Category: Privacy (page 1 of 4)

We’re done with Phase One

Here’s a picture that’s worth more than a thousand words:


He’s with MAIF, the French insurance company, speaking at MyData 2016 in Helsinki, a little over a month ago. Here’s another:


That’s Sean Bohan, head of our steering committee, expanding on what many people at the conference already knew.

I was there too, giving the morning keynote on Day 2:


It was an entirely new talk. Pretty good one too, especially since  I came up with it the night before.

See, by the end of Day 1, it was clear that pretty much everybody at the conference already knew how market power was shifting from centralized industries to distributed individuals and groups (including many inside centralized industries). It was also clear that most of the hundreds of people at the conference were also familiar with VRM as a market category. I didn’t need to talk about that stuff any more. At least not in Europe, where most of the VRM action is.

So, after a very long journey, we’re finally getting started.

In my own case, the journey began when I saw the Internet coming, back in the ’80s.  It was clear to me that the Net would change the world radically, once it allowed commercial activity to flow over its pipes. That floodgate opened on April 30, 1995. Not long after that, I joined the fray as an editor for Linux Journal (where I still am, by the way, more than 20 years later). Then, in 1999, I co-wrote The Cluetrain Manifesto, which delivered this “one clue” above its list of 95 Theses:


And then, one decade ago last month, I started ProjectVRM, because that clue wasn’t yet true. Our reach did not exceed the grasp of marketers in the world. If anything, the Net extended marketers’ grasp a lot more than it did ours. (Shoshana Zuboff says their grasp has metastacized into surveillance capitalism. ) In respect to Gibson’s Law, Cluetrain proclaimed an arrived future that was not yet distributed. Our job was to distribute it.

Which we have. And we can start to see results such as those above. So let’s call Phase One a done thing. And start thinking about Phase Two, whatever it will be.

To get that work rolling, here are a few summary facts about ProjectVRM and related efforts.

First, the project itself could hardly be more lightweight, at least administratively. It consists of:

Second, we have a spin-off: Customer Commons, which will do for personal terms of engagement (one each of us can assert online) what Creative Commons (another Berkman-Klein spinoff) did for copyright.

Third, we have a list of many dozens of developers, which seem to be concentrated in Europe and Australia/New Zealand.  Two reasons for that, both speculative:

  1. Privacy. The concept is much more highly sensitive and evolved in Europe than in the U.S. The reason we most often get goes, “Some of our governments once kept detailed records of people, and those records were used to track down and kill many of them.” There are also more evolved laws respecting privacy. In Australia there have been privacy laws for several years requiring those collecting data about individuals to make it available to them, in forms the individual specifies. And in Europe there is the General Data Protection Regulation, which will impose severe penalties for unwelcome data gathering from individuals, starting in 2018.
  2. Enlightened investment. Meaning investors who want a startup to make a positive difference in the world, and not just give them a unicorn to ride out some exit. (Which seems to have become the default model in the U.S., especially Silicon Valley.)

What we lack is research. And by we I mean the world, and not just ProjectVRM.

Research is normally the first duty of a project at the Berkman Klein Center, which is chartered as a research organization. Research was ProjectVRM’s last duty, however, because we had nothing to research at first. Or, frankly, until now. That’s why we were defined as a development & research project rather than the reverse.

Where and how research on VRM and related efforts happens is a wide open question. What matters is that it needs to be done, starting soon, while the “before” state still prevails in most of the world, and the future is still on its way in delivery trucks. Who does that research matters far less than the research itself.

So we are poised at a transitional point now. Let the conversations about Phase Two commence.











VRM at MyData2016


As it happens I’m in Helsinki right now, for MyData2016, where I’ll be speaking on Thursday morning. My topic: The Power of the Individual. There is also a hackathon (led by going on during the show, starting at 4pm (local time) today. In no order of priority, here are just some of the subjects and players I’ll be dealing with,  talking to, and talking up (much as I can):

Please let me know what others belong on this list. And see you at the show.


Humanizing the Great Ad Machine

This is a comment I couldn’t publish under this post before my laptop died. (Fortunately I sent it to my wife first, so I’m posting it here, from her machine.)

OMMA’s theme is “Humanizing the Great Ad Machine”  Good one. Unfortunately, the agenda and speaker list suggest that industry players are the only ones in a position to do that. They aren’t..

The human targets of the Great Ad Machine are actually taking the lead—by breaking it.

Starting with ad blocking and tracking protection.

I see no evidence of respect for that fact, however, in the posts and tweets (at #MPOMMA) coming out of the conference so far. Maybe we can change that.

Let’s start by answering the question raised by the headline in Ad Blocking and DVRs: How Similar? I can speak as an operator of both technologies, and as a veteran marketer as well. So look at the rest of this post as the speech I’d give if I was there at OMMA…

Ad blocking and DVRs have four main things in common.

1) They are instruments of personal independence;

2) They answer demand for avoiding advertising. That demand exists because most advertising wastes time and space in people’s lives, and people value those two things more than whatever good advertising does for the “content” economy;

3) Advertising agents fail to grok this message; which is why—

4) Advertising agents and the “interactive” ad industry cry foul and blame the messengers (including the makers of ad blockers and other forms of tracking protection), rather than listening to, or respecting, what the market tells them, loudly and clearly.

Wash, rinse and repeat.

The first wash was VCRs. Those got rinsed out by digital TV. The second wash was DVRs. Those are being rinsed out right now by the Internet. The third wash is ad blocking.

The next rinse will happen after ad blocking succeeds as chemo for the cancer of ads that millions on the receiving end don’t want.

The next wash will be companies spending their marketing money on listening for better signals of demand from the marketplace, and better ways of servicing existing customers after the sale.

This can easily happen because damn near everybody is on the Net now, or headed there. Not trapped on TV or any other closed, one-way, top-down, industry-controlled distribution system.

On the Net, everybody has a platform of their own. There is no limit to what can be built on that platform, including much better instruments for expressing demand, and much better control over private personal spaces and the ways personal data are used by others. Ad blocking is just the first step in that direction.

The adtech industry (including dependent publishers) can come up with all the “solutions” they want to the ad blocking “problem.” All will fail, because ad blocking is actually a solution the market—hundreds of millions of real human beings—demands. Every one of adtech’s “solutions” is a losing game of whack-a-mole where the ones with hammers bang their own heads.

For help looking past that game, consider these:

1) The Interent as we know it is 21 years old. Commercial activity on it has only been possible since April 30, 1995. The history of marketing on the Net since then has been a series of formative moments and provisional systems, not a permanent state. In other words, marketing on the Net isn’t turtles all the way down, it’s scaffolding. Facebook, Google and the rest of the online advertising world exist by the grace of provisional models that have been working for only a few years, and can easily collapse if something better comes along. Which it will. Inevitably. Because…

2) When customers can signal demand better than adtech can manipulate it or guess at it, adtech will collapse like a bad soufflé.

3) Plain old brand advertising, which has always been aimed at populations rather than people, isn’t based on surveillance, and has great brand-building value, will carry on, free of adtech, doing what only it can do. (See the Ad Contrarian for more on that.)

In the long run (which may be short) winners will be customers and the companies that serve them  respectfully. Not more clueless and manipulative surveillance-based marketing schemes.

Winning companies will respect customers’ independence and intentions. Among those intentions will be terms that specify what can be done with shared personal data. Those terms will be supplied primarily by customers, and companies will agree to those terms because they will be friendly, work well for both sides, and easily automated.

Having standard ways for signaling demand and controlling use of personal data will give customers the same kind of scale companies have always had across many customers. On the Net, scale can work in both directions.

Companies that continue to rationalize spying on and abusing people, at high costs to everybody other than those still making hay while the sun shines, will lose. The hay-makers will also lose as soon as the light of personal tolerance for abuse goes out, which will come when ad blocking and tracking protection together approach ubiquity.

But the hay-makers can still win if they start listening to high-value signals coming from customers. It won’t be hard, and it will pay off.

The market is people, folks. Everybody with a computer or a smart mobile device is on the Net now. They are no longer captive “consumers” at the far ends of one-way plumbing systems for “content.” The Net was designed in the first place for everybody, not just for marketers who build scaffolding atop customer dislike and mistake it for solid ground.

It should also help to remember that the only business calling companies “advertisers” is advertising. No company looks in the mirror and sees an advertiser there. That’s because no company goes into business just so they can advertise. They see a car maker, a shoe store, a bank, a brewer, or a grocer. Advertising is just overhead for them. I learned this lesson the hard way as a partner for 20 years in a very successful ad agency. Even if our clients loved us, they could cut their ad budget to nothing in an instant, or on a whim.

There’s a new world of marketing waiting to happen out there in the wide-open customer-driven marketplace. But it won’t grow out of today’s Great Ad Machine. It’ll grow out of new tech built on the customers’ side, with ad blocking and tracking protection as the first examples. Maybe some of that tech is visible at OMMA. Or at least maybe there’s an open door to it. If either is there, let’s see it. Hashtag: #VRM. (For more on that, see

If not, you can still find developers here .

IoT & IoM next week at IIW


(This post was updated and given a new headline on 20 April 2016.)

In  The Compuserve of Things, Phil Windley issues this call to action:

On the Net today we face a choice between freedom and captivity, independence and dependence. How we build the Internet of Things has far-reaching consequences for the humans who will use—or be used by—it. Will we push forward, connecting things using forests of silos that are reminiscent the online services of the 1980’s, or will we learn the lessons of the Internet and build a true Internet of Things?

In other words, an Internet of Me (#IoM) and My Things. Meaning things we own that belong to us, under our control, and not puppeted by giant companies using them to snarf up data about our lives. Which is the  #IoT status quo today.

A great place to work on that is  IIW— the Internet Identity Workshop , which takes place next Tuesday-Thursday, April 26-28,  at the Computer History Museum in Silicon Valley. Phil and I co-organize it with Kaliya Hamlin.

To be discussed, among other things, is personal privacy, secured in distributed and crypto-secured sovereign personal spaces on your personal devices. Possibly using blockchains, or approaches like it.

So here is a list of some topics, code bases and approaches I’d love to see pushed forward at IIW:

  • OneName is “blockchain identity.”
  • Blockstack is a “decentralized DNS for blockchain applications” that “gives you fast, secure, and easy-to-use DNS, PKI, and identity management on the blockchain.” More: “When you run a Blockstack node, you join this network, which is more secure by design than traditional DNS systems and identity systems. This  is because the system’s registry and its records are secured by an underlying blockchain, which is extremely resilient against tampering and control. In the registry that makes up Blockstack, each of the names has an owner, represented by a cryptographic keypair, and is associated with instructions for how DNS resolvers and other software should resolve the name.” Here’s the academic paper explaining it.
  • The Blockstack Community is “a group of blockchain companies and nonprofits coming together to define and develop a set of software protocols and tools to serve as a common backend for blockchain-powered decentralized applications.” Pull quote: “For example, a developer could use Blockstack to develop a new web architecture which uses Blockstack to host and name websites, decentralizing web publishing and circumventing the traditional DNS and web hosting systems. Similarly, an application could be developed which uses Blockstack to host media files and provide a way to tag them with attribution information so they’re easy to find and link together, creating a decentralized alternative to popular video streaming or image sharing websites. These examples help to demonstrate the powerful potential of Blockstack to fundamentally change the way modern applications are built by removing the need for a “trusted third party” to host applications, and by giving users more control.” More here.
  • IPFS (short for InterPlanetary File System) is a “peer to peer hypermedia protocol” that “enables the creation of completely distributed applications.”
  • OpenBazaar is “an open peer to peer marketplace.” How it works: “you download and install a program on your computer that directly connects you to other people looking to buy and sell goods and services with you.” More here and here.
  • Mediachain, from Mine, has this goal: “to unbundle identity & distribution.” More here and here.
  • telehash is “a lightweight interoperable protocol with strong encryption to enable mesh networking across multiple transports and platforms,” from @Jeremie Miller and other friends who gave us jabber/xmpp.
  • Etherium is “a decentralized platform that runs smart contracts: applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference.”
  • Keybase is a way to “get a public key, safely, starting just with someone’s social media username(s).”
  • ____________ (your project here — tell me by mail or in the comments and I’ll add it)

In tweet-speak, that would be @BlockstackOrg, @IPFS, @OpenBazaar, @OneName, @Telehash, @Mine_Labs #Mediachain, and @IBMIVB #ADEPT

On the big company side, dig what IBM’s Institute for Business Value  is doing with “empowering the edge.” While you’re there, download Empowering the edge: Practical insights on a decentralized Internet of Things. Also go to Device Democracy: Saving the Future of the Internet of Things — and then download the paper by the same name, which includes this graphic here:


Put personal autonomy in that top triangle and you’ll have a fine model for VRM development as well. (It’s also nice to see Why we need first person technologies on the Net , published here in 2014, sourced in that same paper.)

Ideally, we would have people from all the projects above at IIW. For those not already familiar with it, IIW is a three-day unconference, meaning it’s all breakouts, with topics chosen by participants, entirely for the purpose of getting like-minded do-ers together to move their work forward. IIW has been doing that for many causes and projects since the first one, in 2005.

Register for IIW here:

Also register, if you can, for VRM Day: That’s when we prep for the next three days at IIW. The main focus for this VRM Day is here.

Bonus link: David Siegel‘s Decentralization.




What if we don’t need advertising at all?

advertisinggraveI’m serious.

Answer this question: Would you pay for any publication that is only advertising? If not, Do you believe advertising adds or subtracts value from the media it funds?

It depends, right? Ads add value to The New Yorker, Vogue, Brides, Guns & Ammo and the Super Bowl. Readers and viewers actually like the ads that show up in those places. In some others, well, kinda. As for the rest? No.

The rest rounds to everything. The italicized items in the paragraph above are exceptions to a  rule that is yucky in the extreme, especially on the Web and (increasingly) on our mobile devices.

So let’s say we normalize supply and demand to the Internet, which puts a giant zero — no distance — between everybody and everything.  All that should stand between any two entities on the Net are manners, permission and convenience. Any company and any customer should be able to connect with any other, without an intermediary, any time and in any way they both want — provided agreements and methods for doing that are worked out.

So far they aren’t, and that’s the reason we have so much icky advertising on the Web and on our phones: most of the pushers have no manners, and there are no mutually accepted ways to allow or deny permission for being bothered, so those being bothered have responded with ad and tracking blockers. In other words, in the absence of manners, we’ve created an inconvenience.

Naturally, publishers, agencies and ad industry associations are crying foul, but too bad. Blocking  that shit reduces friction and  feels good. (Thank you, Bob Garfield, for both of those.)

What we need next are better ways for demand and supply to inform and connect. Not just better ways to pay for media. (That would be nice, but media have mostly been a one-way channel for informing, and at best a secondary way to connect.)

Think about what will happen to markets when any one of us can intentcast our needs for products or services, and do so easily and in standard ways that any supplier can understand. Then think about what will happen when any company can inform existing or potential customers directly, without the intermediation of the media we know today — and with clear and well-understood permissions for doing that on both sides.

The result will be the intention economy, which will work far better for demand and supply than the attention economy we have today, simply because there will be so many more and better ways to inform and connect, in both directions.

Asking today’s media to give us the intention economy is like asking AM radio to give us cellular telephony.

They can’t, and they won’t. At best they’ll serve the remaining needs of the attention economy: namely, old-fashioned Madison Avenue type branding, like we get from the best ads in the Super Bowl and in your better print magazines. This is the wheat I talk about in Separating Advertising’s Wheat and Chaff, and that Don Marti calls “signalful” advertising. Maybe that stuff will be with us forever. For the sake of the good things they fund, I hope so.

But I don’t know, because I’m sure if we zero-base the intention economy in our new all-digital world, it is unlikely that we’ll invent any of the media we have today.

It would be easy to call the intention economy utopian hogwash, and I expect some comments to say as much. But one could have said the same thing about personal computing in 1973, the Internet in 1983 and smartphones in 1993. All of those were unthinkable at those points in history, yet inevitable in retrospect.

The fact is, we are now in a digital world as well as an analog one. That alone rewrites the future in a huge way. Digital itself is the only medium, and the whole environment. It’s also us, whether we like it or not. We are digital as well as cellular.

In the past we put up with being annoyed and yelled at by advertising. And now we’re putting up with being spied on and guessed at, personally, as well. But we don’t have to put up with any of it any more. That’s another thing digital life makes possible, even if we haven’t taken the measures yet. The limits of invention are a lot farther out on the Giant Zero than they ever were in the old analog world where today’s media — including  digital ones following analog models — were born.

Advertising is an analog thing. The arguments for its survival in the digital world need to be ones that start with demand. Is it something we want? Because we’ll get what we want. Sooner or later, we’ll have the digital versions of clothing and shelter (aka privacy), of terms and permissions, of ways to signal our intentions. If advertising fits in there somewhere, great. If not, R.I.P.











Helping publishers and advertisers move past the ad blockade


Those are the three market conversations happening in the digital publishing world. Let’s look into what they’re saying, and then what more they can say that’s not being said yet.

A: Publisher-Reader

Publishing has mostly been a push medium from the start. One has always been able to write back to The Editor, and in the digital world one can tweet and post in other places, including one’s own blog. But the flow and power asymmetry is still push-dominated, and the conversation remains mostly a one-way thing, centered on editorial content. (There is also far more blocking of ads than talk about them.)

An important distinction to make here is between subscription-based pubs and free ones. The business model of subscription-supported pubs is (or at least includes) B2C: business-to-customer. The business model of free pubs is B2B: business-to-business. In the free pub case, the consumer (who is not a customer, because she isn’t paying anything) is the product sold to the pub’s customer, the advertiser.

Publishers with paying subscribers have a greater stake — and therefore interest — in opening up conversation with customers. I believe they are also less interested in fighting with customers blocking ads than are the free pubs. (It would be interesting to see research on that.)

B. Publisher-Advertiser

In the offline world, this was an uncomplicated thing. Advertisers or their agencies placed ads in publications, and paid directly for it. In the online world, ads come to publishers through a tangle of intermediaries:


Thus publishers may have no idea at any given time what ads get placed in front of what readers, or for what reason. In service to this same complex system, they also serve up far more than the pages of editorial content that attracts readers to the site. Sight unseen, they plant tracking cookies and beacons in readers’ browsers, to follow those readers around and report their doings back to third parties that help advertisers aim ads back at those readers, either on the publisher’s site or elsewhere.

We could explore the four-dimensional shell game that comprises this system, but for our purposes here let’s just say it’s a B2B conversation. That it’s a big one now doesn’t mean it has to be the only one. Many others are possible.

C. Reader-Advertiser

In traditional offline advertising, there was little if any conversation between readers and advertisers, because the main purpose of advertising was to increase awareness. (Or, as Don Marti puts it, to send an economic signal.) If there was a call to action, it usually wasn’t to do something that involved the publisher.

A lot of online advertising is still that way. But much of it is direct response advertising. This kind of advertising (as I explain in Separating Advertising’s Wheat and Chaff) is descended not from Madison Avenue, but from direct mail (aka junk mail). And (as I explain in Debugging adtech’s assumptions) it’s hard to tell the difference.

Today readers are speaking to advertisers a number of ways:

  1. Responding to ads with a click or some other gesture. (This tens to happen at percentages to the right of the decimal point.)
  2. Talking back, one way or another, over social media or their own blogs.
  3. Blocking ads, and the tracking that aims them.

Lately the rate of ad and tracking blocking by readers has gone so high that publishers and advertisers have been freaking out. This is characterized as a “war” between ad-blocking readers and publishers. At the individual level it’s just prophylaxis. At the group level it’s a boycott. Both ways it sends a message to both publishers and advertisers that much of advertising and the methods used for aiming it are not welcome.

This does not mean, however, that making those ads or their methods more welcome is the job only of advertisers and publishers. Nor does it mean that the interactions between all three parties need to be confined to the ones we have now. We’re on the Internet here.

The Internet as we know it today is only twenty years old: dating from the end of the NSFnet (on 30 April 1995) and the opening of the whole Internet to commercial activity. There are sand dunes older than Facebook, Twitter — even Google — and more durable as well. There is no reason to confine the scope of our invention to incremental adaptations of what we have. So let’s get creative here, and start by looking at, then past, the immediate crisis.

People started blocking ads for two reasons: 1) too many got icky (see the Acceptable Ads Manifesto for a list of unwanted types); 2) unwelcome tracking. Both arise from the publisher-advertiser conversation, which to the reader (aka consumer) looks like this:


Thus the non-conversation between readers blocking ads and both publishers and advertisers (A and C) looks like this:


So far.

Readers also have an interest in the persistence of the publishers they read. And they have an interest in at least some advertisers’ goods and services, or the marketplace wouldn’t exist.

Thus A and C are conversational frontiers — while B is a mess in desperate need of cleaning up.

VRM is about A and C, and it can help with B. It also goes beyond conversation to include the two other activities that comprise markets: transaction and relationship. You might visualize it as this:


From Turning the customer journey into a virtuous cycle:

One of the reasons we started ProjectVRM is that actual customers are hard to find in the CRM business. We are “leads” for Sales, “cases” in Support, “leads” again in Marketing. At the Orders stage we are destinations to which products and invoices are delivered. That’s it.

Oracle CRM, however, has a nice twist on this (and thanks to @nitinbadjatia of Oracle for sharing it*):

Oracle Twist

Here we see the “customer journey” as a path that loops between buying and owning. The blue part — OWN, on the right — is literally the customer’s own-space. As the text on the OWN loop shows, the company’s job in that space is to support and serve. As we see here…

… the place where that happens is typically the call center.

Now let’s pause to consider the curb weight of “solutions” in the world of interactivity between company and customer today. In the BUY loop of the customer journey, we have:

  1. All of advertising, which Magna Global expects to pass $.5 trillion this year
  2. All of CRM, which Gartner pegs at $18b)
  3. All the rest of marketing, which has too many segments for me to bother looking up

In the OWN loop we have a $0trillion greenfield. This is where VRM started, with personal data lockers, stores, vaults, services and (just in the last few months) clouds.

Now look around your home. What you see is mostly stuff you own. Meaning you’ve bought it already. How about basing your relationships with companies on those things, rather than over on the BUY side of the loop, where you are forced to stand under a Niagara of advertising and sales-pitching, by companies and agencies trying to “target” and “acquire” you. From marketing’s traditional point of view (the headwaters of that Niagara), the OWN loop is where they can “manage” you, “control” you, “own” you and “lock” you in. To see one way this works, check your wallets, purses, glove compartments and kitchen junk drawers for “loyalty” cards that have little if anything to do with genuine loyalty.

But what if the OWN loop actually belonged to the customer, and not to the CRM system? What if you had VRM going there, working together with CRM, at any number of touch points, including the call center?

So here are two questions for the VRM community:

  1. What are we already doing in those areas that can help move forward in A and B?
  2. What can we do that isn’t being done now?

Among things we’re already doing are:

  • Maintaining personal clouds (aka vaults, lockers, personal information management systems, from which data we control can be shared on a permitted basis with publishers and companies that want to sell us stuff, or with which we already enjoy relationships.
  • Employing intelligent personal assistants of our own.
  • Intentcasting, in which we advertise our intentions to buy (or seek services of some kind).
  • Terms individuals can assert, to start basing interactions and relationships on equal power, rather than the defaulted one-way take-it-or-leave-it non-agreements we have today.

The main challenge for publishers and advertisers is to look outside the box in which their B2B conversation happens — and the threats to that box they see in ad blocking — and to start looking at new ways of interacting with readers. And look for leadership coming from tool and service providers representing those readers. (For example, Mozilla.)

The main challenge for VRM developers is to provide more of those tools and services.

Bonus links for starters (again, I’ll add more):

Privacy isn’t about secrecy and freedom isn’t about license. Both are about agency.

Agency is the power to act with effect in the world. We have agency when we type on a keyboard, hammer a nail, ride a horse or drive a car.  Here’s a dictionary definition:

a·gen·cy (ā′jən-sē)

  1. The condition of being in action; operation.
  2. The means or mode of acting; instrumentality.

It is derived from agere: Latin for to do.

We are built to do a lot: with our brains, our opposable thumbs, our lack of fur, our capacity to sweat and to learn — and our strange ability to walk or run on two feet instead of four (almost ceaselessly, at least when we are young and fit) — we can do an amazing variety of things with our bodies.

For what we can’t do, we invent tools and machines. These extend our agency outward through technology. A hammer becomes another length of arm. With one in our hand, we have the power to drive nails with a metal fist. A car gives us an engine and wheels, so we can zoom down roads at dozens of miles (or kilometers) per hour. A plane gives us engines and wings, so we can fly far and high.  Each expands our agency to distant horizons of effect and experience in the world.

Infrastructure and services expand what each and all of us can do as well. But at the base of human capacity is the individual’s ability to do stuff in the world. Or, in a word, agency.

Which brings me to the second world we built alongside the physical one we all share. That second world is the Internet: a Giant Zero shaped by an oddly simple protocol: TCP/IP. Never mind how it works. Just note what it does: reduce to zero the functional distance between everything and everybody on it. Also the cost.

As a way to expand human agency, the Internet has no rivals. It gives all our voices, all our ideas, all our actions, worldwide scale. Any of us can speak, write, publish and much more, across any distance, at levels of inconvenience and cost that veer toward zero.

And we’ve been doing that, routinely, ever since the Internet assumed its current form. (That happened in April 1995, when the NSFnet‘s backbone — one network within the Internet — was decommissioned and commercial activity, which the NSFnet forbade, could begin to flourish across the whole Net.)

The Net has an end-to-end architecture. Every body and every thing is an end point, and the Net’s protocol does its best to move data between any and all of those. This is what Paul Baran, one of the Net’s fathers, described as a distributed design, rather than a centralized or decentralized one. Here is how he illustrated the difference, way back in 1962:

Paul Baran, On Distributed Communications Networks, 1962

And that became the Net’s basic design. Or at least its ideal.

Yet, for the sake of convenience — especially in the early days of the Net, when most of us were still on dial-up — we defaulted to a client-server architecture for deploying servers and services. With client-server, each server is a central point, which makes the Net, in a practical sense, a decentralized thing, rather than a distributed one.

And yet the distributed nature of the Net persists, grounding our agency in the world it defines.

Conflicts between centralized, decentralized and distributed capacities on the Net — and uneven development of tools and services enlarging our agency — are behind many of our crises on the Net today.

Take privacy for example. It’s a huge issue. Survey after survey (e.g. from Pew, TRUSTe and Customer Commons) say that 90% and more of us are concerned about personal privacy on the Net, don’t trust many service providers, or lie and hide to obscure personal identity. Advertising and tracking blockers are the most popular browser extensions, and with good reason: we are still naked on the Net.

That’s because the Net, like nature in the physical world, doesn’t come with privacy installed. We have to make it for ourselves. In the physical world we did it by inventing clothing and shelter. In the virtual world we still don’t have either. Tracking blockers are fig leaves at best. They also all work differently. We are still in early times.

Since we have no privacy yet (other than by staying off the Net, or by isolating ourselves on it by declining to accept cookies and staying away from services such as Google’s and Facebook’s), we tend to think about privacy in terms of secrets: things we don’t want others to know about us. But think instead about what we do to create privacy in the physical world, with clothing and shelter. Both do more than cover our bodies and and our lives. We express both. We also express with them. Our clothing and shelter send signals about ourselves. They speak of our tastes, our gender, our status, our memberships. Most of these speakings are subtle, but many are not. What matters is that they all valve our exposure to others. Buttons and zippers on our clothes speak of what can, can’t and shouldn’t be opened by others, without permission. Doors, shades and shutters on our homes do the same.

All of those things facilitate our agency. We need the same in the networked world.

The main difference is that we’ve had thousands of years to work them out in the physical world, and just twenty in the networked one. In the history of civilization, and even of business, this is close to nothing. We’re barely started.

There will, inevitably, emerge a symbiosis between centralized, decentralized and distributed capacities. Brian Behlendorf uses the term “minimum viable centralization” to label what we’re looking for here. Meanwhile we have maximum viable centralization on a network that is also distributed by design. Just like the humans on it.

We are seeing today a collapse of intermediary institutions. Publishing (e.g. blogs) Hospitality (e.g. Airbnb), dispatch (e.g. Uber), broadcast (e.g. Meerkat and Periscope) and payments (e.g.  Bitcoin) come quickly to mind, and many more are coming along. Yet through all of those there must remain some degree of trust in the graces that institutions — governments and companies — alone can provide. How can their minimum viable agencies help us enlarge our own? That’s the main challenge for the coming years.

The question we need to ask, as we address that challenge through VRM, is this: What is best done by the individual, and what is best done by the institution — and how an the two work together?

To answer that, agency must be key. Without it we’ll only get more centralized BS to distrust.




First we take Oz

Sydneydoc 017-018_combined_medAustralia’s privacy principles are among the few in the world that require organizations to give individuals personal information gathered about them.* This opens the path to proving that we can do more with our own data than anybody else can.

Estimating the size of the personal data management business is like figuring the size of the market for talking or driving. (Note: we can also do more with those than companies can.)

Starting us down this path is  Ben Grubb (@BenGrubb) of the Sydney Morning Herald. Ben requested personal data held by the Australian telco giant Telstra, and found himself in a big fightwhich he won. (Here’s the decision. Telstra is appealing, but they’re still gonna lose.)

Bravo to Ben — not just for whupping a giant, but for showing a path forward for individual empowerment in the marketplace. Thanks to Australia’s privacy principles, and Ben’s illustrative case, the yellow brick road to the VRM future is widest in Oz.

Here (and in New Zealand) we not only have lots of VRM developers (Flamingo, Fourth Party, Geddup, Meeco, MyWave, OneExus, Welcomer and others I’ll insulting by not listing yet), but legal easement toward proving that individuals can do the more with their own data than can the companies that follow us. And proving as well that individuals managing their own data will be good for those companies as well. The data they get will be richer, more accurate,  more contextual, and more useful.

This challenge is not new. It’s as old as our species. The biggest tech revolutions have always been inventions individuals could put to the best use:

  • Stone tools
  • Weaving
  • Smithing
  • Musical instruments
  • Hand-held hunting and fighting tools
  • Automobiles
  • PCs
  • The Internet (which is a node-to-node invention, not an advanced phone or cable company, even though we pay those things for access to it)
  • Mobile phones and tablets
  • Movable type (which would be nowhere without individual authors — and writing tools in the hands of those authors)

There should be symbiosis here. There are things big organizations do best, and things individuals do best. And much that both do best when they work together.

Look at cars, which are a VRM technology: we use them to get around the marketplace, and to help us do business with many companies. They give us ways to be both independent and engaging. But companies don’t drive them. We do. Companies provide parking lots, garages, drive-up windows and other conveniences for drivers. Symbiosis.

So, while Telstra is great at building and managing communication infrastructure and services, its customers will be great at doing useful stuff with the kind of data Ben requested, such as locations, calls and texts — especially after customers get easy-to-use tools and services that help them work as points of integration for their own data, and managers of what gets done with it. There are many VRM developers working toward that purpose, around the world, And many more that will come once they smell the opportunities.

These opportunities are only apparent when you look at the market through your own eyes as a sovereign human being. The same opportunities are mostly invisible when you look at the market from the eye at the top of the industrial pyramid.

Bonus links:

* My understanding is that privacy principles such as the OECD’s and Ontario’s provide guidance but not the full force of law, or means of enforcement. Australia’s differ because they have teeth. See the Determination on page 36 of the Privacy Commissioner’s investigation and decision. Canada’s also has teeth. See the list of orders issued in Ontario. If there are other examples of decisions like this one, anywhere in the world, please let us know.

Declaration of Customer Independence

I published one of these five years ago, way ahead of its time, which I believe has now come. (Evidence:  @BenGrubb‘s victory over Telstra.*)

So here we go again:


We hold these truths to be self-evident: that all customers are born free, that they are endowed by their creator with innate abilities to relate, to converse and and to transact — on their own terms, and in their own ways. When sellers have labored long and hard to restrict those freedoms, and to ignore and insult the capacities enjoyed naturally by customers — by speaking, for example, of “targeting,” “capturing,” “acquiring,” “retaining,” “managing,” “locking in” and “owning” customers as if they were slaves  — and when sellers work to inconvenience customers to the exclusive benefit of sellers themselves, for example through “loyalty programs” that require customers to carry around cards that thicken’ wallets and slow checkout in stores, it is the right of customers to obsolete the coercive systems to which both sellers and customers have become accustomed. We do this by providing ourselves with new tools for leveraging our native human powers, for the good of ourselves and sellers alike.

We therefore resolve to construct relationships in which we, the customers, control our own data, hold rights to metadata about ourselves, express loyalty at our own grace, deal in common and standard ways with all sellers and other second and third parties, protect our private persons and spaces, assert fair terms and means of engagement that work in mutually constructive ways for both ourselves and the other parties we engage, for the good of all.

We make this Declaration as free and independent persons, each with full agency, ready to form agreements, make choices, assert commitments, transact business, and otherwise function in the free and open environment we call The Marketplace.

To this we pledge our lives, our fortunes, and our precious time and attention.

Comments and improvements welcome.

*Read the whole thing. It matters. Hugely.

By the way, I’ll be in New Zealand and Australia the week after next, keynoting Identity 2015 in Wellington and Customer Tech X in Melbourne, where I will also be on a number of panels. I’ll also be in Sydney for one day before heading back. Hope I can also hook up with some  of the growing number of VRM companies there. There are many on the VRM Developers List. (More on a separate post later.)

Of vaults and honey pots

Personal Blackbox ( is a new #VRM company — or so I gather, based on what they say they offer to users: “CONTROL YOUR DATA & UNLOCK ITS VALUE.”

So you’ll find them listed now on our developers list.

Here is the rest of the text on their index page:


PBB is a technology platform that gives you control of the data you produce every day.

PBB lets you gain insights into your own behaviors, and make money when you choose to give companies access to your data. The result? A new and meaningful relationship between you and your brands.

At PBB, we believe people have a right to own their data and unlock its benefits without loss of privacy, control and value. That’s why we created the Personal Data Independence Trust. Take a look and learn more about how you can own your data and its benefits.

In the meantime we are hard at work to provide you a service and a company that will make a difference. Join us to participate and we will keep you posted when we are ready to launch.

That graphic, and what seems to be said between the lines, tells me Personal Blackbox’s customers are marketers, not users.  And, as we so often hear, “If the service is free, you’re the product being sold.”

But, between the last paragraph and this one, I ran into Patrick Deegan, the Chief Technology Officer of Personal Blackbox, at the PDNYC meetup. When I asked him if the company’s customers are marketers, he said no — and that PBB (as it’s known) is doing something much different that’s not fully explained by the graphic and text above, and is tied with the Personal Data Independence Trust, about which not much is said at the link to it. (At least not yet. Keep checking back.) So I’ll withhold judgement about it until I know more, and instead pivot to the subject of VRM business models, which that graphic brings up for me.

I see two broad ones, which I’ll call vault and honey pot.

The vault model gives the individual full control over their personal data and what’s done with it, which could be anything, for any purpose. That data primarily has use value rather than sale value.

The honey pot model also gives the individual control over their personal data, but mostly toward providing a way to derive sale value for that data (or something similar, such as bargains and offers from marketers).

The context for the vault model is the individual’s whole life, and selective sharing of data with others.

The context for the honey pot model is the marketplace for qualified leads.

The vault model goes after the whole world of individuals. Being customers, or consumers, is just one of the many roles we play in that world. Who we are and what we do — embodied in our data — is infinitely larger that what’s valuable to marketers. But there’s not much money in that yet.

But there is in the honey pot model, at least for now. Simply put, the path to market success is a lot faster in the short run if you find new ways to help sellers sell.  $zillions are being spent on that, all the time. (Just look at the advertising coming along with that last link, to a search).

FWIW, I think the heart of VRM is in the vault model. But we have a big tent here, and many paths to explore. (And many metaphors to mix.)

Older posts

© 2016 ProjectVRM

Theme by Anders NorenUp ↑