Juliet’s famous lament is often mistakenly thought of as meaning, “Where are you Romeo?”, but it actually means, “Why must you be a Montague?” It is Romeo’s family and their struggle against Juliet’s Capulets that keeps these two star-crossed lovers apart.
Beacons, like Romeo, also have a bit of a name – a heritage – that seems to set them apart. In fact, the term ‘beacon’ has grown into such an odd mish-mash of apprehension and potential that it creates as much confusion as inspiration. Several “Capulet” tech articles have branded beacons as a “Montague” technology of sorts: “Watch out, don’t trust, be afraid”, they say.
What is sad is that this Capulet narrative is based upon a naive understanding of what is actually happening. This XKCD comic captures it well:
We have a rich history of this type of communication. Horror movies from the 1950s were notorious for taking a scientific or medical breakthrough and turning it into a horrible “science is out of control” scenario: someone receives a heart transplant from a murderer and becomes a murderer themselves, radiation creates some kind of monster, or some well-intentioned invention is perverted by a greedy industrialist. It’s a never ending stream of encouraging fear of the future. This is one of the reasons why Star Trek is so beloved; it’s one of the few science fiction narratives which has been optimistic about humanity.
The out-of-control scenario for beacons is that they will track our every move. But that fear is overblown. By understanding the technology and designing it properly, we can maintain control. Fear of something doesn’t guarantee inevitability; it can instead motivate and inspire.
The web is a great example of how to transcend this. It’s a decentralized system that allows anyone to play. Are there bad sites out there? Of course. But the important point is that we believe in the general promise. The Snowden revelations shocked us to our core, instigating far-ranging discussions and improvements. We never considered for an instant to throw the web away. On the contrary, we have doubled down to improve it, trusting that we are on the right path.
This is a never ending process. We believe in the web’s aspirational purpose but use the bumps in the road to motivate us. The real question is whether we can create that type of system for beacons; that is, a system that provides value and trust so that if it falters, we’ll want to fix instead of abandon it.
Here are some thoughts that I have on the issue:
1. Build on the web
This is why the Physical Web project is built upon the web. It is the web, just pushed into the physical world. Using the web browser as the user-facing front end is critical as it has a long, proven track record of protection. The “web sandbox”, as it is often called, is a very restricted place, one that allows web sites and their code to be run safely. The web is also universally accessible across nearly any device. This is even more important in a world that has new screen types emerging by the week.
2. Enforce one way beacons
Is the browser enough? No, we must go further. Beacons’ information flow must be one-way. If 1,000 people pass through an airport with 1,000 beacons, those beacons should have no idea that anyone walked by, unless the user chooses to access one. We must design the flow of information so rogue beacons can’t take advantage of a user’s passage.
3. Enforce protection through proxy
If the phone were to natively contact each beacon nearby (and it associated website), that has a slight risk of invoking a privacy violation, since it potentially leaks the user’s location. By using a proxy to fetch the information on the user’s behalf instead, we can gather information without exposing the user. The proxy even acts as a cache, returning the information without hitting the website every time. This protects users from rogue websites by preventing them from knowing exactly how many users accessed a beacon and when they did so.
4. Make an open marketplace
What if you don’t trust the proxy? That is why this project is open source. We are encouraging multiple receiving clients and proxies to be written. By making sure that there are a wide range of clients, we enable not only experimentation but also competition. If one version starts to make mistakes or violates the users’ trust in some way, there are alternatives. A market encourages not only competition but rewards trustworthy behavior.
5. Start in the foreground
What if a website works in the background on your phone, automatically finding beacons and pestering you with notifications? By default, the physical web works in the foreground, running only when the user asks. Thus, the system does not intrude on the user or ask for their attention. This is a huge restriction and limits many extremely valuable use cases, but it’s important that we start safe and build up from there.
6. Ask first
Should we lock out background tasks forever? There is great potential in the new web standard called service workers, which allows websites to work offline and also in the background. This would allow a website to offer very useful automatic services (like turning on your driveway lights when you approach your house). While it may be possible to collect beacon information safely, actually contacting the website should be an opt-in request by the user.
I could go on and on, because security and privacy are complex topics. In fact, I’m sure people will point out some security concerns with the examples I’ve listed. That is to be encouraged, because we can only fix a system if we work on it together in the open. We should always be finding ways to improve it.
The real issue
In conclusion, the real issue is whether or not we can find that initial vision that protects the user yet still excites our imaginations, thus motivating a continual path of improvement. This post hasn’t tried to sell the vision of the Physical Web. Instead, this article is an appeal to have a thoughtful conversation about how to build it.
The web recently celebrated its 25th birthday. It’s been a bumpy road, but it’s looking pretty good right now; we as a community are proudly behind it, warts and all. The Physical Web aspires to be an extension of that success so that we can embrace this new beacon technology in a respectful, open and even human manner. It is also the only way we’ll outgrow the myopic insistence that every new technology must be under corporate control. It can’t possibly succeed if one company pushes it as a product. That it is the core learning of the web, if you ask me: the only way this will take hold and grow is if we, as a community, want it to.