marketing

You are currently browsing the archive for the marketing category.

Is this the way you want your brand to look?

Digital advertising needs to sniff its own stench, instead of everybody’s digital butts.

A sample of that stench is wafting through the interwebs from  the Partnership for Responsible Addressable Media, an ad industry bullphemism for yet another way to excuse the urge to keep tracking people against their wishes (and simple good manners) all over the digital world.

This new thing is a granfalloon conjured by the Association of National Advertisers (aka the ANA) and announced today in the faux-news style of the press release (which it no doubt also is) at the first link above. It begins,

AD INDUSTRY LAUNCHES “PARTNERSHIP FOR RESPONSIBLE ADDRESSABLE MEDIA” TO ENSURE FUTURE OF DIGITAL MEDIA FOR BUSINESSES & CONSUMERS
Governing Group of Industry Leaders Includes 4A’s, ANA, IAB, IAB Tech Lab, NAI, WFA, P&G, Unilever, Ford, GM, IBM, NBCUniversal, IPG, Publicis, Adobe, LiveRamp, MediaMath, The Trade Desk

NEW YORK (August 4, 2020) — Leading trade associations and companies representing every sector of the global advertising industry today joined together to launch the Partnership for Responsible Addressable Media, an initiative to advance and protect critical functionalities like customization and analytics for digital media and advertising, while safeguarding privacy and improving the consumer experience. The governing group of the Partnership will include the most influential organizations in advertising.

I learned about this from @WendyDavis, who wrote this piece in MediaPostNiemanLab summarizes what she reports with a tweet that reads, “A new ad-industry group will lobby Google and Apple to let them track users just a wee bit more, please and thank you.”

Writes Wendy,

The group will soon reach out to browser developers and platforms, in hopes of convincing them to rethink recent decisions that will limit tracking, according to Venable attorney Stu Ingis, who will head the legal and policy working group.

“These companies are taking huge positions that impact the entire economy — the entire media ecosystem — with no real input from the media ecosystem,” Ingis says.

As if the “entire media ecosystem” doesn’t contain the billions of humans being tracked.

Well, here’s a fact: ad blocking, which was already the biggest boycott in world history five years ago, didn’t happen in a vacuum. Even though ad blockers had been available since 2004, use of them didn’t hockey-stick until 2012-13, exactly when adtech and its dependents in publishing gave the middle finger to Do Not Track, which was nothing more than a polite request, expressed by a browser, for some damn privacy while we go about our lives online. See this in Harvard Business Review:

Here’s another fact: the browser makers actually care about their users, some of whom are paying customers (for example with Apple and Microsoft). They know what we want and need, and are giving it to us. Demand and supply at work.

The GDPR and the CCPA also didn’t happen in a vacuum. Both laws were made to protect citizens from exactly what adtech (tracking based advertising) does. And, naturally, the ad biz has been working mightily to obey the letter of those laws while violating their spirit. Why else would we be urged by cookie notices everywhere to “accept” exactly what we’ve made very clear that we don’t want?

So here are some helpful questions from the world’s billions to the brands now paying to have us followed like marked animals:

Have you noticed that not a single brand known to the world has been created by tracking people and aiming ads at them—even after a $trillion or more has been spent on doing that?

Have you noticed that nearly all the world’s major brands became known through advertising that not only didn’t track people, but sponsored journalism as well?

Have you noticed that tracking people and directing personalized messages at them—through “addressable media”—is in fact direct marketing, which we used to call junk mail?

Didn’t think so.

Time to get the clues, ad biz. Brands too.

Start with The Cluetrain Manifesto, which says, if you only have time for one clue this year, this is the one to get…

we are not seats or eyeballs or end users or consumers.
we are human beings — and our reach exceeds your grasp.
deal with it.

That year was 1999.

If advertising and marketing had bothered to listen back then, they might not be dealing today with the GDPR, the CCPA, and the earned dislike of billions.

Next, please learn (or re-learn) the difference between real advertising and the junk message business. Find that lesson in Separating Advertising’s Wheat and Chaff. An excerpt:

See, adtech did not spring from the loins of Madison Avenue. Instead its direct ancestor is what’s called direct response marketing. Before that, it was called direct mail, or junk mail. In metrics, methods and manners, it is little different from its closest relative, spam.

Direct response marketing has always wanted to get personal, has always been data-driven, has never attracted the creative talent for which Madison Avenue has been rightly famous. Look up best ads of all time and you’ll find nothing but wheat. No direct response or adtech postings, mailings or ad placements on phones or websites.

Yes, brand advertising has always been data-driven too, but the data that mattered was how many people were exposed to an ad, not how many clicked on one — or whether you, personally, did anything.

And yes, a lot of brand advertising is annoying. But at least we know it pays for the TV programs we watch and the publications we read. Wheat-producing advertisers are called “sponsors” for a reason.

So how did direct response marketing get to be called advertising ? By looking the same. Online it’s hard to tell the difference between a wheat ad and a chaff one.

Remember the movie “Invasion of the Body Snatchers?” (Or the remake by the same name?) Same thing here. Madison Avenue fell asleep, direct response marketing ate its brain, and it woke up as an alien replica of itself.

That’s what had happened to the ANA in 2018, when it acquired what had been the Direct Marketing Association (aka DMA) and which by then called itself the Data & Marketing Association.

The Partnership for Responsible Addressable Media speaks in the voice of advertising’s alien replica. It does not “safeguard essential values in advertising as a positive economic force.” Instead it wants to keep using “addressable” advertising as the primary instrument of surveillance capitalism.

Maybe it’s too late to save advertising from its alien self. But perhaps not, if what’s left of advertising’s soul takes the writings of Bob Hoffman (@AdContrarian) to heart. That’s the only way I know for advertising to clean up its act.

 

 

door knocker

Remember the dot com boom?

Doesn’t matter if you don’t. What does matter is that it ended. All business manias do.

That’s why we can expect the “platform economy” and “surveillance capitalism” to end. Sure, it’s hard to imagine that when we’re in the midst of the mania, but the end will come.

When it does, we can have a “privacy debate.” Meanwhile, there isn’t one. In fact there can’t be one, because we don’t have privacy in the online world.

We do have privacy in the offline world, and we’ve had it ever since we invented clothing, doors, locks and norms for signaling what’s okay and what’s not okay in respect to our personal spaces, possessions and information.

That we hardly have the equivalent in the networked world doesn’t mean we won’t. Or that we can’t. The Internet in its current form was only born in the mid-’90s. In the history of business and culture, that’s a blip.

Really, it’s still early.

So, the fact that websites, network services, phone companies, platforms, publishers, advertisers and governments violate our privacy with wanton disregard for it doesn’t mean we can’t ever stop them. It means we haven’t done it yet, because we don’t have the tech for it. (Sure, some wizards do, but muggles don’t. And most of us are muggles.)

And, since we don’t have privacy tech yet, we lack the simple norms that grow around technologies that give us ways signal our privacy preferences. We’ll get those when we have the digital equivalents of buttons, zippers, locks, shades, curtains, door knockers and bells.

This is what many of us have been working on at ProjectVRM, Customer Commons, the Me2B Alliance, MyData and other organizations whose mission is getting each of us the tech we need to operate at full agency when dealing with the companies and governments of the world.

I bring all this up as a “Yes, and” to a piece in Salon by Michael Corn (@MichaelAlanCorn), CISO of UCSD, titled We’re losing the war against surveillance capitalism because we let Big Tech frame the debate. Subtitle: “It’s too late to conserve our privacy — but to preserve what’s left, we must stop defining people as commodities.”

Indeed. And we do need the “optimism and activism” he calls for. In the activism category is code. Specifically, code that gives us the digital equivalents of buttons, zippers, locks, shades, curtains, door knockers and bells

Some of those are in the works. Others are not—yet. But they will be. Inevitably. Especially now that it’s becoming clearer every day that we’ll never get them from any system with a financial interest in violating it*. Or from laws that fail at protecting it.

If you want to help, join one or more of the efforts in the links four paragraphs up. And, if you’re a developer already on the case, let us know how we can help get your solutions into each and all of our digital hands.

For guidance, this privacy manifesto should help. Thanks.


*Especially publishers such as Salon, which Privacy Badger tells me tries to pump 20 potential trackers into my browser while I read the essay cited above. In fact, according to WhoTracksMe.com, Salon tends to run 204 tracking requests per page load, and the vast majority of those are for tracking-based advertising purposes. And Salon is hardly unique. Despite the best intentions of the GDPR and the CCPA, surveillance capitalism remains fully defaulted on the commercial Web—and will continue to remain entrenched until we have the privacy tech we’ve needed from the start.

For more on all this, see People vs. Adtech.

Yesterday (March 29), Zoom updated its privacy policy with a major rewrite. The new language is far more clear than what it replaced, and which had caused the concerns I detailed in my previous three posts:

  1. Zoom needs to clean up its privacy act,
  2. More on Zoom and privacy, and
  3. Helping Zoom

Those concerns were shared by Consumer ReportsForbes and others as well. (Here’s Consumer Reports‘ latest on the topic.)

Mainly the changes clarify the difference between Zoom’s services (what you use to conference with other people) and its websites, zoom.us and zoom.com (which are just one site: the latter redirects to the former). As I read the policy, nothing in the services is used for marketing. Put another way, your Zoom sessions are firewalled from adtech, and you shouldn’t worry about personal information leaking to adtech (tracking based advertising) systems.

The websites are another matter. Zoom calls those websites—its home pages—”marketing websites.” This, I suppose, is so they can isolate their involvement with adtech to their marketing work.

The problem with this is an optical one: encountering a typically creepy cookie notice and opting gauntlet (which still defaults hurried users to “consenting” to being tracked through “functional” and “advertising” cookies) on Zoom’s home page still conveys the impression that these consents, and these third parties, work across everything Zoom does, and not just its home pages.

And why call one’s home on the Web a “marketing website”—even if that’s mostly what it is? Zoom is classier than that.

My advice to Zoom is to just drop the jive. There will be no need for Zoom to disambiguate services and websites if neither is involved with adtech at all. And Zoom will be in a much better position to trumpet its commitment to privacy.

That said, this privacy policy rewrite is a big help. So thank you, Zoom, for listening.

 

[This is the third of four posts. The last of those, Zoom’s new privacy policy, visits the company’s positive response to input such as mine here. So you might want to start with that post (because it’s the latest) and look at the other three, including this one, after that.]

I really don’t want to bust Zoom. No tech company on Earth is doing more to keep civilization working at a time when it could so easily fall apart. Zoom does that by providing an exceptionally solid, reliable, friendly, flexible, useful (and even fun!) way for people to be present with each other, regardless of distance. No wonder Zoom is now to conferencing what Google is to search. Meaning: it’s a verb. Case in point: between the last sentence and this one, a friend here in town sent me an email that began with this:

That’s a screen shot.

But Zoom also has problems, and I’ve spent two posts, so far, busting them for one of those problems: their apparent lack of commitment to personal privacy:

  1. Zoom needs to cleanup its privacy act
  2. More on Zoom and privacy

With this third post, I’d like to turn that around.

I’ll start with the email I got yesterday from a person at a company engaged by Zoom for (seems to me) reputation management, asking me to update my posts based on the “facts” (his word) in this statement:

Zoom takes its users’ privacy extremely seriously, and does not mine user data or sell user data of any kind to anyone. Like most software companies, we use third-party advertising service providers (like Google) for marketing purposes: to deliver tailored ads to our users about Zoom products the users may find interesting. (For example, if you visit our website, later on, depending on your cookie preferences, you may see an ad from Zoom reminding you of all the amazing features that Zoom has to offer). However, this only pertains to your activity on our Zoom.us website. The Zoom services do not contain advertising cookies. No data regarding user activity on the Zoom platform – including video, audio and chat content – is ever used for advertising purposes. If you do not want to receive targeted ads about Zoom, simply click the “Cookie Preferences” link at the bottom of any page on the zoom.us site and adjust the slider to ‘Required Cookies.’

I don’t think this squares with what Zoom says in the “Does Zoom sell Personal Data?” section of its privacy policy (which I unpacked in my first post, and that Forbes, Consumer Reports and others have also flagged as problematic)—or with the choices provided in Zoom’s cookie settings, which list 70 (by my count) third parties whose involvement you can opt into or out of (by a set of options I unpacked in my second post). The logos in the image above are just 16 of those 70 parties, some of which include more than one domain.

Also, if all the ads shown to users are just “about Zoom,” why are those other companies in the picture at all? Specifically, under “About Cookies on This Site,” the slider is defaulted to allow all “functional cookies” and “advertising cookies,” the latter of which are “used by advertising companies to serve ads that are relevant to your interests.” Wouldn’t Zoom be in a better position to know your relevant (to Zoom) interests, than all those other companies?

More questions:

  1. Are those third parties “processors” under GDPR, or “service providers by the CCPAs definition? (I’m not an authority on either, so I’m asking.)
  2. How do these third parties know what your interests are? (Presumably by tracking you, or by learning from others who do. But it would help to know more.)
  3. What data about you do those companies give to Zoom (or to each other, somehow) after you’ve been exposed to them on the Zoom site?
  4. What targeting intelligence do those companies bring with them to Zoom’s pages because you’re already carrying cookies from those companies, and those cookies can alert those companies (or others, for example through real time bidding auctions) to your presence on the Zoom site?
  5. If all Zoom wants to do is promote Zoom products to Zoom users (as that statement says), why bring in any of those companies?

Here is what I think is going on (and I welcome corrections): Because Zoom wants to comply with GDPR and CCPA, they’ve hired TrustArc to put that opt-out cookie gauntlet in front of users. They could just as easily have used Quantcast‘s system, or consentmanager‘s, or OneTrust‘s, or somebody else’s.

All those services are designed to give companies a way to obey the letter of privacy laws while violating their spirit. That spirit says stop tracking people unless they ask you to, consciously and deliberately. In other words, opting in, rather than opting out. Every time you click “Accept” to one of those cookie notices, you’ve just lost one more battle in a losing war for your privacy online.

I also assume that Zoom’s deal with TrustArc—and, by implication, all those 70 other parties listed in the cookie gauntlet—also requires that Zoom put a bunch of weasel-y jive in their privacy policy. Which looks suspicious as hell, because it is.

Zoom can fix all of this easily by just stopping it. Other companies—ones that depend on adtech (tracking-based advertising)—don’t have that luxury. But Zoom does.

If we take Zoom at its word (in that paragraph they sent me), they aren’t interested in being part of the adtech fecosystem. They just want help in aiming promotional ads for their own services, on their own site.

Three things about that:

  1. Neither the Zoom site, nor the possible uses of it, are so complicated that they need aiming help from those third parties.
  2. Zoom is the world’s leading sellers’ market right now, meaning they hardly need to advertise at all.
  3. Being in adtech’s fecosystem raises huge fears about what Zoom and those third parties might be doing where people actually use Zoom most of the time: in its app. Again, Consumer Reports, Forbes and others have assumed, as have I, that the company’s embrasure of adtech in its privacy policy means that the same privacy exposures exist in the app (where they are also easier to hide).

By severing its ties with adtech, Zoom can start restoring people’s faith in its commitment to personal privacy.

There’s a helpful model for this: Apple’s privacy policy. Zoom is in a position to have a policy like that one because, like Apple, Zoom doesn’t need to be in the advertising business. In fact, Zoom could follow Apple’s footprints out of the ad business.

And then Zoom could do Apple one better, by participating in work going on already to put people in charge of their own privacy online, at scale. In my last post. I named two organizations doing that work. Four more are the Me2B Alliance, Kantara, ProjectVRM, and MyData.

I’d be glad to help with that too. If anyone at zoom is interested, contact me directly this time. Thanks.

 

 

 

[This is the second of four posts. The last of those, Zoom’s new privacy policy., visits the company’s positive response to input such as mine here. So you might want to start with that post (because it’s current) and look at the other three, including this one, after that.]

Zoom needs to clean up its privacy act, which I posted yesterday, hit a nerve. While this blog normally gets about 50 reads a day, by the end of yesterday it got more than 16000. So far this morning (11:15am Pacific), it has close to 8000 new reads. Most of those owe to this posting on Hacker News, which topped the charts all yesterday and has 483 comments so far. If you care about this topic, I suggest reading them.

Also, while this was going down, as a separate matter (with a separate thread on Hacker News), Zoom got busted for leaking personal data to Facebook, and promptly plugged it. Other privacy issues have also come up for Zoom. For example, this one.

But I want to stick to the topic I raised yesterday, which requires more exploration, for example into how one opts out from Zoom “selling” one’s personal data. This morning I finished a pass at that, and here’s what I found.

First, by turning off Privacy Badger on Chrome (my main browser of the moment) I got to see Zoom’s cookie notice on its index page, https://zoom.us/. (I know, I should have done that yesterday, but I didn’t. Today I did, and we proceed.) It said,

To opt out of Zoom making certain portions of your information relating to cookies available to third parties or Zoom’s use of your information in connection with similar advertising technologies or to opt out of retargeting activities which may be considered a “sale” of personal information under the California Consumer Privacy Act (CCPA) please click the “Opt-Out” button below.

The buttons below said “Accept” (pre-colored a solid blue, to encourage a yes), “Opt-Out” and “More Info.” Clicking “Opt-Out” made the notice disappear, revealing, in the tiny print at the bottom of the page, linked text that says “Do Not Sell My Personal Information.” Clicking on that link took me to the same place I later went by clicking on “More Info”: a pagelet (pop-over) that’s basically an opt-in notice:

By clicking on that orange button, you’ve opted in… I think. Anyway, I didn’t click it, but instead clicked on a smaller and less noticeable “advanced settings” link off to the right. This took me to a pagelet with this:

The “view cookies” links popped down to reveal 16 CCPA Opt-Out “Required Cookies,” 23 “Functional Cookies,” and 47 “Advertising Cookies.” You can’t separately opt out or in of the “required” ones, but you can do that with the other 70 in the sections below. It’s good, I suppose, that these are defaulted to “Out.” (Or seem to be, at least to me.)

So I hit the “Submit Preferences” button and got this:

All the pagelets say “Powered by TrustArc,” by the way. TrustArc is an off-the-shelf system for giving companies a way (IMHO) to obey the letter of the GDPR while violating its spirit. These systems do that by gathering “consents” to various cookie uses. I’m suppose Zoom is doing all this off a TrustArc API, because one of the cookies it wants to give me (blocked by Privacy Badger before I disabled that) is called “consent.trustarc.com”).

So, what’s going on here?

My guess is that Zoom is doing marketing from the lead-generation playbook, meaning that most of its intentional data collection is actually for its own use in pitching possible customers, or its own advertising on its own site, and not for leaking personal data to other parties.

But that doesn’t mean you’re not exposed, or that Zoom isn’t playing in the tracking-based advertising (aka adtech) fecosystem, and therefore is to some degree in the advertising business.

Seems to me, by the choices laid out above, that any of those third parties (up to 70 of them in my view above) are free to gather and share data about you. Also free to give you “interest based” advertising based on what those companies know about your activities elsewhere.

Alas, there is no way to tell what any of those parties actually do, because nobody has yet designed a way to keep track of, or to audit, any of the countless “consents” you click on or default to as you travel the Web. Also, the only thing keeping those valves closed in your browser are cookies that remember which valves do what (if, in fact, the cookies are set and they actually work).

And that’s only on one browser. If you’re like me, you use a number of browsers, each with its own jar of cookies.

The Zoom app is a different matter, and that’s mostly where you operate on Zoom. I haven’t dug into that one. (Though I did learn, on the ProjectVRM mailing list, that there is an open source Chrome extension, called Zoom Redirector, that will keep your Zoom session in a browser and out of the Zoom app.)

I did, however, dig down into my cookie jar in Chome to find the ones for zoom.us. It wasn’t easy. If you want to leverage my labors there, here’s my crumb trail:

  1. Settings
  2. Site Settings
  3. Cookies and Site Data
  4. See all Cookies and Site Data
  5. Zoom.us (it’s near the bottom of a very long list)

The URL for that end point is this: chrome://settings/cookies/detail?site=zoom.us). (Though dropping that URL into a new window or tab works only some of the time.)

I found 22 cookies in there. Here they are:

_zm_cdn_blocked
_zm_chtaid
_zm_client_tz
_zm_ctaid
_zm_currency
_zm_date_format
_zm_everlogin_type
_zm_ga_trackid
_zm_gdpr_email
_zm_lang
_zm_launcher
_zm_mtk_guid
_zm_page_auth
_zm_ssid
billingChannel
cmapi_cookie_privacy
cmapi_gtm_bl
cred
notice_behavior
notice_gdpr_prefs
notice_preferences
slirequested
zm_aid
zm_cluster
zm_haid

Some have obvious and presumably innocent meanings. Others … can’t tell. Also, these are just Zoom’s cookies. If I acquired cookies from any of those 70 other entities, they’re in different bags in my Chrome cookie jar.

Anyway, my point remains the same: Zoom still doesn’t need any of the advertising stuff—especially since they now (and deservedly) lead their category and are in a sellers’ market for their services. That means now is a good time for them to get serious about privacy.

As for fixing this crazy system of consents and cookies (which was broken when we got it in 1994), the only path forward starts on your side and mine. Not on the sites’ side. What each of us need is our own global way to signal our privacy demands and preferences: a Do Not Track signal, or a set of standardized and easily-read signals that sites and services will actually obey. That way, instead of you consenting to every site’s terms and policies, they consent to yours. Much simpler for everyone. Also much more like what we enjoy here in the physical world, where the fact that someone is wearing clothes is a clear signal that it would be rude to reach inside those clothes to plant a tracking beacon on them—a practice that’s pro forma online.

We can come up with that new system, and some of us are working on exactly that. My own work is with Customer Commons. The first Customer Commons term you can proffer, and sites can agree to, is called #P2B1(beta), better known as #NoStalking. it says this:

nostalking

By agreeing to #NoStalking, publishers still get to make money with ads (of the kind that have worked since forever and don’t involve tracking), and you know you aren’t being tracked, because you have a simple and sensible record of the agreement in a form both sides can keep and enforce if necessary.

Toward making that happen I’m also involved in an IEEE working group called P7012 – Standard for Machine Readable Personal Privacy Terms.

If you want to help bring these and similar solutions into the world, talk to me. (I’m first name @ last name dot com.) And if you want to read some background on the fight to turn the advertising fecosystem back into a healthy ecosystem, read here. Thanks.

Here’s the popover that greets visitors on arrival at Rolling Stone‘s website:

Our Privacy Policy has been revised as of January 1, 2020. This policy outlines how we use your information. By using our site and products, you are agreeing to the policy.

That policy is supplied by Rolling Stone’s parent (PMC) and weighs more than 10,000 words. In it the word “advertising” appears 68 times. Adjectives modifying it include “targeted,” “personalized,” “tailored,” “cookie-based,” “behavioral” and “interest-based.” All of that is made possible by, among other things—

Information we collect automatically:

Device information and identifiers such as IP address; browser type and language; operating system; platform type; device type; software and hardware attributes; and unique device, advertising, and app identifiers

Internet network and device activity data such as information about files you download, domain names, landing pages, browsing activity, content or ads viewed and clicked, dates and times of access, pages viewed, forms you complete or partially complete, search terms, uploads or downloads, the URL that referred you to our Services, the web sites you visit after this web site; if you share our content to social media platforms; and other web usage activity and data logged by our web servers, whether you open an email and your interaction with email content, access times, error logs, and other similar information. See “Cookies and Other Tracking Technologies” below for more information about how we collect and use this information.

Geolocation information such as city, state and ZIP code associated with your IP address or derived through Wi-Fi triangulation; and precise geolocation information from GPS-based functionality on your mobile devices, with your permission in accordance with your mobile device settings.

The “How We Use the Information We Collect” section says they will—

Personalize your experience to Provide the Services, for example to:

  • Customize certain features of the Services,
  • Deliver relevant content and to provide you with an enhanced experience based on your activities and interests
  • Send you personalized newsletters, surveys, and information about products, services and promotions offered by us, our partners, and other organizations with which we work
  • Customize the advertising on the Services based on your activities and interests
  • Create and update inferences about you and audience segments that can be used for targeted advertising and marketing on the Services, third party services and platforms, and mobile apps
  • Create profiles about you, including adding and combining information we obtain from third parties, which may be used for analytics, marketing, and advertising
  • Conduct cross-device tracking by using information such as IP addresses and unique mobile device identifiers to identify the same unique users across multiple browsers or devices (such as smartphones or tablets, in order to save your preferences across devices and analyze usage of the Service.
  • using inferences about your preferences and interests for any and all of the above purposes

For a look at what Rolling Stone, PMC and their third parties are up to, Privacy Badger’s browser extension “found 73 potential trackers on www.rollingstone.com:

tagan.adlightning.com
 acdn.adnxs.com
 ib.adnxs.com
 cdn.adsafeprotected.com
 static.adsafeprotected.com
 d.agkn.com
 js.agkn.com
 c.amazon-adsystem.com
 z-na.amazon-adsystem.com
 display.apester.com
 events.apester.com
 static.apester.com
 as-sec.casalemedia.com
 ping.chartbeat.net
 static.chartbeat.com
 quantcast.mgr.consensu.org
 script.crazyegg.com
 dc8xl0ndzn2cb.cloudfront.net
cdn.digitru.st
 ad.doubleclick.net
 securepubads.g.doubleclick.net
 hbint.emxdgt.com
 connect.facebook.net
 adservice.google.com
 pagead2.googlesyndication.com
 www.googletagmanager.com
 www.gstatic.com
 static.hotjar.com
 imasdk.googleapis.com
 js-sec.indexww.com
 load.instinctiveads.com
 ssl.p.jwpcdn.com
 content.jwplatform.com
 ping-meta-prd.jwpltx.com
 prd.jwpltx.com
 assets-jpcust.jwpsrv.com
 g.jwpsrv.com
pixel.keywee.co
 beacon.krxd.net
 cdn.krxd.net
 consumer.krxd.net
 www.lightboxcdn.com
 widgets.outbrain.com
 cdn.permutive.com
 assets.pinterest.com
 openbid.pubmatic.com
 secure.quantserve.com
 cdn.roiq.ranker.com
 eus.rubiconproject.com
 fastlane.rubiconproject.com
 s3.amazonaws.com
 sb.scorecardresearch.com
 p.skimresources.com
 r.skimresources.com
 s.skimresources.com
 t.skimresources.com
launcher.spot.im
recirculation.spot.im
 js.spotx.tv
 search.spotxchange.com
 sync.search.spotxchange.com
 cc.swiftype.com
 s.swiftypecdn.com
 jwplayer.eb.tremorhub.com
 pbs.twimg.com
 cdn.syndication.twimg.com
 platform.twitter.com
 syndication.twitter.com
 mrb.upapi.net
 pixel.wp.com
 stats.wp.com
 www.youtube.com
 s.ytimg.com

This kind of shit is why we have the EU’s GDPR (General Data Protection Regulation) and California’s CCPA (California Consumer Privacy Act). (No, it’s not just because Google and Facebook.) If publishers and the adtech industry (those third parties) hadn’t turned the commercial Web into a target-rich environment for suckage by data vampires, we’d never have had either law. (In fact, both laws are still new: the GDPR went into effect in May 2018 and the CCPA a few days ago.)

I’m in California, where the CCPA gives me the right to shake down the vampiretariat for all the information about me they’re harvesting, sharing, selling or giving away to or through those third parties.* But apparently Rolling Stone and PMC don’t care about that.

Others do, and I’ll visit some of those in later posts. Meanwhile I’ll let Rolling Stone and PMC stand as examples of bad acting by publishers that remains rampant, unstopped and almost entirely unpunished, even under these new laws.

I also suggest following and getting involved with the fight against the plague of data vampirism in the publishing world. These will help:

  1. Reading Don Marti’s blog, where he shares expert analysis and advice on the CCPA and related matters. Also People vs. Adtech, a compilation of my own writings on the topic, going back to 2008.
  2. Following what the browser makers are doing with tracking protection (alas, differently†). Shortcuts: Brave, Google’s Chrome, Ghostery’s Cliqz, Microsoft’s Edge, Epic, Mozilla’s Firefox.
  3. Following or joining communities working to introduce safe forms of nourishment for publishers and better habits for advertisers and their agencies. Those include Customer CommonsMe2B AllianceMyData Global and ProjectVRM.

______________

*The bill (AB 375), begins,

The California Constitution grants a right of privacy. Existing law provides for the confidentiality of personal information in various contexts and requires a business or person that suffers a breach of security of computerized data that includes personal information, as defined, to disclose that breach, as specified.

This bill would enact the California Consumer Privacy Act of 2018. Beginning January 1, 2020, the bill would grant a consumer a right to request a business to disclose the categories and specific pieces of personal information that it collects about the consumer, the categories of sources from which that information is collected, the business purposes for collecting or selling the information, and the categories of 3rd parties with which the information is shared. The bill would require a business to make disclosures about the information and the purposes for which it is used. The bill would grant a consumer the right to request deletion of personal information and would require the business to delete upon receipt of a verified request, as specified. The bill would grant a consumer a right to request that a business that sells the consumer’s personal information, or discloses it for a business purpose, disclose the categories of information that it collects and categories of information and the identity of 3rd parties to which the information was sold or disclosed…

Don Marti has a draft letter one might submit to the brokers and advertisers who use all that personal data. (He also tweets a caution here.)

†This will be the subject of my next post.

The Spinner* (with the asterisk) is “a service that enables you to subconsciously influence a specific person, by controlling the content on the websites he or she usually visits.” Meaning you can hire The Spinner* to hack another person.

It works like this:

  1. You pay The Spinner* $29. For example, to urge a friend to stop smoking. (That’s the most positive and innocent example the company gives.)
  2. The Spinner* provides you with an ordinary link you then text to your friend. When that friend clicks on the link, they get a tracking cookie that works as a bulls-eye for The Spinner* to hit with 10 different articles written specifically to influence that friend. He or she “will be strategically bombarded with articles and media tailored to him or her.” Specifically, 180 of these things. Some go in social networks (notably Facebook) while most go into “content discovery platforms” such as Outbrain and Revcontent (best known for those clickbait collections you see appended to publishers’ websites).

The Spinner* is also a hack on journalism, designed like a magic trick to misdirect moral outrage toward The Spinner’s obviously shitty business, and away from the shitty business called adtech, which not only makes The Spinner possible, but pays for most of online journalism as well.

The magician behind The Spinner* is “Elliot Shefler.” Look that name up and you’ll find hundreds of stories. Here are a top few, to which I’ve added some excerpts and notes:

  • For $29, This Man Will Help Manipulate Your Loved Ones With Targeted Facebook And Browser Links, by Parmy Olson @parmy in Forbes. Excerpt: He does say that much of his career has been in online ads and online gambling. At its essence, The Spinner’s software lets people conduct a targeted phishing attack, a common approach by spammers who want to secretly grab your financial details or passwords. Only in this case, the “attacker” is someone you know. Shefler says his algorithms were developed by an agency with links to the Israeli military.
  • For $29, This Company Swears It Will ‘Brainwash’ Someone on Facebook, by Kevin Poulson (@kpoulson) in The Daily Beast. A subhead adds, A shadowy startup claims it can target an individual Facebook user to bend him or her to a client’s will. Experts are… not entirely convinced.
  • Facebook is helping husbands ‘brainwash’ their wives with targeted ads, by Simon Chandler (@_simonchandler_) in The Daily Dot. Excerpt: Most critics assume that Facebook’s misadventures relate only to its posting of ads paid for by corporations and agencies, organizations that aim to puppeteer the “average” individual. It turns out, however, that the social network also now lets this same average individual place ads that aim to manipulate other such individuals, all thanks to the mediation of a relatively new and little-known company…
  • Brainwashing your wife to want sex? Here is adtech at its worst., by Samuel Scott (@samueljscott) in The Drum. Alas, the piece is behind a registration wall that I can’t climb without fucking myself (or so I fear, since the terms and privacy policy total 32 pages and 10,688 words I’m not going to read), so I can’t quote from it.
  • Creepy company hopes ‘Inception’ method will get your wife in the mood, by Saqib Shah (@eightiethmnt) in The Sun, via The New York Post. Excerpt: “It’s unethical in many ways,” admitted Shefler, adding “But it’s the business model of all media. If you’re against it, you’re against all media.” He picked out Nike as an example, explaining that if you visit the brand’s website it serves you a cookie, which then tailors the browsing experience to you every time you come back. A shopping website would also use cookies to remember the items you’re storing in a virtual basket before checkout. And a social network might use cookies to track the links you click and then use that information to show you more relevant or interesting links in the future…The Spinner started life in January of this year. Shefler claims the company is owned by a larger, London-based “agency” that provides it with “big data” and “AI” tools.
  • Adtech-for-sex biz tells blockchain consent app firm, ‘hold my beer’, by Rebecca Hill (@beckyhill) in The Register. The subhead says, Hey love, just click on this link… what do you mean, you’re seeing loads of creepy articles?
  • New Service Promises to Manipulate Your Wife Into Having Sex With You, by Fiona Tapp (@fionatappdotcom) in Rolling Stone. Excerpt: The Spinner team suggests that there isn’t any difference, in terms of morality, from a big company using these means to influence a consumer to book a flight or buy a pair of shoes and a husband doing the same to his wife. Exactly.
  • The Spinner And The Faustian Bargain Of Anonymized Data, by Lauren Arevalo-Downes (whose Twitter link by the piece goes to a 404) in A List Daily. On that site, the consent wall that creeps up from the bottom almost completely blanks out the actual piece, and I’m not going to “consent,” so no excertoing here either.
  • Can you brainwash one specific person with targeted Facebook ads? in TripleJ Hack, by ABC.net.au. Excerpt: Whether or not the Spinner has very many users, whether or not someone is going to stop drinking or propose marriage simply because they saw a sponsored post in their feed, it seems feasible that someone can try to target and brainwash a single person through Facebook.
  • More sex, no smoking – even a pet dog – service promises to make you a master of manipulation, by Chris Keall (@ChrisKeall) in The New Zealand Herald. Excerpt: On one level, The Spinner is a jape, rolled out as a colour story by various publications. But on another level it’s a lot more sinister: apparently yet another example of Facebook’s platform being abused to invade privacy and manipulate thought.
  • The Cambridge Analytica of Sex: Online service to manipulate your wife to have sex with you, by Ishani Ghose in meaww. Excerpt: The articles are all real but the headlines and the descriptions have been changed by the Spinner team. The team manipulating the headlines of these articles include a group of psychologists from an unnamed university. As the prepaid ads run, the partner will see headlines such as “3 Reasons Why YOU Should Initiate Sex With Your Husband” or “10 Marriage Tips Every Woman Needs to Hear”.

Is Spinner for real?

“Elliot Shefler” is human for sure. But his footprint online is all PR. He’s not on Facebook, Twitter or Instagram. The word “Press” (as in coverage) at the top of the Spinner website is just a link to a Google search for Elliot Shefler, not to curated list such as a real PR person or agency might compile.

Fortunately, a real PR person, Rich Leigh (@RichLeighPR) did some serious digging (you know, like a real reporter) and presented his findings in his blog, PR Examples, in a post titled Frustrated husbands can ‘use micro-targeted native ads to influence their wives to initiate sex’ – surely a PR stunt? Please, a PR stunt? It ran last July 10th, the day after Rich saw this tweet by Maya Kosoff (@mekosoff):

—and this one:

The links to (and in) those tweets no longer work, but the YouTube video behind one of the links is still up. The Spinner itself produced the video, which is tricked to look like a real news story. (Rich does some nice detective work, figuring that out.) The image above is a montage I put together from screenshots of the video.

Here’s some more of what Rich found out:

  • Elliot – not his real name, incidentally, his real name is Halib, a Turkish name (he told me) – lives, or told me he lives, in Germany

  • When I asked him directly, he assured me that it was ‘real’, and when I asked him why it didn’t work when I tried to pay them money, told me that it would be a technical issue that would take around half an hour to fix, likely as a result of ‘high traffic. I said I’d try again later. I did – keep reading

  • It is emphatically ‘not’ PR or marketing for anything

  • He told me that he has 5-6,000 paying users – that’s $145,000 – $174,000, if he’s telling the truth

  • Halib said that Google Ads were so cheap as nobody was bidding on them for the terms he was going for, and they were picking up traffic for ‘one or two cents’

  • He banked on people hate-tweeting it. “I don’t mind what they feel, as long as they think something”, Halib said – which is scarily like something I’ve said in talks I’ve given about coming up with PR ideas that bang

  • The service ‘works’ by dropping a cookie, which enables it to track the person you’re trying to influence in order to serve specific content. I know we had that from the site, but it’s worth reiterating

Long post short, Rich says Habib and/or Elliot is real, and so is The Spinner.

But what matters isn’t whether or not The Spinner is real. It’s that The Spinner misdirects reporters’ attention away from what adtech is and does, which is spy on people for the purpose of aiming stuff at them. And that adtech isn’t just what funds all of Facebook and much of Google (both giant and obvious targets of journalistic scrutiny), but what funds nearly all of publishing online, including most reporters’ salaries.

So let’s look deeper, starting here: There is no moral difference between planting an unseen tracking beacon on a person’s digital self and doing the same on a person’s physical self.

The operational difference is that in the online world it’s a helluva lot easier to misdirect people into thinking they’re not being spied on. Also a helluva lot easier for spies and intermediaries (such as publishers) to plausibly deny that spying is what they’re doing. And to excuse it, saying for example “It’s what pays for the Free Internet!” Which is bullshit, because the Internet, including the commercial Web, got along fine for many years before adtech turned the whole thing into Mos Eisley. And it will get along fine without adtech after we kill it, or it dies of its own corruption.

Meanwhile the misdirection continues, and it’s away from a third rail that honest and brave journalists† need to grab: that adtech is also what feeds most of them.

______________

† I’m being honest here, but not brave. Because I’m safe. I don’t work for a publication that’s paid by adtech. At Linux Journal, we’re doing the opposite, by being the first publication ready to accept terms that our readers proffer, starting with Customer CommonsP2B1(beta), which says “Just show me ads not based on tracking me.”

I came up with that law in the last millennium and it applied until Chevy discontinued the Cavalier in 2005. Now it should say, “You’re going to get whatever they’ve got.”

The difference is that every car rental agency in days of yore tended to get their cars from a single car maker, and now they don’t. Back then, if an agency’s relationship was with General Motors, which most of them seemed to be, the lot would have more of GM’s worst car than of any other kind of car. Now the car you rent truly is whatever. In the last year we’ve rented at least one Kia, Hyundai, Chevy, Nissan, Volkswagen, Ford and Toyota, and that’s just off the top of my head. (By far the best was a Chevy Impala. I actually loved it. So, naturally, it’s being discontinued.)

All of that, of course, applies only in the U.S. I know less about car rental verities in Europe, since I haven’t rented a car there since (let’s see…) 2011.

Anyway, when I looked up doc searls chevy cavalier to find whatever I’d written about my felicitous Fourth Law, the results included this, from my blog in 2004…

Five years later, the train pulls into Madison Avenue

ADJUSTING TO THE REALITY OF A CONSUMER-CONTROLLED MARKET, by Scott Donathon in Advertising Age. An excerpt:

Larry Light, global chief marketing officer at McDonald’s, once again publicly declared the death of the broadcast-centric ad model: “Mass marketing today is a mass mistake.” McDonald’s used to spend two-thirds of its ad budget on network prime time; that figure is now down to less than one-third.

General Motors’ Roger Adams, noting the automaker’s experimentation with less-intrusive forms of marketing, said, “The consumer wants to be in control, and we want to put them in control.” Echoed Saatchi & Saatchi chief Kevin Roberts, “The consumer now has absolute power.”

“It is not your goddamn brand,” he told marketers.

This consumer empowerment is at the heart of everything. End users are now in control of how, whether and where they consume information and entertainment. Whatever they don’t want to interact with is gone. That upends the intrusive model the advertising business has been sustained by for decades.

This is still fucked, of course. Advertising is one thing. Customer relationships are another.

“Consumer empowerment” is an oxymoron. Try telling McDonalds you want a hamburger that doesn’t taste like a horse hoof. Or try telling General Motors that nobody other than rental car agencies wants to buy a Chevy Cavalier or a Chevy Classic; or that it’s time, after 60 years of making crap fixtures and upholstery, to put an extra ten bucks (or whatever it costs) into trunk rugs that don’t seem like the company works to make them look and feel like shit. Feel that “absolute power?” Or like you’re yelling at the pyramids?

Real demand-side empowerment will come when it’s possible for any customer to have a meaningful — and truly valued — conversation with people in actual power on the supply side. And those conversations turn into relationships. And those relationships guide the company.

I’ll believe it when I see it.

Meanwhile the decline of old-fashioned brand advertising on network TV (which now amounts to a smaller percentage of all TV in any case) sounds more to me like budget rationalization than meaningful change where it counts.

Thanks to Terry for the pointer.

Three things about that.

First, my original blog (which ran from 1999 to 2007) is still up, thanks to Jake Savin and Dave Winer, at http://weblog.searls.com. (Adjust your pointers. It’ll help Google and Bing forget the old address.)

Second, I’ve been told by rental car people that the big American car makers actually got tired of hurting their brands by making shitty cars and scraping them off on rental agencies. So now the agencies mostly populate their lots surplus cars that don’t make it to dealers for various reasons. They also let their cars pile up 50k miles or more before selling them off. Also, the quality of cars in general is much higher than it used to be, and the experience of operating them is much more uniform—meaning blah in nearly identical ways.

Third, I’ve changed my mind on brand advertising since I wrote that. Two reasons. One is that brand advertising sponsors the media it runs on, which is a valuable thing. The other is that brand advertising really does make a brand familiar, which is transcendently valuable to the brand itself. There is no way personalized and/or behavioral advertising can do the same. Perhaps as much as $2trillion has been spent on tracking-based digital advertising, and not one brand known to the world has been made by it.

And one more thing: since we don’t commute, and we don’t need a car most of the time, we now favor renting cars over owning them. Much simpler and much cheaper. And the cars we rent tend to be nicer than the used cars we’ve owned and mostly driven into the ground. You never know what you’re going to get, but generally they’re not bad, and not our problem if something goes wrong with one, which almost never happens.

 

Really?

It’s misses like this that have people thinking there’s nothing to fear from AI.

Tags: , , ,

fruit thought

If personal data is actually a commodity, can you buy some from another person, as if that person were a fruit stand? Would you want to?

Not yet. Or maybe not really.

Either way, that’s the idea behind the urge by some lately to claim personal data as personal property, and then to make money (in cash, tokens or cryptocurrency) by selling or otherwise monetizing it. The idea in all these cases is to somehow participate in existing (entirely extractive) commodity markets for personal data.

ProjectVRM, which I direct, is chartered to “foster development of tools and services that make customers both independent and better able to engage,” and is a big tent. That’s why on the VRM Developments Work page of the ProjectVRM wiki is a heading called Markets for Personal Data. Listed there are:

So we respect that work. We are sure to learn from it. But we also need to respect the structural problems it faces.

The first problem is that, economically speaking, data is a public good, meaning non-rivalrous and non-excludable. (Rivalrous means consumption or use by one party prevents the same by another, and excludable means you can prevent parties that don’t pay from access to it.) Here’s a table from Linux Journal column I wrote a few years ago:

Excludability Excludability
YES NO
Rivalness YES Private good: good: e.g., food, clothing, toys, cars, products subject to value-adds between first sources and final customers Common pool resource: e.g., sea, rivers, forests, their edible inhabitants and other useful contents
Rivalness NO Club good: e.g., bridges, cable TV, private golf courses, controlled access to copyrighted works Public good: e.g., data, information, law enforcement, national defense, fire fighting, public roads, street lighting

 

The second problem is that nature of data as a public good also inconveniences claims that it ought to be property. Thomas Jefferson explained this in his 1813 letter to Isaac MacPherson:

If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it. Its peculiar character, too, is that no one possesses the less, because every other possesses the whole of it. He who receives an idea from me, receives instruction himself without lessening mine; as he who lights his taper at mine, receives light without darkening me. That ideas should freely spread from one to another over the globe, for the moral and mutual instruction of man, and improvement of his condition, seems to have been peculiarly and benevolently designed by nature, when she made them, like fire, expansible over all space, without lessening their density in any point, and like the air in which we breathe, move, and have our physical being, incapable of confinement or exclusive appropriation

Of course Jefferson never heard of data. But what he says about “the thinking power called an idea,” and how ideas are like fire, is important for us to get our heads around amidst the rising chorus of voices insistenting that data is a form of property.

The third problem is that there are better legal frameworks than property law for protecting personal data. In Do we really want to “sell” ourselves? The risks of a property law paradigm for personal data ownership, Elizabeth Renieris and Dazza Greenwood write,

Who owns your data? It’s a popular question of late in the identity community, particularly in the wake of Cambridge Analytica, numerous high-profile Equifax-style data breaches, and the GDPR coming into full force and effect. In our view, it’s not only the wrong question to be asking but it’s flat out dangerous when it frames the entire conversation. While ownership implies a property law model of our data, we argue that the legal framework for our identity-related data must also consider constitutional or human rights laws rather than mere property law rules

Under common law, ownership in property is a bundle of five rights — the rights of possession, control, exclusion, enjoyment, and disposition. These rights can be separated and reassembled according to myriad permutations and exercised by one or more parties at the same time. Legal ownership or “title” of real property (akin to immovable property under civil law) requires evidence in the form of a deed. Similarly, legal ownership of personal property (i.e. movable property under civil law) in the form of commercial goods requires a bill of lading, receipt, or other document of title. This means that proving ownership or exerting these property rights requires backing from the state or sovereign, or other third party. In other words, property rights emanate from an external source and, in this way, can be said to be extrinsic rights. Moreover, property rights are alienable in the sense that they can be sold or transferred to another party.

Human rights — in stark contrast to property rights — are universal, indivisible, and inalienable. They attach to each of us individually as humans, cannot be divided into sticks in a bundle, and cannot be surrendered, transferred, or sold. Rather, human rights emanate from an internal source and require no evidence of their existence. In this way, they can be said to be intrinsic rights that are self-evident. While they may be codified or legally recognized by external sources when protected through constitutional or international laws, they exist independent of such legal documents. The property law paradigm for data ownership loses sight of these intrinsic rights that may attach to our data. Just because something is property-like, does not mean that it is — or that it should be — subject to property law.

In the physical realm, it is long settled that people and organs are not treated like property. Moreover, rights to freedom from unreasonable search and seizure, to associate and peaceably assemble with others, and the rights to practice religion and free speech are not property rights — rather, they are constitutional rights under U.S. law. Just as constitutional and international human rights laws protect our personhood, they also protect things that are property-like or exhibit property-like characteristics. The Fourth Amendment of the U.S. Constitution provides “the right of the people to be secure in their persons” but also their “houses, papers, and effects.” Similarly, the Universal Declaration of Human Rights and the European Convention on Human Rights protect the individual’s right to privacy and family life, but also her “home and correspondence”…

Obviously some personal data may exist in property-form just as letters and diaries in paper form may be purchased and sold in commerce. The key point is that sometimes these items are also defined as papers and effects and therefore subject to Fourth Amendment and other legal frameworks. In other words, there are some uses of (and interests in) our data that transform it from an interest in property to an interest in our personal privacy — that take it from the realm of property law to constitutional or human rights law. Location data, biological, social, communications and other behavioral data are examples of data that blend into personal identity itself and cross this threshold. Such data is highly revealing and the big-data, automated systems that collect, track and analyze this data make the need to establish proportional protections and safeguards even more important and more urgent. It is critical that we apply the correct legal framework.

The fourth problem is that all of us as human beings are able to produce forms of value that far exceed that of our raw personal data. Specifically, treating data as if it were a rivalrous and excludable commodity—such as corn, oil or fruit—not only takes Jefferson’s “thinking power” off the table, but misdirects attention, investment and development work away from supporting the human outputs that are fully combustible, and might be expansible over all space, without lessening density. Ideas can do that. Oil can’t, combustible or not.

Put another way, why would you want to make almost nothing (the likely price) from selling personal data on a commodity basis when you can make a lot more by selling your work where markets for work exist, and where rights are fully understood and protected within existing legal frameworks?

What makes us fully powerful as human beings is our ability to generate and share ideas and other goods that are expansible over all space, and not just to slough off data like so much dandruff. Or to be valued only for the labors we contribute as parts of industrial machines.

Important note: I’m not knocking labor here. Most of us have to work for wages, either as parts of industrial machines, or as independent actors. There is full honor in that. Yet our nature as distinctive and valuable human beings is to be more and other than a source of labor alone, and there are ways to make money from that fact too.

Many years ago JP Rangaswami (@jobsworth) and I made a distinction between making money with something and because of something.

Example: I don’t make money with this blog. But I do make money because of it—and probably a lot more money than I would if this blog carried advertising or if I did it for a wage. JP and I called this way of making money a because effect. The entire Internet, the World Wide Web and the totality of free and open source code all have vast because effects in money made with products and services that depend on those graces. Each are rising free tides that lift all commercial boats. Non-commercial ones too.

Which gets us to the idea behind declaring personal data as personal property, and creating marketplaces where people can sell their data.

The idea goes like this: there is a $trillion or more in business activity that trades or relies on personal data in many ways. Individual sources of that data should be able to get in on the action.

Alas, most of that $trillion is in what Shoshana Zuboff calls surveillance capitalism: a giant snake-ball of B2B activity wherein there is zero interest in buying what can be exploited for free.

Worse, surveillance capitalism’s business is making guesses about you, so it can sell you shit. On a per-message basis, this works about 0% of the time, even though massive amounts of money flow through that B2B snakeball (visualized as abstract rectangles here and here). Many reasons for that. Here are a few:

  1. Most of the time, such as right here and now, you’re not buying a damn thing, and not in a mood to be bothered by someone telling you what to buy.
  2. Companies paying other companies to push shit at you do not have your interests at heart—not even if their messages to you are, as they like to put it, “relevant” or “interest based.” (Which they almost always are not.)
  3. The entrails of surveillance capitalism are fully infected with fraud and malware.
  4. Surveillance capitalism is also quite satisfied to soak up to 97% of an advertising spend before an ad’s publisher gets its 3% for pushing an ad at you.

Trying to get in on that business is an awful proposition.

Yes, I know it isn’t just surveillance capitalists who hunger for personal data. The health care business, for example, can benefit enormously from it, and is less of a snakeball, on the whole. But what will it pay you? And why should it pay you?

Won’t large quantities of anonymized personal data from iOS and Android devices, handed over freely, be more valuable to medicine and pharma than the few bits of data individuals might sell? (Apple has already ventured in that direction, very carefully, also while not paying for any personal data.)

And isn’t there something kinda suspect about personal data for sale? Such as motivating the unscrupulous to alter some of their data so it’s worth more?

What fully matters for people in the digital world is agency, not data. Agency is the power to act with full effect in the world. It’s what you have when you put your pants on, when you walk, or drive, or tell somebody something useful while they listen respectfully. It’s what you get when you make a deal with an equal.

It’s not what any of us get when we’re just “users” on a platform. Or when we click “agree” to one-sided terms the other party can change and we can’t. Both of those are norms in Web 2.0 and desperately need to be killed.

But it’s still early. Web 2.0 is an archaic stage in the formation of the digital world. Surveillance capitalism has also been a bubble ready to pop for years. The matter is when, not if. The whole thing is too absurd, corrupt, complex and annoying to keep living forever.

So let’s give people ways to increase their agency, at scale, in the digital world. There’s no scale in selling one’s personal data. But there’s plenty in putting better human powers to work.

If we’re going to obsess over personal data, let’s look instead toward ways to regulate or control over how our personal data might be used by others. There are lots of developers at work on this already. Here’s one list at ProjectVRM.

Bonus links:

 

 

 

 

« Older entries