Customertech

You are currently browsing the archive for the Customertech category.

Nature and the Internet both came without privacy.

The difference is that we’ve invented privacy tech in the natural world, starting with clothing and shelter, and we haven’t yet done the same in the digital world.

When we go outside in the digital world, most of us are still walking around naked. Worse, nearly every commercial website we visit plants tracking beacons on us to support the extractive economy in personal data called adtech: tracking-based advertising.

In the natural world, we also have long-established norms for signaling what’s private, what isn’t, and how to respect both. Laws have grown up around those norms as well. But let’s be clear: the tech and the norms came first.

Yet for some reason many of us see personal privacy as a grace of policy. It’s like, “The answer is policy. What is the question?”

Two such answers arrived with this morning’s New York TimesFacebook Is Not the Problem. Lax Privacy Rules Are., by the Editorial Board; and Can Europe Lead on Privacy?, by ex-FCC Chairman Tom Wheeler. Both call for policy. Neither see possibilities for personal tech. To both, the only actors in tech are big companies and big government, and it’s the job of the latter to protect people from the former.

What they both miss is that we need big people. We can only get those is with with big tech for each of us.

We got it with personal computing and with the Internet itself, which was designed to make everyone an Archimedes. We also got a measure of it with the phones and tablets we carry around in our pockets and purses. None are yet as private as they should be, but making them fully private is the job of tech.

I bring this up because we will be working on privacy tech over the next four days at the Computer History Museum, first at VRM Day, today, and then over next three days at IIW: the Internet Identity Workshop.

On the table at both are work some of us, me included, are doing through Customer Commons on terms we can proffer as individuals, and the sites and services of the world can agree to.

Those terms are examples of what we call customertech: tech that’s ours and not Facebook’s or Apple’s or Google’s or Amazon’s.

The purpose is to turn the connected marketplace into a Marvel-like universe in which all of us are enhanced. It’ll be interesting to see what kind of laws follow.*

But hey, let’s invent the tech we need first.

*BTW, I give huge props to the EU for the General Data Protection Regulation, which is causing much new personal privacy tech development and discussion. I also think it’s an object lesson in what can happen when an essential area of tech development is neglected, and gets exploited by others for lack of that development.

Also, to be clear, my argument here is not against policy, but for tech development. Without the tech and the norms it makes possible, we can’t have fully enlightened policy.

Bonus link.

Let’s start with Facebook’s Surveillance Machine, by Zeynep Tufekci in last Monday’s New York Times. Among other things (all correct), Zeynep explains that “Facebook makes money, in other words, by profiling us and then selling our attention to advertisers, political actors and others. These are Facebook’s true customers, whom it works hard to please.”

Irony Alert: the same is true for the Times, along with every other publication that lives off adtech: tracking-based advertising. These pubs don’t just open the kimonos of their readers. They bring readers’ bare digital necks to vampires ravenous for the blood of personal data, all for the purpose of aiming “interest-based” advertising at those same readers, wherever those readers’ eyeballs may appear—or reappear in the case of “retargeted” advertising.

With no control by readers (beyond tracking protection which relatively few know how to use, and for which there is no one approach, standard or experience), and no blood valving by the publishers who bare those readers’ necks, who knows what the hell actually happens to the data?

Answer: nobody can, because the whole adtech “ecosystem” is a four-dimensional shell game with hundreds of players

or, in the case of “martech,” thousands:

For one among many views of what’s going on, here’s a compressed screen shot of what Privacy Badger showed going on in my browser behind Zeynep’s op-ed in the Times:

[Added later…] @ehsanakhgari tweets pointage to WhoTracksMe’s page on the NYTimes, which shows this:

And here’s more irony: a screen shot of the home page of RedMorph, another privacy protection extension:

That quote is from Free Tools to Keep Those Creepy Online Ads From Watching You, by Brian X. Chen and Natasha Singer, and published on 17 February 2016 in the Times.

The same irony applies to countless other correct and important reporting on the Facebook/Cambridge Analytica mess by other writers and pubs. Take, for example, Cambridge Analytica, Facebook, and the Revelations of Open Secrets, by Sue Halpern in yesterday’s New Yorker. Here’s what RedMorph shows going on behind that piece:

Note that I have the data leak toward Facebook.net blocked by default.

Here’s a view through RedMorph’s controller pop-down:

And here’s what happens when I turn off “Block Trackers and Content”:

By the way, I want to make clear that Zeynep, Brian, Natasha and Sue are all innocents here, thanks both to the “Chinese wall” between the editorial and publishing functions of the Times, and the simple fact that the route any ad takes between advertiser and reader through any number of adtech intermediaries is akin to ball falling through a pinball machine. Refresh your page while reading any of those pieces and you’ll see a different set of ads, no doubt aimed by automata guessing that you, personally, should be “impressed” by those ads. (They’ll count as “impressions” whether you are or not.)

Now…

What will happen when the Times, the New Yorker and other pubs own up to the simple fact that they are just as guilty as Facebook of leaking its readers’ data to other parties, for—in many if not most cases—God knows what purposes besides “interest-based” advertising? And what happens when the EU comes down on them too? It’s game-on after 25 May, when the EU can start fining violators of the General Data Protection Regulation (GDPR). Key fact: the GDPR protects the data blood of EU citizens wherever they risk having it sucked in the digital world.

To explain more about how this works, here is the (lightly edited) text of a tweet thread this morning, posted by @JohnnyRyan of PageFair:

Facebook left its API wide open, and had no control over personal data once those data left Facebook.

But there is a wider story coming: (thread…)

Every single big website in the world is leaking data in a similar way, through “RTB bid requests” for online behavioural advertising #adtech.

Every time an ad loads on a website, the site sends the visitor’s IP address (indicating physical location), the URL they are looking at, and details about their device, to hundreds -often thousands- of companies. Here is a graphic that shows the process.

The website does this to let these companies “bid” to show their ad to this visitor. Here is a video of how the system works. In Europe this accounts for about a quarter of publishers’ gross revenue.

Once these personal data leave the publisher, via “bid request”, the publisher has no control over what happens next. I repeat that: personal data are routinely sent, every time a page loads, to hundreds/thousands of companies, with no control over what happens to them.

This means that every person, and what they look at online, is routinely profiled by companies that receive these data from the websites they visit. Where possible, these data and combined with offline data. These profiles are built up in “DMPs”.

Many of these DMPs (data management platforms) are owned by data brokers. (Side note: The FTC’s 2014 report on data brokers is shocking. See https://www.ftc.gov/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014. There is no functional difference between an #adtech DMP and Cambridge Analytica.

—Terrell McSweeny, Julie Brill and EDPS

None of this will be legal under the #GDPR. (See one reason why at https://t.co/HXOQ5gb4dL). Publishers and brands need to take care to stop using personal data in the RTB system. Data connections to sites (and apps) have to be carefully controlled by publishers.

So far, #adtech’s trade body has been content to cover over this wholesale personal data leakage with meaningless gestures that purport to address the #GDPR (see my note on @IABEurope current actions here: https://t.co/FDKBjVxqBs). It is time for a more practical position.

And advertisers, who pay for all of this, must start to demand that safe, non-personal data take over in online RTB targeting. RTB works without personal data. Brands need to demand this to protect themselves – and all Internet users too. @dwheld @stephan_lo @BobLiodice

Websites need to control
1. which data they release in to the RTB system
2. whether ads render directly in visitors’ browsers (where DSPs JavaScript can drop trackers)
3. what 3rd parties get to be on their page
@jason_kint @epc_angela @vincentpeyregne @earljwilkinson 11/12

Lets work together to fix this. 12/12

Those last three recommendations are all good, but they also assume that websites, advertisers and their third party agents are the ones with the power to do something. Not readers.

But there’s lots readers will be able to do. More about that shortly. Meanwhile, publishers can get right with readers by dropping #adtech and go back to publishing the kind of high-value brand advertising they’ve run since forever in the physical world.

That advertising, as Bob Hoffman (@adcontrarian) and Don Marti (@dmarti) have been making clear for years, is actually worth a helluva lot more than adtech, because it delivers clear creative and economic signals and comes with no cognitive overhead (for example, wondering where the hell an ad comes from and what it’s doing right now).

As I explain here, “Real advertising wants to be in a publication because it values the publication’s journalism and readership” while “adtech wants to push ads at readers anywhere it can find them.”

Going back to real advertising is the easiest fix in the world, but so far it’s nearly unthinkable because we’ve been defaulted for more than twenty years to an asymmetric power relationship between people and publishers called client-server. I’ve been told that client-server was chosen as the name for this relationship because “slave-master” didn’t sound so good; but I think the best way to visualize it is calf-cow:

As I put it at that link (way back in 2012), Client-server, by design, subordinates visitors to websites. It does this by putting nearly all responsibility on the server side, so visitors are just users or consumers, rather than participants with equal power and shared responsibility in a truly two-way relationship between equals.

It doesn’t have to be that way. Beneath the Web, the Net’s TCP/IP protocol—the gravity that holds us all together in cyberspace—remains no less peer-to-peer and end-to-end than it was in the first place. Meaning there is nothing to the Net that prevents each of us from having plenty of power on our own.

On the Net, we don’t need to be slaves, cattle or blood bags. We can be human. In legal terms, we can operate as first parties rather than second ones. In other words, the sites of the world can click “agree” to our terms, rather than the other way around.

Customer Commons is working on exactly those terms. The first publication to agree to readers terms is Linux Journal, where I am now the editor-in-chief. The first of those terms will say “just show me ads not based on tracking me,” and is hashtagged #DoNotByte.

In Help Us Cure Online Publishing of Its Addiction to Personal Data, I explain how this models the way advertising ought to be done: by the grace of readers, with no spying.

Obeying readers’ terms also carries no risk of violating privacy laws, because every pub will have contracts with its readers to do the right thing. This is totally do-able. Read that last link to see how.

As I say there, we need help. Linux Journal still has a small staff, and Customer Commons (a California-based 501(c)(3) nonprofit) so far consists of five board members. What it aims to be is a worldwide organization of customers, as well as the place where terms we proffer can live, much as Creative Commons is where personal copyright licenses live. (Customer Commons is modeled on Creative Commons. Hats off to the Berkman Klein Center for helping bring both into the world.)

I’m also hoping other publishers, once they realize that they are no less a part of the surveillance economy than Facebook and Cambridge Analytica, will help out too.

[Later…] Not long after this post went up I talked about these topics on the Gillmor Gang. Here’s the video, plus related links.

I think the best push-back I got there came from Esteban Kolsky, (@ekolsky) who (as I recall anyway) saw less than full moral equivalence between what Facebook and Cambridge Analytica did to screw with democracy and what the New York Times and other ad-supported pubs do by baring the necks of their readers to dozens of data vampires.

He’s right that they’re not equivalent, any more than apples and oranges are equivalent. The sins are different; but they are still sins, just as apples and oranges are still both fruit. Exposing readers to data vampires is simply wrong on its face, and we need to fix it. That it’s normative in the extreme is no excuse. Nor is the fact that it makes money. There are morally uncompromised ways to make money with advertising, and those are still available.

Another push-back is the claim by many adtech third parties that the personal data blood they suck is anonymized. While that may be so, correlation is still possible. See Study: Your anonymous web browsing isn’t as anonymous as you think, by Barry Levine (@xBarryLevine) in Martech Today, which cites De-anonymizing Web Browsing Data with Social Networks, a study by Jessica Su (@jessicatsu), Ansh Shukla (@__anshukla__) and Sharad Goel (@5harad)
of Stanford and Arvind Narayanan (@random_walker) of Princeton.

(Note: Facebook and Google follow logged-in users by name. They also account for most of the adtech business.)

One commenter below noted that this blog as well carries six trackers (most of which I block).. Here is how those look on Ghostery:

So let’s fix this thing.

[Later still…] Lots of comments in Hacker News as well.

[Later again (8 April 2018)…] About the comments below (60+ so far): the version of commenting used by this blog doesn’t support threading. If it did, my responses to comments would appear below each one. Alas, some not only appear out of sequence, but others don’t appear at all. I don’t know why, but I’m trying to find out. Meanwhile, apologies.

Power of the People is a great grabber of a headline, at least for me. But it’s a pitch for a report that requires filling out the form here on the right:

You see a lot of these: invitations to put one’s digital ass on mailing list, just to get a report that should have been public in the first place, but isn’t so personal data can be harvested and sold or given away to God knows who.

And you do more than just “agree to join” a mailing list. You are now what marketers call a “qualified lead” for countless other parties you’re sure to be hearing from.

And how can you be sure? Read the privacy policy,. This one (for Viantinc.com) begins,

If you choose to submit content to any public area of our websites or services, your content will be considered “public” and will be accessible by anyone, including us, and will not be subject to the privacy protections set forth in this Privacy Policy unless otherwise required by law. We encourage you to exercise caution when making decisions about what information you disclose in such public areas.

Is the form above one of those “public areas”? Of course. What wouldn’t be? And are they are not discouraging caution by requiring you to fill out all the personal data fields marked with a *? You betcha. See here:

III. How we use and share your information

A. To deliver services

In order to facilitate our delivery of advertising, analytics and other services, we may use and/or share the information we collect, including interest-based segments and user interest profiles containing demographic information, location information, gender, age, interest information and information about your computer, device, or group of devices, including your IP address, with our affiliates and third parties, such as our service providers, data processors, business partners and other third parties.

B. With third party clients and partners

Our online advertising services are used by advertisers, websites, applications and other companies providing online or internet connected advertising services. We may share information, including the information described in section III.A. above, with our clients and partners to enable them to deliver or facilitate the delivery of online advertising. We strive to ensure that these parties act in accordance with applicable law and industry standards, but we do not have control over these third parties. When you opt-out of our services, we stop sharing your interest-based data with these third parties. Click here for more information on opting out.

No need to bother opting out, by the way, because there’s this loophole too:

D. To complete a merger or sale of assets

If we sell all or part of our business or make a sale or transfer of our assets or are otherwise involved in a merger or transfer of all or a material part of our business, or participate in any other similar business combination (including, without limitation, in connection with any bankruptcy or similar proceeding), we may transfer all or part of our data to the party or parties involved in the transaction as part of that transaction. You acknowledge that such transfers may occur, and that we and any purchaser of our business or assets may continue to collect, use and disclose your information in compliance with this Privacy Policy.

Okay, let’s be fair: this is boilerplate. Every marketing company—hell, every company period—puts jive like this in their privacy policies.

And Viant isn’t one of marketing’s bad guys. Or at least that’s not how they see themselves. They do mean well, kinda, if you forget they see no alternative to tracking people.

If you want to see what’s in that report without leaking your ID info to the world, the short cut is New survey by people-based marketer Viant promotes marketing to identified users in @Martech_Today.

What you’ll see there is a company trying to be good to users in a world where those users have no more power than marketers give them. And giving marketers that ability is what Viant does.

Curious… will Viant’s business persist after the GDPR trains heavy ordnance on it?

See, the GDPR  forbids gathering personal data about an EU citizen without that person’s clear permission—no matter where that citizen goes in the digital world, meaning to any site or service anywhere. It arrives in full force, with fines of up to 4% of global revenues in the prior fiscal year, on 25 May of this year: about three months from now.

In case you’ve missed it, I’m not idle here.

To help give individuals fresh GDPR-fortified leverage, and to save the asses of companies like Viant (which probably has lawyers working overtime on GDPR compliance), I’m working with Customer Commons (on the board of which I serve) on terms individuals can proffer and companies can agree to, giving them a form of protection, and agreeable companies a path toward GDPR compliance. And companies should like to agree, because those terms will align everyone’s interests from the start.

I’m also working with Linux Journal (where I’ve recently been elevated to editor-in-chief) to make it one of the first publishers to agree to friendly terms its readers proffer. That’s why I posted Every User a Neo there. Other metaphors: turning everyone on the Net into an Archimedes, with levers to move the world, and turning the whole marketplace in to a Marvel-like universe where all of us are enhanced.

If you want to help with any of that, talk to me.

 

Linux Journal is folding.

Carlie Fairchild, who has run the magazine almost since it started in 1994, posted Linux Journal Ceases Publication today on the website. So far all of the comments have been positive, which they should be. Throughout its life, Linux Journal has been about as valuable as a trade pub can be, and it’s a damn shame to see it go. I just hope a way can be found to keep the site and the archives alive for the duration, as a living legacy.

I suppose a rescue might still be possible. But, as Carlie wrote in her post, “While we see a future like publishing’s past—a time when advertisers sponsor a publication because they value its brand and readers—the advertising world we have today would rather chase eyeballs, preferably by planting tracking beacons in readers’ browsers and zapping them with ads anywhere those readers show up. But that future isn’t here, and the past is long gone.”

I’m working hard at making that future happen (see the list below), and it bums me deeply that we didn’t succeeded in time to save Linux Journal. But here we are.

My own history with Linux Journal began when Phil Hughes pulled me into an email discussion of his plan to start a free software magazine. That was in 1993: twenty-four years ago. Phil ended that discussion when he announced, to everyone else’s surprise, that he had found this kid who had written a new version of UNIX that would likely take over the world. The kid was Linus Torvalds and his operating system was called Linux. I thought, what? But, as he was about so many things, Phil was right. Our first issue came out in April 1994, when Linux hit version 1.0. Linux Journal’s editor for that issue Bob Young, who left shortly after that to start Red Hat and much else. (I once asked Bob—by then a billionaire but no less a great guy—if Phil actually taught Bob how to spell Linux. Bob said yes.)

I first appeared on the masthead in 1996, and I haven’t left it since 1998. For many years I wrote the “Linux for Suits” column, and for many after that “EOF,” which ran inside the back cover. I also wrote a newsletter called “Suitwatch” and a spin-off blog called IT Garage (which you can still find at that link in the Internet Archive). I was the least technical of all Linux Journal‘s editors, but readers mostly seemed to appreciate my elevated but devoted perspective on Linux’s role in the world.

There were heady times in that history. Linux Journal succeeded fast, got fat during the dot-com craze in the late ’90s, and managed to survive the crash when many other rags went down. Remember Upside? Red Herring? The original FastCompany? (Tip your hat to Brewster Kahle and friends for the fossils of those you’ll still find in the Internet Archive.)

We can thank resourceful management and devoted subscribers for our persistence. And, of course, Linux itself. Today all 500 of the world’s top supercomputers run Linux. Since Android is built on Linux, most of the world’s smartphones run on Linux. Name a giant tech company (e.g. Google, Amazon, Akamai) and chances are the services it deploys run on Linux too. Month after month, Netcraft‘s Most Reliable Hosting Company Sites lists are either all-Linux or close enough. Linux is also embedded in countless devices, from clocks to wi-fi routers to flat-screen TVs.

In its own small but significant way, Linux Journal helped make that happen. Wish it could keep doing that, but alas.

So a hearty thanks to everyone who helped us through all those years. It’s been great, and will remain so.

Now, in hope that other publications might be saved, here are some of the posts and essays I’ve written toward that goal—and toward saving the advertising business from itself as well:

  1. Without aligning incentives, we can’t kill fake news or save journalism (15 September 2017 in Medium)
  2. An easy fix for a broken advertising system (12 October 2017 in Medium and in my blog)
  3. Let’s get some things straight about publishing and advertising (9 September 2017 and the same day in Medium)
  4. Good news for publishers and advertisers fearing the GDPR (3 September in ProjectVRM and 7 October in Medium).
  5. Publishers’ and advertisers’ rights end at a browser’s front door (17 June 2017 in Medium). It updates one of the 2015 blog posts below.
  6. How to plug the publishing revenue drain (9 June 2017 in Medium). It expands on the opening (#publishing) section of my Daily Tab for that date.
  7. Customertech Will Turn the Online Marketplace Into a Marvel-Like Universe in Which All of Us are Enhanced (29 May 2017 at ProjectVRM and in Medium)
  8. What if businesses agreed to customers’ terms and conditions? (28 April 2017)
  9. How are ad blockers affecting journalism? (My answer to a Quora question on 27 April 2017)
  10. The only way customers come first (26 April 2017 in Customer Commons)
  11. Brands need to fire adtech (23 March, and 25 March in Medium)
  12. The Problem with Content (1 March 2017 in Linux Journal)
  13. The Next Revolution in Advertising Will Be One Customers Lead (7 February 2017 in Medium)
  14. How True Advertising Can Save Journalism From Drowning in a Sea of Content (22 January 2017 in Medium and 26 January 2017 in my blog.)
  15. The problem for people isn’t advertising, and the problem for advertising isn’t blocking. The problem for both is tracking.(21 October 2016 and same date in Medium).
  16. It’s People vs. Advertising, not Publishers vs. Adblockers (26 August 2016 in ProjectVRM and 27 August 2016 in Medium)
  17. The cash model of customer experience (17 August 2016 and 18 August 2016 in Medium).
  18. If it weren’t for retargeting, we might not have adblocking (13 August 2016 in ProjectVRM and 15 August 2016 in Medium)
  19. The Castle Doctrine (19 June 2016 in ProjectVRM, and in Medium)
  20. Why #NoStalking is a good deal for publishers (11 May 2016, and in Medium)
  21. An invitation to settle matters with @Forbes, @Wired and other publishers (15 April 2016 and in Medium)
  22. TV Viewers to Madison Avenue: Please quit driving drunk on digital (14 Aprl 2016, and in Medium)
  23. The End of Internet Advertising as We’ve Known It(11 December 2015 in MIT Technology Review)
  24. Ad Blockers and the Next Chapter of the Internet (5 November in Harvard Business Review)
  25. How the Big Data Craze Will Play Out (1 November 2015 in Linux Journal)
  26. How #adblocking matures from #NoAds to #SafeAds (22 October 2015)
  27. Helping publishers and advertisers move past the ad blockade (11 October on the ProjectVRM blog)
  28. Dealing with Boundary Issues (1 October 2015 in Linux Journal)
  29. Beyond ad blocking — the biggest boycott in human history (28 Septemper 2015)
  30. A way to peace in the adblock war (21 September 2015, on the ProjectVRM blog)
  31. How adtech, not ad blocking, breaks the social contract (23 September 2015)
  32. Debugging adtext assumptions (18 September 2015)
  33. Separating advertising’s wheat and chaff (12 August 2015, and on 2 July 2016 in an updated version in Medium)
  34. On taking personalized ads personally (27 March 2015)
  35. Thoughts on tracking based advertising (18 February 2015)
  36. On marketing’s terminal addiction to data fracking and bad guesswork (10 January 2015)
  37. Privacy is personal (2 July 2014 in Linux Journal)
  38. What the ad biz needs is to exorcize direct marketing (6 October 2013)

Tags: , ,

symbiosis

Synopsis—Advertising supported publishing in the offline world by sponsoring it. In the online world, advertising has been body-snatched by adtech, which tracks eyeballs via files injected into apps and browsers, then shoots those eyeballs with “relevant” ads wherever the eyeballs show up. Adtech has with little or no interest in sponsoring a pub for the pub’s own worth. Worse, it encourages fake news (which is easier to produce than the real kind) and flooding the world with “content” rather than old-fashioned (and infinitely more worthwhile) editorial. When publishers agreed to funding by adtech, they sold their souls and their readers down a river full of fraud and malware, as well as indefensible manners. Fortunately, readers can bring both publishers and advertisers back into a soulful reunion. Helpfully, the GDPR makes it illegal not to, and that will be a huge issue as the deadline for compliance (next May 25th) approaches.


Yesterday Digiday published The GDPR will help or hurt publishers, depending on who you ask, by Ross Benes (@RossBenes). I was one of the people Ross asked, and the piece includes a quote from me. His question went this way:

I saw this blog you wrote about the topic.

http://blogs.harvard.edu/vrm/2017/09/03/good-news-for-publishers-and-advertisers-fearing-the-gdpr/

Do you think advertisers will pay enough for SafeAds to offset the losses publishers will have from selling fewer targeted ads due to privacy regs?

It’s a good question. (That’s what people say when they don’t have an answer, or can’t think of an easy one right away. But…) I thought about it, and replied with this:

Yes, and then some.

They’ll do it because there is more brand value to SafeAds.

The bigger question is for publishers: what business do they want to be in?

Do they want to operate barrels of “content” full of tracked fish baited there so adtech can shoot them with “interest-based” ads?

Or do they want to operate actual publications with good editorial that advertisers sponsor so their ads can be seen by readers who know those ads support the publication and are appropriate without being personal?

That’s the choice.

It helps that the second business — actual publishing — has been around for a couple hundred years, and even worked fine on the Web before publishers fell for the adtech sell.

Publishers sold a big piece of their soul when they consented to having their readers’ privacy violated, and with rampant impunity, by adtech. They also chose to ignore the fact that adtech is in the business of chasing eyeballs, not of sponsoring the good work publishers do, or of building brand reputation. (Which can’t be done by shooting people constantly with “interest-based” ads that mostly creep people out if they hit a bulls-eye.)

The GDPR, if it works like it should, will force publishers to fire adtech and normalize their relationship with readers. When that happens, publishers, advertisers, readers and agents for all three can start working out better business models than the creepy one we’ve had with adtech.

More of that in my People vs. Adtech series: http://j.mp/adbwars.

Ross quoted the first sentence of the second-to-last paragraph, which is probably the best one of the bunch he could have used. Most of the quotes he gathered from other folks in the biz were also very good. I study this topic a lot, and I still learned some new things. Hats off for that.

While I’m saluting what I just learned from Ross, however, I also want to visit some assumptions that surface in his piece. They aren’t his, but rather pretty much everybody’s, and that’s a problem. Here are four of them.

1) Consent can only go one way, meaning each of us should always be the ones consenting to terms proffered by sites and services. Here’s how Ross puts it:

The General Data Protection Regulation, which prevents brands from using a person’s data unless they have explicit permission to do so, could send more ad dollars to premium publishers that are more likely to obtain user consent than lower-quality publishers.

In fact consent can go the other way, meaning the publisher or advertiser can consent to our terms.

It is only because we made a Faustian bargain with client-server in 1995 that we remain stuck inside a model that assumes we “users” should always be second (and second-class) parties, with no choice but to agree as “clients” to terms proffered by server operators.

It helps that the Internet was designed so any one of us can be peers. This is an especially good design feature in the age that (at least I hope) begins with the GDPR.

One reason why I’m encouraged about the GDPR is that it says each of us can be “data controllers” as well as “data subjects.” (White & Case have a good unpacking of that, here.)

I visit the possibilities in Good news for publishers and advertisers fearing the GDPR (3 September in ProjectVRM), How to plug the publishing revenue drain (9 June 2017 in Medium), Why #NoStalking is a good deal for publishers (11 May 2016, and in Medium), How customers can debug business with one line of code (19 April 2016 in ProjectVRM and in Medium) and An invitation to settle matters with @Forbes, @Wired and other publishers (15 April 2016 and in Medium).

2) The choice is between “acceptable” and “unacceptable” ads (as Adblock Plus believes) or between “intrusive” ads and those that aren’t.

In fact the real choice is between ads based on tracking and those that aren’t (which I call #SafeAds in Good news for publishers and advertisers fearing the GDPR, and which are what you see in all non-digital commercial media).

Tracking is the reason ad blocking, which has been around since 2003, didn’t hockey-stick toward the sky until 2012. That was when publishers and advertisers, led by the IAB, gave the middle finger to Do Not Track, which was merely a polite request not to be tracked that people could express in their browsers.

I wrote about this in Ad Blockers and the Next Chapter of the Internet (5 November in Harvard Business Review) and Beyond ad blocking — the biggest boycott in human history (28 Septemper 2015). Here’s a graphic showing what happened:

I also unpack the difference between SafeAds and tracking based ones (aka adtech) in Separating advertising’s wheat and chaff (12 August 2015, and on 2 July 2016 in an updated version in Medium).

3) The best advertising is the most measurable, and is looking for a response from an individual.

That’s not true for advertising, but it is for direct response marketing (the wheat and chaff I talk about in the last cited piece). Unfortunately, as I say in that piece, “Madison Avenue fell asleep, direct response marketing ate its brain, and it woke up as an alien replica of itself.”

The outlines of that alien replica can be seen in what Ross cites here:

Eric Berry, CEO of native ad platform TripleLift, said the GDPR could lead to a reduction in programmatic ad spend because ad buyers will struggle to measure whether their ads lead to purchases. There’s uncertainty about how the law will be enforced, but if users have to give consent to individual publishers, demand-side platforms and attribution vendors, the attribution companies won’t likely have enough data to make accurate measurements, which will lead ad buyers to shift their dollars to other marketing tactics. This would hurt publishers that rely on programmatic ad revenue, he said.

There is a reason perhaps a $trillion has been spent on adtech and not one worldwide brand everyone can name has been created by it, much less sustained or helped in any way.

As Don Marti says, only real advertising can carry the full economic and creative signals required to create and sustain a brand. And, as Bob Hoffman hammers home constantly (and very artfully) in The Ad Contrarian, the ad industry’s equation of “digital” with tracking is based entirely on bullshit. (His term, and the right one.)

Direct response marketing, which began as junk mail, and which looks to measure results for every message, wasn’t designed for that, and can’t do it.

Calling direct response marketing advertising was one of the biggest mistakes the ad industry ever made and masks the real problem the GDPR invites, which is that we risk throwing out the SafeAds baby with the FakeAds (adtech) bathwater.

If all the GDPR leads publishers to do is (as Ross says in his piece) “use intrusive messages — like pop-ups or interstitials — to get user consent,” and the EU fails to fine publishers and their adtech funders for violating the spirit as well as the letter of the GDPR, the GDPR will be as big a fail as the useless cookie consent notices people see on European sites.

4) There’s nothing really wrong with adtech.

Pretty much everything is wrong about adtech, but perhaps the wrongest of the wrong is the problem Siva Vaidhyanathan (@sivasaid) visits in a NY Times piece titled Facebook Wins, Democracy Loses. Here’s a pull quote:

A core principle in political advertising is transparency — political ads are supposed to be easily visible to everyone, and everyone is supposed to understand that they are political ads, and where they come from. And it’s expensive to run even one version of an ad in traditional outlets, let alone a dozen different versions. Moreover, in the case of federal campaigns in the United States, the 2002 McCain-Feingold campaign-finance act requires candidates to state they approve of an ad and thus take responsibility for its content.

The bold-face is mine (or actually my wife’s, who found and highlighted it for me).

The economic signaling value of an ad comes from what it costs. Only a brand with a lot of heft can afford to sponsor a publication or a mainstream broadcaster. But it’s super-cheap to run ads that narrowcast to just a few people. Or to put up a fake news site. (Both are big reasons why journalism is now drowning in a sea of contentAdtech is what paid publishing to trade journalism for “content generation.” This is a cancer on advertising, publishing and journalism, and makes adtech the Agent Smith of digital.)

What’s more, adtech has created environments where micro-targeted ads and adtech-funded fake news can work very effectively to destroy brands.

Consider this possibility: Trump and his sympathizers succeeded in destroying Hillary Clinton’s brand, and there wasn’t a damn thing any of her own big-budget and big-media branding efforts (#SafeAds all) could do about it. (And try, if you are a Trump sympathizer, to ignore whatever you think about how much Hillary brought it on herself or deserved it. In badness of the smear-worthy sort, she has plenty of company, especially Trump. In using modern adtech and fake news methods, the Trump campaign and those helping it were very smart and effective.)

As Siva says in his Times piece,

Ads on [Facebook] meant for, say, 20- to 30-year-old home-owning Latino men in Northern Virginia would not be viewed by anyone else, and would run only briefly before vanishing. The potential for abuse is vast. An ad could falsely accuse a candidate of the worst malfeasance a day before Election Day, and the victim would have no way of even knowing it happened. Ads could stoke ethnic hatred and no one could prepare or respond before serious harm occurs.

Can the GDPR address that problem?

Yes, by supporting individuals (not mere “users” or “consumers”) operating as first parties, getting the good publishers to agree not to run ads like the ones Siva describes, and to open the floodgates to brand ads that actually sponsor those publications, rather than regarding them as bait for shooting tracked eyeballs.

I explain how this will work in What if businesses agreed to customers’ terms and conditions? (28 April 2017 in Medium) as well as in a number of posts in my People vs. Adtech series.

In the long run only the targets of advertising can stop advertisers and publishers from driving drunk on digital, and to start respecting the very people they’ve been abusing.

If that fails, we’ll finally get one answer to the question I asked in January of last year: What if we don’t need advertising at all?

crysalisIn The Adpocalypse: What it MeansVlogbrother Hank Green issues a humorous lament on the impending demise of online advertising. Please devote the next 3:54 of your life to watching that video, so you catch all his points and I don’t need to repeat them here.

Got them? Good.

All of Hank’s points are well-argued and make complete sense. They are also valid mostly inside the bowels of the Google beast where his video work has thrived for the duration, as well as inside the broadcast model that Google sort-of emulates. (That’s the one where “content creators” and “brands” live in some kind of partly-real and partly-imagined symbiosis.)

While I like and respect what the brothers are trying to do commercially inside Google’s belly, I also expect them, and countless other “content creators” will get partly or completely expelled after Google finishes digesting that market, and obeys its appetite for lucrative new markets that obsolesce its current one.

We can see that appetite at work now that Google Contributor screams agreement with ad blockers (which Google is also joining) and their half-billion human operators that advertising has negative value. This is at odds with the business model that has long sustained both YouTube and “content creators” who make money there.

So it now appears that being a B2B creature that sells eyeballs to advertisers is Google’s larval stage, and that Google intends to emerge from its chrysalis as a B2C creature that sells content directly to human customers. (And stays hedged with search advertising, which is really more about query-based notifications than advertising, and doesn’t require unwelcome surveillance that will get whacked by the GDPR anyway a year from now.) 

Google will do this two ways: 1) through Contributor (an “ad removal pass” you buy) and 2) through subscriptions to YouTube TV (a $35/month cable TV replacement) and/or YouTube Red ($9.99/month for “uninterrupted music, ad-free videos, and more”).

Contributor is a way for Google to raise its share of the adtech duopoly it comprises with Facebook. The two paid video offerings are ways for Google to maximize its wedge of a subscription pie also sliced up by Apple, Amazon, Netflix, HBO, ShowTime, all the ISPs and every publication you can name—and to do that before we all hit Peak Subscription. (Which I’m sure most of us can see coming. I haven’t written about it yet, but I have touched hard on it here and here.)

I hope the Vlogbrothers make money from YouTube Red once they’re behind that paywall. Or that they can sell their inventory outside all the silos, like some other creators do. Maybe they’ll luck out if EmanciPay or some other new and open customer-based way of paying for creative goods works out. Whether or not that happens, one or more of the new blockchain/distributed ledger/token systems will provide countless new ways that stuff will get offered and paid for in the world’s markets. Brave Payments is already pioneering in that space. (Get the Brave browser and give it a try.)

It helps to recognize that the larger context (in fact the largest one) is the Internet, not the Web (which sits on top of the Net), and not apps (which are all basically on loan from their makers and the distribution systems of Apple and Google). The Internet cannot be contained in, or reduced to, the feudal castles of Facebook and Google, which mostly live on the Web. Those are all provisional and temporary. Money made by and within them is an evanescent grace.

All the Net does is connect end points and pass data between them through any available path. This locates us on a second world alongside the physical one, where the distance between everything it connects rounds to zero. This is new to human experience and at least as transformative as language, writing, printing and electricity—and no less essential than any of those, meaning it isn’t going to go away, no matter how well the ISPs, governments and corporate giants succeed in gobbling up and spinctering business and populations inside their digestive tracts.

The Net is any-to-any, by any means, by design of its base protocols. This opens countless possibilities we have barely begun to explore, much less build out. It is also an experience for humanity that is not going to get un-experienced if some other base protocols replace the ones we have now.

I am convinced that we will find new ways in our connected environment to pay for goods and services, and to signal each other much more securely, efficiently and effectively than we do now. I am also convinced we will do all that in a two-party way rather than in the three-party ways that require platforms and bureaucracies. If this sounds like anarchy, well, maybe: yeah. I dunno. We already have something like that in many disrupted industries. (Some wise stuff got written about this by David Graeber in The Utopia of Rules.)

Not a day goes by that my mind isn’t blown by the new things happening that have not yet cohered into an ecosystem but still look like they can create and sustain many forms of economic and social life, new and old. I haven’t seen anything like this in tech since the late ’90s. And if that sounds like another bubble starting to form, yes it is. You see it clearly in the ICO market right now. (Look at what’s lined up so far. Wholly shit.)

But this one is bigger. It’s also going to bring down everybody whose business is guesswork filled with fraud and malware.

If you’re betting on which giants survive, hold Amazon and Apple. Short those other two.

allthenewsthatfitsintabs

#Publishing

When I heard that Backchannel would be moving to Wired while Google’s Contributor service (“buy an ad removal pass for the web”) was not only rolling out, but already deployed by some publishers (e.g. by Business Insider UK)—and while Wired (with the rest of Condé Nast) was still mistaking tracking protection for ad blocking (and hitting readers with the same lame interruptive shakedown popover I wrote about over a year ago)— I copied and pasted this section of the Daily Tab into Medium and expanded it into a piece titled How To Plug the Publishing Revenue Drain. I also wanted to get it up in advance of the Gillmor Gang webcast/podcast I’d be on that afternoon.

The (not so great) state of UK print advertising in 4 charts (Lucinda Southern @Lucy28Southern in DigiDay) Here they are:

uknewspaperevenue

Publishers can reverse that. Here’s how:

  1. Follow their customers’ lead. That means they should—
  2. Fire adtech (tracking-based advertising), which is full of fraud and malware, clogs data pipes, spies on people (which will soon be illegal in the EU thanks to the GDPR), and carries enormous operational and cognitive overhead for everybody. This will—
  3. Save journalism from drowning in a sea of content. (The problem with content is that it’s not editorial. It’s eyeball bait.) To do this publishers should—
  4. Agree to readers’ terms and conditions. These will live at Customer Commons (much as individuals’ copyright terms live at Creative Commons) and can be expressed in one line of code in the reader’s browser. The first and simplest term is called #NoStalking and says “just give me ads not based on tracking me.” These ads—simple brand ads—are far more valuable, and brand-supporting, than anything adtech has ever done, or ever can do. They also sponsor the publisher, which adtech also can’t do, because its actual business is chasing eyeballs. With #NoStalking, publishers will—
  5. Get cleaner, better and more supportive sponsorship from advertisers than they ever got from adtech. Agreeing not to stalk readers will also pave a way off the cattle ranches of Facebook and Google while also getting out of adtech’s bubble before it bursts. It will also respect The Castle Doctrine—for everybody involved, including readers, publishers, advertisers and intermediaries.

Bonus link: After Peak Marketing. And everything by Bob Hoffman (@adcontrarian), Don Marti (@dmarti), Augustine Fou, aka Ad Fraud Researcher (@acfou), WhiteOps (@WhiteOps), Dave Carroll (@profcarroll) and @MikkoKotila.

#Advertising vs. #Adtech

As Apple and Google take aim at ads, publishers tremble (Lucia Moses @lmoses in DigiDay)

De-blurring Lines Between ‘Ad Tech’ and Advertising (Daniel Meehan @MeehanDaniel in Martech Series). I’m kindly sourced: “…Doc Searls dug into what on earth brands are doing — and have been doing for years. He’s just as confused by this shift of advertisers effectively offloading their jobs to algorithms. Searls also calls for an end to ad tech, in favor of a return to “traditional” advertising approaches. The state of ad tech’s been killing media, too. And he wants to save it before we venture too far.”

Also by Daniel, this time in Martech TodayStop Calling ‘Ad Tech’ Advertising. Bonus link: Separating Advertising’s Wheat and Chaff.

Not listening to either Daniel or me:

#Random

Saturn is amazing. (Time)

Introducing FilterBubbler: A WebExtension built using React/Redux. Based on this idea by @dmarti. (Ean Schuessler in Mozilla Hacks) “The idea was to turn the tables on the kinds of sophisticated analysis that advertisers do with the everyday browsing activities we take for granted.”

 

 

archimedes120

On a mailing list that obsesses about All Things Networking, another member cited what he called “the Doc Searls approach” to something. Since it was a little off (though kind and well-intended), I responded with this (lightly edited):

The Doc Searls approach is to put as much agency as possible in the hands of individuals first, and self-organized groups of individuals second. In other words, equip demand to engage and drive supply on customers’ own terms and in their own ways.

This is supported by the wide-open design of TCP/IP in the first place, which at least models (even if providers don’t fully give us) an Archimedean place to stand, and a wide-open market for levers that help us move the world—one in which the practical distance between everyone and everything rounds to zero.

To me this is a greenfield that has been mostly fallow for the duration. There are exceptions (and encouraging those is my personal mission), but mostly what we live with are industrial age models that assume from the start that the most leveraged agency is central, and that all the most useful intelligence (lately with AI and ML being the most hyper-focused on and fantasized about) should naturally be isolated inside corporate giants with immense data holdings and compute factories.

Government oversight of these giants and what they do is nigh unthinkable, much less do-able. While regulators aplenty know and investigate the workings of oil refineries and nuclear power plants, there are no equivalents for Google’s, Facebook’s or Amazon’s vast refineries of data and plants doing AI, ML and much more. All the expertise is working for those companies or selling their skills in the marketplace. (The public minded work in universities, I suppose.) I don’t lament this, by the way. I just note that it pretty much can’t happen.

More importantly, we have seen, over and over, that compute powers of many kinds will be far more leveraged for all when individuals can apply them. We saw that when computing got personal, when the Internet gave everybody a place to operate on a common network that spanned the world, and when both could fit in a hand-held rectangle.

The ability for each of us to not only drive prices individually, but to retrieve the virtues of the bazaar to the networked marketplace, will eventually win out. In the meantime it appears the best we can do is imagine that the full graces of computing and networks are what only big companies can do for (and to) us.

Bonus link: a talk I gave last week in Munich.

So I thought it might be good to surface that here. At least it partly explains why I’ve been working more and blogging less lately.