The Store🔗

This was the precipitating announcement: VRChat releasing a beta for an in-game real-money store.

Paid Subscriptions: Now in Open Beta! — VRChat Over the last few years, we’ve talked about introducing something we’ve called the “Creator Economy,” and we’re finally ready to reveal what the first step of that effort is going to look like: Paid Subscriptions!

As it stands now, creators within VRChat have to jump through a series of complicated, frustrating hoops if they want to make money from their creations. For creators, this means having to set up a veritable Rube Goldberg machine, often requiring multiple external platforms and a lot of jank. For supporters, it means having to sign up for those same platforms… and then hope that the creator you’re trying to support set everything up correctly.

(The problem, of course, is that “frustrating jank” was designed by VRChat, and their “solution” is rentiering.)

Currently, the only thing to purchase is nebulous “subscriptions” that would map to different world or avatar features depending on the content. But more importantly, this creates a virtual in-game currency, and opens the door to future transaction opportunities. I’m especially thinking of something like an avatar store.

I quit playing VRChat two years ago, when they started to crack down on client-side modifications (which are good) by force-installing malware (which is bad) on players’ computers. Since then I’ve actually had a draft sitting somewhere about software architecture in general, and how you to evaluate whether it’s safe or a trap. And, how just by looking at the way VRChat is designed, you can tell it’s a trap they’re trying to spring on people.

The Store of Tomorrow🔗

Currently, the VRC Creator Economy is just a currency store and a developer api. Prior to this, there was no way for mapmakers to “charge users” for individual features; code is sandboxed, and you only know what VRC tells you, so you can’t just check against Patreon from within the game¹.

But the real jackpot for VRC is an avatar store. Currently, the real VRC economy works by creators creating avatars, maps, and other assets in the (mostly-)interchangeable Unity format, and then selling those to people. Most commonly this is seen in selling avatars, avatar templates, or custom commissioned avatars. Users buy these assets peer-to-peer.

This is the crucial point: individuals cannot get any content in the game without going through VRC. When you play VRChat, all content is streamed from VRChat’s servers anonymously by the proprietary client. There are no URLs, no files, no addressable content of any kind. (In fact, in the edge cases where avatars are discretely stored in files, in the cache, users get angry because of theft!) VRChat isn’t a layer over an open protocol, it’s its own closed system. Even with platforms like Twitter, at least there are files somewhere. But VRChat attacks the entire concept of files, structurally. The user knows nothing and trusts the server, end of story.

The API is the product🔗

Reddit and all these other companies who are making user-level API access prohibitively expensive have forgotten that the API is the product. - The API is the interface that lets you perform operations on the site. The operations a user can do are the product, they’re not auxiliary to it!

“Application programming interface” is a very formal, internal-sounding term for a system that is none of those things. The word “programming” in the middle comes from an age where using a personal computer at all was considered “programming” it.

What an API really is a high-level interface to the web application that is Reddit. Every action a user can take — viewing posts, posting, voting, commenting — goes from the app (which interfaces with the user) to the API (which interfaces with the Reddit server), gets processed by the server using whatever-they-use-it-doesn’t-matter, and the response is sent back to the user.

The API isn’t a god mode and it doesn’t provide any super-powers. It doesn’t let you do anything you can’t do as a user, as clearly evidenced by the fact that all the actions you do on the Reddit website go through the API too.

The Reddit website, the official Reddit app, and the Apollo app all interface with the user in different ways and on different platforms, but go through the same API to interact with what we understand as “Reddit”. The fact that the API is the machine interface without the human interface should also concisely explain why “API access” is all Apollo needs to build its own app.

Right now, you can view the announcement thread at https://www.reddit.com/r/apolloapp/comments/144f6xm/apollo_will_close_down_on_june_30th_reddits/, and you can view the “API” data for the same thread at https://www.reddit.com/r/apolloapp/comments/144f6xm/apollo_will_close_down_on_june_30th_reddits.json. It’s not very fun to look at, but it’s easy to tell what you’re looking at: the fundamental representation of the page without all the trappings of the interface.

Public APIs are good for both the user and the company. They’re a vastly more efficient way for people to interact with the service than by automating interaction (or “scraping”). Having an API cuts out an entire layer of expense that, without an API, Reddit would pay for.

The Reddit service is the application, and you interface with it through WHATEVER. Whatever browser you want, whatever browser extensions you want, whatever model phone you want, whatever app you want. This is fundamentally necessary for operability and accessibility.

The API is the service. The mechanical ability to post and view and organize is what makes Reddit valuable, not its frontend. Their app actually takes the core service offering and makes it less attractive to users, which is why they were willing to pay money for an alternative!

Netflix’s pricing model🔗

So, first, what are multi-user accounts in the first place, and how does “password sharing” relate to that?

Human Agency: Why Property is Good🔗

or, “Gio is not a marxist, or if he is he’s a very bad one”

First: individual autonomy — our agency, our independence, and our right to make our own choices about our own lives — is threatened by the current digital ecosystem. Our tools are powered by software, controlled by software, and inseparable from their software, and so the companies that control that software have a degree of control over us proportional to how much of our lives relies on software. That’s an ever-increasing share.

History of twitter verification🔗

Twitter first introduced verification in 2009, when baseball man Tony La Russa sued Twitter for letting someone set up a parody account using his name. It was a frivolous lawsuit by a frivolous man who has since decided he’s happy using Twitter to market himself, but Twitter used the attention to announce their own approach to combating impersonation on Twitter: Verified accounts.

The Mastodon Context🔗

The “he” Mastodon is referring to is ex-president-turned-insurrectionist Donald Trump, who, because his fellow-insurrectionist friends and fans are subject to basic moderation policies on most of the internet, decided to start his own social network, “Truth Social”. In contrast to platforms moderated by the “tyranny of big tech”, Truth Social would have principles of Free Speech, like “don’t read the site”, “don’t link to the site”, “don’t criticise the site”, “don’t use all-caps”, and “don’t disparage the site or us”. There are a lot of problems here already, but because everything Trump does is terrible and nobody who likes him can create anything worthwhile, instead of actually making a social networking platform, they just stole Mastodon wholesale.

Mastodon is an open-source alternative social networking platform. It’s licensed under an open license (the AGPLv3), so you are allowed to clone it and even rebrand it for your own purposes as was done here. What you absolutely are not allowed to do is claim the codebase is your own proprietary work, deliberately obscure the changes you made to the codebase, or make any part of the AGPL-licensed codebase (including your modifications) unavailable to the public. All of which Truth Social does.

So that’s the scandal. And so here’s Mastodon poking some fun at that.

The Basics🔗

YouTube has three kinds of videos: Public, Unlisted, and Private. Public videos are the standard videos that show up in searches. Private videos are protected, and can only be seen by specific YouTube accounts you explicitly invite. Unlisted videos are simply unlisted: anyone with the link can view, but the video doesn’t turn up automatically in search results.

Unlisted videos are obviously great, for a lot of reasons. You can just upload videos to YouTube and share them with relevant communities — embed them on your pages, maybe — without worrying about all the baggage of YouTube as a Platform.

What Google is trying to do here is roll out improvements they made to the unlisted URL generation system to make it harder for bots and scrapers to index videos people meant to be semi-private. This is a good thing. The way they’re doing it breaks every link to the vast majority of unlisted videos, including shared links and webpage embeds. This is a tremendously bad thing. I am not the first to notice this.

Oh good, you broke links again🔗

See, I just kind of sighed when I saw this, because this isn’t the first time I’ve lived through it. On March 15, 2017, Dropbox killed their public folder. Prior to that, Dropbox had a service where you could upload files to a special “Public” folder. This let you easily share links to those files with anyone — or groups of people — without having to explicitly invite them by email, and make them register a Dropbox account. Sound familiar?

Client/Server architecture in 5 seconds🔗

All web services, Twitter included, aren’t just one big magic thing. You can model how web apps work as two broad categories: the client and the server. The client handles all your input and output: posts you make, posts you see, things you can do. The server handles most of the real logic: what information gets sent to the client, how posts are stored, who is allowed to log in as what accounts, etc.

Copyright law really sucks for fanartists, actually🔗

Just gonna get this one out of the way right off the bat. Copyright law gives IP owners a tremendous amount of power over what’s done with their characters and designs, even extending far into derivative fanart. If you own Homestuck, you actually can take someone to court over selling merch of their fantroll, and probably win. That’s not a great starting point, but it’s the truth.

Eevee has a great write-up of why this is bad. I’d also point you to Tom Scott’s video about how copyright law isn’t designed for intermediate platforms like Redbubble, but suffice it to say, yeah, copyright law really sucks for fanartists, actually.

This is the most complex thing going on here, certainly, but it’s not new and interesting. What is new and interesting, though, is

Redbubble forcing predatory licensing on people🔗

Now, copyright law sucks for fanartists, but that doesn’t explain what happened here.