Category: Personal Data (page 1 of 7)

Weighings

A few years ago I got a Withings bathroom scale: one that knows it’s me, records my weight, body mass index and fat percentage on a graph informed over wi-fi. The graph was in a Withings cloud.

I got it because I liked the product (still do, even though it now just tells me my weight and BMI), and because I trusted Withings, a French company subject to French privacy law, meaning it would store my data in a safe place accessible only to me, and not look inside. Or so I thought.

Here’s the privacy policy, and here are the terms of use, both retrieved from Archive.org. (Same goes for the link in the last paragraph and the image above.)

Then, in 2016, the company was acquired by Nokia and morphed into Nokia Health. Sometime after that, I started to get these:

This told me Nokia Health was watching my weight, which I didn’t like or appreciate. But I wasn’t surprised, since Withings’ original privacy policy featured the lack of assurance long customary to one-sided contracts of adhesion that have been pro forma on the Web since commercial activity exploded there in 1995: “The Service Provider reserves the right to modify all or part of the Service’s Privacy Rules without notice. Use of the Service by the User constitutes full and complete acceptance of any changes made to these Privacy Rules.” (The exact same language appears in the original terms of use.)

Still, I was too busy with other stuff to care more about it until I got this from  community at email.health.nokia two days ago:

Here’s the announcement at the “learn more” link. Sounded encouraging.

So I dug a bit and and saw that Nokia in May planned to sell its Health division to Withings co-founder Éric Carreel (@ecaeca).

Thinking that perhaps Withings would welcome some feedback from a customer, I wrote this in a customer service form:

One big reason I bought my Withings scale was to monitor my own weight, by myself. As I recall the promise from Withings was that my data would remain known only to me (though Withings would store it). Since then I have received many robotic emailings telling me my weight and offering encouragements. This annoys me, and I would like my data to be exclusively my own again — and for that to be among Withings’ enticements to buy the company’s products. Thank you.

Here’s the response I got back, by email:

Hi,

Thank you for contacting Nokia Customer Support about monitoring your own weight. I’ll be glad to help.

Following your request to remove your email address from our mailing lists, and in accordance with data privacy laws, we have created an interface which allows our customers to manage their email preferences and easily opt-out from receiving emails from us. To access this interface, please follow the link below:

Obviously, the person there didn’t understand what I said.

So I’m saying it here. And on Twitter.

What I’m hoping isn’t for Withings to make a minor correction for one customer, but rather that Éric & Withings enter a dialog with the @VRM community and @CustomerCommons about a different approach to #GDPR compliance: one at the end of which Withings might pioneer agreeing to customers’ friendly terms and conditions, such as those starting to appear at Customer Commons.

Why personal agency matters more than personal data

Lately a lot of thought, work and advocacy has been going into valuing personal data as a fungible commodity: one that can be made scarce, bought, sold, traded and so on.  While there are good reasons to challenge whether or not data can be property (see Jefferson and  Renieres), I want to focus on a different problem: that it misdirects attention away from a far more important issue it would be best to solve first: personal agency.

I see two reasons why personal agency matters more than personal data.

The first reason is that we have far too little agency in the networked world, mostly because we settled, way back in 1995, on a model for websites called client-server, which should have been called calf-cow or slave-master, because we’re always the weaker party. Fortunately the Net’s and the Web’s base protocols remain mostly peer-to-peer, by design. We can still build on those. It’s early.

A critical start in that direction is making each of us the first party rather than the second when we deal with the sites, services, companies and apps of the world—and doing that at scale across all of them.

Think about how much more simple and sane it is for websites to accept our terms and our privacy policies, rather than to force each of us, all the time, to accept their terms, all expressed in their own different ways. (Because they are advised by different lawyers, equipped by different third parties, and generally confused anyway.)

Getting sites to agree to our own personal terms and policies is not a stretch, because that’s exactly what we have in the way we deal with each other in the physical world.

For example, the clothes that we wear are privacy technologies. We also have  norms that discourage others from, for example sticking their hands inside our clothes without permission.

The fact that adtech plants tracking beacons on our naked digital selves and tracks us like animals across the digital frontier may be a norm for now, but it is also morally wrong, massively rude and now illegal under the  GDPR.

We can easily create privacy tech, personal terms and personal privacy policies that are normative and scale for each of us across all the entities that deal with us. (This is what ProjectVRM’s nonprofit spin-off, Customer Commons is all about.)

Businesses can’t give us privacy if we’re always the second parties clicking “agree.” It doesn’t matter how well-meaning and GDPR-compliant those businesses are. Making people second parties is a design flaw in every standing “agreement” we “accept,” and we need to correct that.

The second reason agency matters more than data is that nearly the entire market for personal data today is adtech, and adtech is too dysfunctional, too corrupt, too drunk on the data it already has, and absolutely awful at doing what they’ve harvested that data for, which is so machines can guess at what we might want before they shoot “relevant” and “interest-based” ads at our tracked eyeballs.

Not only do tracking-based ads fail to convince us to do a damn thing 99.xx+% of the time, but we’re also not buying something most of the time as well.

As incentive alignments go, adtech’s failure to serve the actual interests of its targets verges on the absolute. (It’s no coincidence that more than a year ago, 1.7 billion people were already blocking ads online.)

And hell, what they do also isn’t really advertising, even though it’s called that. It’s direct marketing, which gives us junk mail and is the model for spam. (For more on this, see Separating Advertising’s Wheat and Chaff.)

Privacy is personal. That means privacy is an effect of personal agency, projected by personal tech and personal expressions of intent that others can respect without working at it. We have that in the offline world. We can have it in the online world too.

Privacy is not something given to us by companies or governments, no matter how well they do Privacy by Design or craft their privacy policies. It simply can’t work.

In the physical world we got privacy tech and norms before we got privacy law. In the networked world we got the law first. That’s why the GDPR has caused so much confusion. It’s the regulatory cart in front of the technology horse. In the absence of privacy tech, we also failed to get and the norms that would normally and naturally guide lawmaking.

So let’s get the tech horse back in front of the lawmaking cart. With the tech working, the market for personal data will be one we control.  For real.

If we don’t do that first, adtech will stay in contol. And we know how that movie goes, because it’s a horror show and we’re living in it now.

 

Our radical hack on the whole marketplace

In Disruption isn’t the whole VRM story, I visited the Tetrad of Media Effects, from Laws of Media: the New Science, by Marshall and Eric McLuhan. Every new medium (which can be anything from a stone arrowhead to a self-driving car), the McLuhans say, does four things, which they pose as questions that can have multiple answers, and they visualize this way:

tetrad-of-media-effects

The McLuhans also famously explained their work with this encompassing statement: We shape our tools and thereafter they shape us.

This can go for institutions, such as businesses, and whole marketplaces, as well as people. We saw that happen in a big way with contracts of adhesion: those one-sided non-agreements we click on every time we acquire a new login and password, so we can deal with yet another site or service online.

These were named in 1943 by the law professor Friedrich “Fritz” Kessler in his landmark paper, “Contracts of Adhesion: Some Thoughts about Freedom of Contract.” Here is pretty much his whole case, expressed in a tetrad:

contracts-of-adhesion

Contracts of adhesion were tools industry shaped, was in turn shaped by, and in turn shaped the whole marketplace.

But now we have the Internet, which by design gives everyone on it a place to stand, and, like Archimedes with his lever, move the world.

We are now developing that lever, in the form of terms any one of us can assert, as a first party, and the other side—the businesses we deal with—can agree to, automatically. Which they’ll do it because it’s good for them.

I describe our first two terms, both of which have potentials toward enormous changes, in two similar posts put up elsewhere: 

— What if businesses agreed to customers’ terms and conditions? 

— The only way customers come first

And we’ll work some of those terms this week, fittingly, at the Computer History Museum in Silicon Valley, starting tomorrow at VRM Day and then Tuesday through Thursday at the Internet Identity Workshop. I host the former and co-host the latter, our 24th. One is free and the other is cheap for a conference.

Here is what will come of our work:
personal-terms

Trust me: nothing you can do is more leveraged than helping make this happen.

See you there.

 

VRM Day: Starting Phase Two

VRM Day is today, 24 October, at the Computer History Museum. IIW follows, over the next three days at the same place. (The original version of this post was October 17.)

We’ve been doing VRM Days since (let’s see…) this one in 2013, and VRM events since this one in 2007. Coming on our tenth anniversary, this is our last in Phase One.

sisyphusTheRolling snowball difference between Phase One and Phase Two is that between rocks and snowballs. In Phase One we played Sisyphus, pushing a rock uphill. In Phase Two we roll snowballs downhill.

Phase One was about getting us to the point where VRM was accepted by many as a thing bound to happen. This has taken ten years, but we are there.

Phase Two is about making it happen, by betting our energies on ideas and work that starts rolling downhill and gaining size and momentum.

Some of that work is already rolling. Some is poised to start. Both kinds will be on the table at VRM Day. Here are ones currently on the agenda:

  • VRM + CRM via JLINC. See At last: a protocol to link VRM and CRM. , and The new frontier for CRM is CDL: customer driven leads. This is a one form of intentcasting that should be enormously appealing to CRM companies and their B2B corporate customers. Speaking of which, we also have—
  • Big companies welcoming VRM.  Leading this is Fing, a French think tank that brings together many of the country’s largest companies, both to welcome VRM and to research (e.g. through Mesinfos) how the future might play out. Sarah Medjek of Fing will present that work, and lead discussion of where it will head next. We will also get a chance to participate in that research by providing her with our own use cases for VRM. (We’ll take out a few minutes to each fill out an online form.)
  • Terms individuals assert in dealings with companies. These are required for countless purposes. Mary Hodder will lead discussion of terms currently being developed at Customer Commons and the CISWG / Kantara User Submitted Terms working group (Consent and Information Sharing Working Group). Among other things, this leads to—
  • 2016_04_25_vrmday_000-1Next steps in tracking protection and ad blocking. At the last VRM Day and IIW, we discussed CHEDDAR on the server side and #NoStalking on the individual’s side. There are now huge opportunities with both, especially if we can normalize #NoStalking terms for all tracking protection and ad blocking tools.  To prep for this, see  Why #NoStalking is a good deal for publishers, where you’ll find the image on the right, copied from the whiteboard on VRM Day.
  • Blockchain, Identity and VRM. Read what Phil Windley has been writing lately distributed ledgers (e.g. blockchain) and what they bring to the identity discussions that have been happening for 22 IIWs, so far. There are many relevancies to VRM.
  • Personal data. This was the main topic at two recent big events in Europe: MyData2016 in Helsinki and PIE (peronal information economy) 2016 in London.  The long-standing anchor for discussions and work on the topic at VRM Day and IIW is PDEC (Personal Data Ecosystem Consortium). Dean Landsman of PDEC will keep that conversational ball rolling. Adrian Gropper will also brief us on recent developments around personal health data as well.
  • Hacks on the financial system. Kevin Cox can’t make it, but wants me to share what he would have presented. Three links: 1) a one minute video that shows why the financial system is so expensive, 2) part of a blog post respecting his local Water Authority and newly elected government., and 3) an explanation of the idea of how we can build low-cost systems of interacting agents. He adds, “Note the progression from location, to address, to identity, to money, to housing.  They are all ‘the same’.” We will also look at how small business and individuals have more in common than either do with big business. With a hint toward that, see what Xero (the very hot small business accounting software company) says here.
  • What ProjectVRM becomes. We’ve been a Berkman-Klein Center project from the start. We’ve already spun off Customer Commons. Inevitably, ProjectVRM will itself be spun off, or evolve in some TBD way. We need to co-think and co-plan how that will go. It will certainly live on in the DNA of VRM and VRooMy work of many kinds. How and where it lives on organizationally is an open question we’ll need to answer.

Here is a straw man context for all of those and more.

  • Top Level: Tools for people. These are ones which, in legal terms, give individuals power as first parties. In mathematical terms, they make us independent variables, rather than dependent ones. Our focus from the start has been independence and engagement.
    • VRM in the literal sense: whatever engages companies’ CRM or equivalent systems.
    • Intentcasting.
    • PIMS—Personal Information Management Systems. Goes by many names: personal clouds, personal data stores, life management platforms and so on. Ctrl-Shift has done a good job of branding PIMS, however. We should all just go with that.
    • Privacy tools. Such as those provided by tracking protection (and tracking-protective ad blocking).
    • Legal tools. Such as the terms Customer Commons and the CISWG are working on.
    • UI elements. Such as the r-button.
    • Transaction & payment systems. Such as EmanciPay.

Those overlap to some degree. For example, a PIMS app and data store can do all that stuff. But we do need to pull the concerns and categories apart as much as we can, just so we can talk about them.

Kaliya will facilitate VRM Day. She and I are still working on the agenda. Let us know what you’d like to add to the list above, and we’ll do what we can. (At IIW, you’ll do it, because it’s an unconference. That’s where all the topics are provided by participants.)

Again, register here. And see you there.

 

Save

Save

Save

Save

The new frontier for CRM is CDL: Customer Driven Leads

cdlfunnelImagine customers diving, on their own, straight down to the bottom of the sales funnel.

Actually, don’t imagine it. Welcome it, because it’s coming, in the form of leads that customers generate themselves, when they’re ready to buy something. Here in the VRM world we call this intentcasting. At the receiving end, in the  CRM world, they’re CDLs, or Customer Driven Leads.

Because CDLs come from fully interested customers with cash in hand, they’re worth more than MQLs (Marketing Qualified Leads) or  SQLs (Sales Qualifed Leads), both of which need to be baited with marketing into the sales funnel.

CDLs are also free.  When the customer is ready to buy, she signals the market with an intentcast that CRM systems can hear as a fresh CDL. When the CRM system replies, an exchange of data and permissions follows, with the customer taking the lead.

It’s a new dance, this one with the customer taking the lead. But it’s much more direct, efficient and friendly than the old dances in which customers were mere “targets” to be “acquired.”

The first protocol-based way to generate CDLs for CRM is described in At last, a protocol to connect VRM and CRM, posted here in August. It’s called JLINC. We’ll be demonstrating it working on a Salesforce system on VRM Day at the Computer History Museum in Silicon Valley, on Monday, October 24. VRM Day is free, but space is limited, so register soon, here.

We’ll also continue to work on CDL development  over the next three days in the same location, at the IIW, the Internet Identity Workshop. IIW is an unconference that’s entirely about getting stuff done. No keynotes, no panels. Just working sessions run by attendees. This next one will be our 23rd IIW since we started them in 2005. It remains, in my humble estimation, the most leveraged conference I know. (And I go to a lot of them, usually as a speaker.)

As an additional temptation, we’re offering a 25% discount on IIW to the next 20 people who register for VRM Day. (And it you’ve already reigstered, talk to me.)

Iain Henderson, who works with JLINC Labs, will demo CDLs on Salesforce. We also invite all the other CRM companies—IBM, Microsoft Dynamics, SAP, SugarCRM… you know who you are—to show up and participate as well. All CRM systems are programmable. And the level of programming required to hear intentcasts is simple and easy.

See you there!

 

Save

VRM at MyData2016

mydata2016-image

As it happens I’m in Helsinki right now, for MyData2016, where I’ll be speaking on Thursday morning. My topic: The Power of the Individual. There is also a hackathon (led by DataBusiness.fi) going on during the show, starting at 4pm (local time) today. In no order of priority, here are just some of the subjects and players I’ll be dealing with,  talking to, and talking up (much as I can):

Please let me know what others belong on this list. And see you at the show.

Save

At last, a protocol to connect VRM and CRM

person-entity

We’ve been waiting a long time for a protocol to connect VRM (customers’ Vendor Relationship Management) with CRM (vendors’ Customer Relationship Management).

Now we have one. It’s called JLINC, and it’s from JLINC Labs. It’s also open source. You’ll find it at Github, here. It’s still early, at v.0.3. So there’s lots of opportunity for developers and constructive hackers of all kinds to get involved.

Specifically, JLINC is a protocol for sharing data protected by the terms under which it is shared, such as those under development by Customer Commons and the Consent and Information Sharing Working Group (CISWG) at Kantara.

The sharing instance is permanently recorded in a distributed ledger (such as a blockchain) so that both sharer and recipient have a permanent record of what was agreed to. Additionally, both parties can build up an aggregated view of their information sharing over time, so they (or their systems) can learn from and optimize it.

The central concept in JLINC is an Information Sharing Agreement (ISA). This allows for—

  1. the schema related to the data being shared so that the data can be understood by the recipient without prior agreement
  2. the terms associated with the data being shared so that they can be understood by the recipient without prior negotiation
  3. the sharing instance, and any subsequent onward sharing under the same terms, to be permanently recorded on a distributed ledger of subsequent use (compliance and analytics)

To test and demonstrate how this works, JLINC built a demonstrator to bring these three scenarios to life. The first one tackled is Intentcasting , a long-awaited promise of VRM. With an Intencast, the customer advertises her intention to buy something, essentially becoming a qualified lead. (Here are all the ProjectVRM blog posts here with the Intentcasting tag.)

Obviously, the customer can’t blab her buying intention out to the whole world, or marketers would swarm her like flies, suck up her exposed data, spam her with offers, and sell or give away her data to countless other parties.

With JLINC, intention data is made available only when the customer’s terms are signed. Those terms specify permitted uses. Here is one such set (written for site visiting, rather than intentcasting):

UserSubmittedTerms2ndDraft

These say the person’s (first party’s) data is being shared exclusively with the second party (the site), for no limit in time, for the site’s use only, provided the site also obey the customer’s Do Not Track signal. I’m showing it because it lays out one way terms can work in a familiar setting

For JLINC’s intentcasting demonstration, terms were limited to second party use only, and a duration of thirty days. But here’s the important part: the intentcast spoke to a Salesforce CRM system, which was able to—

  1. accept or reject the terms, and
  2. respond to the intentcast with an offer,
  3. while the handshake between the two was recorded in a blockchain both parties could access

This means that JLINC is not only a working protocol, but that there are ways for VRM tools and systems to use JLINC to engage CRM systems. It also means there are countless new development opportunities on both sides, working together or separately.

Here’s another cool thing:  the two biggest CRM companies, Salesforce and Oracle, will hold their big annual gatherings in the next few weeks. This means JLINC and VRM+CRM can be the subjects of both conversation and hacking at either or both events. Specifically, here are the dates:

  1. Oracle’s OpenWorld 2016 will be September 18-22.
  2. Salesforce’s Dreamforce 2016  will be October 4-7.

Both will be at the Moscone Center in San Francisco.

Conveniently, the next VRM Day and IIW will both also happen, as usual, at the end of October:

  1. VRM Day will be October 24.
  2. Internet Identity Workshop (IIW’s XXIIIth) will be October 25-27.

Both will take place at the Computer History Museum, in downtown Silicon Valley. And JLINC, which was launched at the last VRM Day, is sure to be a main topic of discussion, starting at VRM Day and continuing through IIW, which I consider the most leveraged conference in the world, especially for the price.

If all goes well, we’ll have some examples of VRM+(Oracle and/or Salesforce) CRM to show off at Demo Day at IIW.

Love to see other CRM vendors show up too. You listening, SugarCRM? (I spoke about VRM+CRM at SugarCon in 2011. Here’s my deck from that talk. What we lacked then, and since, was a protocol for that “+”. Now we have it. )

Big HT to Iain Henderson of both JLINC Labs and Customer Commons, for guiding this post, as well as conducting the test that showed, hey, it can be done!

 

 

 

 

Save

Humanizing the Great Ad Machine

This is a comment I couldn’t publish under this post before my laptop died. (Fortunately I sent it to my wife first, so I’m posting it here, from her machine.)

OMMA’s theme is “Humanizing the Great Ad Machine”  Good one. Unfortunately, the agenda and speaker list suggest that industry players are the only ones in a position to do that. They aren’t..

The human targets of the Great Ad Machine are actually taking the lead—by breaking it.

Starting with ad blocking and tracking protection.

I see no evidence of respect for that fact, however, in the posts and tweets (at #MPOMMA) coming out of the conference so far. Maybe we can change that.

Let’s start by answering the question raised by the headline in Ad Blocking and DVRs: How Similar? I can speak as an operator of both technologies, and as a veteran marketer as well. So look at the rest of this post as the speech I’d give if I was there at OMMA…

Ad blocking and DVRs have four main things in common.

1) They are instruments of personal independence;

2) They answer demand for avoiding advertising. That demand exists because most advertising wastes time and space in people’s lives, and people value those two things more than whatever good advertising does for the “content” economy;

3) Advertising agents fail to grok this message; which is why—

4) Advertising agents and the “interactive” ad industry cry foul and blame the messengers (including the makers of ad blockers and other forms of tracking protection), rather than listening to, or respecting, what the market tells them, loudly and clearly.

Wash, rinse and repeat.

The first wash was VCRs. Those got rinsed out by digital TV. The second wash was DVRs. Those are being rinsed out right now by the Internet. The third wash is ad blocking.

The next rinse will happen after ad blocking succeeds as chemo for the cancer of ads that millions on the receiving end don’t want.

The next wash will be companies spending their marketing money on listening for better signals of demand from the marketplace, and better ways of servicing existing customers after the sale.

This can easily happen because damn near everybody is on the Net now, or headed there. Not trapped on TV or any other closed, one-way, top-down, industry-controlled distribution system.

On the Net, everybody has a platform of their own. There is no limit to what can be built on that platform, including much better instruments for expressing demand, and much better control over private personal spaces and the ways personal data are used by others. Ad blocking is just the first step in that direction.

The adtech industry (including dependent publishers) can come up with all the “solutions” they want to the ad blocking “problem.” All will fail, because ad blocking is actually a solution the market—hundreds of millions of real human beings—demands. Every one of adtech’s “solutions” is a losing game of whack-a-mole where the ones with hammers bang their own heads.

For help looking past that game, consider these:

1) The Interent as we know it is 21 years old. Commercial activity on it has only been possible since April 30, 1995. The history of marketing on the Net since then has been a series of formative moments and provisional systems, not a permanent state. In other words, marketing on the Net isn’t turtles all the way down, it’s scaffolding. Facebook, Google and the rest of the online advertising world exist by the grace of provisional models that have been working for only a few years, and can easily collapse if something better comes along. Which it will. Inevitably. Because…

2) When customers can signal demand better than adtech can manipulate it or guess at it, adtech will collapse like a bad soufflé.

3) Plain old brand advertising, which has always been aimed at populations rather than people, isn’t based on surveillance, and has great brand-building value, will carry on, free of adtech, doing what only it can do. (See the Ad Contrarian for more on that.)

In the long run (which may be short) winners will be customers and the companies that serve them  respectfully. Not more clueless and manipulative surveillance-based marketing schemes.

Winning companies will respect customers’ independence and intentions. Among those intentions will be terms that specify what can be done with shared personal data. Those terms will be supplied primarily by customers, and companies will agree to those terms because they will be friendly, work well for both sides, and easily automated.

Having standard ways for signaling demand and controlling use of personal data will give customers the same kind of scale companies have always had across many customers. On the Net, scale can work in both directions.

Companies that continue to rationalize spying on and abusing people, at high costs to everybody other than those still making hay while the sun shines, will lose. The hay-makers will also lose as soon as the light of personal tolerance for abuse goes out, which will come when ad blocking and tracking protection together approach ubiquity.

But the hay-makers can still win if they start listening to high-value signals coming from customers. It won’t be hard, and it will pay off.

The market is people, folks. Everybody with a computer or a smart mobile device is on the Net now. They are no longer captive “consumers” at the far ends of one-way plumbing systems for “content.” The Net was designed in the first place for everybody, not just for marketers who build scaffolding atop customer dislike and mistake it for solid ground.

It should also help to remember that the only business calling companies “advertisers” is advertising. No company looks in the mirror and sees an advertiser there. That’s because no company goes into business just so they can advertise. They see a car maker, a shoe store, a bank, a brewer, or a grocer. Advertising is just overhead for them. I learned this lesson the hard way as a partner for 20 years in a very successful ad agency. Even if our clients loved us, they could cut their ad budget to nothing in an instant, or on a whim.

There’s a new world of marketing waiting to happen out there in the wide-open customer-driven marketplace. But it won’t grow out of today’s Great Ad Machine. It’ll grow out of new tech built on the customers’ side, with ad blocking and tracking protection as the first examples. Maybe some of that tech is visible at OMMA. Or at least maybe there’s an open door to it. If either is there, let’s see it. Hashtag: #VRM. (For more on that, see https://en.wikipedia.org/wiki/Vendor_relationship_management.)

If not, you can still find developers here .

The Castle Doctrine

home castle

The Castle doctrine has been around a long time. Cicero (106–43 BCE) wrote, “What more sacred, what more strongly guarded by every holy feeling, than a man’s own home?” In Book 4, Chapter 16 of his Commentaries on the Laws of England, William Blackstone (1723–1780 CE) added, “And the law of England has so particular and tender a regard to the immunity of a man’s house, that it stiles it his castle, and will never suffer it to be violated with impunity: agreeing herein with the sentiments of ancient Rome…”

Since you’re reading this online, let me ask, what’s your house here? What sacred space do you strongly guard, and never suffer to be violated with impunity?

At the very least, it should be your browser.

But, unless you’re running tracking protection in the browser you’re using right now, companies you’ve never heard of (and some you have) are watching you read this, and eager to use or sell personal data about you, so you can be delivered the human behavior hack called “interest based advertising.”

Shoshana Zuboff, of Harvard Business School, has a term for this:surveillance capitalism, defined as “a wholly new subspecies of capitalism in which profits derive from the unilateral surveillance and modification of human behavior.”

Almost across the board, advertising-supported publishers have handed their business over to adtech, the surveillance-based (they call it “interactive”) wing of advertising. Adtech doesn’t see your browser as a sacred personal space, but instead as a shopping cart with ad space that you push around from site to site.

So here is a helpful fact: we don’t go anywhere when we use our browsers. Our browser homes are in our computers, laptops and mobile devices. When we “visit” a web page or site with our browsers, we actually just request its contents (using the hypertext protocol called http or https).

In no case do we consciously ask to be spied on, or abused by content we didn’t ask for or expect. That’s why we have every right to field-strip out anything we don’t want when it arrives at our browsers’ doors.

The castle doctrine is what hundreds of millions of us practice when we use tracking protection and ad blockers. It is what called the new Brave browser into the marketplace. It’s why Mozilla has been cranking up privacy protections with every new version of Firefox . It’s why Apple’s new content blocking feature treats adtech the way chemo treats cancer. It’s why respectful publishers will comply with CHEDDAR. It’s why Customer Commons is becoming the place to choose No Trespassing signs potential intruders will obey. And it’s why #NoStalking is a good deal for publishers.

The job of every entity I named in the last paragraph — and every other one in a position to improve personal privacy online — is to bring as much respect to the castle doctrine in the virtual world as we’ve had in the physical one for more than two thousand years.

It should help to remember that it’s still early. We’ve only had commercial activity on the Internet since April 1995. But we’ve also waited long enough. Let’s finish making our homes online the safe places they should have been in the first place.

 

Why #NoStalking is a good deal for publishers

"Just give me ads not based on tracking me.."

That line, scribbled on a whiteboard at VRM Day recently at the Computer History Museum, expresses the unspoken social contract we’ve always had with ad-supported print publications in the physical world. But we never needed to say it in that world, for the same reason we never needed to say “don’t follow me out of your store,” or “don’t use ink that will give me an infection.” Nobody ever would have considered doing anything that ridiculously ill-mannered.

But following us, and infecting our digital bodies (e.g. our browsers) with microbes that spy on us, is pro forma for ad-supported publishers on the Internet. That’s why Do Not Track was created in 2007, and a big reason why since then hundreds of millions of us have installed ad blockers and tracking protection of various kinds in our browsers and mobile devices.

But blocking ads also breaks that old social contract. In that sense it’s also ill-mannered (though not ridiculously so, given the ickyness that typifies so much advertising online).

What if we wanted to restore that social contract, for the good of publishers that are stuck in their own ill-mannered death spiral?

The first and easiest way is by running tracking protection alone. There are many ways of doing that. There are settings you can make in some browsers, plus add-ons or extensions from Aloodo, BaycloudDisconnect, the EFF and others.

The second is requesting refined settings from browser makers. That’s  what @JuliaAnguin does in this tweet about the new Brave browser:

Julia Angwin's request to Brave

But why depend on each browser to provide us with a separate setting, with different rules? How about having our own pro forma rule we could express through all our browsers and apps?

We have the answer, and it’s called the NoStalking rule. In fact, it’s already being worked out and formalized at the Kantara Initiative and will live at Customer Commons, where it will be legible at all three of these levels:

3way

It will work because it’s a good one for both sides. Individuals proffering the #NoStalking term get guilt-free use of the goods they come to the publisher for, and the publisher gets to stay in business — and improve that business by running advertising that is actually valued by its recipients.

The offer can be expressed in one line of code in a browser, and accepted by corresponding code on the publisher’s side. The browser code can be run natively (as, for example, a choice in the Brave menu above) or through an extension such as an ad or tracking blocker. In those cases the blocker would open the valve to non-tracking-based advertising.

On the publisher’s side, the agreement can be automatic. Or simply de facto, meaning the publisher only runs non-tracking based ads anyway. (As does, for example, Medium.) In that case, the publisher is compliant with CHEDDAR, which was outlined by Don Marti (of Aloodo, above) and discussed  both at VRM Day and then at  IIW, in May. Here’s an icon-like image for CHEDDAR, drawn by Craig Burton on his phone:

Sketch - 7

To explain CHEDDAR, Don wrote this on the same whiteboard where the NoStalking term above also appeared:

cheddar

For the A in CHEDDAR, if we want the NoStalking agreement to be accountable from both sides, it might help to have a consent receipt. That spec is in the works too.

What matters most is that individuals get full respect as sovereign actors operating with full agency in the marketplace. That means it isn’t good enough just for sites to behave well. Sites also need to respond to friendly signals of intent coming directly from individuals visiting those sites. That’s why the NoProfiling agreement is important. It’s the first of many other possible signals as well.

It also matters that the NoProfiling agreement may be the first of its kind in the online world: one where the individual is the one extending the offer and the business is the one agreeing to it, rather than the other way around.

At VRM Day and IIW, we had participants affiliated with the EFF, Mozilla, Privacy Badger, Adblock Plus, Consent Receipt, PDEC (Personal Data Ecosystem Consortium),  and the CISWG (Consent & InfoSharing Working Group), among others. Work has continued since then, and includes people from the publishing, advertising and other interested communities. There’s a lot to be encouraged about.

In case anybody wonders if advertising can work as well if it’s not based on tracking, check out Pedro Gardete: The Real Price of Cheap Talk: Do customers benefit from highly targeted online ads?  by Eilene Zimmerman (@eilenez) in Insights by Stanford Business. The gist:

Now a new paper from Stanford Graduate School of Business professor Pedro Gardete and Yakov Bart, a professor at Northeastern University, sheds light on who is likely to benefit from personalized advertising and identifies managerial best practices.

The researchers found that highly targeted and personalized ads may not translate to higher profits for companies because consumers find those ads less persuasive. In fact, in some cases the most effective strategy is for consumers to keep information private and for businesses to track less of it.

You can also mine the oeuvres of Bob Hoffman and Don Marti for lots of other material that makes clear that the best advertising is actual advertising, and not stalking-based direct marketing that only looks like advertising.

Our next step, while we work on all this, is to put together an FAQ on why the #NoProfiling deal is a good one for everybody. Look for that at Customer Commons, where terms behind more good deals that customers offer will show up in the coming months.

Older posts

© 2018 ProjectVRM

Theme by Anders NorenUp ↑