Monthly Archives: June 2012

Free vs. Followed

grasped hand The fight between the free market and the followed market is about to begin. And the way to bet is on the free market, because it’s what we know works best. Also because the followed market is nuts.  It only persists because it’s normative at the moment, and an enormous sum of investment is going into improving what’s most nuts about it: following people around and constantly guessing at what they might want (or trying to make them want something some algorithm thinks it might be able to make them want).

Let’s look at those norms a bit more closely. In the followed market, we —

  • Maintain separate logins and passwords for every site and service with which we do business, which might number in the hundreds
  • “Agree” to terms of service and privacy policies that we don’t bother to read because we have no choice but to accept them if we want to use the offered services
  • Acquiesce to stalking by sites and their third parties, even as we travel out of those sites and around the Web

In the physical world where the free market remains defaulted, you are free to be who you say you are (or to remain anonymous — that is, nameless in the literal sense), and to arrive at whatever terms are agreeable to you and the sellers you engage, with minimal coercion. This is what we enjoy when we walk through a bazaar, down Main Steet, or through a shopping mall. We don’t have to become a member of Nordstrom, or Trader Joe’s, The Container Store, or the corner grocer, to shop there, or to buy anything from them. And, when we do, we usually assume that we are not being tracked by the store after we leave.

In the followed market, we are free to choose between captors who make all the rules. Our personal identity is the separate one we have with each of them, and which they administrate. Our relationship with each of them is fully contained within their separate silo’d systems. Worst of all, we are stalked after we leave, as a matter of course. “Social” sites such as Facebook aid in surveillance by making it easy for us to spill all kinds of personal data — about ourselves and our contacts — when we “login with Facebook” elsewhere.

And its getting worse.

On July 30, 2010, The Wall Street Jounal inaugurated its What They Know series (http://wsj.com/wtk) with The Web’s New Gold Mine: Your Secrets, by Julia Angwin. Here were the key findings she reported:

• The study found that the nation’s 50 top websites on average installed 64 pieces of tracking technology onto the computers of visitors, usually with no warning. A dozen sites each installed more than a hundred. The nonprofit Wikipedia installed none.

• Tracking technology is getting smarter and more intrusive. Monitoring used to be limited mainly to “cookie” files that record websites people visit. But the Journal found new tools that scan in real time what people are doing on a Web page, then instantly assess location, income, shopping interests and even medical conditions. Some tools surreptitiously re-spawn themselves even after users try to delete them.

• These profiles of individuals, constantly refreshed, are bought and sold on stock-market-like exchanges that have sprung up in the past 18 months.

The new technologies are transforming the Internet economy. Advertisers once primarily bought ads on specific Web pages—a car ad on a car site. Now, advertisers are paying a premium to follow people around the Internet, wherever they go, with highly specific marketing messages.

On the 17th of this month, in Online Tracking Ramps Up, Julia begins,

Online tracking on 50 of the most-visited websites has risen sharply since 2010, driven in part by the rise of online-advertising auctions, according to a new study by data-management company Krux Digital Inc.

The average visit to a Web page triggered 56 instances of data collection, up from just 10 instances when Krux conducted its initial study, in November 2010. The latest study was conducted last December.”The main reason for the difference is live online auctions of data about you:

Krux estimated that such auctions, known as real-time bidding exchanges, contribute to 40% of online data collection.In real-time bidding, as soon as a user visits a Web page, the visit is auctioned to the highest bidder, based on attributes such as the type of page visited or previous Web browsing by the user. The bidding is done automatically using computer algorithms.

On June 26, the Journal published On Orbitz, Mac Users Steered to Pricier Hotels, by Dana Mattioli, who writes,

The Orbitz effort, which is in its early stages, demonstrates how tracking people’s online activities can use even seemingly innocuous information—in this case, the fact that customers are visiting Orbitz.com from a Mac—to start predicting their tastes and spending habits.

Imagine walking with a friend down 5th Avenue in New York and attempting to have a conversation about the totally different scenes both of you see when you look into the stores you pass or enter together. One of you sees hats in a store window while the other sees shoes. One sees a door where the other sees a wall. One sees a counter of candies while the other sees an aisle of garden tools. When one of you pauses to look at the cosmetics counter, the colors of lipstick suddenly change, because the store — or its third parties — know it’s you and start making guesses about what you might want, or that the companies paying for shelf space in the store hope to make you want. When the other looks at the store directory, she finds that the departments have been re-arranged. Now the shoe department is to her right when it used to be to the left. The dress shoes are now in the back, and all of them are red and black. Athletic shoes are now in front, because she paused to look in the window of a sporting goods store back up the street.

Whether or not this kind of personalization works is beside a more essential point: that in today’s online marketplace we are being followed constantly, with at most only our tacit approval. Without the conscious involvement of fully human customers, operating as free and independent actors possessing full agency, the online environment has gone insane. That is, without coherence, or grounding in reality. It makes sense only to the vendor’s side of the marketplace, and even there it’s not fully together. Writes Julia Angwin in her most recent story,

More than half the time, Krux found that data collectors were piggybacking on each other. For example, when a user visited a website that had code for one tracking technology, the data collection would call out to and trigger other tracking technologies that weren’t embedded on the site. As a result of such piggybacking, websites often don’t know how much data are being collected about their users.

‘It may be the first medium where the buyers have more information about the price, the value and the amount of inventory than the seller,’ said Krux President Gordon McLeod.

In the free market, as it has been understood since our ancestors first traded shells for seeds, certain things are stable and well understood. These include not only the physical nature of locations, but social norms and protocols for interacting with each other, which begin with the assumption that the other party is a free, independent and sovereign being who controls what is public and what is private about themselves. (Which is why, for example, we tend to wear clothes in public and live in enclosed spaces.)

In the free market it would be absurd for a guy from a store to put a hand in your pocket and hold onto your leg while you walked around, saying “Don’t mind me. I’m just here to see what you’re up to. Actually I don’t want to know your name, but just to track what your body is doing so you can get the best advertising and product offerings, based on what some machines think at the moment would be best for you and for us. It’s for your own good.” Or, more literally, to do the same with an invisible robot tick that attaches to your body and sucks out your data. But in the followed market, that stuff is normative in the extreme. And it works well enough, so far, at least for the advertisers and their intermediaries, that it persists in spite of its absurdities.

The followed market will fail not only because it is absurd and offensive to human sensibilities, but because it is not as effective as the kind of simple human interactions we were all built for in the first place. We don’t have those online yet — not in the commercial space comprised of billions of competing silos. But we will. Count on it. The Web we know is just seventeen years old (dating back to the first graphical browsers in 1995).

In a general way, what the free market still lacks online is a build-out of capabilities on the customers’ side to match the build-out of capabilities on the vendors’ side. That’s what ProjectVRM has been working toward for the past six years. The result so far is a growing list of developers, projects and prospects for major breakthroughs in customer capacity to assert independence, establish privacy boundaries, and deal with vendors as self-empowered equals and not as vendor-defined and -controlled dependents.

Customer Commons’ mission is to preserve and improve the free market, both online and off, by helping customers become free and independent participants in that market. So, while ProjectVRM remains focused on development and developers, Customer Commons is focused on putting those developments to work for customers — and for giving customers a way to participate in that development, and to lead it forward.

And we welcome your help with that.

Name the Pink Elephants

There is a pink elephant in the room
not a small one either
There is a enormous pink elephant on the couch between us
and yet we both continue to ignore it…
Sammi

When we ‘accept’ terms of service ‘agreements’ we engage in this ceremony, ‘accept’ (as though we have a choice) contract terms that we neither read, understand nor accept. In a word, ‘we lie.”

Biggestlie.com is an awareness campaign aimed at calling out this ‘pink elephant’ and with folks Pär Lannerö, Lars-Erik Jakobsson (icon), Gregg Bernstein, Carl Törnquist, Hanna Arkestål, Max Walter, Mattias Aspelund, Anders Carlman and CommonTerms are to trying to change the status quo.

Likewise, ProjectVRM recently posted ‘Coming to terms’ where Doc Searls who has been talking about this problem for quite some time states:

“We lie every time we “accept” terms that we haven’t read — a pro forma behavior that is all but required by the calf-cow model of the Web that’s prevailed since 1995. We need to change that. And so we are.”

In the context of the web today not only has the relationship become compulsory, but who your are dealing with is totally cloaked. This ‘cloaked figure” (acting not only for itself but other cloaked figures) dictates all the terms of the relationship and on the other side there is just you (an individual). Take this ONE factor of compulsory relationship, with unknown parties, and alarm bells go off.

Let me give you an example: Mint.com.

First line in their TOS reads:

“This Agreement sets forth the terms and conditions that apply to your access and use of the Internet Web site located at http://www.mint.com (“Mint.com”), as owned and operated by Intuit Inc., a Delaware corporation, on behalf of those of its direct or indirect subsidiaries and/or affiliates, (collectively referred to as “Intuit”).”

Translation: This “agreement” is not between you and Intuit, Inc. RATHER this ‘agreement’ is AMOUNG you, Intuit, Inc. and ‘a whole bunch of other companies and people’ called *direct and indirect subsidiaries and affiliates. So every term that includes you granting rights to Intuit INCLUDES granting it to all of these other folks too. Oh, that is also true for every term that involves your agreement to limit Intuit’s liability for problems that arise. That, too, extends to this faceless crowd known as ‘direct or indirect subsidiaries and/or affiliates.’

*DON’T BE TRICKED BY MISLEADING LEGAL LANGUAGE: In this case people read subsidiary especially direct subsidiary and think that by law that means ‘companies under the direct control or owned by Intuit.” Often the interpretation is quite broad especially when the language includes “indirect.” Likewise, the term “affiliate’ may make you think that the relationship is limited but actually it can include a broader and more ‘distant’ (relationally) group of people and companies. When coupled with ‘indirect,’ the realm of possible parties could include just about any company and or person.

When we consider the Mint.com terms of service ‘agreement,” it is clear that privacy policies cannot be considered alone and often do not reflect the real story with respect to the use of your data. All of these projects would be wise to consider the role of what I call the “anti privacy/ anti-people” policies aka “terms of service agreements.” These terms of use allow greater insight into not only the data privacy issue in general, but also that particular organization’s real commitment to their customers’ rights. The terms of these agreements are at odds with the company’s marketing messages. Don’t be misled, just because a law or policy make some assurance that your privacy is protected or information is not shared, it is often not the way you think. Privacy statutes often permit use of data, subject to consent, which is garnered by agreement to the terms of use.

When a contract is written to include every known and unknown direct or indirect subsidiary and affiliate as FIRST party to the contract, who are third parties? Does knowing this clever legal trick change the way you read their Privacy Policy? Their terms of service agremeements? More importantly, does this fact change the way you think about Mint.com in general? In that vein, efforts like BiggestLie.com hit the bulls eye because they highlight the inherent dishonesty and manipulation. But it is not enough we need to understand it and demand change.

That said, efforts toward transparency and “iconization” of terms are actually quite troubling. In an effort to simplify they often lack context and fail to address the larger more anti-customer framework housing these policies taking it as immutable. Moreover, the messaging can be misleading. For example, Aza Raskin’s Privacy Icons includes the following statement under one of the icons:

“Your Data is Used for the Intended Use,” “Mint.com uses your login information to import your financial data from your banks — with your explicit permission.”

With that statement alone, a person may be led to trust Mint.com in a way he or she would not if they also read the terms effectively turning third party data collectors into first parties with all the accompanying rights and privileges.

Context with comprehensive understanding is critical. If they are exploiting my data, and they are honest about it; I will weigh the costs and benefits and make a decision on whether or not to agree. . What I am told in a privacy policy and in marketing messages, that my privacy is important to a company and as a result, they do not sell my data etc., I expect the terms of service ‘agreement’ to support these claims. When, instead, I see the sneaky legalese, I present above, it is completely misleading. The term ‘bait and switch’ comes to mind, I am wondering out loud if this is a possible cause of action against some of these companies; especially those proclaiming to be acting on the customer’s behalf, while maintaining terms as egregious as the blatantly privacy exploitative companies. It seems that companies who intend to market themselves as unique because they protect the customer need to back it up in their legal policies, agreements and practices.

For example let’s consider Personal.com:

Central to their business proposition is that they are unique in their approach to privacy and relationships with customers. Reviewing their recently updated terms of service reveals clauses like this:

“You agree to defend, indemnify and hold Personal, its directors, officers, employees, agents and affiliates harmless from any and all claims, liabilities, damages, costs and expenses, including reasonable attorneys’ fees, in any way arising from, related to or in connection with your use of the Sites and/or Personal Service, your violation of these Terms or the posting or transmission of any materials on or through the Site and/or Personal Service by you, including, but not limited to, any third party claim that any information or materials you provide infringes any third party proprietary right.”

Translation: I as the user must indemnify this company and their affiliates for ANY claim that in ANY way is connected with my use of this service.

In general, I am not opposed to indemnification clauses because they aim to have the people responsible for certain conduct step up to the plate and deal with issues that arise from their failure to do just that, HOWEVER, I do not agree to provisions as broad and sweeping as this provision. This folks, is what lawyers call ‘boilerplate’ that is drafted as broadly as possible forcing the other side to narrow it and customize it to suit the context of the situation. The problem here is that you don’t get to negotiate and even if you did you don’t have a legal department at your fingertips negotiating on your behalf.

If I were the lawyer for the people, I imagine the conversation would go something like this:

Personal.com Lawyer: “We put that provision in the contract because if your use of the services causes us to get sued then you should have to pay.”

Lawyer for the People: “What could they possibly do to get you sued?”

Personal.com Lawyer: “They could (fill in the blank personal.com)”

Lawyer for the People: “Personal, while you are thinking of ‘something’ people could do to get you sued, I’d like to remind you that in a business to business deal this provision would not fly. So trying to cram it down the throat of a customer is wrong!”

Second and more important, where is the Indemnity from Personal.com to the user? If you are promising that your service offers something more than the others out there shouldn’t you stand behind that promise? Not to mention, also that, in a typical business-to-business negotiation, the indemnity goes two way, a la ‘what’s good for the goose is good for the gander’. That said, at a minimum, Personal should step up and provide an indemnification for damages arising from their failure to protect your data.

Once again, the Devil is in the details. It is really terrific to see all of these efforts aimed at providing transparency of privacy or legal terms, pushing for awareness (and accountability, I hope) and new tools to foster customer understanding of those terms. However, I think that ‘privacy policies’ and terms of service ‘agreements’ as they are commonly written reflect an utter and complete disrespect for the individuals’ importance and role in commercial relationships. While it is not my goal to resolve this existential matter today, or in my lifetime perhaps, I believe that there is a lot to be gained by examining the matter thoroughly from the individuals’ side of the ‘agreement.’

The post was originally posted at Those Sneaky Bastards.