Greyballing Is Embedded In API's DNA
13 Mar 2017
I've been simmering on thoughts around Uber's greyballing for some time now, where they target regulators and police in different cities, and craft a special Uber experience just for them. Targeting users like this are not new, all companies do it, it's just that Uber has a whole array of troubling behavior going on, and the fact that they were so aggressively pushing back on regulators, is why this is such a news story.
I'm familiar with this concept because greyballing is embedded in the DNA of APIs, we just call it API management. Every web, mobile, and device that uses an API have a unique fingerprint, identifying the application, as well as the user. Not all apps or users are created equal, and everyone gets's a tailored experience. I wanted to explore the spectrum of experiences I see on a regular basis, helping us all understand how this broadway production works.
- Greyballing - Uber's situation is focused on creating a special scenario for regulators, but many companies also do this for their competitors, and anyone they see as a threat. Smoke and mirrors for those who threaten you is the name of the game.
- Sales Funnel - Where are you in my sales funnel? Based upon your application or user fingerprint, and IP address you will receive a different experience, support, and access to resources--the bigger opportunity you are, the better experience you will get.
- Country - Due to laws in specific countries, platforms have to deliver a different experience based upon the country, and region an application and user are operating within.
- Virtualization - We regularly create sandboxes, staging, and alternate means of providing an environment for applications and users to operate in, delivering a more virtualized experience, based upon platform objectives.
- Analytics - Dashboards, analytics, and other visualizations provide us with snapshots of our world. These metrics, KPIs, analytics, visualizations, and other reporting drive everything, even when companies like Facebook and Twitter misreport and inflate their numbers.
- Rate Limiting - Access to data, content, media and algorithms online is always logged and metered. What you have access to, and how much you can use is always limited--something that usually occurs silently behind the apps we are using, protecting the interests of the platform.
- Error Rates - In response to rate limiting, or possibly because you are a special regulator or competitor you may be receiving elevated error rates. On mobile devices, it is easy to blame this on the network, but your elevated error rates may be more about who you are than the cell service where you are located.
- Access Tiers - The experience you are getting is the one you have paid for. Depending on what we can afford, we will get a different experience within an application--with all levels of access, and experience available to me the consumer.
- Partner Tiers - You only gain access to this experience because you are a partner. Only our trusted, approved partners have access to the full experience. While also letting everyone else know what it takes to become a partner.
- Personalization - We are tailoring a unique experience for each user based on their interests, location, friends, activity, and a wealth of other data points. Each user of our platform gets their own experience, allowing the algorithm to define a personalized experience for each human.
- Transparency - You are given a look into the kitchen, and are shown how the algorithm is working (or not). Helping be more transparent about the technology, business, and politics of the experience you are receiving.
- Observability - In addition to having a window to look in, there are machine readable / defined inputs and outputs that allow for the experience to be measured and quantified, providing some accountability to the transparency.
- Communication - What we hear is in alignment with the experience. When we are told to expect a certain experience we receive it. There is no surprises or mysterious behavior in the application experience for any user, and all expectations are in alignment with marketing and other communication.
There are many acceptable forms of greyballing. The problem isn't the technology and experience delivered. It was the motivations behind each company doing it. These things don't always happen as the result of malicious intent as we saw with Uber either. In the majority of the cases, it is just incompetence and greed that are the driving forces. Platform engineers are good at being hyper-focused on a single objective, and being totally oblivious to the negative and unforeseen consequences.
With Uber we know this was intentional when it happens with Facebook and Twitter misreporting their numbers, things can be much cloudier. Did they do it intentionally? Or did they just get caught? There really is no holy grail for ensuring tech companies behave with virtualization, personalization, greyballing, or whatever you want to call it. We live in a world where nothing is real, and everything is meant to be fabricated, and tailored just for us--it is what everyone seems to be asking for, wanting, or at least blindly accepting.
This will all come down to transparency, observability, and communication. If a company is doing shady things with their platform, there really is no fool proof way of knowing. We only can depend on them being transparent and communicating, or we can push for more access to the inputs and outputs of the platform, in hopes of gaining more observability. Beyond that, I guess whistleblowers is the last line of defense against this kind of behavior, which is pretty much how we are learning so much about Uber's motivations and internal culture.