Mainly the changes clarify the difference between Zoom’s services (what you use to conference with other people) and its websites, zoom.us and zoom.com (which are just one site: the latter redirects to the former). As I read the policy, nothing in the services is used for marketing. Put another way, your Zoom sessions are firewalled from adtech, and you shouldn’t worry about personal information leaking to adtech (tracking based advertising) systems.
The websites are another matter. Zoom calls those websites—its home pages—”marketing websites.” This, I suppose, is so they can isolate their involvement with adtech to their marketing work.
The problem with this is an optical one: encountering a typically creepy cookie notice and opting gauntlet (which still defaults hurried users to “consenting” to being tracked through “functional” and “advertising” cookies) on Zoom’s home page still conveys the impression that these consents, and these third parties, apply across everything Zoom does.
And why call one’s home on the Web a “marketing website”—even if that’s mostly what it is? Zoom is classier than that.
My advice to Zoom is to just drop the jive. There will be no need for Zoom to disambiguate services and websites if neither is involved with adtech at all. And Zoom will be in a much better position to trumpet their commitment to privacy.
I really don’t want to bust Zoom. No tech company on Earth is doing more to keep civilization working at a time when it could so easily fall apart. Zoom does that by providing an exceptionally solid, reliable, friendly, flexible, useful (and even fun!) way for people to be present with each other, regardless of distance. No wonder Zoom is now to conferencing what Google is to search. Meaning: it’s a verb. Case in point: between the last sentence and this one, a friend here in town sent me an email that began with this:
That’s a screen shot.
But Zoom also has problems, and I’ve spent two posts, so far, busting them for one of those problems: their apparent lack of commitment to personal privacy:
With this third post, I’d like to turn that around.
I’ll start with the email I got yesterday from a person at a company engaged by Zoom for (seems to me) reputation management, asking me to update my posts based on the “facts” (his word) in this statement:
Zoom takes its users’ privacy extremely seriously, and does not mine user data or sell user data of any kind to anyone. Like most software companies, we use third-party advertising service providers (like Google) for marketing purposes: to deliver tailored ads to our users about Zoom products the users may find interesting. (For example, if you visit our website, later on, depending on your cookie preferences, you may see an ad from Zoom reminding you of all the amazing features that Zoom has to offer). However, this only pertains to your activity on our Zoom.us website. The Zoom services do not contain advertising cookies. No data regarding user activity on the Zoom platform – including video, audio and chat content – is ever used for advertising purposes. If you do not want to receive targeted ads about Zoom, simply click the “Cookie Preferences” link at the bottom of any page on the zoom.us site and adjust the slider to ‘Required Cookies.’
Also, if all the ads shown to users are just “about Zoom,” why are those other companies in the picture at all? Specifically, under “About Cookies on This Site,” the slider is defaulted to allow all “functional cookies” and “advertising cookies,” the latter of which are “used by advertising companies to serve ads that are relevant to your interests.” Wouldn’t Zoom be in a better position to know your relevant (to Zoom) interests, than all those other companies?
Are those third parties “processors” under GDPR, or “service providers by the CCPAs definition? (I’m not an authority on either, so I’m asking.)
How do these third parties know what your interests are? (Presumably by tracking you, or by learning from others who do. But it would help to know more.)
What data about you do those companies give to Zoom (or to each other, somehow) after you’ve been exposed to them on the Zoom site?
What targeting intelligence do those companies bring with them to Zoom’s pages because you’re already carrying cookies from those companies, and those cookies can alert those companies (or others, for example through real time bidding auctions) to your presence on the Zoom site?
If all Zoom wants to do is promote Zoom products to Zoom users (as that statement says), why bring in any of those companies?
Here is what I think is going on (and I welcome corrections): Because Zoom wants to comply with GDPR and CCPA, they’ve hired TrustArc to put that opt-out cookie gauntlet in front of users. They could just as easily have used Quantcast‘s system, or consentmanager‘s, or OneTrust‘s, or somebody else’s.
All those services are designed to give companies a way to obey the letter of privacy laws while violating their spirit. That spirit says stop tracking people unless they ask you to, consciously and deliberately. In other words, opting in, rather than opting out. Every time you click “Accept” to one of those cookie notices, you’ve just lost one more battle in a losing war for your privacy online.
Zoom can fix all of this easily by just stopping it. Other companies—ones that depend on adtech (tracking-based advertising)—don’t have that luxury. But Zoom does.
If we take Zoom at its word (in that paragraph they sent me), they aren’t interested in being part of the adtech fecosystem. They just want help in aiming promotional ads for their own services, on their own site.
Three things about that:
Neither the Zoom site, nor the possible uses of it, are so complicated that they need aiming help from those third parties.
Zoom is the world’s leading sellers’ market right now, meaning they hardly need to advertise at all.
By severing its ties with adtech, Zoom can start restoring people’s faith in its commitment to personal privacy.
And then Zoom could do Apple one better, by participating in work going on already to put people in charge of their own privacy online, at scale. In my last post. I named two organizations doing that work. Four more are the Me2B Alliance, Kantara, ProjectVRM, and MyData.
I’d be glad to help with that too. If anyone at zoom is interested, contact me directly this time. Thanks.
Zoom needs to clean up its privacy act, which I posted yesterday, hit a nerve. While this blog normally gets about 50 reads a day, by the end of yesterday it got more than 16000. So far this morning (11:15am Pacific), it has close to 8000 new reads. Most of those owe to this posting on Hacker News, which topped the charts all yesterday and has 483 comments so far. If you care about this topic, I suggest reading them.
Also, while this was going down, as a separate matter (with a separate thread on Hacker News), Zoom got busted for leaking personal data to Facebook, and promptly plugged it. Other privacy issues have also come up for Zoom. For example, this one.
But I want to stick to the topic I raised yesterday, which requires more exploration, for example into how one opts out from Zoom “selling” one’s personal data. This morning I finished a pass at that, and here’s what I found.
First, by turning off Privacy Badger on Chrome (my main browser of the moment) I got to see Zoom’s cookie notice on its index page, https://zoom.us/. (I know, I should have done that yesterday, but I didn’t. Today I did, and we proceed.) It said,
To opt out of Zoom making certain portions of your information relating to cookies available to third parties or Zoom’s use of your information in connection with similar advertising technologies or to opt out of retargeting activities which may be considered a “sale” of personal information under the California Consumer Privacy Act (CCPA) please click the “Opt-Out” button below.
The buttons below said “Accept” (pre-colored a solid blue, to encourage a yes), “Opt-Out” and “More Info.” Clicking “Opt-Out” made the notice disappear, revealing, in the tiny print at the bottom of the page, linked text that says “Do Not Sell My Personal Information.” Clicking on that link took me to the same place I later went by clicking on “More Info”: a pagelet (pop-over) that’s basically an opt-in notice:
By clicking on that orange button, you’ve opted in… I think. Anyway, I didn’t click it, but instead clicked on a smaller and less noticeable “advanced settings” link off to the right. This took me to a pagelet with this:
The “view cookies” links popped down to reveal 16 CCPA Opt-Out “Required Cookies,” 23 “Functional Cookies,” and 47 “Advertising Cookies.” You can’t separately opt out or in of the “required” ones, but you can do that with the other 70 in the sections below. It’s good, I suppose, that these are defaulted to “Out.” (Or seem to be, at least to me.)
So I hit the “Submit Preferences” button and got this:
All the pagelets say “Powered by TrustArc,” by the way. TrustArc is an off-the-shelf system for giving companies a way (IMHO) to obey the letter of the GDPR while violating its spirit. These systems do that by gathering “consents” to various cookie uses. I’m suppose Zoom is doing all this off a TrustArc API, because one of the cookies it wants to give me (blocked by Privacy Badger before I disabled that) is called “consent.trustarc.com”).
So, what’s going on here?
My guess is that Zoom is doing marketing from the lead-generation playbook, meaning that most of its intentional data collection is actually for its own use in pitching possible customers, or its own advertising on its own site, and not for leaking personal data to other parties.
But that doesn’t mean you’re not exposed, or that Zoom isn’t playing in the tracking-based advertising (aka adtech) fecosystem, and therefore is to some degree in the advertising business.
Seems to me, by the choices laid out above, that any of those third parties (up to 70 of them in my view above) are free to gather and share data about you. Also free to give you “interest based” advertising based on what those companies know about your activities elsewhere.
Alas, there is no way to tell what any of those parties actually do, because nobody has yet designed a way to keep track of, or to audit, any of the countless “consents” you click on or default to as you travel the Web. Also, the only thing keeping those valves closed in your browser are cookies that remember which valves do what (if, in fact, the cookies are set and they actually work).
And that’s only on one browser. If you’re like me, you use a number of browsers, each with its own jar of cookies.
The Zoom app is a different matter, and that’s mostly where you operate on Zoom. I haven’t dug into that one. (Though I did learn, on the ProjectVRM mailing list, that there is an open source Chrome extension, called Zoom Redirector, that will keep your Zoom session in a browser and out of the Zoom app.)
I did, however, dig down into my cookie jar in Chome to find the ones for zoom.us. It wasn’t easy. If you want to leverage my labors there, here’s my crumb trail:
Cookies and Site Data
See all Cookies and Site Data
Zoom.us (it’s near the bottom of a very long list)
Some have obvious and presumably innocent meanings. Others … can’t tell. Also, these are just Zoom’s cookies. If I acquired cookies from any of those 70 other entities, they’re in different bags in my Chrome cookie jar.
Anyway, my point remains the same: Zoom still doesn’t need any of the advertising stuff—especially since they now (and deservedly) lead their category and are in a sellers’ market for their services. That means now is a good time for them to get serious about privacy.
As for fixing this crazy system of consents and cookies (which was broken when we got it in 1994), the only path forward starts on your side and mine. Not on the sites’ side. What each of us need is our own global way to signal our privacy demands and preferences: a Do Not Track signal, or a set of standardized and easily-read signals that sites and services will actually obey. That way, instead of you consenting to every site’s terms and policies, they consent to yours. Much simpler for everyone. Also much more like what we enjoy here in the physical world, where the fact that someone is wearing clothes is a clear signal that it would be rude to reach inside those clothes to plant a tracking beacon on them—a practice that’s pro forma online.
By agreeing to #NoStalking, publishers still get to make money with ads (of the kind that have worked since forever and don’t involve tracking), and you know you aren’t being tracked, because you have a simple and sensible record of the agreement in a form both sides can keep and enforce if necessary.
If you want to help bring these and similar solutions into the world, talk to me. (I’m first name @ last name dot com.) And if you want to read some background on the fight to turn the advertising fecosystem back into a healthy ecosystem, read here. Thanks.
… Zoom does use certain standard advertising tools which require Personal Data…
What they mean by that is adtech. What they’re also saying here is that Zoom is in the advertising business, and in the worst end of it: the one that lives off harvested personal data. What makes this extra creepy is that Zoom is in a position to gather plenty of personal data, some of it very intimate (for example with a shrink talking to a patient) without anyone in the conversation knowing about it. (Unless, of course, they see an ad somewhere that looks like it was informed by a private conversation on Zoom.)
A person whose personal data is being shed on Zoom doesn’t know that’s happening because Zoom doesn’t tell them. There’s no red light, like the one you see when a session is being recorded. If you were in a browser instead of an app, an extension such as Privacy Badger could tell you there are trackers sniffing your ass. And, if your browser is one that cares about privacy, such as Brave, Firefox or Safari, there’s a good chance it would be blocking trackers as well. But in the Zoom app, you can’t tell if or how your personal data is being harvested.
(think, for example, Google Ads and Google Analytics).
We use these tools to help us improve your advertising experience (such as serving advertisements on our behalf across the Internet, serving personalized ads on our website, and providing analytics services).
Nobody goes to Zoom for an “advertising experience,” personalized or not. And nobody wants ads aimed at their eyeballs elsewhere on the Net by third parties using personal information leaked out through Zoom.
Sharing Personal Data with the third-party provider while using these tools may fall within the extremely broad definition of the “sale” of Personal Data under certain state laws because those companies might use Personal Data for their own business purposes, as well as Zoom’s purposes.
For example, Google may use this data to improve its advertising services for all companies who use their services.
May? Please. The right word is will. Why wouldn’t they?
(It is important to note advertising programs have historically operated in this manner. It is only with the recent developments in data privacy laws that such activities fall within the definition of a “sale”).
While advertising has been around since forever, tracking people’s eyeballs on the Net so they can be advertised at all over the place has only been in fashion since around 2007, which was when Do Not Track was first floated as a way to fight it. Adtech (tracking-based advertising) began to hockey-stick in 2010 (when The Wall Street Journal launched its excellent and still-missed What They Know series, which I celebrated at the time). As for history, ad blocking became the biggest boycott, ever by 2015. And, thanks to adtech, the GDPR went into force in 2018 and the CCPA 2020,. We never would have had either without “advertising programs” that “historically operated in this manner.”
If you opt out of “sale” of your info, your Personal Data that may have been used for these activities will no longer be shared with third parties.
Opt out? Where? How? I just spent a long time logged in to Zoom https://us04web.zoom.us/), and can’t find anything about opting out of “‘sale’ of your personal info.” (Later, I did get somewhere, and that’s in the next post, More on Zoom and Privacy.)
Here’s the thing: Zoom doesn’t need to be in the advertising business, least of all in the part of it that lives like a vampire off the blood of human data. If Zoom needs more money, it should charge more for its services, or give less away for free. Zoom has an extremely valuable service, which it performs very well—better than anybody else, apparently. It also has a platform with lots of apps with just as absolute an interest in privacy. They should be concerned as well. (Unless, of course, they also want to be in the privacy-violating end of the advertising business.)
Please fix it, Zoom.
As for Zoom’s competitors, there’s a great weakness to exploit here.
Here’s the popover that greets visitors on arrival at Rolling Stone‘s website:
That policy is supplied by Rolling Stone’s parent (PMC) and weighs more than 10,000 words. In it the word “advertising” appears 68 times. Adjectives modifying it include “targeted,” “personalized,” “tailored,” “cookie-based,” “behavioral” and “interest-based.” All of that is made possible by, among other things—
Information we collect automatically:
Device information and identifiers such as IP address; browser type and language; operating system; platform type; device type; software and hardware attributes; and unique device, advertising, and app identifiers
Internet network and device activity data such as information about files you download, domain names, landing pages, browsing activity, content or ads viewed and clicked, dates and times of access, pages viewed, forms you complete or partially complete, search terms, uploads or downloads, the URL that referred you to our Services, the web sites you visit after this web site; if you share our content to social media platforms; and other web usage activity and data logged by our web servers, whether you open an email and your interaction with email content, access times, error logs, and other similar information. See “Cookies and Other Tracking Technologies” below for more information about how we collect and use this information.
Geolocation information such as city, state and ZIP code associated with your IP address or derived through Wi-Fi triangulation; and precise geolocation information from GPS-based functionality on your mobile devices, with your permission in accordance with your mobile device settings.
The “How We Use the Information We Collect” section says they will—
Personalize your experience to Provide the Services, for example to:
Customize certain features of the Services,
Deliver relevant content and to provide you with an enhanced experience based on your activities and interests
Send you personalized newsletters, surveys, and information about products, services and promotions offered by us, our partners, and other organizations with which we work
Customize the advertising on the Services based on your activities and interests
Create and update inferences about you and audience segments that can be used for targeted advertising and marketing on the Services, third party services and platforms, and mobile apps
Create profiles about you, including adding and combining information we obtain from third parties, which may be used for analytics, marketing, and advertising
Conduct cross-device tracking by using information such as IP addresses and unique mobile device identifiers to identify the same unique users across multiple browsers or devices (such as smartphones or tablets, in order to save your preferences across devices and analyze usage of the Service.
using inferences about your preferences and interests for any and all of the above purposes
For a look at what Rolling Stone, PMC and their third parties are up to, Privacy Badger’s browser extension “found 73 potential trackers on www.rollingstone.com:
I’m in California, where the CCPA gives me the right to shake down the vampiretariat for all the information about me they’re harvesting, sharing, selling or giving away to or through those third parties.* But apparently Rolling Stone and PMC don’t care about that.
Others do, and I’ll visit some of those in later posts. Meanwhile I’ll let Rolling Stone and PMC stand as examples of bad acting by publishers that remains rampant, unstopped and almost entirely unpunished, even under these new laws.
I also suggest following and getting involved with the fight against the plague of data vampirism in the publishing world. These will help:
Reading Don Marti’s blog, where he shares expert analysis and advice on the CCPA and related matters. Also People vs. Adtech, a compilation of my own writings on the topic, going back to 2008.
Following what the browser makers are doing with tracking protection (alas, differently†). Shortcuts: Brave, Google’s Chrome, Ghostery’s Cliqz, Microsoft’s Edge, Epic, Mozilla’s Firefox.
The California Constitution grants a right of privacy. Existing law provides for the confidentiality of personal information in various contexts and requires a business or person that suffers a breach of security of computerized data that includes personal information, as defined, to disclose that breach, as specified.
This bill would enact the California Consumer Privacy Act of 2018. Beginning January 1, 2020, the bill would grant a consumer a right to request a business to disclose the categories and specific pieces of personal information that it collects about the consumer, the categories of sources from which that information is collected, the business purposes for collecting or selling the information, and the categories of 3rd parties with which the information is shared. The bill would require a business to make disclosures about the information and the purposes for which it is used. The bill would grant a consumer the right to request deletion of personal information and would require the business to delete upon receipt of a verified request, as specified. The bill would grant a consumer a right to request that a business that sells the consumer’s personal information, or discloses it for a business purpose, disclose the categories of information that it collects and categories of information and the identity of 3rd parties to which the information was sold or disclosed…
Don Marti has a draft letter one might submit to the brokers and advertisers who use all that personal data. (He also tweets a caution here.)
WALTER CRONKITE ONCE SAID that “journalism is what we need to make democracy work.” He was absolutely right, which is why today’s assault on journalism by Wall Street, billionaire businessmen, Silicon Valley, and Donald Trump presents a crisis—and why we must take concrete action.
Almost two weeks after walking back his criticism of The Washington Post, which he had suggested was a mouthpiece for owner Jeff Bezos, Sanders described a scheme that would re-order the news business with taxes, cross-subsidies and trust-busting…
Sanders also proposes new taxes on online targeted ads, and using the proceeds to fund nonprofit civic-minded media. It’s highly doubtful that a government-funded news provider will be a better watchdog of local officials than an independent publisher. Also, a tax-funded news source will compete with local publishers that already face enough threats.
Then Rob adds,
Sanders needs to recognize that the news business is subject to market forces too big to tame with more government regulation. Consumers have found other sources for news, including pay-TV and a superabundance of digital publishers.
Here’s a lightly edited copy of the comment I put up under Rob’s post:
Journalism as we knew it—scarce and authoritative media resources on print and air—has boundless competition now from, well, everybody.
Meaning we are digital now. (Proof: try living without your computer and smartphone.) As digital beings we float in a sea of “content,” very little of which is curated, and much of which is both fake and funded by the same systems (Google, Facebook and the four-dimensional shell game called adtech) that today rewards publishers for bringing tracked eyeballs to robots so those eyeballs can be speared with “relevant” and “interactive” ads.
The systems urging those eyeballs toward advertising spears are algorithmically biased to fan emotional fires, much of which reduces to enmity toward “the other,” dividing worlds of people into opposing camps (each an “other” for the “other”). Because, hey, it’s good for the ad business, which includes everyone it pays, including what’s left of mainstream and wannabe mainstream journalism.
Meanwhile, the surviving authoritative sources in that mainstream have themselves become fat with opinion while carving away reporters, editors, bureaus and beats. Brand advertising, for a century the most reliable and generous source of funding for good journalism (admittedly, along with some bad), is now mostly self-quarantined to major broadcast media, while the eyeball-spearing “behavioral” kind of advertising rules online, despite attempts by regulators (especially in Europe) to stamp it out. (Because it is in fact totally rude.)
Then there’s the problem of news surfeit, which trivializes everything with its abundance, no matter how essential and important a given story may be. It’s all just too freaking much. (More about that here.)
And finally there’s the problem of “the story”—journalism’s stock-in-trade. Not everything that matters fits the story format (character, problem, movement). Worse, we’re living in a time when the most effective political leaders are giant characters who traffic in generating problems that attract news coverage like a black hole attracts everything nearby that might give light. (More about that here.)
Against all those developments at once, there is hardly a damn thing lawmakers or regulators can do. Grandstanding such as Sanders does in this case only adds to the noise, which Google’s and Facebook’s giant robots are still happy to fund.
Good luck, folks.
So. How do we save journalism—if in fact we can? Three ideas:
Start at the local level, because the physical world is where the Internet gets real. It’s hard to play the fake news game there, and that alone is a huge advantage (This is what my TED talk last year was about, by the way.)
Whatever Dave Winer is working on. I don’t know anybody with as much high-power insight and invention, plus the ability to make stuff happen. (Heard of blogging and podcasting? You might not have if them weren’t for Dave. Some history here, here and here.)
Align incentives between journalism, its funding sources and its readers, listeners and viewers. Surveillance-based adtech is massively misaligned with the moral core of journalism, the brand promises of advertisers and the privacy of every human being exposed to it. Bernie and too many others miss all that, largely because the big publishers have been chickenshit about admitting their role in adtech’s surveillance system—and reporting on it.
Put the users of news in charge of their relationships with the producers of it. Which can be done. For example, we can get rid of those shitty adtech-protecting cookie notices on the front doors of websites with terms that readers can proffer and publishers can agree to, because those terms are a good deal for both. Here’s one.
I think we’ll start seeing the tide turn when when what’s left of responsible ad-funded online publishing cringes in shame at having participated in adtech’s inexcusable surveillance business—and reports on it thoroughly.
Credit where due: The New York Times has started, with its Privacy Project. An excellent report by Farhad Manjoo (@fmanjoo) in that series contains this long-overdue line:”Among all the sites I visited, news sites, including The New York Times and The Washington Post, had the most tracking resources.”
[16 August 2019…] Had a reassuring call yesterday with Ted Kim, CEO of London Trust Media. He told me the company plans to keep the site up as an archive at the LinuxJournal.com domain, and that if any problems develop around that, he’ll let us know. I told him we appreciate it very much—and that’s where it stands. I’m leaving up the post below for historical purposes.
I’ve been involved with Linux Journal since before it started publishing in 1994, and have been on its masthead since 1996. I’ve also been its editor-in-chief since January of last year, when it was rescued by London Trust Media after nearly going out of business the month before. I say this to make clear how much I care about Linux Journal‘s significance in the world, and how grateful I am to London Trust Media for saving the magazine from oblivion.
London Trust Media can do that one more time, by helping preserve the Linux Journal website, with its 25 years of archives, so all its links remain intact, and nothing gets 404’d. Many friends, subscribers and long-time readers of Linux Journal have stepped up with offers to help with that. The decision to make that possible, however, is not in my hands, or in the hands of anyone who worked at the magazine. It’s up to London Trust Media. The LinuxJournal.com domain is theirs.
I have had no contact with London Trust Media in recent months. But I do know at least this much:
London Trust Media has always been on the side of freedom and openness, which is a big reason why they rescued Linux Journal in the first place.
Since Linux Journal is no longer a functioning business, its entire value is in its archives and their accessibility to the world. To be clear, these archives are not mere “content.” They are a vast store of damned good writing, true influence, and important history that search engines should be able to find where it has always been.
While Linux Journal is no longer listed as one of London Trust Media’s brands, the website is still up, and its archives are still intact.
While I have no hope that Linux Journal can be rescued again as a subscriber-based digital magazine, I do have hope that the LinuxJournal.com domain, its (Drupal-based) website and its archives will survive. I base that hope on believing that London Trust Media’s heart has always been in the right place, and that the company is biased toward doing the right thing.
But the thing is up to them. It’s their choice whether or not to support the countless subscribers and friends who have stepped forward with offers to help keep the website and its archives intact and persistent on the Web. It won’t be hard to do that. And it’s the right thing to do.
Answer: Because adtech is now the business model of choice for most publications, and adtech cares only about content. It doesn’t sponsor any publication for its own worth, the way old-fashioned advertising did. (And, for the small number of publications that remain principled, real advertising still does).
So, since it’s easy to produce content for the simple purpose of earning advertising money, the game attracts bad actors galore, all working to maximize the number of places eyeball-aimed ads can be spread.
The result is a flood of content so large, and so full of crap, that even biblical metaphors fail. Hell, at least Noah’s flood was limited to forty days and nights on the physical world. There is no end to how much content adtech will pay just to pull in eyeballs, wherever they go.
And we are here:
Publishers need to face the simple fact that handing revenue production over to adtech meant trading a business model that supports journalism for one that supports content production—and that the easiest way to align incentives that support both business and journalism is to return to the business model that worked for a century and a half before everything got all digital.
That business model was advertising. Which adtech is not.
Here’s the thing: adtech looks like advertising, and gets called advertising; but it’s actually a form of direct marketing, better known in the old days as direct mail, better known by its victims as junk mail.
Here’s the main difference:
Advertising sends creative and economic signals to populations. It doesn’t want to get personal. It doesn’t want clicks. It is also the only form of advertising capable of sponsoring publications, because it wants to reach the distinctive populations publications bring to them.
Direct marketing sends targeted messages at eyeballs. On the Internet these eyeballs are known to machines through surveillance by tracking beacons (most of which are inserted into browsers without the user’s knowledge). It wants to get personal. It wants clicks.
Advertising creates and sustains brands, and always has. Adtech is incapable of branding, and hasn’t produced a single brand known to the world, even after about a $trillion has been spent on it. It is also not interested in sponsoring publishers, because the number and variety of eyeballs a given pub can gather is too small, no matter how well journalists are paid to bait clicks.
How did advertising turn into adtech, and vice versa? Well, as I said in Separating Advertising’s Wheat and Chaff, Madison Avenue fell asleep, direct response marketing ate its brain, and it woke up as an alien replica of itself.
Thus it became damn near impossible for anyone wanting to make, sell or buy real advertising to get it. Publishing had no choice but to re-base its advertising business on adtech. And, since adtech wants to support content and not journalism, the publishing business has now vastly expanded to include content-producers of every kind, including bad ones in abundance beyond estimation. It has also caused good journals like the Star-Ledger to bias their purpose toward maximized content production rather than journalism.
See, fake news and clickbait are eyeball candy that is a lot easier to produce than the meat and potatoes of actual journalism. This is why so many online publications also feature piles of additional clickbait from Taboola, Outbrain and Zergnet. Those are Joneses that publishers can’t keep up with.
For journalism to win, we need a new alignment of incentives. In many posts here I’ve suggested that a return to #SafeAds —real advertising that’s not based on tracking people—is one way. The GDPR pretty much requires it in any case. (Even though most pubs now flaut the letter as well as the spirit of the GDPR by posting cookie notices that require—or appear to require—consent to exactly the kind of tracking the GDPR was meant to outlaw.)
Membership is another way. So is subscriptions, with or without putting everything behind a paywall, like many big publishers (and all of pay TV) already do.
There are bound to be others. Let’s think creatively here.
What I am sure won’t work is trying to get the adtech world to fix the mess they made. Their incentives are what’s killing journalism. Simple as that.
[20 October 2017 update…] I’m at @mattervc’s #matterdemoday, and will be looking for incentive alignment here. I have no advance knowledge about who or what will be debuting at the event.
Cool: https://getpurple.io/ (@getprpl), debuting at #matterdemoday, has a membership model. Also digging @meetgretta. More after the mixer (and I drive back to Santa Barbara…)
[24 October 2017 update…] I just re-wrote much of the above to address the concerns behind this tweet by Ben Werdmuller of @mattervc: “If it turns out post-war liberal democracy was finally undone by the internet, we’re all going to feel a little bit foolish.” It’s important to note that democracy and journalism are both victims of adtech.
[19 July 2019 update…] I just copied* this piece over from its old placement in Medium. I can no longer edit it there, and the images in it have disappeared. This is also the case for other stuff I’ve published on Medium, alas.
*I also copied over all the HTML cruft that Medium is full of. It’ll take more time than I have to extract that. Meanwhile, it seems to look okay.
Because I’m not blocking ads. I’m blocking tracking.
In fact I welcome ads—especially ones that sponsor The Washington Post and other fine publishers. I’ll also be glad to subscribe to the Post once it stops trying to track me off their site. Same goes for The New York Times, The Wall Street Journal and other papers I value and to which I no longer subscribe.
Right now Privacy Badger protects me from 20 and 35 potential trackers at those papers’ sites, in addition to the 19 it finds at the Post. Most of those trackers are for stalking readers like marked animals, so their eyeballs can be shot by “relevant,” “interest-based” and “interactive” ads they would never request if they had much choice about it—and in fact have already voted against with ad blocking, which by 2015 was already the biggest boycott in world history. As I point out in that link (and Don Marti did earlier in DCN), there was in that time frame a high correlation between interest in blocking ads and interest (surely by the ad industry) in retargeting, which is the most obvious evidence to people that they are being tracked. See here:
Tracking-based ads, generally called adtech, do not sponsor publications. They use publications as holding pens in which human cattle can be injected with uninvited and unwelcome tracking files (generally called cookies) so their tracked eyeballs can be shot, wherever they might show up, with ads aimed by whatever surveillance data has been gleaned from those eyeballs’ travels about the Net.
Real advertising—the kind that makes brands and sponsors publications—doesn’t track people. Instead it is addressed to whole populations. In doing so it sponsors the media it uses, and testifies to those media’s native worth. Tracking-based ads can’t and don’t do that.
That tracking-based ads pay, and are normative in the extreme, does not make right the Post‘s participation in the practice. Nor does it make correct the bad thinking (and reporting!) behind notices such as the one above.
Let’s also be clear about two myths spread by the “interactive” (aka “relevant” and “interest-based”) advertising business:
That the best online advertising is also the most targeted—and “behavioral” as well, meaning informed by knowledge about an individual, typically gathered by tracking. This is not the kind of advertising that made Madison Avenue, that created nearly every brand you can name, and that has sponsored publishers and other media for the duration. Instead it is direct marketing, aka direct response marketing. Both of those labels are euphemistic re-brandings that the direct mail business gave itself after the world started calling it junk mail. Sure, much (or most) of the paid messages we see online are called advertising, and look like advertising; but as long as they want to get personal, they’re direct marketing.
That tracking-based advertising (direct marketing by another name) is the business model of the “free” Internet. In fact the Internet at its base is as free as gravity and sunlight, and floats all business boats, whether based on advertising or not.
Getting the world to mistake direct marketing for real advertising is one of the great magic tricks of all time: a world record for misdirection in business. To help explain the difference, I wrote Separating Advertising’s Wheat From Chaff, the most quoted line from which is “Madison Avenue fell asleep, direct response marketing ate its brain, and it woke up as an alien replica of itself.” Alas, the same is true for the business offices of the Post and every other publisher that depends on tracking. They ceased selling their pages as spaces for sponsors and turned those spaces over to data vampires living off the blood of readers’ personal data.
There is a side for those publishers to take on this thing, and it’s not with the tracking-based advertising business. It is with their own moral backbone, and with the readers who still keep faith in it.
*So far, silence. But hey: I know I’m asking journalists to grab a third rail here. And it’s one that needs to be grabbed. There might even be a Pulitzer for whoever grabs it. Because the story is that big, and it’s not being told, at least not by any of the big pubs. The New York Times‘ Privacy Project has lots of great stuff, but none that grabs the third rail. The closest the Times has come is You’re not alone when you’re on Google, by Jennifer Senior (@JenSeniorNY). In it she says “your newspaper” (alas, not this one) is among the culprits. But it’s a step. We need more of those. (How about it, @cwarzel?)†
[Later…] We actually have a great model for how the third rail might be grabbed, because The Wall Street Journal wrestled it mightily with the What They Know series, which ran from 2010 to 2012. For most of the years after that, the whole series, which was led by Julia Angwin and based on lots of great research, was available on the Web for everybody at http://wsj.com/wtk. But that’s a 404 now. If you want to see a directory of the earliest pieces, I list them in a July 2010 blog post titled The Data Bubble. That post begins,
The tide turned today. Mark it: 31 July 2010.
That’s when The Wall Street Journal published The Web’s Gold Mine: Your Secrets, subtitled A Journal investigation finds that one of the fastest-growing businesses on the Internet is the business of spying on consumers. First in a series. It has ten links to other sections of today’s report.
Alas, the tide did not turn. It kept coming in and getting deeper. And now we’re drowning under it.
Where does public radio rock—or even rule? And why?
To start answering those questions, I looked through Nielsen‘s radio station ratings, which are on the Radio Online site. I dug down through all the surveyed markets, from #1 (New York NY) through #269 (Las Cruces-Deming NM), and pulled out the top 31 markets for public radio (where the share was over 6.0 — all numbers are % of all listening within a geographic market). Here ya go:
San Diego, CA (where KPBS is a near-constant #1). It is 6.3 in December 2019, as I’m adding it, after a reader spotted my oversight in leaving San Diego out of this list.
(Note: Totals above are of noncommercial stations with typical public radio formats: NPR-type news and programming, plus classical, jazz and alternative music. I didn’t include noncommercial religious stations†).
Of course I’m pleased to find my town, Santa Barbara, on top. Here’s how Nielsen breaks out station ratings within that 23.4 share number.
KCLU-FM 7.8. This is KCLU’s 110-watt translator on 102.3, not the home station on 88.3 in Thousand Oaks, which barely gets into town. (Note that this signal is directional, meaning weaker in all directions other than straight into town. This number is remarkable for a translator. For more on that, see the map below.)
KCLU-AM 2.6. This signal has the same audio as KCLU-FM, so the two together are 9.4, which makes KCLU #1, edging KTYD, the landmark local rock station, which gets a 9.2.
KUSC 5.2. Though reported as KUSC, this is actually KDB/93.7, which carries the audio of KUSC from Los Angeles.
KCRW 3.9. This is surely KDRW, which mostly identifies as KCRW, since most of the time KDRW carries the audio of KCRW, from Santa Monica/Los Angeles.
KDRW 1.3. This is a case of one station reported two different ways. Together they total 5.2.
KCBX 1.3. This is KSBX, a 50-watt repeater of KCBX from San Luis Obispo, which has no signal at all in town (being shadowed by the 4000-foot Santa Ynez Mountain range). Also, though reported as KCBX, the listening might be to KPBS in San Diego, a public radio station on the same channel that pounds into Santa Barbara much of the time.
KPCC 1.3. This is the 10-watt translator of KPCC from Pasadena/Los Angeles. KPCC’s home signal doesn’t reach here.
So: why Santa Barbara? Here’s what I think:
Demographics. Santa Barbara is an upscale university town with a bonus population of active older folks who are intellectually and culturally engaged. NPR, for example, tends to do well with that combination of crowds.
Lots of signals. There is now a surfeit of public radio signals in Santa Barbara.The list above is unusually large for a town this size, and doesn’t include stations that serve the market but didn’t make the ratings, such as KPFK (Los Angeles most powerful FM station, which also has a local 10-watt translator) and UCSB’s college radio station, KZSB).
Geographic isolation. Santa Barbara is far enough from big market signals to make them weak or absent. (Some do get in, and even show a bit in the ratings.) I think the same kind of thing can also be said for many of the other smaller markets where public radio does well.
News coverage. There are three two steady sources of local news in Santa Barbara: local/regional TV (notably KEYT/3), local print (both online and off), and public radio—especially KCLU, which has won three Murrow Awards and six AP awards in the last two years. Of its news director, Lance Orozco, KCLU says, “Lance has won more than 200 journalism awards for KCLU, including more than 90 Golden Mikes, 20-plus regional Edward R. Murrow awards, a national Edward R. Murrow Award (an honor which came to David Letterman’s attention on “The Late Show.”), and a national Society Of Professional Journalists Award He has been AP’s small market reporter of the year in the western U.S. nine times.”
Disasters. Santa Barbara has a long and almost steady record of wildfires, the largest of which was the Thomas Fire in December 2017, followed by massive debris flows during a storm in January 2018. Public Radio and other local media became indispensable during that time. I suspect it has stayed that way in a time when national news has become more partisan and less anchored to facts “on the ground,” as they say.
I also think some other factors are in play here—factors with meaning that go far beyond Santa Barbara:
Local and regional news lives on in public radio while it has been dying off on the commercial side. Old-fashioned “full service” local radio has been in retreat across the country. Stations categorized as “news” or “news/talk” in the ratings (and within the industry) are now mostly conduits for political talk. True full-time pure news stations thrive only in the largest markets, where the news operations can afford the reporters. Specifically those are New York (WCBS and WINS), Philadelphia (KYW), Washington (WTOP), Chicago (WBBM), Los Angeles (KNX) and San Francisco (KCBS). That’s it. (In fact one of L.A.’s two news stations, KFWB, dropped the format in 2014.)
Public radio may be the only part of shared culture, other than sports, where the media center still holds. This too owes to being anchored in local culture, and reporting on local news, which by necessity tends to be less partisan than national news has become.
Listener abandonment of over-the-air radio, especially for music. Music and talk listening has been shifting for years from over-the-air to streaming services, satellite radio and podcasts, leaving public radio with a higher percentage of listening to over-the-air broadcasts.
Embrasure of streaming, satellite radio, podcasting, smart speakers and other new technologies. Public broadcasting has long been ahead of the technical curve, and in the last decade has done an excellent job of maximizing what can still be done with legacy over-the-air broadcasting (for example, buying up signals with low market value—as KCLU did with its AM in Santa Barbara—and planting translators and repeater stations all over the place), while also pioneering on the digital front. Noncommercial and religious broadcasters have both been highly resourceful and ahead of the curve on The Great Digital Shift.
Turning localism into a big competitive advantage. Something that has long been a weakness of public radio, especially NPR—its fealty to stations, refusing to subordinate the network to those—is turning into an advantage, as local programming matters more and more. Even in the midst of The Great Digital Shift, we remain physical beings who live in the natural world, vote in local elections, drive in local traffic, care about local teams, deal with local emergencies, and depend on each other’s helping hands when and where it matters most. Public radio is especially compatible with all that. (Note: this was the subject of my TEDx talk in Santa Barbara last September.)
Re-defining regionalities. What makes a region a region, or a market a market? I think public radio is playing a role in defining both, especially as commercially-supported news becomes more partisan and less well funded by advertising. Again, my case in point is KCLU, which started as a little Thousand Oaks/Ventura station, then became a South Coast station by adding two Santa Barbara signals. Now, by adding another full-size signal in Santa Maria (KCLM/89.7), plus a translator in San Luis Obispo, KCLU is almost as much a Central Coast station, at least in terms of geographic coverage. Still, I’m not sure that’s what they have in mind. They identify now as “NPR for the California Coast,” yet their vision is still “to inform, educate and promote dialogue among the citizens of Ventura and Santa Barbara counties on local, regional, national and global issues.” No mention of San Luis Obispo County; so I’m not sure how well that’s working yet. KCBX, from San Luis Obispo, also didn’t become any less a Central Coast station when it added its South Coast signal in Santa Barbara. KCLU does talk up the Central Coast as much as it can, so maybe a shift is in the works. It’s worth noting that Santa Barbara–Santa Maria-San Luis Obispo is a Nielsen Designated Market Area (or DMA). Ventura and Thousand Oaks are part of the Los Angeles DMA.(DMAs are determined by what local TV stations are most watched. So, while what defines local and regional identity is an open question, it’s clear to me that public radio is playing a part in answering it.
I may add to those points as I take in reader feedback and think more on all of it. Meanwhile, let’s look a bit more closely to what has happened to public radio in Santa Barbara over in the current millennium.
When I moved to Santa Barbara in 2001, public radio was long on classical music and short on news and talk. The two classical stations were USC’s KQSC/88.7 with 12,000 watts and KDB/93.7 with 12,500 watts (that’s a lot), both on Gibraltar peak, overlooking town. KQSC was a repeater for KUSC in Los Angeles. On the talk (NPR, etc.) side, KCLU/88.3 had a 4-watt translator operating on 102.3 from Gibraltar Peak, overlooking town. It actually sounded pretty good if you were within sight of the transmitter, and may already have been a strong ratings contender. (I recall a Nielsen survey a few years ago that put it at #1 at the time.) To put this little translator’s size in perspective, the biggest station in town is KRUZ/103.3 KVYB/103.3, grandfathered with 105,000 watts and radiating from Broadcast Peak, which is over 4000 feet high. Here’s a pair of maps that shows the difference:
KCLU’s home signal from Thousand Oaks was weak and distant back then, and still is. So was, and is, KCRU/88.1, the Oxnard repeater for Santa Monica-based KCRW/89.9. KCRW also had a 10-watt translator on 106.9 serving Goleta (the next town west of Santa Barbara). Pacifica’s L.A. based KPFK/90.7 had a 10-watt translator on 98.7. UCSB had KCSB/91.9, its own non-NPR college station, radiating with 620 watts from Broadcast Peak, also on the Goleta side of town. I also loved that there was a local non-political full-service commercial news/talk station in town at the time: KEYT/1250am, featuring a good morning show hosted by John Palminteri.
Since then, all this happened:
In 2002, KSBX/89.5 came on the air from Gibraltar Peak. It’s a 50-watt repeater for KCBX/90.1, the public radio voice of San Luis Obispo. On the same channel, KPBS from San Diego also pounds into town on warm days.
In 2003, KEYT and KEYT-AM were sold, the AM station went to Spanish broadcaster, and John Palminteri spread his reporting talents across lots of other stations (including KCLU). Local news/talk was then gone until…
In 2005, the Santa Barbara News-Press, owned by Wendy P. McCaw, got its own local AM station, now called KZSB/1290, and has been a local old-fashioned commercial ‘full service” news station ever since. The main personality there is “Baron” Ron Herron, who had been a local radio personality for many decades before then, and has persisted ever since. It’s basically his station.
In 2008, KCLU bought a local station on the AM band. That’s now KCLU-AM/1340. Though only 650 watts, it does cover the populated South Coast pretty well.
KPCC/89.3 in Pasadena/Los Angeles came on with a 10-watt Gibraltar Peak translator on 89.9. It covers the town well.
Santa Monica Community College, which owns KCRW, bought KQSC from USC and made it KDRW, which has a local studio and does some local coverage, though most of the time it’s a repeater for KCRW. A big one, too.
The University of Southern California bought KDB and moved KUSC’s classical programming over there from what had been KQSC (and is now KDRW).
KCLU replaced its non-directional 4-watt signal on 102.3 with a new directional one that maxes at 115 watts toward downtown, but radiates as little as 5 watts in other directions. This is the signal that produces the small signal footprint in the maps above. And it rocks in the ratings.
Along the way, local journalism flourished online as well. The Independent, a weekly, has remained a strong local institution. Edhat (founded and led by the late and still much-missed Peter Sklar) was born and became an exemplary “placeblog.” Bill MacFadyen’s Noozhawk also became a local news institution. And the News-Press didn’t die.
If I had more time, I’d put all that stuff in a graphic.
†Explanations, qualifications and cautions
Shares, Nielsen explains, are “quarter hour rating (AQH) share of persons, ages 12+, Monday through Sunday in the Metro Survey Area. A share is the percentage of those listening to radio in the MSA who are listening to a particular radio station. Average Quarter-Hour Persons (AQH Persons) is the average number of persons listening to a particular station for at least five minutes during a 15-minute period. [AQH Persons to a Station / AQH Persons to All Stations] x 100 = Share (%)”
The latest rating period differs by market. In big markets, surveys are monthly. The most recent for those are February 2019. Some are quarterly, or twice annually (Spring and Fall). The most recent of those are Fall 2018 in some cases (e.g. Hudson Valley, measured quarterly, and Santa Barbara, measured Spring and Fall), and Winter 2019 in other cases (e.g. Louisville, measured quarterly).
Noncommercial stations are not listed for all markets, and not every time in all of those where they are surveyed. For example, the listings for Santa Barbara noncommercial stations say “N/A” for the three survey periods prior to the latest one (Fall 2018), while the current listings for Monterey-Salinas (Winter 2019) list noncommercial stations as “N/A” while showing them in Fall 2018. So for Monterey-Salinas, I used the Fall 2018 listing. (The 7.7 there was just one station: KAZU, which was also #2 overall.)
In all markets there is lots of listening to radio stations not listed in the surveys. For example, all the listed shares for New York stations totaled 88.4, while Tampa-St. Petersburg stations totaled only 24.1. That means 11.8 of New York and 75.9% of Tampa-St. Pete listening is to stations not listed in the ratings. I am sure in many markets noncommercial listening is part of that dark matter, but there’s no way to tell.
In some cases, the only stations appearing in a survey are those of one or two owners. The Grand Junction survey lists only seven stations, five owned by Townsquare Media and two by Public Broadcasting of Colorado. The total of those is only 28.7. The Monroe Louisiana survey lists only six stations, all owned by Holladay Broadcasting. Those total 50.6, which means half of the listening in that market is to unlisted stations, and (presumably), ones not owned by Holladay Broadcasting.
Some stations’ online streams do make survey listings in some markets. I don’t know whether Nielsen counts listeners physically located outside a market, or how Nielsen deals with smart speakers. I do know that Nielsen cares about streaming, though, because their home page says so.
Okay, I’ve already said too much, and I have much more I could say. But this post has been sitting half-written in my browser since I started digging online one sleepless night in early March, so I’ll call it done enough and put it up.