We Need a More Ethical Web

This is a repost of something I originally posted to the Samsung Internet blog on Medium.

“Vague but exciting…” The web turns 30 this week.

This week, we have been celebrating the 30th anniversaryof the invention of the web. However, the celebration is tinged with anxiety about the current state of the world and the role the web has unwitting played in making it that way. The misuse of social media to control public opinion through the spread of propaganda, bot-enabled harassment campaigns and over-reliance on biased and simplistic algorithms for content promotion are some of the unexpected consequences of a world wide “web of information nodes in which the user can browse at will”.

In order for the web to continue to be beneficial to society, we need to include more ethical thinking when we build web applications and sites. The web is made up of a number of technologies and technical standards. HTML, CSS and JavaScript are often thought of as the web’s core set of technologies but there are a raft of other technologies, standards, languages and APIs that come together to form the “web platform.” One of the web platform’s differentiators has always been a strong ethical framework; for example an emphasis on internationalisationaccessibility and (more recently) privacy and security. These are often cited as some of the strengths of the web. The architecture of the web is that of a user agent, the browser, that balances between the needs of the application developers and the people using those applications. This lends itself well towards this more ethical approach by allowing you to choose a browser that meets your own needs (for example, with strong privacy protections).

It’s time for web platform makers to enlarge this ethical framework to include human rights, dignity and personal agency. We need to put human rights at the core of the web platform. And we need to promote ethical thinking across the web industry to reinforce this approach.

But what are some possible ethical principles we could apply to the web platform? What might be guiding the development and evolution of this platform over the next 30 years?

Last year, Anne Currie ran an amazing event in London, Coed:Ethics. It was a day-long conference dedicated to tech ethics that I was privileged to be able to attend. The conference was also intended as a call to action to spur attendees to do more. I found this event personally inspirational and I started to think of how I could apply some of this thinking to various efforts I’ve been involved with, including what we could do in the web standards community to raise the profile of ethics. In some ways, the Coed:Ethics was a call to technologists to put human rights at the core of what we do.

Since then, I’ve been working on some ideas for this as part of my work as co-chair of the W3C Technical Architecture Group. The goal is to create an ethical questionnaire in the same vein as the Security & Privacy Self-Review Questionnaire that was originally produced by Mike West and has been more recently edited by TAG member Lukasz Olejnik and Jason Novak. This questionnaire has been influential in getting people who develop specifications and new web technologies to think about security & privacy issues up front. An ethical questionnaire could play the same role, prompting people to think about the ethical implications of new web technologies at an early stage of development. Any work like this will need to be reviewed by a diverse community — a community more diverse than the current make-up of the web standards community.

Here are some possible ethical principles for the web:

  • There is one web. Web technology should not enable regional or national borders. People in one location should be able to view web pages from anywhere that is connected to the web.
  • The web should not be a detriment to society. When considering adding a new web technology to the web, it must be evaluated for the potential harm it could do to society and not only for its potential benefits to web developers.
  • The web must enforce fundamental human rights. The UN universal declaration of human rights sets out a framework for the rights that must be respected. The web must enable and not undermine these fundamental rights.
  • The web is for all people. Internationalisation and localisation are non-optional. Accessibility is non-optional. Low bandwidth networks and low specification equipment should be accounted for.
  • Security & Privacy are non-optional. This supports article 12 of the UN universal declaration of human rights and is already well supported by the security & privacy self-check document.

“Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.” — Article 19 of the UN universal declaration of human rights

  • The web must enable freedom of expression. The web should enable freedom of expression where it does not contravene other human rights and should not enable state censorship, surveillance or other practices that seek to limit this freedom. This principle must be balanced with respect for other human rights, and it should not be misconstrued that individual services on the web must therefore support unfettered speech (for example, hate speech).
  • The web must enable researching the truthfulness of information — and should also make it clear what the origin of information is. (Some work happened last year in the context of the W3C Credible Web community Group on this point.)
  • The web enhances individual agency. The web should empower the people using it, ahead of service and software developers.
  • The web must be a sustainable technology. The web, as a whole, including the data centers that support it, is a big consumer of power. New web technologies should not make this situation worse. Power consumption should be considered as a factor in introducing new technologies to the web.
  • The web is inspectable. The web was built on a “view source” principle, currently realised through robust developer tools built into many browsers. It should always be possible to determine how a web app was built and how the code works when using an inspector. Furthermore, it must be possible to audit and inspect web applications and run times for security, privacy or other considerations.
  • The web is multi-browser and multi-OS — for example, web technologies should not lend themselves to creation of web sites that work only in one browser.
  • People should be able to render web content as they want. For example, user-installed fonts, style sheets, screen readers, selective blocking of unwanted content or scripts. Through technologies such as browser extensions people must continue to be able to change web pages according to their needs.

Right now these are just some of the ideas that I have as an individual; built from my personal experiences where I have been privileged to be involved in the process of developing web standards. Refinement and review by a community of folks from diverse backgrounds needs to happen in order to make these into an inclusive “ethical checklist” for the web. Any comments? Additions? Subtractions? I’d love to hear them. You can leave comments here or ping me on Twitter or Mastodon for now.

I would like to thank Amy DickensAda Rose Cannon and Nicholas Herriot for their valuable input into this post.

Ups & Downs of the web 2018

The following is an excerpt from a post from all the members of the Samsung Internet Developer Advocacy group on web ups and downs foe 2018. I encourage you to go read that post and hear what others in my group had to say. 

On the negative side, we’ve seen the rise of notification spam and spammy notification permissions requests. For example, many sites have started to ask for permission to send push notification on first visit. This antipattern has the potential to poison the well for push notifications, as people will quickly experience notification fatigue. Browsers will have to take a stronger role in 2019 in policing who gets to ask you permission, mirroring the role they’ve been playing in blocking web tracking.

2018 has been a roller coaster ride but I am definitely seeing some signals that make me upbeat about the future of the web. For one, we have had the rise of progressive webapps and the adoption of PWAs by big web brands. These days, on my Android phone, I am using Twitter, Facebook, Instagram, Starbucks, Uber, Lyft, Mastodon, and Google maps almost exclusively through PWAs.

Speaking of web tracking — I think it’s positive that we’ve seen tracker blocking becoming mainstream. Samsung Internet shipped this function earlier this year (as an opt in). Firefox on desktop also has started to block some trackers by default and will be doing more in 2019. This reflects the unfortunate truth that the ad tech industry needs to be reined back and people are taking matters into their own hands to do this.

One of the key positive trends I’ve seen this year — in the web but also in the technology community in general — has been the increasing awareness of ethics in technology. We’ve all borne witness to what happens when technology is applied without ethical consideration. Privacy-damaging ad tracking is one great example, especially when that tracking (and subsequent ad retargeting) can be a trigger for a traumatic event or can put members of a marginalised group in danger. I’ve started some work in the W3C TAG to explore the idea of applying ethical standards to new web technologies while they are in development. This is based on the (radical?) idea that the web should be beneficial to society — not only to business.

I hope that 2019 will be a year when many tech companies and communities look themselves in the mirror and begin to adopt ethical frameworks to ensure that they put human rights and human dignity at the core of their thinking. The web continues to evolve and incorporate new technologies, and we have been privileged to be a part of many of these developments. We need to also ensure these new web technologies enable personal agency and freedom of expression and do not lend themselves to abuse by bad actors.

I’ve also been privileged to be a part of the ongoing work on merging the JS Foundation and the Node JS Foundation. This is going on in the context of the wider story of JavaScript becoming an ever more mature and stable pillar of the web, in the browser, on the server side, as part of the developer tool chain, and increasingly in connected devices as well. It’s been inspiring to work some of the people who are working in this arena, who are ensuring that the future of the JavaScript ecosystem is diverse and inclusive as well.

Finally, another worrying trend happening on the web is Balkanization. As the New York Times editorial board wrote about in October, the global nature of the web is increasingly coming up against laws enacted governments who wish to enforce their versions of reality, of societal norms, or of morality on people globally. Ada already wrote about the chilling effects of SESTA/FOSTA in her piece above [see the original post]. Now we are learning to companies such as Slack are overzealously applying what they perceive as US laws on a global stage, banning users with ties to various countries embargoed under US law. Fortunately, this isn’t the way the web works. The web is inherently resistant to this kind of interference. As centralized platforms exert more control and try to enforce local regulations on a global stage, people will inevitably explore new, more open platforms. The web enables people to vote with their feet. Balkanization in the sense of users abandoning centralized platforms for more distributed systems might actually be a good thing in this context — an immune system response to a threat to the web.

How To Put Facebook in a Box

If you’re like me and you hate everything Facebook has become and everything they do as a company but you keep using it because nice people you really want to stay in touch with are on it, then here are a few simple tips to minimise your Facebook exposure:

1. Disable Facebook Platform. Instructions are helpfully provided here: https://www.facebook.com/help/211829542181913/ After doing this, you will no longer be able to use Facebook to log in to other sites. That helps to remove Facebook’s power. If you already use Facebook to log in to other sites then this can be bit of a pain but it’s worth it to extricate yourself from Facebook’s platform.

2. Isolate Facebook. Using the Brave browser that blocks ads and tracking is one way. (Brave is my primary browser these days.) If you use Firefox, install Mozilla’s Facebook container extension: https://addons.mozilla.org/…/fire…/addon/facebook-container/ that will automatically isolate your Facebook usage from your usage of other websites. In Chrome or Opera, use a good third party tracking blocker such as Privacy Badger: https://www.eff.org/privacybadger. (On my Firefox installations, I have Facebook container, Privacy Badger and HTTPS Everywhere installed). This limits what Facebook can know about your comings and goings on the rest of the web.

3. Delete any Facebook apps from all of your mobile devices. Sorry – this is an important one. Installing any Facebook app (including Facebook Messenger) gives Facebook unlimited access to information about you all the time. Delete the apps. Instead, use Facebook via the web browse and ensure you also have a tracking blocker installed on your mobile web browser (such as Disconnect.me). If you are sporting an Android phone, you can save the Facebook web app to your home screen and take advantage of notification so you can still be notified e.g. when someone comments on your post. More info can be found here: https://download.cnet.com/…/facebook-rolls-out-progressive…/ On IOS you can also save-to-homescreen from within the browser but you don’t get quite as much functionality. It still works fine.

(And yes, Samsung Internet mobile browser – available on all Android phones – does allow save-to-homescreen and installation of the Disconnect tracking blocker so I encourage you to use that. Plug over.)

4. Stop using FB messenger. And start thinking about migrating off of WhatsApp as well. It’s only a matter of time. Signal, Telegram and Wire are good alternatives.

And if you’re feeling very adventurous, please come join me on Mastodon (which is an open source, distributed alternative to Twitter and Facebook) and follow me at @torgo@mastodon.social. More info here: https://joinmastodon.org/

In general, all of the above isolates your Facebook activity and lets you use the service for what it was designed for in the first place – keeping in touch with other people you care about. It also mitigates against the ways Facebook surveils you while you use it. If you want any help setting up anything I’ve described above, please let me know (not via FB Messenger please) and I’d be glad to help out. If you have additional suggestions, please feel free to post them in the replies. If you feel tempted to reply something like “who cares, privacy is dead” please just don’t.

An Open Letter to Chuck Schumer

Today, I have sent the following letter to Chuck Schumer, senator from New York State and Senate Minority Leader urging him to take further strong action regarding the horrific abuse of human rights that is currently being perpetrated by US Immigration and Customs Enforcement.

Dear Mr. Schumer,

First of all, please know that I am a U.S. citizen, formerly a resident of (and still a voter in) Brooklyn, NY. I am also a member of Democrats Abroad, where I have been active. Furthermore, I am an immigrant (currently living in another country than my country of birth) and a father of two.

I am writing to you to express my outrage at what is currently happening on the U.S. border. As reported in the New York Times, 5-year-old children are being kept in cages due to a rule change put in place solely by the Trump administration and implemented by an increasingly fascistic ICE agency. There can be no other description for what is going on here than ethnic cleansing and I cannot help but see it as part of a general slide into authoritarianism based on a racist ideology that brands some people as “animals” due to their ethnicity or country of origin. What is happening here seems like it must be against the law on child cruelty grounds alone.

However, so far you and your office have remained mostly silent on this issue. Why? What are you waiting for?

  • I call on you to vociferously support the efforts of your senate colleagues to pass the Keep Families Together Act. [NB: when I sent this letter, I did not realize that Mr. Schumer has actually been a cosponsor of the legislation in question. Having said that, my criticism stands because he has not spoken out on this issue and the fact that he has co-sponsored does not appear anywhere on his web site or on his Twitter feed.]
  • I call on you to investigate who has been responsible for putting this policy in place and for implementing it and to prosecute these people for human rights violations and child cruelty.
  • I further call on you to support and demand the dismantling of ICE in its current form. This organization has become the enforcement arm of Trump’s radical racist agenda and needs to be broken up and put under strict control with a human rights agenda at the core.

This is the minimum I expect from my senator, and the Senate minority leader. The country is sliding into fascism, Mr. Schumer. The time is now to put everything else to the side. If we cannot get this right, how we treat children and families of immigrants that lawfully present themselves at the border of our nation, then we do not deserve to be a nation. I urge you to put everything else aside and do everything in your power including obstructing, blocking and lying down in the Senate chamber to halt proceedings if you need to. Our government should shut down until this issue is solved, those children are back with their families, and we are on a path to right the wrongs that are currently being perpetrated in our names at the border.

Yours respectfully,

Daniel K. Appelquist
London, UK
U.S. citizen and voter in Brooklyn, New York

This Blog is Now Secure

For what it’s worth, I’ve moved this blog over onto new host (Tsohost) that supports one-click installation and auto-renewal of LetsEncrypt certificates. So now, after years of hammering on about moving the web to https, I’ve finally made my own web site secure. Yay!

In defense of the URL

Does the URL need defending? The URL has been under attack seemingly since the beginning of the Web. When I was busy launching web sites for magazines and journals in the mid-90s, I remember a radio ad (have no idea what they were advertising) where a clueless sounding guy complained:

“I just double-u double-u double-u don’t get it!”

Back then, the future of the Web and indeed the Internet as a ubiquitous communication medium was far from certain. Scores of voices, including big successful companies like AOL and Microsoft, were still pushing a more “cable TV” type approach to the delivery of digital content and services. In this model, service providers got to control the experience,  and be a funnel for delivery of services to people. Content providers that partnered with AOL would publish their “AOL keyword” on advertisements. Then AOL-competitor Microsoft Network tried to sew up exclusive content deals with newspapers – they wanted to be the sole source for news online. And remember – at this time, if you wanted to use AOL or Microsoft Network (or any of their competitors) you would have to “dial up” to that service, use their client and  then everything you saw from then on would be controlled by that company.

People rejected this approach in favor of the open web. People learned to decouple Internet access from the services they used, the web browser became the way people experienced online services giving those providers direct control over the user experience without any intermediary, and the URL became the cornerstone of that experience. The “dot com” era was born.

The URL is based on the domain name system (DNS) which is distributed in nature and not beholden to any one company, organization or government. Domains are cheap (google.com costs the same as torgo.com) and once you have one you can do whatever you want with it. And once you type the URL of a web site into the address bar of your web browser, you make a direct connection to that service. No intermediary service gets in the way. When you type facebook.com, you go to Facebook. That is the way the web works and one of the reasons it has become such a powerful platform.

My feeling is that after 20+ years, people understand URLs. A 2014 pew research study of users’ “Web IQ” found that 69% of American Internet users knew that URL meant “Uniform Resource Locator.” That frankly surprised me – I think fewer people generally know the term URL. But I bet if you presented people with a URL and asked them “what is this?” they would tell you something like “it’s a web address,” “it’s a web site,” “it’s an internet address,” “it’s a link” or something that indicated they basically knew what it was. Furthermore, I bet most people would know what to do with that if you put them in front of a web browser and told them to go to that site. Yes – some of them would go google and then type the URL into the search box. They would still get to the site in question.

So why do marketers still seem bent on the URL’s destruction? Today I came across a bit of advertising on the Tube from Transport-for-London (the organization that runs the Tube)

This tweet elicited an almost instantaneous response:

The thing is: @Codepope isn’t wrong. But he doesn’t need to be wrong for me to be right. Yes, people do search more than they type URLs in. That doesn’t mean we should be ditching URLs in favor of pointing people to search engines. TFL could just as easily have posted a URL such as “tfl.gov.uk/delays” which would give people exactly the information they are looking for without any intermediary step. And, as discussed, if people typed that into a search engine it would go to the same place – search engines are savvy that way. But sending people to a search engine with a few random words defies logic in that it cedes back power and control of the experience to intermediaries (search engines and app stores). The argument on the “pro search” side seems to be “people can remember them better” but (a) I don’t see any evidence and (b) isn’t this a self-fulfilling prophecy? Surely it’s in the best interest of content and service providers to keep people using their URLs as it eliminates the middleman and allows people to connect to them directly.

I just  W W W don’t get it!

My actual theory of why marketers want to kill the URL: they don’t see an angle in it. A marketer who has been going to SEO conferences all year and getting an ear-full about how to cook search results by spending money takes a look at the relatively cheap URL and says “that can’t be as good because it doesn’t cost as much” which leads through a kind of sunk cost bias to the notion that search terms are easier to remember than URLs.

My research on this topic has shown me one thing: researching use of the URL is really hard. Unfortunately, I think this because most search engines aggressively ignore the term URL. I haven’t found any research studies that support or weaken my hypothesis. That Pew study gave me some hope that I’m not entirely off-base though. What do you reckon?


Jeremy Keith’s post on owning his own words has reminded me about the importance of running your own blog in your own space that you control. Of course, I’ve long been a supporter of this idea, but I’m afraid the ease-of-use of Medium has pulled me over to the dark side where I’ve recently been more prolific. Of course, the “barrier to entry” that Jeremy cites is not the only reason I moved to Medium. It is easier to compose there, largely because of the great work they’ve done on a web-based editor. But the main reason I started posting on Medium has been engagement. I simply get more engagement (views, ❤️s, comments, re-shares, tweets) on my Medium posts than I ever did on my blog. Case in point: I wouldn’t have read Jeremy’s original post if I hadn’t seen it on Medium (sorry, Jeremy). There’s a value to the platform that Medium provides. But there’s also a value to owning your own words. I’m also a little disappointed that Medium keeps trying to push their app on me when I’m on mobile devices instead of building a great progressive web app, but that’s a different story.

I run this blog on a self-installed WordPress. So today I’m experimenting with a WordPress plugin for Medium which may allow me to have my cake and eat it too. I’m going to use the blog as the primary platform and see whether I can still get the same level of engagement on Medium.

Update: After making this post, I discovered that subsequent edits to the WordPress post are not reflected on Medium so that’s one strike unfortunately against this method. Why can’t anything ever be easy?

Why are Web Companies Biting the Hand that Feeds Them?

Why are Web Companies Biting the Hand that Feeds Them?

WTF Lanyrd?

I posted the following on Medium earlier today. Basically I have just had it with Lanyrd’s downtime and the seeming unwillingness of parent EventBrite to make any investment in this important service. Let me know what you think and more importantly suggest some alternatives.

Dear EventBrite and Lanyrd: WTF?

How do I “Use” Apple Watch?

So one question I get asked a lot about my Apple Watch is “how do you use it?” (Or sometimes ”how often do you use it?”) From my experience with the Apple Watch thus far, this isn’t the right formulation. In one sense you’re always “using” it because it’s always on you. It isn’t usually something you affirmatively use though. It’s more about the notifications and the ways in which it can replace (mostly with better / easier overall user experience) some functions of the iPhone.

Apple WatchAt right is my boarding pass for a recent flight I took to Vienna to speak at the Uberall App Congress. I presented this image at the end of my talk (which was about how app developers should better make use of the web) to illustrate a point. I was able to get my Austrian Air boarding pass on my wrist without the need for a special Austrian Air app either on my phone or on my watch. The check-in took place on the web site (used from my phone’s browser in this case) and the passbook boarding pass was delivered by email. Once the boarding pass was in passbook, it magically loads into the watch. When the time for the flight drew near, a notification appeared on the watch bringing me directly to the boarding pass. The only slightly cumbersome bit was scrolling down to the 2d barcode with luggage and passport in hand – certainly no less cumbersome (and accident-prone) than fishing out your phone to do the same. The mobile payment scenario for Starbucks is similar, by the way – thought that does require an app install.

I’ve also been pleasantly surprised as how much I’ve been using it for “activity tacking” especially since I’ve never done activity tracking before nor ever felt a burning need in my life to track my activities.

But certainly the main thing I find myself “using” the Apple Watch for is notifications – notifications of text messages / iMessage, Twitter & Facebook activity, Photo sharing activity, LinkedIn activity, Slack activity, calendar entry alerts and the like. The haptic feedback means you never miss an important notification yet also gives you the power to silently ignore or quickly dismiss alerts when appropriate and and in a much less interruptive way than pulling out a phone. In practice this means I feel more in control of my digital life. Because the haptic feedback is not perceptible to anyone besides you and because it’s not visual, you’re not subject to “distracted talking” syndrome a-la Google Glass. By the way, one of the first things I did on configuring the watch was to turn off all email alerts. This is not a device for email – especially with the amount of spam I receive. I’m also still unsure on things like breaking news alerts – I think this only works until New York Times decides to alert me about something I don’t care about.

Things that need work on the Apple Watch, software wise, include the wifi connectivity. The promise is that when you’re on (e.g.) your home wifi network, you can leave your phone in one room and walk anywhere else not necessarily within bluetooth range but still in the same wifi network and your watch will remain connected to your phone. In practice this works maybe 80% of the time. In trying to debug the issue, I’ve found that that both the watch and the phone are indeed on the wifi (by inspecting the access point config) but that they are somehow not communicating. So there is some work to do there. Another issue is that the “turns on when you look at it” feature is maybe 90% reliable – leaving plenty of times when you’re stuck looking at a blank screen. Another feature that would be great but is currently, well, not so great is walking directions. The functionality is that it guides you (via haptic feedback and highly contextual alerts such as “make a left on Carnaby Street in 20 yards”) as you’re walking to your destination. It would be great if it worked. My experience using it in London is that it needs some work. For example, “enter the roundabout” is not a useful walking direction. I expect this to improve with IOS9 but it would be great if I could get Google walking directions (and cycling directions) on the watch. Finally (and this is more of an IOS issue than a Watch issue) I want Safari push alerts on IOS. These push notifications already work well on Safari on Mac OS and it’s hight time Apple brought them to IOS (as Google has done with Chrome for Android).

All in all, I’m very happy with Apple Watch and I definitely think it has the potential to open up the wearables market and make the smart watch as common as the smart phone has now become. There’s been quite a lot of debate recently about how successful the Apple Watch is / will be and how successful it needs to be. This is, to a large extent, a new category of product so it’s difficult to define what success is. Eight years ago Apple opened up the smartphone market with the iPhone. I remember a lot of grumbling back then about how people “didn’t want” touch screens, etc… Well, the doubters have been proved wrong and we are now firmly in the middle of the mobile era. Will the Apple Watch herald the next phase in innovation? My bet would be yes, it will.