The following excerpts a recent Project VRM Conversation on Geocasting — the ability to share your location data with the world, how you could optionally share it, and how it could be abused.

A thread on privacy developed as often happens in these discussions about the ongoing digitization of our thoughts, movements, and actions.

On Sun, Feb 21, 2010 at 7:45 AM, dsearls <> wrote:
This is a good thread. Thanks to all who are weighing in.

I believe the fundamental problem — and opportunity — lies in the near-absolute difference between physical and virtual space. Privacy, as we’ve always understood it, is a physical thing. We are physically present, absent, or shielded from view. We also rely on near-anonymity as we go about the public world. Even waiters in restaurants and grocery check-out personnel care little or nothing about the identities we supply with our credit cards. Unless, of course, we are celebrities. Celebrity is bought with anonymity. Celebrities turn heads everywhere. I’ve known a few celebrities, and all regret their lost anonymity.

The Internet is basically spaceless, and will become even more so should we release ourselves from the physical anchors of IP addresses (by which, for example, the BBC decides those detected outside the UK cannot get domestic audio or video streams). As Craig Burton helped me put it many years ago, the Net is a “Giant Zero” between us all. As physical beings, this is hard to grok, even as it is very handy to use. What is our exposure, really? Hard to tell. Even harder to prevent, except by forms of abstinence. (As, to some degree, Tom Stites recommends.)

We have a lot to work out here. I think VRM (or just the RM part of it) — tools under the individual’s control — are essential for that. I also think it’s still early. We’ve lived in physical space for the duration and in the virtual one for a few decades at best. Many lessons are not yet learned. For example, at this early stage we still think a handful of corporate services (Facebook, Twitter, MySpace, Second Life) are “media” of the generic sort, when they are not.

New infrastructures will be built. When they are worthy of that noun, they will — like the Internet’s core protocols — support commercial activity, but will not be comprised of it.


+++1. Profoundly true observations. Doc. This explains why identity is such a big deal on the net. In the real world progressive disclosure is a fact of life. In the Big Zero, you’re “face-to-face” (in a virtual way) in the very first meeting.


The price of freedom (and privacy) is eternal vigilance – or things like this happen:
The economic underpinnings for VRM disappear if there is no ability to control your own data, as if there is no privacy then everyone has everything and you have no value to add.

Alan Mitchell


There is nothing ‘natural’ about a technology system. It is an artifact of the people, the culture, and the economy that produce it. See my specific responses below


On 2010-02-21, at 1:27 PM, Crosbie Fitch wrote:
John, it’s not a matter of the individual’s choice, but of their natural ability.

You have the ability to build a sandcastle on the beach, but you do not have the ability to prevent the tide coming in to diffuse it.
True, but irrelevant. The impact of the tide on my sandcastle is the result of geography and physics. Software design is a social activity.

You have the ability to mark your e-mails ‘confidential’, but you do not have the ability to prevent those to whom you send them from communicating them to others.
Not true. When I’m communicating with friends, certain social norms about interpersonal communications apply, and I may make specific requests of confidentiality of my friends. When communicating in business there are all kinds of administrative controls and business behaviours to control dissemination of information. While neither of these are absolute in the sense of gravity, tide and time they are normative and preventative in most real world situations most of the time. The other case is preventing the carrier from intercepting and ‘reading’ the communication, but I’ll leave that aside for now.

You see, you do not have the choice of gagging your confidants because you do not have the natural ability to do so – it would obviously conflict with their natural ability to speak (they might respect your wish for confidence, but not your demand to suspend their liberty).
Again, not true. What is a non-disclosure agreement if not a form of restriction on the natural ability to do so AND a natural condition of communications between people. Some communications are private and some communications are public and we all regularly negotiate and generally conform to those social rules..

Natural law is not ‘imposed’ upon systems by the engineer, but by nature. A facility for exchanging files contrary to the wishes of their copyright holders wasn’t imposed upon the Internet by nefarious engineers. It’s simply that engineers didn’t waste their time attempting to design it such that nothing could be communicated except as permitted by license.
Now you are venturing into areas of intellectual property and copyright, not privacy.

It is man in his folly that attempts to impose unnatural law, e.g. copyright, DRM, NDAs. Canute holding back the tide, etc.
Conflating social norms with physical laws is always confusing. If you are saying that DRM is a stupid conception, illogical, and impossible to enforce in the long run I agree with you. If you are suggesting that the reasoning behind copyright, the legal fiction that is intellectual property, is wrong then that’s a separate discussion. I happen to think that society needs to have a way to ensure that content creators (artists, writers and so on) can make a living. I don’t think that society has an obligation to ensure that industries (RIAA) survive.

One should care a great deal about privacy, but this does not sanction the extension of one’s natural dominion over one’s private domain unnaturally into the public domain. You can prevent people reading your diary when it is in your drawer, but you cannot send copies of that diary to others and expect the supernatural ability to control whether they can make further copies or disclose any excerpts.
No, not a supernatural ability. I think, however, that should I choose to send my diary to my therapist I have every right to expect that it will remain confidential, and that normal electronic communications systems should be built to facilitate that expectation.

Making unnatural laws to that effect, or attempting to engineer systems that appear to obey such laws, is very tempting, but is the modern equivalent of the alchemists’ pursuit of the philosopher’s stone. We could turn lead into gold today, but only with extreme engineering and uneconomically so. One can also expect to be able to communicate information that cannot be copied, but similarly, this would be to venture into the extreme realms of quantum entanglement.
Just because something is hard is no reason not to do it. Writing secure code is hard. Writing bug free code is fracking near impossible. Incorporating respect for individual choices and secure communications into the design requirements for a system, or into your software design lifecycle, seem reasonable in context.

Don’t fight nature. Embrace and adapt to it.
I’m not fighting nature. I’m fighting for user choice.

Privacy is not control over information, but the individual’s natural ability to prevent matter or information crossing the physical boundary of their private domain. What is willingly disclosed must be considered on its way to becoming public knowledge, the rate of its diffusion limited only by the voluntary discretion of those it is confided to.

Privacy is protean. There is not one single definition of it. However, in the context of the design of software systems that collect, use, transfer or disclose personally identifiable information, it seems to me that Westin’s definition of giving the subject of the data some say in the disposition of the data about them is pretty darned reasonable.

Gabe wrote:

With VRM you are voluntarily supplying information with the effect of gaining benefit.  If this information is freely available, then VRM is made less useful.

With proper cryptographic controls, you can make the ‘sale’ of your data ‘one use only’ – cryptographic keys can be made to degrade algorithmically per use, and take the data with them.

That, however, is less here and more future.  Now – how would an infrastructure, a mall for example, interact with customers on a location-based level?  How do we progress to that point?


The homebuying process in the US might present an opportunity to experiment with location-based data that reveals some information, (eg. Geocasting while one is attending open houses on a weekend), and releasing other privacy protected, aggregated data for some financial benefit or savings (eg.  An aggregated profile of MLS searches, open house visits, financial qualifications.)

Potential proof of concept / case study: My guess is that lenders or government agencies, not to mention distressed sellers, might make “reverse offers” to qualified buyers with search profiles that match their inventory of foreclosed homes or individual home.  Buyer and seller would both benefit by faster transaction, with lower costs — ie. avoid paying some or all of the 5-6% real estate commission too common in the US.


from: People growing up with the net are thinking differently about privacy, not discarding it.



I tend to think these companies do get the issues and are purposeful in their actions. They may/may not have insight into the public reaction but it’s worth the risk…as long as it does not violate any law.  So put it out there and if it sticks, they’re good…if not, no biggie, just move on.

TJ McDonald


You and I are on the same wave length here in regard to VRM.

If I am to supply information about anything, I would like to understand the value proposition for me being involved.  It is simply the matter of being aware, so that I can weigh the pros/cons of the interaction.

PleaseRobMe simply highlights an unintentional consequence of the activity – and yes media will hype that because people pay attention to bad news, and whatever will affect them negatively regardless of the risk.   (Media, IMHO, lives in the world of “perception is reality”, and  unfortunately the US and the world has been walking down (do I daresay being lead) down the path of insecurity.  But then I digress…)

Tara – In my post I never did mention privacy, because that was not my point.

My point is within the third paragraph, which I agree with Gabe, is  very much less here and more in the future.  What concerns me the most is that as consumers we are simply being fooled with the service that is being provided.  In nearly all cases (I’m convinced it’s all, but if I go there I will be called out on something) the web site/service simply wants participation, and really does not care about the service.  The service is a means to an end, but not the end itself.  I’m sure (at least hoping) that I’m preaching to the choir here, but participation means that a profile of the consumer, in some manner, is being obtained.  It is that profile which becomes gold, because it is used to predict (guess) the future. Yes that is my data, but I’m not worried about privacy, I’m worried that it’s being leveraged in ways that most people simply do not understand. It is used to make money, and  a lot of it.

VRM, in my books, is a term being used which in the end means (IMHO) that consumers manage vendors, rather than vendors/merchants manage the consumer.
The only way to do that is to control what is most valuable to the them (vendors/merchants) – my intention.

If you look across the landscape of marketing and advertising, broadcasting is still the main capability to tell people about something.  4square, the latest greatest most current location aware app, is still broadcasting.   No different that billboards, newspapers, TV, radio,  blog posts, or web pages – the only difference between them is the time it takes from authoring to publishing.  I think this is the wrong focus of what technology should do. Broadcasting is simply the means of losing control – send it out, and you become unaware of where it goes and how it is used.  VRM, in my opinion, needs to focus how profiles are used, how they can be aggregated, and provide the means to either participate (anonymously or with identity), or exclude yourself in a manner that is quick, efficient, effective, and likely most important, simple.  All of which means control.

Richard Reukema

Subject:     RE: [projectvrm] Speaking of geocasting…

Here’s another example of how technology info sharing has made professional burglaring more efficient. Most US newspaper aggregate their obits on

Isn’t there a possibility of two levels of sharing info – one anonymous – the other identified?

If this were the case, one could use an alias to report location updates that only “friends” would be able to identify or even see, but strangers, e.g., potential friends, vendors, retailers, etc., would still have the value of the data input. I realize there are some possibilities of “gaming” the input if individuals are anonymous, but there must be some ways to control for this.

The individual controls to whom they reveal their identity.

So the process goes like this:
– individual broadcasts info about themselves
– friends see it as them, public sees it as data
– info shared anonymously can trigger a response from the strangers: a
friend request, a retail offer, or a vendor education share
– if individual likes the response, then they reveal more info to further
customize the offer’s relevance and likelihood to trigger action
– individual only reveals personal identity when they accept offer


Gabe wrote:

To avoid starting a privacy debate, I’m generally staying out of that side of this discussion.  (aka “Is privacy dead?”.)

That said, while I agree the concept of privacy as understood over the last decade has changed, it is my opinion that there persists a concept of privacy – and not just that as held forth by the EU Data Protection Act, etc.  While people ‘give up’ (I prefer trade away) their privacy for certain rights/expectations (state gov’t in the US was one example, Facebook is another, Foursquare is another) there exists a belief that if you are careful, you at least have a limited idea of where this data is going.

Further, I think the concept is central to VRM.  With VRM you are voluntarily supplying information with the effect of gaining benefit.

If this information is freely available, then VRM is made less useful.

With proper cryptographic controls, you can make the ‘sale’ of your data ‘one use only’ – cryptographic keys can be made to degrade algorithmically per use, and take the data with them.

That, however, is less here and more future.  Now – how would an infrastructure, a mall for example, interact with customers on a location-based level?  How do we progress to that point?

Tara Hunt wrote:
Personally I could give a damn about privacy…and the generation behind me cares even less about it. I don’t think VRM is about that (if it is, I’m in the wrong place), but how we can leverage that information for our personal advantage rather than letting others leverage it and manipulate it to their advantage. There was an awesome book written some years back that really nailed it for me:

The Transparent Society (Google Books) – by David Brin

…in a wired world, the best way to preserve our freedom will be to give up our privacy.

I believe that strongly. And I really hate the way that has made a hysterical media blitz out of this.

Ben Elton’s satire on such a world – “Blind Faith” – where there is no privacy and everyone is permanently “on” in social media systems  is well worth reading 🙂

I think PleaseRobMe and its ilk (like the chap who hacked Foursquare and set of all sorts of funny bots running) are very good news, as they show the deficiencies in the current Location Based System designs in an amusing – and non dstructive – way.

And looking at the privacy and location oversights committed in Buzz for example, I have no confidence that even large, very skilled companies either get (or wilfully ignore?) such issues.

The alternative to PleaseRobMe etc is hacking by people with malicious intent, without the protections being put in that these sorts of ploys will force.



Tom Stites Wrote:

Friends — This post comes from out of left field, but in an earlier life I was a police reporter and I know a thing or three about criminals.  That’s why there’s no way I’ll ever use an app that publicly  broadcasts where I am.  I urge you to take the same precaution.

I’m not concerned about being robbed at the location where I’ve announced myself, but I am concerned about sophisticated burglars knowing for sure that I’m not home and seizing the opportunity to break into my home.  The average burglar is indeed a bumbler, as an earlier post pointed out, but it’s not the average burglar you need to worry about.  Who you need to worry about is the serious pros, burglars who are expert at minimizing their risk by only breaking into houses when they’re all but certain no one is home.  These burglars clean you out of seriously valuable stuff, the stuff the bumblers miss, and they rarely get caught.  They are always on the lookout for reliable information that someone is traveling, or otherwise away.  That’s why you should cancel your newspaper sub (if you still read on paper!) when you go on vacation.  Foursquare and similar apps are a pro burglar’s dream come true.  Stay away.


Tom Stites
 tom at

Jorge Jaime wrote:

The truth is we don’t have privacy any longer, either the Telcos, White Pages or the government publishes our information somewhere and we can be easily found, yet we are not robbed. So sharing location will probably not have an impact. In fact I don’t think there’s a case of someone being robbed after checking in on foursquare or any location service.

On Tara’s point I totally agree. I think that the coming generation won’t be so concerned about privacy, I’m not. But in making it an easy transition people should have the choice to control their sharing with certain groups of people until they feel comfortable or lose the fear of sharing.

Finally, people that don’t share will miss benefits of using their information to get a better experience in their relationships with vendors and this will probably have a cost for them. Privacy has been gone long ago, in fact as we’re born inside a state we involuntarily give it away to be protected by the state.

And as per Gabe’s question I can see a way to use the data we produce in the recommendation Foursquare gives to us when we check-in in a restaurant and foursquare offers us a recommendation of what one of our friends has. This could be much better, but it’s a nice start.

Jorge Jaime

John Eckman wrote:

I’m with you on this one Tara.

I think “PleaseRobMe” suggests not only a bad understanding of how people use location aware networks but also a very bad understanding of how the majority of property crimes actually occur (semi-random, weakly cased, opportunistic).

The idea that folks robbing houses are doing so by tracking twitter celebrities doesn’t match my 101 level memory of sociology / criminology . . .

My co-organizer of WordCamp Boston was giving me a hard time about using Tripit / Dopplr / Foursquare until I pointed out she’d been tweeting, blogging, and telling everyone who would listen for months about being in Boston for the weekend of the conference. Wouldn’t need much of a mashup to get much of the same data about anyone who leads an even reasonably public life.

On the other hand, I don’t generally give out my home address either (though I’m sure folks could find it with minimal effort).

John Eckman
 eckman.john at

On Thu, Feb 18, 2010 at 23:32, Tara Hunt <> wrote:
Personally I could give a damn about privacy…and the generation behind me cares even less about it. I don’t think VRM is about that (if it is, I’m in the wrong place), but how we can leverage that information for our personal advantage rather than letting others leverage it and manipulate it to their advantage. There was an awesome book written some years back that really nailed it for me: The Transparent Society (Google Books) – by David Brin

…in a wired world, the best way to preserve our freedom will be to give up our privacy.

I believe that strongly. And I really hate the way that has made a hysterical media blitz out of this.

On Thu, Feb 18, 2010 at 6:25 PM, Richard Reukema <> wrote:

I was wondering when consumers would get a wake-up call regarding the value of the information being broadcasted.  Never in my dreams did I think that literally physically robbing them would be means of driving the point home.

This little “joke” site just may be what the media catches on to, and really plays this thought up (of being robbed).  It has the right tone of insecurity and fear that should get the attention of all those that believe mass media speaks the truth – location aware app means you will get robbed!

I wonder if it is as interesting to them (mass media) to  also point out that all the money that surrounds search engines is because consumer give up their information for a service that struggles with providing information that is relevant.  Attempting to provide ads to my next purchasing intentionwhen I’m searching for “XXXX”.  I am constantly humored by it, whilemarveling at all the technology being used to “guess”.

With the capability of being able broadcasting information while mobile, we also possess the ability to receive information just as easily.   Fear,insecurity, capability, and perhaps now, awareness – when will we get to control/management? VRM day is coming, and I’m hoping that we are ready for it when it is suddenly upon us.  Is this it?

Just my two cents…

Richard Reukema

—–Original Message—–
From: Mark A. Carbone []
Sent: Thursday, February 18, 2010 3:49 PM
To: ‘Gabe Chomic’; ‘ProjectVRM list’
Subject: RE: [projectvrm] Speaking of geocasting…


Negative press on location based apps today – – –

Foursquare – they just got hit hard today over this new site that exploits location based apps

In short, a few guys put this site up that aggregates when people are
updating their location via 4sqr to Twitter telling the world they are at
Red Lobster.  Supposedly, thieves can now use this data to make their
This site was put up as a joke but it makes you think what else our new
level of transparency is going to unfold over the next few years.
I’m a fan of transparency and GPS.  Doesn’t bother me but anticipating the
ramifications of new social technologies and foreseeing it first is worth
investigating.  I’m going to spend some time on this subject and write a
piece on it in April.

Blessings and Regards,

Mark A. Carbone

—–Original Message—–
From: Gabe Chomic []
Sent: Thursday, February 18, 2010 4:57 PM
To: ProjectVRM list
Subject: [projectvrm] Speaking of geocasting…

Foursquare seems to have taken off.  I’ve not yet played with it, but I should, just so I understand the capabilities and security ramifications before I get asked to comment on them.  Of course, it’s the first among many of its niche, and the service will likely change over time.

What I’d like to see is a study on how location-promotion services (foursquare, latitude, fire-something-or-other, etc) integrate with other  services/bigCos/etc.  More so, since people seem hell-bent on broadcasting their personal location, how can/will this work into a general VRM framework?  I can see use patterns – ‘I am here, sell me a widget that includes fries’ – but have not seen any real analysis of location-promotion integration.

Caveat:  This is an idle thought.  I have not looked.  Been a bit busy.
Gabe Chomic

On Thu, Feb 18, 2010 at 16:15, Katherine Warman Kern <> wrote:

I’ve been wondering when someone would point out the risks of broadcasting where you are.

—–Original Message—–
From: Mike Kirkwood []
Sent: Wednesday, February 17, 2010 11:56 AM
To: dsearls
Subject: Re: [projectvrm] TrackProvileStalkers (was Infegy)


Speaking of creepy…thought this was an interesting take on profile/location aggregation.

Please Rob Me application aggregates your location…for others.
Can’t quite tell if it’s just a joke, or a service for robbers…either way shows value of control.

Review by Mashable:


On Mon, Feb 8, 2010 at 3:15 AM, dsearls <> wrote:
At 12:18 AM -0800 2/8/10, David \”Lefty\” Schlesinger wrote:

Terms of service issues aside, I’m not quite sure I’m seeing the
overwhelming creepiness of this. Can you elucidate?

I’ll try.

It’s creepy because it lets individuals play the same role that companies and governments have long played: “spying,” to some degree, on others.
But TrackProfileStalkkers goes beyond the usual to provide much more detailed data to the spy than the normal spied-upon Web (or Facebook) surfer would expect.

Says the site,

“Welcome to, We offer a FREE tracking solution for the social networking of today! Our visitor tracking technology tracks viewers who viewed your Facebook page and gives you their: Full name, picture, link to their page, time and date of when they viewed your page, and their geographical location! The tracker is also invisible to all of your visitors, and is very easy to install!”

This screws with normal social expectations.

We expect to be subject to some surveillance as we walk around, say, London. Or a Las Vegas casino. But we don’t expect to be identified in detail on the fly. I mean, it’s not like every pedestrian window shopping on Kings Row, or looking at the lions in the MGM Grand, is wearing an invisible name tag they don’t know they’re wearing. There is a reasonable expectation of anonymity, provided we behave in a non-suspicious manner.

TrackProfileStalkers does give everybody an invisible name tag, and much more… or so I gather from their copy.

Makes me want to stay away from Facebook even more than I already do.


On 2/7/10 7:36 PM, “Michael O’Connor Clarke” <<>>

Followed this thread closely, but didn’t really have anything to add, until now.

You want to get really creeped out? Really, seriously, genuinely creeped out?

Try this:

Michael O’Connor Clarke

Hello world!

Welcome to Weblogs at Harvard Law School. This is your first post. Edit or delete it, then start blogging!

Posted in Uncategorized. Tags: . 1 Comment »