Showing posts with label Internet. Show all posts
Showing posts with label Internet. Show all posts

Friday, October 4, 2013

I come here not to bury the Silk Road, but to praise it.

Two days ago, the Feds finally shut down the Silk Road, the online marketplace for drugs, guns, hitmen and other miscellaneous highly illegal items. They arrested a man, Ross William Ulbricht, alleged to be the founder of the site. He went under the alias 'The Dread Pirate Roberts'. This name is taken from the movie 'The Princess Bride', and is actually a pretty excellent alias given the nature of his work:
A pirate of near-mythical reputation, the Dread Pirate Roberts is feared across the seven seas for his ruthlessness and swordfighting prowess, and is well known for taking no prisoners.
It is revealed during the course of the story that Roberts is not one man, but a series of individuals who periodically pass the name and reputation to a chosen successor. Everyone except the successor and the former Roberts is then released at a convenient port, and a new crew is hired. The former Roberts stays aboard as first mate, referring to his successor as "Captain Roberts", and thereby establishing the new Roberts' persona. After the crew is convinced, the former Roberts leaves the ship and retires on his earnings.
If you believe the allegations about Ulbricht contained in the various affadivits, he is (to quote Stephen Hawking's memorable description of Sir Isaac Newton), by all accounts, not a pleasant man. He allegedly tried to organize not one but two attempted murders - first of a former employee that was likely to squeal to the FBI, and second of a person trying to blackmail him by threatening to release information about Silk Road drug suppliers.

(As a side note, the latter reminds me of the Morgan Freeman quip in The Dark Knight):
Let me get this straight. You think that your client, one of the wealthiest, most powerful men in the world, is secretly a vigilante who spends his nights beating criminals to a pulp with his bare hands; and your plan, is to blackmail this person? Good luck.
So it's not hard to see what's ugly and destructive about the Silk Road. Having never been interested in purchasing drugs, murder-for-hire services, guns, or anything else on the site, I had no interest in its continuation. To the extent that the world would be better off with fewer murders and illegal guns (and probably with fewer drugs as well), it's a good thing that it's gone.

But let's just pause for a moment and appreciate what a truly astonishing feat of engineering and business the Dread Pirate Roberts was able to pull off. 

This was a website that let you buy drugs off the internet and ship them to your house via the postal service. 

It did this with remarkable success, facilitating more than a million transactions between strangers. Estimates of its revenues are as high as $1.2 billion, with commissions of almost $80 million.

That's a pretty darn serious business operation right there. How many celebrated startups ever generate revenues of $1.2 billion in their first two years? Or ever?

And think about the constraints the business was operating under. 

As I wrote about in March, anonymous drug sales over the internet have perhaps the steepest challenges of information asymmetry and moral hazard of any market I can imagine. How do you stop people shipping grass clippings instead of marijuana? Or ensure that customers pay when shipments may not arrive? Or convince people to give out their postal address to strangers when ordering drugs online, not knowing whether they're sending it to a federal agent?

Here's a great essay on how they managed to solve these problems. But suffice to say, it's pretty impressive. 

This is also a business that's going to be incredibly difficult to get off the ground in the first place. Suppose you're the chief of marketing for an online drugs site. How exactly are you going to run your campaign? You can't call up Saatchi and Saatchi and arrange a billboard campaign paid from the company checking account. And who do you even contact for customer and supplier outreach? Drug sellers are somewhat cagey about putting their email addresses up to be contacted. Even if the idea of an online drug marketplace seems feasible once it's already going, it would be a nightmare trying to get it started.

What about other challenges from the business environment? If you're creating your hypothetical startup, making the AirBnB of self storage, or the Dropbox of the pets world or whatever, you might get competitors trying to undercut you, or unpredictable shifts in the regulatory environment that make it hard to compete. 

Here, you have every law enforcement agency in the world furious at your existence, sparing no expense to try to hunt you down. You need to run the entire business while being completely anonymous. Remember, this whole site was operating within plain sight of the FBI for over two years. Charles Schumer complained about it back in June 2011. The continued existence of the Silk Road was a massive embarrassment to the US Government, and hell hath no fury like the US Government scorned.

I'll say this - you don't need to like drugs at all to recognise that the Dread Pirate Roberts was a God damn genius. I wish he'd turned his efforts to something more socially useful than selling drugs online. But be that as it may, the Silk Road is one of the most remarkable startup stories in the history of the internet.

(previous Silk Road discussion here)

Monday, September 30, 2013

Oh Noz! OMG!

Apparently the USDA website is shut down due to the government funding crisis.

This prompts two responses from me:

1. Oh no! How will we ever possibly survive without whatever the hell it is the USDA website is meant to do. It will seriously impact the ability of the USDA to deliver key services in...er...um...

2. These people apparently have such a low opinion of your intelligence that they think you aren't aware that it doesn't actually cost any money to leave a web page in the same state it was in. Quite the contrary - it costs money to change the web page. If the web server were shut down due to lack of money, you wouldn't get any page at all.

I can scarcely think of a better advertisement for firing everybody who signed off on this absurd stunt. Or, you know, just fire the whole USDA. Be honest, do you even know what these clowns do? Have you noticed the lack of services from them in your life recently? If US farmers stopped making milk, I wager you'd notice that pretty quickly. If the USDA stopped interfering in this process, it's far less obvious that you'd miss it.

Thanks to Hector Lopez for the pointer.

Tuesday, September 17, 2013

Amazon: Supporting Ben Franklin's legacy by making one of two certainties more certain

To paraphrase England's greatest prime minister, commercial partners, like nations, have no permanent allies, only permanent interests.

It used to be the case that Amazon was a fairly reliable partner in helping consumers find the lowest cost purveyors of particular products. Of course, it was only limited to those in their network of people selling through them, but this tended to be pretty liquid. For most products I searched for, there would be a sufficient range of sellers that you'd get decent price competition. This is made easier by the fact that once you're comparing literally the same product, it's basically a commodity market - there's some sorting on reliability of shipping and returns policy, but that's about it.

Amazon always privileged themselves slightly by defaulting to selling the item themselves if they stocked it. But it was simple to click on the tab for 'new' and find a range of sellers sorted by the total cost of the item plus shipping, which was what you paid. Problem solved - buy from the cheapest guy, the end.

In other words, as long as you clicked on the tab, Amazon would make it easy to tell if they were the cheapest provider of the goods or not, and the sorting process made it clear how you could purchase the lowest cost item, even if wasn't from them. Amazon were willing to take the hit to some direct sales (though they got some back in fees from the marketplace seller) for the repeat business that came from running a good price comparison service. 

But starting about a year ago, the interests of consumers and Amazon started to diverge. The reason is that for residents of various states (now up to 12) Amazon has to collect sales tax on their purchases. The citizen was always obliged to pay the tax, at least nominally, but in the past Amazon wasn't involved in collecting it. Collection was meant to occur because citizens would voluntarily report the sale tax on their internet purchases to the state (Ha ha! Stop it, you're killing me!). In practice, this made the Greek Tax office look like a model of perfect enforcement.

The loophole, which doesn't get greatly discussed, is that while Amazon is now forced to collect sales tax for its own providers, and for providers in the same state as the purchaser, it isn't compelled to (and in practice, doesn't) collect sales tax for third party sellers outside the state of the purchaser.

So what would a permanent ally do? 

Simple - he'd now sort purchases on total purchase price of Price + Shipping + Tax. That's the end cost to the consumer, let them find the lowest cost item.

But this was apparently a bridge too far for Amazon. This would put their own offerings at a structural disadvantage, and a decent one at that. In California, for instance, the minimum sales tax at the moment is 7.5%. This article claims that Amazon's after-tax profit margin, for comparison, is 1%. Can you see why playing at a 7.5% disadvantage is a game they're incredibly reluctant to play? 

And so we witnessed the internet commerce equivalent of the Suez Canal Crisis between erstwhile allies. Amazon felt that listing the total price would hurt them so much that they were willing to significantly degrade the usefulness of the price comparison function of their website. So they continue to only list cost in terms of Price + Shipping.

It gives me the absolute $#!7s that I can't sort on total cost any more. The only way to find out is to click through various sellers, add them to the cart, see if tax is added on, remove the item if it is, go back, find another seller, and then compare the tax with the difference in price. 

For small items, I won't always bother. But I will always resent the fact that Amazon is deliberately making my life harder for their own purposes. 

To give them credit, Amazon fought damn hard for a long time to prevent the states from forcing them to pay, but in the end, they saw the writing on the wall. Tax was going to get collected eventually, because the bankrupt states saw them as a cash cow waiting to be milked. Maybe I should cut them some slack.

Or maybe not. There are, after all, no permanent allies in commercial transactions. They happily screwed us when it suited them, so I have no compunction in reducing my business to them in response.

I don't know if it's possible, but if someone figures out how to scrape amazon prices for the lowest total cost, I'll direct all my purchases through them.

The only thing that would be even better would be to be able to scale the weight placed on taxes by a fixed amount. I'd probably set it at about 1.1 for small purchases. In other words, I'd rather pay slightly more money just for the pleasure of depriving the State of California of additional revenue.

That's not going to happen, of course, because Amazon makes it hard to just scrape all their data. So in reality, we consumers just have to bend over and take it.

Marketers love to tell you that the customer is always right, but it's not true.

It sucks to spend so long thinking that your purchasing dollars made you Dwight Eisenhower, only to find out that you were actually Anthony Eden all along and didn't know it.

Monday, January 23, 2012

How Password Reset Screens Should Work

There is a long literature on how the password requirements for most websites are ridiculous - they make life hard for users without actually making it that hard for people to crack. There was a great xkcd comic about this which covers the flavour of the problem.

In order to stop random cracking attempts, websites tend to make the following requirements

1. Lock out the user for [some period, e.g. 1 hour] after [N, usually 3] incorrect password attempts

2. Make a requirement about password length and certain characters.

So far, so annoying, but fairly manageable.

Let's assume that the website in question has a lockout attempt at 3 attempts. The problem arises because websites pick different versions of #2. I've come across:
-At least 6 letters
-At least 6 letters and at least one number
-At least 6 letters and at least two numbers
-At least 6 letters and one special character
-At least 8 letters and a number
-At least 8 letters and a special character
-Exactly 8 characters, including [some combination of the above]
-At least 6 letters, no special characters allowed.
etc.

One salient feature of the list - it's got more than three options.

Now, it seems that lots of people generate variants of the same password for each case, depending on the requirement. Give them the requirement, and they know what the password is.

But if you've got a slightly odd password requirement, the vast majority of my incorrect password attempts are me trying to remember what your damn password restriction is!

So what happens is that I'll try the most common case. Wrong. I'll think 'Hmm, does it need a special character' and try that. No luck. And now I can try a third time and risk having to wait an hour, or I can go through another pointless password reset. Sigh.

And there's absolutely no need to do this. It doesn't make life much easier for the hacker to know the requirements.

I'm pretty sure that Progressive Insurance has some bizarre requirement that I keep forgetting, because I think I need to reset my password just about every time I need to log in. Great customer experience, chaps!

So I really wish that more websites would follow Expedia's sterling example:


I dare the system admins to try this, and see how many fewer times the password reset function is used. If you've got a requirement of special characters or two numbers, I'm ballparking that the number of password resets will probably drop at least 80%.