Facebook’s privacy-focused vision

Yesterday, Mark Zuckerberg released a blog post on a “privacy-focused vision” that centers on:

Private interactions. People should have simple, intimate places where they have clear control over who can communicate with them and confidence that no one else can access what they share.

Encryption. People’s private communications should be secure. End-to-end encryption prevents anyone — including us — from seeing what people share on our services.

Reducing Permanence. People should be comfortable being themselves, and should not have to worry about what they share coming back to hurt them later. So we won’t keep messages or stories around for longer than necessary to deliver the service or longer than people want them.

Safety. People should expect that we will do everything we can to keep them safe on our services within the limits of what’s possible in an encrypted service.

Interoperability. People should be able to use any of our apps to reach their friends, and they should be able to communicate across networks easily and securely.

Secure data storage. People should expect that we won’t store sensitive data in countries with weak records on human rights like privacy and freedom of expression in order to protect data from being improperly accessed.

Be that as it may that this vision can bring business and strategic benefits, meaning that Facebook has a reason to follow suit. Nonetheless, I have nothing, but skepticisms about this vision.

First of all, the majority of Facebook’s revenue comes from ads. By majority, I meant 98.5% of their revenue in 2018 comes from ads

Source: Facebook

When something is 98.5% of you, any claim that you will do something threatening that 98.5% part tends to raise genuine concerns about its legitimacy.

Second of all, Facebook’s track record on keeping its promise isn’t that great. For the last two years, it will be a hard ask to find a tech company that is involved in more scandals than the blue brand. I came across this disturbing article from Buzzfeed on Facebook. Here is what it has on decision-making at Facebook

Zuckerberg and Chief Operating Officer Sheryl Sandberg do not make judgment calls “until pressure is applied,” said another former employee, who worked with Facebook’s leadership and declined to be named for fear of retribution. “That pressure could come from the press or regulators, but they’re not keen on decision-making until they’re forced to do so.”

Buzzfeed

On Facebook’s attention to privacy

One former employee noted that Facebook’s executives historically only took privacy seriously if problems affected the key metrics of daily active users, which totaled 1.52 billion accounts in December, or monthly active users, which totaled 2.32 billion accounts. Both figures increased by about 9% year-over-year in December.

“If it came down to user privacy or MAU growth, Facebook always chose the latter,” the person said. 

Buzzfeed

On their denial to admit problems:

Other sources told BuzzFeed News that Facebook executives continue to view the problems of 2018 fundamentally as communication issues. They said some insiders among leadership and the rank and file could not understand how Facebook had become the focus of so much public ire and floated the idea that news publications, who had seen their business models decimated by Facebook and Google, had been directed to cover the company in a harsher light.

Buzzfeed

On a new feature called Clear History:

“If you watch the presentation, we really had nothing to show anyone,” said one person, who was close to F8. “Mark just wanted to score some points.”

Still, nine months after its initial announcement, Clear History is nowhere to be found. A Facebook executive conceded in a December interview with Recode that “it’s taking longer than we initially thought” due to issues with how data is stored and processed. 

Buzzfeed

By now, you should see why I am skeptical of Facebook’s new vision. We all have to take a side and so does Facebook. It just happens that taking advertisers side means Facebook is not on ours as users.

Thoughts on Dell’s position in Enterprise IT world

I like to learn about business strategies, particularly in the technology world. This post is just to put into words my understanding of Dell’s position in the Enterprise IT sphere. While I spent a lot of my free time on reading to navigate through as much as possible the abstraction and complexity of the IT world, I can’t understand the products/services as well as I do with, let’s say, a streaming service like Netflix. With luck, I may get some constructive feedback on what I might be incorrect about or what I have here is useful to someone out there.

IT is no longer a cost center to companies. It is where companies gain competitive advantages as the world goes digital. There are several notable trends:

  • While public clouds such as Azure or AWS offer flexibility, geographical reach, functionalities, quick time-to-market and cost-effectiveness, private clouds provide more control and better security. Companies need both. Hence, hybrid cloud is where enterprises are headed. Multi-cloud is a flavor of hybrid cloud in that a firm may use different public clouds. Whether hybrid or multi-cloud model works for one firm depends on the business requirements and resources available to that firm
  • As enterprises have IT footprint on both the cloud and on-prem, it becomes a challenge to manage the whole network. It’s critical to know which data travels to where and whether data is safe. The challenge compounds when the need for productivity forces companies to use 3rd party cloud applications such as ServiceNow, Box and Google Drive, just to name a few. As a result, the management a, automation and security of, as well as visibility into the network are instrumental to a successful hybrid/multi cloud.
  • A lot of companies have operations in different locations. Banks have branches. Retailers have stores. These branches are important touch points through which customers expect to have great experience and services. And these branches need to talk to data centers or cloud application providers. The network that links branches, data centers and the cloud must be secure, efficient, manageable and cost-effective.
  • Brands must release applications fast and often to continuously bring values to customers. From a user perspective, that’s why we often have to update our mobile applications, but there is a lot more that goes behind the scenes for brands to bring new updates to life. In order to have fast and continuous software releases, companies need to set up the necessary infrastructure that allows developers to do their job quickly and efficiently. Hence, software-defined data center (SDDC) and Kubernetes have become increasingly popular. With SDDC, data centers can be set up and later scale quickly as new technological advances increasingly relieve engineers of time-consuming manual workload. With regard to software development, micro-services is the de facto approach in which Kubernetes is a major component. Developers either want to build new software from scratch using Kubernetes or re-package existing applications on a Kubernetes-based platform
Google Trends Graph on Kubernetes

Dell itself

In short, Dell offers services and products that help companies build and scale data centers such as backup, disaster recover, file systems, storage, SDDC solutions such as VxRack. As the majority shareholder of VMWare, Dell integrates a lot of VMWare products in some of its own. The integration is critical to seamless connection between on-prem infrastructure and data on public clouds. For instance, if a firm builds its data center on VxRack, Dell’s SDDC turnkey product, and deploys some workloads on AWS using VMWare on AWS, the data and applications on-prem and on AWS can be set up quickly to talk to each other. Plus, the firm can manage all workloads using the same VMWare interface.

VMWare

Essentially, VMWare has built itself to be the one ingredient that companies wishing to adopt hybrid cloud need. It has built partnerships with AWS, GCP and IBM as collaboration with Azure is reportedly in the work. On top of that, through its offerings such as vSAN (storage), vSphere (compute), NSX (network), VeloCloud (SD-WAN) and a host of services designed for analytics, management and security such as Workspace One, Wavefront, AppDefense or vRealize, it is the glue that connects 3rd party applications, public clouds, private clouds (data centers) and branches.

Through its acquisition of EMC, Dell is the majority shareholder of VMWare.

Pivotal

Pivotal is Dell’s answer to the world’s current obsession with micro-services and Kubernetes. Pivotal offers services that help companies build applications better, faster and more efficiently. Developers want automation to relieve them of infrastructure-managing tasks so that they can focus on developing code, but they don’t want to lose too much freedom in development. Through its portfolio, Pivotal strives to meet those needs. Heptio is their latest acquisition and provides managed Kubernetes services. With Heptio, developers are not subject to the limitations imposed by PAS, but at the exchange of limited automation. With PAS, there is a lot of automation, but developers may not appreciate the rules that come with a higher level of automation. PKS is supposed to bring a balanced mix and the best of both worlds. I wrote a bit about PaaS vs CaaS here

As in the case of VMWare, Dell owns Pivotal by virtue of its EMC acquisition.

Security

Dell has its own security subsidiary in SecureWorks, a $1.8 billion company as of this writing. In addition, VMWare has its own security solutions that are designed to improve security as NSX with micro-segmentation or AppDefense.

Conclusion

The more I read about Dell and its subsidiaries, the more I am impressed by its strategy and growth through innovation and M&A (EMC, VeloCloud, NSX…). Based on my understanding of where Dell stands in the Enterprise IT world, it seems to have the necessary pieces to take advantage of the IT trends mentioned above.

GDPR – Positive impact on firms

Last May, GDPR officially went into effect. Under GDPR, users are given more privacy rights and firms have to adhere to stricter privacy regulations than ever unless they want to be subject to hefty fines. Under GDPR, fines can go up to 20 million euros or 4% of a firm’s global revenue. In the case of companies such as Google or Facebook, which earns to the tune of billions of dollars in annual revenue, the fines could be significant.

I have been in favor of GDPR. Even though it’s not perfect as in the case of any laws enacted for the first time, I believe that with GDPR, we are going in the right direction. Below are a few examples:

According to Cisco 2019 Data Privacy Benchmark Study:

GDPR-ready companies are benefitting from their privacy investments beyond compliance in a number of tangible ways. They had shorter sales delays due to customer’s privacy concerns (3.4 weeks vs. 5.4 weeks). They were less likely to have experienced a breach in the last year (74% vs. 89%), and when a breach occurred, fewer data records were impacted (79k vs. 212k records) and system downtime was shorter (6.4 hours vs. 9.4 hours). As a result, the overall costs associated with these breaches were lower; only 37% of GDPR-ready companies had a loss of over $500,000 last year vs. 64% of the least GDPR ready

Ads trackers were reduced, leading to faster loading pages and more pleasant user experience. Big firms are held more accountable. Google was fined $57 million for its GDPR violations. Without the new regulation, I believe that the amount would have been much less. California passed their toughest privacy laws after being inspired by GDPR.

There is an argument that GDPR might lead to less competition in the advertising fields as only the likes of Google and Facebook have the resources to meet the requirements. An initial study seemed to support that.

Nonetheless, I think that even without GDPR, who could challenge Facebook and Google when it comes to serving ads? At least when there are more rights and protection given to the end users, we get some power back to the users and hold firms to a higher standard. After all, innovation comes only from our raising standards, doesn’t it? Hence, GDPR is still a good move in the right direction and should be improved incrementally in the future. As a result, firms should pay more attention to privacy and security. It will no loner be a check-off-the-list item. It will be a competitive advantage moving forward, especially when everything goes digital.

Book: How the Internet Happened

If you are interested in technology, the intersection of business strategy and technology and the history of the Internet, this book is for you.

It is a succinct chronicle of how Web 1.0 (connecting computers all over the world) and Web 2.0 (connecting all people) happened. Accounts of some of the most iconic and important technology companies in the world were told without lengthy anecdotal details. The author walks you through how Netscape, Yahoo, Google, eBay, Paypal, iPhone and Facebook, to name a few, came into beings and shaped the personal computing. It’s fascinating to read about the bubble in 2001. The fact that companies could raise tons of money regardless of the lack of business models and revenue, let alone profit, is surreal.

Arguably, the biggest point that I get out of this book, in addition to nice history lessons, is that success greatly stems from serendipities. Without an enabling technology, infrastructure or business environment, we wouldn’t have had the household technology names that we do today. For instance, without Netscape developing the Navigator and SSL, who knows whether we would have had different browsers, online payments and arguably the Internet? Without the existence of broadband connection, it’s likely we wouldn’t have had Web 2.0.

Timing is everything. Being early is equal to being wrong, as many companies which went out of business for being ahead of their times could attest. If you doubt the role of luck in success, read this book.

After this book, I can’t wait to read a similar one on the rise of cloud computing and everything that it enables.

DuckDuckGo

DuckDuckGo is a pro privacy search engine that is available on almost all browsers. Unlike Google, DuckDuckGo does not profile you online, meaning that the search engine doesn’t collect your information or track you everywhere so that the information can be used to tailor ads. DDG has been doing pretty well. Here is its traffic report:

Source: DuckDuckGo

I use both Google and DuckDuckGo on my Mac, with the latter as my default search engine. Even though DDG does the job most of the time and gives me reasonable results, it is not as good as Google. I am not even talking about the personalization of searches. Below are the two examples that shows DDG has some work to do.

Search Results

When you look for a location, DDG doesn’t offer immediately a map option on the engine to the location. Here is my trying to find Ted and Wally’s, a known ice cream shop in Omaha.

There is nowhere I can find its opening hours, address or direction to the place immediately. Here is how it looks on Google, with the same keyword

There is a lot more information given by Google. Instead of multiple clicks to find out the basic information, I don’t even have to go anywhere to know the address, phone number and opening hours. Direction is just one click away.

Search Time Frame

With DuckDuckGo, you can only filter searches as far as the past month.

On Google, the options are much more varied.

I love DDG. The team believes that it is possible to have a profitable search engine without profiling users. It’s been killing it. However, I hope that they can bring more improvements to the engine and make it better so that one day I will be an exclusive user of DDG, instead of having both DDG and Google on my computer right now.

If you haven’t used DDG and you care about your privacy online, try it because as mentioned, it does the job.

Tool: Realtimeboard

I stumbled upon this tool while reading an article on TechCrunch. It’s an online collaboration tool with visual diagrams that users can use to generate ideas and present. Boards can be shared between multiple teammates; which I can will be pretty valuable if you love the power of collaboration and white boards as a brainstorming tool. At my company, the C-suite folks all have white boards inside their office to flesh out ideas. Some whiteboards are also placed in the hallways to keep everyone updated on the status of projects. However, physical white boards are physically limited and it can get tricky to engage multiple folks, especially from different offices.

Realtimeboard is your whiteboard without such limitations. The boards are infinitely large and can be zoomed in or out comfortably. The visual components are pretty straightforward and easy to use. Users can add links, comments and images at will. Furthermore, boards are accessible regardless of where members are.

Below is a board I am working on in a school project.

realtimeboard

As can be seen in the image, comments can be added in yellow boxes and links come with the logo of the website links. Nodes can be moved around or added easily. If you want to mimic the same map in, let’s say, PowerPoint, moving or adding nodes requires taxing extra work on moving the connection lines or arrows around. With Realtimeboard, such a requirement is unnecessary. Therefore, a lot of time is saved.

Export options are plenty: PDF, image, csv and so on:

realtimeboard_2

I am not an investor in this firm. Just a fan that wants to show some token of appreciation to a cool tool.

Survey on scooters in Portland

For the past few days, I have seen quite some tweet and retweet on the recent survey on how scooters are allegedly taking cars off the street.

I am baffled.

If taking cars off the street is the objective, there is a concept called public transits that does quite a nice job in that department in big cities in Western Europe. Public transits work well over short or long distance while I am not sure scooters can be that helpful for a long commute. Plus, it may be decreasing the demand for cars or Uber for now, but the effect may be exaggerated by the recent emergence of scooters. Over a considerable period, there is no evidence for similar effect. At least not yet.

Also, the method mentioned in the article is a survey sent out to scooter users. To actually back up such a claim that scooters are taking cars off the street, there should be more sophisticated investigative method than a survey asking for biased opinions.

Coming from a country where scooters (the real ones) are the main commute method, I am baffled by the love for the American version of scooters here. They may feel attractive at first, especially when people are sick of cars and traffic. But over time, it is not pleasant at all. I’d love to see more public transits in even small and remote cities in the US. I’d love to see cheaper transportation here in the US. It’s not uncommon for people to drive from city to city to avoid expensive flights.

 

Tool: Repl.it

I recently and fortunately came across a very interesting tool called Repl.it. Here is what it brings to the table:

Usually, the normal steps in programming include writing code in a text editor such as Pycharm or Eclipse, uploading to a repository such as GitHub and pushing it to a PaaS like Heroku or PythonAnywhere. However, even a text editor such as Pycharm requires some installation and housekeeping that can seem daunting to beginners.

Repl.it lowers that entry barrier. It allows coding in many popular languages right from a browser. Below is a quick code I wrote to have a dropdown menu from 1 to 49:

repl

All it takes is Internet, a browser and one-minute sign-up.

As of now, Repl.it seems to be focused on students. It’s free and its premium packages are very student-friendly. The Classroom Pro package is only $1/student/month. I think coding is fun and Repl.it seems to be highly useful in making coding accessible.

I am not an investor in the tool or one of its employees. Just a fan. I am glad that the startup recently raised some funding from the VCs.

CaaS vs PaaS and Kubernetes vs PKS

One of my concerns before I hit the “Publish” button every time is whether what I have to say is correct and has merit, especially the entries that are aimed to explain complex concepts. But I learned that public feedback or criticisms are part of the learning process. So even though I am nervous to publish this, I figure I’ll just give it a try.

I have been reading on the difference between Kubernetes and Pivotal Container Service (PKS) and the difference between Container-as-a-Service and Platform-as-a-Service. Below is my understanding put in simple terms so it can be understood better.

CaaS vs PaaS

In the fast-changing market nowadays, fast and regular releases of software are crucial to customer satisfaction and gaining competitive advantage. Both tools offer automation of mundane and time-consuming tasks to liberate developers.Both  are aimed to help developers devote more time on real programming and less time on setting up the underlying infrastructure. The difference between the two concepts lies on how much freedom/autonomy each offers developers and how far on the stack each abstracts

Cass vs PaaS

In short, PaaS such as Pivotal Application Service (PAS) all developers to focus on the applications and data. The rest is managed by a service provider. It offers a great deal of automation. With PAS, consistency is emphasized as there are rules enforced on developers by the tool itself and the leaders in the development team. However, it also means that PaaS provides lower flexibility and less DIY, something that may not sit well with developers. A salesperson from the company I am working at shared with me a story that a financial prospect didn’t want PAS because of resistance from its developers.

CaaS such as Pivotal Container Service (PKS) or Kubernetes doesn’t offer Application Runtime. The application networking piece is in yellow because while PKS does offer it, Kubernetes doesn’t. With CaaS, there is a higher level of flexibility and DIY, but less automation, compared to PaaS. Developers tend to welcome it more as they have the freedom to express themselves.

Kubernetes vs PKS

Kubernetes is an open-source container orchestration tool that automates the scaling, management and deployment of containers. Think of a pod (one/multiple containers that share the same task) as a body part that does a specific set of functions. Kubernetes is like a head scheduling & distributing tasks and maintaining the health of all body parts. Kubernetes is for developers, not so much for Operations team who has to maintain the health of the system on a daily basis. While the master node in Kubernetes can orchestrate children nodes and replace them when they are down, who will do the same for the master nodes? Plus, all the patching, installation and upgrades to Kubernetes? The Operational task that comes after deployment can be a headache.

This is where PKS offers values. PKS is an enhanced enterprise-grade Kubernetes. One of its component, called BOSH, automates the installation, patching as well as upgrades. It also does to master nodes in Kubernetes what master nodes do to children nodes. BOSH automates the management, scaling and deployment of the clusters.

PKS and Kubernetes

Another value proposition is related to micro-segmentation. Micro-segmentation in this case refers to the isolation at container, pod and cluster levels. Developers can set rules dictating which container, pod or cluster can communicate with one another. Isolation is made possible with the use of firewalls around the subject at hand. With Kubernetes, developers have to take time to set it up. When the number of nodes increases, the task becomes more taxing and complicated. With PKS, its NSX-T tool is integrated to automate that task, saving developers a bulk of time and increasing the time-to-market release of software.

If a company has an army of developers and prefers fast time-to-market as well as consistency, PaaS such as PAS should be the tool. If the company wants to use an open-source tool and can afford time to manage operational tasks itself, Kubernetes is the choice here. PKS offers the best of both worlds. As far as I know, it’s significantly cheaper than PAS. It complements Kubernetes while maintaining the flexibility that the open-source orchestration tool offers.

 

Facebook & Privacy First Mentality

Quite a week for Facebook

It has been quite a few days for Facebook. First, two days ago on Techcrunch:

Facebook has confirmed it does in fact use phone numbers that users provided it for security purposes to also target them with ads.

Specifically a phone number handed over for two factor authentication (2FA) — a security technique that adds a second layer of authentication to help keep accounts secure.

Then, a bombshell was dropped yesterday. Per Wired:

ON FRIDAY, FACEBOOK revealed that it had suffered a security breach that impacted at least 50 million of its users, and possibly as many as 90 million. What it failed to mention initially, but revealed in a followup call Friday afternoon, is that the flaw affects more than just Facebook. If your account was impacted it means that a hacker could have accessed any account that you log into using Facebook.

Facebook’s track record in data security and privacy hasn’t been particularly stellar recently. 2018 is not 2010. Facebook doesn’t have the same dominant position as it used to in the social network market any more. Users have plenty of alternatives and substitutes to spend their time on. These scandals, coupled with its role in the “free speech vs hate speech” row, don’t do any good to Facebook’s image as well as its appeal to users when privacy has become more and more pressing as a concern to users.

Privacy & regulations

I have been resigned to the fact that there is no anonymity on the Internet and that complete privacy isn’t possible. Yet, when users trust a company with their data, whatever the data is, it’s the company’s responsibility to protect such data. As many important aspects of our lives take place on the Internet, the need to feel safe online is more overwhelming than ever. Without feeling safe, how could users feel comfortable using a service? Privacy and data security will be, if not already is, expected by default of companies. It’s not a nice-to-have feature any more. It’s a do-or-see-your-competitors-get-ahead game.

But companies are not in the business to lose money. If they are not legally required to bolster their security, don’t expect them to. That’s why companies fought hard against GDPR or privacy laws passed in California this year. And this is where I don’t understand the criticisms of some towards regulations such as GDPR. Yes, no law is perfect, especially in the beginning. That’s why we have amendments. GDPR is not an exception. It is a great first step to give power back to users and force companies to be liable for their actions/inactions.

A common criticism that I came across towards GDPR is that it makes it too expensive for small companies and startups to comply, widening the moat or competitive advantage gap between giants such as Google/Facebook and SMBs. Well, if a company with a deep pocket and better security measures has 10% of its 500,000 in user base breached, the impact is 50,000 users. If a small company with fewer recourses and much weaker security measures loses all of its 50,000 users, the impact is the same as in the first scenario. Hence, breaches at SMBs can have significant damages and ramifications as well.

Sure, the best case scenario is to have different levels of compliance applied to companies of different size. I’d love to see that happen. Nonetheless, without privacy regulations, imagine how much companies would care about our data and how much of a mess it would be. Despite having HIPAA in place, every year has been a banner year of cybersecurity in healthcare in the US and healthcare organizations spend 3% of their IT budget on cybersecurity. Verizon reported in their 2018 Payment Security Report that only 40% of all interviewed companies in North America maintained full compliance with PCI. Despite all the scandals related to data security in the past, Facebook still lets more unfortunate events happen. To be fair, I don’t imagine having impeccable security is easy. However, would companies even try to secure your data without any legal requirements?

Progress happens when we raise standards. Would cars be more environmentally friendly if we hadn’t enforced regulations on emission quality? If a university wants to raise its standard for incoming students, will it lower or raise the requirement for GMAT/SAT? Will a drug be safer for patients if the FDA enforces more or fewer tests? Big companies have the means to comply with stringent privacy regulations. Small companies/startups, though difficult, have more access to capital funding. Plus, public cloud providers are investing to have their infrastructure compliant with many compliance regulations (See more here for AWS compliance and Azure compliance). Regardless of size, companies have to take privacy seriously and consider it an integral piece of the puzzle, a competitive advantage if done right or a threat to their competitiveness if ignored.