marketing

You are currently browsing the archive for the marketing category.

The Rhetoric of War

October 19, 2022 in Cognitive Science, Internet, Linguistics, marketing, metaphor | Permalink

I wrote this more than a quarter century ago when Linux Journal was the only publication that would have me, and I posted unsold essays and wannabe columns at searls.com. These postings accumulated in this subdirectory for several years before Dave Winer got me to blog for real, starting here.

Interesting how much has changed since I wrote this, and how much hasn’t. Everything I said about metaphor applies no less than ever, even as all the warring parties mentioned have died or moved on to other activities, if not battles. (Note that there was no Google at this time, and the search engines mentioned exist only as fossils in posts such as this one.)

Perhaps most interesting is the paragraph about MARKETS ARE CONVERSATIONS. While that one-liner had no effect at the time, it became a genie that would not return to its bottle after Chris Locke, David Weinberger, Rick Levine and I put it in The Cluetrain Manifesto in 1999. In fact, I had been saying “markets are conversations” to no effect at least since the 1980s. Now join the conversation” is bullshit almost everywhere it’s uttered, but you can’t stop hearing it. Strange how that goes.

MAKE MONEY, NOT WAR
TIME TO MOVE PAST THE WAR METAPHORS OF THE INDUSTRIAL AGE

By Doc Searls
19 March 1997

“War isn’t an instinct. It’s an invention.”

“The metaphor is probably the most fertile power possessed by man.”

“Conversation is the socializing instrument par excellence.”

-José Ortega y Gasset

Patton lives

In the movie “Patton,” the general says, “Compared to war, all other forms of human endeavor shrink to insignificance.” In a moment of self-admonition, he adds, “God help me, I love it so.”

And so do we. For proof, all we have to do is pick up a trade magazine. Or better yet, fire up a search engine.

Altavista says more than one million documents on the Web contain the words MicrosoftNetscape, and war. Hotbot lists hundreds of documents titled “Microsoft vs. Netscape,” and twice as many titled “Netscape vs. Microsoft.”

It’s hard to find an article about the two companies that does not cast them as opponents battling over “turf,” “territory,” “sectors” and other geographies.

It’s also hard to start a conversation without using the same metaphorical premise. Intranet Design Magazine recently hosted a thread titled “Who’s winning?? Netscape vs. Microsoft.” Dave Shafer starts the thread with “Wondering what your informed opinion is on who is winning the internet war and what affects this will have on inter/intranet development.” The first respondent says, “sorry, i’m from a french country,” and “I’m searching for economical informations about the war between Microsoft and Netscape for the control of the WEB industrie.” Just as telling is a post by a guy named Michael, who says “Personaly I have both on my PC.”

So do I. Hey, I’ve got 80 megs of RAM and a 2 gig hard drive, so why not? I also have five ISPs, four word processors, three drawing programs, and two presentation packages. I own competing products from Apple, IBM, Microsoft, Netscape, Adobe, Yamaha, Sony, Panasonic, Aiwa, Subaru, Fisher Price and the University of Chicago — to name just a few I can see from where I sit. I don’t sense that buying and using any of these is a territorial act, a victory for one company, or a defeat for another.

But that doesn’t mean we don’t have those perceptions when we write and talk about companies and the markets where they compete. Clearly, we do, because we understand business — as we understand just about everything — in metaphorical terms. As it happens, our understanding of companies and markets is largely structured by the metaphors BUSINESS IS WAR and MARKETS ARE BATTLEFIELDS.

By those metaphors we share an understanding that companies fight battles over market territories that they attack, defend, dominate, yield or abandon. Their battlefields contain beachheads, bunkers, foxholes, sectors, streams, hills, mountains, swamps, streams, rivers, landslides, quagmires, mud, passages, roadblocks, and high ground. In fact, the metaphor BUSINESS IS WAR is such a functional conceptual system that it unconsciously pumps out clichés like a machine. And since sports is a sublimated and formalized kind of war, the distances between sports and war metaphors in business are so small that the vocabularies mix without clashing.

Here, I’ll pick up the nearest Business Week… it’s the January 13 issue. Let’s look at the High Technology section that starts on page 104. The topic is Software and the headline reads, “Battle stations! This industry is up for grabs as never before…” Here’s the first paragraph, with war and sports references capitalized: “Software was once an orderly affair in which a few PLAYERS called most of the shots. The industry had almost gotten used to letting Microsoft Corp. set the agenda in personal computing. But as the Internet ballooned into a $1 billion software business in 1996, HUGE NEW TERRITORIES came up for grabs. Microsoft enters the new year in a STRONG POSITION TO REASSERT CONTROL. But it will have to FIGHT OFF Netscape, IBM, Oracle and dozens of startups that are DESPERATELY STAKING OUT TURF on the Net. ‘Everyone is RACING TO FIND MARKET SPACE and get established…'”

Is this a good thing? Does it matter? The vocabularies of war and sports may be the most commonly used sources of metaphors, for everything from academic essays to fashion stories. Everybody knows war involves death and destruction, yet we experience little if any of that in the ordinary conduct of business, or even of violent activities such as sports.

So why should we concern ourselves with war metaphors, when we all know we don’t take them literally?

Two reasons. First, we do take them literally. Maybe we don’t kill each other, but the sentiments are there, and they do have influences. Second, war rarely yields positive sums, except for one side or another. The economy the Internet induces is an explosion of positive sums that accrue to many if not all participants. Doesn’t it deserve a more accurate metaphor?

For answers, let’s turn to George Lakoff.

The matter of Metaphor

“Answer true or false,” Firesign Theater says. “Dogs flew spaceships. The Aztecs invented the vacation… If you answered ‘false’ to any of these questions, then everything you know is wrong.”

This is the feeling you begin to get when you read George Lakoff, the foremost authority on the matter of metaphor. Lakoff is Professor of Linguistics and Cognitive Science at UC-Berkeley, the author of Women, Fire and Dangerous Things and Moral Politics: What Conservatives Know that Liberals Don’t. He is also co-author of Metaphors We Live By and More than Cool Reason. All are published by the University of Chicago Press.
Maybe that’s why they didn’t give us the real story in school. It would have been like pulling the pins out of a bunch of little hand grenades.

If Lakoff is right, the most important class you ignored in school was English — not because you need to know all those rules you forgot or books you never read, but because there’s something else behind everything you know (or think you know) and talk about. That something is a metaphor. (And if you think otherwise, you’re wrong.)

In English class — usually when the subject was poetry — they told us that meaning often arises out of comparison, and that three comparative devices are metaphorsimile, and analogy. Each compares one thing to another thing that is similar in some way:

  • Metaphors say one thing is another thing, such as “time is money,” “a computer screen is a desktop,” or (my favorite Burt Lancaster line) “your mind is a cookie of arsenic.”
  • Similes say one thing is like another thing, such as “gone like snow on the water” or “dumb as a bucket of rocks.”
  • Analogies suggest partial similarities between unalike things, as with “licorice is the liver of candy.”

But metaphor is the device that matters, because, as Lakoff says, “We may not always know it, but we think in metaphor.” And, more to the point, “Metaphors can kill.” Maybe that’s why they didn’t give us the real story in school. It would have been like pulling the pins out of a bunch of little hand grenades.

But now we’re adults, and you’d think we should know how safely to arm and operate a language device. But it’s not easy. Cognitive science is relatively new and only beginning to make sense of the metaphorical structures that give shape and meaning to our world. Some of these metaphors are obvious but many others are hidden. In fact, some are hidden so well that even a guru like Lakoff can overlook them for years.

Lakoff’s latest book, “Moral Politics: What Conservatives Know and Liberals Don’t,” was inspired by his realization that the reason he didn’t know what many conservatives were talking about was that, as a Liberal, he didn’t comprehend conservative metaphors. Dan Quayle’s applause lines went right past him.

After much investigation, Lakoff found that central to the conservative worldview was a metaphor of the state as a strict father and that the “family values” conservatives espouse are those of a strict father’s household: self-reliance, rewards and punishments, responsibility, respect for authority — and finally, independence. Conservatives under Ronald Reagan began to understand the deep connection between family and politics, while Liberals remained clueless about their own family metaphor — the “nurturant parent” model. Under Reagan, Lakoff says, conservatives drove the language of strict father morality into the media and the body politic. It won hearts and minds, and it won elections.

So metaphors matter, big time. They structure our perceptions, the way we make sense of the world, and the language we use to talk about things that happen in the world. They are also far more literal than poetry class would lead us to believe. Take the metaphor ARGUMENT IS WAR —

“It is important to see that we don’t just talk about arguments in terms of war. We can actually win or lose arguments. We see the person we are arguing with as an opponent. We attach kis decisions and defend our own. We gain and lose ground. We plan and use strategies… Many of the things we do in arguing are partially structured by the concept of war.” (From Metaphors We Live By)

In our culture argument is understood and structured by the war metaphor. But in other cultures it is not. Lakoff invites us to imagine a culture where argument is viewed as dance, participants as performers and the goal to create an aesthetically pleasing performance.

Right now we understand that “Netscape is losing ground in the browser battle,” because we see the browser business a territory over which Netscape and Microsoft are fighting a war. In fact, we are so deeply committed to this metaphor that the vocabularies of business and war reporting are nearly indistinguishable.

Yet the Internet “battlefield” didn’t exist a decade ago, and the software battlefield didn’t exist a decade before that. These territories were created out of nothingness. Countless achievements have been made on them. Victories have been won over absent or equally victorious opponents.

In fact, Netscape and Microsoft are creating whole new markets together, and both succeed mostly at nobody’s expense. Netscape’s success also owes much to the robust nature of the Windows NT Server platform.
The war stories we’re telling about the Internet are turning into epic lies.

At the same time Microsoft has moved forward in browsers, directory services, languages, object models and other product categories — mostly because it’s chasing Netscape in each of them.

Growing markets are positive-sum creations, while wars are zero-sum at best. But BUSINESS IS WAR is an massive metaphorical machine that works so well that business war stories almost write themselves. This wouldn’t be a problem if business was the same now as it was twenty or fifty years ago. But business is changing fast, especially where the Internet is involved. The old war metaphor just isn’t doing the job.

Throughout the Industrial Age, both BUSINESS IS WAR and MARKETS ARE BATTLEFIELDS made good structure, because most industries and markets were grounded in physical reality. Railroads, shipping, construction, automobiles, apparel and retail were all located in physical reality. Even the phone system was easily understood in terms of phones, wires and switches. And every industrial market contained finite labor pools, capital, real estate, opportunities and natural resources. Business really was war, and markets really were battlefields.

But the Internet is hardly physical and most of its businesses have few physical limitations. The Web doesn’t look, feel or behave like anything in the analog world, even though we are eager to describe it as a “highway” or as a kind of “space.” Internet-related businesses appear and grow at phenomenal rates. The year 1995 saw more than $100 billion in new wealth created by the Internet, most of it invested in companies that were new to the world, or close to it. Now new markets emerge almost every day, while existing markets fragment, divide and expand faster than any media can track them.

For these reasons, describing Internet business in physical terms is like standing at the Dawn of Life and describing new species in terms of geology. But that’s what we’re doing, and every day the facts of business and technology life drift farther away from the metaphors we employ to support them. We arrive at pure myth, and the old metaphors stand out like bones from a dry corpse.

Of course myths are often full of truth. Fr. Seán Olaoire says “there are some truths so profound only a story can tell them.” But the war stories we’re telling about the Internet are turning into epic lies.
Describing Internet business in physical terms is like standing at the Dawn of Life and describing new species in terms of geology.

What can we do about it?

First, there’s nothing we can do to break the war metaphor machine. It’s just too damn big and old and good at what it does. But we can introduce some new metaphors that make equally good story-telling machines, and tell more accurately what’s going on in this new business world.

One possibility is MARKETS ARE CONVERSATIONS. These days we often hear conversations used as synonyms for markets. We hear about “the privacy conversation” or “the network conversation.” We “talk up” a subject and say it has a lot of “street cred.” This may not be much, but it does accurately structure an understanding of what business is and how markets work in the world we are creating with the Internet.

Another is the CONDUIT metaphor. Lakoff credits Michael Reddy with discovering hidden in our discussions of language the implication of conduit structure:

Your thinking comes through loud and clear.
It’s hard to put my ideas into words
You can’t stuff ideas into a sentence
His words carry little meaning

The Net facilitates communication, and our language about communication implies contuits through which what we say is conveyed. The language of push media suggests the Net is less a centerless network — a Web — than a set of channels through which stuff is sent. Note the preposition. I suggest that we might look more closely at how much the conduit metaphor is implicit in what we say about push, channels and related subjects. There’s something to it, I think.

My problem with both CONDUIT and CHANNEL is that they don’t clearly imply positive sums, and don’t suggest the living nature of the Net. Businesses have always been like living beings, but in the Net environment they enjoy unprecedented fecundity. What’s a good metaphor for that? A jungle?

Whatever, it’s clearly not just a battlefield, regardless of the hostilities involved. It’s time to lay down our arms and and start building new conceptual machines. George Lakoff will speak at PC Forum next week. I hope he helps impart some mass to one or more new metaphorical flywheels. Because we need to start telling sane and accurate stories about our businesses and our markets.

If we don’t, we’ll go on shooting at each other for no good reason.

Links

Here are a few links into the worlds of metaphor and cognitive science. Some of this stuff is dense and heavy; but hey, it’s not an easy subject. Just an important one..

I also explored the issue of push media in Shoveling Push and When Push Becomes Shove. And I visited the Microsoft vs. Netscape “war” in Microsoft + Netscape: The Real Story. All three are in Reality 2.0.

The most important standard in development today

October 11, 2022 in advertising, Business, data, intention economy, Internet, marketing | Permalink

agree not to track

It’s P7012: Standard for Machine Readable Personal Privacy Terms, which “identifies/addresses the manner in which personal privacy terms are proffered and how they can be read and agreed to by machines.”

P7012 is being developed by a working group of the IEEE. Founded in 1963, the IEEE is the largest association of technical professionals in the world and is serious in the extreme.

This standard will guide the way the companies of the world agree to your terms. Not how you agree to theirs. We have the latter “system” right now and it is failing utterly, massively, and universally. Let me explain.

First, company privacy policies aren’t worth the pixels they’re printed on. They can change on a whim, and there is nothing binding about them anyway.

Second, the system of “agreements” we have today do nothing more than put fig leaves over the hard-ons companies have for information about you: information you give up when you agree to a consent notice.

Consent notices are those banners or pop-overs that site owners use to halt your experience and shake down consent to violations of your privacy. There’s usually a big button that says ACCEPT, and some smaller print with a link going to “settings.” Those urge you to switch on or off the “necessary,” “functional,” “performance,” and “targeting” or “marketing” cookies that the site would like to jam into your browser.

Regardless of what you “choose,” there are no simple or easy ways to discover or dispute violations of your “agreement” to anything. Worse, you have to do this with nearly every freaking website you encounter, universalizing the meaninglessness of the whole thing.

But what if sites and services agreed to your terms, soon as you show up?

We have that in the natural world, where it is impolite in the extreme to look under the personal privacy protections called clothing. Or to penetrate other personal privacy protections, such as shelter, doors, shades, and locks. Or to plant tracking beacons on people to follow them like marked animals. There are social contracts forbidding all of those. We expect that contract to be respected, and for the most part it is.

But we have no such social contracts on the Net. In fact, we have the opposite: a feeding frenzy on private information about us, made possible by our powerlessness to stop it, plus boundless corporate rationalization.

We do have laws meant to reduce that frenzy by making some of it illegal. Others are in the works, most notably in Europe. What they have done to stop it so far rounds to zero. In his latest book, ADSCAM: How Online Advertising Gave Birth to One of History’s Greatest Frauds, and Became a Threat to Democracy, Bob Hoffman has a much more sensible and effective policy suggestion than any others we’ve seen: simply ban tracking.

While we wait for that, we can use the same kind of tool that companies are using: a simple contract. Sign here. Electronically. That’s what P7012 will standardize.

There is nothing in the architecture of the Net or the Web to prevent a company from agreeing to personal terms.

In fact, at its base—in the protocol called TCP/IP—the Internet is a peer-to-peer system. It does not consign us to subordinate status as mere “users,” “consumers,” “eyeballs,” or whatever else marketers like to call us.

To perform as full peers in today’s online world, we need easy ways for company machines to agree to the same kind of personal terms we express informally in the natural world. That’s what P7012 will make possible.

I’m in that working group, and we’ve been at it for more than two years. We expect to have it done in the next few months. If you want to know more about it, or to help, talk to me.

And start thinking about what kind of standard-form and simple terms a person might proffer: ones that are agreeable to everyone. Because we will need them. And when we get them, surveillance capitalism can finally be replaced by a much larger and friendlier economy: one based on actual customer intentions rather than manipulations based on guesswork and horrible manners.

One candidate is #NoStalking, aka P2B1beta. #NoStalking was developed with help from the Cyberlaw Clinic at Harvard Law School and the Berkman Klein Center, and says “Just give me ads not based on tracking me.” In other words, it does permit advertising and welcomes sites and services making money that way. (This is how the advertising business worked for many decades before it started driving drunk on personal data.)

Constructive and friendly agreements such as #NoStalking will help businesses withdraw from their addiction to tracking, and make it easier for businesses to hear what people actually want.

Tags:

Just in case you feel safe with Twitter

January 26, 2021 in adtech, advertising, Business, data, marketing, personal data, privacy, problems, publishing, Technology | Permalink

Just got a press release by email from David Rosen (@firstpersonpol) of the Public Citizen press office. The headline says “Historic Grindr Fine Shows Need for FTC Enforcement Action.” The same release is also a post in the news section of the Public Citizen website. This is it:

WASHINGTON, D.C. – The Norwegian Data Protection Agency today fined Grindr $11.7 million following a Jan. 2020 report that the dating app systematically violates users’ privacy. Public Citizen asked the Federal Trade Commission (FTC) and state attorneys general to investigate Grindr and other popular dating apps, but the agency has yet to take action. Burcu Kilic, digital rights program director for Public Citizen, released the following statement:

“Fining Grindr for systematic privacy violations is a historic decision under Europe’s GDPR (General Data Protection Regulation), and a strong signal to the AdTech ecosystem that business-as-usual is over. The question now is when the FTC will take similar action and bring U.S. regulatory enforcement in line with those in the rest of the world.

“Every day, millions of Americans share their most intimate personal details on apps like Grindr, upload personal photos, and reveal their sexual and religious identities. But these apps and online services spy on people, collect vast amounts of personal data and share it with third parties without people’s knowledge. We need to regulate them now, before it’s too late.”

The first link goes to Grindr is fined $11.7 million under European privacy law, by Natasha Singer (@NatashaNYT) and Aaron Krolik. (This @AaronKrolik? If so, hi. If not, sorry. This is a blog. I can edit it.) The second link goes to a Public Citizen post titled Popular Dating, Health Apps Violate Privacy.

In the emailed press release, the text is the same, but the links are not. The first is this:

https://default.salsalabs.org/T72ca980d-0c9b-45da-88fb-d8c1cf8716ac/25218e76-a235-4500-bc2b-d0f337c722d4

The second is this:

https://default.salsalabs.org/Tc66c3800-58c1-4083-bdd1-8e730c1c4221/25218e76-a235-4500-bc2b-d0f337c722d4

Why are they not simple and direct URLs? And who is salsalabs.org?

You won’t find anything at that link, or by running a whois on it. But I do see there is a salsalabs.com, which has  “SmartEngagement Technology” that “combines CRM and nonprofit engagement software with embedded best practices, machine learning, and world-class education and support.” since Public Citizen is a nonprofit, I suppose it’s getting some “smart engagement” of some kind with these links. PrivacyBadger tells me Salsalabs.com has 14 potential trackers, including static.ads.twitter.com.

My point here is that we, as clickers on those links, have at best a suspicion about what’s going on: perhaps that the link is being used to tell Public Citizen that we’ve clicked on the link… and likely also to help target us with messages of some sort. But we really don’t know.

And, speaking of not knowing, Natasha and Aaron’s New York Times story begins with this:

The Norwegian Data Protection Authority said on Monday that it would fine Grindr, the world’s most popular gay dating app, 100 million Norwegian kroner, or about $11.7 million, for illegally disclosing private details about its users to advertising companies.

The agency said the app had transmitted users’ precise locations, user-tracking codes and the app’s name to at least five advertising companies, essentially tagging individuals as L.G.B.T.Q. without obtaining their explicit consent, in violation of European data protection law. Grindr shared users’ private details with, among other companies, MoPub, Twitter’s mobile advertising platform, which may in turn share data with more than 100 partners, according to the agency’s ruling.

Before this, I had never heard of MoPub. In fact, I had always assumed that Twitter’s privacy policy either limited or forbid the company from leaking out personal information to advertisers or other entities. Here’s how its Private Information Policy Overview begins:

You may not publish or post other people’s private information without their express authorization and permission. We also prohibit threatening to expose private information or incentivizing others to do so.

Sharing someone’s private information online without their permission, sometimes called doxxing, is a breach of their privacy and of the Twitter Rules. Sharing private information can pose serious safety and security risks for those affected and can lead to physical, emotional, and financial hardship.

On the MoPub site, however, it says this:

MoPub, a Twitter company, provides monetization solutions for mobile app publishers and developers around the globe.

Our flexible network mediation solution, leading mobile programmatic exchange, and years of expertise in mobile app advertising mean publishers trust us to help them maximize their ad revenue and control their user experience.

The Norwegian DPA apparently finds a conflict between the former and the latter—or at least in the way the latter was used by Grinder (since they didn’t fine Twitter).

To be fair, Grindr and Twitter may not agree with the Norwegian DPA. Regardless of their opinion, however, by this point in history we should have no faith that any company will protect our privacy online. Violating personal privacy is just too easy to do, to rationalize, and to make money at.

To start truly facing this problem, we need start with a simple fact: If your privacy is in the hands of others alone, you don’t have any. Getting promises from others not to stare at your naked self isn’t the same as clothing. Getting promises not to walk into your house or look in your windows is not the same as having locks and curtains.

In the absence of personal clothing and shelter online, or working ways to signal intentions about one’s privacy, the hands of others alone is all we’ve got. And it doesn’t work. Nor do privacy laws, especially when enforcement is still so rare and scattered.

Really, to potential violators like Grindr and Twitter/MoPub, enforcement actions like this one by the Norwegian DPA are at most a little discouraging. The effect on our experience of exposure is still nil. We are exposed everywhere, all the time, and we know it. At best we just hope nothing bad happens.

The only way to fix this problem is with the digital equivalent of clothing, locks, curtains, ways to signal what’s okay and what’s not—and to get firm agreements from others about how our privacy will be respected.

At Customer Commons, we’re starting with signaling, specifically with first party terms that you and I can proffer and sites and services can accept.

The first is called P2B1, aka #NoStalking. It says “Just give me ads not based on tracking me.” It’s a term any browser (or other tool) can proffer and any site or service can accept—and any privacy-respecting website or service should welcome.

Making this kind of agreement work is also being addressed by IEEE7012, a working group on machine-readable personal privacy terms.

Now we’re looking for sites and services willing to accept those terms. How about it, Twitter, New York Times, Grindr and Public Citizen? Or anybody.

DM us at @CustomerCommons and we’ll get going on it.

 

Time for advertising to call off the dogs

August 4, 2020 in adtech, advertising, Journalism, marketing, publishing | 2 comments

Is this the way you want your brand to look?

Digital advertising needs to sniff its own stench, instead of everybody’s digital butts.

A sample of that stench is wafting through the interwebs from  the Partnership for Responsible Addressable Media, an ad industry bullphemism for yet another way to excuse the urge to keep tracking people against their wishes (and simple good manners) all over the digital world.

This new thing is a granfalloon conjured by the Association of National Advertisers (aka the ANA) and announced today in the faux-news style of the press release (which it no doubt also is) at the first link above. It begins,

AD INDUSTRY LAUNCHES “PARTNERSHIP FOR RESPONSIBLE ADDRESSABLE MEDIA” TO ENSURE FUTURE OF DIGITAL MEDIA FOR BUSINESSES & CONSUMERS
Governing Group of Industry Leaders Includes 4A’s, ANA, IAB, IAB Tech Lab, NAI, WFA, P&G, Unilever, Ford, GM, IBM, NBCUniversal, IPG, Publicis, Adobe, LiveRamp, MediaMath, The Trade Desk

NEW YORK (August 4, 2020) — Leading trade associations and companies representing every sector of the global advertising industry today joined together to launch the Partnership for Responsible Addressable Media, an initiative to advance and protect critical functionalities like customization and analytics for digital media and advertising, while safeguarding privacy and improving the consumer experience. The governing group of the Partnership will include the most influential organizations in advertising.

I learned about this from @WendyDavis, who wrote this piece in MediaPostNiemanLab summarizes what she reports with a tweet that reads, “A new ad-industry group will lobby Google and Apple to let them track users just a wee bit more, please and thank you.”

Writes Wendy,

The group will soon reach out to browser developers and platforms, in hopes of convincing them to rethink recent decisions that will limit tracking, according to Venable attorney Stu Ingis, who will head the legal and policy working group.

“These companies are taking huge positions that impact the entire economy — the entire media ecosystem — with no real input from the media ecosystem,” Ingis says.

As if the “entire media ecosystem” doesn’t contain the billions of humans being tracked.

Well, here’s a fact: ad blocking, which was already the biggest boycott in world history five years ago, didn’t happen in a vacuum. Even though ad blockers had been available since 2004, use of them didn’t hockey-stick until 2012-13, exactly when adtech and its dependents in publishing gave the middle finger to Do Not Track, which was nothing more than a polite request, expressed by a browser, for some damn privacy while we go about our lives online. See this in Harvard Business Review:

Here’s another fact: the browser makers actually care about their users, some of whom are paying customers (for example with Apple and Microsoft). They know what we want and need, and are giving it to us. Demand and supply at work.

The GDPR and the CCPA also didn’t happen in a vacuum. Both laws were made to protect citizens from exactly what adtech (tracking based advertising) does. And, naturally, the ad biz has been working mightily to obey the letter of those laws while violating their spirit. Why else would we be urged by cookie notices everywhere to “accept” exactly what we’ve made very clear that we don’t want?

So here are some helpful questions from the world’s billions to the brands now paying to have us followed like marked animals:

Have you noticed that not a single brand known to the world has been created by tracking people and aiming ads at them—even after spending a $trillion or two on doing that?

Have you noticed that nearly all the world’s major brands became known through advertising that not only didn’t track people, but sponsored journalism as well?

Have you noticed that tracking people and directing personalized messages at them—through “addressable media”—is in fact direct marketing, which we used to call junk mail?

Didn’t think so.

Time to get the clues, ad biz. Brands too.

Start with The Cluetrain Manifesto, which says, if you only have time for one clue this year, this is the one to get…

we are not seats or eyeballs or end users or consumers.
we are human beings — and our reach exceeds your grasp.
deal with it.

That year was 1999.

If advertising and marketing had bothered to listen back then, they might not be dealing today with the GDPR, the CCPA, and the earned dislike of billions.

Next, please learn (or re-learn) the difference between real advertising and the junk message business. Find that lesson in Separating Advertising’s Wheat and Chaff. An excerpt:

See, adtech did not spring from the loins of Madison Avenue. Instead its direct ancestor is what’s called direct response marketing. Before that, it was called direct mail, or junk mail. In metrics, methods and manners, it is little different from its closest relative, spam.

Direct response marketing has always wanted to get personal, has always been data-driven, has never attracted the creative talent for which Madison Avenue has been rightly famous. Look up best ads of all time and you’ll find nothing but wheat. No direct response or adtech postings, mailings or ad placements on phones or websites.

Yes, brand advertising has always been data-driven too, but the data that mattered was how many people were exposed to an ad, not how many clicked on one — or whether you, personally, did anything.

And yes, a lot of brand advertising is annoying. But at least we know it pays for the TV programs we watch and the publications we read. Wheat-producing advertisers are called “sponsors” for a reason.

So how did direct response marketing get to be called advertising ? By looking the same. Online it’s hard to tell the difference between a wheat ad and a chaff one.

Remember the movie “Invasion of the Body Snatchers?” (Or the remake by the same name?) Same thing here. Madison Avenue fell asleep, direct response marketing ate its brain, and it woke up as an alien replica of itself.

That’s what had happened to the ANA in 2018, when it acquired what had been the Direct Marketing Association (aka DMA) and which by then called itself the Data & Marketing Association.

The Partnership for Responsible Addressable Media speaks in the voice of advertising’s alien replica. It does not “safeguard essential values in advertising as a positive economic force.” Instead it wants to keep using “addressable” advertising as the primary instrument of surveillance capitalism.

Maybe it’s too late to save advertising from its alien self. But perhaps not, if what’s left of advertising’s soul takes the writings of Bob Hoffman (@AdContrarian) to heart. That’s the only way I know for advertising to clean up its act.

 

 

So far, privacy isn’t a debate

June 22, 2020 in adtech, advertising, Journalism, Law, marketing, personal data, problems, publishing, Technology, VRM | Permalink

door knocker

Remember the dot com boom?

Doesn’t matter if you don’t. What does matter is that it ended. All business manias do.

That’s why we can expect the “platform economy” and “surveillance capitalism” to end. Sure, it’s hard to imagine that when we’re in the midst of the mania, but the end will come.

When it does, we can have a “privacy debate.” Meanwhile, there isn’t one. In fact there can’t be one, because we don’t have privacy in the online world.

We do have privacy in the offline world, and we’ve had it ever since we invented clothing, doors, locks and norms for signaling what’s okay and what’s not okay in respect to our personal spaces, possessions and information.

That we hardly have the equivalent in the networked world doesn’t mean we won’t. Or that we can’t. The Internet in its current form was only born in the mid-’90s. In the history of business and culture, that’s a blip.

Really, it’s still early.

So, the fact that websites, network services, phone companies, platforms, publishers, advertisers and governments violate our privacy with wanton disregard for it doesn’t mean we can’t ever stop them. It means we haven’t done it yet, because we don’t have the tech for it. (Sure, some wizards do, but muggles don’t. And most of us are muggles.)

And, since we don’t have privacy tech yet, we lack the simple norms that grow around technologies that give us ways signal our privacy preferences. We’ll get those when we have the digital equivalents of buttons, zippers, locks, shades, curtains, door knockers and bells.

This is what many of us have been working on at ProjectVRM, Customer Commons, the Me2B Alliance, MyData and other organizations whose mission is getting each of us the tech we need to operate at full agency when dealing with the companies and governments of the world.

I bring all this up as a “Yes, and” to a piece in Salon by Michael Corn (@MichaelAlanCorn), CISO of UCSD, titled We’re losing the war against surveillance capitalism because we let Big Tech frame the debate. Subtitle: “It’s too late to conserve our privacy — but to preserve what’s left, we must stop defining people as commodities.”

Indeed. And we do need the “optimism and activism” he calls for. In the activism category is code. Specifically, code that gives us the digital equivalents of buttons, zippers, locks, shades, curtains, door knockers and bells

Some of those are in the works. Others are not—yet. But they will be. Inevitably. Especially now that it’s becoming clearer every day that we’ll never get them from any system with a financial interest in violating it*. Or from laws that fail at protecting it.

If you want to help, join one or more of the efforts in the links four paragraphs up. And, if you’re a developer already on the case, let us know how we can help get your solutions into each and all of our digital hands.

For guidance, this privacy manifesto should help. Thanks.

*Especially publishers such as Salon, which Privacy Badger tells me tries to pump 20 potential trackers into my browser while I read the essay cited above. In fact, according to WhoTracksMe.com, Salon tends to run 204 tracking requests per page load, and the vast majority of those are for tracking-based advertising purposes. And Salon is hardly unique. Despite the best intentions of the GDPR and the CCPA, surveillance capitalism remains fully defaulted on the commercial Web—and will continue to remain entrenched until we have the privacy tech we’ve needed from the start.

For more on all this, see People vs. Adtech.

Zoom’s new privacy policy

March 30, 2020 in adtech, advertising, Business, conferencing, data, education, marketing, problems | 4 comments

Yesterday (March 29), Zoom updated its privacy policy with a major rewrite. The new language is far more clear than what it replaced, and which had caused the concerns I detailed in my previous three posts:

  1. Zoom needs to clean up its privacy act,
  2. More on Zoom and privacy, and
  3. Helping Zoom

Those concerns were shared by Consumer ReportsForbes and others as well. (Here’s Consumer Reports‘ latest on the topic.)

Mainly the changes clarify the difference between Zoom’s services (what you use to conference with other people) and its websites, zoom.us and zoom.com (which are just one site: the latter redirects to the former). As I read the policy, nothing in the services is used for marketing. Put another way, your Zoom sessions are firewalled from adtech, and you shouldn’t worry about personal information leaking to adtech (tracking based advertising) systems.

The websites are another matter. Zoom calls those websites—its home pages—”marketing websites.” This, I suppose, is so they can isolate their involvement with adtech to their marketing work.

The problem with this is an optical one: encountering a typically creepy cookie notice and opting gauntlet (which still defaults hurried users to “consenting” to being tracked through “functional” and “advertising” cookies) on Zoom’s home page still conveys the impression that these consents, and these third parties, work across everything Zoom does, and not just its home pages.

And why call one’s home on the Web a “marketing website”—even if that’s mostly what it is? Zoom is classier than that.

My advice to Zoom is to just drop the jive. There will be no need for Zoom to disambiguate services and websites if neither is involved with adtech at all. And Zoom will be in a much better position to trumpet its commitment to privacy.

That said, this privacy policy rewrite is a big help. So thank you, Zoom, for listening.

 

Helping Zoom

March 29, 2020 in adtech, advertising, Business, conferencing, marketing, Pandemic, problems, Technology, VRM | 3 comments

[This is the third of four posts. The last of those, Zoom’s new privacy policy, visits the company’s positive response to input such as mine here. So you might want to start with that post (because it’s the latest) and look at the other three, including this one, after that.]

I really don’t want to bust Zoom. No tech company on Earth is doing more to keep civilization working at a time when it could so easily fall apart. Zoom does that by providing an exceptionally solid, reliable, friendly, flexible, useful (and even fun!) way for people to be present with each other, regardless of distance. No wonder Zoom is now to conferencing what Google is to search. Meaning: it’s a verb. Case in point: between the last sentence and this one, a friend here in town sent me an email that began with this:

That’s a screen shot.

But Zoom also has problems, and I’ve spent two posts, so far, busting them for one of those problems: their apparent lack of commitment to personal privacy:

  1. Zoom needs to cleanup its privacy act
  2. More on Zoom and privacy

With this third post, I’d like to turn that around.

I’ll start with the email I got yesterday from a person at a company engaged by Zoom for (seems to me) reputation management, asking me to update my posts based on the “facts” (his word) in this statement:

Zoom takes its users’ privacy extremely seriously, and does not mine user data or sell user data of any kind to anyone. Like most software companies, we use third-party advertising service providers (like Google) for marketing purposes: to deliver tailored ads to our users about Zoom products the users may find interesting. (For example, if you visit our website, later on, depending on your cookie preferences, you may see an ad from Zoom reminding you of all the amazing features that Zoom has to offer). However, this only pertains to your activity on our Zoom.us website. The Zoom services do not contain advertising cookies. No data regarding user activity on the Zoom platform – including video, audio and chat content – is ever used for advertising purposes. If you do not want to receive targeted ads about Zoom, simply click the “Cookie Preferences” link at the bottom of any page on the zoom.us site and adjust the slider to ‘Required Cookies.’

I don’t think this squares with what Zoom says in the “Does Zoom sell Personal Data?” section of its privacy policy (which I unpacked in my first post, and that Forbes, Consumer Reports and others have also flagged as problematic)—or with the choices provided in Zoom’s cookie settings, which list 70 (by my count) third parties whose involvement you can opt into or out of (by a set of options I unpacked in my second post). The logos in the image above are just 16 of those 70 parties, some of which include more than one domain.

Also, if all the ads shown to users are just “about Zoom,” why are those other companies in the picture at all? Specifically, under “About Cookies on This Site,” the slider is defaulted to allow all “functional cookies” and “advertising cookies,” the latter of which are “used by advertising companies to serve ads that are relevant to your interests.” Wouldn’t Zoom be in a better position to know your relevant (to Zoom) interests, than all those other companies?

More questions:

  1. Are those third parties “processors” under GDPR, or “service providers by the CCPAs definition? (I’m not an authority on either, so I’m asking.)
  2. How do these third parties know what your interests are? (Presumably by tracking you, or by learning from others who do. But it would help to know more.)
  3. What data about you do those companies give to Zoom (or to each other, somehow) after you’ve been exposed to them on the Zoom site?
  4. What targeting intelligence do those companies bring with them to Zoom’s pages because you’re already carrying cookies from those companies, and those cookies can alert those companies (or others, for example through real time bidding auctions) to your presence on the Zoom site?
  5. If all Zoom wants to do is promote Zoom products to Zoom users (as that statement says), why bring in any of those companies?

Here is what I think is going on (and I welcome corrections): Because Zoom wants to comply with GDPR and CCPA, they’ve hired TrustArc to put that opt-out cookie gauntlet in front of users. They could just as easily have used Quantcast‘s system, or consentmanager‘s, or OneTrust‘s, or somebody else’s.

All those services are designed to give companies a way to obey the letter of privacy laws while violating their spirit. That spirit says stop tracking people unless they ask you to, consciously and deliberately. In other words, opting in, rather than opting out. Every time you click “Accept” to one of those cookie notices, you’ve just lost one more battle in a losing war for your privacy online.

I also assume that Zoom’s deal with TrustArc—and, by implication, all those 70 other parties listed in the cookie gauntlet—also requires that Zoom put a bunch of weasel-y jive in their privacy policy. Which looks suspicious as hell, because it is.

Zoom can fix all of this easily by just stopping it. Other companies—ones that depend on adtech (tracking-based advertising)—don’t have that luxury. But Zoom does.

If we take Zoom at its word (in that paragraph they sent me), they aren’t interested in being part of the adtech fecosystem. They just want help in aiming promotional ads for their own services, on their own site.

Three things about that:

  1. Neither the Zoom site, nor the possible uses of it, are so complicated that they need aiming help from those third parties.
  2. Zoom is the world’s leading sellers’ market right now, meaning they hardly need to advertise at all.
  3. Being in adtech’s fecosystem raises huge fears about what Zoom and those third parties might be doing where people actually use Zoom most of the time: in its app. Again, Consumer Reports, Forbes and others have assumed, as have I, that the company’s embrasure of adtech in its privacy policy means that the same privacy exposures exist in the app (where they are also easier to hide).

By severing its ties with adtech, Zoom can start restoring people’s faith in its commitment to personal privacy.

There’s a helpful model for this: Apple’s privacy policy. Zoom is in a position to have a policy like that one because, like Apple, Zoom doesn’t need to be in the advertising business. In fact, Zoom could follow Apple’s footprints out of the ad business.

And then Zoom could do Apple one better, by participating in work going on already to put people in charge of their own privacy online, at scale. In my last post. I named two organizations doing that work. Four more are the Me2B Alliance, Kantara, ProjectVRM, and MyData.

I’d be glad to help with that too. If anyone at zoom is interested, contact me directly this time. Thanks.

 

 

 

More on Zoom and privacy

March 28, 2020 in advertising, conferencing, marketing, problems, Social | 5 comments

[This is the second of four posts. The last of those, Zoom’s new privacy policy., visits the company’s positive response to input such as mine here. So you might want to start with that post (because it’s current) and look at the other three, including this one, after that.]

Zoom needs to clean up its privacy act, which I posted yesterday, hit a nerve. While this blog normally gets about 50 reads a day, by the end of yesterday it got more than 16000. So far this morning (11:15am Pacific), it has close to 8000 new reads. Most of those owe to this posting on Hacker News, which topped the charts all yesterday and has 483 comments so far. If you care about this topic, I suggest reading them.

Also, while this was going down, as a separate matter (with a separate thread on Hacker News), Zoom got busted for leaking personal data to Facebook, and promptly plugged it. Other privacy issues have also come up for Zoom. For example, this one.

But I want to stick to the topic I raised yesterday, which requires more exploration, for example into how one opts out from Zoom “selling” one’s personal data. This morning I finished a pass at that, and here’s what I found.

First, by turning off Privacy Badger on Chrome (my main browser of the moment) I got to see Zoom’s cookie notice on its index page, https://zoom.us/. (I know, I should have done that yesterday, but I didn’t. Today I did, and we proceed.) It said,

To opt out of Zoom making certain portions of your information relating to cookies available to third parties or Zoom’s use of your information in connection with similar advertising technologies or to opt out of retargeting activities which may be considered a “sale” of personal information under the California Consumer Privacy Act (CCPA) please click the “Opt-Out” button below.

The buttons below said “Accept” (pre-colored a solid blue, to encourage a yes), “Opt-Out” and “More Info.” Clicking “Opt-Out” made the notice disappear, revealing, in the tiny print at the bottom of the page, linked text that says “Do Not Sell My Personal Information.” Clicking on that link took me to the same place I later went by clicking on “More Info”: a pagelet (pop-over) that’s basically an opt-in notice:

By clicking on that orange button, you’ve opted in… I think. Anyway, I didn’t click it, but instead clicked on a smaller and less noticeable “advanced settings” link off to the right. This took me to a pagelet with this:

The “view cookies” links popped down to reveal 16 CCPA Opt-Out “Required Cookies,” 23 “Functional Cookies,” and 47 “Advertising Cookies.” You can’t separately opt out or in of the “required” ones, but you can do that with the other 70 in the sections below. It’s good, I suppose, that these are defaulted to “Out.” (Or seem to be, at least to me.)

So I hit the “Submit Preferences” button and got this:

All the pagelets say “Powered by TrustArc,” by the way. TrustArc is an off-the-shelf system for giving companies a way (IMHO) to obey the letter of the GDPR while violating its spirit. These systems do that by gathering “consents” to various cookie uses. I’m suppose Zoom is doing all this off a TrustArc API, because one of the cookies it wants to give me (blocked by Privacy Badger before I disabled that) is called “consent.trustarc.com”).

So, what’s going on here?

My guess is that Zoom is doing marketing from the lead-generation playbook, meaning that most of its intentional data collection is actually for its own use in pitching possible customers, or its own advertising on its own site, and not for leaking personal data to other parties.

But that doesn’t mean you’re not exposed, or that Zoom isn’t playing in the tracking-based advertising (aka adtech) fecosystem, and therefore is to some degree in the advertising business.

Seems to me, by the choices laid out above, that any of those third parties (up to 70 of them in my view above) are free to gather and share data about you. Also free to give you “interest based” advertising based on what those companies know about your activities elsewhere.

Alas, there is no way to tell what any of those parties actually do, because nobody has yet designed a way to keep track of, or to audit, any of the countless “consents” you click on or default to as you travel the Web. Also, the only thing keeping those valves closed in your browser are cookies that remember which valves do what (if, in fact, the cookies are set and they actually work).

And that’s only on one browser. If you’re like me, you use a number of browsers, each with its own jar of cookies.

The Zoom app is a different matter, and that’s mostly where you operate on Zoom. I haven’t dug into that one. (Though I did learn, on the ProjectVRM mailing list, that there is an open source Chrome extension, called Zoom Redirector, that will keep your Zoom session in a browser and out of the Zoom app.)

I did, however, dig down into my cookie jar in Chome to find the ones for zoom.us. It wasn’t easy. If you want to leverage my labors there, here’s my crumb trail:

  1. Settings
  2. Site Settings
  3. Cookies and Site Data
  4. See all Cookies and Site Data
  5. Zoom.us (it’s near the bottom of a very long list)

The URL for that end point is this: chrome://settings/cookies/detail?site=zoom.us). (Though dropping that URL into a new window or tab works only some of the time.)

I found 22 cookies in there. Here they are:

_zm_cdn_blocked
_zm_chtaid
_zm_client_tz
_zm_ctaid
_zm_currency
_zm_date_format
_zm_everlogin_type
_zm_ga_trackid
_zm_gdpr_email
_zm_lang
_zm_launcher
_zm_mtk_guid
_zm_page_auth
_zm_ssid
billingChannel
cmapi_cookie_privacy
cmapi_gtm_bl
cred
notice_behavior
notice_gdpr_prefs
notice_preferences
slirequested
zm_aid
zm_cluster
zm_haid

Some have obvious and presumably innocent meanings. Others … can’t tell. Also, these are just Zoom’s cookies. If I acquired cookies from any of those 70 other entities, they’re in different bags in my Chrome cookie jar.

Anyway, my point remains the same: Zoom still doesn’t need any of the advertising stuff—especially since they now (and deservedly) lead their category and are in a sellers’ market for their services. That means now is a good time for them to get serious about privacy.

As for fixing this crazy system of consents and cookies (which was broken when we got it in 1994), the only path forward starts on your side and mine. Not on the sites’ side. What each of us need is our own global way to signal our privacy demands and preferences: a Do Not Track signal, or a set of standardized and easily-read signals that sites and services will actually obey. That way, instead of you consenting to every site’s terms and policies, they consent to yours. Much simpler for everyone. Also much more like what we enjoy here in the physical world, where the fact that someone is wearing clothes is a clear signal that it would be rude to reach inside those clothes to plant a tracking beacon on them—a practice that’s pro forma online.

We can come up with that new system, and some of us are working on exactly that. My own work is with Customer Commons. The first Customer Commons term you can proffer, and sites can agree to, is called #P2B1(beta), better known as #NoStalking. it says this:

nostalking

By agreeing to #NoStalking, publishers still get to make money with ads (of the kind that have worked since forever and don’t involve tracking), and you know you aren’t being tracked, because you have a simple and sensible record of the agreement in a form both sides can keep and enforce if necessary.

Toward making that happen I’m also involved in an IEEE working group called P7012 – Standard for Machine Readable Personal Privacy Terms.

If you want to help bring these and similar solutions into the world, talk to me. (I’m first name @ last name dot com.) And if you want to read some background on the fight to turn the advertising fecosystem back into a healthy ecosystem, read here. Thanks.

Do you really need all this personal information, @RollingStone?

January 22, 2020 in adtech, advertising, Business, history, Internet, Journalism, Law, marketing, Personal, personal data, publishing, Technology, VRM | Permalink

Here’s the popover that greets visitors on arrival at Rolling Stone‘s website:

Our Privacy Policy has been revised as of January 1, 2020. This policy outlines how we use your information. By using our site and products, you are agreeing to the policy.

That policy is supplied by Rolling Stone’s parent (PMC) and weighs more than 10,000 words. In it the word “advertising” appears 68 times. Adjectives modifying it include “targeted,” “personalized,” “tailored,” “cookie-based,” “behavioral” and “interest-based.” All of that is made possible by, among other things—

Information we collect automatically:

Device information and identifiers such as IP address; browser type and language; operating system; platform type; device type; software and hardware attributes; and unique device, advertising, and app identifiers

Internet network and device activity data such as information about files you download, domain names, landing pages, browsing activity, content or ads viewed and clicked, dates and times of access, pages viewed, forms you complete or partially complete, search terms, uploads or downloads, the URL that referred you to our Services, the web sites you visit after this web site; if you share our content to social media platforms; and other web usage activity and data logged by our web servers, whether you open an email and your interaction with email content, access times, error logs, and other similar information. See “Cookies and Other Tracking Technologies” below for more information about how we collect and use this information.

Geolocation information such as city, state and ZIP code associated with your IP address or derived through Wi-Fi triangulation; and precise geolocation information from GPS-based functionality on your mobile devices, with your permission in accordance with your mobile device settings.

The “How We Use the Information We Collect” section says they will—

Personalize your experience to Provide the Services, for example to:

  • Customize certain features of the Services,
  • Deliver relevant content and to provide you with an enhanced experience based on your activities and interests
  • Send you personalized newsletters, surveys, and information about products, services and promotions offered by us, our partners, and other organizations with which we work
  • Customize the advertising on the Services based on your activities and interests
  • Create and update inferences about you and audience segments that can be used for targeted advertising and marketing on the Services, third party services and platforms, and mobile apps
  • Create profiles about you, including adding and combining information we obtain from third parties, which may be used for analytics, marketing, and advertising
  • Conduct cross-device tracking by using information such as IP addresses and unique mobile device identifiers to identify the same unique users across multiple browsers or devices (such as smartphones or tablets, in order to save your preferences across devices and analyze usage of the Service.
  • using inferences about your preferences and interests for any and all of the above purposes

For a look at what Rolling Stone, PMC and their third parties are up to, Privacy Badger’s browser extension “found 73 potential trackers on www.rollingstone.com:

tagan.adlightning.com
 acdn.adnxs.com
 ib.adnxs.com
 cdn.adsafeprotected.com
 static.adsafeprotected.com
 d.agkn.com
 js.agkn.com
 c.amazon-adsystem.com
 z-na.amazon-adsystem.com
 display.apester.com
 events.apester.com
 static.apester.com
 as-sec.casalemedia.com
 ping.chartbeat.net
 static.chartbeat.com
 quantcast.mgr.consensu.org
 script.crazyegg.com
 dc8xl0ndzn2cb.cloudfront.net
cdn.digitru.st
 ad.doubleclick.net
 securepubads.g.doubleclick.net
 hbint.emxdgt.com
 connect.facebook.net
 adservice.google.com
 pagead2.googlesyndication.com
 www.googletagmanager.com
 www.gstatic.com
 static.hotjar.com
 imasdk.googleapis.com
 js-sec.indexww.com
 load.instinctiveads.com
 ssl.p.jwpcdn.com
 content.jwplatform.com
 ping-meta-prd.jwpltx.com
 prd.jwpltx.com
 assets-jpcust.jwpsrv.com
 g.jwpsrv.com
pixel.keywee.co
 beacon.krxd.net
 cdn.krxd.net
 consumer.krxd.net
 www.lightboxcdn.com
 widgets.outbrain.com
 cdn.permutive.com
 assets.pinterest.com
 openbid.pubmatic.com
 secure.quantserve.com
 cdn.roiq.ranker.com
 eus.rubiconproject.com
 fastlane.rubiconproject.com
 s3.amazonaws.com
 sb.scorecardresearch.com
 p.skimresources.com
 r.skimresources.com
 s.skimresources.com
 t.skimresources.com
launcher.spot.im
recirculation.spot.im
 js.spotx.tv
 search.spotxchange.com
 sync.search.spotxchange.com
 cc.swiftype.com
 s.swiftypecdn.com
 jwplayer.eb.tremorhub.com
 pbs.twimg.com
 cdn.syndication.twimg.com
 platform.twitter.com
 syndication.twitter.com
 mrb.upapi.net
 pixel.wp.com
 stats.wp.com
 www.youtube.com
 s.ytimg.com

This kind of shit is why we have the EU’s GDPR (General Data Protection Regulation) and California’s CCPA (California Consumer Privacy Act). (No, it’s not just because Google and Facebook.) If publishers and the adtech industry (those third parties) hadn’t turned the commercial Web into a target-rich environment for suckage by data vampires, we’d never have had either law. (In fact, both laws are still new: the GDPR went into effect in May 2018 and the CCPA a few days ago.)

I’m in California, where the CCPA gives me the right to shake down the vampiretariat for all the information about me they’re harvesting, sharing, selling or giving away to or through those third parties.* But apparently Rolling Stone and PMC don’t care about that.

Others do, and I’ll visit some of those in later posts. Meanwhile I’ll let Rolling Stone and PMC stand as examples of bad acting by publishers that remains rampant, unstopped and almost entirely unpunished, even under these new laws.

I also suggest following and getting involved with the fight against the plague of data vampirism in the publishing world. These will help:

  1. Reading Don Marti’s blog, where he shares expert analysis and advice on the CCPA and related matters. Also People vs. Adtech, a compilation of my own writings on the topic, going back to 2008.
  2. Following what the browser makers are doing with tracking protection (alas, differently†). Shortcuts: Brave, Google’s Chrome, Ghostery’s Cliqz, Microsoft’s Edge, Epic, Mozilla’s Firefox.
  3. Following or joining communities working to introduce safe forms of nourishment for publishers and better habits for advertisers and their agencies. Those include Customer CommonsMe2B AllianceMyData Global and ProjectVRM.

______________

*The bill (AB 375), begins,

The California Constitution grants a right of privacy. Existing law provides for the confidentiality of personal information in various contexts and requires a business or person that suffers a breach of security of computerized data that includes personal information, as defined, to disclose that breach, as specified.

This bill would enact the California Consumer Privacy Act of 2018. Beginning January 1, 2020, the bill would grant a consumer a right to request a business to disclose the categories and specific pieces of personal information that it collects about the consumer, the categories of sources from which that information is collected, the business purposes for collecting or selling the information, and the categories of 3rd parties with which the information is shared. The bill would require a business to make disclosures about the information and the purposes for which it is used. The bill would grant a consumer the right to request deletion of personal information and would require the business to delete upon receipt of a verified request, as specified. The bill would grant a consumer a right to request that a business that sells the consumer’s personal information, or discloses it for a business purpose, disclose the categories of information that it collects and categories of information and the identity of 3rd parties to which the information was sold or disclosed…

Don Marti has a draft letter one might submit to the brokers and advertisers who use all that personal data. (He also tweets a caution here.)

†This will be the subject of my next post.

The Spinner’s hack on journalism

February 27, 2019 in adtech, advertising, Business, Internet, Journalism, marketing, privacy, Technology | 1 comment

The Spinner* (with the asterisk) is “a service that enables you to subconsciously influence a specific person, by controlling the content on the websites he or she usually visits.” Meaning you can hire The Spinner* to hack another person.

It works like this:

  1. You pay The Spinner* $29. For example, to urge a friend to stop smoking. (That’s the most positive and innocent example the company gives.)
  2. The Spinner* provides you with an ordinary link you then text to your friend. When that friend clicks on the link, they get a tracking cookie that works as a bulls-eye for The Spinner* to hit with 10 different articles written specifically to influence that friend. He or she “will be strategically bombarded with articles and media tailored to him or her.” Specifically, 180 of these things. Some go in social networks (notably Facebook) while most go into “content discovery platforms” such as Outbrain and Revcontent (best known for those clickbait collections you see appended to publishers’ websites).

The Spinner* is also a hack on journalism, designed like a magic trick to misdirect moral outrage toward The Spinner’s obviously shitty business, and away from the shitty business called adtech, which not only makes The Spinner possible, but pays for most of online journalism as well.

The magician behind The Spinner* is “Elliot Shefler.” Look that name up and you’ll find hundreds of stories. Here are a top few, to which I’ve added some excerpts and notes:

  • For $29, This Man Will Help Manipulate Your Loved Ones With Targeted Facebook And Browser Links, by Parmy Olson @parmy in Forbes. Excerpt: He does say that much of his career has been in online ads and online gambling. At its essence, The Spinner’s software lets people conduct a targeted phishing attack, a common approach by spammers who want to secretly grab your financial details or passwords. Only in this case, the “attacker” is someone you know. Shefler says his algorithms were developed by an agency with links to the Israeli military.
  • For $29, This Company Swears It Will ‘Brainwash’ Someone on Facebook, by Kevin Poulson (@kpoulson) in The Daily Beast. A subhead adds, A shadowy startup claims it can target an individual Facebook user to bend him or her to a client’s will. Experts are… not entirely convinced.
  • Facebook is helping husbands ‘brainwash’ their wives with targeted ads, by Simon Chandler (@_simonchandler_) in The Daily Dot. Excerpt: Most critics assume that Facebook’s misadventures relate only to its posting of ads paid for by corporations and agencies, organizations that aim to puppeteer the “average” individual. It turns out, however, that the social network also now lets this same average individual place ads that aim to manipulate other such individuals, all thanks to the mediation of a relatively new and little-known company…
  • Brainwashing your wife to want sex? Here is adtech at its worst., by Samuel Scott (@samueljscott) in The Drum. Alas, the piece is behind a registration wall that I can’t climb without fucking myself (or so I fear, since the terms and privacy policy total 32 pages and 10,688 words I’m not going to read), so I can’t quote from it.
  • Creepy company hopes ‘Inception’ method will get your wife in the mood, by Saqib Shah (@eightiethmnt) in The Sun, via The New York Post. Excerpt: “It’s unethical in many ways,” admitted Shefler, adding “But it’s the business model of all media. If you’re against it, you’re against all media.” He picked out Nike as an example, explaining that if you visit the brand’s website it serves you a cookie, which then tailors the browsing experience to you every time you come back. A shopping website would also use cookies to remember the items you’re storing in a virtual basket before checkout. And a social network might use cookies to track the links you click and then use that information to show you more relevant or interesting links in the future…The Spinner started life in January of this year. Shefler claims the company is owned by a larger, London-based “agency” that provides it with “big data” and “AI” tools.
  • Adtech-for-sex biz tells blockchain consent app firm, ‘hold my beer’, by Rebecca Hill (@beckyhill) in The Register. The subhead says, Hey love, just click on this link… what do you mean, you’re seeing loads of creepy articles?
  • New Service Promises to Manipulate Your Wife Into Having Sex With You, by Fiona Tapp (@fionatappdotcom) in Rolling Stone. Excerpt: The Spinner team suggests that there isn’t any difference, in terms of morality, from a big company using these means to influence a consumer to book a flight or buy a pair of shoes and a husband doing the same to his wife. Exactly.
  • The Spinner And The Faustian Bargain Of Anonymized Data, by Lauren Arevalo-Downes (whose Twitter link by the piece goes to a 404) in A List Daily. On that site, the consent wall that creeps up from the bottom almost completely blanks out the actual piece, and I’m not going to “consent,” so no excertoing here either.
  • Can you brainwash one specific person with targeted Facebook ads? in TripleJ Hack, by ABC.net.au. Excerpt: Whether or not the Spinner has very many users, whether or not someone is going to stop drinking or propose marriage simply because they saw a sponsored post in their feed, it seems feasible that someone can try to target and brainwash a single person through Facebook.
  • More sex, no smoking – even a pet dog – service promises to make you a master of manipulation, by Chris Keall (@ChrisKeall) in The New Zealand Herald. Excerpt: On one level, The Spinner is a jape, rolled out as a colour story by various publications. But on another level it’s a lot more sinister: apparently yet another example of Facebook’s platform being abused to invade privacy and manipulate thought.
  • The Cambridge Analytica of Sex: Online service to manipulate your wife to have sex with you, by Ishani Ghose in meaww. Excerpt: The articles are all real but the headlines and the descriptions have been changed by the Spinner team. The team manipulating the headlines of these articles include a group of psychologists from an unnamed university. As the prepaid ads run, the partner will see headlines such as “3 Reasons Why YOU Should Initiate Sex With Your Husband” or “10 Marriage Tips Every Woman Needs to Hear”.

Is Spinner for real?

“Elliot Shefler” is human for sure. But his footprint online is all PR. He’s not on Facebook, Twitter or Instagram. The word “Press” (as in coverage) at the top of the Spinner website is just a link to a Google search for Elliot Shefler, not to curated list such as a real PR person or agency might compile.

Fortunately, a real PR person, Rich Leigh (@RichLeighPR) did some serious digging (you know, like a real reporter) and presented his findings in his blog, PR Examples, in a post titled Frustrated husbands can ‘use micro-targeted native ads to influence their wives to initiate sex’ – surely a PR stunt? Please, a PR stunt? It ran last July 10th, the day after Rich saw this tweet by Maya Kosoff (@mekosoff):

—and this one:

The links to (and in) those tweets no longer work, but the YouTube video behind one of the links is still up. The Spinner itself produced the video, which is tricked to look like a real news story. (Rich does some nice detective work, figuring that out.) The image above is a montage I put together from screenshots of the video.

Here’s some more of what Rich found out:

  • Elliot – not his real name, incidentally, his real name is Halib, a Turkish name (he told me) – lives, or told me he lives, in Germany

  • When I asked him directly, he assured me that it was ‘real’, and when I asked him why it didn’t work when I tried to pay them money, told me that it would be a technical issue that would take around half an hour to fix, likely as a result of ‘high traffic. I said I’d try again later. I did – keep reading

  • It is emphatically ‘not’ PR or marketing for anything

  • He told me that he has 5-6,000 paying users – that’s $145,000 – $174,000, if he’s telling the truth

  • Halib said that Google Ads were so cheap as nobody was bidding on them for the terms he was going for, and they were picking up traffic for ‘one or two cents’

  • He banked on people hate-tweeting it. “I don’t mind what they feel, as long as they think something”, Halib said – which is scarily like something I’ve said in talks I’ve given about coming up with PR ideas that bang

  • The service ‘works’ by dropping a cookie, which enables it to track the person you’re trying to influence in order to serve specific content. I know we had that from the site, but it’s worth reiterating

Long post short, Rich says Habib and/or Elliot is real, and so is The Spinner.

But what matters isn’t whether or not The Spinner is real. It’s that The Spinner misdirects reporters’ attention away from what adtech is and does, which is spy on people for the purpose of aiming stuff at them. And that adtech isn’t just what funds all of Facebook and much of Google (both giant and obvious targets of journalistic scrutiny), but what funds nearly all of publishing online, including most reporters’ salaries.

So let’s look deeper, starting here: There is no moral difference between planting an unseen tracking beacon on a person’s digital self and doing the same on a person’s physical self.

The operational difference is that in the online world it’s a helluva lot easier to misdirect people into thinking they’re not being spied on. Also a helluva lot easier for spies and intermediaries (such as publishers) to plausibly deny that spying is what they’re doing. And to excuse it, saying for example “It’s what pays for the Free Internet!” Which is bullshit, because the Internet, including the commercial Web, got along fine for many years before adtech turned the whole thing into Mos Eisley. And it will get along fine without adtech after we kill it, or it dies of its own corruption.

Meanwhile the misdirection continues, and it’s away from a third rail that honest and brave journalists† need to grab: that adtech is also what feeds most of them.

______________

† I’m being honest here, but not brave. Because I’m safe. I don’t work for a publication that’s paid by adtech. At Linux Journal, we’re doing the opposite, by being the first publication ready to accept terms that our readers proffer, starting with Customer CommonsP2B1(beta), which says “Just show me ads not based on tracking me.”

« Older entries