{"API Evangelist"}

Greyballing Is Embedded In API's DNA

I've been simmering on thoughts around Uber's greyballing for some time now, where they target regulators and police in different cities, and craft a special Uber experience just for them. Targeting users like this are not new, all companies do it, it's just that Uber has a whole array of troubling behavior going on, and the fact that they were so aggressively pushing back on regulators, is why this is such a news story.

I'm familiar with this concept because greyballing is embedded in the DNA of APIs, we just call it API management. Every web, mobile, and device that uses an API have a unique fingerprint, identifying the application, as well as the user. Not all apps or users are created equal, and everyone gets's a tailored experience. I wanted to explore the spectrum of experiences I see on a regular basis, helping us all understand how this broadway production works.

There are many acceptable forms of greyballing. The problem isn't the technology and experience delivered. It was the motivations behind each company doing it. These things don't always happen as the result of malicious intent as we saw with Uber either. In the majority of the cases, it is just incompetence and greed that are the driving forces. Platform engineers are good at being hyper-focused on a single objective, and being totally oblivious to the negative and unforeseen consequences

With Uber we know this was intentional when it happens with Facebook and Twitter misreporting their numbers, things can be much cloudier. Did they do it intentionally? Or did they just get caught? There really is no holy grail for ensuring tech companies behave with virtualization, personalization, greyballing, or whatever you want to call it. We live in a world where nothing is real, and everything is meant to be fabricated, and tailored just for us--it is what everyone seems to be asking for, wanting, or at least blindly accepting.

This will all come down to transparency, observability, and communication. If a company is doing shady things with their platform, there really is no fool proof way of knowing. We only can depend on them being transparent and communicating, or we can push for more access to the inputs and outputs of the platform, in hopes of gaining more observability. Beyond that, I guess whistleblowers is the last line of defense against this kind of behavior, which is pretty much how we are learning so much about Uber's motivations and internal culture.