publishing

You are currently browsing the archive for the publishing category.

Building a Relationship Economy

February 11, 2022 in intention economy, publishing, radio, tv, VRM | 3 comments

In faith that nothing lasts forever, and that an institution that’s been around since 1636 is more likely to keep something published online for longer than one that was born in 1994 and isn’t quite dead yet (and with full appreciation to the latter for its continued existence), I’ve decided to re-publish some of my Linux Journal columns that I hope have persistent relevance. This one is from the February 2007 issue of the magazine.

Building a Relationship Economy

Is there something new that open source development methods and values can bring to the economy? How about something old?

I think the answer may come from the developing world, where pre-industrial methods and values persist and offer some helpful models and lessons for a networked world that’s less post-industrial than industrial in a new and less impersonal way.

This began to become apparent to me a few years ago I had a Socratic exchange with a Nigerian pastor named Sayo, whom I was lucky to find sitting next to me on a long airplane trip.

We were both on speaking junkets. He was coming from an event related to his latest work: translating the Bible to Yoruba, one of the eight languages he spoke. I was on my way to give a talk about The Cluetrain Manifesto, a book I co-authored.

My main contribution to Cluetrain was a chapter called “Markets are conversations”. Sayo asked me what we meant by that. After hearing my answer, he acknowledged that our observations were astute, but also incomplete. Something more was going on in markets than just transactions and conversations, he said. What was it?

I said I didn’t know. Here is the dialogue that followed, as close to verbatim as I can recall it…

“Pretend this is a garment”, Sayo said, picking up one of those blue airplane pillows. “Let’s say you see it for sale in a public market in my country, and you are interested in buying it. What is your first question to the seller?”

“What does it cost?” I said.

“Yes”, he answered. “You would ask that. Let’s say he says, ‘Fifty dollars’. What happens next?”

“If I want the garment, I bargain with him until we reach an agreeable price.”

“Good. Now let’s say you know something about textiles. And the two of you get into a long conversation where both of you learn much from each other. You learn about the origin of the garment, the yarn used, the dyes, the name of the artist, and so on. He learns about how fabric is made in your country, how distribution works, and so on. In the course of this you get to know each other. What happens to the price?”

“Maybe I want to pay him more and he wants to charge me less”.

“Yes. And why is that?”

“I’m not sure.”

“You now have a relationship”.

He went on to point out that, in his country, and in much of what we call the developing world, relationship is of paramount importance in public markets. Transaction still matters, of course. So does conversation. But the biggest wedge in the social pie of the public marketplace is relationship. Prices less set than found, and the context for finding prices is both conversation and relationship. In many cases, relationship is the primary concern, not price. The bottom line is not everything.

Transaction rules the Industrialized world. Here prices are set by those who control the manufacturing, distribution and retail systems. Customers do have an influence on prices, but only in the form of aggregate demand. The rates at which they buy or don’t buy something determines what price the “market” will bear — in a system where “market” means aggregated demand, manifested in prices paid and quantities sold. Here the whole economic system is viewed mostly through the prism of price, which is seen as the outcome of tug between supply and demand.

Price still matters in the developing world, Sayo said, but relationship matters more. It’s a higher context with a higher set of values, many of which are trivialized or made invisible when viewed through the prism of price. Relationship is not reducible to price, even though it may influence price. Families and friends don’t put prices on their relationships. (At least not consciously, and only at the risk of cheapening or losing a relationship.) Love, the most giving force in any relationship, is not about exchanging. It is not fungible. You don’t expect a payback or a rate of return on the love you give your child, your wife or husband, your friends.

Even in the industrialized world, relationship has an enormous bearing on the way markets work, Sayo said. But it is poorly understood in the developed world, where so much “comes down to the bottom line”.

I shared this conversation a few weeks later with Eric S. Raymond, who put the matter even more simply. “All markets work at three levels”, he said. “Transactions, conversations and relationships”. Eric is an atheist. Sayo is a Christian. With those two triangulating so similarly on the same subject, I began to figure there was something more to this relationship business.

I began to ask questions. For example, What happens when you view markets through the prism of relationship? Why do we write free or open source code?

Linus says (in the title of his only book) he does it “Just for Fun”. Yes, there are practical purposes — there have to be. Scratching itches, for example. Development communities are notoriously long on conversation (check out the LKML for starters), and on relationship as well. Not a whole lot of transaction there, either, since the code is free. Next question: Are there economies involved?

I think the answer is yes, and they are concentrated on the manufacturing end. We make useful code for its “because effects”. Thanks to Linux, much money will be made; but because of it, far more than with it. Just look at Google and Amazon as two obvious examples. Perhaps a billion of the world’s Websites are Apache on Linux.

Relationship is involved here, too. Writing code that serves as abundant and free building material is an act of generosity. Dare we say we do it for love? Certainly a lot of us love doing it.

Likewise with performing artists. Musicians don’t take up an instrument and develop their skills just to make money at it. They do it for love of the experience, of playing together with other musicians, of giving something to an audience, and to the world.

Of course, professionals like to get paid for their work too. That’s what makes them professionals.

What if the goods are essentially free (as in beer, air or love)? That’s the case with code, music, art, and anything else that can be digitized and copied. Many artists want or need to be paid for what they do. The question is how we get our love to fund theirs — how we can relate in ways that work financially for both the supply and the demand of essentially free stuff.

The entertainment industry has had an answer ever since the Net showed up. Hollywood wasn’t blind to the Net. Quite the opposite. They correctly saw the Net as a way for every device to be zero distance from every other device — and to pass identical copies of anything between anybody a cost that rounded to zero. They saw this a threat to their incumbent business model. So they came up with a way to deal with that threat: DRM, or Digital Rights Management. DRM worked by crippling recorded goods so it can’t easily be copied except by those whose rights were managed by suppliers.

It hasn’t worked. A few days ago Steve Jobs said so himself, in a landmark essay titled Thoughs on Music, published on February 6. It not only notes the failure of DRM, but subtly recruits customers and fellow technologists to help Apple convince the record industry that it’s best to sell music that isn’t DRM’d. He concludes, “Convincing them to license their music to Apple and others DRM-free will create a truly interoperable music marketplace. Apple will embrace this wholeheartedly”.

The operative verb here is “license”.

Let’s ignore the record companies for a minute. Instead, lets look behind them, back up the supply chain, to the first sources of music: the artists. Part of the system we need is already built for these sources, through Creative Commons. By this system, creative sources can choose licenses that specify the freedoms carried by their work, and also specify what can and cannot be done with that work. These licenses are readable by machines as well as by lawyers. That’s a great start on the supply side.

Now let’s look at the same work from the demand side. What can we do — as music lovers, or as customers — to find, use, and even pay for, licensed work? Some mechanisms are there, but nothing yet that is entirely in our control — that reciprocates and engages on the demand side what Creative Commons provides on the supply side.

Yes, we can go to websites, subscribe to music services, use iTunes or other supply-controlled intermediating systems and deal with artists inside those systems. But there still isn’t anything that allows us to deal directly, on our own terms, with artists and their intermediaries. Put another way, we don’t yet have the personal means for establishing relationships with artists.

For example, I relate in some ways to Stewart Copeland, though he doesn’t know it. Stewart is best known as the drummer in The Police, even though the band hasn’t recorded an album since 1983 and Stewart has since then established himself as a first-rank composer of soundtracks, including “Rumble Fish”, “Talk Radio” and “Wall Street”. IMDb lists him as a composer of scores for sixty-nine movies and TV productions. You have to hit “page down” six times or more to get to the bottom of the listings. Still, much as I appreciate Stewart’s compositions, I’ve always loved his drumming. I’m not a drummer, but I’m a serviceable percussionist. (When I pick up bongos, congas, a rub-board or a tambourine, I get approving nods from the real musicians I jam with — as rarely as the occasion arises.) When the Police ceased touring and producing albums, I missed Stewart’s drumming most of all.

Last year I got a big charge out of hearing an IT Conversations podcast interview with Stewart, though I was disappointed to hear he doesn’t drum much anymore.

Then I heard last week on the radio that the Police may be getting back together and touring again. I can relate to that. But how? Stewart’s website is one of those over-produced flash-filled things that recording an performing artists seem to think they need in order to “deliver an experience” or whatever. Nearly every internal link leads to a link-proof something-or-other in the same window, among other annoyances. To call it relationship-proof would be an inderstatement.

So instead let’s look at relating through the IT Conversations podcast. I say that because yesterday Phil Windley, who runs IT Conversations, posted Funding Public Radio (and ITC) with VRM on his blog, and listed some of the things he might be looking for from VRM or Vendor Relationship Management. That is, from something that lives on the demand side, but can relate on mutually useful terms with the sjupply side — which in his case is IT Conversations.

Here’s the first answer: It can’t be limited to a browser. I want a button, or a something, on my MP3 player that allows me to relate not only to IT Conversations as an intermediary, but to the artist as well — if the artist is interested. They may not be. But I want that function supported. What we need on the user’s side is a tool, or a set of tools, that support both independence and engagement.

If what we’re looking for doesn’t exist, how hard will it be to build? I’m sure it won’t be easy, but it will be less hard than it was before the roster of open source tools and applications grew to six figures, which is where it stands now. And that’s not counting all the useful standards that are laying around too.

What do we need?

First, I think we need protocols. These should be modeled on the social ones we find in free and open marketplaces. They should work like the ones Sayo talked about in his Socratic dialogue with me on the airplane. They should be simple, useful and secure.

Second, we need ways of supporting transactions. This is a tough one, because to work they need to be low-friction. I should be able to pay IT Conversations (or any public radio station, or any podcaster) as easily as I pay for a coffee. Or better yet, as easily as I tip a barista. So PayPal won’t cut it. (Not the way I’ve experienced PayPal, anyway.)

Third, we need ways of selectively and securely asserting our identities, including our choice to remain anonymous. This means getting past sign-on hurdles on the Web, and past membership silos out in the physical world (such as the ones that require a special card, or whatever). Again, the friction should be as low as possible.

Fourth, we need ways of expressing demand that will bring supply to us. Let’s say I want to hear other interviews with Stewart Copeland. I don’t want to go through the standard Google/Yahoo text search. I want to tell the marketplace (in some cases without revealing yet exactly who I am) that I’m looking for these interviews, and then have them find me. Then I want an easy way to pay for them if I feel like it. As Sayo suggests, I might be more willing to pay something if I can relate to the source, and not just invisibly use goods produced by that source.

In Putting the Wholes Together, which I posted recently at Linux Journal, I said public broadcasting would be a good place to start — not just because public broadcasting needs to find ways to make more money from more listeners and viewers, but because payment is voluntary. Seems to me that when payment is voluntary, relationship will drive up the percentage of those who pay. It’s just a theory, but one that should be fun to test.

Soon as I get the time to put it together, I’ll put out a challenge for developers (that’s you, if you write code) to help out on this. Some developers are already collected at ProjectVRM, which is where we’re organizing the effort.

I’m meeting with NPR in Washington, D.C. in a couple hours, and again tomorrow. I’ll bring up the possibility of help from you guys when I talk to them. And I’ll be in many meetings and talks next week at the IMA Convention in Boston and Beyond Broadcast in Cambridge. Help is welcome.

Let’s show these folks how much more they can do because they relate. Let’s obsolete those annoying fund-raising marathons when they shut off programming, plead poverty and give you some schwag if you send money. There has to be a better way. Let’s build it.

Beyond the Web

August 15, 2021 in Architecture, history, Ideas, Internet, publishing, Technology | 5 comments

The Web is a haystack.

This isn’t what Tim Berners-Lee had in mind when he invented the Web. Nor is it what Jerry Yang and David Filo had in mind when they invented Jerry and David’s Guide to the World Wide Web, which later became Yahoo. Jerry and David’s model for the Web was a library, and Yahoo was to be the first catalog for it. This made sense, given the prevailing conceptual frames for the Web at the time: real estate and publishing.

Both of those are still with us today. We frame the Web as real estate when we speak of “sites” with “locations” in “domains” with “addresses” you can “visit” and “browse”—then shift to publishing when we speak of “files” and “pages,” that we “author,” “edit,” “post,” “publish,” “syndicate” and store in “folders” within a “directory.” Both frames suggest durability, if not permanence. Again, kind of like a library.

But once we added personal movement (“surf,” “browse”) and a vehicle for it (the browser), the Web became a World Wide Free-for-all. Literally. Anyone could publish, change and remove whatever they pleased, whenever they pleased. The same went for organizations of every kind, all over the world. And everyone with a browser could find their way to and through all of those spaces and places, and enjoy whatever “content” publishers chose to put there. Thus the Web grew into billions of sites, pages, images, databases, videos, and other stuff, with most of it changing constantly.

The result was a heaving heap of fuck-all.*

How big is it? According to WorldWebSize.comGoogle currently indexes about 41 billion pages, and Bing about 9 billion. They also peaked together at about 68 billion pages in late 2019. The Web is surely larger than that, but that’s the practical limit because search engines are the practical way to find pieces of straw in that thing. Will the haystack be less of one when approached by other search engines, such as the new ad-less (subscription-funded) Neeva? Nope. Search engines do not give the Web a card catalog. They certify its nature as a haystack.

So that’s one practical limit. There are others, but they’re hard to see when the level of optionality on the Web is almost indescribably vast. But we can see a few limits by asking some questions:

  1. Why do you always have to accept websites’ terms? And why do you have no record of your own of what you accepted, or when‚ or anything?
  2. Why do you have no way to proffer your own terms, to which websites can agree?
  3. Why did Do Not Track, which was never more than a polite request not to be tracked off a website, get no respect from 99.x% of the world’s websites? And how the hell did Do Not Track turn into the Tracking Preference Expression at the W2C, where the standard never did get fully baked?
  4. Why, after Do Not Track failed, did hundreds of millions—or perhaps billions—of people start blocking ads, tracking or both, on the Web, amounting to the biggest boycott in world history? And then why did the advertising world, including nearly all advertisers, their agents, and their dependents in publishing, treat this as a problem rather than a clear and gigantic message from the marketplace?
  5. Why are the choices presented to you by websites called your choices, when all those choices are provided by them? And why don’t you give them choices?
  6. Why would Apple’s way of making you private on your phone be to “Ask App Not to Track,” rather than “Tell App Not to Track,” or “Prevent App From Tracking You“?
  7. Why does the GDPR call people “data subjects” rather than people, or human beings, and then assign the roles “data controller” and “data processor” only to other parties? (Yes, it does say a “data controller” can be a “natural person,” but more as a technicality than as a call for the development of agency on behalf of that person.)
  8. Why are nearly all of the billion results in a search for GDPR+compliance about how companies can obey the letter of that law while violating its spirit by continuing to track people through the giant loophole you see in every cookie notice?
  9. Why does the CCPA give you the right to ask to have back personal data others have gathered about you on the Web, rather than forbid its collection in the first place? (Imagine a law that assumes that all farmers’ horses are gone from their barns, but gives those farmers a right to demand horses back from those who took them. It’s kinda like that.)
  10. Why, 22 years after The Cluetrain Manifesto said, we are not seats or eyeballs or end users or consumers. we are human beings and our reach exceeds your grasp. deal with it. —is that statement (one I helped write!) still not true?
  11. Why, 9 years after Harvard Business Review Press published The Intention Economy: When Customers Take Charge, has that not happened? (Really, what are you in charge of in the marketplace that isn’t inside companies’ silos and platforms?)
  12. And, to sum up all the above, why does “free market” on the Web mean your choice of captor?

It’s easy to blame the cookie, which Lou Montulli invented in 1994 as a way for sites to remember their visitors by planting reminder files—cookies—in visitors’ browsers. Cookies also gave visitors a way to remember where they were when they last visited. For sites that require logins, cookies take care of that as well.

What matters, however, is not the cookie. What matters is why the cookie was necessary in the first place: the Web’s architecture. It’s called client-server, and is represented graphically like this:

client-server model

This architecture was born in the era of centralized mainframes, which “users” accessed through client devices called “dumb terminals”:

On the Web, as it was in the old mainframe world, we clients—mere users—are as subordinate to servers as are calves to cows:

(In fact I’ve been told that client-server was originally a euphemism for “slave-master.” Whether true or not, it makes sense.)

In the client-server paradigm, our agency—our ability to act with effect in the world—is restricted to what servers allow or provide for us. Our choices are what they provide. We are independent only to the degree that we can also be clients to other servers. In this paradigm, a free market is “your choice of captor.”

Want privacy? You have to ask for it. And, if you go to the trouble of doing that—which you have to do separately with every site and service you encounter (each a mainframe of its own)—your client doesn’t keep a record of what you “agreed” to. The server does. Good luck finding whatever it is the server or its third parties remember about that agreement.

Want to control how your data (or data about you) gets processed by the servers of the world? Good luck with that too. Again, Europe’s GDPR says “natural persons” are just “data subjects,” while “data controllers” and “data processors” are roles reserved for servers.

Want a shopping cart of your own to take from site to site? My wife asked for that in 1995. It’s still barely thinkable in 2021. Want a dashboard for your life where you can gather all your expenses, investments, property records, health information, calendars, contacts, and other personal information? She asked for that too, and we still don’t have it, except to the degree that large server operators (e.g. Google, Apple, Microsoft) give us pieces of it, hosted in their clouds, and rigged to keep you captive to their systems.

That’s why we don’t yet have an Internet of Things (IoT), but rather an Apple of Things, a Google of Things, and an Amazon of Things.

Is it possible to do stuff on the Web that isn’t client-server? Perhaps some techies among us can provide examples, but practically speaking, here’s what matters: If it’s not thinkable by the owners of the servers we depend on, it doesn’t get made.

From our position at the bottom of the Web’s haystack, it’s hard to imagine there might be a world where it’s possible for us to have full agency: to not be just users of clients enslaved to as many servers as we deal with every day.

But that world exists. It’s called the Internet, And it can support a helluva lot more than the Web—with many ways to interact other than those possible in through client-server alone.

Digital technology as we know it has only been around for a few decades, and the Internet for maybe half that time. Mobile computers that run apps and presume connectivity everywhere have only been with us for a decade or less. And all of those will be with us for many decades, centuries, or millennia to come. We are not going to stop living digital lives, any more than we are going to stop speaking, writing, or using mathematics. Digital technology and the Internet are granted wishes that won’t go back into the genie’s bottle.

Credit where due: the Web is excellent, but not boundlessly so. It has limits. Thanks to the client-server model, full personal agency is not a grace of life on the Web. Not until we have servers or agents of our own. (Yes, we could have our own servers back in Web1 days—my own Web and email servers lived under my desk and had their own static IP addresses from roughly 1995 until 2003—and a few alpha geeks still do. But since then we’ve mostly needed to live as digital serfs, by the graces of corporate overlords.)

So now it’s time to think and build outside the haystack.

Models for that do exist, and some have been around for a long time. Email is one example. While you can look at your email on the Web, or use a Web-based email service (such as Gmail), email itself is independent of those. My own searls.com email has been at servers in my home, on racks elsewhere, and in a hired cloud. I can move it anywhere I want. You can move yours as well, because the services we hire to host our personal email are substitutable. That’s just one way we can enjoy full agency on the Internet.

Some work toward the next Web, or beyond it, is happening at places such as DWeb Camp and Unfinished. My own work is happening right now in three overlapping places:

  1. ProjectVRM, which I started as a fellow of the Berkman Klein Center at Harvard in 2006, and which is graciously still hosted (with this blog) by the Center there. Our mailing list currently has more than 550 members. We also meet twice a year with the Internet Identity Workshop, which I co-founded, and still co-organize, with Kaliya Young and Phil Windley, in 2005). Immodestly speaking, IIW is the most leveraged conference I know.
  2. Customer Commons, where we are currently working on building out what’s called the Byway. Go there and follow along as we work to toward better answers to the questions above than you’ll get from inside the haystack. Customer Commons is a 501(c)3 nonprofit spun out of ProjectVRM.
  3. The Ostrom Workshop at Indiana University, where Joyce (my wife and fellow founder and board member of Customer Commons) and I are both visiting scholars. It is in that capacity that we are working on the Byway and leading a salon series titled Beyond the Web. Go to that link and sign up to attend. I look forward to seeing and talking with you there.

[Later…] More on the Web as a haystack is in FILE NOT FOUND: A generation that grew up with Google is forcing professors to rethink their lesson plans, by Monica Chin (@mcsquared96) in The Verge, and Students don’t know what files and folders are, professors say, by Jody MacGregor in PC Gamer, which sources Monica’s report.

*I originally had “heaving haystack of fuck-all” here, but some remember it as the more alliterative “heaving heap of fuck-all.” So I decided to swap them. If comments actually worked here†, I’d ask for a vote. But feel free to write me instead, at my first name at my last name dot com.

†Now they do. Thanks for your patience, everybody.

 

Just in case you feel safe with Twitter

January 26, 2021 in adtech, advertising, Business, data, marketing, personal data, privacy, problems, publishing, Technology | Permalink

Just got a press release by email from David Rosen (@firstpersonpol) of the Public Citizen press office. The headline says “Historic Grindr Fine Shows Need for FTC Enforcement Action.” The same release is also a post in the news section of the Public Citizen website. This is it:

WASHINGTON, D.C. – The Norwegian Data Protection Agency today fined Grindr $11.7 million following a Jan. 2020 report that the dating app systematically violates users’ privacy. Public Citizen asked the Federal Trade Commission (FTC) and state attorneys general to investigate Grindr and other popular dating apps, but the agency has yet to take action. Burcu Kilic, digital rights program director for Public Citizen, released the following statement:

“Fining Grindr for systematic privacy violations is a historic decision under Europe’s GDPR (General Data Protection Regulation), and a strong signal to the AdTech ecosystem that business-as-usual is over. The question now is when the FTC will take similar action and bring U.S. regulatory enforcement in line with those in the rest of the world.

“Every day, millions of Americans share their most intimate personal details on apps like Grindr, upload personal photos, and reveal their sexual and religious identities. But these apps and online services spy on people, collect vast amounts of personal data and share it with third parties without people’s knowledge. We need to regulate them now, before it’s too late.”

The first link goes to Grindr is fined $11.7 million under European privacy law, by Natasha Singer (@NatashaNYT) and Aaron Krolik. (This @AaronKrolik? If so, hi. If not, sorry. This is a blog. I can edit it.) The second link goes to a Public Citizen post titled Popular Dating, Health Apps Violate Privacy.

In the emailed press release, the text is the same, but the links are not. The first is this:

https://default.salsalabs.org/T72ca980d-0c9b-45da-88fb-d8c1cf8716ac/25218e76-a235-4500-bc2b-d0f337c722d4

The second is this:

https://default.salsalabs.org/Tc66c3800-58c1-4083-bdd1-8e730c1c4221/25218e76-a235-4500-bc2b-d0f337c722d4

Why are they not simple and direct URLs? And who is salsalabs.org?

You won’t find anything at that link, or by running a whois on it. But I do see there is a salsalabs.com, which has  “SmartEngagement Technology” that “combines CRM and nonprofit engagement software with embedded best practices, machine learning, and world-class education and support.” since Public Citizen is a nonprofit, I suppose it’s getting some “smart engagement” of some kind with these links. PrivacyBadger tells me Salsalabs.com has 14 potential trackers, including static.ads.twitter.com.

My point here is that we, as clickers on those links, have at best a suspicion about what’s going on: perhaps that the link is being used to tell Public Citizen that we’ve clicked on the link… and likely also to help target us with messages of some sort. But we really don’t know.

And, speaking of not knowing, Natasha and Aaron’s New York Times story begins with this:

The Norwegian Data Protection Authority said on Monday that it would fine Grindr, the world’s most popular gay dating app, 100 million Norwegian kroner, or about $11.7 million, for illegally disclosing private details about its users to advertising companies.

The agency said the app had transmitted users’ precise locations, user-tracking codes and the app’s name to at least five advertising companies, essentially tagging individuals as L.G.B.T.Q. without obtaining their explicit consent, in violation of European data protection law. Grindr shared users’ private details with, among other companies, MoPub, Twitter’s mobile advertising platform, which may in turn share data with more than 100 partners, according to the agency’s ruling.

Before this, I had never heard of MoPub. In fact, I had always assumed that Twitter’s privacy policy either limited or forbid the company from leaking out personal information to advertisers or other entities. Here’s how its Private Information Policy Overview begins:

You may not publish or post other people’s private information without their express authorization and permission. We also prohibit threatening to expose private information or incentivizing others to do so.

Sharing someone’s private information online without their permission, sometimes called doxxing, is a breach of their privacy and of the Twitter Rules. Sharing private information can pose serious safety and security risks for those affected and can lead to physical, emotional, and financial hardship.

On the MoPub site, however, it says this:

MoPub, a Twitter company, provides monetization solutions for mobile app publishers and developers around the globe.

Our flexible network mediation solution, leading mobile programmatic exchange, and years of expertise in mobile app advertising mean publishers trust us to help them maximize their ad revenue and control their user experience.

The Norwegian DPA apparently finds a conflict between the former and the latter—or at least in the way the latter was used by Grinder (since they didn’t fine Twitter).

To be fair, Grindr and Twitter may not agree with the Norwegian DPA. Regardless of their opinion, however, by this point in history we should have no faith that any company will protect our privacy online. Violating personal privacy is just too easy to do, to rationalize, and to make money at.

To start truly facing this problem, we need start with a simple fact: If your privacy is in the hands of others alone, you don’t have any. Getting promises from others not to stare at your naked self isn’t the same as clothing. Getting promises not to walk into your house or look in your windows is not the same as having locks and curtains.

In the absence of personal clothing and shelter online, or working ways to signal intentions about one’s privacy, the hands of others alone is all we’ve got. And it doesn’t work. Nor do privacy laws, especially when enforcement is still so rare and scattered.

Really, to potential violators like Grindr and Twitter/MoPub, enforcement actions like this one by the Norwegian DPA are at most a little discouraging. The effect on our experience of exposure is still nil. We are exposed everywhere, all the time, and we know it. At best we just hope nothing bad happens.

The only way to fix this problem is with the digital equivalent of clothing, locks, curtains, ways to signal what’s okay and what’s not—and to get firm agreements from others about how our privacy will be respected.

At Customer Commons, we’re starting with signaling, specifically with first party terms that you and I can proffer and sites and services can accept.

The first is called P2B1, aka #NoStalking. It says “Just give me ads not based on tracking me.” It’s a term any browser (or other tool) can proffer and any site or service can accept—and any privacy-respecting website or service should welcome.

Making this kind of agreement work is also being addressed by IEEE7012, a working group on machine-readable personal privacy terms.

Now we’re looking for sites and services willing to accept those terms. How about it, Twitter, New York Times, Grindr and Public Citizen? Or anybody.

DM us at @CustomerCommons and we’ll get going on it.

 

Time to unscrew subscriptions

October 17, 2020 in Business, problems, publishing, VRM | Permalink

The goal here is to obsolesce this brilliant poster by Despair.com:

I got launched on that path a couple months ago, when I got this email from  The_New_Yorker at e-mail.condenast.com:

Why did they “need” a “confirmation” to a subscription which, best I could recall, was last renewed early this year?

So I looked at the links.

The “renew,” Confirmation Needed” and “Discounted Subscription” links all go to a page with a URL that began with https://subscriptions.newyorker.com/pubs…, followed by a lot of tracking cruft. Here’s a screen shot of that one, cut short of where one filled in a credit card number. Note the price:

I was sure I had been paying $80-something per year, for years. As I also recalled, this was a price one could only obtain by calling the 800 number at NewYorker.com.

Or somewhere. After digging around, I found it at
 https://w1.buysub.com/pubs/N3/NYR/accoun…, which is where the link to Customer Care under My Account on the NewYorker website goes. It also required yet another login.

So, when I told the representative at the call center that I’d rather not “confirm” a year for a “discount” that probably wasn’t, she said I could renew for the $89.99 I had paid in the past, and that the deal would be good  through February of 2022. I said fine, let’s do that. So I gave her my credit card, said this was way too complicated, and added that a single simple subscription price would be better. She replied,  “Never gonna happen.” Let’s repeat that:

Never gonna happen.

Then I got this by email:

This appeared to confirm the subscription I already had. To see if that was the case, I went back to the buysub.com website and looked under the Account Summary tab, where it said this:

think this means that I last renewed on February 3 of this year, and what I did on the phone in August was commit to paying $89.99/year until February 10 of 2022.

If that’s what happened, all my call did was extend my existing subscription. Which was fine, but why require a phone call for that?

And WTF was that “Account Confirmation Required” email about? I assume it was bait to switch existing subscribers into paying $50 more per year.

Then there was this, at the bottom of the Account summary page:

This might explain why I stopped getting Vanity Fair, which I suppose I should still be getting.

So I clicked on”Reactivate and got a login page where the login I had used to get this far didn’t work.

After other failing efforts that I neglected to write down, I decided to go back to the New Yorker site and work my way back through two logins to the same page, and then click Reactivate one more time. Voila! ::::::

So now I’ve got one page that tells me I’m good to March 2021 next to a link that takes me to another page that says I ordered 12 issues last December and I can “start” a new subscription for $15 that would begin nine months ago. This is how one “reactivates” a subscription?  OMFG.

I’m also not going into the hell of moving the print subscription back and forth between the two places where I live. Nor will I bother now, in October, to ask why I haven’t seen another copy of Vanity Fair. (Maybe they’re going to the other place. Maybe not. I don’t know, and I’m too weary to try finding out.)

I want to be clear here that I am not sharing this to complain. In fact, I don’t want The New YorkerVanity Fair, Wred, Condé Nast (their parent company) or buysub.com to do a damn thing. They’re all FUBAR. By design. (Bonus link.)

Nor do I want any action out of Spectrum, SiriusXM, Dish Network or the other subscription-based whatevers whose customer disservice systems have recently soaked up many hours of my life.

See, with too many subscription systems (especially ones for periodicals), FUBAR is the norm. A matter of course. Pro forma. Entrenched. A box outside of which nobody making, managing or working in those systems can think.

This is why, when an alien idea appears, for example from a loyal customer just wanting a single and simple damn price, the response is “Never gonna happen.”

This is also why the subscription fecosystem can only be turned into an ecosystem from the outside. Our side. The subscribers’ side.

I’ll explain how at Customer Commons, which we created for exactly that purpose. Stay tuned for that.

[Later, in November 2022…] Since I wrote this, Rocket Money (formerly Truebill) and Trim have emerged as the leading competing services in this space. A review of the former here lays out the kinds of services both offer. My two problems with both are 1) they seem to only work on phones, and 2) they deal with the status quo (of companies out to screw us) rather than with the need for whole new customer-based solutions to the whole systemic subscription problem.

Two exceptions are Consumer Reports and The Sun.

Time for advertising to call off the dogs

August 4, 2020 in adtech, advertising, Journalism, marketing, publishing | 2 comments

Is this the way you want your brand to look?

Digital advertising needs to sniff its own stench, instead of everybody’s digital butts.

A sample of that stench is wafting through the interwebs from  the Partnership for Responsible Addressable Media, an ad industry bullphemism for yet another way to excuse the urge to keep tracking people against their wishes (and simple good manners) all over the digital world.

This new thing is a granfalloon conjured by the Association of National Advertisers (aka the ANA) and announced today in the faux-news style of the press release (which it no doubt also is) at the first link above. It begins,

AD INDUSTRY LAUNCHES “PARTNERSHIP FOR RESPONSIBLE ADDRESSABLE MEDIA” TO ENSURE FUTURE OF DIGITAL MEDIA FOR BUSINESSES & CONSUMERS
Governing Group of Industry Leaders Includes 4A’s, ANA, IAB, IAB Tech Lab, NAI, WFA, P&G, Unilever, Ford, GM, IBM, NBCUniversal, IPG, Publicis, Adobe, LiveRamp, MediaMath, The Trade Desk

NEW YORK (August 4, 2020) — Leading trade associations and companies representing every sector of the global advertising industry today joined together to launch the Partnership for Responsible Addressable Media, an initiative to advance and protect critical functionalities like customization and analytics for digital media and advertising, while safeguarding privacy and improving the consumer experience. The governing group of the Partnership will include the most influential organizations in advertising.

I learned about this from @WendyDavis, who wrote this piece in MediaPostNiemanLab summarizes what she reports with a tweet that reads, “A new ad-industry group will lobby Google and Apple to let them track users just a wee bit more, please and thank you.”

Writes Wendy,

The group will soon reach out to browser developers and platforms, in hopes of convincing them to rethink recent decisions that will limit tracking, according to Venable attorney Stu Ingis, who will head the legal and policy working group.

“These companies are taking huge positions that impact the entire economy — the entire media ecosystem — with no real input from the media ecosystem,” Ingis says.

As if the “entire media ecosystem” doesn’t contain the billions of humans being tracked.

Well, here’s a fact: ad blocking, which was already the biggest boycott in world history five years ago, didn’t happen in a vacuum. Even though ad blockers had been available since 2004, use of them didn’t hockey-stick until 2012-13, exactly when adtech and its dependents in publishing gave the middle finger to Do Not Track, which was nothing more than a polite request, expressed by a browser, for some damn privacy while we go about our lives online. See this in Harvard Business Review:

Here’s another fact: the browser makers actually care about their users, some of whom are paying customers (for example with Apple and Microsoft). They know what we want and need, and are giving it to us. Demand and supply at work.

The GDPR and the CCPA also didn’t happen in a vacuum. Both laws were made to protect citizens from exactly what adtech (tracking based advertising) does. And, naturally, the ad biz has been working mightily to obey the letter of those laws while violating their spirit. Why else would we be urged by cookie notices everywhere to “accept” exactly what we’ve made very clear that we don’t want?

So here are some helpful questions from the world’s billions to the brands now paying to have us followed like marked animals:

Have you noticed that not a single brand known to the world has been created by tracking people and aiming ads at them—even after spending a $trillion or two on doing that?

Have you noticed that nearly all the world’s major brands became known through advertising that not only didn’t track people, but sponsored journalism as well?

Have you noticed that tracking people and directing personalized messages at them—through “addressable media”—is in fact direct marketing, which we used to call junk mail?

Didn’t think so.

Time to get the clues, ad biz. Brands too.

Start with The Cluetrain Manifesto, which says, if you only have time for one clue this year, this is the one to get…

we are not seats or eyeballs or end users or consumers.
we are human beings — and our reach exceeds your grasp.
deal with it.

That year was 1999.

If advertising and marketing had bothered to listen back then, they might not be dealing today with the GDPR, the CCPA, and the earned dislike of billions.

Next, please learn (or re-learn) the difference between real advertising and the junk message business. Find that lesson in Separating Advertising’s Wheat and Chaff. An excerpt:

See, adtech did not spring from the loins of Madison Avenue. Instead its direct ancestor is what’s called direct response marketing. Before that, it was called direct mail, or junk mail. In metrics, methods and manners, it is little different from its closest relative, spam.

Direct response marketing has always wanted to get personal, has always been data-driven, has never attracted the creative talent for which Madison Avenue has been rightly famous. Look up best ads of all time and you’ll find nothing but wheat. No direct response or adtech postings, mailings or ad placements on phones or websites.

Yes, brand advertising has always been data-driven too, but the data that mattered was how many people were exposed to an ad, not how many clicked on one — or whether you, personally, did anything.

And yes, a lot of brand advertising is annoying. But at least we know it pays for the TV programs we watch and the publications we read. Wheat-producing advertisers are called “sponsors” for a reason.

So how did direct response marketing get to be called advertising ? By looking the same. Online it’s hard to tell the difference between a wheat ad and a chaff one.

Remember the movie “Invasion of the Body Snatchers?” (Or the remake by the same name?) Same thing here. Madison Avenue fell asleep, direct response marketing ate its brain, and it woke up as an alien replica of itself.

That’s what had happened to the ANA in 2018, when it acquired what had been the Direct Marketing Association (aka DMA) and which by then called itself the Data & Marketing Association.

The Partnership for Responsible Addressable Media speaks in the voice of advertising’s alien replica. It does not “safeguard essential values in advertising as a positive economic force.” Instead it wants to keep using “addressable” advertising as the primary instrument of surveillance capitalism.

Maybe it’s too late to save advertising from its alien self. But perhaps not, if what’s left of advertising’s soul takes the writings of Bob Hoffman (@AdContrarian) to heart. That’s the only way I know for advertising to clean up its act.

 

 

So far, privacy isn’t a debate

June 22, 2020 in adtech, advertising, Journalism, Law, marketing, personal data, problems, publishing, Technology, VRM | Permalink

door knocker

Remember the dot com boom?

Doesn’t matter if you don’t. What does matter is that it ended. All business manias do.

That’s why we can expect the “platform economy” and “surveillance capitalism” to end. Sure, it’s hard to imagine that when we’re in the midst of the mania, but the end will come.

When it does, we can have a “privacy debate.” Meanwhile, there isn’t one. In fact there can’t be one, because we don’t have privacy in the online world.

We do have privacy in the offline world, and we’ve had it ever since we invented clothing, doors, locks and norms for signaling what’s okay and what’s not okay in respect to our personal spaces, possessions and information.

That we hardly have the equivalent in the networked world doesn’t mean we won’t. Or that we can’t. The Internet in its current form was only born in the mid-’90s. In the history of business and culture, that’s a blip.

Really, it’s still early.

So, the fact that websites, network services, phone companies, platforms, publishers, advertisers and governments violate our privacy with wanton disregard for it doesn’t mean we can’t ever stop them. It means we haven’t done it yet, because we don’t have the tech for it. (Sure, some wizards do, but muggles don’t. And most of us are muggles.)

And, since we don’t have privacy tech yet, we lack the simple norms that grow around technologies that give us ways signal our privacy preferences. We’ll get those when we have the digital equivalents of buttons, zippers, locks, shades, curtains, door knockers and bells.

This is what many of us have been working on at ProjectVRM, Customer Commons, the Me2B Alliance, MyData and other organizations whose mission is getting each of us the tech we need to operate at full agency when dealing with the companies and governments of the world.

I bring all this up as a “Yes, and” to a piece in Salon by Michael Corn (@MichaelAlanCorn), CISO of UCSD, titled We’re losing the war against surveillance capitalism because we let Big Tech frame the debate. Subtitle: “It’s too late to conserve our privacy — but to preserve what’s left, we must stop defining people as commodities.”

Indeed. And we do need the “optimism and activism” he calls for. In the activism category is code. Specifically, code that gives us the digital equivalents of buttons, zippers, locks, shades, curtains, door knockers and bells

Some of those are in the works. Others are not—yet. But they will be. Inevitably. Especially now that it’s becoming clearer every day that we’ll never get them from any system with a financial interest in violating it*. Or from laws that fail at protecting it.

If you want to help, join one or more of the efforts in the links four paragraphs up. And, if you’re a developer already on the case, let us know how we can help get your solutions into each and all of our digital hands.

For guidance, this privacy manifesto should help. Thanks.

*Especially publishers such as Salon, which Privacy Badger tells me tries to pump 20 potential trackers into my browser while I read the essay cited above. In fact, according to WhoTracksMe.com, Salon tends to run 204 tracking requests per page load, and the vast majority of those are for tracking-based advertising purposes. And Salon is hardly unique. Despite the best intentions of the GDPR and the CCPA, surveillance capitalism remains fully defaulted on the commercial Web—and will continue to remain entrenched until we have the privacy tech we’ve needed from the start.

For more on all this, see People vs. Adtech.

Do you really need all this personal information, @RollingStone?

January 22, 2020 in adtech, advertising, Business, history, Internet, Journalism, Law, marketing, Personal, personal data, publishing, Technology, VRM | Permalink

Here’s the popover that greets visitors on arrival at Rolling Stone‘s website:

Our Privacy Policy has been revised as of January 1, 2020. This policy outlines how we use your information. By using our site and products, you are agreeing to the policy.

That policy is supplied by Rolling Stone’s parent (PMC) and weighs more than 10,000 words. In it the word “advertising” appears 68 times. Adjectives modifying it include “targeted,” “personalized,” “tailored,” “cookie-based,” “behavioral” and “interest-based.” All of that is made possible by, among other things—

Information we collect automatically:

Device information and identifiers such as IP address; browser type and language; operating system; platform type; device type; software and hardware attributes; and unique device, advertising, and app identifiers

Internet network and device activity data such as information about files you download, domain names, landing pages, browsing activity, content or ads viewed and clicked, dates and times of access, pages viewed, forms you complete or partially complete, search terms, uploads or downloads, the URL that referred you to our Services, the web sites you visit after this web site; if you share our content to social media platforms; and other web usage activity and data logged by our web servers, whether you open an email and your interaction with email content, access times, error logs, and other similar information. See “Cookies and Other Tracking Technologies” below for more information about how we collect and use this information.

Geolocation information such as city, state and ZIP code associated with your IP address or derived through Wi-Fi triangulation; and precise geolocation information from GPS-based functionality on your mobile devices, with your permission in accordance with your mobile device settings.

The “How We Use the Information We Collect” section says they will—

Personalize your experience to Provide the Services, for example to:

  • Customize certain features of the Services,
  • Deliver relevant content and to provide you with an enhanced experience based on your activities and interests
  • Send you personalized newsletters, surveys, and information about products, services and promotions offered by us, our partners, and other organizations with which we work
  • Customize the advertising on the Services based on your activities and interests
  • Create and update inferences about you and audience segments that can be used for targeted advertising and marketing on the Services, third party services and platforms, and mobile apps
  • Create profiles about you, including adding and combining information we obtain from third parties, which may be used for analytics, marketing, and advertising
  • Conduct cross-device tracking by using information such as IP addresses and unique mobile device identifiers to identify the same unique users across multiple browsers or devices (such as smartphones or tablets, in order to save your preferences across devices and analyze usage of the Service.
  • using inferences about your preferences and interests for any and all of the above purposes

For a look at what Rolling Stone, PMC and their third parties are up to, Privacy Badger’s browser extension “found 73 potential trackers on www.rollingstone.com:

tagan.adlightning.com
 acdn.adnxs.com
 ib.adnxs.com
 cdn.adsafeprotected.com
 static.adsafeprotected.com
 d.agkn.com
 js.agkn.com
 c.amazon-adsystem.com
 z-na.amazon-adsystem.com
 display.apester.com
 events.apester.com
 static.apester.com
 as-sec.casalemedia.com
 ping.chartbeat.net
 static.chartbeat.com
 quantcast.mgr.consensu.org
 script.crazyegg.com
 dc8xl0ndzn2cb.cloudfront.net
cdn.digitru.st
 ad.doubleclick.net
 securepubads.g.doubleclick.net
 hbint.emxdgt.com
 connect.facebook.net
 adservice.google.com
 pagead2.googlesyndication.com
 www.googletagmanager.com
 www.gstatic.com
 static.hotjar.com
 imasdk.googleapis.com
 js-sec.indexww.com
 load.instinctiveads.com
 ssl.p.jwpcdn.com
 content.jwplatform.com
 ping-meta-prd.jwpltx.com
 prd.jwpltx.com
 assets-jpcust.jwpsrv.com
 g.jwpsrv.com
pixel.keywee.co
 beacon.krxd.net
 cdn.krxd.net
 consumer.krxd.net
 www.lightboxcdn.com
 widgets.outbrain.com
 cdn.permutive.com
 assets.pinterest.com
 openbid.pubmatic.com
 secure.quantserve.com
 cdn.roiq.ranker.com
 eus.rubiconproject.com
 fastlane.rubiconproject.com
 s3.amazonaws.com
 sb.scorecardresearch.com
 p.skimresources.com
 r.skimresources.com
 s.skimresources.com
 t.skimresources.com
launcher.spot.im
recirculation.spot.im
 js.spotx.tv
 search.spotxchange.com
 sync.search.spotxchange.com
 cc.swiftype.com
 s.swiftypecdn.com
 jwplayer.eb.tremorhub.com
 pbs.twimg.com
 cdn.syndication.twimg.com
 platform.twitter.com
 syndication.twitter.com
 mrb.upapi.net
 pixel.wp.com
 stats.wp.com
 www.youtube.com
 s.ytimg.com

This kind of shit is why we have the EU’s GDPR (General Data Protection Regulation) and California’s CCPA (California Consumer Privacy Act). (No, it’s not just because Google and Facebook.) If publishers and the adtech industry (those third parties) hadn’t turned the commercial Web into a target-rich environment for suckage by data vampires, we’d never have had either law. (In fact, both laws are still new: the GDPR went into effect in May 2018 and the CCPA a few days ago.)

I’m in California, where the CCPA gives me the right to shake down the vampiretariat for all the information about me they’re harvesting, sharing, selling or giving away to or through those third parties.* But apparently Rolling Stone and PMC don’t care about that.

Others do, and I’ll visit some of those in later posts. Meanwhile I’ll let Rolling Stone and PMC stand as examples of bad acting by publishers that remains rampant, unstopped and almost entirely unpunished, even under these new laws.

I also suggest following and getting involved with the fight against the plague of data vampirism in the publishing world. These will help:

  1. Reading Don Marti’s blog, where he shares expert analysis and advice on the CCPA and related matters. Also People vs. Adtech, a compilation of my own writings on the topic, going back to 2008.
  2. Following what the browser makers are doing with tracking protection (alas, differently†). Shortcuts: Brave, Google’s Chrome, Ghostery’s Cliqz, Microsoft’s Edge, Epic, Mozilla’s Firefox.
  3. Following or joining communities working to introduce safe forms of nourishment for publishers and better habits for advertisers and their agencies. Those include Customer CommonsMe2B AllianceMyData Global and ProjectVRM.

______________

*The bill (AB 375), begins,

The California Constitution grants a right of privacy. Existing law provides for the confidentiality of personal information in various contexts and requires a business or person that suffers a breach of security of computerized data that includes personal information, as defined, to disclose that breach, as specified.

This bill would enact the California Consumer Privacy Act of 2018. Beginning January 1, 2020, the bill would grant a consumer a right to request a business to disclose the categories and specific pieces of personal information that it collects about the consumer, the categories of sources from which that information is collected, the business purposes for collecting or selling the information, and the categories of 3rd parties with which the information is shared. The bill would require a business to make disclosures about the information and the purposes for which it is used. The bill would grant a consumer the right to request deletion of personal information and would require the business to delete upon receipt of a verified request, as specified. The bill would grant a consumer a right to request that a business that sells the consumer’s personal information, or discloses it for a business purpose, disclose the categories of information that it collects and categories of information and the identity of 3rd parties to which the information was sold or disclosed…

Don Marti has a draft letter one might submit to the brokers and advertisers who use all that personal data. (He also tweets a caution here.)

†This will be the subject of my next post.

On Linux Journal

August 13, 2019 in advertising, Business, privacy, problems, publishing | Permalink

Whither Linux Journal?

[16 August 2019…] Had a reassuring call yesterday with Ted Kim, CEO of London Trust Media. He told me the company plans to keep the site up as an archive at the LinuxJournal.com domain, and that if any problems develop around that, he’ll let us know. I told him we appreciate it very much—and that’s where it stands. I’m leaving up the post below for historical purposes.

On August 5th, Linux Journal‘s staff and contractors got word from the magazine’s parent company, London Trust Media, that everyone was laid off and the business was closing. Here’s our official notice to the world on that.

I’ve been involved with Linux Journal since before it started publishing in 1994, and have been on its masthead since 1996. I’ve also been its editor-in-chief since January of last year, when it was rescued by London Trust Media after nearly going out of business the month before. I say this to make clear how much I care about Linux Journal‘s significance in the world, and how grateful I am to London Trust Media for saving the magazine from oblivion.

London Trust Media can do that one more time, by helping preserve the Linux Journal website, with its 25 years of archives, so all its links remain intact, and nothing gets 404’d. Many friends, subscribers and long-time readers of Linux Journal have stepped up with offers to help with that. The decision to make that possible, however, is not in my hands, or in the hands of anyone who worked at the magazine. It’s up to London Trust Media. The LinuxJournal.com domain is theirs.

I have had no contact with London Trust Media in recent months. But I do know at least this much:

  1. London Trust Media has never interfered with Linux Journal‘s editorial freedom. On the contrary, it quietly encouraged our pioneering work on behalf of personal privacy online. Among other things, LTM published the first draft of a Privacy Manifesto now iterating at ProjectVRM, and recently published on Medium.
  2. London Trust Media has always been on the side of freedom and openness, which is a big reason why they rescued Linux Journal in the first place.
  3. Since Linux Journal is no longer a functioning business, its entire value is in its archives and their accessibility to the world. To be clear, these archives are not mere “content.” They are a vast store of damned good writing, true influence, and important history that search engines should be able to find where it has always been.
  4. While Linux Journal is no longer listed as one of London Trust Media’s brands, the website is still up, and its archives are still intact.

While I have no hope that Linux Journal can be rescued again as a subscriber-based digital magazine, I do have hope that the LinuxJournal.com domain, its (Drupal-based) website and its archives will survive. I base that hope on believing that London Trust Media’s heart has always been in the right place, and that the company is biased toward doing the right thing.

But the thing is up to them. It’s their choice whether or not to support the countless subscribers and friends who have stepped forward with offers to help keep the website and its archives intact and persistent on the Web. It won’t be hard to do that. And it’s the right thing to do.

Here’s a cool project: completely revolutionize shopping online

August 12, 2019 in Business, Customertech, Internet, publishing, Technology, VRM | Permalink

In 1995, shortly after she first encountered e-commerce, my wife assigned a cool project to the world by asking a simple question: Why can’t I take my shopping cart from site to site?

The operative word in that question is the first person possessive pronoun: my.

Look up personal online shopping cart and you’ll get nearly a billion results, but none are for a shopping cart of your own. They’re all for shopping carts in commercial websites. In other words, those carts are for sellers, not buyers. They may say “my shopping cart” (a search for that one yields 3.1 billion results), but what they mean is their shopping cart. They say “my” in the same coo-ing way an adult might talk to a baby. (Oh, is my diaper full?)

Shopping online has been stuck in this uncool place because it got modeled on client-server, which should have been called “slave-master” when it got named a few decades ago. Eight years ago here (in our September 2011 issue) I called client-server “calf-cow,” and illustrated it with this photo (which a reader correctly said was shot in France, because it was clear to him that these are French cows):

calf-cow

It began,

As entities on the Web, we have devolved. Client-server has become calf-cow. The client—that’s you—is the calf, and the Web site is the cow. What you get from the cow is milk and cookies. The milk is what you go to the site for. The cookies are what the site gives to you, mostly for its own business purposes, chief among which is tracking you like an animal. There are perhaps a billion or more server-cows now, each with its own “brand” (as marketers and cattle owners like to say).

This is not what the Net’s founders had in mind. Nor was it what Tim Berners-Lee meant for his World Wide Web of hypertext documents to become. But it’s what we’ve got, and it’s getting worse.

In February 2011, Eben Moglen gave a landmark speech to the Internet Society titled “Freedom in the Cloud”, in which he unpacked the problem. In the beginning, he said, the Internet was designed as “a network of peers without any intrinsic need for hierarchical or structural control, and assuming that every switch in the Net is an independent, free-standing entity whose volition is equivalent to the volition of the human beings who want to control it”. Alas, “it never worked out that way”. Specifically:

If you were an ordinary human, it was hard to perceive that the underlying architecture of the Net was meant to be peerage because the OS software with which you interacted very strongly instantiated the idea of the server and client architecture.

In fact, of course, if you think about it, it was even worse than that. The thing called “Windows” was a degenerate version of a thing called “X Windows”. It, too, thought about the world in a server-client architecture, but what we would now think of as backwards. The server was the thing at the human being’s end. That was the basic X Windows conception of the world. It served communications with human beings at the end points of the Net to processes located at arbitrary places near the center in the middle, or at the edge of the Net…

No need to put your X Windows hat back on. Think instead about how you would outfit your own shopping cart: one you might take from store to store.

For this it helps to think about how you already outfit your car, SUV or truck: a vehicle that is unambiguously yours, even if you only lease it. (By yours I mean you operate it, as an extension of you. When you drive it, you wear it like a carapace. In your mind, those are my wheels, my engine, my fenders.)

Since you’ll be driving this thing in the online world, there’s a lot more you can do with it than the one obvious thing, which is to keep a list of all the things you’ve put in shopping carts at multiple websites. Instead start with a wish list that might include everything you ought to be getting from e-commerce, but can’t because e-commerce remains stuck in the calf-cow model, so the whole thing is about cows getting scale across many calves. Your personal shopping cart should be a way for you to get scale across all of e-commerce. Depending on how much you want to kit up your cart, you should be able to—

  1. Keep up with prices for things you want that have changed, across multiple sites
  2. Intentcast to multiple stores your intention to buy something, and say under what conditions you’d be willing to buy it
  3. Subscribe and unsubscribe from mailings in one standard way that’s yours
  4. Keep up with “loyalty” programs at multiple sites, including coupons and discounts you might be interested in (while rejecting the vast majority of those that are uninteresting, now or forever)
  5. Keep records of what you’ve bought from particular retailers in the past, plus where and when you bought those things, including warranty information
  6. Let stores know what your privacy policies are, plus your terms and conditions for dealing with them, including rules for how your personal data might be used
  7. Have a simple and standard way to keep in touch with the makers and sellers of what you own—one that works for you and for those others, in both directions
  8. Have a way to change your contact information for any or all of them, in one move
  9. Mask or reveal what you wish to reveal about yourself and your identity, with anonymity as the default
  10. Pay in the fiat or crypto currency of your choice
  11. Use your own damn wallet, rather than using a Google, Apple or a Whatever wallet
  12. Everything else on the ProjectVRM punch list, where you’ll find links to work on many of the ideas above.

Yes, I know. All those things fly in the face of Business As Usual. They’ll be fought by incumbents, require standards or APIs that don’t yet exist, and so on. But so what. All those things also can be done technically. And, as Marc Andreessen told me (right here in Linux Journal, way back in 1998), “all the significant trends start with technologists.” So start one.

You also don’t need to start with a shopping cart. Anything on that list can stand alone or be clustered in some other… well, pick your metaphor: dashboard, cockpit, console, whatever. It might also help to know there is already development work in nearly all of those cases, and an abundance of other opportunities to revolutionize approaches to business online that have been stuck for a long time. To explain how long, here is the entire text of a one-slide presentation Phil Windley gave a few years ago:

HISTORY OF E-COMMERCE

1995: Invention of the Cookie

The End

Now is the time to break out of the cookie jar where business has been stuck for an inexcusably long time.

It’s time to start working for customers, and making them more than just “users” or “consumers.” Think Me2B and not just B2C. Make customertech and not just salestech, adtech and martech. Give every customer leverage:

By doing that, you will turn the whole marketplace into a Marvel-like universe where all of us are enhanced.

For inspiration, think about what Linux did against every other operating system. Think about what the Internet did to every LAN, WAN, phone company and cable company in the world. Think about what the Web did to every publishing system.

Linux, the Net and the Web each had something radical in common: they extended the power of individual human beings before they utterly reformed every activity and enterprise that came to depend on them.

If you’re interested in any of those projects above, talk to me. Or just start working on it, and tell me about it so I can help the world know.

Getting past broken cookie notices

July 29, 2019 in Digital Life, Internet, personal data, publishing | Permalink

Go to the Alan Turing Institute. If it’s a first time for you, a popover will appear:

Among the many important things the Turing Institute is doing for us right now is highlighting with that notice exactly what’s wrong with the cookie system for remembering choices, and lack of them, for each of us using the Web.

As the notice points out, the site uses “necessary cookies,” “analytics cookies” (defaulted to On, in case you can’t tell from the design of that switch), and (below that) “social cookies.” Most importantly, it does not use cookies meant to track you for advertising purposes. They should brag on that one.

What these switches highlight is that the memory of your choices is theirs, not yours. The whole cookie system outsources your memory of cookie choices to the sites and services of the world. While the cookies themselves can be found somewhere deep in the innards of your computer, you have little or no knowledge of what they are or what they mean, and there are thousands of those in there already.

And yes, we do have browsers that protect us in various ways from unwelcome cookies, but they all do that differently, and none in standard ways that give us clear controls over how we deal with sites and how sites deal with us.

One way to start thinking about this is as a need for cookies go the other way:

I wrote about that last year at Linux Journal in a post by that title. A nice hack called Global Consent Manager does that.

Another way is to think (and work toward getting the sites and services of the world to agree to our terms, and to have standard ways of recording that, on our side rather than theirs. Work on that is proceeding at Customer Commons, the IEEE, various Kantara initiatives and the Me2B Alliance.

Then we will need a dashboard, a cockpit (or the metaphor of your choice) through which we can see and control what’s going on as we move about the Web. This will give us personal scale that we should have had on Day One (specifically, in 1995, when graphical browsers took off). This too should be standardized.

There can be no solution that starts on the sites’ side. None. That’s a fail that in effect gives us a different browser for every site we visit. We need solutions of our own. Personal ones. Global ones. Ones with personal scale. It’s the only way.

« Older entries