Putting the R back in CRM

Bob Stutz at SAP

Every customer is familiar with Customer Relationship Management (aka CRM). They meet it when they get personal offers, when they call customer service, or any time they deal with companies that seem to know who they are.

Doing this is a  huge business, passing $40 billion worldwide in 2018, and expected to be twice that in 2015. All of CRM is also B2B: business to business. Salesforce, SAP, Microsoft Dynamics, Oracle, Adobe and IBM don’t sell their CRM services to you and me (that would be B2C—business to customer). They sell it to the companies that want to relate to you on other  than a cash-only basis.

CRM is also becoming more visible. The Salesforce Tower in San Francisco now dominates the city’s skyline, while the company itself was just added to the Dow Jones index, while other blue chip companies, such as Exxon, were dropped.

And the category is shaking up from the inside. Especially notable is Bob Stutzmove from Salesforce to SAP. He’s now Head of Customer Experience (aka CX) there.

It is in his new capacity that Bob argues, in an excellent interview, for restoring the full value of CRM’s middle name: Relationship.

The interview is significant, because Bob is, in many ways, the founder of the CRM software category, having started as product owner at Siebel then working at various times in similar roles at Oracle, SAP, HP, Microsoft, Salesforce.

He’s now back at SAP, and in reflective mood as to how CRM software has evolved, and what needs to be done next. It’s fair to say that he is not overly impressed with the current state; and seems to be in a mood to fix that. Given SAP’s German roots and that EU is getting behind more ‘human-centric’ approaches to personal data, it may well be that he is able to take CRM in a new and fruitful direction.

Here are a few thoughts that occur would be worth considering for moving CRM forward in a significant way. I am speaking here from the customer side, albeit from also having spent many years running customer management in large organisations (so have insight into what works/ does not work in and around CRM at present). Here goes:

1) We would clearly separate B2C CRM capabilities from B2B CRM capabilities; the latter needs a sales force/ team and lots of bells and whistles, while the former does not and needs a different set of bells and whistles. The current model applies B2B principles to B2C markets and that really just does not work.

2) To fix B2C CRM (our main interest in Customer Commons), we would remove the Sales/ Sales force Automation piece from the newly formed B2C CRM. Then we’d move the marketing part of CRM over to the side of the customer; we’d do so by re-inventing the concept of the preference centre: make that meaningful so a customer or potential customers can genuinely get what they want to get, and not get what they don’t want to get.

3) So in B2C, one is left with customer controlled data (including demand or buying intention data), permissions and preferences. Then the whole customer service piece would see co-managed data between individuals and their suppliers using common processes and tools. So both parties have tools to manage their products and services data. More on that below.

The over-riding raison d’être we’d place on forcing the above change through (if we were in a position to do so) would be that ‘CRM needs to re-think the R part’. That is to say, the bit that has gone so badly wrong is in how RELATIONSHIP is handled. It is definitely not the case that individuals do not wish to have relationships with SOME of their suppliers and have one anyway with SOME of their products and services; so let’s that a meaningful rather than the current abusive relationship.

That requires tools on the side of the customer. We call these Vendor Relationship Management (aka VRM) tools. (Explained here.) Many of these already exist (here’s a long list), with category names such as intentcasting and Personal Information Management Systems (PIMS) — though all are still nee and do not yet popular at scale.

In this model, both parties come to the market’s table with relationship management tools: B2C becomes CRM+VRM. And both have reasons to co-manage the relevant data between them.

The screenshot below shows tools on the individual side for managing their ‘stuff’ (i.e. products and services); they do so in the same way for all products and services, and can make that data accessible to their suppliers who may wish to act on it, augment it, and ultimately co-manage it.

The same principles apply to individuals making their buying intention data available to the market in standard ways (example below). Both of the above, with appropriate, pro-active permission, can be used to drive digital advertising, marketing and customer service related communications.

So what the customer is asking for from the CRM service providers, is ways to plug in their own standardised, ultra-modern customer-side capabilities that enable both parties to engage in mutually beneficial activities. That model begins to feel more like a working relationship……

What only customers can do

Businesses love to say “the customer comes first,” “the customer is in charge” and that they need to “let the customer lead.”

But the customer can’t come first, can’t be in charge, and can’t lead, without tools of her own: tools that give  her ways to interact in common ways across all the companies she deals with. Ways that give her leverage:

She already has some of those tools. The Internet. The Web. EMail. The phone system. Credit cards. Cars. All of those give a person scale, in roughly the same way that using a common language or a common currency gives a person scale.

For an example of absent scale at work, look at what a customer needs to do when she changes, say, her email address, preferred credit card or last name. She has to go from one website to another, over and over again, logging into all of them separately, like a bee buzzing from one flower to another across a whole garden—only taking a lot more time and wasting a lot more energy.

The reason we have that situation is that companies are still leveraging industrial age norms, in which every company works to “own” the customer, and her experience, separately and exclusively. This is why, even though we’ve been living in a networked world for a quarter century, and we all carry highly advanced digital devices in our pocket and purses, we remain stuck in a world where every company we deal with has its own unique and different ways of dealing with us, and of providing us with ways for relating to them.

The plethorization of separate and unique “customer experiences” (“CX” to the industry) is only compounded with each new company we deal with—and worse, with each new law imposing obligations on companies that will implement compliance differently. We see this today with all the separate ways we “consent” to being tracked by companies doing their separate best to comply with the GDPR and the CCPA as well. Those laws embody the assumption that we still live in an industrial world where all agency over personal privacy resides on the corporate side, rather than on the personal one.

This is why better CRM, CX and GDPR/CCPA compliance approaches actually make the problem worse. Since all are different and exclusive, each one adds unique forms of cognitive and operational overhead on both the corporate and the personal side of every “relationship” that really isn’t.

It’s as if every company required a different language, a different handshake, and a different keyboard layout.

To really come first, to really be in charge, to really lead, the customer needs powers of her own that extend across all the companies she deals with. That’s scale.

Just as companies need to scale their relationships across many customers, customers need to scale their relationships across many companies.

The customer can only get scale through tools for both independence and engagement. She already has those with her car, her purse, her phone, her personal computer, her email, her browsers, her computer, her credit, her cash. (See The Cash Model of Customer Experience.) Every company she deals with respects the independence she gets from those tools, and every company has the same base-level ways of interacting with them. Those tools are also substitutable. The customer can swap them for others like it and maintain her autonomy, independence and ability to engage.

For the last ten years years many dozens of developers around ProjectVRM have been working on tools and services that give customers scale. You’ll find a partial list of them here.

Here is what we have been looking for, from any and all of them together—

  • Ways to manage gradual, selective and trust-based disclosure of personal identifiers, starting from a state that is anonymous (literally, nameless).
  • Ways to manage our many administrative identities (the ones by which companies and other organizations know each of us), as well as our sovereign source identities (how each of us know ourselves).
  • Ways to express terms and policies with which companies can agree (preferably automatically).
  • Ways to change personal data records (e.g. name, address, phone number) for every company we deal with, in one move.
  • Ways to share personal data (e.g. purchase or service intentions) selectively and in a mutually trusting way, with every company we deal with.
  • Ways to exercise full control over our sovereign data spaces (e.g. PIMS) for every thing each ofus owns, and within which reside our relationships with companies that support those things.
  • Ways to engage with existing CRM, call center and other relationship systems on the vendors’ side.

We have most or all of the technologies, standards, protocols, specifications and APIs we need already. What we need now is thinking and development that goes meta: one level up, to where the customer actually lives, working to manage all these different relationships with all these different cards, apps, websites, logins, passwords and the rest of it.

Apps for doing those things should be as substitutable as a car, a wallet, a purse, a phone, an email client. In other words, we should have a choice of apps, and not be stuck again inside the exclusive offerings of any single company.

Only with scale can free customers prove more valuable than captive ones. And only with mastery will customers get scale. We can’t get there with a zillion different little apps, most of which are not ours. We need go-to apps of our own.

One of our jobs at Customer Commons is to stand with the customer as she watches those tools and services being built, and weighs in with input and intelligence of her own. If you want to help us do that, follow @CustomerCommons and DM us there after we follow you back. Thanks.

The business problems only customers can solve

Customer Commons was created because there are many business and market problems that can only be solved from the customers’ side, under the customer’s control, and at scale, with #customertech.

In the absence of solutions that customers control, both customers and businesses are forced to use business-side-only solutions that limit customer power to what can be done within each business’s silo, or to await regulatory help, usually crafted by captive regulators who can’t even imagine full customer agency.

Here are some examples of vast dysfunctions that customers face today (and which hurt business and markets as well), in the absence of personal agency and scale:

  • Needing to “consent” to terms that can run more than 10,000 words long, and are different for every website and service provider
  • Dealing with privacy policies that can also run more than 10,000 words long, which are different for every website and service provider, and that the site or service can change whenever they want, and in practice don’t even need to obey
  • Dealing with personal identity systems that are different for every website or service provider
  • Dealing with subscription systems that are different for every website and service provider requiring them
  • Dealing with customer service and tech support systems that are different for every website or service provider
  • Dealing with login and password requirements that are as different, and numerous, as there are websites and service providers
  • Dealing with crippled services and/or higher prices for customers who aren’t “members” of a “loyalty” program, which involves high cognitive and operational overhead for customer and seller alike—and (again) work differently for every website and service provider
  • Dealing with an “Internet of Things” that’s really just an Amazon of things, an Apple of Things, and a Google of things.

And here are some examples of solutions customers can bring to business and markets:

  • Standardized terms that customers can proffer as first parties, and all the world’s sites and services can agree to, in ways where both parties have records of agreements
  • Privacy policies of customers’ own, which are easy for every website and service provider to see and respect 
  • Self-sovereign methods for customers to present only the identity credentials required to do business, relieving many websites and service providers of the need to maintain their own separate databases of personal identity data
  • Standard ways to initiate, change and terminate customers’ subscriptions—and to keep records of those subscriptions—greatly simplifying the way subscriptions are done, across all websites and service providers
  • Standard ways for customers to call for and engage customer service and tech support systems that work the same way across all of them
  • Standard ways for customers to relate, without logins and passwords, and to do that with every website and service provider
  • Standard ways to express loyalty that will work across every website, retailer and service provider
  • Standard ways for customers to “intentcast” an interest in buying, securely and safely, at scale, across whole categories of products and services
  • Standard ways for customers’ belongings to operate, safely and securely, in a true Internet of Things
  • Standardized dashboards on which customers can see their own commercially valuable data, control how it is used, and see who has shared it, how, and under what permissions, across all the entities the customer deals with

There are already many solutions in the works for most of the above. Our work at Customer Commons is to help all of those—and many more—come into the world.

 

Going #Faceless

Facial recognition by entities other than people and their pets has gotten out of control.

Thanks to ubiquitous surveillance systems, including the ones in our own phones, we can no longer assume we are anonymous in public places or private in private ones. This became especially clear a few weeks ago when Kashmir Hill (@kashhill) reported in the New York Times that a company called Clearview.ai “invented a tool that could end your ability to walk down the street anonymously, and provided it to hundreds of law enforcement agencies, ranging from local cops in Florida to the F.B.I. and the Department of Homeland Security.”

If your face has ever appeared anywhere online, it’s a sure bet to assume that you are not faceless to any of those systems. Clearview, Kashmir says, has “a database of more than three billion images” from “Facebook, YouTube, Venmo and millions of other websites ” and “goes far beyond anything ever constructed by the United States government or Silicon Valley giants.”

Among law enforcement communities, only New Jersey’s has started to back off on using Clearview.

And Clearview is just one company. Laws will also take years to catch up with developments in facial recognition, or to get ahead of them, if they ever can. And let’s face it: government interests are highly conflicted here. Intelligence and law enforcement agencies’ need to know all they can is at extreme odds with our need, as human beings, to assume we enjoy at least some freedom from being known by God-knows-what, everywhere we go.

Personal privacy is the heart of civilized life, and beats strongest in democratic societies. It’s not up for “debate” between companies and governments, or political factions. Loss of privacy is a problem that affects each of us, and requires action by each of us as well.

A generation ago, when the Internet was still new to us, four guys (I was one of them) nailed a document called The Cluetrain Manifesto to a door on the Web. It said,

We are not seats or eyeballs or end users or consumers. We are human beings and our reach exceeds your grasp. Deal with it.

Since then their grasp has exceeded our reach. And now they’ve gone too far, grabbing even our faces, everywhere we go.

Enough.

Now it’s time for our reach to exceed their grasp.

Now it’s time, finally, to make them  deal with it.

We need to do that as individuals, and as a society.

Here’s a three-part plan for that.

First, use image above, or one like it, as a your personal avatar, including your Facebook, Twitter or Whatever profile picture. Here’s one that’s favicon size:

 

Second, sign the Get Out Of My Face (#GOOMF) petition, here.  (With enough of us on it, this will work.)

Here at Customer Commons, we have some good ideas, but there are certainly others among the billions of us whose privacy is at stake.

We should discuss this, using the hashtag #faceless. Do that wherever you like.

Here’s a rule to guide both discussion and development:

No complaining. No blaming.

That stuff goes nowhere and wastes energy. Instead we need useful and constructive ideas toward what we can do—each of us, alone and together—to secure, protect and signal our privacy needs and intentions in the world, in ways others can recognize and respect.

We have those in the natural world. We don’t yet in the digital one. So let’s invent them.

 

 

Where there’s folk there’s fire

That headline was, far as I know, first uttered by Britt Blaser in a March 2007 blog post titled The people’s law trumps the power law. It was thirteen years ahead of its time.

Among many others, Britt was energized by  The Cluetrain Manifesto‘s 95 Theses, which David Weinberger, Chris Locke, Rick Levine and I nailed to the Web in April 1999. Today the one-liner most often quoted from Cluetrain is its the first of those theses: Markets are conversations, which then became the title of a chapter in the book version of the Manifesto, which appeared in January 2000 and quickly became a business bestseller. Today the word “cluetrain,” which didn’t exist before 1999, is tweeted daily by people all over the world and appears (says Google) on more than 1.3 million Web pages.

In the 10th Anniversary (2010) edition of the book, I explained that markets were actually three things:

  • transactions,
  • conversations, and
  • relationships

I learned that separately from two teachers, weeks apart in 2000. Both were responding to Cluetrain‘s markets are conversations line, which became a runaway marketing meme shortly after the book came out. One of those teachers was Eric S. Raymond, a devout atheist and libertarian who almost single-handedly made open source a thing, starting two years earlier. The other was Sayo Ajiboye, a Nigerian pastor I met on a plane.

Both suggested markets are relationships as a corollary to markets are conversations and markets are transactions; but it was Sayo who gave me the assignment I’m still working on here with Customer Commons: to make markets are relationships far more real than what customer relationship management (CRM) and related corporate functions imagined it was, because they were all too busy thinking markets are transactions. Seeing markets as conversations would be a step forward, Sayo said, but not a big enough step. Relationship was key to fully realizing free, open and productive markets in the industrial world, and it could only be fully achieved by working on solutions from the customers’ side.

That’s why I started ProjectVRM at Harvard’s Berkman (now Berkman Klein) Center in 2006, and why it’s still going strong today, both by itself and in the forms of Customer Commons (its one direct spin-off), the IEEE 7012 working group, and lately the Me2B Alliance as well. (The 2 in Me2B is about relationship, as I explain here.)

I’ve written about my encounter with Sayo in a number of places. But the most relevant to our work here is Mashing Up a Commons, published in the June 2006 issue of Linux Journal, three months before I became a fellow with the Berkman Center and started ProjectVRM. Without that encounter, there is a good chance neither would have happened.

Mashing up a commons is still our assignment. I believe it will be the most leveraged thing to happen to markets since the Internet showed up. I first explained why in Free Customers Make Free Markets, posted in November 2007. It closes with the headline above.

The time wasn’t right then, but it is now. Let’s do it.

Why we’re not endorsing Contract for the Web

Contract for the Web—not signing

The Contract for the Web is a new thing that wants people to endorse it.

While there is much to like in it, what we see under Principle 5 (of 9) is a deal-breaker:

Respect and protect people’s privacy and personal data to build online trust.
So people are in control of their lives online, empowered with clear and meaningful choices around their data and privacy:

  1. By giving people control over their privacy and data rights, with clear and meaningful choices to control processes involving their privacy and data, including:
  2. Providing clear explanations of processes affecting users’ data and privacy and their purpose.
  3. Providing control panels where users can manage their data and privacy options in a quick and easily accessible place for each user account.
  4. Providing personal data portability, through machine-readable and reusable formats, and interoperable standards — affecting personal data provided by the user, either directly or collected through observing the users’ interaction with the service or device.

Note which party is “giving” and “providing” here. It’s not the individual.

By this principle, individuals should have no more control over their lives online than what website operators and governments “give” or “provide” them, with as many “control panels” as there are websites and “user accounts.” This is the hell we are in now, which metaphorically iworks like this:

It also leaves unaddressed two simple needs we have each had since the Web came into our lives late in the last millennium:

  1. Our own damn controls, that work globally, at scale, across all the websites of the world; and
  2. Our own damn terms and conditions that websites can agree to.

At Customer Commons we encourage #1 (as has ProjectVRM, since 2006), and are working on #2.

If you want to read the thinking behind this position, a good place to start is the Privacy Manifesto draft at ProjectVRM, which is open to steady improvement. (A slightly older but more readable copy is here at Medium.)

We also recommend Klint Finley‘s What’s a Digital Bill of Rights Without Enforcement? in Wired. He makes the essential point in the title. It’s one I also made in Without Enforcement, GDPR is a Fail, in July 2018.

A key point here is that companies and governments are not the only players. As we say in Customers as a Third Force, each of us—individually and collectively—can and should be players too.

We’ll reach out to Tim Berners-Lee and others involved in drafting this “contract” to encourage full respect for the independent agency of individuals.

Customers as a Third Force

Almost all arguments in economics are advanced by two almost opposed positions, each walled into the castles of their ideologies, both insisting that their side has the solutions and the other side causes the problems—while meanwhile between the two flows a river of customers who, if they could be heard, and could participate with more than their cash, would have solutions of their own.

Customer Commons’s job is giving those customers full agency for dealing with both the businesses and governments of the world, and in the process proving that free customers are more valuable—to themselves and the businesses of the world—than captive (or tracked) ones.

It’s a long fight, dating back to the personal agency we lost when industry won the industrial revolution. And it’s one we continue to lose, in many ways, through these early decades of the digital revolution.

If it weren’t losing, we wouldn’t have books such as Shoshana Zuboff‘s In the Age of Surveillance Capitalism, Brett Frischmann and Evan Sellinger‘s Re-Engineering Humanity, Jaron Lanier,’s You are Not a Gadget (and pretty much everything else he’s written), plus what Nicholas Carr, David Weinberger, and many others have been saying for years.

The problem with most of what’s been written so far is that it assumes customers will remain victims unless companies or governments (and mostly the latter) rescue them. There is little sense that customers can also bring solutions to the market—ones that are good for every party involved.

One notable exception is Brett and Evan’s book, mentioned above, which closes with a hopeful nod toward some of our work here at Customer Commons:

Doc Searls and his colleagues at Customer Commons have been working for years on standardized terms for customers to use in managing their relationships with websites and other vendors… [his] dream of customers systematically using contract and related tools to manage their relationships with vendors now seems feasible. It could be an important first step toward flipping the scientific-management-of-consumers script we’ve become so accustomed to.”

My own work here started with Linux Journal in 1994, and gained some notoriety with The Cluetrain Manifesto (co-written with David Weinberger, Christopher Locke and Rick Levine) in 1999. Then, after notoriety didn’t seem to be working, I launched ProjectVRM at Harvard’s Berkman Klein Center in 2006, and in 2012spun out Customer Commons, which since then has quietly been developing on the personal data usage terms Brett and Evan mentioned above.

These are terms that each of us can proffer, and which the businesses of the world can agree to—as an alternative to the reverse, which has become a bane of online existence, alas made worse by normalization of insincere and misleading cookie notices on the Web, caused by (what we regard as a misreading of) the GDPR: a sad example of policy failing to fix a market problem. (So far. In another post we’ll visit ways the GDPR and California’s CCPA might actually help.)

The term third force has multiple uses already, the most common of which seem especially relevant our work here:

  •  “A group of people or nations that mediates between two opposed groups…” —  Free Dictionary
  • (A humanistic psychology that) focuses on inner needs, happiness, fulfillment, the search for identity, and other distinctly human concerns. Psychology: An Introduction, by Russell A. Dewey, PhD

Since customers and citizens are opposed to neither business nor government, but constantly look for positive outcomes in their dealings and relationships with both, third force works.

— Doc Searls

 

Change of Address (√)

Way back in 2006 or so, in the first Project VRM meetings, our canonical use case was ‘change of address’; that is to say, we wanted individuals to have the ability to update their address in one place and have that flow to multiple suppliers.

That seemed easy enough, so we thought at the time; all that’s needed is:

– a data store controlled by the individual

– a user interface

– an API that allowed organisations to connect

We did not note the need at the time, but there probably should have been one around ‘standardised data sharing terms’ so that organisations would not get tied in legal knots signing many different contracts to cover themselves as they would need to do.

So, 12 or so years later, that proved to not be quite so easy….. I think our most flawed assumption was that organisations would see this as a good thing and be willing to get involved.

No matter, the reason for my post is to flag that individual driven change of address can now be done at Internet scale, albeit yes we still need to crack the adoption issue. There are also then a number of downstream use cases, e.g. where the address change must be verified.

Here’s a visual of how change of address works in the JLINC environment; the same principles could apply in other environments. The critical dependency is that both parties (individual and organisation) have their own data-sets that they voluntarily connect to each other.

Beyond the fact that this plumbing now demonstrably works at scale, I think the most interesting thing that has emerged from the JLINC deployment is the Standard Information Sharing Agreement. The requirement here is to have an agreement that works for both parties; here is the initial one built for JLINC. The expectation is that these will evolve over time and likely become life aspect/ sector specific (e.g. Health); but critically they will not mimic the current model where each organisation invents their own. The secondary function that I believe makes this scale is the ability to record every single data exchange that takes place should either or both parties need to refer to that downstream.

So, we can now tick the box around ‘change of address’, at least as working plumbing. The better news still is that the same plumbing and approach works for any type of data, or any data flow (so organisations sending data to Alice too). At least it should not take another 12 years to make that next use case work, which incidentally was ‘Intentcasting’; i.e. an individual being able to articulate what they are in the market for without losing control over that data.

Let’s make May 25th Privmas Day

25 May is when the GDPR—the General Data Protection Regulation—went into effect. Finally, our need for privacy online has legal backing strong enough to shake the foundations of surveillance capitalism, and maybe even drop it to the ground—with our help.

This calls for a celebration. In fact, many of them. Every year.

So let’s call 25 May Privmas Day. Hashtag: #Privmas.

And, to celebrate our inaugural Privmas let’s make a movement out of blocking third party cookies, since most of the spying on us starts there. Let’s call it #NoMore3rds.

Turning off third party cookies is easy. Here’s our guide, for six different browsers.

There is much more we can do. But let’s start with #NoMore3rds, and give us all something to celebrate.

 

Privacy is personal. Let’s start there.

The GDPR won’t give us privacy. Nor will ePrivacy or any other regulation. We also won’t get it from the businesses those regulations are aimed at.

Because privacy is personal. If it wasn’t we wouldn’t have invented clothing and shelter, or social norms for signaling to each what’s okay and what’s not okay.

On the Internet we have none of those. We’re still as naked as we were in Eden.

But let’s get some perspective here:  we invented clothing and shelter long before we invented history, and most of us didn’t get online until long after Internet service providers and graphical browsers showed up in 1994.

In these early years, it has been easier and more lucrative for business to exploit our exposed selves than it has been for technology makers to sew (and sell) us the virtual equivalents of animal skins and woven fabrics.

True, we do have the primitive shields called ad blockers and tracking protectors. And, when shields are all you’ve got, they can get mighty popular. That’s why 1.7 billion people on Earth were already blocking ads online by early 2017.† This made ad blocking the largest boycott in human history. (Note: some ad blockers also block tracking, but the most popular ad blocker is in the business of selling passage for tracking to companies whose advertising is found “acceptable” on grounds other than tracking.)

In case you think this happened just because most ads are “intrusive” or poorly targeted, consider the simple fact that ad blocking has been around since 2004, yet didn’t hockey-stick until the advertising business turned into direct response marketing, hellbent on collecting personal data and targeting ads at eyeballs.††

This happened in the late ’00s, with the rise of social media platforms and programmatic “adtech.” Euphemized by its perpetrators as  “interactive,” “interest-based,” “behavioral” and “personalized,” adtech was, simply-put, tracking-based advertising. Or, as I explain at the last link direct response marketing in the guise of advertising.

The first sign that people didn’t like tracking was Do Not Track, an idea hatched by  Chris Soghoian, Sid Stamm, and Dan Kaminsky, and named after the FTC’s popular Do Not Call Registry. Since browsers get copies of Web pages by requesting them (no, we don’t really “visit” those pages—and this distinction is critical), the idea behind Do Not Track was to make to put the request not to be tracked in the header of a browser. (The header is how a browser asks to see a Web page, and then guides the data exchanges that follow.)

Do Not Track was first implemented in 2009 by Sid Stamm, then a privacy engineer at Mozilla, as an option in the company’s Firefox browser. After that, the other major browser makers implemented Do Not Track in different ways at different times, culminating in Mozilla’s decision to block third party cookies in Firefox, starting in February 2013.

Before we get to what happened next, bear in mind that Do Not Track was never anything more than a polite request to have one’s privacy respected. It imposed no requirements on site owners. In other words, it was a social signal asking site owners and their third party partners to respect the simple fact that browsers are personal spaces, and that publishers and advertisers’ rights end at a browser’s front door.

The “interactive” ad industry and its dependents in publishing responded to that brave move by stomping on Mozilla like Gozilla on Bambi:

In this 2014 post  I reported on the specifics how that went down:

Google and Facebook both said in early 2013 that they would simply ignore Do Not Track requests, which killed it right there. But death for Do Not Track was not severe enough for the Interactive Advertising Bureau (IAB), which waged asymmetric PR warfare on Mozilla (the only browser maker not run by an industrial giant with a stake in the advertising business), even running red-herring shit like this on its client publishers websites:

As if Mozilla was out to harm “your small business,” or that any small business actually gave a shit.

And it worked.

In early 2013, Mozilla caved to pressure from the IAB.

Two things followed.

First, soon as it was clear that Do Not Track was a fail, ad blocking took off. You can see that in this Google Trends graph†††, published in Ad Blockers and the Next Chapter of the Internet (5 November 2015 in Harvard Business Review):

Next, ad searches for “how to block ads” rose right in step with searches for retargeting, which is the most obvious evidence that advertising is following you around:

You can see that correlation in this Google Trends graph in Don Marti’s Ad Blocking: Why Now, published by DCN (the online publishers’ trade association) on 9 July 2015:

Measures of how nearly all of us continue to hate tracking were posted by Dr. Johnny Ryan (@johnnyryan) in PageFair last September. In that post, he reports on a PageFair “survey of 300+ publishers, adtech, brands, and various others, on whether users will consent to tracking under the GDPR and the ePrivacy Regulation.” Bear in mind that the people surveyed were industry insiders: people you would expect to exaggerate on behalf of continued tracking.

Here’s one result:

Johnny adds, “Only a very small proportion (3%) believe that the average user will consent to ‘web-wide’ tracking for the purposes of advertising (tracking by any party, anywhere on the web).” And yet the same survey reports “almost a third believe that users will consent if forced to do so by tracking walls,” that deny access to a website unless a visitor agrees to be tracked.”

He goes on to add, “However, almost a third believe that users will consent if forced to do so by ‘tracking walls”, that deny access to a website unless a visitor agrees to be tracked. Tracking walls, however, are prohibited under Article 7 of the GDPR, the rules of which are already formalised and will apply in law from late May 2018.[3] “

Which means that the general plan by the “interactive” advertising business is to put up those walls anyway, on the assumption that people will think they won’t get to a site’s content without consenting to tracking. We can read that in the subtext of IAB Europe‘s Transparency and Consent Framework, a work-in-progress you can follow here on Github., and read unpacked in more detail at AdvertisingConsent.eu.

So, to sum all this up, so far online what we have for privacy are: 1) popular but woefully inadequate ad blocking and tracking protection add-ons in our browsers; 2) a massively interesting regulation called the GDPR…

… and 3) plans by privacy violators to obey the letter of that regulation while continuing to violate its spirit.

So how do we fix this on the personal side? Meaning, what might we have for clothing and shelter, now that regulators and failed regulatory captors are duking it out in media that continue to think all the solutions to our problems will come from technologies and social signals other than our own?

Glad you asked. The answers will come in our next three posts here. We expect those answers to arrive in the world and have real effects—for everyone except those hellbent on tracking us—before the 25 May GDPR deadline for compliance.


† From Beyond ad blocking—the biggest boycott in human history: “According to PageFair’s 2017 Adblock Report, at least 615 million devices now block ads. That’s larger than the human population of North America. According to GlobalWebIndex, 37% of all mobile users, worldwide, were blocking adsby January of last year, and another 42% would like to. With more than 4.6 billion mobile phone usersin the world, that means 1.7 billion people are blocking ads already—a sum exceeding the population of the Western Hemisphere.”

†† It was plain old non-tracking-based advertising that not only only sponsored publishing and other ad-suported media, but burned into people’s heads nearly every brand you can name. After a $trillion or more has been spent chasing eyeballs, not one brand known to the world has been made by it. For lots more on all this, read everything you can by Bob Hoffman (@AdContrarian) and Don Marti (@dmarti).

††† Among the differences between the graph above and the current one—both generated by the same Google Trends search—are readings above zero in the latter for Do Not Track prior to 2007. While there are results in a search for “Do Not Track” in the 2004-2006 time frame, they don’t refer to the browser header approach later branded and popularized as Do Not Track.

Also, in case you’re reading this footnote, the family at the top is my father‘s. He’s the one on the left. The location was Niagara Falls and the year was 1916. Here’s the original. I flipped it horizontally so the caption would look best in the photo.