> Once network effects crowded a few winners, the drawbridges slowly pulled up. Previously simple APIs evolved into complicated layers of access controls and pricing tiers. Winning platforms adjusted their APIs so you could support their platforms, but not build anything competitive. Perhaps the best example of this was Twitter’s 2012 policy adjustment which limited client 3rd party apps to a maximum of 100,000 users (they’ve since cut off all 3rd party clients).
One thing I haven't seen written about much is how these APIs turned into massive liabilities for privacy. If a Twitter API allows me to siphon tweets off of Twitter, you can never delete them. If a Facebook API allows (user-approved apps) to view the names of my friends and the pages they like, this data can be used to create targeted political ads for those users[1].
So a company considering creating a public-facing API must deal with the fact that:
1. This API could be helping my competitor
2. This API makes internal changes more difficult (typically there is a strong effort to maintain backwards compatibility).
3. If company XXX uses the API to extract data (that users have given them explicit access to), the ensuring scandal will not be called the "XXXX Data Scandal", but rather the "MYCOMPANY-XXX Data Scandal"[1].
Nowadays we expect popular tweets to be screenshotted, just as popular webpages are usually archived somewhere.
Bluesky has decided that it’s not a bug and is not going to be fixed: you can delete a post, but someone could have saved it, and worse, it’s digitally signed.
pfraze 5 minutes ago [-]
We generally would characterize the monopolies as the bug, not the public nature of the data
veqq 28 minutes ago [-]
Precisely what kneecapped the semantic web. Why make it easier for the competition to take all of your data?
MichaelZuo 54 minutes ago [-]
It does like seem there are so many inherent disadvantages that the original proponents must have been confused or intentionally ignoring realistic factors…
It’s like they never even tallied up all plausible advantages and disadvantages in the first place. So how did anyone determine it was an overall net positive?
exabrial 1 hours ago [-]
OAuth/APIs were a beautiful thing until the marketing departments figured out they could use it to spam even more people.
ChrisMarshallNY 6 hours ago [-]
…news broke that rival Meta, opens new tab is taking…
(emphasis mine)
Been awhile since I’ve seen this kind of content error.
io84 2 hours ago [-]
I wonder if that’s a dictation artefact
dbreunig 2 hours ago [-]
Not dictation…copy/paste I think. Thanks, fixed.
seydor 6 hours ago [-]
I m optimistic, because LLMs can understand plain language. MCP won't last as the article correctly states, but you will always be able to say to your AI to open your email and search whatever. And companies cannot block you from doing that as long as it is your own PC / Phone.
If we do allow companies to block AI agents from accessing our own computers and data, then the users are to blame for falling again into another BigTech trap.
bobbiechen 27 minutes ago [-]
I am less optimistic. Even paid products like Netflix or the Amazon Kindle are ad-monetized now.
I think the current useful state of consumer LLMs is a temporary subsidy, and the incentives to add ads are too large. And that will change everything, even tools that should work for the user. I recently wrote a blog post on this: https://digitalseams.com/blog/the-ai-lifestyle-subsidy-is-go...
_heimdall 2 hours ago [-]
MCPs are, in part, a response to the difficulties LLM companies had when trying out LLMs interact online by visually navigation the screen.
They need APIs for it to be efficient. For whatever reason they didn't choose to use accessibility tooling to automate agents, and we haven't written REST APIs for 20+ years - they're left hoping a newly designed protocol will fix it.
msgodel 4 hours ago [-]
I think the demand for this will actually kill closed ecosystems like iOS. I feel strongly enough about this that I'm shorting Apple over it. They won't be able to get it right because every integration will have to be canned while companies giving the LLMs/users a shell will allow them to do anything. People get confused because that used to not matter, most users couldn't do anything with a shell. That's no longer the case with LLMs.
skybrian 37 minutes ago [-]
I think you’re extrapolating too much from the enthusiasm of early adopters? There is widespread skepticism about AI. A lot of people aren’t that eager to use it and resent having new AI features pushed on them by overenthusiastic vendors.
Maybe users would rather keep their data safe than have it exfiltrated by a confused AI?
robertlagrant 4 hours ago [-]
> I feel strongly enough about this that I'm shorting Apple over it.
How long do you think it will take for this to meaningfully override Apple's share price?
msgodel 4 hours ago [-]
I think it's already starting. Apple can't produce anything people just have to have anymore because of the attitude that's causing this. You can see this in their sales numbers.
achierius 45 minutes ago [-]
This seems unrelated to your original thesis though, no?
freeone3000 1 hours ago [-]
I am completely uninterested to going back to the privacy-stealing, ad-infested nightmare that is Android. Besides, what would I even gain? iOS 25 just got live translation in calls and item extraction from screen (not just photos). So what am I missing?
msgodel 1 hours ago [-]
I think you should read and/or think more carefully.
layer8 2 hours ago [-]
People “have to have” an iPhone because it’s a status symbol. Not sure how AI is going to change that.
msgodel 1 hours ago [-]
So was the Blackberry. Better radios and mobile SOCs absolutely changed that.
Mathias Wandel (an ex Blackberry engineer) has a neat video where he explains exactly how that happened and the attitudes are strikingly similar to the ones today.
visarga 6 hours ago [-]
Computer use over screen and keyboard comes to the rescue
bsenftner 3 hours ago [-]
The moment MCP was announced, my first thoughts were "oh, those summer children". MPC is idyllic and not for this world.
spacecadet 3 hours ago [-]
Hacky scrapper go brrrr
robertheadley 8 hours ago [-]
I am still mad that Facebook mostly abandoned the Open Graph protocol on their own sites.
mxmilkiib 7 hours ago [-]
for me, when both Facebook and Google rejected Jabber/XMPP federation :(
but yeah, in general, what happened to the dream of true Data Portability?
rahoulb 3 hours ago [-]
As other posters have said - capitalism.
But also privacy - it would be amazing to just be able to connect to any app or service you want, interact and react to stuff that's happening _over there_.
However, do you want any old app or service connecting to _your_ data, siphoning it and selling it on (and, at best, burying their use of your data in a huge terms of service document that no-one reads, at worst, lying about what they do with that information)? So you have to add access controls that are either intrusive and/or complex, or, more likely, just ignored. Then the provider gets sued for leaking data and we're in a situation where no-one dares open up.
JumpCrisscross 7 hours ago [-]
> what happened to the dream of true Data Portability?
It got muddled into the privacy/security debate and then we all got distracted.
immibis 6 hours ago [-]
Capitalism happened. You can't extract value if the usership can flow away from your site like water.
julik 4 hours ago [-]
Capitalism happened. My hope is on regulation - I don't see any other force being capable of prying these moat cans open.
8 hours ago [-]
eadmund 6 hours ago [-]
At the end of the day, servers and software engineers cost money. One way to pay for things is ads, but ads are hostile to integrations (because there is no good way to guarantee ads will be shown) — I believe this is why Twitter and Reddit killed their third-party clients. But there are alternate ways to pay for things, e.g. subscriptions. The good news here is that the sorts of things one pays for are IMHO more likely to be the sorts of things worth MCPing together. Using MCP to post to Reddit or Twitter? Low value, to oneself and to society. Using MCP to work with one’s AWS account? Higher value.
Incidentally, why do the article’s links all use strikethrough rather than underlines? Is this a deliberate style choice, or some Chrome/Firefox/Safari incompatibility? It’s pretty ugly.
bigmattystyles 10 hours ago [-]
Laughs/Cries in SAP
_jholland 7 hours ago [-]
I have made it my mission to conquer SAP and gain control of our own critical financial data.
As a business, they uniquely leverage inefficient and clunky design to drive profit. Simply because they haven’t documented their systems sufficiently, it is “industry standard practice” to go straight to a £100/hr+ consultant to build what should be straightforward integrations and perform basic IT Admin procedures.
Through many painful late nights I have waded through their meticulously constructed labyrinth of undocumented parameters and gotchas built on foot-guns to eventually get to both build and configure an SAP instance from scratch and expose a complete API in Python.
It is for me a David and Goliath moment, carrying more value than the consultancy fees and software licences I've spared my company.
jgraettinger1 2 hours ago [-]
Hi, I’m a cofounder / CTO of estuary.dev. Our whole mission is democratizing and enabling use of data within orgs.
Open to a conversation about your work here? Reach me at johnny at estuary dot dev.
piva00 7 hours ago [-]
It's unfortunate it is your employer's IP, this shim on top of SAP would be extremely valuable if you sold as another product to enable internal teams in SAP-world corporations to develop without the knowledge of SAP arcana.
robertlagrant 4 hours ago [-]
Yes I would strongly recommend monetising this, even though you'd have to rebuild it from scratch. Worth filling in a Y Combinator application?
renewiltord 8 hours ago [-]
It's inevitable. You can't afford to just provide a platform for free that someone else monetizes. I wonder what API plans are reasonable:
* Just let your users pay for API access at a per-call rate
* Charge app developer per user
The problem is that ultimately the LTV of the average user is high, but this is skewed up by the most valuable users who will switch to a different app that will inevitably attempt to hijack your userbase once they control enough of your users.
A classic example is that imgur became a social network of its own once it had enough Reddit users and only Reddit doing their own image/video hosting stemmed that bleeding.
And then there's the fact that if you choose the payment-based approaches, one app will suction the data out and compete with you for it; inevitably some user will lose his data through some app breach and blame you; and the basic app any newbie developer will build will be "yours but ad-free" which is fine for him because you're paying the development and hosting costs of the entire infra.
It's no surprise everyone converges on preventing API access. Even Metafilter does.
I'm curious if anyone has an idea for API access that can nonetheless be a successful company. Everyone's always got some idea with negative margin and negative feedback loops which they bill as "but that won't make you a billionaire" (that's true, because your company will fail) but I wonder if there is some way that could work without ruining social network network-effects etc.
immibis 6 hours ago [-]
Probably not. But there can be API access from a nonsuccessful noncompany - look at Fediverse or whatever.
tempodox 45 minutes ago [-]
> But it didn’t last.
Of course not. All this gatekeeping is how every Tom, Dick and Harriette make their money and wrestle for dominance. Believing that any specific tech would fundamentally change that is hopelessly naive. The honeymoon phases that make it look like it could be different this time around are merely there to lock in lots of users.
It's in the nature of capitalism and that's not a technological issue.
One thing I haven't seen written about much is how these APIs turned into massive liabilities for privacy. If a Twitter API allows me to siphon tweets off of Twitter, you can never delete them. If a Facebook API allows (user-approved apps) to view the names of my friends and the pages they like, this data can be used to create targeted political ads for those users[1].
So a company considering creating a public-facing API must deal with the fact that:
1. This API could be helping my competitor
2. This API makes internal changes more difficult (typically there is a strong effort to maintain backwards compatibility).
3. If company XXX uses the API to extract data (that users have given them explicit access to), the ensuring scandal will not be called the "XXXX Data Scandal", but rather the "MYCOMPANY-XXX Data Scandal"[1].
[1] https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Ana...
Bluesky has decided that it’s not a bug and is not going to be fixed: you can delete a post, but someone could have saved it, and worse, it’s digitally signed.
It’s like they never even tallied up all plausible advantages and disadvantages in the first place. So how did anyone determine it was an overall net positive?
(emphasis mine)
Been awhile since I’ve seen this kind of content error.
If we do allow companies to block AI agents from accessing our own computers and data, then the users are to blame for falling again into another BigTech trap.
I think the current useful state of consumer LLMs is a temporary subsidy, and the incentives to add ads are too large. And that will change everything, even tools that should work for the user. I recently wrote a blog post on this: https://digitalseams.com/blog/the-ai-lifestyle-subsidy-is-go...
They need APIs for it to be efficient. For whatever reason they didn't choose to use accessibility tooling to automate agents, and we haven't written REST APIs for 20+ years - they're left hoping a newly designed protocol will fix it.
Maybe users would rather keep their data safe than have it exfiltrated by a confused AI?
How long do you think it will take for this to meaningfully override Apple's share price?
Mathias Wandel (an ex Blackberry engineer) has a neat video where he explains exactly how that happened and the attitudes are strikingly similar to the ones today.
but yeah, in general, what happened to the dream of true Data Portability?
But also privacy - it would be amazing to just be able to connect to any app or service you want, interact and react to stuff that's happening _over there_.
However, do you want any old app or service connecting to _your_ data, siphoning it and selling it on (and, at best, burying their use of your data in a huge terms of service document that no-one reads, at worst, lying about what they do with that information)? So you have to add access controls that are either intrusive and/or complex, or, more likely, just ignored. Then the provider gets sued for leaking data and we're in a situation where no-one dares open up.
It got muddled into the privacy/security debate and then we all got distracted.
Incidentally, why do the article’s links all use strikethrough rather than underlines? Is this a deliberate style choice, or some Chrome/Firefox/Safari incompatibility? It’s pretty ugly.
As a business, they uniquely leverage inefficient and clunky design to drive profit. Simply because they haven’t documented their systems sufficiently, it is “industry standard practice” to go straight to a £100/hr+ consultant to build what should be straightforward integrations and perform basic IT Admin procedures.
Through many painful late nights I have waded through their meticulously constructed labyrinth of undocumented parameters and gotchas built on foot-guns to eventually get to both build and configure an SAP instance from scratch and expose a complete API in Python.
It is for me a David and Goliath moment, carrying more value than the consultancy fees and software licences I've spared my company.
Open to a conversation about your work here? Reach me at johnny at estuary dot dev.
* Just let your users pay for API access at a per-call rate
* Charge app developer per user
The problem is that ultimately the LTV of the average user is high, but this is skewed up by the most valuable users who will switch to a different app that will inevitably attempt to hijack your userbase once they control enough of your users.
A classic example is that imgur became a social network of its own once it had enough Reddit users and only Reddit doing their own image/video hosting stemmed that bleeding.
And then there's the fact that if you choose the payment-based approaches, one app will suction the data out and compete with you for it; inevitably some user will lose his data through some app breach and blame you; and the basic app any newbie developer will build will be "yours but ad-free" which is fine for him because you're paying the development and hosting costs of the entire infra.
It's no surprise everyone converges on preventing API access. Even Metafilter does.
I'm curious if anyone has an idea for API access that can nonetheless be a successful company. Everyone's always got some idea with negative margin and negative feedback loops which they bill as "but that won't make you a billionaire" (that's true, because your company will fail) but I wonder if there is some way that could work without ruining social network network-effects etc.
Of course not. All this gatekeeping is how every Tom, Dick and Harriette make their money and wrestle for dominance. Believing that any specific tech would fundamentally change that is hopelessly naive. The honeymoon phases that make it look like it could be different this time around are merely there to lock in lots of users.
It's in the nature of capitalism and that's not a technological issue.