The Email/Browser marriage needed a prenup

 Those of you who know me may know I have an early Gmail address that beyond being very easy to guess is also exceptionally easy for people who aren't me to use as a throwaway. Being cornered by an aggressive car salesman, or a pesky free wifi access point? Look no further!

Over the years I'm dealt with an increasing number of spam messages, as well as a number of confused people who don't understand that my courtesy in replying to their heartfelt personal email (or legal action) doesn't correspond to the person they're really trying to reach. Mostly they're grateful, often polite but belligerent and confused isn't helpful to anyone really.

I've noticed that there are general classes of service that do a poor job with email verification or double-opt in. Car dealerships are one, realtors are another. I understand that requiring opt-in reduces your conversion rate, but... is it really if the person who clicked the link isn't the person at the other end of the email.

My email situation has degraded so much that I'm working on migration off Gmail. This is partly Gmail's fault too as their spam protection is no longer great. Whilst they may move a lot of messages to the Spam folder, they regularly flag legitimate messages from Instagram, Twitter, Facebook, Snapchat and Google as spam - and yes, I double checked the messages very carefully on the last one. At scale (and I stress, at scale - my spam folder has a steady state of ~60k messages in it, with the 30 day delete window) this system fails since looking at my spam folder for a legitimate message, when they're arriving 1-2 every minute, isn't feasible.

There's a hand off here between a browser visiting a web page and 'signing up' and the email round trip that is problematic. There is no standard, no ground rules or firm agreement, no prenup as it were, on how a web server can verify a user. It's understandable that a web site wants to be able to have a firm 'handle' on its users - email was first, mobile phone numbers are coming up quickly. The issue remains - at the limit, requiring a roundtrip and a handshake with the email account is broken.

Just to document a recent incident that illustrates all this coming together, I have (or rather had) a reddit account that I used mainly for browsing - the Seattle reddit, the Apple reddit, the usual. Rarely posted in over 14 years, barely squeaked over 200 karma (not a big fan of fake internet points). When I set it up over 14 years ago, I'd associated it with my very common gmail account. The gmail account that marks any email coming from Reddit as spam.

It turns out (I didn't know, because - never received emails) that it's quite easy to establish other reddit accounts using my email. I'm not clear if the individuals used a different email account to 'verify' and then switched to mine, or whether reddit still allows the user to post when waiting for verification (got to bump up those conversion numbers! Can't have friction!). Either way, a number of other users had my gmail account associated with them. Reddit also has this (on the surface rational) policy that being banned on one (maybe multiple) account(s) associated with the same email address will result in all accounts associated with that email account being banned. 

Which is what's happened to my old reddit account. I've tried the Reddit messaging system to appeal but the first 'you've been banned message' didn't have any details, nor did the appeal result, so I think that's that. As I said, low usage account so no great loss, but interesting failure at scale (and absolutely no recourse). Now that I trawl my Gmail spam folder for reddit messages I see spam messages for u/thinkofothers, u/appletinisforyourmom, u/MikeSmith328 and u/Darnold2375 telling them they've been banned (I can only search back so far), so clearly that's at least 4 other users with my email address that I haven't clicked on any verification link. Actually, none of those messages were addressed to me. Another delightful design decision consequence, Gmail's choice to ignore periods in email addresses means that the email address I use to sign in and send email from (with a period between names) is not in the email addresses that these four chuckleheads used. And yes, that means you can create two (or more) different accounts in the browser with just one email address, depending on how you sprinkle periods around.

My conclusions beyond the New Years social media detox and migrating from Gmail is that the identity handshake between browser and email is plain broken and needs a divorce.

Security Theater for Fraud Protection

 Many of experience processes where there's an appearance of 'something' being done, when the reality we're just experiencing 'theater'. Security theater, where we experience some 'safety procedure' that actually, when you think about it, isn't really making things safer. A close friend of security theater is shifting liability. They'll often go hand in hand - some 'security' process actually is just shifting liability from the company to you. We experience this with things like license agreements and terms of use (you read those, right?), or with hitting OK on the car navigation agreeing that it won't be used by the driver when driving. If something happens, well now, there's evidence you accepted or clicked, so it couldn't possibly be our fault, could it.

Fraud in banking is increasingly, with significant upticks since 2023.  There are many reasons for this, but an obvious cause is the increase in the possible ways that we can be fooled - from text messages, app notifications, unsolicited phone calls, the modern world is a wonder. So it's reasonable to think that banks would be reacting by providing better ways to protect us from fraud, no? Sadly this is not the case, with the banks falling cleanly into the "let's ensure we can reduce our liability" camp.

Let's step through an example (note, I won't name the bank, as the patterns are shared among many banks). I had occasion to do a wire transfer (domestically to another US bank). Given all the details (ABA routing number, account number, address etc), I decided on the following process.

1. Send a small wire transfer through to verify fund receipt.
2. Go to a bank branch in person and execute the wire transfer using the same details as in (1).

I reasoned that if the first is successful then the second (bigger) transfer would go through without problem as all identification / verification would occur in branch, and they'd re-use the same transfer details on my account, so all should be fine.

Step 1 goes flawlessly. Step 2 is less smooth than I would like, as despite having done the smaller transfer, the bank staff had to re-enter all the details again, requiring me to re-check the ABA routing and account number etc. Poor, but OK.

As I'm leaving the branch, the very helpful bank member is embarassed to explain that I may receive a call from fraud prevention to followup before this is sent. "Even though I'm physically here and you've verified everything?". "Even so.".

So, 20 minutes later I receive a call from "Scam Possible". I let it go to voicemail and review a message from fraud prevention, and please could I give them a call back. I call the number on the back of my bank card,  and then have to spend 15 minutes stepping through verification and a fixed set of questions around the purpose of the transfer, was I coerced, do I know the recipient, have I transferred money to them before, have I received money from them, until finally, do I acknowledge and accept the risk in making the transfer.

Then 30 minutes later I get another call from "Scam Possible", which is a repeat of the first. When I call up and ask why I'm having to repeat myself, there's no explanation.

So let's just break this down.

1. The bank is calling me from a number that someone has identified as "scam". More bluntly, the fraud department is trying to educate its clients that it's a good idea to pick up calls and hand over PII.
2. The bank had information about the recipient (in this case the receiver was me) and whether I'd transferred or received money before, but ignored it.
3. There's nothing in the questions that bank is asking that protects me. In theory I could be being held at gunpoint and be forced to answer the questions the way I did.
4. The bank is incompetent in its record keeping and has to go through the process twice.

I would argue that even if we sigh and accept that they want to shift liability, prompting within their banking app would be a much more secure (tied to biometrics) method. If we actually want to protect me, then having some mechanism for indicating 'held at gunpoint, don't transfer' that looks like I'm OKing the transfer would potentially be a better method.

It's clear though that the bank just wants to use security theater to shift liability, and doesn't care if it makes my life less safe when doing it.

Apple Cored

Beyond time at university, I've used Apple devices for much of the last 25 years. Use as a personal computer started when I worked at Microsoft, mainly as an easy defense against the "Oh, you work at Microsoft? I have a problem with <X>, can you help?" (a corollary to "You're from England, do you know <Y>?"). Far easier to say "So sorry, I use a Mac so I can't help you".

There was always a trade-off using a Mac. Apple's promise of giving the best experience by controlling both the hardware and the software sounded good, but the reality was Apple did a good job of optimizing for 'most people'. An Apple machine 'just worked'. Apple users rarely expected to have to type weird incantations or wield tools like Windows RegEdit to get their machines to work. Pretty much the machine worked and you could do what you needed to do, without worrying about the computer part. The trade-off came in the cost and the performance - you typically paid more for Apple's engineering, and weren't getting the highest performance components. For years, for example, Apple navigated the shift to Intel CPUs, high performance CPUs would come out that could be built into a Windows PC, whilst delays and premium pricing awaited the Apple faithful.

Then came the iPhone and other Apple devices, and I'd still argue Apple was operating by the same playbook. It wasn't that the same technology wasn't available elsewhere. It's just that Apple packaged it up and made it work so you could just use it seamlessly. I've used Android devices (part of working for Google) on and off, but iPhones have been a reasonable constant, with upgrades every 2-3 years.

With Steve's passing, Tim's supply chain management expertise became even more apparent. From the delayed migration to USB-C (really, the iPhone 14 Pro was lightning?), through to TouchID->FaceID migration (Android devices have both, but no, that's not the Apple way) and the slow rollout of better camera lenses, everything is at Apples pace, managing the bottom line.

There's unfortunately some rot in this world, and the iPhone 16 debut is the bifurcation point for me. Let's lay out a few things.

Firstly, with the launch of the Apple Watch and tying the watch to the phone (and the iCloud account), Apple gained a lot of stickiness. But unfortunately Apple just seemed to be less focused on quality. Health data (into which the Apple Watch pours its sensor info) can get very large (over 7Gb for me currently, without any abnormal use), which means transitioning a watch over to a new phone can be fickle. It was not great with the 15, but I had two weeks of failure to try and migrate to the 16 Pro. Just wouldn't migrate across. There are other bugs with the Apple Watch (I have a badge on day 2751 of 2750 towards a goal, for example), but getting the smooth migration to the 16 Pro wasn't working.

It's about now I should introduce the next flank of Apple's decline, and that's the troubleshooting experience. Search the forums, attend any genius bar, and the starting point will be "Have you backed up your device? Because what we're going to do is do a factory reset and restore.", The software version of "Turn it off and turn it on again". I'm sympathetic to a point - definitely a valuable tool in the fix it arsenal, but it's become the starting point (and often ending point) of troubleshooting. Here's the problem though - from a computer science perspective, what that process says is "We have something inconsistent in our software state that we're not going to try and debug. It could be a memory leak, or a data corruption error, or something more insidious in terms of how system, applications and data are interoperating. And we're not going to try and figure out why and make sure it doesn't happen again."

The reset and restore is going to lose any of that diagnostics, and just start again - meaning there's no explanation for the issue, or whether it might occur again. Users will often leave the Genius bar with their device working again (after waiting a while for the reset/restore purchase), without a thought to whether the issue will happen again. Try that approach with cars, or healthcare equipment, and I think you'd want a different answer.

So now you start doing more research and you find that other alternatives are quite attractive really. A Garmin watch which has days or even weeks of battery life for the same sensor data. An android phone with better cameras, biometrics (face and fingerprint both) at less than half the cost. So you conduct an experiment, and the final defense against switching - the applications, crumbles away.  The Android application versions of what you use are essentially the same, except that two of them don't crash the same way the iOS versions do.

So it feels like Apple's push into generative AI and rushing out iOS 18 and then point releases to get generative AI features in place, to consume more resources, is at the expense of platform quality. It's sad to see that Apple devices don't "just work" anymore.

One ring to rule them all?

 Despite the Lord of the Rings title, this post is actually about the dilemma that Apple (at least) is in when it comes to phone upgrades. Bear with me, it'll tie together I promise.

On one side, we have phone manufacturers who want to make it as easy as possible to migrate to a new phone. Having customers wait hours, or (gasp) carry out complicated steps isn't going to cut it. So, focusing on Apple a second, we have the ability to transfer to a new phone from an old, either directly or via an iCloud backup. Sounds like smooth sailing, right? At the end of the transfer, Apple even guides you to fully reseting your old phone ready for it's next life - perhaps being recycled back to Apple so the circle of life can continue. Not so fast though.

Various other parties aren't keen on the idea of having Apple rule everything, so they put friction in place to make their part of the world safer. Let's go through it :

Some eSIMs require a text message two-factor authentication to be sent (bet you're glad you didn't accept Apples offer to erase that old phone immediately after transfer now!) to ensure the move is legitimate.

Bluetooth migration may be simple for Apple devices (even the Apple Watch which will get a super special mention later), but if you've a connected car/house/water bottle/smart ring or something else not directly under Apple's control, be prepared to go pairing like there's no tomorrow.

Some banking apps want to be super secure, and either require you to bless the new phone from the old, or some other verification dance to make sure your money is safe.

Password managers (like Bitwarden) or secure messaging apps (like Signal) also need explicit steps to migrate across, from signing in through to manual transfer of end to end encrypted messages.

Authenticators. like Authy or Microsoft Authenticator, similarly are too 'powerful' to trust Apple's migration, so you need to sign in again there.

So - the tension is clearly there, where Apple is doing quite a bit of work behind the scenes, and would like to have the one ring to rule them all (I told you we'd get there) the other characters in this drama are not willing to cede that much control, for (on the surface of it) pretty sound reasons. Certainly reasons that each companies risk management team understands. But that friction means setting up a new phone isn't easy - it takes time. And woe betide you if you have a non-standard setup. What does that mean? Well, Apple (currently, weirdly, fortunately) supports the ability to have apps installed from two different AppleIds at the same time. Think one AppleID from one country that geofences its apps, another from your main country. But the migration is tied to an AppleID so what happens? What happens is you fall between the cracks, with apps from the secondary AppleID in a 'unable to install, but kind of here' state.

The only way round this is to re-build the new phone from scratch, signing in with the foreign AppleID first, installing the necessary Apps (once installed, Apple will update them without further fuss), then signing out and signing in to the main AppleID.

And then installing and setting up everything from scratch.

Every eSIM.

Every Bluetooth device.

Every banking app, every email account, every messaging app, every authenticator app, every password manager etc etc.

Oh, and the sync process with iCloud has no progress indicator, so don't even think about setting up that Apple Watch for a day or two, otherwise the multi-gigabytes of Health data (seriously Apple, what the hell is in there?) won't be fully in place, and your Apple Watch won't have any data to restore.

It's so painful and time consuming that I'm not doing it again.

So, Apple could fix things to make life easier, but ultimately there's a limit what they can do whilst lawyers and risk management people at other companies say "it's not secure enough, we need to be different". And who knows, given the pace of innovation in the mobile phone space is slowing, maybe the added friction is a good thing. For us, not for Apple though.

What's in a name?

 The following provides some information on a security vulnerability in id.me, an identity solution that has broad adoption in the USA, including integration with the Social Security Administration and other local and national government agencies.

First, a brief primer on names and email addresses.  RFC 5321 defines the Simple Mail Transport Protocol (SMTP) upon which email is based. Many enhancements and additions have been made around SMTP, most notably around spam protection. However the core aspects of an email address definition and how email is sent and received are unchanged. An email address is of the form recipient@domain, where recipient is a defined series of characters, and the domain is a registered domain. A server processing email on the domain decides on eventual delivery, and provision of a 'display name'. Let's have a few examples:

• "Michael Smith <mikesmith@gmail.com>" would refer to a display name of "Michael Smith" and a recipient of "mikesmith" on the domain gmail.com.

However, even though we know Mike is short for Michael, there's no requirement for the display name to match the recipient.

• "Michael Smith <immaterialscience@gmail.com>" would refer to a display name of "Michael Smith" and a recipient of "immaterialscience" on the domain gmail.com

OK, so that's fairly clear that there's no relationship, but what about this?

• "Albert Einstein <vonneumann@gmail.com>" would refer to a display name of "Albert Einstein" and a recipient of vonneumann on the domain gmail.com

Whilst this would be frowned upon from an etiquette perspective, there's nothing to prevent it from happening, because, again, there's no relationship.

Let's throw one more spanner in the works, with a specific particularity of Gmail.  Dots (periods) do not matter in gmail addresses. That is, the following email addresses are the same (taken from the Google support article example) :

• "John Smith <john.smith@gmail.com>"
• "Jack Smith <jo.hn.sm.ith@gmail.com>"
• "Robert Jones <j.o.h.n.s.m.i.t.h@gmail.com>"

(Side note : this can be exceptionally problematic where punctuation changes meaning, such as for therapist@gmail.com).

With that set up, let's proceed to id.me.

The first issue is that id. me doesn't verify email address ownership. That is, an individual can use an email address not belonging to them to establish an id.me account, and id.me doesn't check. Contrast this to many well behaved services that will send an email to the address entered and require the user to click on a link or enter a code contained in the message, to confirm ownership. id.me doesn't do this.

Next we'll combine this issue with the Gmail 'dot' peculiarity, to get the following :

Individual A signs up for id.me using "Individual A <noperiod@gmail.com>" as the email address for registration.

Individual B who owns "Individual B <no.period@gmail.com>" receives emails for this user.

Individual B can successfully reset the account for A (via email) and fully access Individual A's account.

Two additional vulnerabilities in id.me's design come to light if Individual B is a good actor and contacts id.me to attempt to correct their errors. Id.me will not allow account deletion without upload of documents (such as a drivers license) to prove identity. So, individual B, who didn't create the account but has access to it, has no way to delete the account without uploading their PII. Finally, id.me relies on security through obscurity in that they won't disclose the 'authoritative sources' that they check the upload id against.

Introducing "Quanta" to create a more balanced and valuable media ecosystem

The underlying economics for much of the web is driven by advertising. People generate data through interactions, publishers chase engagement for revenue, advertising platforms generate 100’s of billions of dollars in profit each year. I have been collaborating with Loren Kohnfelder on a number of projects, and in this area we believe that the consequences of this model have profoundly transformed web content and the way it is consumed, sacrificing civility, quality and independence for outrage, quantity and centralization. Let's consider a few different perspectives :

1. For people, engagement is mostly centered around social networking platforms (Facebook, Instagram, Tiktok, Twitter (or now "X"), Reddit etc) with a typical pattern being to locate content off-site (often from news or entertainment sites), reference and then ‘discuss’ onsite. The push to video (through Tiktok, Instagram Reels, Google showing YouTube video results with high priority) are all a reflection of a consumption culture, with video not only showing a longer time of engagement, but also enabling valuable video ads. All the social networking platforms mentioned above are all ad-based, and so are motivated to generate engagement, measured by key metrics such as on-site time and content interaction (likes, shares, retweets, subscribes etc).
2. In order for publishers to generate revenue (some subscriptions, but mostly ad based), they are driven to controversy (which drives engagement) and SEO optimization (so that they can appear above other similar content in searches and get picked by the social Algorithm). This even devolves into content copying - a publisher with better SEO optimization can steal content from elsewhere and pass it off as its own, generating more ad revenue. This is particularly rife on Youtube, where the perpetrators will even file DMCA take-downs against the original content producer.
3. To not risk losing eyeballs, social media platforms generally have a ‘feed’ model of some sort - a news feed or other infinite scroll list of unrelated content. This context-switch heavy model allows for new, small bursts of dopamine to be released by people as they ‘consume’ the content, the net effect being to have a thoughtless consumption of time, and discouragement of deep thinking., but it's also tiring and discourages deep thinking. Studies show that such doomscrolling is detrimental to mental health and focus, though having no content consistency or theme is actually a feature, and following/connecting with people (who contain multitudes) further supports this context switching world.
4. Since controversy generates more revenue than civility, all advertising platforms have to solve for the user-generated-content problem, surfing the line between what is legal & acceptable in any given jurisdiction and what creates outrage. Good outrage corresponds to impressions, bad outrage leads to advertisers distancing themselves. Whilst there is some reputational risk, and some sites seek to advocate for their communities, the advertising that underwrites the platforms means that content moderation is ultimately for the advertisers's sensibilities.

In summary then, we live an a world of centralized discussion, with constantly shifting focus, all with opportunity for enraged engagement to drive controversy, as it is a proven model for all parties to maximize ad revenue (along with conflict and divisiveness). Ultimately this is a focus on quantity of engagement and impressions, not on the quality of discussion and betterment of people. One further characteristic of this centralized model is that the publishers, who spend time and money to produce the content referred to in the first place, are removed from the discussion beyond the reference to the original article, because news site comments can't compete with social. Sadly, studies show that nearly 60% of people will interact with content without even clicking through.

To solve these inequities and unhealthy dynamics, we asked ourselves the question "What happens if a post isn't just a post? What happens if a post could be both a post, and an in-situ comment to the original article? This is a system we call "Quanta" and here's what it is and how it works.

Rather than continue the pattern of having social networks steal the conversation from publishers, we allow publishers to pull from a social network to host the relevant conversation in-situ, as a side-bar to the main article. Publishers have tried to create comment sections, mostly unsuccessfully, since the audience is poorly qualified/filtered and required per site registration. In Quanta, the audience is brought from the social network, and comments from the relevant audience (filtered by my network as well as using criteria that the publisher can introduce) are shown along side the article - even along side relevant parts of the article.

To explain how Quanta works, let's consider the following example:

Imagine a new article on The New York Times. Today, after a short period of time, the URL will be posted on social media with comments from readers. The conversation (retweets, replies etc) will all occur on the respective social media platforms.

In Quanta, a user would ‘post’ to Mastodon, or any ActvityPub based Fediverse app, quoting the URL, and Quanta would then index and organize such referring posts. In one implementation, the publisher would include comment blocks, and specify constraints/thresholds for the comments to be shown (reflecting popularity and editorial guidelines). The comment blocks would be rendered HTML (similar to how an ad slot is populated), and would be ‘passive’ in the sense of links (to favorite, repost etc) wouldn’t activate in-situ, but would (due to Same Origin Policy) send the user to the right point on the social instance. In another, more interesting, implementation, the browser could form a more opinionated view of content rendering and, with an appropriate social handle logged into the browser, render the comments in a pane next to the article.

In short, viewing the original page produces the current set of useful comments relating to the URL. All comments displayed are contextually relevant, and additionally provide a useful tool for user discovery.

A few interesting consequences of Quanta :

1. The publisher is now getting many more page views, because that's where the conversation about the page can be readily viewed. This increase in page views will increase the ad revenue the publishers can generate. Note - we don't consider a broader question about advertising being good or bad. We just want to shift revenue, discourse and attention to those that generate the content, away from the social networks that steal that attention.
2. The 'conversation' is now all in context. It's not about a newsfeed and context switching, but instead the conversation is focused on the topic the publisher has written about.
3. The duration of the conversation is longer. Doomscrolling a social media feed means that many users are just surfing that last few hours of content that's new to them. On Quanta, the published document and comments (and replies to comments) are all at the same URL, waiting for the next view. Referring to the same document days, months or years later will still have the conversation in place. We believe this will drive greater accountability of the poster and also create further re-engagement for the publisher(*).
4. Finally, we believe Quanta will provide a great follower discovery feature. All too often on social networks an interesting comment will be amplified, and in the moment the user has to make the decision "should I follow this person?" with little information (or a detour to research). In Quanta, the context is immediate, and publishers can choose to promote comments from known experts, making their work more broadly available. 

Quanta can be implemented as a Quanta server plus a browser extension. As a server, Quanta is an extension of Mastodon, as we believe the index of posts by URL should be distributed so that Quanta itself doesn't because another large centralized system that needs advertising or subscription to succeed. We also note that this seems directionally to be aligned with how Mastodon sees news integration as being important to the platform, as shown by the recently launched Mastodon byline feature.

Quanta has been shared as a concept with key browser vendors, and we firmly believe browser integration will provide the best experience.

 

Full Self Driving Fallacy (aka, ultimately it's a user problem)

 Tesla made the earliest stunning promises of Fully Self Driving cars back in 2016 and you can read a good history of full self driving and Tesla Autopilot on the Wikipedia page.

Technology predictions are notoriously hard, but I'm going to make the case here that whilst fully autonomous (often called level 5) may be possible, the Tesla execution of incrementally adding greater autonomy whilst requiring driver presence and overall responsibility (essentially vehicle autonomy levels 1 through 4) is going to fail. It will fail not for a technical reason, but for a human and social one.

Consider the following incremental 'improvements' to driving automation (I've used bullets rather than numbers so it's not confused with the defined autonomous driving levels)

• Traffic-Aware Cruise-Control (allows you to set a desired speed but will match with slower vehicles if they’re obstructing)
• Autosteer (which adds the ability for the car to track within lanes)
• Navigate on Autopilot (which was introduced in the context of highway driving, getting you from on-ramp to off-ramp, crucially being able to change lanes when the driver indicates).
• Auto Lane Change (adding the ability to automatically change lanes on highways rather than requiring driver assistance).
• Full Self-Driving (start to end destination auto driving by the car, with success measured in the fewest number of driver interactions).

There's also some 'point' features like Summon and AutoPark which I'm not going to discuss here. Tesla have some nuances in how these capabilities have changed over time, in particular in relation to the degree to which driver attention is measured. From requiring sensors in the steering wheel to ensure hands are present (easily circumvented) to cameras tracking eyes, Tesla has recognized that in any level of autonomy under level 5, having the driver intervene is important, and therefore they want to be sure the driver is attentive.

Let's just go down the list above and consider what degree of driver attention is needed.

• For Traffic-Aware Cruise-Control, the driver is actively steering and having to maintain an awareness of the surrounding road, nearby vehicle proximity etc. The driver is also able to pay less attention to their right foot and the pressure it's applying, with speed being kept constant and long freeway driving as well as some stop-go traffic becoming much less tiring.
• With Autosteer added, the driver is still actively engaged in the driving process, but freed from the immediacy of lane-drift and car following range. The driver has to plan - e.g. should I overtake when my exit is coming up in 2 miles, should I pull out now to overtake, or will the faster moving vehicle behind me have overtaken by the time I reach that point. My assessment would be that driving like this is a nice balance of the car doing the drudge work of ongoing micro-adjustments of lane placement left/right and speed placement in relation to vehicles in the same lange, whilst the driver thinks more strategically.
• Adding Auto Lane Change in theory means slightly more strategic thinking on behalf of the driver (“Do I feel like a rest stop is a good idea in a few miles, or should I wait another 20?”), but the relative speeds of vehicles, tracking of different kinds of vehicles and speed differentials for overtaking means that the car will invariably not behave as a driver would, e.g.
• I better speed up a little to get past this truck as it’s doing 63 and I’m set for 65, but there’s a bunch of faster moving cars a mile back that will be stacked behind my long overtake.
• I better track a little over to the left here as that truck is wide and cutting closer to me than I would like on this curve.
• I'm going to track a little more to the right to avoid that pothole. 
• I’m just going to hold back here for a few minutes to let that red mustang I can see way back there get by me, as I don’t want to be involved in any craziness.

What this leads to is a mismatch between the work that the car is doing vs what the driver is doing. That is - the driver is now having to plan for what they expect their car to do in addition to those around them.

• Full Self-Driving now takes over the lion's share of the driving work, but, crucially, requires the driver to be monitoring everything and able to take over at a moments notice if the car deems an unsafe situation has occurred, or (conversely) if the driver feels that the car is about to perform an unsafe maneuver. The driver’s role has transitioned from being fully engaged, but supported, in the driving process, to one where they are a spectator until they need to fully take over in a challenging situation that the car can’t handle.
  

My point of stepping through this is essentially to make the argument that once you reach a certain point of driver replacement through automation, only 100% accurate self driving is good enough at that point, since requiring driver re-engagement to troubleshoot in milliseconds is a recipe for disaster.  This seems to be borne out by some of the accident data that is coming out of NHTSA. To save you a click to the article, here's the summary :

"This analysis, conducted before Recall 23V838, indicated that drivers involved in the crashes were not sufficiently engaged in the driving task and that the warnings provided by Autopilot when Autosteer was engaged did not adequately ensure that drivers maintained their attention on the driving task. The drivers were involved in crashes while using Autopilot despite fulfilling Tesla’s pre-recall driver engagement monitoring criteria. Crashes with no or late evasive action attempted by the driver were found across all Tesla hardware versions and crash circumstances."

Unfortunately, if the metrics you measure are safe passenger miles driven by Full Self Driving, the data will lead you astray, as you will have an awful lot of miles well driven by auto-pilot, and a large number of accidents ‘caused’ by drivers after they take over.

So, my contention is that anything under full autonomous level 5 driving is going to skew to this unfortunate requirement of requiring full user attention at precisely a time when the autonomous driving is failing, all the time whilst the semi-autonomy has removed full user attention. Full autonomous level 5 driving may be feasible, since designing for the system to do everything without enabling intervention and will necessarily mean availability in known tested scenarios. There are an awful lot of 'edge' cases with level 5 that will need to be ironed out.