With current technology, you can have an external camera record your computer screen and audio, use AI to extract the data and metadata, and physically move your mouse to interact. In the future, this is likely to become more effective and cheaper (eventually becoming possible to run locally, though even today it’s possible with a good GPU on simple UIs).
Lots of other comments argue for regulation mandating open APIs. I disagree, instead we should remove and prevent regulations that block scraping. We should also create alternative monetization paths for companies who currently monetize API access, since they’ll lose that monetization path, and it’s already suffering from piracy and illegal scraping.
Permit 3 hours ago [-]
> Once network effects crowded a few winners, the drawbridges slowly pulled up. Previously simple APIs evolved into complicated layers of access controls and pricing tiers. Winning platforms adjusted their APIs so you could support their platforms, but not build anything competitive. Perhaps the best example of this was Twitter’s 2012 policy adjustment which limited client 3rd party apps to a maximum of 100,000 users (they’ve since cut off all 3rd party clients).
One thing I haven't seen written about much is how these APIs turned into massive liabilities for privacy. If a Twitter API allows me to siphon tweets off of Twitter, you can never delete them. If a Facebook API allows (user-approved apps) to view the names of my friends and the pages they like, this data can be used to create targeted political ads for those users[1].
So a company considering creating a public-facing API must deal with the fact that:
1. This API could be helping my competitor
2. This API makes internal changes more difficult (typically there is a strong effort to maintain backwards compatibility).
3. If company XXX uses the API to extract data (that users have given them explicit access to), the ensuring scandal will not be called the "XXXX Data Scandal", but rather the "MYCOMPANY-XXX Data Scandal"[1].
> One thing I haven't seen written about much is how these APIs turned into massive liabilities for privacy. If a Twitter API allows me to siphon tweets off of Twitter, you can never delete them.
Is that really a privacy concern? Tweets are public. As soon as you post them, others can just save the page. No need for an API.
skybrian 2 hours ago [-]
Nowadays we expect popular tweets to be screenshotted, just as popular webpages are usually archived somewhere.
Bluesky has decided that it’s not a bug and is not going to be fixed: you can delete a post, but someone could have saved it, and worse, it’s digitally signed.
pfraze 2 hours ago [-]
We generally would characterize the monopolies as the bug, not the public nature of the data
skybrian 12 minutes ago [-]
Yeah, I don’t think it’s the wrong decision. Maybe I should have called it a design tradeoff.
Edit: editing posts is nice to have.
bunderbunder 22 minutes ago [-]
I haven't read it in 10 years, but this used to be pretty explicitly spelled out in Twitter's privacy policy, in plain language, in a way that I really appreciated. (Not that anyone ever reads the privacy policy.)
But it really does make sense. Nothing you publicly tweet can ever be private, nor is there any real way you can reliably take it back. Because as soon as the tweet's been transferred to someone else's device, they now have every bit as much control over that content as they do over any other content that makes it onto their device.
I'm a pretty pro-privacy person, to the point where I generally avoid social media sites. But this was also my policy back when I administered an oldschool Web forum: once it's posted, it's out of your control. Period. That's really the only policy for a public forum that makes any sense at all. If that's scary to you then maybe the things you're posting should be, y'know, kept private instead of being broadcast to the entire world.
tl;dr: group chats are actually pretty cool.
veqq 2 hours ago [-]
Precisely what kneecapped the semantic web. Why make it easier for the competition to take all of your data?
Y_Y 10 minutes ago [-]
I remember when the internet was collaboratorative rather than competitive. I think then tech companies got so big that they ran out of scientists and engineers and had to hire fairground hucksters.
MichaelZuo 2 hours ago [-]
It does like seem there are so many inherent disadvantages that the original proponents must have been confused or intentionally ignoring realistic factors…
It’s like they never even tallied up all plausible advantages and disadvantages in the first place. So how did anyone determine it was an overall net positive?
__MatrixMan__ 4 minutes ago [-]
Are you proposing that interoperability is not an overall net positive? If it's getting a bad rap right now it's just because it's not always simultaneously a competitive advantage. But that line of thinking is a race to the bottom.
I mean, why not just kill your competitors? Then your product, however bad, would be the only one. Clearly a net negative, but a competitive advantage.
What has changed is that we've recently lowered the bar for how much of a net positive we plan on shooting for. Top dog on the trash heap is, I guess, now an enviable position. Political factors, it would seem.
MichaelZuo 41 seconds ago [-]
Privacy, reputation risk, etc., seem like huge disadvantages… so it’s not clear at all if it’s a net positive overall.
Someone has to actually do that analysis in the first place.
ImPostingOnHN 1 hours ago [-]
> If a Twitter API allows me to siphon tweets off of Twitter, you can never delete them. If a Facebook API allows (user-approved apps) to view the names of my friends and the pages they like, this data can be used to create targeted political ads for those users[1].
Not only is this already possible (I can open up twitter and press "control-P"; I can open up Facebook and see names)*, but it's already being done by those companies. If you thought Cambridge Analytica was bad, imagine what Facebook is doing with even more user data.
That indicates that the issue isn't protecting users from that sort of abuse (since they are the abusers in that sense), but to prevent business competitors from doing the same and reduce user choice (eg users who don't want to have to have their eyes bleed to read their content on these sites).
If the goal is to keep information secret from X, disclosing it to X via 1 programmatic means while restricting it via another, fails to achieve that goal.
> So a company considering creating a public-facing API must deal with the fact that:
1. It could be helping users, which is more important to users than Facebook winning some corpo-war-on-data-access. Is it more important to Facebook et al, though? Clearly not, and therein lies the ethical failing of Facebook et al.
* - "but wait" I hear some saying, "you're just a human, you can't do that at scale!" Well: the data got on my computer screen programmatically, and it's trivial to reuse those methods to get the data you want. It's just an extra step or two that frustrates legitimate users.
walterbell 1 hours ago [-]
> don’t expect the platforms to let you compete easily.
Regulatory support of interoperability and competition:
1. EU mandated interoperability on mobile and messages.
2. US won antitrust legal case against Google. Remedy TBD.
3. Epic lawsuit enabled non-Apple payments and lower fees for content sale.
4. US has mandated that banks open up payment history data to 3rd parties.
5. US halted Facebook/Meta Libra/Diem digital currency.
6. China halted Ant Group digital currency.
exabrial 3 hours ago [-]
OAuth/APIs were a beautiful thing until the marketing departments figured out they could use it to spam even more people.
ChrisMarshallNY 8 hours ago [-]
…news broke that rival Meta, opens new tab is taking…
(emphasis mine)
Been awhile since I’ve seen this kind of content error.
io84 3 hours ago [-]
I wonder if that’s a dictation artefact
dbreunig 3 hours ago [-]
Not dictation…copy/paste I think. Thanks, fixed.
bsenftner 5 hours ago [-]
The moment MCP was announced, my first thoughts were "oh, those summer children". MPC is idyllic and not for this world.
spacecadet 4 hours ago [-]
Hacky scrapper go brrrr
seydor 8 hours ago [-]
I m optimistic, because LLMs can understand plain language. MCP won't last as the article correctly states, but you will always be able to say to your AI to open your email and search whatever. And companies cannot block you from doing that as long as it is your own PC / Phone.
If we do allow companies to block AI agents from accessing our own computers and data, then the users are to blame for falling again into another BigTech trap.
bobbiechen 2 hours ago [-]
I am less optimistic. Even paid products like Netflix or the Amazon Kindle are ad-monetized now.
I think the current useful state of consumer LLMs is a temporary subsidy, and the incentives to add ads are too large. And that will change everything, even tools that should work for the user. I recently wrote a blog post on this: https://digitalseams.com/blog/the-ai-lifestyle-subsidy-is-go...
msgodel 6 hours ago [-]
I think the demand for this will actually kill closed ecosystems like iOS. I feel strongly enough about this that I'm shorting Apple over it. They won't be able to get it right because every integration will have to be canned while companies giving the LLMs/users a shell will allow them to do anything. People get confused because that used to not matter, most users couldn't do anything with a shell. That's no longer the case with LLMs.
robertlagrant 5 hours ago [-]
> I feel strongly enough about this that I'm shorting Apple over it.
How long do you think it will take for this to meaningfully override Apple's share price?
msgodel 5 hours ago [-]
I think it's already starting. Apple can't produce anything people just have to have anymore because of the attitude that's causing this. You can see this in their sales numbers.
freeone3000 3 hours ago [-]
I am completely uninterested to going back to the privacy-stealing, ad-infested nightmare that is Android. Besides, what would I even gain? iOS 25 just got live translation in calls and item extraction from screen (not just photos). So what am I missing?
msgodel 3 hours ago [-]
I think you should read and/or think more carefully.
achierius 2 hours ago [-]
This seems unrelated to your original thesis though, no?
layer8 3 hours ago [-]
People “have to have” an iPhone because it’s a status symbol. Not sure how AI is going to change that.
msgodel 3 hours ago [-]
So was the Blackberry. Better radios and mobile SOCs absolutely changed that.
Mathias Wandel (an ex Blackberry engineer) has a neat video where he explains exactly how that happened and the attitudes are strikingly similar to the ones today.
skybrian 2 hours ago [-]
I think you’re extrapolating too much from the enthusiasm of early adopters? There is widespread skepticism about AI. A lot of people aren’t that eager to use it and resent having new AI features pushed on them by overenthusiastic vendors.
Maybe users would rather keep their data safe than have it exfiltrated by a confused AI?
_heimdall 3 hours ago [-]
MCPs are, in part, a response to the difficulties LLM companies had when trying out LLMs interact online by visually navigation the screen.
They need APIs for it to be efficient. For whatever reason they didn't choose to use accessibility tooling to automate agents, and we haven't written REST APIs for 20+ years - they're left hoping a newly designed protocol will fix it.
visarga 7 hours ago [-]
Computer use over screen and keyboard comes to the rescue
robertheadley 10 hours ago [-]
I am still mad that Facebook mostly abandoned the Open Graph protocol on their own sites.
mxmilkiib 9 hours ago [-]
for me, when both Facebook and Google rejected Jabber/XMPP federation :(
but yeah, in general, what happened to the dream of true Data Portability?
rahoulb 4 hours ago [-]
As other posters have said - capitalism.
But also privacy - it would be amazing to just be able to connect to any app or service you want, interact and react to stuff that's happening _over there_.
However, do you want any old app or service connecting to _your_ data, siphoning it and selling it on (and, at best, burying their use of your data in a huge terms of service document that no-one reads, at worst, lying about what they do with that information)? So you have to add access controls that are either intrusive and/or complex, or, more likely, just ignored. Then the provider gets sued for leaking data and we're in a situation where no-one dares open up.
JumpCrisscross 8 hours ago [-]
> what happened to the dream of true Data Portability?
It got muddled into the privacy/security debate and then we all got distracted.
julik 6 hours ago [-]
Capitalism happened. My hope is on regulation - I don't see any other force being capable of prying these moat cans open.
immibis 7 hours ago [-]
Capitalism happened. You can't extract value if the usership can flow away from your site like water.
9 hours ago [-]
eadmund 7 hours ago [-]
At the end of the day, servers and software engineers cost money. One way to pay for things is ads, but ads are hostile to integrations (because there is no good way to guarantee ads will be shown) — I believe this is why Twitter and Reddit killed their third-party clients. But there are alternate ways to pay for things, e.g. subscriptions. The good news here is that the sorts of things one pays for are IMHO more likely to be the sorts of things worth MCPing together. Using MCP to post to Reddit or Twitter? Low value, to oneself and to society. Using MCP to work with one’s AWS account? Higher value.
Incidentally, why do the article’s links all use strikethrough rather than underlines? Is this a deliberate style choice, or some Chrome/Firefox/Safari incompatibility? It’s pretty ugly.
bigmattystyles 12 hours ago [-]
Laughs/Cries in SAP
_jholland 8 hours ago [-]
I have made it my mission to conquer SAP and gain control of our own critical financial data.
As a business, they uniquely leverage inefficient and clunky design to drive profit. Simply because they haven’t documented their systems sufficiently, it is “industry standard practice” to go straight to a £100/hr+ consultant to build what should be straightforward integrations and perform basic IT Admin procedures.
Through many painful late nights I have waded through their meticulously constructed labyrinth of undocumented parameters and gotchas built on foot-guns to eventually get to both build and configure an SAP instance from scratch and expose a complete API in Python.
It is for me a David and Goliath moment, carrying more value than the consultancy fees and software licences I've spared my company.
jgraettinger1 4 hours ago [-]
Hi, I’m a cofounder / CTO of estuary.dev. Our whole mission is democratizing and enabling use of data within orgs.
Open to a conversation about your work here? Reach me at johnny at estuary dot dev.
piva00 8 hours ago [-]
It's unfortunate it is your employer's IP, this shim on top of SAP would be extremely valuable if you sold as another product to enable internal teams in SAP-world corporations to develop without the knowledge of SAP arcana.
robertlagrant 5 hours ago [-]
Yes I would strongly recommend monetising this, even though you'd have to rebuild it from scratch. Worth filling in a Y Combinator application?
dbreunig 1 hours ago [-]
Yes, look up Winshuttle.
A very successful company with some of the happiest customers I’ve ever seen, whose entire product was a SAP hack that allowed people to enter their data using Excel. As someone unfamiliar with SAP, absolutely blew my mind.
renewiltord 9 hours ago [-]
It's inevitable. You can't afford to just provide a platform for free that someone else monetizes. I wonder what API plans are reasonable:
* Just let your users pay for API access at a per-call rate
* Charge app developer per user
The problem is that ultimately the LTV of the average user is high, but this is skewed up by the most valuable users who will switch to a different app that will inevitably attempt to hijack your userbase once they control enough of your users.
A classic example is that imgur became a social network of its own once it had enough Reddit users and only Reddit doing their own image/video hosting stemmed that bleeding.
And then there's the fact that if you choose the payment-based approaches, one app will suction the data out and compete with you for it; inevitably some user will lose his data through some app breach and blame you; and the basic app any newbie developer will build will be "yours but ad-free" which is fine for him because you're paying the development and hosting costs of the entire infra.
It's no surprise everyone converges on preventing API access. Even Metafilter does.
I'm curious if anyone has an idea for API access that can nonetheless be a successful company. Everyone's always got some idea with negative margin and negative feedback loops which they bill as "but that won't make you a billionaire" (that's true, because your company will fail) but I wonder if there is some way that could work without ruining social network network-effects etc.
immibis 7 hours ago [-]
Probably not. But there can be API access from a nonsuccessful noncompany - look at Fediverse or whatever.
tempodox 2 hours ago [-]
> But it didn’t last.
Of course not. All this gatekeeping is how every Tom, Dick and Harriette make their money and wrestle for dominance. Believing that any specific tech would fundamentally change that is hopelessly naive. The honeymoon phases that make it look like it could be different this time around are merely there to lock in lots of users.
It's in the nature of capitalism and that's not a technological issue.
Lots of other comments argue for regulation mandating open APIs. I disagree, instead we should remove and prevent regulations that block scraping. We should also create alternative monetization paths for companies who currently monetize API access, since they’ll lose that monetization path, and it’s already suffering from piracy and illegal scraping.
One thing I haven't seen written about much is how these APIs turned into massive liabilities for privacy. If a Twitter API allows me to siphon tweets off of Twitter, you can never delete them. If a Facebook API allows (user-approved apps) to view the names of my friends and the pages they like, this data can be used to create targeted political ads for those users[1].
So a company considering creating a public-facing API must deal with the fact that:
1. This API could be helping my competitor
2. This API makes internal changes more difficult (typically there is a strong effort to maintain backwards compatibility).
3. If company XXX uses the API to extract data (that users have given them explicit access to), the ensuring scandal will not be called the "XXXX Data Scandal", but rather the "MYCOMPANY-XXX Data Scandal"[1].
[1] https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Ana...
Is that really a privacy concern? Tweets are public. As soon as you post them, others can just save the page. No need for an API.
Bluesky has decided that it’s not a bug and is not going to be fixed: you can delete a post, but someone could have saved it, and worse, it’s digitally signed.
Edit: editing posts is nice to have.
But it really does make sense. Nothing you publicly tweet can ever be private, nor is there any real way you can reliably take it back. Because as soon as the tweet's been transferred to someone else's device, they now have every bit as much control over that content as they do over any other content that makes it onto their device.
I'm a pretty pro-privacy person, to the point where I generally avoid social media sites. But this was also my policy back when I administered an oldschool Web forum: once it's posted, it's out of your control. Period. That's really the only policy for a public forum that makes any sense at all. If that's scary to you then maybe the things you're posting should be, y'know, kept private instead of being broadcast to the entire world.
tl;dr: group chats are actually pretty cool.
It’s like they never even tallied up all plausible advantages and disadvantages in the first place. So how did anyone determine it was an overall net positive?
I mean, why not just kill your competitors? Then your product, however bad, would be the only one. Clearly a net negative, but a competitive advantage.
What has changed is that we've recently lowered the bar for how much of a net positive we plan on shooting for. Top dog on the trash heap is, I guess, now an enviable position. Political factors, it would seem.
Someone has to actually do that analysis in the first place.
Not only is this already possible (I can open up twitter and press "control-P"; I can open up Facebook and see names)*, but it's already being done by those companies. If you thought Cambridge Analytica was bad, imagine what Facebook is doing with even more user data.
That indicates that the issue isn't protecting users from that sort of abuse (since they are the abusers in that sense), but to prevent business competitors from doing the same and reduce user choice (eg users who don't want to have to have their eyes bleed to read their content on these sites).
If the goal is to keep information secret from X, disclosing it to X via 1 programmatic means while restricting it via another, fails to achieve that goal.
> So a company considering creating a public-facing API must deal with the fact that:
1. It could be helping users, which is more important to users than Facebook winning some corpo-war-on-data-access. Is it more important to Facebook et al, though? Clearly not, and therein lies the ethical failing of Facebook et al.
* - "but wait" I hear some saying, "you're just a human, you can't do that at scale!" Well: the data got on my computer screen programmatically, and it's trivial to reuse those methods to get the data you want. It's just an extra step or two that frustrates legitimate users.
Regulatory support of interoperability and competition:
(emphasis mine)
Been awhile since I’ve seen this kind of content error.
If we do allow companies to block AI agents from accessing our own computers and data, then the users are to blame for falling again into another BigTech trap.
I think the current useful state of consumer LLMs is a temporary subsidy, and the incentives to add ads are too large. And that will change everything, even tools that should work for the user. I recently wrote a blog post on this: https://digitalseams.com/blog/the-ai-lifestyle-subsidy-is-go...
How long do you think it will take for this to meaningfully override Apple's share price?
Mathias Wandel (an ex Blackberry engineer) has a neat video where he explains exactly how that happened and the attitudes are strikingly similar to the ones today.
Maybe users would rather keep their data safe than have it exfiltrated by a confused AI?
They need APIs for it to be efficient. For whatever reason they didn't choose to use accessibility tooling to automate agents, and we haven't written REST APIs for 20+ years - they're left hoping a newly designed protocol will fix it.
but yeah, in general, what happened to the dream of true Data Portability?
But also privacy - it would be amazing to just be able to connect to any app or service you want, interact and react to stuff that's happening _over there_.
However, do you want any old app or service connecting to _your_ data, siphoning it and selling it on (and, at best, burying their use of your data in a huge terms of service document that no-one reads, at worst, lying about what they do with that information)? So you have to add access controls that are either intrusive and/or complex, or, more likely, just ignored. Then the provider gets sued for leaking data and we're in a situation where no-one dares open up.
It got muddled into the privacy/security debate and then we all got distracted.
Incidentally, why do the article’s links all use strikethrough rather than underlines? Is this a deliberate style choice, or some Chrome/Firefox/Safari incompatibility? It’s pretty ugly.
As a business, they uniquely leverage inefficient and clunky design to drive profit. Simply because they haven’t documented their systems sufficiently, it is “industry standard practice” to go straight to a £100/hr+ consultant to build what should be straightforward integrations and perform basic IT Admin procedures.
Through many painful late nights I have waded through their meticulously constructed labyrinth of undocumented parameters and gotchas built on foot-guns to eventually get to both build and configure an SAP instance from scratch and expose a complete API in Python.
It is for me a David and Goliath moment, carrying more value than the consultancy fees and software licences I've spared my company.
Open to a conversation about your work here? Reach me at johnny at estuary dot dev.
A very successful company with some of the happiest customers I’ve ever seen, whose entire product was a SAP hack that allowed people to enter their data using Excel. As someone unfamiliar with SAP, absolutely blew my mind.
* Just let your users pay for API access at a per-call rate
* Charge app developer per user
The problem is that ultimately the LTV of the average user is high, but this is skewed up by the most valuable users who will switch to a different app that will inevitably attempt to hijack your userbase once they control enough of your users.
A classic example is that imgur became a social network of its own once it had enough Reddit users and only Reddit doing their own image/video hosting stemmed that bleeding.
And then there's the fact that if you choose the payment-based approaches, one app will suction the data out and compete with you for it; inevitably some user will lose his data through some app breach and blame you; and the basic app any newbie developer will build will be "yours but ad-free" which is fine for him because you're paying the development and hosting costs of the entire infra.
It's no surprise everyone converges on preventing API access. Even Metafilter does.
I'm curious if anyone has an idea for API access that can nonetheless be a successful company. Everyone's always got some idea with negative margin and negative feedback loops which they bill as "but that won't make you a billionaire" (that's true, because your company will fail) but I wonder if there is some way that could work without ruining social network network-effects etc.
Of course not. All this gatekeeping is how every Tom, Dick and Harriette make their money and wrestle for dominance. Believing that any specific tech would fundamentally change that is hopelessly naive. The honeymoon phases that make it look like it could be different this time around are merely there to lock in lots of users.
It's in the nature of capitalism and that's not a technological issue.