VRM

You are currently browsing the archive for the VRM category.

Thoughts at #ID2020

I’m at the ID2020 (@ID2020) Summit in New York. The theme is “Rising to the Good ID Challenge.” My notes here are accumulating at the bottom, not the top. Okay, here goes…

At that last link it says, “The ID2020 Alliance is setting the course of digital ID through a multi-stakeholder partnership, ensuring digital ID is responsibly implemented and widely accessible.”

I find myself wondering if individuals are among the stakeholders. Also this:

There is also a manifesto. It says, among other things, “The ability to prove one’s identity is a fundamental and universal human right.” and “We live in a digital era. Individuals need a trusted, verifiable way to prove who they are, both in the physical world and online.”

That’s good. I’d also want more than one way, which may be the implication here.

The first speaker is from Caribou Digital. What follows is from her talk.

“1. It’s about the user, not just the use case.”

Hmm… I believe identity needs to be about independent human beings, not just “users” of systems.

“2. Intermediaries are still critical.”

The focus here is on family and institutional intermediaries, especially in the less developed world. Which is fine; but people should not need intermediaries in all cases. If you tell someone your name, or give them a business card no intermediary is involved. That same convention should be available online.

“3. It’s not just about an ‘ID.’ It’s not even about an identity system. It’s about an identification ecosystem.”

This is fine, but identification is about what systems do, not about what individuals do or have; and by itself tends to exclude self-sovereign identity. Self-sovereign is how identity works in the physical world. Here we are nameless (literally, anonymous) to most others, and reveal information about who we are (business cards, student ID, drivers license) on an as-needed basis that obeys Kim Cameron’s Laws of Identity, notably “minimum disclosure for a constrained use,” “justifiable parties” and “personal control and consent.”

4. “A human-centered, inclusive, respectful vision for the next stage of identification in a digital age.”

We need human-driven. Explained long ago here and here.

That’s over and the first panel is on now. Most of it is inaudible where I sit. The topic now is self-sovereign and decentralized. The audience seems to be pushing that. @MatthewDavie just said something sensible, I think, but don’t have a quote.

This:

And this. Read the thread that follows. There are disagreements and explanations.

Here’s the ID2020 search on Twitter.

Background, at least on where I’m coming from: https://www.google.com/search?q=”doc+searls”+identity.

For the interested, @identitywoman, @windley and I (@dsearls) put on the Internet Identity Workshop, October 1-3 at the Computer History Museum in Silicon Valley. This one will be our 29th. (The first was in 2005 and there are two per year.) It’s an unconference: no keynotes or panels, just breakouts on topics attendees choose and lead. It’s the most consequential conference I know.

@MatthewDavie: “If we do this, and it doesn’t work with the current power players, we’re going to end up with a second-class system.” I suspect this makes sense, but I’m not sure what “this” is.

“Sovereign ownership of data” just came up from the audience. I think it’s possible for individuals to act in a self-sovereign way in sharing identity data, but not that this data is exclusively own-able. Some thoughts on that from Elizabeth Renieris (@HackyLawyER). Mine agree.

The second panel is on now. It’s mostly inauduble.

Now Dakota Gruener (@DakotaGruener), Executive Director of ID2020 is speaking. She’s telling a moving story about a homeless neighbor, Colin, who is denied services for lack of official ID(s).

New panel: Decentralization in National ID Programs.

Kim Cameron is on the panel now: “I spent thirty years building the world’s identity systems.” There were gasps. I yelled “It’s true.” He continued: “I’m now trying to rile up the world’s populations…”

John Jordan just made a point about how logins are a screwed up way to do things online and don’t map to what we know well and do in the everyday world. (I think that’s close. The sound system is dim at this end of the room.)

Kim just sourced my wife (who is here and now deeper than I am in this identity stuff), adding that “people know something is wrong” when they mention shoes somewhere and then see ads for shoes online. “We have technology. We have consciousness. We have will. So let’s do something.”

John: “What we want is to be in control of our relationships. Those are ours. Those are decentralized… People are decentralized.”

Kim: “What it means is recognizing that identity is who we are. It begins with us. .. only we know the aggregate of these attributes. In daily life we reveal some of those attributes, but never the aggregate. We need a system that begins with the indi and recognizes that they are in control, and choose what they reveal separately. We don’t want aggregates of ourselves to be everywhere. We need systems that recognize that, and are based on control by the individual, consent of the individual.”

“We do need assertions from people other than ourselves. The government can provide useful claims about a person. So can a university, or a bank. I can say somebody is a great guy. The identity fabric is all these claims.” Not quite verbatim, but close.

John: “Personal data should never be presented in a non-cryptographic way.” Something like that.

Kim on the GDPR: “We have it because the population demanded it… what will happen is this vision of people in control of their identity, and the Internet becoming reliable and trustworthy and probabilistic (meaning you’re being guessed at) rather than fully useful. Let’s give people their own wallets, let them run their own lives, make up their own minds… the world of legislation will grow, and it will do that around the will of people. … they need an identity system based on individuals rather than institutions overstepping their bounds… and we will see conflicts around this, with both good and bad government interventions.”

John: “I’d like to see legislation that forbids companies from holding personal information they don’t have to.” (Not verbatim, but maybe close. Again, hard to hear.)

Kim: “The current identity systems of the world are collapsing… you will have major institutions switching over to these decentralized identity systems, not from altruism, but from liability.”

Elizabeth heard and tweeted about one of the thing that was inaudible to me at this end of the room: “Thank you @LudaBujoreanu for addressing the deep disconnect between the reality on the ground of those without ID and the privileged POV from which many of these #digitalid systems are built @ID2020’s #id2020summit cc @WomeninID

Next panel: “Cities Driving Innovation in Good ID.”

Scott David from the audience just talked about “Turning troubles into problems,” and the challenge of doing that for individuals in an identity context.”

This reminds me of what Gideon Litchfield said about the difference between debates and conflicts, and I expanded on a bit here. Our point was that there are some issues that become locked in conflict with no real debate between sides. Scott’s distinction is toward a way out. Interesting. I’d like to know more.

Ken Banks tweets, “It’s an increasingly crowded space… #digitalidentity #ID2020″:

Image
He adds, “Already lots of talk of putting people first. Hopefully the #digitalidentity community will deliver, and not fall into the trap of saying one thing and doing another, a common issue with in the tech-for-development/#ICT4D sector. #ID2020 #GoodID

Two tweets…

@Gavi: “Government representatives, tech experts & civil society will gather at #UNGA74 today to discuss the potential of #DigitalID. Biometric ID data could help us better monitor which children need to be vaccinated and when. #ID2020

Image

 

Now I can’t find the other one. It argued that there is a 2-3% error rate for biomentric.

For lunch David Carroll (@ProfCarroll) of The New School (@thenewschool) is talking. Title: A data quest: holding tech to account. He starred in The Great Hack, on Netflix.

He’s sourcing Democracy Disrupted, by the UK ICO. “the sortable, addressable… algorithmic democracy. “Couterveillance: advertisers get all the privacy. We get none.”

“Parable of the great hadk: data rights must externd to digital creditoship. Identity depends on it.”

200 million America has no access to data held about them, by, for istance, Acxiom.

“A simple bill of data rights. Creditorship, objection, control, knowledge.” (Here’s something that’s not it, but interesting enough for me to flag for later reading.)

Now a panel moderated by Raffi Kirkorian. Also Cameron Birge of Microsoft and the Emerson Collective, Karen Ottoni, Demora Compari, Matthew Yarger and Christine Leong. (Again the sound is weak at this end of the room. Not picking up much here.)

Okay, that’s it. I’ll say more after I pull some pix together and complete these public notes…

Well, I have the pix, but the upload thing here in WordPress gives me an “http error” when I try to upload them. And now I’ve gotta drive to Boston, so that’ll have to wait.


In 1995, shortly after she first encountered e-commerce, my wife assigned a cool project to the world by asking a simple question: Why can’t I take my shopping cart from site to site?

The operative word in that question is the first person possessive pronoun: my.

Look up personal online shopping cart and you’ll get nearly a billion results, but none are for a shopping cart of your own. They’re all for shopping carts in commercial websites. In other words, those carts are for sellers, not buyers. They may say “my shopping cart” (a search for that one yields 3.1 billion results), but what they mean is their shopping cart. They say “my” in the same coo-ing way an adult might talk to a baby. (Oh, is my diaper full?)

Shopping online has been stuck in this uncool place because it got modeled on client-server, which should have been called “slave-master” when it got named a few decades ago. Eight years ago here (in our September 2011 issue) I called client-server “calf-cow,” and illustrated it with this photo (which a reader correctly said was shot in France, because it was clear to him that these are French cows):

calf-cow

It began,

As entities on the Web, we have devolved. Client-server has become calf-cow. The client—that’s you—is the calf, and the Web site is the cow. What you get from the cow is milk and cookies. The milk is what you go to the site for. The cookies are what the site gives to you, mostly for its own business purposes, chief among which is tracking you like an animal. There are perhaps a billion or more server-cows now, each with its own “brand” (as marketers and cattle owners like to say).

This is not what the Net’s founders had in mind. Nor was it what Tim Berners-Lee meant for his World Wide Web of hypertext documents to become. But it’s what we’ve got, and it’s getting worse.

In February 2011, Eben Moglen gave a landmark speech to the Internet Society titled “Freedom in the Cloud”, in which he unpacked the problem. In the beginning, he said, the Internet was designed as “a network of peers without any intrinsic need for hierarchical or structural control, and assuming that every switch in the Net is an independent, free-standing entity whose volition is equivalent to the volition of the human beings who want to control it”. Alas, “it never worked out that way”. Specifically:

If you were an ordinary human, it was hard to perceive that the underlying architecture of the Net was meant to be peerage because the OS software with which you interacted very strongly instantiated the idea of the server and client architecture.

In fact, of course, if you think about it, it was even worse than that. The thing called “Windows” was a degenerate version of a thing called “X Windows”. It, too, thought about the world in a server-client architecture, but what we would now think of as backwards. The server was the thing at the human being’s end. That was the basic X Windows conception of the world. It served communications with human beings at the end points of the Net to processes located at arbitrary places near the center in the middle, or at the edge of the Net…

No need to put your X Windows hat back on. Think instead about how you would outfit your own shopping cart: one you might take from store to store.

For this it helps to think about how you already outfit your car, SUV or truck: a vehicle that is unambiguously yours, even if you only lease it. (By yours I mean you operate it, as an extension of you. When you drive it, you wear it like a carapace. In your mind, those are my wheels, my engine, my fenders.)

Since you’ll be driving this thing in the online world, there’s a lot more you can do with it than the one obvious thing, which is to keep a list of all the things you’ve put in shopping carts at multiple websites. Instead start with a wish list that might include everything you ought to be getting from e-commerce, but can’t because e-commerce remains stuck in the calf-cow model, so the whole thing is about cows getting scale across many calves. Your personal shopping cart should be a way for you to get scale across all of e-commerce. Depending on how much you want to kit up your cart, you should be able to—

  1. Keep up with prices for things you want that have changed, across multiple sites
  2. Intentcast to multiple stores your intention to buy something, and say under what conditions you’d be willing to buy it
  3. Subscribe and unsubscribe from mailings in one standard way that’s yours
  4. Keep up with “loyalty” programs at multiple sites, including coupons and discounts you might be interested in (while rejecting the vast majority of those that are uninteresting, now or forever)
  5. Keep records of what you’ve bought from particular retailers in the past, plus where and when you bought those things, including warranty information
  6. Let stores know what your privacy policies are, plus your terms and conditions for dealing with them, including rules for how your personal data might be used
  7. Have a simple and standard way to keep in touch with the makers and sellers of what you own—one that works for you and for those others, in both directions
  8. Have a way to change your contact information for any or all of them, in one move
  9. Mask or reveal what you wish to reveal about yourself and your identity, with anonymity as the default
  10. Pay in the fiat or crypto currency of your choice
  11. Use your own damn wallet, rather than using a Google, Apple or a Whatever wallet
  12. Everything else on the ProjectVRM punch list, where you’ll find links to work on many of the ideas above.

Yes, I know. All those things fly in the face of Business As Usual. They’ll be fought by incumbents, require standards or APIs that don’t yet exist, and so on. But so what. All those things also can be done technically. And, as Marc Andreessen told me (right here in Linux Journal, way back in 1998), “all the significant trends start with technologists.” So start one.

You also don’t need to start with a shopping cart. Anything on that list can stand alone or be clustered in some other… well, pick your metaphor: dashboard, cockpit, console, whatever. It might also help to know there is already development work in nearly all of those cases, and an abundance of other opportunities to revolutionize approaches to business online that have been stuck for a long time. To explain how long, here is the entire text of a one-slide presentation Phil Windley gave a few years ago:

HISTORY OF E-COMMERCE

1995: Invention of the Cookie

The End

Now is the time to break out of the cookie jar where business has been stuck for an inexcusably long time.

It’s time to start working for customers, and making them more than just “users” or “consumers.” Think Me2B and not just B2C. Make customertech and not just salestech, adtech and martech. Give every customer leverage:

By doing that, you will turn the whole marketplace into a Marvel-like universe where all of us are enhanced.

For inspiration, think about what Linux did against every other operating system. Think about what the Internet did to every LAN, WAN, phone company and cable company in the world. Think about what the Web did to every publishing system.

Linux, the Net and the Web each had something radical in common: they extended the power of individual human beings before they utterly reformed every activity and enterprise that came to depend on them.

If you’re interested in any of those projects above, talk to me. Or just start working on it, and tell me about it so I can help the world know.

This is wrong:

Because I’m not blocking ads. I’m blocking tracking.

In fact I welcome ads—especially ones that sponsor The Washington Post and other fine publishers. I’ll also be glad to subscribe to the Post once it stops trying to track me off their site. Same goes for The New York Times, The Wall Street Journal and other papers I value and to which I no longer subscribe.

Right now Privacy Badger protects me from 20 and 35 potential trackers at those papers’ sites, in addition to the 19 it finds at the Post. Most of those trackers are for stalking readers like marked animals, so their eyeballs can be shot by “relevant,” “interest-based” and “interactive” ads they would never request if they had much choice about it—and in fact have already voted against with ad blocking, which by 2015 was already the biggest boycott in world history. As I point out in that link (and Don Marti did earlier in DCN), there was in that time frame a high correlation between interest in blocking ads and interest (surely by the ad industry) in retargeting, which is the most obvious evidence to people that they are being tracked. See here:

Tracking-based ads, generally called adtech, do not sponsor publications. They use publications as holding pens in which human cattle can be injected with uninvited and unwelcome tracking files (generally called cookies) so their tracked eyeballs can be shot, wherever they might show up, with ads aimed by whatever surveillance data has been gleaned from those eyeballs’ travels about the Net.

Real advertising—the kind that makes brands and sponsors publications—doesn’t track people. Instead it is addressed to whole populations. In doing so it sponsors the media it uses, and testifies to those media’s native worth. Tracking-based ads can’t and don’t do that.

That tracking-based ads pay, and are normative in the extreme, does not make right the Post‘s participation in the practice. Nor does it make correct the bad thinking (and reporting!) behind notices such as the one above.

Let’s also be clear about two myths spread by the “interactive” (aka “relevant” and “interest-based”) advertising business:

  1. That the best online advertising is also the most targeted—and “behavioral” as well, meaning informed by knowledge about an individual, typically gathered by tracking. This is not the kind of advertising that made Madison Avenue, that created nearly every brand you can name, and that has sponsored publishers and other media for the duration. Instead it is direct marketing, aka direct response marketing. Both of those labels are euphemistic re-brandings that the direct mail business gave itself after the world started calling it junk mail. Sure, much (or most) of the paid messages we see online are called advertising, and look like advertising; but as long as they want to get personal, they’re direct marketing.
  2. That tracking-based advertising (direct marketing by another name) is the business model of the “free” Internet. In fact the Internet at its base is as free as gravity and sunlight, and floats all business boats, whether based on advertising or not.

Getting the world to mistake direct marketing for real advertising is one of the great magic tricks of all time: a world record for misdirection in business. To help explain the difference, I wrote Separating Advertising’s Wheat From Chaff, the most quoted line from which is “Madison Avenue fell asleep, direct response marketing ate its brain, and it woke up as an alien replica of itself.” Alas, the same is true for the business offices of the Post and every other publisher that depends on tracking. They ceased selling their pages as spaces for sponsors and turned those spaces over to data vampires living off the blood of readers’ personal data.

There is a side for those publishers to take on this thing, and it’s not with the tracking-based advertising business. It is with their own moral backbone, and with the readers who still keep faith in it.

If any reporter (e.g.@CraigTimberg @izzadwoskin@nakashimae ‏and @TonyRomm) wants to talk to me about this, write me at doc at searls.com or DM me here on Twitter.* Thanks.

Bonus link (and metaphor)

*So far, silence. But hey: I know I’m asking journalists to grab a third rail here. And it’s one that needs to be grabbed. There might even be a Pulitzer for whoever grabs it. Because the story is that big, and it’s not being told, at least not by any of the big pubs. The New York TimesPrivacy Project has lots of great stuff, but none that grabs the third rail. The closest the Times has come is You’re not alone when you’re on Google, by Jennifer Senior (@JenSeniorNY). In it she says “your newspaper” (alas, not this one) is among the culprits. But it’s a step. We need more of those. (How about it, @cwarzel?)†

[Later…] We actually have a great model for how the third rail might be grabbed, because The Wall Street Journal wrestled it mightily with the What They Know series, which ran from 2010 to 2012. For most of the years after that, the whole series, which was led by Julia Angwin and based on lots of great research, was available on the Web for everybody at http://wsj.com/wtk. But that’s a 404 now. If you want to see a directory of the earliest pieces, I list them in a July 2010 blog post titled The Data Bubble. That post begins,

The tide turned today. Mark it: 31 July 2010.

That’s when The Wall Street Journal published The Web’s Gold Mine: Your Secrets, subtitled A Journal investigation finds that one of the fastest-growing businesses on the Internet is the business of spying on consumers. First in a series. It has ten links to other sections of today’s report.

Alas, the tide did not turn. It kept coming in and getting deeper. And now we’re drowning under it.

† I did hear from Charlie Warzel (@cwarzel), who runs the Privacy Project series at the Times , and assured me that they would be covering the issue. And (Yay!) it did, with I Visited 47 Sites. Hundreds of Trackers Followed Me, by Farhad Manjoo (@fmanjoo). This was followed by critique of that piece titled Privacy Fundamentalism, by Ben Thompson in Stratechery. I responded to both with On Privacy Fundamentalism. So check those out too.

The answer is, we don’t know. Also, we may never know, because—

  • It’s too hard to measure (especially if you’re talking about the entire Net)
  • Too so much of the usage is in mobile devices that vary enormously
  • The browser makers are approaching ad blocking and tracking protection in different and new ways that change frequently, and the same goes for ad-blocking and tracking-protecting extensions and add-ons. One of them (Adblock Plus) is actually in the advertising business (which Wikipedia politely calls ad filtering)
  • Some of the most easily sourced measures are surveys, yet what people say and what they do are very different things
  • Some of the most widely cited findings are from sources with conflicted interests (for example, selling anti-ad-blocking services), or which aggregate multiple sources that aren’t revealed when cited
  • Actors good and bad in the ecosystem that ad blocking addresses also contribute to the fudge

But let’s explore a bit anyway, working with what we’ve got, flawed though much of it may be. If you’re a tl;dr kind of reader, jump down to the conclusions at the end.

Part 1: ClarityRay and Pagefair

Between 2012 and 2017, the most widely cited ad blocking reports were by ClarityRay and PageFair, in that order. There are no links to ClarityRay’s 2012 report, which I cited here in 2013. PageFair links to their 2015, 2016 (mobile) and 2017 reports are still live. The company also said last November that it was at work on another report. This was after PageFair was acquired by Blockthrough (“the leading adblock recovery program”). A PageFair blog post explains it.

I placed a lot of trust in PageFair’s work, mostly because I respected Dr. Johnny Ryan (@JohnnyRyan), who left PageFair for Brave in 2018. I also like what I know about Matthew Cortland, who was also at PageFair, and may still be. Far as I know, he hasn’t written anything about ad blocking research (but maybe I’ve missed it) since 2017.

Here are the main findings from PageFair’s 2017 report:

  • 615 million devices now use adblock
  • 11% of the global internet population is blocking ads on the web

Part 2: GlobalWebIndex

In January 2016, GlobalWebIndex said “37% of mobile users … say they’ve blocked ads on their mobile within the last month.” I put that together with Statista’s 2017 claim that there were then more than 4.6 billion mobile phone users in the world, which suggested that 1.7 billion people were blocking ads by that time.

Now GlobalWebIndex‘s Global Ad-Blocking Behavior report says 47% of us are blocking ads now. It also says, “As a younger and more engaged audience, ad-blockers also are much more likely to be paying subscribers and consumers. Ad-free premium services are especially attractive.” Which is pretty close to Don Marti‘s long-standing claim that readers who protect their privacy are more valuable than readers who don’t.

To get a total ad blocking population from that 47%, one possible source to cite is Internet World Stats:

Note that Internet World Stats appears to be a product of the Miniwatts Marketing Group, whose website is currently a blank WordPress placeholder. But, to be modest about it, their number is lower than Statista’s from 2016: “In 2019 the number of mobile phone users is forecast to reach 4.68 billion.” So let’s run with the lower one, at least for now.

Okay, so if 47% of us are using ad blockers, and Internet World Stats says there were 4,312,982,270 Internet users by the end of last year (that’s mighty precise!), the combined numbers suggest that more than 2,027,101,667 people are now blocking ads worldwide. So, we might generalize, more than two billion people are blocking ads today. Hence the headline above.

Perspective: back in 2015, we were already calling ad blocking The biggest boycott in human history. And that was when the number was just “approaching 200 million.”

More interesting to me is GlobalWebIndex’s breakouts of listed reasons why the people surveyed blocked ads. Three in particular stand out:

  • Ads contain viruses or bugs, 38%
  • Ads might compromise my online privacy, 26%
  • Stop ads being personalized, 22%

The problem here, as I said in the list up top, is that these are measured behaviors. They are sympathies. But they’re still significant, because sympathies sell. That means there are markets here. Opportunities to align incentives.

Part 3: Ad Fraud Researcher

I rely a great deal on Dr. Augustine Fou (@acfou), aka Independent Ad Fraud Researcher, to think and work more deeply and knowingly than I’ve done so far here (or may ever do).

Looking at Part 2 above (in an earlier version of this post), he tweeted, “I dispute these findings. ASKING people if they used an ad blocker in the past month is COMPLETELY inaccurate and inconsistent with people who ACTUALLY USE ad blockers regularly.” Also, “Source: GlobalWebIndex Q3 2018 Base: 93,803 internet users aged 16-64, among which were 42,078 respondents who have used an ad-blocker in the past month”. Then, “Are you going to take numbers extrapolated from 42,078 respondents and extrapolate that to the entire world? that would NOT be OK.” And, “Desktop ad blocking in the U.S. measured directly on sites which humans visit is in the 8 – 19% range. Bots must also be scrubbed because bots do not block ads and will skew ad blocking rates lower, if not removed.”

On that last tweet he points to his own research, published this month.There is lots of data in there, all of it interesting and unbiased. Then he adds, “your point about this being the ‘biggest boycott in human history’ is still valid. But the numbers from that ad blocking study should not be used.”

Part 4: Comscore

Among the many helpful tweets in response to the first draft of this post was this one by Zubair Shafiq (@zubair_shafiq), Assistant Professor of Computer Science at the University of Iowa, where he researches computer networks, security, and privacy. His tweet points to Ad Blockers: Global Prevalence and Impact, by Matthew Malloy, Mark McNamara, Aaron Cahn and Paul Barford, from 2016. Here is one chart among many in the report:

The jive in the Geo row is explained at that link. A degree in statistics will help.

Part 5: Statista

Statista seems serious, but Ad blocking user penetration rate in the United States from 2014 to 2020 is behind a paywall. Still, they do expose this hunk of text: “The statistic presents data on ad blocking user penetration rate in the United States from 2014 to 2020. It was found that 25.2 percent of U.S. internet users blocked ads on their connected devices in 2018. This figure is projected to grow to 27.5 percent in 2020.”

Provisional Conclusions

  1. The number is huge, but we don’t know how huge.
  2. Express doubt about any one large conclusion. Augustine Fou cautions me (and all of us) to look at where the data comes from, why it’s used, and how. In the case of Statista, for example, the data is aggregated from other sources. They don’t do the research themselves. It’s also almost too easy to copy and paste (as I’ve done here) images that might themselves be misleading. The landmark book on misleading statistics—no less relevant today than when it was written in 1954 (and perhaps more relevant than ever)—is How to Lie With Statistics.
  3. Everything is changing. For example, browsers are starting to obsolesce the roles played by ad blocking and tracking protection extensions and add-ons. Brave is the early leader, IMHO. Safari, Firefox and even Chrome are all making moves in this direction. Also check out Ghostery’s Cliqz. For some perspective on how long this is taking, take a look at what I was calling for way back in 2015.
  4. The market is sending a massive message.  That message is that advertising online has come to have massively negative value. Ad blocking and tracking protection are legitimate and eloquent messages from demand to supply. By fighting that message, marketing is crapping on most obvious and gigantic clue it has ever seen. And the supply side of the market isn’t just marketers selling stuff. It’s developers who need to start working for the hundreds of millions of customers who have proven their value by using these tools.

I came up with that law in the last millennium and it applied until Chevy discontinued the Cavalier in 2005. Now it should say, “You’re going to get whatever they’ve got.”

The difference is that every car rental agency in days of yore tended to get their cars from a single car maker, and now they don’t. Back then, if an agency’s relationship was with General Motors, which most of them seemed to be, the lot would have more of GM’s worst car than of any other kind of car. Now the car you rent truly is whatever. In the last year we’ve rented at least one Kia, Hyundai, Chevy, Nissan, Volkswagen, Ford and Toyota, and that’s just off the top of my head. (By far the best was a Chevy Impala. I actually loved it. So, naturally, it’s being discontinued.)

All of that, of course, applies only in the U.S. I know less about car rental verities in Europe, since I haven’t rented a car there since (let’s see…) 2011.

Anyway, when I looked up doc searls chevy cavalier to find whatever I’d written about my felicitous Fourth Law, the results included this, from my blog in 2004…

Five years later, the train pulls into Madison Avenue

ADJUSTING TO THE REALITY OF A CONSUMER-CONTROLLED MARKET, by Scott Donathon in Advertising Age. An excerpt:

Larry Light, global chief marketing officer at McDonald’s, once again publicly declared the death of the broadcast-centric ad model: “Mass marketing today is a mass mistake.” McDonald’s used to spend two-thirds of its ad budget on network prime time; that figure is now down to less than one-third.

General Motors’ Roger Adams, noting the automaker’s experimentation with less-intrusive forms of marketing, said, “The consumer wants to be in control, and we want to put them in control.” Echoed Saatchi & Saatchi chief Kevin Roberts, “The consumer now has absolute power.”

“It is not your goddamn brand,” he told marketers.

This consumer empowerment is at the heart of everything. End users are now in control of how, whether and where they consume information and entertainment. Whatever they don’t want to interact with is gone. That upends the intrusive model the advertising business has been sustained by for decades.

This is still fucked, of course. Advertising is one thing. Customer relationships are another.

“Consumer empowerment” is an oxymoron. Try telling McDonalds you want a hamburger that doesn’t taste like a horse hoof. Or try telling General Motors that nobody other than rental car agencies wants to buy a Chevy Cavalier or a Chevy Classic; or that it’s time, after 60 years of making crap fixtures and upholstery, to put an extra ten bucks (or whatever it costs) into trunk rugs that don’t seem like the company works to make them look and feel like shit. Feel that “absolute power?” Or like you’re yelling at the pyramids?

Real demand-side empowerment will come when it’s possible for any customer to have a meaningful — and truly valued — conversation with people in actual power on the supply side. And those conversations turn into relationships. And those relationships guide the company.

I’ll believe it when I see it.

Meanwhile the decline of old-fashioned brand advertising on network TV (which now amounts to a smaller percentage of all TV in any case) sounds more to me like budget rationalization than meaningful change where it counts.

Thanks to Terry for the pointer.

Three things about that.

First, my original blog (which ran from 1999 to 2007) is still up, thanks to Jake Savin and Dave Winer, at http://weblog.searls.com. (Adjust your pointers. It’ll help Google and Bing forget the old address.)

Second, I’ve been told by rental car people that the big American car makers actually got tired of hurting their brands by making shitty cars and scraping them off on rental agencies. So now the agencies mostly populate their lots surplus cars that don’t make it to dealers for various reasons. They also let their cars pile up 50k miles or more before selling them off. Also, the quality of cars in general is much higher than it used to be, and the experience of operating them is much more uniform—meaning blah in nearly identical ways.

Third, I’ve changed my mind on brand advertising since I wrote that. Two reasons. One is that brand advertising sponsors the media it runs on, which is a valuable thing. The other is that brand advertising really does make a brand familiar, which is transcendently valuable to the brand itself. There is no way personalized and/or behavioral advertising can do the same. Perhaps as much as $2trillion has been spent on tracking-based digital advertising, and not one brand known to the world has been made by it.

And one more thing: since we don’t commute, and we don’t need a car most of the time, we now favor renting cars over owning them. Much simpler and much cheaper. And the cars we rent tend to be nicer than the used cars we’ve owned and mostly driven into the ground. You never know what you’re going to get, but generally they’re not bad, and not our problem if something goes wrong with one, which almost never happens.

 

We live in two worlds now: the natural one where we have bodies that obey the laws of gravity and space/time, and the virtual one where there is no gravity or distance (though there is time).

In other words, we are now digital as well as physical beings, and this is new to a human experience where, so far, we are examined and manipulated like laboratory animals by giant entities that are out of everybody’s control—including theirs.

The collateral effects are countless and boundless.

Take journalism, for example. That’s what I did in a TEDx talk I gave last month in Santa Barbara:

I next visited several adjacent territories with a collection of brilliant folk at the Ostrom Workshop on Smart Cities. (Which was live-streamed, but I’m not sure is archived yet. Need to check.)

Among those folk was Brett Frischmann, whose canonical work on infrastructure I covered here, and who in Re-Engineering Humanity (with Evan Selinger) explains exactly how giants in the digital infrastructure business are hacking the shit out of us—a topic I also visit in Engineers vs. Re-Engineering (my August editorial in Linux Journal).

Now also comes Bruce Schneier, with his perfectly titled book Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World, which Farhad Manjoo in The New York Times sources in A Future Where Everything Becomes a Computer Is as Creepy as You Feared. Pull-quote: “In our government-can’t-do-anything-ever society, I don’t see any reining in of the corporate trends.”

In The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power, a monumental work due out in January (and for which I’ve seen some advance galleys) Shoshana Zuboff makes both cases (and several more) at impressive length and depth.

Privacy plays in all of these, because we don’t have it yet in the digital world. Or not much of it, anyway.

In reverse chronological order, here’s just some what I’ve said on the topic:

So here we are: naked in the virtual world, just like we were in the natural one before we invented clothing and shelter.

And that’s the challenge: to equip ourselves to live private and safe lives, and not just public and endangered ones, in our new virtual world.

Some of us have taken up that challenge too: with ProjectVRM, with Customer Commons, and with allied efforts listed here.

And I’m optimistic about our prospects.

I’ll also be detailing that optimism in the midst of a speech titled “Why adtech sucks and needs to be killed” next Wednesday (October 17th) at An Evening with Advertising Heretics in NYC. Being at the Anne L. Bernstein Theater on West 50th, it’s my off-Broadway debut. The price is a whopping $10.

 

 

fruit thought

If personal data is actually a commodity, can you buy some from another person, as if that person were a fruit stand? Would you want to?

Not yet. Or maybe not really.

Either way, that’s the idea behind the urge by some lately to claim personal data as personal property, and then to make money (in cash, tokens or cryptocurrency) by selling or otherwise monetizing it. The idea in all these cases is to somehow participate in existing (entirely extractive) commodity markets for personal data.

ProjectVRM, which I direct, is chartered to “foster development of tools and services that make customers both independent and better able to engage,” and is a big tent. That’s why on the VRM Developments Work page of the ProjectVRM wiki is a heading called Markets for Personal Data. Listed there are:

So we respect that work. It is also essential to recognize problems it faces.

The first problem is that, economically speaking, data is a public good, meaning non-rivalrous and non-excludable. (Rivalrous means consumption or use by one party prevents the same by another, and excludable means you can prevent parties that don’t pay from access to it.) Here’s a table from Linux Journal column I wrote a few years ago:

Excludability Excludability
YES NO
Rivalness YES Private good: good: e.g., food, clothing, toys, cars, products subject to value-adds between first sources and final customers Common pool resource: e.g., sea, rivers, forests, their edible inhabitants and other useful contents
Rivalness NO Club good: e.g., bridges, cable TV, private golf courses, controlled access to copyrighted works Public good: e.g., data, information, law enforcement, national defense, fire fighting, public roads, street lighting

 

The second problem is that nature of data as a public good also inconveniences claims that it ought to be property. Thomas Jefferson explained this in his 1813 letter to Isaac MacPherson:

If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it. Its peculiar character, too, is that no one possesses the less, because every other possesses the whole of it. He who receives an idea from me, receives instruction himself without lessening mine; as he who lights his taper at mine, receives light without darkening me. That ideas should freely spread from one to another over the globe, for the moral and mutual instruction of man, and improvement of his condition, seems to have been peculiarly and benevolently designed by nature, when she made them, like fire, expansible over all space, without lessening their density in any point, and like the air in which we breathe, move, and have our physical being, incapable of confinement or exclusive appropriation

Of course Jefferson never heard of data. But what he says about “the thinking power called an idea,” and how ideas are like fire, is important for us to get our heads around amidst the rising chorus of voices insistenting that data is a form of property.

The third problem is that there are better legal frameworks than property law for protecting personal data. In Do we really want to “sell” ourselves? The risks of a property law paradigm for personal data ownership, Elizabeth Renieris and Dazza Greenwood write,

Who owns your data? It’s a popular question of late in the identity community, particularly in the wake of Cambridge Analytica, numerous high-profile Equifax-style data breaches, and the GDPR coming into full force and effect. In our view, it’s not only the wrong question to be asking but it’s flat out dangerous when it frames the entire conversation. While ownership implies a property law model of our data, we argue that the legal framework for our identity-related data must also consider constitutional or human rights laws rather than mere property law rules

Under common law, ownership in property is a bundle of five rights — the rights of possession, control, exclusion, enjoyment, and disposition. These rights can be separated and reassembled according to myriad permutations and exercised by one or more parties at the same time. Legal ownership or “title” of real property (akin to immovable property under civil law) requires evidence in the form of a deed. Similarly, legal ownership of personal property (i.e. movable property under civil law) in the form of commercial goods requires a bill of lading, receipt, or other document of title. This means that proving ownership or exerting these property rights requires backing from the state or sovereign, or other third party. In other words, property rights emanate from an external source and, in this way, can be said to be extrinsic rights. Moreover, property rights are alienable in the sense that they can be sold or transferred to another party.

Human rights — in stark contrast to property rights — are universal, indivisible, and inalienable. They attach to each of us individually as humans, cannot be divided into sticks in a bundle, and cannot be surrendered, transferred, or sold. Rather, human rights emanate from an internal source and require no evidence of their existence. In this way, they can be said to be intrinsic rights that are self-evident. While they may be codified or legally recognized by external sources when protected through constitutional or international laws, they exist independent of such legal documents. The property law paradigm for data ownership loses sight of these intrinsic rights that may attach to our data. Just because something is property-like, does not mean that it is — or that it should be — subject to property law.

In the physical realm, it is long settled that people and organs are not treated like property. Moreover, rights to freedom from unreasonable search and seizure, to associate and peaceably assemble with others, and the rights to practice religion and free speech are not property rights — rather, they are constitutional rights under U.S. law. Just as constitutional and international human rights laws protect our personhood, they also protect things that are property-like or exhibit property-like characteristics. The Fourth Amendment of the U.S. Constitution provides “the right of the people to be secure in their persons” but also their “houses, papers, and effects.” Similarly, the Universal Declaration of Human Rights and the European Convention on Human Rights protect the individual’s right to privacy and family life, but also her “home and correspondence”…

Obviously some personal data may exist in property-form just as letters and diaries in paper form may be purchased and sold in commerce. The key point is that sometimes these items are also defined as papers and effects and therefore subject to Fourth Amendment and other legal frameworks. In other words, there are some uses of (and interests in) our data that transform it from an interest in property to an interest in our personal privacy — that take it from the realm of property law to constitutional or human rights law. Location data, biological, social, communications and other behavioral data are examples of data that blend into personal identity itself and cross this threshold. Such data is highly revealing and the big-data, automated systems that collect, track and analyze this data make the need to establish proportional protections and safeguards even more important and more urgent. It is critical that we apply the correct legal framework.

The fourth problem is that all of us as human beings are able to produce forms of value that far exceed that of our raw personal data. Specifically, treating data as if it were a rivalrous and excludable commodity—such as corn, oil or fruit—not only takes Jefferson’s “thinking power” off the table, but misdirects attention, investment and development work away from supporting the human outputs that are fully combustible, and might be expansible over all space, without lessening density. Ideas can do that. Oil can’t, combustible or not.

Put another way, why would you want to make almost nothing (the likely price) from selling personal data on a commodity basis when you can make a lot more by selling your work where markets for work exist, and where rights are fully understood and protected within existing legal frameworks?

What makes us fully powerful as human beings is our ability to generate and share ideas and other goods that are expansible over all space, and not just to slough off data like so much dandruff. Or to be valued only for the labors we contribute as parts of industrial machines.

Important note: I’m not knocking labor here. Most of us have to work for wages, either as parts of industrial machines, or as independent actors. There is full honor in that. Yet our nature as distinctive and valuable human beings is to be more and other than a source of labor alone, and there are ways to make money from that fact too.

Many years ago JP Rangaswami (@jobsworth) and I made a distinction between making money with something and because of something.

Example: I don’t make money with this blog. But I do make money because of it—and probably a lot more money than I would if this blog carried advertising or if I did it for a wage. JP and I called this way of making money a because effect. The entire Internet, the World Wide Web and the totality of free and open source code all have vast because effects in money made with products and services that depend on those graces. Each are rising free tides that lift all commercial boats. Non-commercial ones too.

Which gets us to the idea behind declaring personal data as personal property, and creating marketplaces where people can sell their data.

The idea goes like this: there is a $trillion or more in business activity that trades or relies on personal data in many ways. Individual sources of that data should be able to get in on the action.

Alas, most of that $trillion is in what Shoshana Zuboff calls surveillance capitalism: a giant snake-ball of B2B activity wherein there is zero interest in buying what can be exploited for free.

Worse, surveillance capitalism’s business is making guesses about you, so it can sell you shit. On a per-message basis, this works about 0% of the time, even though massive amounts of money flow through that B2B snakeball (visualized as abstract rectangles here and here). Many reasons for that. Here are a few:

  1. Most of the time, such as right here and now, you’re not buying a damn thing, and not in a mood to be bothered by someone telling you what to buy.
  2. Companies paying other companies to push shit at you do not have your interests at heart—not even if their messages to you are, as they like to put it, “relevant” or “interest based.” (Which they almost always are not.)
  3. The entrails of surveillance capitalism are fully infected with fraud and malware.
  4. Surveillance capitalism is also quite satisfied to soak up to 97% of an advertising spend before an ad’s publisher gets its 3% for pushing an ad at you.

Trying to get in on that business is an awful proposition.

Yes, I know it isn’t just surveillance capitalists who hunger for personal data. The health care business, for example, can benefit enormously from it, and is less of a snakeball, on the whole. But what will it pay you? And why should it pay you?

Won’t large quantities of anonymized personal data from iOS and Android devices, handed over freely, be more valuable to medicine and pharma than the few bits of data individuals might sell? (Apple has already ventured in that direction, very carefully, also while not paying for any personal data.)

And isn’t there something kinda suspect about personal data for sale? Such as motivating the unscrupulous to alter some of their data so it’s worth more?

What fully matters for people in the digital world is agency, not data. Agency is the power to act with full effect in the world. It’s what you have when you put your pants on, when you walk, or drive, or tell somebody something useful while they listen respectfully. It’s what you get when you make a deal with an equal.

It’s not what any of us get when we’re just “users” on a platform. Or when we click “agree” to one-sided terms the other party can change and we can’t. Both of those are norms in Web 2.0 and desperately need to be killed.

But it’s still early. Web 2.0 is an archaic stage in the formation of the digital world. Surveillance capitalism has also been a bubble ready to pop for years. The matter is when, not if. The whole thing is too absurd, corrupt, complex and annoying to keep living forever.

So let’s give people ways to increase their agency, at scale, in the digital world. There’s no scale in selling one’s personal data. But there’s plenty in putting better human powers to work.

If we’re going to obsess over personal data, let’s look instead toward ways to regulate or control over how our personal data might be used by others. There are lots of developers at work on this already. Here’s one list at ProjectVRM.

Bonus links:

 

 

 

 

In Chatbots were the next big thing: what happened?, Justin Lee (@justinleejw) nicely unpacks how chatbots were overhyped to begin with and continue to fail their Turing tests, especially since humans in nearly all cases would  rather talk to humans than to mechanical substitutes.

There’s also a bigger and more fundamental reason why bots still aren’t a big thing: we don’t have them. If we did, they’d be our robot assistants, going out to shop for us, to get things fixed, or to do whatever.

Why didn’t we get bots of our own?

I can pinpoint the exact time and place where bots of our own failed to happen, and all conversation and development went sideways, away from the vector that takes us to bots of our own (hashtag: #booo), and instead toward big companies doing more than ever to deal with us robotically, mostly to sell us shit.

The time was April 2016, and the place was Facebook’s F8 conference. It was on stage there that Mark Zuckerberg introduced “messenger bots”. He began,

Now that Messenger has scaled, we’re starting to develop ecosystems around it. And the first thing we’re doing is exploring how you can all communicate with businesses.

Note his use of the second person you. He’s speaking to audience members as individual human beings. He continued,

You probably interact with dozens of businesses every day. And some of them are probably really meaningful to you. But I’ve never met anyone who likes calling a business. And no one wants to have to install a new app for every service or business they want to interact with. So we think there’s gotta be a better way to do this.

We think you should be able to message a business the same way you message a friend. You should get a quick response, and it shouldn’t take your full attention, like a phone call would. And you shouldn’t have to install a new app.

This promised pure VRM: a way for a customer to relate to a vendor. For example, to issue a service request, or to intentcast for bids on a new washing machine or a car.

So at this point Mark seemed to be talking about a new communication channel that could relieve the typical pains of being a customer while also opening the floodgates of demand notifying supply when it’s ready to buy. Now here’s where it goes sideways:

So today we’re launching Messenger Platform. So you can build bots for Messenger.

By “you” Zuck now means developers. He continues,

And it’s a simple platform, powered by artificial intelligence, so you can build natural language services to communicate directly with people. So let’s take a look.

See the shift there? Up until that last sentence, he seemed to be promising something for people, for customers, for you and me: a better way to deal with business. But alas, it’s just shit:

CNN, for example, is going to be able to send you a daily digest of stories, right into messenger. And the more you use it, the more personalized it will get. And if you want to learn more about a specific topic, say a Supreme Court nomination or the zika virus, you just send a message and it will send you that information.

And right there the opportunity was lost. And all the promise, up there at the to of the hype cycle. Note how Aaron Batalion uses the word “reach” in  ‘Bot’ is the wrong name…and why people who think it’s silly are wrong, written not long after Zuck’s F8 speech: “In a micro app world, you build one experience on the Facebook platform and reach 1B people.”

What we needed, and still need, is for reach to go the other way: a standard bot design that would let lots of developers give us better ways to reach businesses. Today lots of developers compete to give us better ways to use the standards-based tools we call browsers and email clients. The same should be true of bots.

In Market intelligence that flows both ways, I describe one such approach, based on open source code, that doesn’t require locating your soul inside a giant personal data extraction business.

Here’s a diagram that shows how one person (me in this case) can relate to a company whose moccasins he owns:

vrmcrmconduit

The moccasins have their own pico: a cloud on the Net for a thing in the physical world: one that becomes a standard-issue conduit between customer and company.

A pico of this type might come in to being when the customer assigns a QR code to the moccasins and scans it. The customer and company can then share records about the product, or notify the other party when there’s a problem, a bargain on a new pair, or whatever. It’s tabula rasa: wide open.

The current code for this is called Wrangler. It’s open source and in Github. For the curious, Phil Windley explains how picos work in Reactive Programming With Picos.

It’s not bots yet, but it’s a helluva lot better place to start re-thinking and re-developing what bots should have been in the first place. Let’s start developing there, and not inside giant silos.

[Note: the image at the top is from this 2014 video by Capgemini explaining #VRM. Maybe now that Facebook is doing face-plants in the face of the GDPR, and privacy is finally a thing, the time is ripe, not only for #booos, but for the rest of the #VRM portfolio of unfinished and un-begun work on the personal side.]

This is what greets me when I go to the Washington Post site from here in Germany:

Washington Post greeting for Europeans

So you can see it too, wherever you are, here’s the URL I’m redirected to on Chrome, on Firefox, on Safari and on Brave. All look the same except for Brave, which shows a blank page.

Note that last item in the Premium EU Subscription column: “No on-site advertising or third-party tracking.”

Ponder for a moment how the Sunday (or any) edition of the Post‘s print edition would look with no on-paper advertising. It would be woefully thin and kind of worthless-looking. Two more value-adds for advertising in the print edition:

  1. It doesn’t track readers, which is the sad and broken norm for newspapers and magazines in the online world—a norm now essentially outlawed by the GDPR, and surely the reason the Post is running this offer.
  2. It sponsors the Post. Tracking-based advertising, known in the trade as adtech, doesn’t sponsor anything. Instead it hunts down eyeballs its spyware already knows about, no matter where they go. In other words, if adtech can shoot a Washington Post reader between the eyes at the Skeevy Lake Tribune, and the Skeevy is cheaper, it might rather hit the reader over there.

So here’s the message I want the Post to hear from me, and from every reader who values what they do:

That’s what I get from the print edition, and that’s what I want from the online edition as well.

So I want two things here.

One is an answer to this question: Are ANY publishers in the online world selling old-fashioned ads that aren’t based on tracking and therefore worth more than the tracking kind? (And are GDPR-compliant as well, since the ads aren’t aimed by collected personal data.)

The other is to subscribe to the Post as soon as they show me they’re willing to do what I ask: give me those real ads again. And stop assuming that all ads need to be the tracking-based kind.

Thanks in advance.

Tags: , , ,

In The Big Short, investor Michael Burry says “One hallmark of mania is the rapid rise in the incidence and complexity of fraud.” (Burry shorted the mania- and fraud-filled subprime mortgage market and made a mint in the process.)

One would be equally smart to bet against the mania for the tracking-based form of advertising called adtech.

Since tracking people took off in the late ’00s, adtech has grown to become a four-dimensional shell game played by hundreds (or, if you include martech, thousands) of companies, none of which can see the whole mess, or can control the fraud, malware and other forms of bad acting that thrive in the midst of it.

And that’s on top of the main problem: tracking people without their knowledge, approval or a court order is just flat-out wrong. The fact that it can be done is no excuse. Nor is the monstrous sum of money made by it.

Without adtech, the EU’s GDPR (General Data Protection Regulation) would never have happened. But the GDPR did happen, and as a result websites all over the world are suddenly posting notices about their changed privacy policies, use of cookies, and opt-in choices for “relevant” or “interest-based” (translation: tracking-based) advertising. Email lists are doing the same kinds of things.

“Sunrise day” for the GDPR is 25 May. That’s when the EU can start smacking fines on violators.

Simply put, your site or service is a violator if it extracts or processes personal data without personal permission. Real permission, that is. You know, where you specifically say “Hell yeah, I wanna be tracked everywhere.”

Of course what I just said greatly simplifies what the GDPR actually utters, in bureaucratic legalese. The GDPR is also full of loopholes only snakes can thread; but the spirit of the law is clear, and the snakes will be easy to shame, even if they don’t get fined. (And legitimate interest—an actual loophole in the GDPR, may prove hard to claim.)

Toward the aftermath, the main question is What will be left of advertising—and what it supports—after the adtech bubble pops?

Answers require knowing the differences between advertising and adtech, which I liken to wheat and chaff.

First, advertising:

    1. Advertising isn’t personal, and doesn’t have to be. In fact, knowing it’s not personal is an advantage for advertisers. Consumers don’t wonder what the hell an ad is doing where it is, who put it there, or why.
    2. Advertising makes brands. Nearly all the brands you know were burned into your brain by advertising. In fact the term branding was borrowed by advertising from the cattle business. (Specifically by Procter and Gamble in the early 1930s.)
    3. Advertising carries an economic signal. Meaning that it shows a company can afford to advertise. Tracking-based advertising can’t do that. (For more on this, read Don Marti, starting here.)
    4. Advertising sponsors media, and those paid by media. All the big pro sports salaries are paid by advertising that sponsors game broadcasts. For lack of sponsorship, media—especially publishers—are hurting. @WaltMossberg learned why on a conference stage when an ad agency guy said the agency’s ads wouldn’t sponsor Walt’s new publication, recode. Walt: “I asked him if that meant he’d be placing ads on our fledgling site. He said yes, he’d do that for a little while. And then, after the cookies he placed on Recode helped him to track our desirable audience around the web, his agency would begin removing the ads and placing them on cheaper sites our readers also happened to visit. In other words, our quality journalism was, to him, nothing more than a lead generator for target-rich readers, and would ultimately benefit sites that might care less about quality.” With friends like that, who needs enemies?

Second, Adtech:

    1. Adtech is built to undermine the brand value of all the media it uses, because it cares about eyeballs more than media, and it causes negative associations with brands. Consider this: perhaps a $trillion or more has been spent on adtech, and not one brand known to the world has been made by it. (Bob Hoffman, aka the Ad Contrarian, is required reading on this.)
    2. Adtech wants to be personal. That’s why it’s tracking-based. Though its enthusiasts call it “interest-based,” “relevant” and other harmless-sounding euphemisms, it relies on tracking people. In fact it can’t exist without tracking people. (Note: while all adtech is programmatic, not all programmatic advertising is adtech. In other words, programmatic advertising doesn’t have to be based on tracking people. Same goes for interactive. Programmatic and interactive advertising will both survive the adtech crash.)
    3. Adtech spies on people and violates their privacy. By design. Never mind that you and your browser or app are anonymized. The ads are still for your eyeballs, and correlations can be made.
    4. Adtech is full of fraud and a vector for malware. @ACFou is required reading on this.
    5. Adtech incentivizes publications to prioritize “content generation” over journalism. More here and here.
    6. Intermediators take most of what’s spent on adtech. Bob Hoffman does a great job showing how as little as 3¢ of a dollar spent on adtech actually makes an “impression. The most generous number I’ve seen is 12¢. (When I was in the ad agency business, back in the last millennium, clients complained about our 15% take. Media our clients bought got 85%.)
    7. Adtech gives fake news a business model, because fake news is easier to produce than the real kind, and adtech will pay anybody a bounty for hauling in eyeballs.
    8. Adtech incentivizes hate speech and tribalism by giving both—and the platforms that host them—a business model too.
    9. Adtech relies on misdirection. See, adtech looks like advertising, and is called advertising; but it’s really direct marketing, which is descended from junk mail and a cousin of spam. Because of that misdirection, brands think they’re placing ads in media, while the systems they hire are actually chasing eyeballs to anywhere. (Pro tip: if somebody says every ad needs to “perform,” or that the purpose of advertising is “to get the right message to the right person at the right time,” they’re actually talking about direct marketing, not advertising. For more on this, read Rethinking John Wanamaker.)
    10. Compared to advertising, adtech is ugly. Look up best ads of all time. One of the top results is for the American Advertising Awards. The latest winners they’ve posted are the Best in Show for 2016. Tops there is an Allstate “Interactive/Online” ad pranking a couple at a ball game. Over-exposure of their lives online leads that well-branded “Mayhem” guy to invade and trash their house. In other words, it’s a brand ad about online surveillance.
    11. Adtech has caused the largest boycott in human history. By more than a year ago, 1.7+ billion human beings were already blocking ads online.

To get a sense of what will be left of adtech after GDPR Sunrise Day, start by reading a pair of articles in AdExchanger by @JamesHercher. The first reports on the Transparency and Consent Framework published by IAB Europe. The second reports on how Google is pretty much ignoring that framework and going direct with their own way of obtaining consent to tracking:

Google’s and other consent-gathering solutions are basically a series of pop-up notifications that provide a mechanism for publishers to provide clear disclosure and consent in accordance with data regulations.

Specifically,

The Google consent interface greets site visitors with a request to use data to tailor advertising, with equally prominent “no” and “yes” buttons. If a reader declines to be tracked, he or she sees a notice saying the ads will be less relevant and asking to “agree” or go back to the previous page. According to a source, one research study on this type of opt-out mechanism led to opt-out rates of more than 70%.

Meaning only 30% of site visitors will consent to being tracked. So, say goodbye to 70% of adtech’s eyeball targets right there.

Google’s consent gathering system, dubbed “Funding Choices,” also screws most of the hundreds of other adtech intermediaries fighting for a hunk of what’s left of their market. Writes James, “It restricts the number of supply chain partners a publisher can share consent with to just 12 vendors, sources with knowledge of the product tell AdExchanger.”

And that’s not all:

Last week, Google alerted advertisers it would sharply limit use of the DoubleClick advertising ID, which brands and agencies used to pull log files from DoubleClick so campaigns could be cohesively measured across other ad servers, incentivizing buyers to consolidate spend on the Google stack.

Google also raised eyebrows last month with a new policy insisting that all DFP publishers grant it status as a data controller, giving Google the right to collect and use site data, whereas other online tech companies – mere data processors – can only receive limited data assigned to them by the publisher, i.e., the data controller.

This is also Google’s way of scraping off GDPR liability on publishers.

Publishers and adtech intermediaries can attempt to avoid Google by using Consent Management Platforms (CMPs), a new category of intermediary defined and described by IAB Europe’s Consent Management Framework. Writes James,

The IAB Europe and and IAB Tech Lab framework includes a list of registered vendors that publishers can pass consent to for data-driven advertising. The tech companies pay a one-time fee between $1,000 and $2,000 to join the vendor list, according to executives from three participating companies…Although now that the framework is live, the barriers to adoption are painfully real as well.

The CMP category is pretty bare at the moment, and it may be greeted with suspicion by some publishers.There are eight initial CMPs: two publisher tech companies with roots in ad-blocker solutions, Sourcepoint and Admiral, as well as the ad tech companies Quantcast and Conversant and a few blockchain-based advertising startups…

Digital Content Next, a trade group representing online news publishers, is advising publishers to reject the framework, which CEO Jason Kint said “doesn’t meet the letter or spirit of GDPR.” Only two publishers have publicly adopted the Consent and Transparency Framework, but they’re heavy hitters with blue-chip value in the market: Axel Springer, Europe’s largest digital media company, and the 180-year-old Schibsted Media, a respected newspaper publisher in Sweden and Norway.

In other words, good luck with that.

[Later, 26 May…] Well, Google caved on this one, so apparently Google is coming to IAB Europe’s table.

[And on 30 May…] Axel Springer is also going its own way.

One big upside for IAB Europe is that its Framework contains open source code and an SDK. For a full unpacking of what’s there see the Consent String and Vendor List Format: Transparency & Consent Framework on GitHub and IAB Europe’s own FAQ. More about this shortly.

Meanwhile, the adtech business surely knows the sky is falling. The main question is how far.

One possibility is 95% of the way to zero. That outcome is suggested by results published in PageFair last October by Dr. Johnny Ryan (@JohnnyRyan) there. Here’s the most revealing graphic in the bunch:

Note that this wasn’t a survey of the general population. It was a survey of ad industry people: “300+ publishers, adtech, brands, and various others…” Pause for a moment and look at that chart again. Nearly all those proffesionals in the business would not accept what their businesses do to other human beings.

“However,” Johnny adds, “almost a third believe that users will consent if forced to do so by ‘tracking walls’, that deny access to a website unless a visitor agrees to be tracked. Tracking walls, however, are prohibited under Article 7 of the GDPR…”

Pretty cynical, no?

The good news for both advertising and publishing is that neither needs adtech. What’s more, people can signal what they want out of the sites they visit—and from the whole marketplace. In fact the Internet itself was designed for exactly that. The GDPR just made the market a lot more willing to start hearing clues from customers that have been laying in plain sight for almost twenty years.

The first clues that fully matter are the ones we—the individuals they’ve been calling “users,” will deliver. Look for details on that in another post.

Meanwhile::::

Pro tip #1: don’t bet against Google, except maybe in the short term, when sunrise will darken the whole adtech business.

Instead, bet against companies that stake their lives on tracking people, and doing that without the clear and explicit consent of the tracked. That’s most of the adtech “ecosystem” not called Google or Facebook.

Google can say it already has consent, and that it is also has a legitimate interest (one of the six “lawful bases” for tracking) in the personal data it harvests from us.

Google can also live without the tracking. Most of its income comes from AdWords—its search advertising business—which is far more guided by what visitors are searching for than by whatever Google knows about those visitors.

Google is also also relatively trusted, as tech companies go. Its parent, Alphabet, is also increasingly diversified. Facebook, on the other hand, does stake its life on tracking people. (I say more about Facebook’s odds here.)

Pro tip #2: do bet on any business working for customers rather than sellers. Because signals of personal intent will produce many more positive outcomes in the digital marketplace than surveillance-fed guesswork by sellers ever could, even with the most advanced AI behind it.

For more on how that will work, read The Intention Economy: When Customers Take Charge. Six years after Harvard Business Review Press published that book, what it says will start to come true. Thank you, GDPR.

Pro tip #3: do bet on developers building tools that give each of us scale in dealing with the world’s companies and governments, because those are the tools businesses working for customers will rely on to scale up their successes as well.

What it comes down to is the need for better signaling between customers and companies than can ever be possible in today’s doomed tracking-fed guesswork system. (All the AI and ML in the world won’t be worth much if the whole point of it is to sell us shit.)

Think about what customers and companies want and need about each other: interests, intentions, competencies, locations, availabilities, reputations—and boundaries.

When customers can operate both privately and independently, we’ll get far better markets than today’s ethically bankrupt advertising and marketing system could ever give us.

Pro tip #4: do bet on publishers getting back to what worked since forever offline and hardly got a chance online: plain old brand advertising that carries both an economic and a creative signal, and actually sponsors the publication rather than using the publication as a way to gather eyeballs that can be advertised at anywhere. The oeuvres of Don Marti (@dmarti) and Bob Hoffman (the @AdContrarian) are thick with good advice about this. I’ve also written about it extensively in the list compiled at People vs. Adtech. Some samples, going back through time:

  1. An easy fix for a broken advertising system (12 October 2017 in Medium and in my blog)
  2. Without aligning incentives, we can’t kill fake news or save journalism (15 September 2017 in Medium)
  3. Let’s get some things straight about publishing and advertising (9 September 2017 and the same day in Medium)
  4. Good news for publishers and advertisers fearing the GDPR (3 September 2017 in ProjectVRM and 7 October in Medium).
  5. Markets are about more than marketing (2 September 2017 in Medium).
  6. Publishers’ and advertisers’ rights end at a browser’s front door (17 June 2017 in Medium). It updates one of the 2015 blog posts below.
  7. How to plug the publishing revenue drain (9 June 2017 in Medium). It expands on the opening (#publishing) section of my Daily Tab for that date.
  8. How True Advertising Can Save Journalism From Drowning in a Sea of Content (22 January 2017 in Medium and 26 January 2017 in my blog.)It’s People vs. Advertising, not Publishers vs. Adblockers (26 August 2016 in ProjectVRM and 27 August 2016 in Medium)
  9. Why #NoStalking is a good deal for publishers (11 May 2016, and in Medium)
  10. How customers can debug business with one line of code (19 April 2016 in ProjectVRM and in Medium)
  11. An invitation to settle matters with @Forbes, @Wired and other publishers (15 April 2016 and in Medium)
  12. TV Viewers to Madison Avenue: Please quit driving drunk on digital (14 Aprl 2016, and in Medium)
  13. The End of Internet Advertising as We’ve Known It(11 December 2015 in MIT Technology Review)
  14. Ad Blockers and the Next Chapter of the Internet (5 November in Harvard Business Review)
  15. How #adblocking matures from #NoAds to #SafeAds (22 October 2015)
  16. Helping publishers and advertisers move past the ad blockade (11 October 2015 on the ProjectVRM blog)
  17. Beyond ad blocking — the biggest boycott in human history (28 Septemper 2015)
  18. A way to peace in the adblock war (21 September 2015, on the ProjectVRM blog)
  19. How adtech, not ad blocking, breaks the social contract (23 September 2015)
  20. If marketing listened to markets, they’d hear what ad blocking is telling them (8 September 2015)
  21. Apple’s content blocking is chemo for the cancer of adtech (26 August 2015)
  22. Separating advertising’s wheat and chaff (12 August 2015, and on 2 July 2016 in an updated version in Medium)
  23. Thoughts on tracking based advertising (18 February 2015)
  24. On marketing’s terminal addiction to data fracking and bad guesswork (10 January 2015)
  25. Why to avoid advertising as a business model (25 June 2014, re-running Open Letter to Meg Whitman, which ran on 15 October 2000 in my old blog)
  26. What the ad biz needs is to exorcize direct marketing (6 October 2013)
  27. Bringing manners to marketing (12 January 2013 in Customer Commons)
  28. What could/should advertising look like in 2020, and what do we need to do now for this future?(Wharton’s Future of Advertising project, 13 November 2012)
  29. An olive branch to advertising (12 September 2012, on the ProjectVRM blog)

I expect, once the GDPR gets enforced, I can start writing about People + Publishing and even People + Advertising. (I have long histories in both publishing and advertising, by the way. So all of this is close to home.)

Meanwhile, you can get a jump on the GDPR by blocking third party cookies in your browsers, which will stop most of today’s tracking by adtech. Customer Commons explains how.

« Older entries