Welcome back to Tech Chronicle. If you’re open to it, please access our subscription interface.
Sorry, we’re closed
We’d all but forgotten about Google Plus when the search company announced Monday that its foray into social networking was kaput. The cause of death? A Wall Street Journal exposé of Google’s efforts to keep secret a flaw that may have exposed tens of dozens — sorry, that’s a bad hipster joke about Google Plus’ devastating unpopularity — rather, tens of millions of users’ profile information.
That follows on the exploitation of a vulnerability in Facebook profiles that could have allowed strangers to impersonate users. That one you probably noticed, since Facebook forced millions of users to log in as part of its response.
The closure of Google Plus is embarrassing mostly in its tardiness. Google should have given up on it years ago. Designed to slow Facebook’s runaway growth and provide an alternative in social networking, Google Plus’ introduction in 2011 mostly showed how out of touch Google had become.
In his memoir of his time working at Facebook, “Chaos Monkeys,” Antonio García Martinez recounted how he drove from Facebook headquarters, then in Palo Alto, to the Googleplex in Mountain View one weekend. The Facebook parking lot he left was full of engineers and designers rallying to fight off the Google threat. Google’s parking lot was empty. So, he concluded, was the threat that Google Plus might beat Facebook.
One thing that distinguished Google Plus from Facebook at the time was its lack of a way for third-party developers to access information and build apps on top of it. By 2011, programmers had been building apps on Facebook for years, and the Facebook Platform — the company’s name for the collection of services that let developers tap into Facebook features and user data — was seen as a key reason the then-private social network was worth billions.
Google Plus was different, declared Vic Gundotra, the executive behind Google’s social push. There wouldn’t be social spam, like those sheep-throwing notifications that drove Facebook users crazy. If Google introduced tools for developers like Facebook’s — what’s known in the software trade as an application programming interface, or API — it would do so slowly, and thoughtfully.
Gundotra, who left Google in 2014, was half right. Google was slow about rolling out an API. Thoughtful? Well, look at the hole that Google left open from 2015 to 2018, exposing users’ profile information to any app developer that requested it.
After the Cambridge Analytica scandal, Facebook tightened access to its application programming interfaces, to prevent similar heists of user data. We will probably see further restrictions in response to the log-in vulnerability the company revealed in September.
Security and trust are paramount for companies that ask us to entrust us with our secrets. The trade-off that we have to make may be less openness.
That’s fine for Facebook and Google, which are worth hundreds of billions of dollars and are secure in their social and search kingdoms. But they both benefited hugely from open systems. If every website required permission for Google to crawl and index it, a search engine would be impossible to build. Facebook grew like a weed in part because email and contacts were easy to scrape, once it tricked — fine, persuaded — a user into handing over a log-in.
Startups today are far more hesitant about opening up. Snapchat, for example, introduced a very limited API only this year; that doesn’t seem to have hurt its popularity. Airbnb’s API is invitation-only. Uber’s API lets developers just tinker around the edges, by adding a request-a-ride button or creating a discount code.
On the surface, their caution seems smart, given the downsides of openness. Twitter, which embraced developers early in its life, soon found itself in near constant conflict with them, limiting data and features to the point of rendering third-party apps useless.
What we gain from the crackdown on APIs is clear: more security for our data. What we lose is harder to say, but I feel like it lies somewhere in the concept that Reddit co-founder Alexis Ohanian dubbed “permissionless innovation.” In a world of limited, invitation-only APIs, the thing that might one day replace Facebook or Google will be that much harder to build. While Facebook and Google are locking away our data, they’re also locking us in with it.
— Owen Thomas ([email protected])
Quote of the week
“Twitter can get you into trouble. And that can be said of Elon Musk, too.” — Japanese online retail mogul Yusaku Maezawa, who plans to travel to the moon on Musk’s SpaceX rocket
Wired, the magazine born in San Francisco 25 years ago, is celebrating its quarter-century with the Wired25 Festival starting Friday. There’s a robot petting zoo and open houses at companies including Accenture’s new digs in Salesforce Tower. Tickets are $50-$140.
What I’m reading
San Francisco’s Propostion C could cost Salesforce $10 million a year in additional taxes, but Marc Benioff tells Kevin Fagan that the additional spending to alleviate homelessness is “well worth it.” (San Francisco Chronicle)
Bloomberg Businessweek published a bombshell report that Chinese spies were tampering with servers used by Apple and Amazon. The companies and the Chinese government strenuously denied it. It’s a confusing mess. Zack Whittaker explains why cybersecurity stories like this are so tough to make sense of. (TechCrunch)
Sign Up for the Newsletter
Want to get the latest on Silicon Valley in your inbox? Subscribe to Tech Chronicle.