Fighting Spam with Whuffie

I recently received a pretty aggressive form of spam from a company based in Concord, CA. The outside was designed to look like some highly confidential and urgent material of legal and/or financial content. For instance, you could read on the front: “WARNING The penalty for obstructing or interfering with the delivery of this letter is a fine of $2,000 and up to 5 years imprisonment”.

envelope cover

As I opened it, I was genuinely worried, but quickly discovered it was just some kind of “Free offer* (*well, not really)” from a company called “Pulaski Tickets and Tours” based in Concord, CA according to the content of the spam. A Google query returned that the company is actually based in New York state and headed by a man named Patrick Harthough who lives here. The address in Concord is probably the address of a trash box for complaints.

Like most people, these types of mail waste my time (I shred any mail that is irrelevant) and now abuse my emotions.

I’d like to be able to do a little more than be able to trace this person and his company. I’d like to essentially publish somewhere, in a form that can be easily found and searched by others that this person’s marketing practices are questionable. This way, Mr. Harthough’s reputation is public and if enough people can easily do the same rather then just writing in forums, then people like me could automatically discard Mr. Harthough’s mails and perhaps people like Mr. Harthough would change their practices.

This type of real-time rating system is something I’ve been personally interested for many years, particularly as it applies to the hidden social and environmental costs of products people buy and use their social network of usually like-minded people to re-balance the current asymmetry of power between consumers and marketers. I think we are getting pretty close to a point where this type of system can be implemented (the technology of software UPC barcode scanners is getting to a point of usability, social networks are omnipresent, and Web-wide data queryability about companies and people is also making progress).

I recently discovered that a generalized version of this concept has a cool name: Whuffie, and that a book by Tara Hunt is coming out on the subject later this year.

Twitter: Unified Communications 1.0 (beta)

As I was twittering earlier in BART, I had to switch from the mobile Web twitter interface to the SMS interface. It suddenly occurred to me that just as I was able to choose which communication protocol (HTTP POST, SMS, voice-to-text: Twitterfone) and I suspect the reverse service exists as well) to post a message, my followers would be able to choose to read them using the reader of their choice (Twitterific, SMS, desktop Web, mobile Web).

This reminded of the old concept of Unified Messaging/Communications. Here is the definition from ZDNet:

The realtime redirection of a voice, text or e-mail message to the device closest to the intended recipient at any given time. For example, voice calls to desk phones could be routed to the user’s cellphone when required. E-mail intended for a desktop mailbox could be sent to the user’s PDA or turned into speech for a phone message.

Twitter is indeed pretty close to being the version 1.0 (beta – for its reliability issues) of Unified Communicator, and it probably achieved adoption where others failed or partly succeeded because 1) it limited the problem to 140 characters, a good common denominator for a variety of protocols, in particular SMS, and 2) APIs were exposed for 3rd parties to extend its capabilities.

Using hAtom for pagination of microformatted content

An interesting debate was started by André Luís last month on the microformats-discuss mailing list on the benefits of hAtom. I didn’t have time to read it in details at the time, but read the discussion today and here’s my summary.

For those not familiar with hAtom, it is an XHTML microformat for RSS-like feeds.

Great, but why would someone want to do that, given that blogging platforms already generate the RSS/Atom feed for you? Are there use cases for providing hAtom in addition to the Atom feed?

Zhang Zhen pointed to the WebSlice upcoming IE8 feature, which reuses hAtom syntax and will allow users to subscribe to a portion of a webpage. This pointer is interesting, but not quite exactly hAtom.

Toby Inkster mentioned that hAtom could help avoid the use of blogging software by essentially allowing the Atom feed to be generated by a service (but as André noted, this wasn’t really his question):

<link rel="service.feed" type="application/atom+xml" 
href="hatom2atom.php?uri=" mce_href="hatom2atom.php?uri="/>

Brian Suda explained that hAtom could be used by Web crawlers to extract valuable metadata, and by browser plugins to provide a better user experience as a user is reading Web content.

While all these were valid benefits, the one that captured the attention of the group was the use of hAtom and rel='next' or rel='prev' for pagination of microformats, i.e. linking microformat entries listed on multiple pages together.

Let’s say you have a collection of hCalendar entries or hCard entries on your Web site, you could mark these up as hAtom and use a link between them, so that a microformat parser could navigate the site and generate a single collection of hCalendar and hCard entries.

Consequence of Peak Oil for Banks

A crude awakening movie poster

I watched A Crude Awakening yesterday and here are my notes and thoughts.

This movie essentially makes the case for Peak Oil theory: that in recent years we have reached a plateau of worldwide production of oil and that oil production will go downhill from here. The movie presents the economic, political and sociological consequences in a truly apocalyptic vision, but even if like me, you believe in human technological creativity to get us out of this mess, I think it is worth watching to bring awareness of the issues and crisis that the end of cheap oil might bring about in the next 10 years, keeping in mind that noone has the ability to predict whether this transition to other technologies will be abrupt at times or smooth and will happen in an orderly manner.

The most striking comparison presented was that oil is a very dense energy, which offers extreme productivity levels, with which other energy sources have a very hard to compete with, which in turn makes the challenge of oil transition humongous, and will be particularly difficult for our financial system.

Here is a good comparison mentioned in the movie: 1 barrel of oil (42 gallons) = 25,000 man hours of work = 12 people working full-time for one year. Another interesting comparison is that at $4 a gallon of gasoline and with a 20 miles per gallon 4-person car, you can take with a 4-person family for 1 mile for 20 cents at 60 miles per hour, definitely not a wage the driver of human-powered vehicle like a pedicab /rickshaw would or could physically work for.  If we want to pay the driver $10 per hour (minimum wage in California is $8/hr), and assume he will ride 2 people at 10mph, 1 mile for 4 people will come at a minimum cost of $2, which is 10 times the current cost in 1/6th of the time.

What does Peak Oil theory means for banks?

The following text I borrowed from is the clearest answer I’ve read to this question:

It is becoming evident that the financial and investment community begins to accept the reality of Peak Oil, which ends the First Half of the Age of Oil. They accept that banks created capital during this epoch by lending more than they had on deposit, being confident that Tomorrow’s Expansion, fueled by cheap oil-based energy, was adequate collateral for Today’s Debt. The decline of oil, the principal driver of economic growth, undermines the validity of that collateral which in turn erodes the valuation of most entities quoted on Stock Exchanges.

Update 6/1/08: WSJ Article on the value of second-hand SUVs. Excerpt:

About 36% of the people who tried to trade in a large SUV in May owed more on the truck than it was worth, according to data from the Power Information Network. That’s up from just under 33% a year ago. (It’s worse for large pickups. Recent PIN data suggests 40% of large pickups traded during May fetched less than the loan balance.)

A three-year-old large SUV today is worth about $2,000 to $3,000 less at trade-in than a three-year-old large SUV would have been in 2007, before gas prices began to soar, according to Marc Cannon of AutoNation Inc., the largest U.S. auto retailer. A three-year-old Chevy Tahoe that might have fetched $19,700 in September 2007, he says. Today, a three-year-old Tahoe might be worth $16,400 at trade-in.

What the IT at Google Bank would look like

As I was watching the Google I/O keynote presentation, I thought about how all the development tools provided by Google (Google Gears, GData, OpenSocial, etc.) could be put to work to create a Google-powered Bank, and what the IT architecture of this Google Bank would look like.

Here is how I think it could look like:

All user interaction devices, whether it is a teller workstation, mobile phone, ATM machine, kiosk would provide access to the bank via any of the standard Web browsers (Opera, IE, Firefox, Safari).

If access to device-specific functionality is required, it would be done by Google Gears (say for instance, that I want to access the ATM’s cash dispensing functionality, or I want to access the mobile phone’s built-in GPS or accelerometer). Ideally, these devices would be running a single application that would adapt according to the services discovered on the device on on the service cloud. But realistically, they would be running variant of a single GWT Java code base that GWT would compile in JavaScript for browser-based deployment.

Contacting customer support would be done via Google Talk click-to-call buttons. Interactive Voice Response systems would be powered by 1-800-GOOG-411 voice technology.

All these user facing app would leverage a cloud of shared GData services based on Atom Publishing Protocol. These services would be used to retrieve and update any data and transaction: update accounts, customer profiles, schedule payments, withdraw money, consult account balances, etc.

These services would be available to any developer who registered for an API key to create new 3rd party applications, with online documents, code examples, tutorials, videos, etc. There would be a related developer challenge that would award prizes ranging from $25K to $100K to motivate developers to create 3rd party applications. Google Bank would monitor usage and success via the API key, and acquire the apps that can contribute the most to their bottom line or user growth. OAuth would be used to allow 3rd party apps to accesss customer data without the user having to give away their Google login/password.

OpenSocial would be leveraged by Google Bank to provide an easy framework for friends to share bills, family member to send money to one another via any device, and to loan money to friends/families or friends of friends. Google Bank would use this data to provide preferential loan rates or optimize transaction fees.

Google Bank analytics would analyze my transaction patterns, build nice spending usage pie charts for me, and suggest relevant ways to save or make more money via competitive offers aggregated in Google Shopping. Bank marketing managers would use Google Bank analytics to analyze usage patterns, create marketing campaigns and target specific demographics and customer types in Google Adsense.

And last but not least, users would be able to search all their personal data using a simple one input field user interface.

Did I miss anything?

23andMe personal DNA analysis service review (Part 1)

I got myself a genotyping kit from 23andMe for my birthday. Part of my commitment to stop buying physical “stuff”, and instead buy intangible/digital gifts. I thought it would be fun and possibly useful. I mentioned this to my friend Steven who convinced me to share my experience on my blog.

First of all, I’d like to say that the packaging is very good. Almost Apple-ish. These genotyping kits make excellent gifts for friends and family members ($999 per kit though). You can even ship them internationally and have them be used by non-U.S. residents.

I have a few pictures below but the most interesting part to me was to read the Consent and Legal Agreement & Waiver. It was the first time I’ve read one in a long time, and this one contained unusual and interesting comments:

You may learn information about yourself that you do not anticipate. This information may evoke strong emotions and has the potential to alter your life and worldview. You may discover things about yourself that trouble you and that you may not have the ability to control or change (e.g. your father is not genetically your father, surprising facts related to your ancestry, or that someone with your genotype may have a higher than average chance of developing a specific condition or disease. These outcomes may have social, legal, or economic implications

and a little further down:

Genetic data you share with others could be used against your interests. You should be careful about sharing your genetic information with others. Currently, very few businesses or insurance companies request genetic information, but this could change in the future. If an employer or insurance company obtained your genetic information through your sharing of it or by legally binding requirements, they could use your genetic data to deny your employment or coverage. Some but not all jurisdictions have laws that protect individuals from this kind of conduct.

Anyway, here are the pictures:
Kit, documents and original shipping box

The saliva container

I’m going to fill the container up this WE and in 4-6 weeks I will get my results and will  post Part 2 of this post. Stay tuned!

Can financial services providers do good and make good money at it?

Brad Garland’s latest post raises an interesting question:

If a company’s employees passion for their company’s product or service is ultimately what transpires in their brand and what drives customer to buy their products/services – think Google (“Don’t be evil”), REI or Apple, is it possible to have financial services providers’ employees being passionate about their products/services, and if so how?

As I was reading this post, I could not but think about Paul Graham comments in this presentation about the necessity for startups to be benevolent. His theory goes like this: if a startup focuses first on making the life of its users truly better, it will help employees stay motivated in the most difficult times, and will help in attracting the best geeks, who are usually idealists; once you have enough happy users, they will be happy to contribute financial support.

There many startup examples that have followed this pattern. eBay is a good example. According to Wikipedia’s entry on Pierre Omidyar:

The service was free at first, but started charging in order to cover Internet service provider costs.

REI, Brad’s example, is not a startup, but actually follows this benevolence pattern. They are actually a particular kind of business since they are a cooperative and as an REI member you get a yearly dividend (about 9% of the money you spend there), which you can redeem for REI products.

To go back to Brad’s question, and adapt it based on Paul’s suggestion: Can financial services providers do good and make money at it?

Of course they can.

Here are a few examples:

  • The disruptive contenders such as p2p lenders are effectively freeing loan seekers from bank loans and re-creating a more human and direct relation between lenders and debtors.
  • Large incumbent banks can leverage their operational infrastructure to create independent brands dedicated to specific communities or values (ex. using local deposits to finance local, sustainable developments, “green banks”). After all, different people have different ideas about what “don’t be evil” involves. In general, it is my opinion that banks can do good and be perceived as such by leveraging Web technologies to reveal the social links loans represent, rather than abstract/hide them. For instance, they could provide visibility into where the money in my CD account goes and provide me with the option to express my preferences. Ideally, I should be able to say that I want my money to be only used to help finance sustainable farming in a 50 miles radius around where I live.

Just my quick thoughts!

Should banks bank on OpenID?

Almost a decade ago, at the height of the Internet boom, I remember talking to a banker telling me that in the future, banks would not just keep your money safe, but also your identity. To some extent, this has materialized with identity protection programs offering insurance against the risk of identity theft. That said, if you view the identity as the collection of hard- or impossible-to-obtain information about a person that uniquely distinguishes her from others, you would certainly admit that a big part of this information (in particular secrets such as passwords) are spread around in a variety of online services (60 on average, growing to 200 according to a Yankee report on OpenID).

OpenID, as everyone knows, is the open solution to this problem, and banks seem to be excellent potential OpenID providers for the following reasons:

  • “He who can do more can do less”. Password strength requirements and password strength user incentives are not equal among online services, but online banking is probably one of the services where password strength is highest, simply because this is where for most people the loss would be the highest if their password was to fall in the wrong hands. So, users won’t use an easy-to-remember Gmail username/password or blog commenting account to login at their bank, even if the bank trusts Google’s security, but they would probably not mind the reverse.
  • Existing security-related assets:
    • Banks already have the security infrastructure in place to secure financial accounts,
    • Most banks are already trusted brands in terms of security, and
    • Banks already have identity theft protection program in place that would complement OpenID, which is just a technology
    • Banks are required by anti-money laundering laws to know their customer, and have probably more identity-related information about their customers (ex. government-issued documents) than any other online service. This means they have the widest range of authentication options, allowing them to support multiple levels of authentications. They are not constrained to a public URL/private password model: they can not only decide to issue a OpenID URL that is distinct from the existing username, but also use multi-factor authentication for instance by sending a PIN by SMS to a phone or requesting the user to click and get a call from a call center agent, as requested by OpenID policy extensions.
  • Last but not least, compelling business reasons. A highly secure OpenID would be:
    • A value-add service that the bank could charge a premium fee for
    • A great way for banks to promote their brands (you’d see their logo everytime you authenticate), get to know their customers’ online usage patterns (which service you are using and when) and present new offers/ads (banking-related or not),
    • A great way to retain customers.

The problem with banking innovation and how to fix it.

Allen Weinberg has a great report on the first day at Payments 2008 that confirms some of the thoughts I’ve had in the past few weeks: that non-banks are becoming the primary source of banking innovation, threatening to relegate banks to mere accountants.

Allen cites the difficulty for banks to hire innovative employees because their lack of coolness, and I partly agree, but I think that is a bit too imprecise. It’s a bit like saying “We failed b/c we are were not lucky”. I think smart innovative employees go to companies that have an innovative management environment and culture, and there are very practical ways to create such an environment and culture, if the top management wants to.

To me such a culture starts by embracing the facts that:

  • Committee planning does not work for innovation because most innovations fail and slight differences between similar projects can be huge key factors of success, and as a result it is impossible to predict from which team innovation will come from.
  • People with innovative ideas (ex. new online service, new investment theory) as well as execution capabilities (ex. coding, sales skills) are a company’s greatest human asset and should be given opportunities before they leave and join a company that does.

Such an innovation culture consists then in implementing a management policy where such people can submit their plans, get a green light to allocate part of their time (whatever their direct manager says) and get a bootstrap budget as necessary. Then, just like a good option portfolio manager, define progress/success metrics, and allocate more resources to those with the most traction. And finally, reward success. All of this is something Google seems to be doing very well.

Banks are now at a most critical time and their ability to innovate in sustainable business models will be key to their survival. Nouriel Roubini noted this morning that banks’ unsustainable “originate & distribute” business model of the last few years is crumbling with the broken “securitization food chain”.

Banks are social intermediaries, and as a result, social services that focus on social lending or social saving pose a major threat to them, but could also turn out to be a major opportunity if they manage to re-intermediate these relationships and combine it with their unique competitive advantage: creating money from thin air.

Think for instance about the idea of a “college car” savings account solely dedicated to buying a car and that grand-parents could contribute too knowing where the money would end. Think of the negotiating power the bank could have by aggregating all the buying power behind these savings account and exchanging secured rebate from car manufacturers with secured future sales. This is what SmartyPig does, but environment/culture aside, it seems to me much easier to do it from the inside of a bank than from the outside. John Gaskell, SmartyPig co-founder was quick to comment that they have a patent pending on this process, so banks may actually not have this option.

Think also how a bank could leverage the fact that 50% of your student loan on a peer-to-peer lending site comes from your mum and dad, and grand-parents, and how little risk it would be for a bank to lend the remaining 50%, especially if the bank gets preferred re-payment rights.

Banks have some of this social data, in a way that is most likely much more authentic than a Facebook (think about all the documents you need to provide to open a checking or brokerage account compare to what you need to provide to open a Facebook account). It is just a matter for them to put in place the right environment and culture in place to attract people.

If they cannot change their culture, their next best bet might be to do what Apple or Facebook do: expose some of this information via easy-to-use APIs in a way that is more secure than their startup competitors. Then, allocate a VC fund to fund startups using this API (which is equivalent to buy an option to invest more/buy out the most promising ventures later).

twauth: mobile authentication with OpenID and Twitter

I stumbled upon Ian McKellar‘s twauth prototype: a Twitter and OpenID based mobile authentication solution.

The idea behind twauth is to address the usability issues of current mobile OpenID-based authentication workflows.

The particular issue that Ian’s twauth addresses it the effort place on the user to enter alphanumeric passwords.

Twauth addresses this issue by replacing the alphanumeric password entry by a digits-only 5-digit one-time code sent to the mobile phone via Twitter/SMS, that the user then enters on the openid authentication page.

Here are some screenshots of the complete workflow:

1. Entering the twauth mobile OpenID URL at the mobile ( mobile login page

2. Instructing the OpenID server to send a direct (private) Twitter message with a 5-digit code (ignore the garbage):

Direct message selection

3. The mobile phone that is linked to the Twitter account linked with the twauth OpenID URL is sent a message with a 5-digit code (18010 – screenshot not available)

4. User enters the one-time 5-digit code:

Entering the one-time 5-digit code

5. You are authentic!

You are authentic