privacy

You are currently browsing the archive for the privacy category.

Nature and the Internet both came without privacy.

The difference is that we’ve invented privacy tech in the natural world, starting with clothing and shelter, and we haven’t yet done the same in the digital world.

When we go outside in the digital world, most of us are still walking around naked. Worse, nearly every commercial website we visit plants tracking beacons on us to support the extractive economy in personal data called adtech: tracking-based advertising.

In the natural world, we also have long-established norms for signaling what’s private, what isn’t, and how to respect both. Laws have grown up around those norms as well. But let’s be clear: the tech and the norms came first.

Yet for some reason many of us see personal privacy as a grace of policy. It’s like, “The answer is policy. What is the question?”

Two such answers arrived with this morning’s New York TimesFacebook Is Not the Problem. Lax Privacy Rules Are., by the Editorial Board; and Can Europe Lead on Privacy?, by ex-FCC Chairman Tom Wheeler. Both call for policy. Neither see possibilities for personal tech. To both, the only actors in tech are big companies and big government, and it’s the job of the latter to protect people from the former. What they both miss is that we need what we might call big personal. We can only get that with with personal tech gives each of us power not just resist encroachments by others, but to have agency. (Merriam Websterthe capacity, condition, or state of acting or of exerting power.)

We acquired agency with personal computing and the Internet. Both were designed to make everyone an Archimedes. We also got a measure of it with the phones and tablets we carry around in our pockets and purses. None are yet as private as they should be, but making them fully private is the job of tech.

I bring this up because we will be working on privacy tech over the next four days at the Computer History Museum, first at VRM Day, today, and then over next three days at IIW: the Internet Identity Workshop.

On the table at both are work some of us, me included, are doing through Customer Commons on terms we can proffer as individuals, and the sites and services of the world can agree to.

Those terms are examples of what we call customertech: tech that’s ours and not Facebook’s or Apple’s or Google’s or Amazon’s.

The purpose is to turn the connected marketplace into a Marvel-like universe in which all of us are enhanced. It’ll be interesting to see what kind of laws follow.*

But hey, let’s invent the tech we need first.

*BTW, I give huge props to the EU for the General Data Protection Regulation, which is causing much new personal privacy tech development and discussion. I also think it’s an object lesson in what can happen when an essential area of tech development is neglected, and gets exploited by others for lack of that development.

Also, to be clear, my argument here is not against policy, but for tech development. Without the tech and the norms it makes possible, we can’t have fully enlightened policy.

Bonus link.

Let’s start with Facebook’s Surveillance Machine, by Zeynep Tufekci in last Monday’s New York Times. Among other things (all correct), Zeynep explains that “Facebook makes money, in other words, by profiling us and then selling our attention to advertisers, political actors and others. These are Facebook’s true customers, whom it works hard to please.”

Irony Alert: the same is true for the Times, along with every other publication that lives off adtech: tracking-based advertising. These pubs don’t just open the kimonos of their readers. They bring readers’ bare digital necks to vampires ravenous for the blood of personal data, all for the purpose of aiming “interest-based” advertising at those same readers, wherever those readers’ eyeballs may appear—or reappear in the case of “retargeted” advertising.

With no control by readers (beyond tracking protection which relatively few know how to use, and for which there is no one approach, standard, experience or audit trail), and no blood valving by the publishers who bare those readers’ necks, who knows what the hell actually happens to the data?

Answer: nobody knows, because the whole adtech “ecosystem” is a four-dimensional shell game with hundreds of players

or, in the case of “martech,” thousands:

For one among many views of what’s going on, here’s a compressed screen shot of what Privacy Badger showed going on in my browser behind Zeynep’s op-ed in the Times:

[Added later…] @ehsanakhgari tweets pointage to WhoTracksMe’s page on the NYTimes, which shows this:

And here’s more irony: a screen shot of the home page of RedMorph, another privacy protection extension:

That quote is from Free Tools to Keep Those Creepy Online Ads From Watching You, by Brian X. Chen and Natasha Singer, and published on 17 February 2016 in the Times.

The same irony applies to countless other correct and important reporting on the Facebook/Cambridge Analytica mess by other writers and pubs. Take, for example, Cambridge Analytica, Facebook, and the Revelations of Open Secrets, by Sue Halpern in yesterday’s New Yorker. Here’s what RedMorph shows going on behind that piece:

Note that I have the data leak toward Facebook.net blocked by default.

Here’s a view through RedMorph’s controller pop-down:

And here’s what happens when I turn off “Block Trackers and Content”:

By the way, I want to make clear that Zeynep, Brian, Natasha and Sue are all innocents here, thanks both to the “Chinese wall” between the editorial and publishing functions of the Times, and the simple fact that the route any ad takes between advertiser and reader through any number of adtech intermediaries is akin to a ball falling through a pinball machine. Refresh your page while reading any of those pieces and you’ll see a different set of ads, no doubt aimed by automata guessing that you, personally, should be “impressed” by those ads. (They’ll count as “impressions” whether you are or not.)

Now…

What will happen when the Times, the New Yorker and other pubs own up to the simple fact that they are just as guilty as Facebook of leaking their readers’ data to other parties, for—in many if not most cases—God knows what purposes besides “interest-based” advertising? And what happens when the EU comes down on them too? It’s game-on after 25 May, when the EU can start fining violators of the General Data Protection Regulation (GDPR). Key fact: the GDPR protects the data blood of what they call “EU data subjects” wherever those subjects’ necks are exposed in borderless digital world.

To explain more about how this works, here is the (lightly edited) text of a tweet thread posted this morning by @JohnnyRyan of PageFair:

Facebook left its API wide open, and had no control over personal data once those data left Facebook.

But there is a wider story coming: (thread…)

Every single big website in the world is leaking data in a similar way, through “RTB bid requests” for online behavioural advertising #adtech.

Every time an ad loads on a website, the site sends the visitor’s IP address (indicating physical location), the URL they are looking at, and details about their device, to hundreds -often thousands- of companies. Here is a graphic that shows the process.

The website does this to let these companies “bid” to show their ad to this visitor. Here is a video of how the system works. In Europe this accounts for about a quarter of publishers’ gross revenue.

Once these personal data leave the publisher, via “bid request”, the publisher has no control over what happens next. I repeat that: personal data are routinely sent, every time a page loads, to hundreds/thousands of companies, with no control over what happens to them.

This means that every person, and what they look at online, is routinely profiled by companies that receive these data from the websites they visit. Where possible, these data and combined with offline data. These profiles are built up in “DMPs”.

Many of these DMPs (data management platforms) are owned by data brokers. (Side note: The FTC’s 2014 report on data brokers is shocking. See https://www.ftc.gov/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014. There is no functional difference between an #adtech DMP and Cambridge Analytica.

—Terrell McSweeny, Julie Brill and EDPS

None of this will be legal under the #GDPR. (See one reason why at https://t.co/HXOQ5gb4dL). Publishers and brands need to take care to stop using personal data in the RTB system. Data connections to sites (and apps) have to be carefully controlled by publishers.

So far, #adtech’s trade body has been content to cover over this wholesale personal data leakage with meaningless gestures that purport to address the #GDPR (see my note on @IABEurope current actions here: https://t.co/FDKBjVxqBs). It is time for a more practical position.

And advertisers, who pay for all of this, must start to demand that safe, non-personal data take over in online RTB targeting. RTB works without personal data. Brands need to demand this to protect themselves – and all Internet users too. @dwheld @stephan_lo @BobLiodice

Websites need to control
1. which data they release in to the RTB system
2. whether ads render directly in visitors’ browsers (where DSPs JavaScript can drop trackers)
3. what 3rd parties get to be on their page
@jason_kint @epc_angela @vincentpeyregne @earljwilkinson 11/12

Lets work together to fix this. 12/12

Those last three recommendations are all good, but they also assume that websites, advertisers and their third party agents are the ones with the power to do something. Not readers.

But there’s lots readers will be able to do. More about that shortly. Meanwhile, publishers can get right with readers by dropping #adtech and going back to publishing the kind of high-value brand advertising they’ve run since forever in the physical world.

That advertising, as Bob Hoffman (@adcontrarian) and Don Marti (@dmarti) have been making clear for years, is actually worth a helluva lot more than adtech, because it delivers clear creative and economic signals and comes with no cognitive overhead (for example, wondering where the hell an ad comes from and what it’s doing right now).

As I explain here, “Real advertising wants to be in a publication because it values the publication’s journalism and readership” while “adtech wants to push ads at readers anywhere it can find them.”

Doing real advertising is the easiest fix in the world, but so far it’s nearly unthinkable for the ad industry because it has been defaulted for more than twenty years to an asymmetric power relationship between readers and publishers called client-server. I’ve been told that client-server was chosen as the name for this relationship because “slave-master” didn’t sound so good; but I think the best way to visualize it is calf-cow:

As I put it at that link (way back in 2012), Client-server, by design, subordinates visitors to websites. It does this by putting nearly all responsibility on the server side, so visitors are just users or consumers, rather than participants with equal power and shared responsibility in a truly two-way relationship between equals.

It doesn’t have to be that way. Beneath the Web, the Net’s TCP/IP protocol—the gravity that holds us all together in cyberspace—remains no less peer-to-peer and end-to-end than it was in the first place. Meaning there is nothing to the Net that prevents each of us from having plenty of power on our own.

On the Net, we don’t need to be slaves, cattle or throbbing veins. We can be fully human. In legal terms, we can operate as first parties rather than second ones. In other words, the sites of the world can click “agree” to our terms, rather than the other way around.

Customer Commons is working on exactly those terms. The first publication to agree to readers terms is Linux Journal, where I am now the editor-in-chief. The first of those terms is #P2B1(beta), says “Just show me ads not based on tracking me,” and is hashtagged #NoStalking.

In Help Us Cure Online Publishing of Its Addiction to Personal Data, I explain how this models the way advertising ought to be done: by the grace of readers, with no spying.

Obeying readers’ terms also carries no risk of violating privacy laws, because every pub will have contracts with its readers to do the right thing. This is totally do-able. Read that last link to see how.

As I say there, we need help. Linux Journal still has a small staff, and Customer Commons (a California-based 501(c)(3) nonprofit) so far consists of five board members. What it aims to be is a worldwide organization of customers, as well as the place where terms we proffer can live, much as Creative Commons is where personal copyright licenses live. (Customer Commons is modeled on Creative Commons. Hats off to the Berkman Klein Center for helping bring both into the world.)

I’m also hoping other publishers, once they realize that they are no less a part of the surveillance economy than Facebook and Cambridge Analytica, will help out too.

[Later…] Not long after this post went up I talked about these topics on the Gillmor Gang. Here’s the video, plus related links.

I think the best push-back I got there came from Esteban Kolsky, (@ekolsky) who (as I recall anyway) saw less than full moral equivalence between what Facebook and Cambridge Analytica did to screw with democracy and what the New York Times and other ad-supported pubs do by baring the necks of their readers to dozens of data vampires.

He’s right that they’re not equivalent, any more than apples and oranges are equivalent. The sins are different; but they are still sins, just as apples and oranges are still both fruit. Exposing readers to data vampires is simply wrong on its face, and we need to fix it. That it’s normative in the extreme is no excuse. Nor is the fact that it makes money. There are morally uncompromised ways to make money with advertising, and those are still available.

Another push-back is the claim by many adtech third parties that the personal data blood they suck is anonymized. While that may be so, correlation is still possible. See Study: Your anonymous web browsing isn’t as anonymous as you think, by Barry Levine (@xBarryLevine) in Martech Today, which cites De-anonymizing Web Browsing Data with Social Networks, a study by Jessica Su (@jessicatsu), Ansh Shukla (@__anshukla__) and Sharad Goel (@5harad)
of Stanford and Arvind Narayanan (@random_walker) of Princeton.

(Note: Facebook and Google follow logged-in users by name. They also account for most of the adtech business.)

One commenter below noted that this blog as well carries six trackers (most of which I block).. Here is how those look on Ghostery:

So let’s fix this thing.

[Later still…] Lots of comments in Hacker News as well.

[Later again (8 April 2018)…] About the comments below (60+ so far): the version of commenting used by this blog doesn’t support threading. If it did, my responses to comments would appear below each one. Alas, some not only appear out of sequence, but others don’t appear at all. I don’t know why, but I’m trying to find out. Meanwhile, apologies.

away2remember2manytabsFor today’s entries, I’m noting which linked pieces require you to turn off tracking protection, meaning tracking is required by those publishers. I’m also annotating entries with hashtags and organizing sections into bulleted lists.


#AdBlocking and #Advertising

#Apple

#Photography

#Other

2017-03-27_subwayphones

shot this picture with my phone on the subway last night, while no less absorbed in my personal rectangle than everyone else on the subway (and I do mean everyone) was with theirs.

I don’t know what the other passengers were doing on their rectangles, though it’s not hard to guess. In my case it was spinning through emails, texting, tweeting, checking various other apps (weather, navigation, calendar) and listening to podcasts.

We shape our tools and then they shape us. That’s was and remains Marshall McLuhan‘s main point. The us is both singular and plural. We get shaped, and so do our infrastructures, societies, governments and the rest of what we do in the civilized world. (Here’s an example of all four of those happening at once: People won’t stop staring at their phones, so a Dutch town put traffic lights on the ground. From Quartz.)

Two years from now, most of the phones used by people in this shot will be traded in, discarded or re-purposed. But will we remain just as tethered to Apple, Google, Facebook, Amazon, telcos and the other feudal overlords* that sell us our rectangles and connect to the world? (*A metaphor we owe to Bruce Schneier.)

The deeper question is whether we’ll be dependent serfs to sovereigns with silos or self-sovereign as free-range human beings in truly open societies.

The answer will probably be some combination of both. In the meantime, however, one clear need is for greater independence and agency, at least at the individual level. (There are similar needs at the social, political and economic spheres as well, but let’s keep this personal.)

Obsolescence will help.

Within the next two years (just like the last two and the two before that), most phones will do less old-fashioned telephony, text, audio and video, and much more cool (and perhaps scary) new shit (VR, AI, IA, CX and other two-letter acronyms, to name a few off the top of my head and my screen).

Just as surely they’ll also give us new ways to shape what we do and be shaped as well. Perhaps by then mass media will finish getting turning into the mess media it actually is already, though we don’t call it that yet.

One big Hmm is What comes after phone use spreads beyond ubiquity (when most of us have multiple rectangles)?

Everything gets obsolesced, one way or another. That doesn’t mean it goes away. It just means something else comes along that’s better for the main purpose, while the obsolesced tech still hangs around in a subordinated, subsumed or specialized state. Print did that to script, Radio did that to print, TV did it to radio, and the Net is doing it to damn near every other medium we can name, subsuming them all and stretching their effects to the absolute limit by eliminating the distances between everything while pushing costs toward zero. (See The Giant Zero for more on that.)

Thus, while all our asses still sit on Earth in physical space, our digital selves float weightlessly in a non-space with no gravity or distance. Since progress is the process by which the miraculous becomes mundane, we already experience these two states non-ironically and all at once. Even this isn’t new. Here’s what I wrote about it in The Intention Economy, published in 2012:

Story #1. It’s 2002, and the kid is seven. As always, he’s full of questions. As sometimes happens, I don’t have an answer. But this time he comes back with a simple demand:

“Look it up,” he says.

“I can’t. I’m driving.”

“Look it up anyway.”

“I need a computer for that.”

“Why?”

Story #2. It’s 2007, and we are staying overnight in the house of an old family friend. In a guest bedroom is a small portable 1970’s-vintage black-and-white TV. On the front of the TV are a volume control and two tuning dials: one for channels 2-13, the other for 14-83. The kid examines the device for a minute or two and says, “What is this?” I say it’s a TV. He points at the two dials and asks, “Then what are these for?”

Progress is how the miraculous becomes mundane. The beauty of stars would be legend, Emerson said, if they only showed through the clouds but once every thousand years. What would he have made of commercial aviation, a system by which millions of people fly all over the globe, every day, leaping continents and oceans in just a few hours, while complaining of bad food and slow service, and shutting their windows to block light from the clouds below so they can watch a third-rate movie with bad sound on a tiny screen?

The Internet is a sky of stars we’ve made for ourselves (and of ourselves), all just a few clicks away.

McLuhan says the effects of every new medium can be understood through four questions he calls a tetrad, illustrated this way:

250px-mediatetrad-svg

Put a new medium in the middle and then sort effects into the four corners by answering a question for each:

  1. What does the medium enhance?
  2. What does the medium make obsolete?
  3. What does the medium retrieve that had been obsolesced earlier?
  4. What does the medium reverse or flip into when pushed to extremes?

These are posed as questions because they should help us understand what’s going on, not so we can come up with perfect or final answers. There can be many answers to each question, all arguable.

So let’s look at smartphones. I suggest they—

  • Enhance conversation
  • Obsolesce mass media (print, radio, TV, cinema, whatever)
  • Retrieve personal agency (the ability to act with effect in the world)
  • Reverse into isolation (also into lost privacy through exposure to surveillance and exploitation)

don’t think we’re all the way into any of those yet, even as every damn one of us in a subway rewires our brains in real time using rectangles that extend our presence, involvement and effects in the world. Ironies abound, invisible, unnoticed. We all smell something, but perhaps it’s best that don’t know it’s countless frogs boiling, all at once.

Item: every subway station in New York and Boston now has cellular service, and many (at least in New York) have public Wi-Fi as well. But New York is still behind London, Paris and Boston in full deployment, because there is mobile phone and data service in the tunnels under those cities and not just in the stations.

So here’s another question: what will put smartphones in that lower right box?

I don’t have answers; I’m just sure there will be some—and that we’ll have passed Peak Phone when they come.

Tags: , ,

 

amsterdam-streetImagine you’re on a busy city street where everybody who disagrees with you disappears.

We have that city now. It’s called media—especially the social kind.

You can see how this works on Wall Street Journal‘s Blue Feed, Red Feed page. Here’s a screen shot of the feed for “Hillary Clinton” (one among eight polarized topics):

blue-red-wsj

Both invisible to the other.

We didn’t have that in the old print and broadcast worlds, and still don’t, where they persist. (For example, on news stands, or when you hit SCAN on a car radio.)

But we have it in digital media.

Here’s another difference: a lot of the stuff that gets shared is outright fake. There’s a lot of concern about that right now:

fakenews

Why? Well, there’s a business in it. More eyeballs, more advertising, more money, for more eyeballs for more advertising. And so on.

Those ads are aimed by tracking beacons planted in your phones and browsers, feeding data about your interests, likes and dislikes to robot brains that work as hard as they can to know you and keep feeding you more stuff that stokes your prejudices. Fake or not, what you’ll see is stuff you are likely to share with others who do the same. This business that pays for this is called “adtech,” also known as “interest based” or “interactive” advertising. But those are euphemisms. Its science is all about stalking. They can plausibly deny it’s personal. But it is.

The “social” idea is “markets as conversations” (a personal nightmare for me, gotta say). The business idea is to drag as many eyeballs as possible across ads that are aimed by the same kinds of creepy systems. The latter funds the former.

Rather than unpack that, I’ll leave that up to the rest of ya’ll, with a few links:

 

I want all the help I can get unpacking this, because I’m writing about it in a longer form than I’m indulging in here. Thanks.

Save

Tags: , , ,

cropped-wst-logo-main[3 December update: Here is a video of the panel.]

So I was on a panel at WebScience@10 in London (@WebScienceTrust, #WebSci10), where the first question asked was, “What are two aspects of ‘trust and the Web’ that you think are most relevant/important at the moment?” My answer went something like this::::

1) The Net is young, and the Web with it.

Both were born in their current forms on 30 April 1995, when the NSFnet backed off on its forbidding commercial traffic on its pipes. This opened the whole Net to absolutely everything, exactly when the graphical Web browser became fully useful.

Twenty-one years in the history of a world is nothing. We’re still just getting started here.

2) The Internet, like nature, did not come with privacy. And privacy is personal. We need to start there.

We arrived naked in this new world, and — like Adam and Eve — still don’t have clothing and shelter.

The browser should have been a private tool in the first place, but it wasn’t; and it won’t be, so long as we leave improving it mostly up to companies with more interest in violating our privacy than providing it.

Just 21 years into this new world, we still need our own clothing, shelter, vehicles and private spaces. Browsers included. We will only get privacy if our tools provide it as a simple fact.

We also need to be the first parties, rather than the second ones, in our social and business agreements. In other words, others need to accept our terms, rather than vice versa. As first parties, we are independent. As second parties, we are dependent. Simple as that. Without independence, without agency, without the ability to initiate, without the ability to obtain agreement on our own terms, it’s all just more of the same old industrial model.

In the physical world, our independence earns respect, and that’s what we give to others as a matter of course. Without that respect, we don’t have civilization. This is why the Web we have today is still largely uncivilized.

We can only civilize the Net and the Web by inventing digital clothing and doors for people, and by providing standard agreements private individuals can assert in their dealings with others.

Inventing yet another wannabe unicorn to provide “privacy as a service” won’t do it. Nor will regulating the likes of Facebook and Google, or expecting them to become interested in building protections, when their businesses depend on the absence of those protections.

Fortunately, work has begun on personal privacy tools, and agreements we can each assert. And we can talk about those.

Save

Save

Ingeyes Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking, @JuliaAngwin and @ProPublica unpack what the subhead says well already: “Google is the latest tech company to drop the longstanding wall between anonymous online ad tracking and user’s names.”

So here’s a message from humanity to Google and all the other spy organizations in the surveillance economy: Tracking is no less an invasion of privacy in apps and browsers than it is in homes, cars, purses, pants and wallets.

That’s because our apps and browsers, like the devices on which we use them, are personal and private. Simple as that. (HT to @Apple for digging that fact.)

To help the online advertising business understand what ought to be obvious (but isn’t yet), let’s clear up some misconceptions:

  1. Tracking people without their clear and conscious permission is wrong. (Meaning The Castle Doctrine should apply online no less than it does in the physical world.)
  2. Assuming that using a browser or an app constitutes some kind of “deal” to allow tracking is wrong. (Meaning implied consent is not the real thing. See The Tradeoff Fallacy: How Marketers Are Misrepresenting American Consumers and Opening Them Up to Exploitation, by Joseph Turow, Ph.D. and the Annenberg School for Communication at the University of Pennsylvania.)
  3. Claiming that advertising funds the “free” Internet is wrong. (The Net has been free for the duration. Had it been left up to the billing companies of the world, we never would have had it, and they never would have made their $trillions on it. More at New Clues.)

What’s right is civilization, which relies on manners. Advertisers, their agencies and publishers haven’t learned manners yet.

But they will.

At the very least, regulations will force companies harvesting personal data to obey those they harvest it from, with fines for not obeying. Toward that end, Europe’s General Data Protection Regulation already has compliance offices at large corporations shaking in their boots, for good reason: “a fine up to 20,000,000 EUR, or in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher (Article 83, Paragraph 5 & 6).” Those come into force in 2018. Stay tuned.

Companies harvesting personal data also shouldn’t be surprised to find themselves re-classified as fiduciaries, no less responsible than accountants, brokers and doctors for confidentiality on behalf of the people they collect data from. (Thank you, professors Balkin and Zittrain, for that legal and rhetorical hack. Brilliant, and well done. Or begun.)

The only way to fully fix publishing, advertising and surveillance-corrupted business in general is to equip individuals with terms they can assert in dealing with others online — and to do it at scale. Meaning we need terms that work the same way across all the companies we deal with. That’s why Customer Commons and Kantara are working on exactly those terms. For starters. And these will be our terms — not separate and different ones that live at each company we deal with. Those aren’t working now, and never will work, because they can’t. And they can’t because when you have to deal with as many different terms as there are parties supplying them, the problem becomes unmanageable, and you get screwed. That’s why —

There’s a new sheriff on the Net, and it’s the individual. Who isn’t a “user,” by the way. Or a “consumer.” With new terms of our own, we’re the first party. The companies we deal with are second parties. Meaning that they are the users, and the consumers, of our legal “content.” And they’ll like it too, because we actually want to do good business with good companies, and are glad to make deals that work for both parties. Those include expressions of true loyalty, rather than the coerced kind we get from every “loyalty” card we carry in our purses and wallets.

When we are the first parties, we also get scale. Imagine changing your terms, your contact info, or your last name, for every company you deal with — and doing that in one move. That can only happen when you are the first party.

So here’s a call to action.

If you want to help blow up the surveillance economy by helping develop much better ways for demand and supply to deal with each other, show up next week at the Computer History Museum for VRM Day and the Internet Identity Workshop, where there are plenty of people already on the case.

Then follow the work that comes out of both — as if your life depends on it. Because it does.

And so does the economy that will grow atop true privacy online and the freedoms it supports. Both are a helluva lot more leveraged than the ill-gotten data gains harvested by the Lumascape doing unwelcome surveillance.

Bonus links:

  1. All the great research Julia Angwin & Pro Publica have been doing on a problem that data harvesting companies have been causing and can’t fix alone, even with government help. That’s why we’re doing the work I just described.
  2. What Facebook Knows About You Can Matter Offline, an OnPoint podcast featuring Julia, Cathy O’Neill and Ashkan Soltani.
  3. Everything by Shoshana Zuboff. From her home page: “’I’ve dedicated this part of my life to understanding and conceptualizing the transition to an information civilization. Will we be the masters of information, or will we be its slaves? There’s a lot of work to be done, if we are to build bridges to the kind of future that we can call “home.” My new book on this subject, Master or Slave? The Fight for the Soul of Our Information Civilization, will be published by Public Affairs in the U.S. and Eichborn in Germany in 2017.” Can’t wait.
  4. Don Marti’s good thinking and work with Aloodo and other fine hacks.

The Giant Zero

The world of distance

Fort Lee is the New Jersey town where my father grew up. It’s at the west end of the George Washington Bridge, which he also helped build. At the other end is Manhattan.

Even though Fort Lee and Manhattan are only a mile apart, it has always been a toll call between the two over a landline. Even today. (Here, look it up.) That’s why, when I was growing up not far away, with the Manhattan skyline looming across the Hudson, we almost never called over there. It was “long distance,” and that cost money.

There were no area codes back then, so if you wanted to call long distance, you dialed 0 (“Oh”) for an operator. She (it was always a she) would then call the number you wanted and patch it through, often by plugging a cable between two holes in a “switchboard.”

Distance in the old telephone system was something you heard and paid for.

Toll-free calls could be made only to a few dozen local exchanges listed in the front of your phone book. Calls to distant states were even more expensive, and tended to sound awful. Calls outside the country required an “overseas operator,” were barely audible, and cost more than a brake job.

That’s why, to communicate with our distant friends and relatives, we sent letters. From 1932 to 1958, regular (“first class”) letters required a 3¢ stamp. This booked passage for the letter to anywhere in the country, though speeds varied with distance, since letters traveled most of the way in canvas bags on trains that shuttled between sorting centers. So a letter from New Jersey to North Carolina took three or four days, while one to California took a week or more. If you wanted to make letters travel faster, you bought “air mail” stamps and put them on special envelopes trimmed with diagonal red and blue stripes. Those were twice the price of first class stamps.

An air mail envelope from 1958, when the postage had gone up to 7¢. This one was mailed from a post office, where the sender paid an extra penny for the second green imprint on the left there.

The high cost of distance for telephony and mail made sense. Farther was harder. We knew this in our bodies, in our vehicles, and through our radios and TVs. There were limits to how far or fast we could run, or yell, or throw a ball. Driving any distance took a sum of time. Even if you drove fast, farther took longer. Signals from radio stations faded as you drove out of town, or out of state. Even the biggest stations — the ones on “clear” channels, like WSM from Nashville, KFI from Los Angeles and WBZ from Boston — would travel hundreds of miles by bouncing off the sky at night. But the quality of those signals declined over distance, and all were gone when the sun came up. Good TV required antennas on roofs. The biggest and highest antennas worked best, but it was rare to get good signals from more than a few dozen miles away.

In TV’s antenna age, you needed one of these if rabbit ears wouldn’t do. The long rods were for channels 2–6 (no longer in use), the medium ones were for channels 7–13, and the short ones were for channels 14–83 (of which only 14–50 are still operative). The pigeons were for interference, and often worked quite well.

All our senses of distance are rooted in our experience of space and time in the physical world. So, even though telephony, shipping and broadcasting were modern graces most of our ancestors could hardly imagine, old rules still applied. We knew in our bones that costs ought to vary with the labors and resources required. Calls requiring operators should cost more than ones that didn’t. Heavier packages should cost more to ship. Bigger signals should require bigger transmitters that suck more watts off the grid.

A world without distance

Everything I just talked about — telephony, mail, radio and TV — are in the midst of being undermined by the Internet, subsumed by it, or both. If we want to talk about how, we’ll have nothing but arguments and explanations. So let’s go instead to the main effect: distance goes away.

On the Net you can have a live voice conversation with anybody anywhere, at no cost or close enough. There is no “long distance.”

On the Net you can exchange email with anybody anywhere, instantly. No postage required.

On the Net anybody can broadcast to the whole world. You don’t need to be a “station” to do it. There is no “range” or “coverage.” You don’t need antennas, beyond the unseen circuits in wireless devices.

I’ve been wondering for a long time about how we ought to conceive the non-thing over which this all happens, and so far I have found no improvements on what I got from Craig Burton in an interview published in the August 2000 issue of Linux Journal:

Doc: How do you conceive the Net? What’s its conceptual architecture?

Craig: I see the Net as a world we might see as a bubble. A sphere. It’s growing larger and larger, and yet inside, every point in that sphere is visible to every other one. That’s the architecture of a sphere. Nothing stands between any two points. That’s its virtue: it’s empty in the middle. The distance between any two points is functionally zero, and not just because they can see each other, but because nothing interferes with operation between any two points. There’s a word I like for what’s going on here: terraform. It’s the verb for creating a world. That’s what we’re making here: a new world.

A world with no distance. A Giant Zero.

Of course there are many forms of actual distance at the technical and economic levels: latencies, bandwidth limits, service fees, censors. But our experience is above those levels, where we interact with other people and things. And the main experience there is of absent distance.

We never had that experience before the Internet showed up in its current form, about twenty years ago. By now we have come to depend on absent distance, in countless ways that are becoming more numerous by the minute. The Giant Zero is a genie that is not going back in the old bottle, and also won’t stop granting wishes.

Not all wishes the Giant Zero grants are good ones. Some are very bad. What matters is that we need to make the most of the good ones and the least of the bad. And we can’t do either until we understand this new world, and start making the best of it on its own terms.

The main problem is that we don’t have those terms yet. Worse, our rhetorical toolbox is almost entirely native to the physical world and misleading in the virtual one. Let me explain.

Talking distance

Distance is embedded in everything we talk about, and how we do the talking. For instance, take prepositions: locators in time and space. There are only a few dozen of them in the English language. (Check ‘em out.) Try to get along without over, under, around, through, beside, along, within, on, off, between, inside, outside, up, down, without, toward, into or near. We can’t. Yet here on the Giant Zero, everything is either present or not, here or not-here.

Sure, we are often aware of where sites are in the physical world, or where they appear to be. But where they are, physically, mostly doesn’t matter. In the twenty years I’ve worked for Linux Journal, its Web server has been in Seattle, Amsterdam, somewhere in Costa Rica and various places in Texas. My own home server started at my house in the Bay Area, and then moved to various Rackspace racks in San Antonio, Vienna (Virginia) and Dallas.

While it is possible for governments, or providers of various services, to look at the IP address you appear to be using and either let you in or keep you out, doing so violates the spirit of the Net’s base protocols, which made a point in the first place of not caring to exclude anybody or anything. Whether or not that was what its creators had in mind, the effect was to subordinate the parochial interests (and businesses) of all the networks that agreed to participate in the Internet and pass data between end points.

The result was, and remains, a World of Ends that cannot be fully understood in terms of anything else, even though we can’t help doing that anyway. Like the universe, the Internet has no other examples.

This is a problem, because all our speech is metaphorical by design, meaning we are always speaking and thinking in terms of something else. According to cognitive linguistics, every “something else” is a frame. And all frames are unconscious nearly all the time, meaning we are utterly unaware of using them.

For example, time is not money, but it is like money, so we speak about time in terms of money. That’s why we “save,” “waste,” “spend,” “lose,” “throw away” and “invest” time. Another example is life. When we say birth is “arrival,” death is “departure,” careers are “paths” and choices are “crossroads,” we are thinking and speaking about life in terms of travel. In fact it is nearly impossible to avoid raiding the vocabularies of money and travel when talking about time and life. And doing it all unconsciously.

These unconscious frames are formed by our experience as creatures in the physical world. You know why we say happy is “up” and sad is “down”? Or why we compare knowledge with “light” and ignorance with “dark”? It’s because we are daytime animals that walk upright. If bats could talk, they would say good is dark and bad is light.

Metaphorical frames are not only unconscious, but complicated and often mixed. In Metaphors We Live By, George Lakoff and Mark Johnson point out that ideas are framed in all the following ways: fashion (“old hat,” “in style,” “in vogue”), money (“wealth,” “two cents worth, “treasure trove”), resources (“mined a vein,” “pool,” “ran out of”), products (“produced,” “turning out,” “generated”), plants (“came to fruition,” “in flower,” “budding”), and people (“gave birth to,” “brainchild,” “died off”).

Yet none of those frames is as essential to ideas as what Michael Reddy calls the conduit metaphor. When we say we need to “get an idea across,” or “that sentence carries little meaning,” we are saying that ideas are objects, expressions are containers, and communications is sending.

So let’s look at the metaphorical frames we use, so far, to make sense of the Internet.

When we call the Internet a “medium” through which “content” can “delivered” via “packets” we “uploaded,” “downloaded” between “producers” and “consumers” through “pipes,” we are using a transport frame.

When we talk about “sites” with “domains” and “locations” that we “architect,” “design,” “build” and “construct” for “visitors” and “traffic” in “world” or a “space: with an “environment,” we are using a real estate frame.

When we talk about “pages” and other “documents” that we “write,” “author,” “edit,” “put up,” “post” and “syndicate,” we are using a publishing frame.

When we talk about “performing” for an “audience” that has an “experience: in a “venue,” we are using a theater frame.

And when we talk about “writing a script for delivering a better experience on a site,” we are using all four frames at the same time.

Yet none can make full sense of the Giant Zero. All of them mislead us into thinking the Giant Zero is other than what it is: a place without distance, and lots of challenges and opportunities that arise from its lack of distance.

Terraforming The Giant Zero

William Gibson famously said “the future is already here, it’s just not evenly distributed.” Since The Giant Zero has only been around for a couple decades so far, we still have a lot of terraforming to do. Most of it, I’d say.

So here is a punch list of terraforming jobs, some of which (I suspect) can’t be done in the physical world we know almost too well.

Cooperation. Getting to know and understand other people over distances was has always been hard. But on The Giant Zero we don’t have distance as an excuse for doing nothing, or for not getting to know and work together with others. How can we use The Giant Zero’s instant proximity to overcome (and take advantage) of our differences, and stop hating The Other, whoever they may be?

Privacy. The Giant Zero doesn’t come with privacy. Nor does the physical world. But distance alone gives some measure of privacy in the physical world. We also invented clothing and shelter as privacy technologies thousands of years ago, and we have well developed manners for respecting personal boundaries. On The Giant Zero we barely have any of that, which shouldn’t be surprising, because we haven’t had much time to develop them yet. In the absence of clothing, shelter and boundaries, it’s ridiculously easy for anyone or anything to spy our browsings and emailings. (See Privacy is an Inside Job for more on that, and what we can do about it.)

Personal agency. The original meaning of agency (derived from the Latin word agere, meaning “to do”), is the power to act with full effect in the world. We lost a lot of that when Industry won the Industrial Revolution. We still lose a little bit every time we click “accept” to one-sided terms the other party can change and we can’t. We also lose power every time we acquiesce to marketers who call us “assets” they “target,” “capture,” “acquire,” “manage,” “control” and “lock in” as if we were slaves or cattle. In The Giant Zero, however, we can come to the market as equals, in full control of our data and able to bring far more intelligence to the market’s table than companies can ever get through data gathered by surveillance and fed into guesswork mills that: a) stupidly assume that we are always buying something and b) still guess wrong at rates that round to 100% of the time. All we need to do is prove that free customers are more valuable than captive ones — to the whole economy. Which we can if we build our own tools for both independence and engagement. (Which we are.)

Politics and governance. Elections in democratic countries have always been about sports: the horse race, the boxing ring, the knockout punch. The Internet changes all that in many ways we already know and more we don’t. But what about governance? What about direct connections between citizens and the systems that serve them? The Giant Zero exists in all local, state, national and global government contexts, waiting to be discovered and used. And how should we start thinking about laws addressing an entirely new world we’ve hardly built and are years away from understanding fully (if we ever will)? In a new world being terraformed constantly, we risk protecting yesterday from last Thursday with laws and regulations that will last for generations — especially when we might find a technical solution next Tuesday to last Thursday‘s problems.

Economics. What does The Giant Zero in our midst mean for money, accounting and everything in Econ 101, 102 and beyond? Today we already have Bitcoin and its distributed ledger, the block chain. Both are only a few years old, and already huge bets are being made on their successes and failures. International monetary systems, credit payment and settlement mechanisms are also challenged by digital systems of many kinds that are zero-based in several different meanings of the expression. How do we create economies that are both native to The Giant Zero and respectful of the physical world it cohabits?

The physical world. We live in an epoch that geologists are starting to call the Anthropocene, because it differs from all that preceded it in one significant way: it is altered countless ways by human activity. At the very least, it is beyond dispute that our species is, from the perspective of the planet itself, a pestilence. We raid it of irreplaceable substances deposited by life forms (e.g. banded iron) and asteroid impacts (gold, silver, uranium and other heavy metals) billions of years ago, and of the irreplaceable combustible remains of plants and animals cooked in the ground for dozens to hundreds of millions of years. We fill the planet’s air and seas with durable and harmful wastes. We wipe out species beyond counting, with impunity. We have littered space with hundreds of thousands of pieces of orbiting crap flying at speeds ten times faster than bullets. The Giant Zero can’t reverse the damage we’ve caused, or reduce our ravenous appetites for more of everything our species selfishly calls a “resource.” But it puts us in the best possible position to understand and deal with the problems we’re causing.

The “Internet of Things” (aka IoT) is a huge topic, even though most of the things being talked about operate in closed and proprietary silos that may not even use the Internet. But what if they actually were all to become native to The Giant Zero? What if every thing — whether or not it has smarts inside — could be on the Net, at zero distance from every other thing, and capable of interacting in fully useful ways for their owners, rather than the way they’re being talked about now: as suction cups on corporate and government tentacles?

Inequality. What better than The Giant Zero’s absent distance to reduce the distance between rich and poor — and to do so in ways not limited to the familiar ones we argue about in the physical world?

The unconnected. How do we migrate the last 1.5 billion of us from Earth to The Giant Zero?

A question

I could go on, but I’d rather put another question to those of you who have made it to the end of this post: Should The Giant Zero be a book? I’m convinced of the need for it and have a pile of material already. Studying all this has also been my focus for a decade as a fellow with the Center for Information Technology and Society at UCSB. But I still have a long way to go.

If pressing on is a good idea, I could use some help thinking it through and pulling materials together. If you’re interested, let me know. No long distance charges apply.


This piece is copied over from this one in Medium, and is my first experiment in publishing first there and second here. Both are expanded and updated from a piece published at publius.cc on May 16, 2008. The drawing of the Internet is by Hugh McLeod. Other images are from Wikimedia Commons.

 

Tags: , , ,

(Somebody280px-Do_not_disturb.svg on Quora asked, What is the social justification of privacy? adding, I am trying to ask about why individual privacy is important to society. Obviously it is preferable to individuals for a variety of reasons. But society seems to gain more from transparency. So, rather than leave my answer buried there, I decided to share it here as well.)

Society is comprised of individuals, and thick with practices and customs that respect individual needs. Privacy is one of those. Only those of us who live naked outdoors without clothing and shelter can do without privacy. The rest of us all have ways of expressing and guarding spaces we call “private” — and that others respect as well.

Private spaces are virtual as well as physical. Society would not exist without well-established norms for expressing and respecting each others’ boundaries. “Good fences make good neighbors,” says Robert Frost.

One would hardly ask to justify the need for privacy before the Internet came along; but it is a question now because the virtual world, like nature in the physical one, doesn’t come with privacy. By nature we are naked in both. The difference is that we’ve had many millennia to work out privacy in the physical world, and approximately two decades to do the same in the virtual one. That’s not enough time.

In the physical world we get privacy from clothing and shelter, plus respect for each others’ boundaries, which are established by mutual understandings of what’s private and what’s not. All of these are both complex and subtle. Clothing, for example, customarily covers what we (in English vernacular at least) call our “privates,” but also allow us selectively to expose parts of our bodies, in various ways and degrees, depending on social setting, weather and other conditions. Privacy in our sheltered spaces is also modulated by windows, doors, shutters, locks, blinds and curtains. How these signal intentions differs by culture and setting, but within each the signals are well understood, and boundaries are respected. Some of these are expressed in law as well as custom. In sum they comprise civilized life.

Yet life online is not yet civilized. We still lack sufficient means for expressing and guarding private spaces, for putting up boundaries, for signaling intentions to each other, and for signaling back respect for those signals. In the absence of those we also lack sufficient custom and law. Worse, laws created in the physical world do not all comprehend a virtual one in which all of us, everywhere in the world, are by design zero distance apart — and at costs that yearn toward zero as well. This is still very new to human experience.

In the absence of restricting customs and laws it is easy for those with the power to penetrate our private spaces (such as our browsers and email clients) to do so. This is why our private spaces online today are infected with tracking files that report our activities back to others we have never met and don’t know. These practices would never be sanctioned in the physical world, but in the uncivilized virtual world they are easy to rationalize: Hey, it’s easy to do, everybody does it, it’s normative now, transparency is a Good Thing, it helps fund “free” sites and services, nobody is really harmed, and so on.

But it’s not okay. Just because something can be done doesn’t mean it should be done, or that it’s the right thing to do. Nor is it right because it is, for now, normative, or because everybody seems to put up with it. The only reason people continue to put up with it is because they have little choice — so far.

Study after study show that people are highly concerned about their privacy online, and vexed by their limited ability to do anything about its absence. For example —

  • Pew reports that “93% of adults say that being in control of who can get information about them is important,” that “90% say that controlling what information is collected about them is important,” that 93% “also value having the ability to share confidential matters with another trusted person,” that “88% say it is important that they not have someone watch or listen to them without their permission,” and that 63% “feel it is important to be able to “go around in public without always being identified.”
  • Ipsos, on behalf of TRUSTe, reports that “92% of U.S. Internet users worry about their privacy online,” that “91% of U.S. Internet users say they avoid companies that do not protect their privacy,” “22% don’t trust anyone to protect their online privacy,” that “45% think online privacy is more important than national security,” that 91% “avoid doing business with companies who I do not believe protect my privacy online,” that “77% have moderated their online activity in the last year due to privacy concerns,” and that, in sum, “Consumers want transparency, notice and choice in exchange for trust.”
  • Customer Commons reports that “A large percentage of individuals employ artful dodges to avoid giving out requested personal information online when they believe at least some of that information is not required.” Specifically, “Only 8.45% of respondents reported that they always accurately disclose personal information that is requested of them. The remaining 91.55% reported that they are less than fully disclosing.”
  • The Annenberg School for Communications at the University of Pennsylvania reports that “a majority of Americans are resigned to giving up their data—and that is why many appear to be engaging in tradeoffs.” Specifically, “91% disagree (77% of them strongly) that ‘If companies give me a discount, it is a fair exchange for them to collect information about me without my knowing.'” And “71% disagree (53% of them strongly) that ‘It’s fair for an online or physical store to monitor what I’m doing online when I’m there, in exchange for letting me use the store’s wireless internet, or Wi-Fi, without charge.'”

There are both policy and market responses to these findings. On the policy side, Europe has laws protecting personal data that go back to the Data Protection Directive of 1995. Australia has similar laws going back to 1988. On the market side, Apple now has a strong pro-privacy stance, posted Privacy – Apple, taking the form an open letter to the world from CEO Tim Cook. One excerpt:

“Our business model is very straightforward: We sell great products. We don’t build a profile based on your email content or web browsing habits to sell to advertisers. We don’t ‘monetize’ the information you store on your iPhone or in iCloud. And we don’t read your email or your messages to get information to market to you. Our software and services are designed to make our devices better. Plain and simple.”

But we also need tools that serve us as personally as do our own clothes. And we’ll get them. The collection of developers listed here by ProjectVRM are all working on tools that give individuals ways of operating privately in the networked world. The most successful of those today are the ad and tracking blockers listed under Privacy Protection. According to the latest PageFair/Adobe study, the population of persons blocking ads online passed 200 million in May of 2015, with a 42% annual increase in the U.S. and an 82% rate in the U.K. alone.

These tools create and guard private spaces in our online lives by giving us ways to set boundaries and exclude unwanted intrusions. These are primitive systems, so far, but they do work and are sure to evolve. As they do, expect the online world to become as civilized as the offline one — eventually.

For more about all of this, visit my Adblock War Series.

Tags:

While The Cluetrain Manifesto is best known for its 95 theses (especially its first, “Markets are conversations”), the clue that matters most is this one, which runs above the whole list:

we are not seats or eyeballs or end users or consumers.
we are human beings and our reach exceeds your grasp. deal with it.

 

That was the first clue we wrote. And by “we” I mean Christopher Locke (aka RageBoy), who sent it to the other three authors in early 1999. At that time we were barely focused on what we wanted to do, other than to put something up on the Web.

But that ur-clue, addressed to marketers on behalf of markets, energized and focused everything we wrote on Cluetrain site, and then in the book.

But it failed. Are you hearing me, folks? It failed. For a decade and a half, Cluetrain succeeded as a book and as a meme, but it failed to make its founding clue true. Deal with this:

our reach did not exceed marketers’ grasp.
instead, marketers grasped more than ever, starting with our privacy.

 

As heedless of manners as a mosh pit on Ecstasy, the online advertising business went nuts with surveillance, planting cookies and beacons in people’s browsers and tracking them like animals, harvesting and shipping off personal data to who-knows-where, all for the dubious purpose of spamming them with advertising based on algorithmic guesswork about what people might want to buy. All this in spite of two simple facts:

  1. Nobody comes to a webstite for advertising. At most they just tolerate it.
  2. Most of the time people aren’t buying anything. That’s why people don’t click on ads at a rate that rounds to 100%.

For years we played nice, quietly purging cookies from our browsers’ innards, or just putting up with the abuse. For few years (2007-2012, specifically — see below), we put some hope in Do Not Track.

Then, when that failed (most dramatically in 2012), we started blocking ads, en masse:

adblocker-vs-dnt

More than 200 million of us are blocking ads now, and (in many or most cases) blocking tracking as well. This is great news for Cluetrain fans, because:::

blocking ads and tracking
are great ways to deal with marketers’ grasp.

 

Depending on marketers to stop bad acting on their own is putting responsibility in the wrong place. It’s our job to stop them. Besides, asking the online advertising business to reform is like asking Versailles to start the French Revolution. Writes Jessica Davies,

I was recently in front of about 400 advertisers talking to them about fraud, and they all nodded their heads and listened, but there was apathy. Behind the scenes I ask them what they’re doing about it and some of them shrug their shoulders…

The funniest conversation I’ve ever had with an agency was when I told them a campaign they had run was 90 percent fraudulent, and their reply was: ‘Oh, I know, but it really performed well. The click-through rates were phenomenal.’ I re-emphasized that those click-throughs were fraudulent; the ads weren’t seen by humans, and their response was ‘The client is happy. We’re renewing the contract.’

Here’s a fact about those clients: They don’t call themselves advertisers, and they don’t have to advertise. To them advertising is overhead. A discretionary expense. They can spend it other ways. I know this, because I was a partner in one of Silicon Valley’s top advertising agencies for the better part of two decades. And, because of that, I also know how well old-fashioned Madison Avenue advertising — the uncomplicated kind not based on tracking — can actually work, while sponsoring publishers and broadcasters of all kinds.

That kind of advertising, aka #SafeAds, is the best hope the online advertising industry and its dependents in publishing and broadcasting actually have — especially if future ad and tracking blockers permit those through while saying #NoAds to the rest.

Now let’s go back to dealing. What else, besides #SafeAds, can we get with leverage from blocking ads and tracking? Clue: it has to be good for both sides. That’s how business works at its best. Both sides win. We don’t need to reach for their privates just because they grasped our privacy.

How about this deal: better signaling between customers and companies than marketing alone can provide— especially when marketing today is mostly about grabbing for “net new” and flushing customers into “the pipeline” through “the funnel.”

We can help companies (and ourselves) a lot more if we have standard ways to connect with sales, service and product and service development functions — and they with us. Then “Markets are conversations” will finally mean what it’s failed to mean for the last sixteen years.

Bonus link: VRM development projects, many of which are already working on this.

 

« Older entries