlphaZero chess — openings such as the French Defense and Caro-Kann Defense appeared strong to the program while it was training itself, but eventually it abandons these almost entirely in favor of strategies that are inherently stronger, such as the English Opening.

In other words, every nontrivial game is also an optimization process, where the set of players explores the landscape of available strategies over time. In such a process, it is entirely possible for the most prevalent strategies to shift dramatically and even discontinuously; the past is not necessarily a guide to the future.

If you had been taught to play chess by the version of AlphaZero that existed two hours into its training, you might have learned that the French Defense was the "normal" way to win at chess; if I showed you a single later game using the Queens Gambit, you might view that as a temporary aberration. You would be wrong. Likewise, if you came of age in the 20th century, you might view electoral politics as practiced back then as "normal", and the current era, where the government walks up to the brink of shutdown or debt ceiling default every year or two, as a temporary aberration. I suppose it's possible, but the persistence of this observed behavior suggests that it is simply a stronger way for political parties to play the game.

Lee and Yglesias, and the political scientists whose work they draw upon, point to increasing partisan polarization as the cause of the shift in American electoral politics in recent decades. This is fine as far as it goes, but it is important also to realize that the constitutional game itself has always had, encoded within its rules, the possibility of the current configuration of power. The numerous veto points of the American system have always had the potential to be used to hold one policy objective or another hostage. The division of electoral authority between the President and Congress has always had the potential to allow both to dodge accountability for outcomes. It has always been possible for ideologically united parties to gridlock against each other. Accidental features of the American political landscape prevented these strategies from being exploited, but now the players are playing at this level, and thereby evidently beating those who would play differently. There are now only two possible avenues to change: either some novel strategy emerges to beat these strategies, or the rules must be revised.

Incidentally, this general idea — that a ruleset and the actors who interact with it coevolve — recurs across many fields:

  • It is at the heart of the concept of regulatory capture in public choice theory.
  • Designers of multiplayer computer games understand that a game's rules must be periodically patched for "balance" as players discover dominant strategies which render the game trivial or un-fun.
  • Security researchers are, of course, dreadfully familiar with the fact that every nontrivial system has unknown exploitable vulnerabilities. Once a vulnerability has been found, they would laugh at the notion that you could simply convince attackers not to behave that way, which is the analogue of hoping that American political parties won't use the toxic tactics currently available to them.

You'll find many other places to apply this concept once you have it in your toolkit.

(I've actually been meaning to write a longer essay on this idea and its implications for a while now, but haven't done so for the usual reasons, so this post will have to do for now. Well, this, and my Pinboard tag on the subject)

Monday, December 04, 2017

Two ways ISPs can do content-based filtering of encrypted traffic

Vaguely a propos of the revived net neutrality debate, a while back I saw someone on Twitter claim that it is technically not possible for ISPs to do content-based (as opposed to destination-based) filtering of SSL traffic. This statement seems initially plausible, but is false. I can think of two technical mechanisms to do content-based filtering.

First, it is possible to identify encrypted content via traffic analysis. ISPs could compile a database of traffic signatures which they wish to throttle (e.g., for videos that are available from their own video streaming services) and throttle any traffic matching that signature.

Second, ISPs can require that users add a trusted SSL root cert owned by the ISP, thus allowing the ISP to man-in-the-middle all SSL traffic. Obviously, content-based filtering then becomes trivial.

You might object that this second measure would be unacceptably onerous, and would be rejected by the market. In the near future, a middle-class American family of four may own ten or twenty Internet-connected devices, running a half-dozen operating systems, and demanding that users install a root cert on all of them would cause unbelievable inconvenience and outcry. This might be true, but without even trying very hard I can think of numerous ways that ISPs could try to acclimate users to this bitter pill:

  • Of course, the software package would be named something relatively innocuous, like "Comcast Internet Security Accelerator" or some such nonsense.
  • The MITM cert might only be required for devices that wish to access the "fast lane" — in other words, the ISP would simply throttle any SSL connection that it does not MITM. All the household's devices would be functional even if you didn't jump through this hoop, but the ones that need the fastest connections — say, the PC that streams HD VR video — would require the MITM cert installation.
  • The ISP could distribute web browsers and other apps that embed the trusted cert — for example, Comcast could provide a custom build of Chromium — and require their use for the "fast lane". Again, you wouldn't need this app for casual web browsing, only for sites that are sensitive to speed.
  • ISPs could strike distribution deals with mobile carriers to install root certs on phones. The most obnoxious way to do this would be to ship the phone's ROM with the MITM cert baked in; this would probably cause massive outcry, akin to the eDellRoot debacle. A sneakier way to do it would be to ship a carrier-branded app that has the ability to update the trusted cert store (by itself this is arguably innocuous), along with an ISP-branded app that (a) nags the user for consent when it detects that the phone is on the ISP's network, something like "Welcome to Comcast! Do you want to enable Comcast Fast Lane[TM]?", and (b) when the user "consents", installs the MITM root cert by delegating to the carrier's app.
  • ISPs could embed a web browser connected to a virtualized display in the set-top box. The set-top box, of course, would already trust the MITM cert. Then, instead of browsing directly to https://www.youtube.com/ or whatever, you would first browse to http://xfinity.local/, which would present you with a web app that is itself a browser running via remote desktop protocol. Then you would type https://www.youtube.com/ into the address bar of this web browser. The ISP could even "helpfully" set up its DNS to perform this redirection automatically (if you type youtube.com without the https).

These are just the ideas that occur to me in about twenty minutes of thinking. If these seem farfetched to you, there may be other ways to boil this frog. Companies can be rather creative when there are billions of dollars of rents to be extracted. The result does not have to be low-cost or seamless for the user; local broadband ISPs in the United States are subject to practically no competition and whatever they implement just has to be marginally less painful than waiting for your content to download over the cellular network.

Friday, September 29, 2017

Tentpole sponsors: an idea for improving paid service virality

Ad-supported communication platforms like Facebook have many structural advantages over hypothetical competitors that charge users money directly. One advantage is that a purely ad-supported service can spread virally, from user to user, at a vastly greater rate than a service that demands direct monetary payment.

For most users, the unpredictable, frequently unmeasurable harms of losing privacy and control over their social identity are less tangible than the direct time and money cost of signing up for a paid software subscription [0]. Thus free services which strip-mine your privacy and lock you into their prison spread like wildfire, while paid services that respect their users barely get off the ground. It seems that every large social networking service on the Internet has been hammered on the anvil of this seemingly inescapable logic and beaten into a Facebook-like shape.

However, user preferences vary. One can conjecture that within any social network subgraph of size N (for some N), there exists at least one user who cares an unusual amount about privacy and control. This user might be willing to subsidize a large subset of their local subgraph. Let R be the ratio of the local neighborhood of size N that such a user is willing to subsidize.

If N and R have the right values, a possible hack for the virality problem is to charge money to these special users — call them "tentpole users" — and allow them to sponsor the addition and ongoing use of the users around them. Most users will not be tentpoles; but given enough poles, positioned appropriately, the tent may be lifted over the entire addressable user population.

In the most basic form, you can imagine that a paid subscription gives every user a certain number of tokens, which they can use to sponsor accounts for their friends and family. When a new user is invited, some tokens would be allocated to them — one to support that user, and optionally some extra tokens gifted so that they could invite more users in turn. A non-sponsor user who wants additional invitations beyond their starter set would purchase more, thereby becoming a sponsor, or ask their network for some spare tokens. Sponsorship would be fungible — that is, users would be able to change their sponsor at any time — but every user would be either a sponsor or a beneficiary or both.

In principle, with proper tuning, most users could be beneficiaries, and pay nothing. A service engineered this way would be closer in virality to an ad-supported one. (It's still not quite as viral; for one thing, there is still some real friction at the edge of the "sponsorship radius", the distance from a sponsor at which users run out of tokens for further invitations. This needs further thought.)

Another model would allow all users to join free of charge, but grant additional privileges to sponsored users. This works, economically, as long as the aggregate cost of free-riding users is less than the total revenue from sponsors. This "tentpole freemium" model resembles an ordinary freemium model (where only the sponsors themselves pay [1]); arguably it is simply a freemium model where one of the premium benefits is improved amenities for one's contacts.

When I mentioned these ideas to a colleague a few months ago, he immediately pointed out that tentpoling leads to a situation where sponsored users are socially indebted to their sponsors. This has at least two effects. First, debt potentially causes social awkwardness, and this risk must be navigated (c.f. V. A. Zelizer). Second, users may feel a sense of precarity because sponsorship could end (for example, if their sponsor cancels their subscription), and thus would be reluctant to adopt the platform. These are definitely challenges, but it may be possible to overcome them.

Social awkwardness may be amenable to psychological hacks which obfuscate the transactionality of the interaction. To invent a silly example, one can imagine a social network where your profile picture can be decorated with a virtual hat, which degrades over time. You can only remain on the service if your profile has a hat; sponsors receive a certain number of hat credits, which they can use to purchase various hats and gift them to their peers. Lastly, any user can trade or gift a hat that they possess. The combination of these mechanics makes the act of "wearing" a hat expressive, not merely pecuniary; wearing a hat that one of your friends obtained and gave to you can be construed as a fun social act which strengthens your friendship, rather than a purely financial necessity. By adjusting the number of hat credits that sponsors get, you can create enough liquidity in the system that most active users have multiple hats. Therefore, it is possible to beg your friends for a particular hat without disclosing that you just don't feel like buying any hats — for example, a user who doesn't want to pay for the service might ask "Hey, anybody got a spare blue knit cap? My last one is expiring next week." A certain degree of strategic ambiguity is preserved.

This example is crude and probably too nakedly gamified to work, but I hope it illustrates that there is a gigantic space of possibilities for designing the social character of sponsorship. Somewhere in that space, I conjecture that there is a point where people are comfortable with sponsor-beneficiary relations in a social network.

Precarity may also be amenable to engineering solutions. For example, one could allow and encourage users to be sponsored by multiple people, and then grant enough tokens to sponsors that their "radius of influence" would, in practice, always overlap with other sponsors'. Then, in steady state, most users would feel secure, because they would be sponsored by more than one person. And in a tentpole freemium model, users would always continue to have access to their identity even when sponsorships expire, reducing the downside even if one were to lose all of one's sponsors.

Have there been examples of tentpole sponsorship as a business model in the wild? I have trouble thinking of them.

Anecdotally, one sometimes hears of people buying paid Slack workspaces to socialize or organize activities that are not part of their day job. I assume that there are usually free riders in this arrangement. So, Slack may have stumbled on this model without intending to (obviously, Slack's primary revenue stream is charging businesses for employee accounts, which is socially a very different scenario, although arguably isomorphic to tentpole sponsorship in some ways).

Alternatively, one could argue that whenever a highly technical user sets up a custom email domain for their family, rather than just signing everyone up for Gmail, they are tentpoling the base protocols of the Internet. The difference, I guess, is that sponsorship is not fungible: if you set up a domain for your family, your child cannot change their sponsor later in life without migrating to another domain, which incurs various transition costs.

The last example I can think of is in gaming. In some multiplayer games like Lineage, players can organize into clans, and clans can purchase in-game collective goods. I've never played Lineage, but I assume that players within a clan differ in their level of contribution, and thus the most committed players are effectively sponsoring the rest.

Overall, however, I think the idea of tentpole sponsorship has seen little use, and this seems like a space that is ripe for experimentation.

Having read this, your reaction might be (probably should be!), "Talk is cheap. Ideas are cheap. What are you gonna do about it?"

Alas, I have to admit that the answer is very little.

To really pursue this idea would be multi-year effort, and there are all kinds of reasons that this does not seem like the thing that I want to spend the next few years building. (For one thing, a half-hermit misanthrope like me is probably one of the worst people in the world to try building a social network.) So, instead, I'm throwing this post out there in a sort of cry to the universe, both to get it out of my head, and also in the vague hope that it infinitesimally increases the probability that somebody will figure out how to make it work.

This may be the dumbest theory of change that's ever been written down, but it's about what I can muster at this point in my life. On the other hand, if you back up and squint, in 2009 I predicted (sort of) both the business model of Patreon and Jeff Bezos's purchase of the Washington Post, so maybe the universe will again cough up something resembling my half-baked ideas.

Bonus thought: once you have the idea of tentpoling in your mental toolkit, you will begin to see echoes of it in many places. For example, nearly every software package is sometimes hard to use. But some users have the inclination and capability to become expert in that software, and then spend effort helping others cope with it. These helpful experts are technical (rather than financial) tentpoles, paying the cost of onboarding and support for users in some radius around them. Every geek who serves as tech support for their parents' devices is holding up the tent of Microsoft or Apple or Google or whatever over their family.

In fact, many instances of free riding can be thought of as tentpoling on some level. I suppose the difference between the concept of tentpoling and free-riding in general is that tentpoling is voluntary and has a significant dimension of locality in the social graph.

[0] Arguably, there is also a market in lemons for software services that offer users privacy and control. This is a separate issue and much too big to tackle in this post.

[1] On a vaguely related note, observe that Maciej Ceglowski has repeatedly suggested that Twitter should adopt an ordinary-freemium model where users just pay money for additional features. It is an interesting thought puzzle to contemplate why Twitter has never even experimented with doing this. There seems to be a real organizational dynamic in business that once a company settles on an advertising-supported revenue model, this sucks up all the oxygen necessary for alternate revenue models to breathe, and I do not entirely understand why. Consider how long it took for YouTube to offer YouTube Red; although this is also a case which proves that it is not impossible for the alternative model to break through.