IoT & IoM next week at IIW

(This post was updated and given a new headline on 20 April 2016.)

In  The Compuserve of Things, Phil Windley issues this call to action:

On the Net today we face a choice between freedom and captivity, independence and dependence. How we build the Internet of Things has far-reaching consequences for the humans who will use—or be used by—it. Will we push forward, connecting things using forests of silos that are reminiscent the online services of the 1980’s, or will we learn the lessons of the Internet and build a true Internet of Things?

In other words, an Internet of Me (#IoM) and My Things. Meaning things we own that belong to us, under our control, and not puppeted by giant companies using them to snarf up data about our lives. Which is the  #IoT status quo today.

A great place to work on that is  IIW— the Internet Identity Workshop , which takes place next Tuesday-Thursday, April 26-28,  at the Computer History Museum in Silicon Valley. Phil and I co-organize it with Kaliya Hamlin.

To be discussed, among other things, is personal privacy, secured in distributed and crypto-secured sovereign personal spaces on your personal devices. Possibly using blockchains, or approaches like it.

So here is a list of some topics, code bases and approaches I’d love to see pushed forward at IIW:

• OneName is “blockchain identity.”
• Blockstack is a “decentralized DNS for blockchain applications” that “gives you fast, secure, and easy-to-use DNS, PKI, and identity management on the blockchain.” More: “When you run a Blockstack node, you join this network, which is more secure by design than traditional DNS systems and identity systems. This  is because the system’s registry and its records are secured by an underlying blockchain, which is extremely resilient against tampering and control. In the registry that makes up Blockstack, each of the names has an owner, represented by a cryptographic keypair, and is associated with instructions for how DNS resolvers and other software should resolve the name.” Here’s the academic paper explaining it.
• The Blockstack Community is “a group of blockchain companies and nonprofits coming together to define and develop a set of software protocols and tools to serve as a common backend for blockchain-powered decentralized applications.” Pull quote: “For example, a developer could use Blockstack to develop a new web architecture which uses Blockstack to host and name websites, decentralizing web publishing and circumventing the traditional DNS and web hosting systems. Similarly, an application could be developed which uses Blockstack to host media files and provide a way to tag them with attribution information so they’re easy to find and link together, creating a decentralized alternative to popular video streaming or image sharing websites. These examples help to demonstrate the powerful potential of Blockstack to fundamentally change the way modern applications are built by removing the need for a “trusted third party” to host applications, and by giving users more control.” More here.
• IPFS (short for InterPlanetary File System) is a “peer to peer hypermedia protocol” that “enables the creation of completely distributed applications.”
• OpenBazaar is “an open peer to peer marketplace.” How it works: “you download and install a program on your computer that directly connects you to other people looking to buy and sell goods and services with you.” More here and here.
• Mediachain, from Mine, has this goal: “to unbundle identity & distribution.” More here and here.
• telehash is “a lightweight interoperable protocol with strong encryption to enable mesh networking across multiple transports and platforms,” from @Jeremie Miller and other friends who gave us jabber/xmpp.
• Etherium is “a decentralized platform that runs smart contracts: applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference.”
• Keybase is a way to “get a public key, safely, starting just with someone’s social media username(s).”
• ____________ (your project here — tell me by mail or in the comments and I’ll add it)

In tweet-speak, that would be @BlockstackOrg, @IPFS, @OpenBazaar, @OneName, @Telehash, @Mine_Labs #Mediachain, and @IBMIVB #ADEPT

On the big company side, dig what IBM’s Institute for Business Value  is doing with “empowering the edge.” While you’re there, download Empowering the edge: Practical insights on a decentralized Internet of Things. Also go to Device Democracy: Saving the Future of the Internet of Things — and then download the paper by the same name, which includes this graphic here:

Put personal autonomy in that top triangle and you’ll have a fine model for VRM development as well. (It’s also nice to see Why we need first person technologies on the Net , published here in 2014, sourced in that same paper.)

Ideally, we would have people from all the projects above at IIW. For those not already familiar with it, IIW is a three-day unconference, meaning it’s all breakouts, with topics chosen by participants, entirely for the purpose of getting like-minded do-ers together to move their work forward. IIW has been doing that for many causes and projects since the first one, in 2005.

Register for IIW here: https://iiw22.eventbrite.com/.

Also register, if you can, for VRM Day: https://vrmday2016a.eventbrite.com/. That’s when we prep for the next three days at IIW. The main focus for this VRM Day is here.

Bonus link: David Siegel‘s Decentralization.

 

 

 

Apple HealthKit and VRM

With iOS8, Apple is releasing a pile of new capabilities for developers, such as HomeKit, CarPlay, Family Sharing and HealthKit. These don’t just bring new stuff to your iPhone and iPad. Start digging and you see a framework for personal control of one’s interactions in the world: one that moves Apple away from the norms set by Google, Yahoo, Facebook and other companies that make most of their money in the advertising business.  Explains Greg Lloyd,

Google, Yahoo and others gather correlate, analyze and use personal identity metadata including your location, search history, browsing history to monetize for their own purposes or to sell to others. I believe Apple is trying to build a counter story on security using identity and services encapsulated in devices you own. In addition to continuity, examples include OS8 MAC address randomization for WiFi localization privacy and hardware partitioned storage of iOS fingerprint data.

The italics are mine. Our devices — phones in particular — are becoming extensions of our selves: as personal as our chothes, wallets and keys. They bring new ways for us to engage with people, organizations and other things in the world. There is enormous room for growth in personal empowerment with these devices, especially if those devices are fully ours, and not the hands of advertising companies in our pockets.

Apple, one hopes, aims mainly to enhance our agency — our capacity to act with effect in the world — through our mobile devices. And they have an important advantage, beyond their gigantic size and influence: we pay them. We don’t pay Google, Facebook and Yahoo for most of what we get from them. Advertisers do.

Haydn Shaughnessy unpacks the difference in The Revolution Hidden In The Apple Health Kit :

When you do business with Google, as a consumer, you strike a deal. In return for free search you get ads and for those ads you agree to your data being collected, stored and sold on. The way Apple sees business up ahead, when you use an Apple health service, Apple manages data for you, on your terms. That is a revolution.

So, as I’ve been digging thorugh the scant literature on Healthkit and Apple’s new Health app, I’ve looked for ways they line up with VRM principles, goals and tool requirements. Here’s what I see (√ is yes, ? is don’t know. x is no — but I don’t see any of those yet):

VRM Principles

√ Customers must enter relationships with vendors as independent actors
√ Customers must be the points of integration for their own data
√ Customers must have control of data they generate and gather. This means they must be able to share data selectively and voluntarily.
? Customers must be able to assert their own terms of engagement.
√* Customers must be free to express their demands and intentions outside of any one company’s control.

VRM Goals

√ Provide tools for individuals to manage relationships with organizations.
√ Make individuals the collection centers for their own data, so that transaction histories, health records, membership details, service contracts, and other forms of personal data are no longer scattered throughout a forest of silos.
√ Give individuals the ability to share data selectively, without disclosing more personal information than the individual allows.
√ Give individuals the ability to control how their data is used by others, and for how long. At the individual’s discretion, this may include agreements requiring others to delete the individual’s data when the relationship ends.
? Give individuals the ability to assert their own terms of service, reducing or eliminating the need for organization-written terms of service that nobody reads and everybody has to “accept” anyway.
? Give individuals means for expressing demand in the open market, outside any organizational silo, without disclosing any unnecessary personal information.
? Make individuals platforms for business by opening the market to many kinds of third party services that serve buyers as well as sellers
? Base relationship-managing tools on open standards and open APIs (application program interfaces).

VRM Tools:

√* VRM tools are personal. As with hammers, wallets, cars and mobile phones, people use them as individuals,. They are social only in secondary ways.
? VRM tools help customers express intent. These include preferences, policies, terms and means of engagement, authorizations, requests and anything else that’s possible in a free market, outside any one vendor’s silo or ranch.
√ VRM tools help customers engage. This can be with each other, or with any organization, including (and especially) its CRM system.
√ VRM tools help customers manage. This includes both their own data and systems and their relationships with other entities, and their systems.
√* VRM tools are substitutable. This means no source of VRM tools can lock users in.

That’s a wishful reading, and conditional in many ways. The *, for example, means “within Apple’s walled garden,” which may not be substitutable. Greg thinks this isn’t a problem:

…many people value a safer, more consistent, curated, and delightfully designed user experience to a toolkit… I want my personal information and keys to access heath, home, car, family information stored in a walled garden in a device I own, with gated access looking in for Apps I authorize, and freedom to search, link and use anything looking out. Apple appears to be develop its stack top down, starting from a vision of a seamless user experience that just works, giving developers the extensions they need to innovate and prosper.

As a guy who favors free software and open source, I agree to the extent that I think the best we can get at this stage is a company with the heft of an Apple stepping and doing some Right Things. If we’re lucky, we’ll get what Brian Behlendorf calls “minimum viable centralization.” And maximum personal empowerment. Eventually.

I am also made hopeful by some of the other stuff I’m seeing. For example, Haydn quotes this from @PaulMadsen of Ping Identity (both of which are old friends of VRM):

Apple is positioning its Health app as the point of aggregation for all the user’s different health data, and Health Kit the development platform to enable that integration.

In this I hear echoed (or at least validated) Joe Andrieu‘s landmark post, VRM — The User as a Point of Integration.

I also think Apple is the only company today that in a position to lead in that direction. Microsoft might have been able to do it when they dominated the desktop world, but those days are long gone. Our main devices are now mobile ones, where Apple has a huge share and great influence.

Apple is also working with Epic Systems (the largest B2B tech provider to the health care business) and the Mayo Clinic (the “first and largest integrated nonprofit medical group practice in the world”). Out of the gate this has enormous promise for bringing health care systems into alignment with the individual, and for providing foundations for real VRM+CRM connections.

Of course we’ll know a lot more once iOS 8 gets here.

Meanwhile, some questions.

• Can data gathered in the Health app easily flowed out into one’s non-Apple personal cloud or data store, and then flowed into the health care system of the individual’s choice?
• In more concrete terms, would a UK citizen with integrated data in her Health app be able to flow that data into her Mydex personal data store, and from there into the National Health Service?  I don’t know, but I hope Mydex, Paoga, Ctrl-Shift and other players in the UK can find out soon, if they don’t know already.
• Likewise, for the U.S., I would like to know if data can flow, at the individual’s control, back and forth from one’s Personal data vault or one’s Bosonweb or Emmett personal cloud and one’s Apple-hosted health data cloud (or a self-hosted one connected to one’s Apple cloud. And if data can easily flow from those to doctors and other health care providers. In Personal’s case, I’d like to know if data can flow through the Fill It app, which would be a handy thing.
• For Australia and New Zealand, I’d like to know if the same thing can be done for individuals from their MyWave, Welcomer, Geddup or Onexus personal clouds. I’d also like to know if data in the Health app can be viewed and used through, for example, Meeco‘s app. And what are the opportunities for any of those companies, plus 4th Party, Flamingo and other players, to participate in an ecosystem that has any and all of the companies just mentioned, plus Medicare (the Australian national health service, not to be confused with the American one just for persons 65+)?
• Same questions go for Qiy in the Netherlands, CozyCloud in France, and many other VRooMy developers in other places. And what’s the play for the Respect Network, which brings consistencies to what many of the developers listed above bring to the market?

In all cases the unanswered question is whether or not your health data is locked inside Apple’s Health app. Apple says no: “With HealthKit, developers can make their apps even more useful by allowing them to access your health data, too. And you choose what you want shared. For example, you can allow the data from your blood pressure app to be automatically shared with your doctor. Or allow your nutrition app to tell your fitness apps how many calories you consume each day. When your health and fitness apps work together, they become more powerful. And you might, too.”

Sounds VRooMy to me. But we’ll see.

 

Prepping for #VRM Day and #IIW

The 16th IIW (Internet Identity Workshop) is coming up, Tuesday to Thursday, 7-9 May, will be tat the Computer History Museum in Mountain View, CA. As usual, VRM will be a main topic, with lots of developers and other interested folk participating. Also as usual, we will have a VRM planning day on the Monday preceding: 6 May, also at the CHM. So that’s four straight days during which we’ll get to present, whiteboard, discuss and move forward the many projects we’re working on. From the top of my head at the moment:

• Personal Clouds, including —
  • The Internet of Me and My Things
  • QS (Quantified Self) and Self-Hacking
• Fully personal wallets, rather than branded ones that work only with payment silos and their partners
• Intentcasting — where customers advertise their purchase intentions in a secure, private and trusted way, outside of any vendor’s silo
• Browser add-ons, extensions, related developments
• Licensing issues
• Sovereign and administrative identity approaches, including Persona, formerly BrowserID, from Mozilla
• Legal issues, such as creating terms and policies that individuals assert
• Tracking and ad blocking, and harmonizing methods and experiences
• Health Care VRM
• Devices, such as the freedom box
• VRM inSovereign vs./+ Administrative identities
  • Real estate
  • Banking (including credit cards, payments, transactions)
  • Retail
• Personal data pain points, e.g. filling out forms
• Trust networks
• Harnessing adtech science and methods for customers, rather than only for vendors

The morning will be devoted to VRM issues, while the afternoon will concentrate on personal clouds.

We still have eight tickets left here. There is no charge to attend.

In the next few days here on the blog we’ll be going over some of the topics above. Input welcome.

 

The VRM perspective

The VRM perspective is independence.

This isn’t new. In fact, it’s as old as the Net. It is also nearly forgotten. Billions have never experienced it.

When the Net first came into common use, in 1995, independence was what anybody felt who started up a browser and surfed from place to place, or who built a site on a domain of one’s own, with its own name and email addresses.

To do anything substantive on the Net today, we use personalized services that require us to live inside corporate walled gardens. We have these with Google apps and Drive, Apple’s iCloud, and “social” systems such as Facebook and Twitter. Adobe and Microsoft are also now pushing hard for us to rent software as a service (SaaS), so we no longer own and run software for ourselves on our own machines.

Bruce Schneier compares today’s walled gardens to castles in a feudal system. We are vassals within these systems. Our job with VRM is not to fight these systems, but to equip individuals with their own tools of independence and engagement: to make them the points of integration for their own data, and of origination for what gets done with it.

To cease being vassals requires that we possess full agency: the power to act, with effect. We cannot do that without tools that are ours alone. Just as our bodies and souls are ours alone, yet also work in human society, we need tools that are ours alone, yet also work in the world of connections that comprises the Net.

To operate with full agency we need a full box of VRM tools — plus two other things. One is substitutability of the services we engage. The other is freedom of contract.

Substitutability means we have a choice, say, of intentcasting services, of quantified self gizmos and service providers, of health care data and service providers, and of trust networks and personal cloud service providers — just as we have a choice today among email service providers, including the choice to host our own email.

Freedom of contract means we don’t always have to subordinate our power and will to dominant parties in calf-cow ceremonies (e.g. clicking “accept” to one-sided terms we don’t read because there’s no point to it). We can design automated processes by which both parties come to mutually respectful agreements, just as we have with handshake agreements in the physical world.

Both of these virtues need to be design principles for VRM developers. If they are, we can save the Net by empowering ourselves.

 

VRM development work

I’ll be having a brown bag lunch today with a group of developers, talking about VRM and personal clouds, among other stuff that’s sure to come up. To make that easier, I’ve copied and pasted the current list from the VRM developers page of the ProjectVRM wiki. If you’d like to improve it in any way, please do — either on the wiki itself, or by letting us know what to change.

While there are entire categories that fit in the larger VRM circle — quantified self (QS) and personal health records (PHRs) are two that often come up — we’ve tried to confine this list to projects and companies that directly address the goals (as well as the principles) listed on the main page of the wiki.

---

Here is a partial list of VRM development efforts. (See About VRM). Some are organizations, some are commercial entities, some are standing open source code development efforts.

SOFTWARE and SERVICES

Intentcasting

AskForIt † – individual demand aggregation and advocacy

Body Shop Bids † – intentcasting for auto body work bids based on uploaded photos

Have to Have † – “A single destination to store and share everything you want online”

Intently † – Intentcasting “shouts” for services, in the U.K.

Innotribe Funding the Digital Asset Grid prototype, for secure and accountable Intentcasting infrastructure

OffersByMe † – intentcasting for local offers

Prizzm †- social CRM platform rewarding customers for telling businesses what they want, what they like, and what they have problems with

RedBeacon † – intentcasting locally for home services

Thumbtack † – service for finding trustworthy local service providers

Trovi intentcasting; matching searchers and vendors in Portland, OR and Chandler, AZ†

Übokia intentcasting†

Zaarly † intentcasting to community – local so far in SF and NYC

Browser Extensions

Abine † DNT+, deleteme, PrivacyWatch: privacy-protecting browser extentions

Collusion Firefox add-on for viewing third parties tracking your movements

Disconnect.me † browser extentions to stop unwanted tracking, control data sharing

Ghostery † browser extension for tracking the trackers

PrivacyScore † browser extensions and services to users and site builders for keeping track of trackers

Databases

InfoGrid – graph database for personal networking applications

ProjectDanube – open source software for identity and personal data services

Messaging Services and Brokers

Gliph †- private, secure identity management and messaging for smartphones

Insidr † – customer service Q&A site connecting to people who have worked in big companies and are willing to help when the company can’t or won’t

PingUp (was Getabl) †- chat utility for customers to engage with merchants the instant customers are looking for something

TrustFabric † – service for managing relationships with sellers

Personal Data and Relationship Management

Azigo.com † – personal data, personal agent

ComplainApp † – An iOS/Android app to “submit complaints to businesses instantly – and find people with similar complaints”

Connect.Me † – peer-to-peer reputation, personal agent

Geddup.com † – personal data and relationship management

Higgins – open source, personal data

The Locker Project – open source, personal data

Mydex †- personal data stores and other services

OneCub †- Le compte unique pour vos inscriptions en ligne (single account for online registration)

Paoga † – personal data, personal agent

Personal.com † – personal data storage, personal agent

Personal Clouds – personal cloud wiki

Privowny † – privacy company for protecting personal identities and for tracking use and abuse of those identities, building relationships

QIY † – independent infrastructure for managing personal data and relationships

Singly † – personal data storage and platform for development, with an API

Transaction Management

Dashlane † – simplified login and checkout

Trust-Based or -Providing Systems and Services

id3 – trust frameworks

Respect Network † – VRM personal cloud network based on OAuth, XDI, KRL, unhosted, and other open standards, open source, and open data initiatives. Respect Network is the parent of Connect.Me.

Trust.cc Personal social graph based fraud prevention, affiliated with Social Islands

SERVICE PROVIDERS OR PROJECTS BUILT ON VRM PRINCIPLES

First Retail Inc. † commodity infrastructure for bi-directional marketplaces to enable the Personal RFP

dotui.com † intelligent media solutions for retail and hospitality customers

Edentiti Customer driven verification of idenity

Real Estate Cafe † money-saving services for DIY homebuyers & FSBOs

Hover.com Customer-driven domain management†

Hypothes.is – open source, peer review

MyInfo.cl (Transitioning from VRM.cl) †

Neustar “Cooperation through trusted connections” †

NewGov.us – GRM

[1] † – Service for controlling one’s reputation online

Spotflux † malware, tracking, unwanted ad filtration through an encrypted tunnel

SwitchBook † – personal search

Tangled Web † – mobile, P2P & PDS

The Banyan Project– community news co-ops owned by reader/members

TiddlyWiki – a reusable non-linear personal Web notebook

Ting † – customer-driven mobile virtual network operator (MVNO – a cell phone company)

Tucows †

VirtualZero – Open food platform, supply chain transparency

INFRASTRUCTURE

Concepts

EmanciPay – dev project for customer-driven payment choices

GRM: Government Relationship Management – subcategory of VRM

ListenLog – personal data logging

Personal RFP – crowdsourcing, standards

R-button – UI elements for relationship members

Hardware

Freedom Box – personal server on free software and hardware

Precipitat, WebBox – new architecture for decentralizing the Web, little server

Standards, Frameworks, Code bases and Protocols

Datownia † – builds APIs from Excel spreadsheets held in Dropbox

Evented APIs – new standard for live web interactivity

KRL (Kinetic Rules Language) – personal event networks, personal rulesets, programming Live Web interactions

Kynetx † – personal event networks, personal rulesets

https://github.com/CSEMike/OneSwarm Oneswarm] – privacy protecting peer-to-peer data sharing

http://www.mozilla.org/en-US/persona/ Mozila Persona] – a privacy-protecting one-click email-based way to do single sign on at websites

TAS3.eu — Trusted Architecture for Securely Shared Services – R&D toward a trusted architecture and set of adaptive security services for individuals

Telehash – standards, personal data protocols

Tent – open decentralized protocol for personal autonomy and social networking

The Mine! Project – personal data, personal agent

UMA – standards

webfinger – personal Web discovery, finger over HTTP

XDI – OASIS semantic data interchange standard

PEOPLE

Analysts and Consultants

Ctrl-SHIFT † – analysts

Synergetics † – VRM for job markets

VRM Labs – Research

HealthURL – Medical

Consortia, Workgroups

Fing.org – VRM fostering organization

Information Sharing Workgroup at Kantara – legal agreements, trust frameworks

Pegasus – eID smart cards

Personal Data Ecosystem Consortium (PDEC) – industry collaborative

Meetups, Conferences, and Events

IIW: Internet Identity Workshop – yearly unconference in Mountain View

VRM Hub – meeting in LondonNOTES: † Indicates companies. Others are organizations, development projects or both. Some development projects are affiliated with companies. (e.g. Telehash and The Locker Project with Singly, and KRL with Kynetx.) A – creating standard B – Using other standards 1 – EventedAPI

Toward a matrix of APIs

At  the 2006 O’Reilly Emerging Technology conference, Cal Henderson, then of Flickr, gave a long session called “Launching and scaling new Web services.” As I recall, among the many things he explained well were some principles behind the Flickr API. One of those principles was user access to data. The API should be one that allowed the user to haul all of her data out of the system, even if it was to federate that data into a competing system. That’s because Flickr believed that user data is the user’s first, and not just the company’s. Another principle was keeping the API stable, so as not to disrupt users and other services that depended on the API.

Cal left Flickr a couple years after that, but Flickr’s API remains a model of stability and utility — so much so that Dave Winer this morning suggested it be declared a national treasure.

Many of us depend in large ways to the APIs of companies great and small — and more get added to that collection every day. For a good picture of what’s going on with APIs, check out ProgrammableWeb.com. Between Dave’s respect for durable APIs like Flickr’s, and ProgrammableWeb’s roster of current and future dependencies, we start to see a matrix of APIs that Craig Burton compares to a city filled with buildings and relationships. Each API provider, like each building, exposes the provider’s core competencies in ways that can be engaged.

But what happens when we each have our own APIs — when our own core competencies become exposed in ways that can be engaged? And when we start managing our lives through relationships between our APIs and those in the rest of the world — especially in ways that are live and full-duplex (two ways at the same time, like a phone call)? And where each of us, or a trusted agent, can do the required IF, THEN, OR and other programming logic, between our own personal clouds and the clouds of others? What will we have then?

There is lots of blogging out loud about this, about both the downsides of dependency (as both Phil Windley and I have, toward Flickr in particular). But I think the upside deserves more than equal consideration, especially as companies begin to realize the importance of direct and engaged relationships with customers and users, which is what we’ll have when VRM and CRM (along with allied functions on both sides) fully engage. The result, I believe, will be a matrix of useful dependencies, based on APIs everywhere, thick with accountability and responsibility. The result will be far more opportunity, and boundless positive economic and social externalities based on the Net’s and the Web’s founding virtues. What will end, or at least be obsoleted, are Matrix-like worlds where users and customers are held captive.

Thus our goal for VRM: to prove that free customers are more valuable than captive ones — both to themselves and to everyone and everything else with which they engage.

 

 

Driving VRM with car data and APIs

Go read OnStar gives Volt owners what they want: their data, in the cloud, by Sean Gallagher, in Ars Technica. It’s a VRM story. The vendor is Chevrolet, the vended product is the Volt, and the relationship management is a DIY hack by one customer. The story begins,

You probably don’t think of your car as a developer platform, but Mike Rosack did. A few days after buying his Chevy Volt, Rosack started slowly mining his driving data. But he eventually revved up his efforts and created a community platform for drivers to track their own efficiency. Today more than 1,800 Volt owners compare stats with each other, jockeying for position on Rosack’s Volt Stats leader board.

The Volt uses OnStar, a GM subsidiary known through its advertising for providing a way for drivers to call for roadside assistance; but which is actually a sophisticated cell-based data system through which cars communicate constantly with the mother ship’s cloud. While OnStar generously shares data back to customers through an app called RemoteLink, much more can be done with it, since it’s data and comes out through an API. Now here is where the story gets VRooMy:

Rosack initially wanted to do more with his own driving data than just view it on his phone. So he built what eventually became Volt Stats to capture this data, then started sharing it with other Volt owners. There was just one small problem: Volt Stats relied on Rosack’s reverse engineering of an interface for OnStar’s RemoteLink mobile application (iOS and Android). When OnStar moved to shut down the Web services interface Rosack had plugged into in mid-October, Volt Stats arrived at a screeching halt.

Rather than leaving Volt Stats stalled on the roadside, GM and OnStar accelerated efforts to give developers a new public Web API to create services on top of OnStar data. The companies even worked with Rosack to get him onboard and get Volt Stats re-launched. Now, Volt Stats is back online and other would-be car data hackers will soon be able to connect their Web applications to GM owners’ vehicle data (provided, of course, that they have privacy policies that meet with the approval of GM and OnStar lawyers).

OnStar had already developed an API for GM partners such as the car-sharing service RelayRides, who need to get access to some of the remote control and telematics elements of the service. But this new interface takes advantage of technologies such as OAuth and JAX-RS and it’s a step toward turning OnStar into a broader platform for the “Internet of things.” It’s also a way to give car enthusiasts a new kind of access to something they’ve always thought of as their own—their cars’ data.

Now come the VRM questions:

• Where and how might customers store that data? Are current PDS (personal data stores) compatible and ready for it?
• How might customers use that data — especially outside and between multiple vendors’ apps, APIs and relationship silos?
• Might we see an  ⊂ (r-button) on the dashboards of car? How might that work? And if it does, how do we make it standard?
• What usage and new market-driving scenarios might we start to imagine here?
• How might customers assert their own privacy policies and terms as demand begins to drive supply?
• What other interfaces do cars have that might be brought into the picture?
• How can what happens here model what we do with the rest of the “Internet of things?”
• What are the meshy wireless things we can do among ourselves and our cars, outside any vendor’s box? (Would love Robin Chase‘s thinking here.)

These are questions especially for VRM developers. Look for answers (and more questions) here and on various blogs.

IIW XV

The XVth IIW is coming up on October 23-25 at the Computer History Museum in Mountain View, and VRM will be, as usual, a big topic — or collection of topics — there.

IIW stands for Internet Identity Workshop, but the topical range is much wider than identity alone. Front and center for the last several IIWs has been personal data (a special concern not only of many VRM development efforts, but of the Personal Data Ecosystem Consortium).

IIW is an unconference that Kaliya Hamlin, Phil Windley and I have been putting on twice a year since 2005. It could hardly be less formal or conference-like. There are no panels, no speakers, no keynotes. There are just participants. All the sessions are breakouts, and all the topics are chosen by participants, who come up with them at the start of each day, vetting whatever they like with the rest of the crowd. Some of the sessions are technical, many others are not. All of them are interesting, lively, and move things forward.

As in IIWs past, we have a VRM planning day on Monday, just before IIW. That’s the 22nd. Everybody is welcome. The purpose is to discuss what we’d like to make happen over the following three days. Unlike IIWs past, this planning day is also at the Computer History Museum. It’ll run from 9 to 5.

Here are some topics currently being vetted on the ProjectVRM list:

1. Demonstrations of progress on various VRM fronts
2. Relationship management tools, including UI elements such as r-buttons: ⊂ ⊃.
3. Personal data store/locker/vault/cloud etc. efforts
4. Personal operating systems (including personal cloud)
5. Intentcasting, aka personal RFPs
6. Turning DNT (Do Not Track) into DNT-D (Do Not Track + Dialog)
7. Cooperation + competition among and between different VRM development efforts
8. FOSS (free and open source software) and VRM
9. Creating and working with APIs
10. Standards and protocols old and new (e.g. XDI, RDF, tent.io)
11. Role of governments (e.g. Midata in the UK, and privacy ministries in various countries)
12. Legal / terms of service and engagement, and expression of preferences and policies
13. Trust frameworks
14. Working with industry verticals, such as banks and retail
15. Matching up with QS (Quantified Self ) and self-hacking movements and interests (especially around personal data)
16. Matching up VRM and CRM/sCRM
17. Subject-based VRM, such as with the “subscription economy”
18. VCs and other investors
19. Relationships with other .orgs, e.g. PDE.Cc, Customer Commons
20. Discovering and encouraging more VRM and VRooMy development efforts
21. Alignment of talking points when evangelizing VRM
22. Intention Economy
23. Relationship Economy (and overlaps with the above)
24. Identity-related matters, including NSTIC

I numbered them not in order of importance, but just to make them easier to discuss at the meeting. (e.g. “Let’s look at number 13”). Look forward to seeing you there.

Here are some photos from IIWs past. The photo up top is of a slab of metal covering a hole in pavement on a street in Manhattan. Saw it and couldn’t resist shooting it with my phone.

Life Management Platforms

Kuppinger Cole, an analyst firm headquartered in Germany, has been hip to VRM for a long time. They gave ProjectVRM an award (that’s it there on the right) at the EIC (European Identity Conference) in 2008, and have been following VRM developments closely ever since. A number of VRM developers were there again at this year’s EIC, where I gave a keynote titled “Free Customers: The New Platform”, and the topic was front and center.

In fact VRM has always been about more than relating to vendors, which is another thing Kuppinger Cole has believed as well. It’s been about personal empowerment, and better means for dealing with all kinds of organizations. There are also many more VRM developers now than there were back then, with many different labels for what they do. We have personal data stores, lockers, vaults, clouds, services and networks, for example. We also have and much activity in overlapping and adjacent development areas, such as with quantified self work, which includes self-hacking, personal informatics, self-tracking and much more.

Martin Kuppinger now throws a loop around all of these with Life Management Platforms, which is also the subject of his paper here. I like the term, and think it does a good job of encompassing both the internal (self-managing) and external (relating with others) sides of VRM.

Martin’s latest post is Intention and Attention – how Life Management Platforms can improve Marketing, in which he notes the main thrust of The Intention Economy, and adds,

Taking this view, the one of Doc Searls, and the idea of Life Management Platforms the way we at KuppingerCole have it in mind shows that this is where things become really interesting: A Life Management Platforms allows expressing your Intention. The Intention is nothing other than a vital part of where your current Attention is focused. In other words: Knowing the Intention is about knowing at least an important part of the current Attention, which is much better than trying to change the Attention. Furthermore, Life Management Platforms could provide more information about the current Attention in real-time, but in a controlled way – controlled by the individual. That allows getting even more targeted information and makes this concept extremely attractive for everybody – the vendors and the individuals.

Control by the individual is what VRM has been about since the start. What I’d like to know now is how Life Management Platforms sits with VRM developers, and others who have been following or involved with VRM from the start.

Your actual wallet vs./+ Google’s and Apple’s

Now comes news that Apple has been granted a patent for the iWallet. Here’s one image among many at that last link:

Note the use of the term “rules.” Keep that word in mind. It is a Good Word.

Now look at this diagram from Phil Windley‘s Event Channels post:

Another term for personal event network is personal cloud. Phil visits this in An Operating System for Your Personal Cloud, where he says, “In contrast a personal event network is like an OS for your personal cloud. You can install apps to customize it for your purpose, it canstore and manage your personal data, and it provides generalized services through APIsthat any app can take advantage of.” One of Phil’s inventions is the Kinetic Rules Language, or KRL, and the rules engine for executing those rules, in real time. Both are open source. Using KRL you (or a programmer working for you, perhaps at a fourth party working on your behalf, can write the logic for connecting many different kinds of events on the Live Web, as Phil describes here).

What matters here is that you write your own rules. It’s your life, your relationships and your data. Yes, there are many relationships, but you’re in charge of your own stuff, and your own ends of those relationships. And you operate as  free, independent and sovereign human being. Not as a “user” inside a walled garden, where the closest thing you can get to a free market is “your choice of captor.”

Underneath your personal cloud is your personal data store (MyDex, et. al.), service (Higgins), locker (Locker Project / Singly), or vault (Personal.com). Doesn’t matter what you call it, as long as it’s yours, and you can move the data from one of these things into another, if you like, compliant with the principles Joe Andrieu lays out in his posts on data portability, transparency, self-hosting and service endpoint portability.

Into that personal cloud you should also be able to pull in, say, fitness data from Digifit and social data from any number of services, as Singly demonstrates in its App Gallery. One of those is Excessive Mapper, which pulls together checkins with Foursquare, Facebook and Twitter. I only check in with Foursquare, which gives me this (for the U.S. at least):

The thing is, your personal cloud should be yours, not somebody else’s. It should contain your data assets. The valuable nature of personal data is what got the World Economic Forum to consider personal data an asset class of its own. To help manage this asset class (which has enormous use value, and not just sale value), a number of us (listed by Tony Fish in his post on the matter) spec’d out the Digital Asset Grid, or DAG…

… which was developed with Peter Vander Auwera and other good folks at SWIFT (and continues to evolve).

There are more pieces than that, but I want to bring this back around to where your wallet lives, in your purse or your back pocket.

Wallets are personal. They are yours. They are not Apple’s or Google’s or Microsoft’s, or any other company’s, although they contain rectangles representing relationships with various companies and organizations:

Still, the container you carry them in — your wallet — is yours. It isn’t somebody else’s.

But it’s clear, from Apple’s iWallet patent, that they want to own a thing called a wallet that lives in your phone. Does Google Wallet intend to be the same kind of thing? One might say yes, but it’s not yet clear. When Google Wallet appeared on the development horizon last May, I wrote Google Wallet and VRM. In August, when flames rose around “real names” and Google +, I wrote Circling Around Your Wallet, expanding on some of the same points.

What I still hope is that Google will want its wallet to be as open as Android, and to differentiate their wallet from Apple’s through simple openness.  But, as Dave Winer said a few days ago…

Big tech companies don’t trust users, small tech companies have no choice. This is why smaller companies, like Dropbox, tend to be forces against lock-in, and big tech companies try to lock users in.

Yet that wasn’t the idea behind Android, which is why I have a degree of hope for Google Wallet. I don’t know enough yet about Apple’s iWallet; but I think it’s a safe bet that Apple’s context will be calf-cow, the architecture I wrote about here and here. (In that architecture, you’re the calf, and Apple’s the cow.) Could also be that you will have multiple wallets and a way to unify them. In fact, that’s probably the way to bet.

So, in the meantime, we should continue working on writing our own rules for our own digital assets, building constructive infrastructure that will prove out in ways that require the digital wallet-makers to adapt rather than to control.

I also invite VRM and VRooMy developers to feed me other pieces that fit in the digital assets picture, and I’ll add them to this post.