Markets vs. Marketing in the Age of AI

Maybe history will defeat itself.

Remember FreePC? It was a thing, briefly, at the end of the last millennium, right before Y2K pooped the biggest excuse for a party in a thousand years. This may help. The idea was to put ads in the corner of your PC’s screen. The market gave it zero stars, and it failed.

And now comes Telly, hawking free TVs with ads in a corner, and a promise to “optimize your ad experience.” As if anybody wants an ad experience other than no advertising at all.

Negative demand for advertising has been well advertised by both ad blocking (the biggest boycott in human history) and ad-free “prestige” TV, (or SVOD, for subscription video on demand). With those we gladly pay—a lot— not to see advertising. (See numbers here.)

But the advertising business (in the mines of which I toiled for too much of my adult life) has always smoked its own exhaust and excels best at getting high with generous funders. (Yeah, some advertising works, but on the whole people still hate it on the receiving end.)

The fun will come when our own personal AI bots, working for our own asses, do battle with the robot Nazgûls of marketing — and win, because we’re on the Demand side of the marketplace, and we’ll do a better job of knowing what we want and don’t want to buy than marketing’s surveillant AI robots can guess at. Supply will survive, of course. But markets will defeat marketing by taking out the middle creep.

The end state will be one Cluetrain forecast in 1999, Linux Journal named in 2006, the VRM community started working on that same year, and The Intention Economy detailed in 2012. The only thing all of them missed was how customer intentions might be helped by personal AI.

Personal. Not personalized.

Markets will become new and better dances between Demand and Supply, simply because Demand will have better ways to take the lead, and not just follow all the time. Simple as that.

 

Toward a lexicon for advertising in both directions

We need a lexicon for the different ways buyers and sellers express their intentions to each other. Or, one might say, advertise.

On the demand side (⊂) we have what in ProjectVRM we’ve called intentcasting and (earlier) personal RFP. Scott Adams calls it broadcast shopping and John Hagel and David Siegel both (in books by that title) call it pull.

On the sell side (⊃) I can list at least six kinds of advertising alone that desperately need distinctive labels. To pull them apart, these are:

1. Brand advertising. This kind is aimed at populations. All of it is contextual, meaning placed in media, TV or radio programs, or publications, that appeal broadly or narrowly to a categorized audience. None of it is tracking-based, and none of it is personal. Little of it wants a direct response. It simply means to impress. This is also the form of advertising that burned every brand you can name into your brain. In fact the word brand itself was borrowed from the cattle industry by Procter & Gamble in the 1930s, when it also funded the golden age of radio. Today it is also what sponsors all of sports broadcasting and pays most sports stars their massive salaries.
2. Search advertising. This is what shows up with search results. There are two very different kinds here:
   1. Context-based. Not based on tracking. This is what DuckDuckGo does.
   2. Context+tracking based. This is what Google and Bing do.
3. Tracking-based advertising. I’ve called this adtech. Cory Doctorow calls it ad-tech. Others call it ad tech. Some euphemize it as behavioral, relevant, interest-based, or personalized. Shoshana Zuboff says all of them are based on surveillance, which they are. So many critics speak of it as surveillance-based advertising.
4. Advertising that’s both contextual and personal—but only in the sense that a highly characterized individual falls within a group, or a collection of overlapping groups, chosen by the advertiser. These are Facebook’s Core, Custom and Look-Alike audiences. Talk to Facebook and they’ll tell you these ads are not meant to be personal, though you should not be surprised to see ads for shoes when you have made clear to Facebook’s trackers (on the site, the apps, and wherever the company’s tentacles reach) that you might be in the market for shoes. Still, since Facebook characterizes every face in its audience in almost countless ways, it’s easy to call this form of advertising tracking-based.
5. Interactive advertising. Vaguely defined by Wikipedia here,  and sometimes called conversational advertising,  the purpose is to get an interactive response from people. The expression is not much used today, even though the Interactive Advertising Bureau (IAB) is the leading trade association in the tracking-based advertising field and its primary proponent.
6. Native advertising, also called sponsored content, is advertising made to look like ordinary editorial material.

The list is actually much longer. But the distinction that matters is between advertising that is tracking-based and the advertising that is not. As I put it in Brands need to fire adtech,

Let’s be clear about all the differences between adtech and real advertising. It’s adtech that spies on people and violates their privacy. It’s adtech that’s full of fraud and a vector for malware. It’s adtech that incentivizes publications to prioritize “content generation” over journalism. It’s adtech that gives fake news a business model, because fake news is easier to produce than the real kind, and adtech will pay anybody a bounty for hauling in eyeballs.

Real advertising doesn’t do any of those things, because it’s not personal. It is aimed at populations selected by the media they choose to watch, listen to or read. To reach those people with real ads, you buy space or time on those media. You sponsor those media because those media also have brand value.

With real advertising, you have brands supporting brands.

Brands can’t sponsor media through adtech because adtech isn’t built for that. On the contrary, adtech is built to undermine the brand value of all the media it uses, because it cares about eyeballs more than media.

Adtech is magic in this literal sense: it’s all about misdirection. You think you’re getting one thing while you’re really getting another. It’s why brands think they’re placing ads in media, while the systems they hire chase eyeballs. Since adtech systems are automated and biased toward finding the cheapest ways to hit sought-after eyeballs with ads, some ads show up on unsavory sites. And, let’s face it, even good eyeballs go to bad places.

This is why the media, the UK government, the brands, and even Google are all shocked. They all think adtech is advertising. Which makes sense: it looks like advertising and gets called advertising. But it is profoundly different in almost every other respect. I explain those differences in Separating Advertising’s Wheat and Chaff:

…advertising today is also digital. That fact makes advertising much more data-driven, tracking-based and personal. Nearly all the buzz and science in advertising today flies around the data-driven, tracking-based stuff generally called adtech. This form of digital advertising has turned into a massive industry, driven by an assumption that the best advertising is also the most targeted, the most real-time, the most data-driven, the most personal — and that old-fashioned brand advertising is hopelessly retro.

In terms of actual value to the marketplace, however, the old-fashioned stuff is wheat and the new-fashioned stuff is chaff. In fact, the chaff was only grafted on recently.

See, adtech did not spring from the loins of Madison Avenue. Instead its direct ancestor is what’s called direct response marketing. Before that, it was called direct mail, or junk mail. In metrics, methods and manners, it is little different from its closest relative, spam.

Direct response marketing has always wanted to get personal, has always been data-driven, has never attracted the creative talent for which Madison Avenue has been rightly famous. Look up best ads of all time and you’ll find nothing but wheat. No direct response or adtech postings, mailings or ad placements on phones or websites.

Yes, brand advertising has always been data-driven too, but the data that mattered was how many people were exposed to an ad, not how many clicked on one — or whether you, personally, did anything.

And yes, a lot of brand advertising is annoying. But at least we know it pays for the TV programs we watch and the publications we read. Wheat-producing advertisers are called “sponsors” for a reason.

So how did direct response marketing get to be called advertising ? By looking the same. Online it’s hard to tell the difference between a wheat ad and a chaff one.

Remember the movie “Invasion of the Body Snatchers?” (Or the remake by the same name?) Same thing here. Madison Avenue fell asleep, direct response marketing ate its brain, and it woke up as an alien replica of itself.

This whole problem wouldn’t exist if the alien replica wasn’t chasing spied-on eyeballs, and if advertisers still sponsored desirable media the old-fashioned way.

Bonus link.

I wrote that in 2017. The GDPR became enforceable in 2018 and the CCPA in 2020.  Today more laws and regulations are being instituted to fight tracking-based advertising, yet the whole advertising industry remains drunk on digital, deeply corrupt and delusional, and growing like a Stage IV cancer.

We live digital lives now, and most of the advertising we see and hear is on or through glowing digital rectangles. Most of those are personal as well. So, naturally, most advertising on those media is personal—or wishes it was. Regulations that require “consent” for the tracking that personalization requires do not make the practice less hostile to personal privacy. They just make the whole mess easier to rationalize.

So I’m trying to do two things here.

One is to make clearer the distinctions between real advertising and direct marketing.

The other is to suggest that better signaling from demand to supply, starting with intentcasting, may serve as chemo for the cancer that adtech has become. It will do that by simply making clear to sellers what buyers actually want and don’t want.

 

 

Shall we commit advercide?

On our mailing list, there is a suggestion that we need a browser that kills all the advertising it sees on the Web. Not just the rude kind, or the tracking-based kind. The idea is to waste it all. The business model is, “$10 a month for a browser which guarantees no adverts, ever. If you see an advert, you file a bug report.”

I dismissed the idea a few years ago, when it first came up, for what seemed good and obvious reasons: that lots of advertising is informative and useful, that good and honest (e.g. non-tracking-based) advertising supports most of the world’s journalism, and so on.

But now most advertising on the Web is tracking-based (“programmatic” mostly means tracking-based), and most of the businesses involved seem hellbent on keeping it that way.

As for regulations, the GDPR and CCPA mean well, but they’ve done little to stop tracking, and much to make it worse.  Search for gdpr+compliance on Google and right now and see how many results you get. (I get way over a billion.) Nearly all of the finds you’ll see are pitches for ways sites and services can obey the letter of the GDPR while screwing its spirit. In other words, the GDPR and the CCPA have created a giant market for working around them.

Clearly the final market for goods and services on the Net—that’s you and me, ordinary human beings—don’t like being tracked like marked animals, and all the lost privacy that tracking involves. And hell, ad blocking alone was the biggest boycott in world history, way back in 2015. That says plenty.

So why not give our market a way to speak? Why not incentivize publishers to start making money in ways that respect everyone’s privacy?

Also, we’re not alone. Dig CheckMyAds.org and their efforts, such as this one.

Comments work on this blog again, so feel free to weigh in.

 

QR codes are becoming fishhooks

We’ve been very bullish on QR codes here, because they’re an excellent way for customers and vendors to shake hands, to start doing business, and to form constructive relationships.

Alas, they have become bait for tracking by marketers. In QR Codes Are Here to Stay. So Is the Tracking They Allow, Erin Woo (@erinkwoo) of the NY Times explains how:

Restaurants have adopted them en masse, retailers including CVS and Foot Locker have added them to checkout registers, and marketers have splashed them all over retail packaging, direct mail, billboards and TV advertisements.

But the spread of the codes has also let businesses integrate more tools for tracking, targeting and analytics, raising red flags for privacy experts. That’s because QR codes can store digital information such as when, where and how often a scan occurs. They can also open an app or a website that then tracks people’s personal information or requires them to input it.

As a result, QR codes have allowed some restaurants to build a database of their customers’ order histories and contact information. At retail chains, people may soon be confronted by personalized offers and incentives marketed within QR code payment systems.

“People don’t understand that when you use a QR code, it inserts the entire apparatus of online tracking between you and your meal,” said Jay Stanley, a senior policy analyst at the American Civil Liberties Union. “Suddenly your offline activity of sitting down for a meal has become part of the online advertising empire.”

So that’s one more thing to fix in our apps and browsers. But how?

Obviously, we can try to avoid QR codes; but there are a growing number of places where that’s not possible.

Providing ways to opt out is a giant non-starter, as we’ve learned at great pain on the Web. (Do you have any record at all of the separate privacy settings you’ve made at all the sites and services where those choices have been provided? Of course not.)

We need at least two things here, and fast.

One is some way, in our phones or browsers, to prevent QR code scanning on phones from turning into tracking. Are you listening, Apple and Google? Plus everybody else in the QR code business?

The other is regulation. And I hate to say that, because too many regulations protect yesterday from last Thursday, and distort markets in ways seen and unseen for decades to come. But this is a case where we really need it.

[Two days later…]

There has been much follow-up to this piece. If you’re interested in that, start with this clip rom Wednesday;s FLOSS Weekly podcast, where Jonathan Bennett (@JP_Bennett) provides some excellent answers to questions raised here and elsewhere.

On Twitter, @QRcodeART has some good follow-up under an @TWiT tweet pointing to that clip. In that thread I stand accused of “pure babbling,” to which I plead guilty (providing, as I do, an example of how, as Garrison Keillor once put it, “English is the preacher’s language because it allows you to talk until you think of what to say”).

The main point in the thread is that QR codes are essentially “innocent.” Also, “#Bluetooth is much worse! Creative names, unique IDs (!) and such and usually open and “seeable” for everybody. Similar to your #Wifi searching always for a #WLan in the perimeter. Unique funny names and identifiable MAC addresses. Think about that !”

Good advice. Clearly, there are concerns for all the tech we use, especially the networked kind. If we fail to take precautions such as those Jonathan recommends, we’re likely being tracked in ways we wouldn’t welcome if we knew about it. Returning to the metaphor, everything you carry, scan or click on can be a fishhook. And, to the hookers, you’re just a fish.

 

 

What law might clear the way for VRM/Me2B development?

VRM/Me2B developers shouldn’t have to wait for laws to pave the way through a wall-like status quo.  (And we say that in our Privacy Manifesto.) But a good law or two should help.

That was I had hoped—even expected—the GDPR to do.  Specifically, I called it  “the world’s most heavily weaponized law protecting personal privacy,” said it was “aimed at companies that track people without asking” and that it would “blow away the (mostly US-based) surveillance economy, especially tracking-based ‘adtech,’ which supports most commercial publishing online.”

That hasn’t happened.

It has been sixteen months since the GDPR went into effect (May 2018), and violation of personal privacy online today remains as pervasive as ever. Worse, violators take advantage of a loophole* in the GDPR that allows them to continue tracking people by requiring (or appearing to require) “consent” to  cookies and other means of tracking (so you can get “personalized,” “interest-based” or “relevant” advertising, the perpetrators say). As long as various EU countries’ Data Protection Authorities (who enforce the GDPR) fail to focus on simple fact that nearly every website and its third parties are doing the same bad things Google and Facebook are accused of doing, the practice will continue, and the GDPR will remain a failure at stopping widespread spying-based adtech.

Meanwhile, many privacy advocates in the U.S. (including me) have invested hope in the California Consumer Privacy Act (CCPA), which will go into effect on January 1, 2020.  I invite you to visit the operative language in that law, starting  here. As legalese goes, it’s remarkably readable. Meanwhile, Wikipedia compresses these rather well under the heading Intentions of the Act:

The intentions of the Act are to provide California residents with the right to:

1. Know what personal data is being collected about them.
2. Know whether their personal data is sold or disclosed and to whom.
3. Say no to the sale of personal data.
4. Access their personal data.
5. Request a business to delete any personal information about a consumer collected from that consumer.
6. Not be discriminated against for exercising their privacy rights.

Note that this presumes that nearly all agency resides on the data collectors’ side, and that the only agency possible on the individual’s side is asking to know or say no to what others who collected personal data can do with it.

That’s not enough.

Making matters worse is that we are mere “consumers” to the CCPA, “data subjects” to the GDPR and “users” to the computer industry—in each case with no more freedom and agency than what potential violators of our privacy (e.g. the websites and services of the world) separately grant us, through their countless, lengthy and infinitely varied privacy policies, terms and “agreements.”

In other words, we’re still at Square Zero, and Square One is neither the CCPA nor the GDPR. Those are relevant in the ways that guard rails are relevant to a winding road; but we don’t have the road yet.

While I’ve made it clear elsewhere that we need tech more than policy (because tech of our own—VRM tech—gives us agency), it will sure help to have policy that guides the deployment of that tech.

So,  what law might actually open the way for VRM development, preferably by simply giving individuals a new power they’ve been lacking, such as real control over just one aspect of their privacy: what Louis Brandeis and Samuel Warren called “the right to be let alone” when we’re online?

I like two.

First is the Do-Not-Track Act of 2019. It’s model legislation from DuckDuckGo, and explained this way:

When you turn on the setting in your browser that says “Do Not Track”, you probably expect to no longer be tracked on most websites you visit. Right? Well, you would be wrong. But don’t worry, you’re not alone.

Our recent study on the Do Not Track (DNT) browser setting indicated that about a quarter of people have turned on this setting, and most were unaware big sites do not respect it. That means approximately 75 million Americans, 115 million citizens of the European Union, and many more people worldwide are, right now, broadcasting a DNT signal.

All of these people are actively asking the sites they visit to not track them. Unfortunately, no law requires websites to respect your Do Not Track signals, and the vast majority of sites, including most all of the big tech companies, sadly choose to simply ignore them.

Let’s change that now. Let’s put teeth behind this widely used browser setting by making a law that would align with current consumer expectations and empower people to more easily regain control of their online privacy.

While DuckDuckGo actively supports the passing of strong, comprehensive privacy laws, we also recognize that it will take time for them to take effect worldwide. In the meantime, governments can provide immediate relief by enacting separate, simpler Do Not Track legislation.

It is extremely rare to have such an exciting legislative opportunity like this, where the hardest work — coordinated mainstream technical implementation and widespread consumer adoption — is already done.

That’s why we’re announcing draft legislation that can serve as a starting point for legislators in America and beyond. It’s entitled the “Do-Not-Track Act of 2019” and, if it were to be enacted, would require sites to respect the Do Not Track browser setting in this manner:

1. No third-party tracking by default. Data brokers would no longer be legally able to use hidden trackers to slurp up your personal information from the sites you visit. And the companies that deploy the most trackers across the web — led by Google, Facebook, and Twitter — would no longer be able to collect and use your browsing history without your permission.
2. No first-party tracking outside what the user expects. For example, if you use Whatsapp, its parent company (Facebook) wouldn’t be able to use your data from Whatsapp in unrelated situations (like for advertising on Instagram, also owned by Facebook). As another example, if you go to a weather site, it could give you the local forecast, but not share or sell your location history.

Under this proposed law, these restrictions would only come into play if a consumer has turned on the Do Not Track signal for their Internet traffic. To keep the Internet from breaking, these restrictions would have very narrowly tailored exceptions for debugging, auditing, security, non-commercial security research, and reporting, and further limited by mandated data-minimization requirements.

In particular, each of these narrow exceptions would only apply if a site adopts strict data-minimization practices, such as using the least amount of personal information needed, and anonymizing it whenever possible. And importantly, this draft legislation takes a more realistic view of what constitutes anonymous data vs. de-identified data. Legislators need to appreciate that users can be re-identified unless companies implement extra measures of protection.

Katherine Druckman and I also talked about this a bit with Gabriel Weinberg, CEO and founder of DuckDuckGo, in our Reality 2.0 podcast with him last month.

The other is Adrian Gropper‘s Patient Privacy Rights Information Governance Label. It says,

Patient Privacy Rights Information Governance Label August 19, 2019 Note: 0-to-5 of the boxes to be checked by the application, device, or service provider.1. No sharing: The data is never shared with any external entities. It is not even shared in de-identified form.

2. No aggregation: The data is never aggregated with other types of input or data from external sources. This includes mixing the data gathered via The Service with other data, such as patient-reported outcomes.

3. Always voluntary self-identification: The user of The Service is able to choose their own identity. The user does not need to have their identity verified unless required by law.

4. Digital agent support: The user is able to specify a digital agent, trustee, or equivalent information manager, and this specified agent will not be subject to certification or censorship.

5. No vendor lock-in: The Service is easily and conveniently substitutable, so the user can easily move their data to another vendor providing a similar service. This prevents vendor lock-in and is often accomplished using Open Standards. Indications for Use: The five separately self-asserted statements on the PPR Information Governance Label are subject to legal enforcement as would the privacy policy associated with The Service.

While not proposed as a law, it would be good to have a law that imposes those requirements, and leaves room for individuals to provide for exceptions, for example when they have working relationships with a service provider.

Maciej Ceglowski also has some good suggestions.

---

*Part 1 under Article 6 of the GDPR, covering the “Lawfulness of processing,” says, “Processing shall be lawful only if and to the extent that at least one of the following applies: (a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes.” Hence the consent notices with an “accept” button in front of websites.  These are most often presented as “cookie notices.” (Which are actually required by earlier EU law that was to some degree ignored until the GDPR came along.)

Whether a notice on the front of a website talks cookies or not, it usually means the site is obtaining your consent to being tracked “to personalize content and advertising” (or whatever) by spying on you. I’ve been told by GDPR experts that this really isn’t a loophole, and that most of these consent notices actually violate the GDPR’s letter and not just its spirit. Still, while that might be true, violation of the GDPR’s spirit remains normative.

On privacy fundamentalism

This is a post about journalism, privacy, and the common assumption that we can’t have one without sacrificing at least some of the other, because (the assumption goes), the business model for journalism is tracking-based advertising, aka adtech.

I’ve been fighting that assumption for a long time. People vs. Adtech is a collection of 129 pieces I’ve written about it since 2008.  At the top of that collection, I explain,

I have two purposes here:

1. To replace tracking-based advertising (aka adtech) with advertising that sponsors journalism, doesn’t frack our heads for the oil of personal data, and respects personal freedom and agency.

2. To encourage journalists to grab the third rail of their own publications’ participation in adtech.

I bring that up because Farhad Manjoo (@fmanjoo) of The New York Times grabbed that third rail, in a piece titled  I Visited 47 Sites. Hundreds of Trackers Followed Me.. He grabbed it right here:

News sites were the worst

Among all the sites I visited, news sites, including The New York Times and The Washington Post, had the most tracking resources. This is partly because the sites serve more ads, which load more resources and additional trackers. But news sites often engage in more tracking than other industries, according to a study from Princeton.

Bravo.

That piece is one in a series called the  Privacy Project, which picks up where the What They Know series in The Wall Street Journal left off in 2013. (The Journal for years had a nice shortlink to that series: wsj.com/wtk. It’s gone now, but I hope they bring it back. Julia Angwin, who led the project, has her own list.)

Knowing how much I’ve been looking forward to that rail-grab, people  have been pointing me both to Farhad’s piece and a critique of it by  Ben Thompson in Stratechery, titled Privacy Fundamentalism. On Farhad’s side is the idealist’s outrage at all the tracking that’s going on, and on Ben’s side is the realist’s call for compromise. Or, in his words, trade-offs.

I’m one of those privacy fundamentalists (with a Manifesto, even), so you might say this post is my push-back on Ben’s push-back. But what I’m looking for here is not a volley of opinion. It’s to enlist help, including Ben’s, in the hard work of actually saving journalism, which requires defeating tracking-based adtech, without which we wouldn’t have most of the tracking that outrages Farhad. I explain why in Brands need to fire adtech:

Let’s be clear about all the differences between adtech and real advertising. It’s adtech that spies on people and violates their privacy. It’s adtech that’s full of fraud and a vector for malware. It’s adtech that incentivizes publications to prioritize “content generation” over journalism. It’s adtech that gives fake news a business model, because fake news is easier to produce than the real kind, and adtech will pay anybody a bounty for hauling in eyeballs.

Real advertising doesn’t do any of those things, because it’s not personal. It is aimed at populations selected by the media they choose to watch, listen to or read. To reach those people with real ads, you buy space or time on those media. You sponsor those media because those media also have brand value.

With real advertising, you have brands supporting brands.

Brands can’t sponsor media through adtech because adtech isn’t built for that. On the contrary, >adtech is built to undermine the brand value of all the media it uses, because it cares about eyeballs more than media.

Adtech is magic in this literal sense: it’s all about misdirection. You think you’re getting one thing while you’re really getting another. It’s why brands think they’re placing ads in media, while the systems they hire chase eyeballs. Since adtech systems are automated and biased toward finding the cheapest ways to hit sought-after eyeballs with ads, some ads show up on unsavory sites. And, let’s face it, even good eyeballs go to bad places.

This is why the media, the UK government, the brands, and even Google are all shocked. They all think adtech is advertising. Which makes sense: it looks like advertising and gets called advertising. But it is profoundly different in almost every other respect. I explain those differences in Separating Advertising’s Wheat and Chaff…

To fight adtech, it’s natural to look for help in the form of policy. And we already have some of that, with the GDPR, and soon the CCPA as well. But really we need the tech first. I explain why here:

In the physical world we got privacy tech and norms before we got privacy law. In the networked world we got the law first. That’s why the GDPR has caused so much confusion. It’s the regulatory cart in front of the technology horse. In the absence of privacy tech, we also failed to get the norms that would normally and naturally guide lawmaking.

So let’s get the tech horse back in front of the lawmaking cart. With the tech working, the market for personal data will be one we control. For real.

If we don’t do that first, adtech will stay in control. And we know how that movie goes, because it’s a horror show and we’re living in it now.

The tech horse is a collection of tools that provide each of us with ways both to protect our privacy and to signal to others what’s okay and what’s not okay, and to do both at scale. Browsers, for example, are a good model for that. They give each of us, as users, scale across all the websites of the world. We didn’t have that when the online world for ordinary folk was a choice of Compuserve, AOL, Prodigy and other private networks. And we don’t have it today in a networked world where providing “choices” about being tracked are the separate responsibilities of every different site we visit, each with its own ways of recording our “consents,” none of which are remembered, much less controlled, by any tool we possess. You don’t need to be a privacy fundamentalist to know that’s just fucked.

But that’s all me, and what I’m after. Let’s go to Ben’s case:

…my critique of Manjoo’s article specifically and the ongoing privacy hysteria broadly…

Let’s pause there. Concern about privacy is not hysteria. It’s a simple, legitimate, and personal. As Don Marti and and I (he first) pointed out, way back in 2015, ad blocking didn’t become the biggest boycott in world history in a vacuum. Its rise correlated with the “interactive” advertising business giving the middle finger to Do Not Track, which was never anything more than a polite request not to be followed away from a website:

Retargeting, (aka behavioral retargeting) is the most obvious evidence that you’re being tracked. (The Onion: Woman Stalked Across Eight Websites By Obsessed Shoe Advertisement.)

Likewise, people wearing clothing or locking doors are not “hysterical” about privacy. That people don’t like their naked digital selves being taken advantage of is also not hysterical.

Back to Ben…

…is not simply about definitions or philosophy. It’s about fundamental assumptions. The default state of the Internet is the endless propagation and collection of data: you have to do work to not collect data on one hand, or leave a data trail on the other.

Right. So let’s do the work. We haven’t started yet.

This is the exact opposite of how things work in the physical world: there data collection is an explicit positive action, and anonymity the default.

Good point, but does this excuse awful manners in the online world? Does it take off the table all the ways manners work well in the offline world—ways that ought to inform developments in the online world? I say no.

That is not to say that there shouldn’t be a debate about this data collection, and how it is used. Even that latter question, though, requires an appreciation of just how different the digital world is from the analog one.

Consider it appreciated. (In my own case I’ve been reveling in the wonders of networked life since the 80s. Examples of that are this, this and this.)

…the popular imagination about the danger this data collection poses, though, too often seems derived from the former [Stasi collecting highly personal information about individuals for very icky purposes] instead of the fundamentally different assumptions of the latter [Google and Facebook compiling massive amounts of data to be read by machines, mostly for non- or barely-icky purposes]. This, by extension, leads to privacy demands that exacerbate some of the Internet’s worst problems.

Such as—

• Facebook’s crackdown on API access after Cambridge Analytica has severely hampered research into the effects of social media, the spread of disinformation, etc.

True.

• Privacy legislation like GDPR has strengthened incumbents like Facebook and Google, and made it more difficult for challengers to succeed.

True.

Another bad effect of the GDPR is urging the websites of the world to throw insincere and misleading cookie notices in front of visitors, usually to extract “consent” that isn’t, to exactly what the GDPR was meant to thwart.

• Criminal networks from terrorism to child abuse can flourish on social networks, but while content can be stamped out private companies, particularly domestically, are often limited as to how proactively they can go to law enforcement; this is exacerbated once encryption enters the picture.

True.

Again, this is not to say that privacy isn’t important: it is one of many things that are important. That, though, means that online privacy in particular should not be the end-all be-all but rather one part of a difficult set of trade-offs that need to be made when it comes to dealing with this new reality that is the Internet. Being an absolutist will lead to bad policy (although encryption may be the exception that proves the rule).

It can also lead to good tech, which in turn can prevent bad policy. Or encourage good policy.

Towards Trade-offs
The point of this article is not to argue that companies like Google and Facebook are in the right, and Apple in the wrong — or, for that matter, to argue my self-interest. The truth, as is so often the case, is somewhere in the middle, in the gray.

Wearing pants so nobody can see your crotch is not gray. That an x-ray machine can see your crotch doesn’t make personal privacy gray. Wrong is wrong.

To that end, I believe the privacy debate needs to be reset around these three assumptions:
• Accept that privacy online entails trade-offs; the corollary is that an absolutist approach to privacy is a surefire way to get policy wrong.

No. We need to accept that simple and universally accepted personal and social assumptions about privacy offline (for example, having the ability to signal what’s acceptable and what is not) is a good model for online as well.

I’ll put it another way: people need pants online. This is not an absolutist position, or even a fundamentalist one. The ability to cover one’s private parts, and to signal what’s okay and what’s not okay for respecting personal privacy are simple assumptions people make in the physical world, and should be able to make in the connected one. That it hasn’t been done yet is no reason to say it can’t or shouldn’t be done. So let’s do it.

• Keep in mind that the widespread creation and spread of data is inherent to computers and the Internet,

Likewise, the widespread creation and spread of gossip is inherent to life in the physical world. But that doesn’t mean we can’t have civilized ways of dealing with it.

and that these qualities have positive as well as negative implications; be wary of what good ideas and positive outcomes are extinguished in the pursuit to stomp out the negative ones.

Tracking people everywhere so their eyes can be stabbed with “relevant” and “interest-based” advertising, in oblivity to negative externalities, is not a good idea or a positive outcome (beyond the money that’s made from it).  Let’s at least get that straight before we worry about what might be extinguished by full agency for ordinary human beings.

To be clear, I know Ben isn’t talking here about full agency for people. I’m sure he’s fine with that. He’s talking about policy in general and specifically about the GDPR. I agree with what he says about that, and roughly about this too:

• Focus policy on the physical and digital divide. Our behavior online is one thing: we both benefit from the spread of data and should in turn be more wary of those implications. Making what is offline online is quite another.

Still, that doesn’t mean we can’t use what’s offline to inform what’s online. We need to appreciate and harmonize the virtues of both—mindful that the online world is still very new, and that many of the civilized and civilizing graces of life offline are good to have online as well. Privacy among them.

Finally, before getting to the work that energizes us here at ProjectVRM (meaning all the developments we’ve been encouraging for thirteen years), I want to say one final thing about privacy: it’s a moral matter. From Oxford, via Google: “concerned with the principles of right and wrong behavior” and “holding or manifesting high principles for proper conduct.”

Tracking people without their clear invitation or a court order is simply wrong. And the fact that tracking people is normative online today doesn’t make it right.

Shoshana Zuboff’s new book, The Age of Surveillance Capitalism, does the best job I know of explaining why tracking people online became normative—and why it’s wrong. The book is thick as a brick and twice as large, but fortunately Shoshana offers an abbreviated reason in her three laws, authored more than two decades ago:

First, that everything that can be automated will be automated. Second, that everything that can be informated will be informated. And most important to us now, the third law: In the absence of countervailing restrictions and sanctions, every digital application that can be used for surveillance and control will be used for surveillance and control, irrespective of its originating intention.

I don’t believe government restrictions and sanctions are the only ways to  countervail surveillance capitalism (though uncomplicated laws such as this one might help). We need tech that gives people agency and companies better customers and consumers.  From our wiki, here’s what’s already going on. And, from our punch list, here are some exciting TBDs, including many already in the works already:

• Journalism:  Remake the whole practice of no-bullshit story-telling by making it fully relevant and driven by the very people who are not only interested, but in the best position to know and tell.
• Terms:  Make companies agree to our terms, rather than the other way around. This means making our terms easily readable and mutually beneficial, and with simple ways to resolve disputes.
• Identity: Control our own self-sovereign identities, revealing to businesses no more  than what they need to know about us, on an as-needed basis.
• Authentication: Get rid of logins and passwords. (Yes, there is already work going on here.)
• Change of address: We should be able to change our surname or our home address in the records of every organization we deal with, in one move. (Here’s one way.)
• Paying for stuff:  Pay what we want, where we want, for whatever we want, in our own ways.
• Zero knowledge commerce: See here.
• Customer service: Call for service or support in one simple and straightforward way of our own, rather than in as many ways as there are 800 numbers to call and punch numbers into a phone before we wait on hold while bad music plays.
• Loyalty:  Express loyalty in our own ways, which are genuine rather than coerced. This will make loyalty programs mean what they say.
• IoT: Design and equip the  Internet of MY Things, which each of us controls for ourselves, and in which every thing we own has its own cloud, which we control as well.
• Health and fitness: Own and control all our health and fitness records, for the good of all those who need that data, as well as our selves.
• Shared intelligence: Create a standard path for market intelligence that flows both ways, generously and with permission at both ends. This includes how products and services are used.
• Wallets: Have wallets of our own, rather than only those provided by platforms. Here’s one.
• Shopping carts: Have shopping carts of our own, which we can take from store to store and site to site online, rather than being tied to ones provided only by the stores themselves. More here.
• Truly personal mobile devices: Have personal devices of our own (such as this one) that aren’t prisoners in a corporate walled garden, or suction cups on corporate tentacles.
• VRM<—>CRM: Have real relationships with companies, based on open standards and code, rather than relationships trapped inside corporate silos.
• Learning:  Remake education around the power we all have to teach ourselves and learn from each other, liberating the inherent genius of every student.

I’m hoping Farhad, Ben, and others in a position to help can get behind those too.

A citizen-sovereign way to pay for news—or for any creative work

The Aspen Institute just published a 180-page report by the Knight Commission on Trust, Media and Democracy titled  (in all caps) CRISIS IN DEMOCRACY: RENEWING TRUST IN AMERICA. Its Call to Action concludes,
This is good. Real good.  Having  Aspen and Knight endorse personal sovereignty as a necessity for solving the crises of democracy and trust also means they endorse what we’ve been pushing forward here for more than a dozen years.

Since the report says (under Innovation, on page 73) we need to “use technology to enhance journalism’s roles in fostering democracy,” and that “news companies need to embrace technology to support their mission and achieve sustainability,” it should help to bring up the innovation we proposed in an application for a Knight News Challenge grant in 2011. This innovation was, and still is, called EmanciPay. It’s a citizen-sovereign way to pay for news, plus all forms of creative production where there is both demand and failing or absent sources of funding.

We have not only needed this for a long time, but it is for lack of it (or of any original and market-based approach to paying for creative work) that the EU is poised to further break our one Internet into four or more parts and destroy the open Web that has done so much to bring the world together and generate near-boundless forms of new wealth, inclusivity, equality, productivity and other good nouns ending in ty. The EU’s hammer for breaking the open Web is the EU Copyright Directive,  which has been under consideration and undergoing steady revision since 2016. Cory Doctorow, writing for the EFF, says The Final Version of the EU’s Copyright Directive Is the Worst One Yet. One offense (among too many to list here):

Under the final text, any online community, platform or service that has existed for three or more years, or is making €10,000,001/year or more, is responsible for ensuring that no user ever posts anything that infringes copyright, even momentarily. This is impossible, and the closest any service can come to it is spending hundreds of millions of euros to develop automated copyright filters. Those filters will subject all communications of every European to interception and arbitrary censorship if a black-box algorithm decides their text, pictures, sounds or videos are a match for a known copyrighted work. They are a gift to fraudsters and criminals, to say nothing of censors, both government and private.

There are much better ways of getting the supply and demand sides of creative markets together. EmanciPay is one of them, and deserves another airing.

Perhaps now that Knight and Aspen are cheering the citizen-sovereign bandwagon, it’s worth welcoming the fact that our original EmanciPay proposal in open source form.

So here it is, copied and pasted out of the last draft before we submitted it. Since much has changed since then (other than the original idea, which is the same as ever only more timely), I’ve added a bunch of notes at the end, and a call for action. Before reading it, please note two things: 1) we are not asking for money now (we were then, but not now); and 2) while this proposal addresses the challenge of paying for news, it applies much more broadly to all creative work.

10:00pm Monday 31 January 2011

Project Title:

EmanciPay: a user-driven system for generating revenue and managing relationships

Requested amount from Knight News Challenge

$325,000

Describe your project:

EmanciPay is the first user-driven payment system for news and information media. It is also the first system by which the consumers of media can create and participate in relationships with media — and the first system to reform the legal means by which those relationships are created and sustained.

With EmanciPay, users can easily choose to pay whatever they like, whenever they like, however they like — on their own terms and not just those controlled by the media’s supply side. EmanciPay will also provide means for building genuine two-way relationships, rather than relationships defined by each organization’s subscription and membership systems. As with Creative Commons, terms will be expressed in text and symbols that can be read easily by both software and people.

While there is no limit to payment choice options with EmanciPay, we plan to test these one at a time. The first planned trials are with Tipsy, which is being developed in alongside EmanciPay, and which also has a Knight News Challenge application. The two efforts are cooperative and coordinated.

EmanciPay belongs to a growing family of VRM (Vendor Relationship Management) tools. Both EmanciPay and VRM grew out of work in ProjectVRM, which I launched in 2006, at the start of my fellowship with Harvard’s Berkman Center for Internet & Society. In the past four years the VRM development community has grown internationally and today involves many allied noncommercial and commercial efforts. Here is the current list of VRM development projects.

How will your project improve the delivery of news and information to geographic communities?:

Two ways.

First is with a new business model. Incumbent local and regional media currently have three business models: paid delivery (subscriptions and newsstand sales), advertising, and (in the case of noncommercial media) appeals for support. All of these have well-known problems and limitations. They are also controlled in a top-down way by media organizations. By reducing friction and lowering the threshold of payment, EmanciPay will raise the number of customers while also providing direct and useful intelligence about the size and nature of demand. This supports geographic customisation of news and information goods.

Second is by providing ways for both individuals and news organizations to create and sustain relationships that go beyond “membership” (which in too many cases means little more than “we gave money”). EmanciPay will also help consumers of news participate in the news development process. Because EmanciPay is based on open source code and open standards, it can be widely adopted and adapted to meet local needs. CRM (customer relationship management) software companies, many of which supply CRM systems to media organizations, are also awaiting VRM developments. (The cover and much of this CRM Magazine are devoted to VRM.)

What unmet need does your proposal answer?:

EmanciPay meets the need for maximum freedom and flexibility in paying for news and information, and for a media business model that does not depend only on advertising, membership systems, large donors or government grants. (This last one is of special interest at a time when cutting government funding of public broadcasting is a campaign pledge by many freshly elected members of Congress.)

Right now most news and information is free of charge on the Web, even when the same goods are sold on newsstands or through cable TV subscriptions. This fact, plus cumbersome and widely varied membership, pledging and payment systems, serves to discourage payment by media users. Even the membership systems of public broadcasting stations exclude vast numbers of people who would contribute “if it was easy”. EmanciPay overcomes these problems by making it easy for consumers of news to become customers of news. It also allows users to initiate real and productive relationships with news organizations, whether or not they pay those organizations.

How is your idea new?:

Equipping individuals with their own tools for choosing what and how to pay, and for creating and maintaining relationships, is a new idea. Nearly all other sustainability ideas involve creating new intermediators or working on improving services on the supply side.

Tying sustainability to meaningful relationships (rather than just “membership” is also new). So is creating means by which individuals can assert their own “terms of service” — and match those terms with those on the supply side.

EmanciPay is also new in the scope of its ambition. Beyond creating a large new source of revenues, and scaffolding meaningful relationships between supply and demand, EmanciPay intends to remove legal frictions from the marketplace as well. What lawyers call contracts of adhesion (ones in which the dominant party is free to change what they please while the submissive party is nailed to whatever the dominant party dictates) have been pro forma on the Web since the invention of the cookie in 1995. EmanciPay is the first and only system intended to obsolete and replace these onerous “agreements” (which really aren’t).

Once in place and working, EmanciPay’s effects should exceed even those of Creative Commons, because EmanciPay addresses the demand as well as the supply side of the marketplace. And, like Creative Commons, EmanciPay does not require changes in standing law.

Finally, EmanciPay is new in the sense that it is not centralized, and does not require an intermediary. As with email (the protocols of which are open and decentralized, by design), EmanciPay supports both self-hosting and hosting in “the cloud.” It is also both low-level and flexible enough to provide base-level building material for any number of new businesses and services.

What will you have changed by the end of the project?:

First, we will have changed the habits and methods by which people pay for the media goods they receive, starting with news and information.

Second, we will have introduced relationship systems that are not controlled by the media, but driven instead by the individuals who are each at the centers of their own relationships with many different entities. Thus relationships will be user-driven and not just organization-driven.

Third, we will have created a new legal framework for agreements between buyers and sellers on the Web and in the networked world, eliminating many of the legal frictions involved in today’s e-commerce systems.

Fourth, we will have introduced to the world an intention economy, based on the actual intentions of buyers, rather than on guesswork by sellers about what customers might buy. (The latter is the familiar “attention economy” of advertising and promotion.)

Why are you the right person or team to complete this project?:

I know how to get ideas and code moving in the world. I’ve done that while running ProjectVRM for the last four years. As of today VRM tools are being developed in many places, by many programmers, in both commercial and noncommercial capacities, around the world, Those places include Boston, London, Johannesburg, Dubuque, Santiago, Belfast, Salt Lake City, Santa Barbara, Vienna, and Seattle. Much of this work has also been advanced at twice-yearly IIW (Internet Identity Workshop) events, which I co-founded in 2005 and continue to help organize.

As Senior Editor of Linux Journal, I’ve been covering open source code development since 1996, contributing to its understanding and widespread adoption. For that and related work, I received a Google-O’Reilly Open Source Award for “Best Communicator” in 2005.

I helped reform both markets and marketing as a co-author of The Cluetrain Manifesto, a business bestseller in 2000 that has since become part of the marketing canon. (As of today, Cluetrain is cited by more than 5300 other books.) I also coined Cluetrain’s most-quoted line, “Markets are conversations.”

I helped popularize blogging, a subject to which I have been contributing original thinking and writing since 1999. I also have more than 12,000 followers on Twitter.

EmanciPay is also my idea, and one I have been working on for some time. This includes collaboration with PRX and other members of the public radio community on ListenLog (the brainchild of Keith Hopper at NPR), which can be found today on the Public Radio Player, an iPhone app that has been downloaded more than 2 million times. I am also working on EmanciPay with students at MIT/CSAIL and Kings College London. The MIT/CSAIL collaboration is led by David Karger of the MIT faculty, and ties in with work he and students are doing with Haystack and Tipsy.

I’ve also contributed to other VRM development efforts — on identity and trust frameworks, on privacy assurance, on selective disclosure of personal data, and on personal data stores (PDSes), all of which will help support EmanciPay as it is deployed.

What terms best describe your project?:

Bold, original, practical, innovative and likely to succeed.

What tasks/benchmarks need to be accomplished to develop your project and by when will you complete them? (500 words)

1) Engaging of programmers at MIT and other institutions within two months.

2) Establishment of Customer Commons (similar to Creative Commons) within two months.

3) Getting EmanciPay into clinical law case study by classes at law schools, one semester after the grant money arrives.

4) Beta-level code within six months.

5) Recruitment of first-round participating media entities (journals, sites, blogs, broadcast stations — completed within six months.

6) Relationships established with PayPal, Google Checkout and other payment intermediators within six months.

7) Tipsy trials within three months after beta-level code is ready.

8) Full EmanciPay trials within six months after beta-level code is ready.

9) Research protocols completed by the time beta code is ready.

How will you measure progress?: (500 words)

1) Involvement in open source code development by programmers other than those already paid or engaged (for example, as students) for the work

2) Completion of code

3) Deployment in target software and devices

4) Cooperation by allied development .orgs and .coms

5) Adoption and use by individuals

6) Direct financial benefit for news organizations.

All are measurable. We can count programmers working on code bases, as well as patches and lines of code submitted and added. We can see completed code in downloadable and installable form in the appropriate places. We can see and document cooperation by organizations. We can count downloads and monitor activities by users (with their permission). And we can see measurable financial benefits to news and information organizations. Researching each of these will be part of the project. For example, we will need to provide on our website, or directly, descriptions of accounting methods for the organizations that will benefit directly from individual contributions.

Do you see any risk in the development of your project?: (500 words)

EmanciPay is likely to be seen as disruptive by organizations that are highly vested in existing forms of funding. One example is public broadcasting, which has relied on fund drives for decades.

There is also a fear that EmanciPay will raise the number of contributors while lowering the overall funding dollar amount spent by contributors. I don’t expect that to happen. What I do expect is for the market to decide — and for EmanciPay to provide the means. Fortunately, EmanciPay also provides means for non-monetary relationships to grow as well, which will raise the perception of value by users and customers, and the likelihood that more users will become customers.

How will people learn about what you are doing?: (500 words) remaining

We will blog about it, talk about it at conferences, tweet about it, and use every other personal and social medium to spread the word. And we will use traditional media relations as well — which shouldn’t be too hard, since we will be working to bring more income to those media.

We have a good story about an important cause. I’m good at communicating and driving stories forward, and I and have no doubt that the effort will succeed.

Is this a one-time experiment or do you think it will continue after the grant?: (500 words)

EmanciPay will continue after the grant because it will become institutionalized within the fabric of the economy, as will its allied efforts.

In addition to the Knight News Challenge, does your project rely on other revenue sources? (Choose all that apply):

[ ] Advertising
[ ] Paid Subscriptions
[ x ] Crowd-Funded
[ ] Earned Income
[ ] Syndication
[ ] Other

Here’s what happened after that.

1. Customer Commons was incorporated as a California-based 501(3)(c) nonprofit shortly after this was submitted.  (It is also currently cited in this CNN story  and this one by Fox News.) Almost entirely bootstrapped, Customer Commons has established itself as a Creative Commons-like place where model personal privacy policies and terms of engagement that individuals proffer as first parties can live. Those terms are among a number of other tools for exercising citizen sovereign powers. “CuCo” also plans, immodestly, to be a worldwide membership organization, comprised entirely of customers (possible slogan: “We’re the hundred percent”). In that capacity, it will hold events, publish, develop customer-side code that’s good for both customers and businesses (e.g. a shopping cart of your own that you can take from site to site), and lobby for policies that respect the natural sovereignty and power of customers in the digital world. After years of prep, and not much asking, Customer Commons is at last ready to accept funding, and to start scaling up. If you have money to invest in grass roots citizen-sovereign work, that’s a good place to do it.
2. Commercial publishers, including nearly all the world’s websites (or so it seems) became deeply dependent on adtech—tracking based advertising—for income. (I reviewed that history here in 2015.) We’ve been fighting that. So have governments. Both the GDPR in Europe and the California Consumer Privacy Act were called to existence by privacy abuses funded by adtech. (Seriously, without adtech, those laws wouldn’t have happened.)
3. The current VRM developments list is a large and growing one. So is our list of participants.
4. Some of the allied projects mentioned in the proposal are gone or have morphed. But some are still there, and there are many other potential collaborators.
5. Fintech has become a thing, along with blockchain, distributed ledgers and other person-driven solutions to the problem of excessive centralization.
6. The word cluetrain is now mentioned in more than 13,000 books. And, twenty years since it was first uttered, cluetrain is also tweeted almost constantly.
7. I am now editor-in-chief of Linux Journal, the first publication ready  to accept terms proffered by readers, starting with a Customer Commons one dubbed #NoStalking.

That list could go on, but it’s not what matters.

What matters is that EmanciPay was a great idea when we proposed it in the first place, and a better idea now. With the right backing, it can scale.

If you want to solve the problem of paying for news (or all of journalism), there is not a more democratic, fair, trust-causing and potentially massive idea on the table, for doing exactly that, than EmanciPay. And nobody is better potentiated to address lots of other problems and  goals laid out in that Knight Commission report. One example: An immodest proposal for the music industry.

If you’re interested, talk to me.

Good news for publishers and advertisers fearing the GDPR

The GDPR (General Data Protection Regulation) is the world’s most heavily weaponized law protecting personal privacy. It is aimed at companies that track people without asking, and its ordnance includes fines of up to 4% of worldwide revenues over the prior year.

The law’s purpose is to blow away the (mostly US-based) surveillance economy, especially tracking-based “adtech,” which supports most commercial publishing online.

The deadline for compliance is 25 May 2018, just a couple hundred days from now.

There is no shortage of compliance advice online, much of it coming from the same suppliers that talked companies into harvesting lots of the “big data” that security guru Bruce Schneier calls a toxic asset. (Go to https://www.google.com/search?q=GDPR and see whose ads come up.)

There is, however, an easy and 100% GDPR-compliant way for publishers to continue running ads and for companies to continue advertising. All the publisher needs to do is agree with this request from readers:

That request, along with its legal and machine-readable expressions, will live here:

The agreements themselves can be recorded anywhere.

There is not an easier way for publishers and advertisers to avoid getting fined by the EU for violating the GDPR. Agreeing to exactly what readers request puts both in full compliance.

Some added PR for advertisers is running what I suggest they call #Safeds. If markets are conversations (as marketers have been yakking about since  The Cluetrain Manifesto), #SafeAds will be a great GDPR conversation for everyone to have:

Here are some #SafeAds benefits that will make great talking points, especially for publishers and advertisers:

1. Unlike adtech, which tracks eyeballs off a publisher’s site and then shoot ads at those eyeballs anywhere they can be found (including the Web’s cheapest and shittiest sites), #SafeAds actually sponsor the publisher. They say “we value this publication and the readers it brings to us.”
2. Unlike adtech, #SafeAds carry no operational overhead for the publisher and no cognitive overhead for readers—because there are no worries for either party about where an ad comes from or what it’s doing behind the scenes. There’s nothing tricky about it.
3. Unlike adtech, #SafeAds carry no fraud or malware, because they can’t. They go straight from the publisher or its agency to the publication, avoiding the corrupt four-dimensional shell game adtech has become.
4. #SafeAds carry full-power creative and economic signals, which adtech can’t do at all, for the reasons just listed. It’s no coincidence that nearly every major brand you can name was made by #SafeAds, while adtech has not produced a single one. In fact adtech has an ugly history of hurting brands by annoying people with advertising that is unwelcome, icky, or both.
5. Perhaps best of all for publishers, advertisers will pay more for #SafeAds, because those ads are worth more.

#NoStalking and #SafeAds can also benefit social media platforms now in a world of wonder and hurt (example: this Zuckerberg hostage video). The easiest thing for them to do is go freemium, with little or no ads (and only safe ones on the paid side, and nothing but #SafeAds on the free side, in obedience to #NoStalking requests, whether expressed or not.

If you’re a publisher, an advertiser, a developer, an exile from the adtech world, or anybody else who wants to help out, talk to us. That deadline is a hard one, and it’s coming fast.

VRM Day: Starting Phase Two

VRM Day is today, 24 October, at the Computer History Museum. IIW follows, over the next three days at the same place. (The original version of this post was October 17.)

We’ve been doing VRM Days since (let’s see…) this one in 2013, and VRM events since this one in 2007. Coming on our tenth anniversary, this is our last in Phase One.

The difference between Phase One and Phase Two is that between rocks and snowballs. In Phase One we played Sisyphus, pushing a rock uphill. In Phase Two we roll snowballs downhill.

Phase One was about getting us to the point where VRM was accepted by many as a thing bound to happen. This has taken ten years, but we are there.

Phase Two is about making it happen, by betting our energies on ideas and work that starts rolling downhill and gaining size and momentum.

Some of that work is already rolling. Some is poised to start. Both kinds will be on the table at VRM Day. Here are ones currently on the agenda:

• VRM + CRM via JLINC. See At last: a protocol to link VRM and CRM. , and The new frontier for CRM is CDL: customer driven leads. This is a one form of intentcasting that should be enormously appealing to CRM companies and their B2B corporate customers. Speaking of which, we also have—
• Big companies welcoming VRM.  Leading this is Fing, a French think tank that brings together many of the country’s largest companies, both to welcome VRM and to research (e.g. through Mesinfos) how the future might play out. Sarah Medjek of Fing will present that work, and lead discussion of where it will head next. We will also get a chance to participate in that research by providing her with our own use cases for VRM. (We’ll take out a few minutes to each fill out an online form.)
• Terms individuals assert in dealings with companies. These are required for countless purposes. Mary Hodder will lead discussion of terms currently being developed at Customer Commons and the CISWG / Kantara User Submitted Terms working group (Consent and Information Sharing Working Group). Among other things, this leads to—
• Next steps in tracking protection and ad blocking. At the last VRM Day and IIW, we discussed CHEDDAR on the server side and #NoStalking on the individual’s side. There are now huge opportunities with both, especially if we can normalize #NoStalking terms for all tracking protection and ad blocking tools.  To prep for this, see  Why #NoStalking is a good deal for publishers, where you’ll find the image on the right, copied from the whiteboard on VRM Day.
• Blockchain, Identity and VRM. Read what Phil Windley has been writing lately distributed ledgers (e.g. blockchain) and what they bring to the identity discussions that have been happening for 22 IIWs, so far. There are many relevancies to VRM.
• Personal data. This was the main topic at two recent big events in Europe: MyData2016 in Helsinki and PIE (peronal information economy) 2016 in London.  The long-standing anchor for discussions and work on the topic at VRM Day and IIW is PDEC (Personal Data Ecosystem Consortium). Dean Landsman of PDEC will keep that conversational ball rolling. Adrian Gropper will also brief us on recent developments around personal health data as well.
• Hacks on the financial system. Kevin Cox can’t make it, but wants me to share what he would have presented. Three links: 1) a one minute video that shows why the financial system is so expensive, 2) part of a blog post respecting his local Water Authority and newly elected government., and 3) an explanation of the idea of how we can build low-cost systems of interacting agents. He adds, “Note the progression from location, to address, to identity, to money, to housing.  They are all ‘the same’.” We will also look at how small business and individuals have more in common than either do with big business. With a hint toward that, see what Xero (the very hot small business accounting software company) says here.
• What ProjectVRM becomes. We’ve been a Berkman-Klein Center project from the start. We’ve already spun off Customer Commons. Inevitably, ProjectVRM will itself be spun off, or evolve in some TBD way. We need to co-think and co-plan how that will go. It will certainly live on in the DNA of VRM and VRooMy work of many kinds. How and where it lives on organizationally is an open question we’ll need to answer.

Here is a straw man context for all of those and more.

• Top Level: Tools for people. These are ones which, in legal terms, give individuals power as first parties. In mathematical terms, they make us independent variables, rather than dependent ones. Our focus from the start has been independence and engagement.
  • VRM in the literal sense: whatever engages companies’ CRM or equivalent systems.
  • Intentcasting.
  • PIMS—Personal Information Management Systems. Goes by many names: personal clouds, personal data stores, life management platforms and so on. Ctrl-Shift has done a good job of branding PIMS, however. We should all just go with that.
  • Privacy tools. Such as those provided by tracking protection (and tracking-protective ad blocking).
  • Legal tools. Such as the terms Customer Commons and the CISWG are working on.
  • UI elements. Such as the r-button.
  • Transaction & payment systems. Such as EmanciPay.

Those overlap to some degree. For example, a PIMS app and data store can do all that stuff. But we do need to pull the concerns and categories apart as much as we can, just so we can talk about them.

Kaliya will facilitate VRM Day. She and I are still working on the agenda. Let us know what you’d like to add to the list above, and we’ll do what we can. (At IIW, you’ll do it, because it’s an unconference. That’s where all the topics are provided by participants.)

Again, register here. And see you there.

 

Save

Save

Save

Save

Is Facebook working on a VRM system? Or just another way to do ads?

It’s easy to get caught up in news that WhatsApp is starting to accept advertising (after they said they would never do that), and miss the deeper point of what’s really going on: Facebook setting up a new bot-based channel through which companies and customers can communicate. Like this:

The word balloon is Facebook Messenger. But it could be WhatsApp too. From a VRM perspective, what matters is whether or not “Messenger bots” work as VRM tools, meaning they obey the individual user’s commands (and not just those of Facebook’s corporate customers). We don’t know yet. Hence the question mark.

But before we get to exploring the possibilities here (which could be immense), we need to visit and dismiss the main distractions.

Those start with Why we don’t sell ads, posted on the WhatsApp blog on 18 June 2012. Here are the money grafs from that one:

We knew we could do what most people aim to do every day: avoid ads.
No one wakes up excited to see more advertising, no one goes to sleep thinking about the ads they’ll see tomorrow. We know people go to sleep excited about who they chatted with that day (and disappointed about who they didn’t). We want WhatsApp to be the product that keeps you awake… and that you reach for in the morning. No one jumps up from a nap and runs to see an advertisement.

Advertising isn’t just the disruption of aesthetics, the insults to your intelligence and the interruption of your train of thought. At every company that sells ads, a significant portion of their engineering team spends their day tuning data mining, writing better code to collect all your personal data, upgrading the servers that hold all the data and making sure it’s all being logged and collated and sliced and packaged and shipped out… And at the end of the day the result of it all is a slightly different advertising banner in your browser or on your mobile screen.

Remember, when advertising is involved you the user are the product.

Great stuff. But that was then and this is now. In WhatsApp’s latest post, Looking Ahead for WhatsApp (25 August), we have the about-face:

But by coordinating more with Facebook, we’ll be able to do things like track basic metrics about how often people use our services and better fight spam on WhatsApp. And by connecting your phone number with Facebook’s systems, Facebook can offer better friend suggestions and show you more relevant ads if you have an account with them. For example, you might see an ad from a company you already work with, rather than one from someone you’ve never heard of. You can learn more, including how to control the use of your data, here.

Pretty yucky, huh?

Earlier in the same post, however, WhatsApp says,

we want to explore ways for you to communicate with businesses that matter to you too

Interesting: Mark Zuckerberg said the same thing when he introduced messenger bots, back in April. In the video at that link, Zuck said,

Now that Messenger has scaled, we’re starting to develop ecosystems around it. And the first thing we’re doing is exploring how you can all communicate with businesses.

You probably interact with dozens of businesses every day. And some of them are probably really meaningful to you. But I’ve never met anyone who likes calling a business. And no one wants to have to install a new app for every service or business they want to interact with. So we think there’s gotta be a better way to do this.

We think you should be able to message a business the same way you message a friend. You should get a quick response, and it shouldn’t take your full attention, like a phone call would. And you shouldn’t have to install a new app.

Note the similarities in the set-up:

1. Zuck:  “how you can all communicate with business.”
2. WhatsApp: “explore ways for you to communicate with businesses.”

This is, or should be, pure VRM:  a way for a customer to issue a service request, or to intentcast for bids on a new washing machine or a car. In other words, what they seem to be talking about here is a new communication channel between customers and businesses that can relieve  the typical pains of being a customer while also opening the floodgates of demand notifying supply when it’s ready to buy. Back to Zuck:

So today we’re launching Messenger Platform. So you can build bots for Messenger.

By “you” Zuck means the developers he was addressing that day. I assume these were developers working for businesses that avoid customer contact and would rather have robots take over everything possible, because that’s the norm these days. But I could be wrong. He continues,

And it’s a simple platform, powered by artificial intelligence, so you can build natural language services to communicate directly with people. So let’s take a look.

CNN, for example, is going to be able to send you a daily digest of stories, right into messenger. And the more you use it, the more personalized it will get. And if you want to learn more about a specific topic, say a Supreme Court nomination or the zika virus, you just send a message and it will send you that information.

The antecedents of “you” move around here. Could be he’s misdirecting attention away from surveillance. Can’t tell. But it is clear that he’s looking past advertising alone as a way to make money.

Back to the WhatsApp post:

Whether it’s hearing from your bank about a potentially fraudulent transaction, or getting notified by an airline about a delayed flight, many of us get this information elsewhere, including in text messages and phone calls.

This also echoes what Zuck said in April. In both cases it’s about companies communicating with you, not about you communicating with companies. Would bots work both ways?

In “‘Bot’ is the wrong name…and why people who think it’s silly are wrong”, Aaron Batalion says all kinds of functionality now found only in apps will move to bots—Messenger’s in particular. “In a micro app world, you build one experience on the Facebook platform and reach 1B people.”

How about building a one-experience bot so 1B people can reach businesses the same way?

Imagine, for example, that you can notify every company you deal with that your last name has changed, or you’ve replaced a credit card. It would be great to do that in one move. It would also be VRM 101. But, almost ten years into our project, nobody has built that yet. Is Facebook doing it?

Frankly, I hope not, because I don’t want to see VRM trapped inside a giant silo.

That’s why I just put up Market intelligence that flows both ways, over in Medium. (It’s a much-updated version of a post I put up here several years ago.)

In that post I describe a much better approach, based on open source code, that doesn’t require locating your soul inside a large company for which, as WhatsApp put it four years ago, you’re the product.

Here’s a diagram that shows how one person (myself, in this case) can relate to a company whose moccasins he owns:

The moccasins have their own pico: a cloud on the Net for a thing in the physical world. For VRM and CRM purposes, this one is a relationship conduit between customer and company.

A pico of this type comes in to being when the customer assigns the QR code to the moccasins and scans it. The customer and company can then share records about the product, or notify the other party when there’s a problem, a bargain on a new pair, or whatever. It’s tabula rasa: wide open.

The current code for this is called Wrangler. It’s open source and in Github. For the curious, Phil Windley explains how picos work in Reactive Programming With Picos.

I’ll continue on this theme in the next post. Meanwhile, my main purpose with this one is to borrow interest in where Facebook is going (if I’m guessing right) with Messenger bots, and do it one better in the open and un-silo’d world, while we still have one to hack.

 

 

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save