Companies

Just in case you feel safe with Twitter

twitter bird with crosshairs

Just got a press release by email from David Rosen (@firstpersonpol) of the Public Citizen press office. The headline says “Historic Grindr Fine Shows Need for FTC Enforcement Action.” The same release is also a post in the news section of the Public Citizen website. This is it:

WASHINGTON, D.C. – The Norwegian Data Protection Agency today fined Grindr $11.7 million following a Jan. 2020 report that the dating app systematically violates users’ privacy. Public Citizen asked the Federal Trade Commission (FTC) and state attorneys general to investigate Grindr and other popular dating apps, but the agency has yet to take action. Burcu Kilic, digital rights program director for Public Citizen, released the following statement:

“Fining Grindr for systematic privacy violations is a historic decision under Europe’s GDPR (General Data Protection Regulation), and a strong signal to the AdTech ecosystem that business-as-usual is over. The question now is when the FTC will take similar action and bring U.S. regulatory enforcement in line with those in the rest of the world.

“Every day, millions of Americans share their most intimate personal details on apps like Grindr, upload personal photos, and reveal their sexual and religious identities. But these apps and online services spy on people, collect vast amounts of personal data and share it with third parties without people’s knowledge. We need to regulate them now, before it’s too late.”

The first link goes to Grindr is fined $11.7 million under European privacy law, by Natasha Singer (@NatashaNYT) and Aaron Krolik. (This @AaronKrolik? If so, hi. If not, sorry. This is a blog. I can edit it.) The second link goes to a Public Citizen post titled Popular Dating, Health Apps Violate Privacy

In the emailed press release, the text is the same, but the links are not. The first is this:

https://default.salsalabs.org/T72ca980d-0c9b-45da-88fb-d8c1cf8716ac/25218e76-a235-4500-bc2b-d0f337c722d4

The second is this:

https://default.salsalabs.org/Tc66c3800-58c1-4083-bdd1-8e730c1c4221/25218e76-a235-4500-bc2b-d0f337c722d4

Why are they not simple and direct URLs? And who is salsalabs.org?

You won’t find anything at that link, or by running a whois on it. But I do see there is a salsalabs.com, which has  “SmartEngagement Technology” that “combines CRM and nonprofit engagement software with embedded best practices, machine learning, and world-class education and support.” since Public Citizen is a nonprofit, I suppose it’s getting some “smart engagement” of some kind with these links. PrivacyBadger tells me Salsalabs.com has 14 potential trackers, including static.ads.twitter.com.

My point here is that we, as clickers on those links, have at best a suspicion about what’s going on: perhaps that the link is being used to tell Public Citizen that we’ve clicked on the link… and likely also to help target us with messages of some sort. But we really don’t know.

And, speaking of not knowing, Natasha and Aaron’s New York Times story begins with this:

The Norwegian Data Protection Authority said on Monday that it would fine Grindr, the world’s most popular gay dating app, 100 million Norwegian kroner, or about $11.7 million, for illegally disclosing private details about its users to advertising companies.

The agency said the app had transmitted users’ precise locations, user-tracking codes and the app’s name to at least five advertising companies, essentially tagging individuals as L.G.B.T.Q. without obtaining their explicit consent, in violation of European data protection law. Grindr shared users’ private details with, among other companies, MoPub, Twitter’s mobile advertising platform, which may in turn share data with more than 100 partners, according to the agency’s ruling.

Before this, I had never heard of MoPub. In fact, I had always assumed that Twitter’s privacy policy either limited or forbid the company from leaking out personal information to advertisers or other entities. Here’s how its Private Information Policy Overview begins:

You may not publish or post other people’s private information without their express authorization and permission. We also prohibit threatening to expose private information or incentivizing others to do so.

Sharing someone’s private information online without their permission, sometimes called doxxing, is a breach of their privacy and of the Twitter Rules. Sharing private information can pose serious safety and security risks for those affected and can lead to physical, emotional, and financial hardship.

On the MoPub site, however, it says this:

MoPub, a Twitter company, provides monetization solutions for mobile app publishers and developers around the globe.

Our flexible network mediation solution, leading mobile programmatic exchange, and years of expertise in mobile app advertising mean publishers trust us to help them maximize their ad revenue and control their user experience.

The Norwegian DPA apparently finds a conflict between the former and the latter—or at least in the way the latter was used by Grinder (since they didn’t fine Twitter).

To be fair, Grindr and Twitter may not agree with the Norwegian DPA. Regardless of their opinion, however, by this point in history we should have no faith that any company will protect our privacy online. Violating personal privacy is just too easy to do, to rationalize, and to make money at.

To start truly facing this problem, we need start with a simple fact: If your privacy is in the hands of others alone, you don’t have any. Getting promises from others not to stare at your naked self isn’t the same as clothing. Getting promises not to walk into your house or look in your windows is not the same as having locks and curtains.

In the absence of personal clothing and shelter online, or working ways to signal intentions about one’s privacy, the hands of others alone is all we’ve got. And it doesn’t work. Nor do privacy laws, especially when enforcement is still so rare and scattered.

Really, to potential violators like Grindr and Twitter/MoPub, enforcement actions like this one by the Norwegian DPA are at most a little discouraging. The effect on our experience of exposure is still nil. We are exposed everywhere, all the time, and we know it. At best we just hope nothing bad happens.

The only way to fix this problem is with the digital equivalent of clothing, locks, curtains, ways to signal what’s okay and what’s not—and to get firm agreements from others about how our privacy will be respected.

At Customer Commons, we’re starting with signaling, specifically with first party terms that you and I can proffer and sites and services can accept.

The first is called P2B1, aka #NoStalking. It says “Just give me ads not based on tracking me.” It’s a term any browser (or other tool) can proffer and any site or service can accept—and any privacy-respecting website or service should welcome.

Making this kind of agreement work is also being addressed by IEEE7012, a working group on machine-readable personal privacy terms.

Now we’re looking for sites and services willing to accept those terms. How about it, Twitter, New York Times, Grindr and Public Citizen? Or anybody.

DM us at @CustomerCommons and we’ll get going on it.

 

0
Read More

Going #Faceless

Facial recognition by entities other than people and their pets has gotten out of control.

Thanks to ubiquitous surveillance systems, including the ones in our own phones, we can no longer assume we are anonymous in public places or private in private ones. This became especially clear a few weeks ago when Kashmir Hill (@kashhill) reported in the New York Times that a company called Clearview.ai “invented a tool that could end your ability to walk down the street anonymously, and provided it to hundreds of law enforcement agencies, ranging from local cops in Florida to the F.B.I. and the Department of Homeland Security.”

If your face has ever appeared anywhere online, it’s a sure bet to assume that you are not faceless to any of those systems. Clearview, Kashmir says, has “a database of more than three billion images” from “Facebook, YouTube, Venmo and millions of other websites ” and “goes far beyond anything ever constructed by the United States government or Silicon Valley giants.”

Among law enforcement communities, only New Jersey’s has started to back off on using Clearview.

And Clearview is just one company. Laws will also take years to catch up with developments in facial recognition, or to get ahead of them, if they ever can. And let’s face it: government interests are highly conflicted here. Intelligence and law enforcement agencies’ need to know all they can is at extreme odds with our need, as human beings, to assume we enjoy at least some freedom from being known by God-knows-what, everywhere we go.

Personal privacy is the heart of civilized life, and beats strongest in democratic societies. It’s not up for “debate” between companies and governments, or political factions. Loss of privacy is a problem that affects each of us, and requires action by each of us as well.

A generation ago, when the Internet was still new to us, four guys (I was one of them) nailed a document called The Cluetrain Manifesto to a door on the Web. It said,

We are not seats or eyeballs or end users or consumers. We are human beings and our reach exceeds your grasp. Deal with it.

Since then their grasp has exceeded our reach. And now they’ve gone too far, grabbing even our faces, everywhere we go.

Enough.

Now it’s time for our reach to exceed their grasp.

Now it’s time, finally, to make them  deal with it.

We need to do that as individuals, and as a society.

Here’s a three-part plan for that.

First, use image above, or one like it, as a your personal avatar, including your Facebook, Twitter or Whatever profile picture. Here’s one that’s favicon size:

 

Second, sign the Get Out Of My Face (#GOOMF) petition, here.  (With enough of us on it, this will work.)

Here at Customer Commons, we have some good ideas, but there are certainly others among the billions of us whose privacy is at stake.

We should discuss this, using the hashtag #faceless. Do that wherever you like.

Here’s a rule to guide both discussion and development:

No complaining. No blaming.

That stuff goes nowhere and wastes energy. Instead we need useful and constructive ideas toward what we can do—each of us, alone and together—to secure, protect and signal our privacy needs and intentions in the world, in ways others can recognize and respect.

We have those in the natural world. We don’t yet in the digital one. So let’s invent them.

 

 

0
Read More

How customers help companies comply with the GDPR

That’s what we’re starting this Thursday (26 April) at GDPR Hack Day at MIT.

The GDPR‘s “sunrise day” — when the EU can start laying fines on companies for violations of it — is May 25th. We want to be ready for that: with a cookie of our own baking that will get us past the “gauntlet walls” of consent requirements that are already appearing on the world’s commercial websites—especially the ad-supported ones.

The reason is this:

Which you can also see in a search for GDPR.

Most of the results in that search are about what companies can do (or actually what companies can do for companies, since most results are for companies doing SEO to sell their GDPR prep services).

We propose a simpler approach: do what the user wants. That’s why the EU created the GDPR in the first place. Only in our case, we can start solving in code what regulation alone can’t do:

  1. Un-complicate things (for example, relieving sites of the need to put up a wall of permissions, some of which are sure to obtain grudging “consent” to the same awful data harvesting practices that caused the GDPR in the firs place).
  2. Give people a good way to start signaling their intentions to websites—especially business-friendly ones
  3. Give advertisers a safe way to keep doing what they are doing, without unwelcome tracking
  4. Open countless new markets by giving individuals better ways of signaling what they want from business, starting with good manners (which went out the window when all the tracking and profiling started)

What we propose is a friendly way to turn off third party tracking at all the websites a browser encounters requests for permission to track, starting with a cookie that will tell the site, in effect, first party tracking for site purposes is okay, but third party tracking is not.

If all works according to plan, that cookie will persist from site to site, getting the browser past many gauntlet walls. It will also give all those sites and their techies a clear signal of intention from the user’s side. (All this is subject to revision and improvement as we hack this thing out.)

This photo of the whiteboard at our GDPR session at IIW on April 5th shows how wide ranging and open our thinking was at the time:

Photos from the session start here. Click on your keyboard’s right (>) arrow to move through them. Session notes are on the IIW wiki here.

Here is the whiteboard in outline form:

Possible Delivery Paths

Carrots

  • Verifiable credential to signal intent
  • Ads.txt replaced by a more secure system + faster page serving
  • For publishers:
    • Ad blocking decreases
    • Subscriptions increase
    • Sponsorship becomes more attractive
  • For advertisers
    • Branding—the real kind, where pubs are sponsored directly—can come back
    • Clearly stated permissions from “data subjects” for “data processors” and “data controllers” (those are GDPR labels)
    • Will permit direct ads (programmatic placement is okay; just not based on surveillance)
    • Puts direct intentcasting from data subject (users) on the table, replacing adtech’s spying and guesswork with actual customer-driven leads and perhaps eventually a shopping cart customers take from site to site
    • Liability reduction or elimination
    • Risk management
    • SSI (self-sovereign identity) / VC (verified credential) approach —> makes demonstration of compliance automateable (for publishers and ad creative)
    • Can produce a consent receipt that works for both sides
    • Complying with a visitor’s cookie is a lot easier than hiring expensive lawyers and consultants to write gauntlet walls that violate the spirit of the GDPR while obtaining grudging compliance from users with the letter of it

Sticks

  • The GDPR, with ePrivacy right behind it, and big fines that are sure to come down
  • A privacy manager or privacy dashboard on the user’s side, with real scale across multiple sites, is inevitable. This will help bring one into the world, and sites should be ready for it.
  • Since ample research (University of Pennsylvania, AnnenbergPageFair) has made clear that most users do not want to be tracked, browser makers will be siding eventually, inevitably, with those users by amplifying tracking protections. The work we’re doing here will help guide that work—for all browser makers and add-on developers

Participating organizations (some onboard, some partially through individuals)

Sources

Additions and corrections to all the above are welcome.

So is space somewhere in Cambridge or Boston to continue discussions and hackings on Friday, April 27th.

0
Read More

Hey publishers, let’s get past mistaking tracking protection for ad blocking

Here’s what the Washington Post tells me when I go to one of its pieces (such as this one):

Here’s the problem: the Post says I’m blocking ads when I’m just protecting myself from tracking.

In fact I welcome ads. By that I mean real ads. Not messages that look like real ads, but are direct marketing messages aimed by tracking. Let’s call them fake ads.

Here’s one way to spot them:

When you see one of those in the corner of an ad, it means the ad is “interest based,” which is a euphemism for based on tracking you.

If you click on that icon, you get an explanation of what the ad is doing there (though no specifics about the tracking itself, or where trackers sniffed your digital exhaust across the Web), plus a way to “choose” what kind of ads you see or don’t. Here’s how the AdChoices site puts it:

Here are just some of the many ways this is fulla shit:

  1. It’s not your AdChoices Icon. It’s the Digital Advertising Alliance‘s. They are not you. They are a cabal of “leading national advertising and marketing trade groups.” And they don’t work for you. Nor does their icon.
  2. The most “control” you take when you click on that icon is over a subset of advertising systems that might be different with every AdChoices icon you click. It might be Google‘s, Experian‘s, DataXu/Evidon‘s, Amazon‘s or any one of thousands of other ad placement systems, each with their own opt-out rosters, none of which you can track, audit, or make accountable to you in the least.
  3. What’s behind the AdChoices icon is what you find behind every fig leaf. And it has the hots for your data.
  4. Next to the wheat of real advertising (which we’ve had since forever, has never tracked you, and carries straightforward brand messages for populations rather than individuals), “relevant” advertising is pure chaff. I explain the difference in Separating Advertising’s Wheat and Chaff.
  5. The benefits of relevant advertising are mostly monetary ones going to intermediaries rather than to advertisers, publishers or human beings. As Bob Hoffman puts it to publishers, “adtech middlemen are scraping 60-70% of your media dollars (WFA and The Guardian).”
  6. After perhaps a $trillion has been spent on on “relevant” advertising, not one brand name (meaning one known by the world) has been created by it, nor has a known brand even been sustained. On the contrary, many brands have hurt themselves by annoying the shit out of people, creeping them out with unexpected or unwanted “relevance,” or both. So it’s no surprise that Procter & Gamble cut $100 million out of its digital advertising budget, and all they missed was the trouble it caused.

Aagain, I have no trouble with real advertising, meaning the wheat kind, which isn’t based on tracking me. In fact I like it because it tends to ad value the publications I read, and I know it sponsors those publications, rather than using those publications just for chasing readers’ eyeballs to wherever they might be found, meaning the publisher-sponsoring value of a “relevant” ad based on tracking is less than zero. I also know real ads aren’t vectors for fraud and malware.

That’s why I run tracking protection, in this case with Privacy Badger, which tells me the Washington Post has 49 potential trackers trained to sniff my digital ass. I don’t want them there. I am also sure the Post’s subscribers and editorial staff don’t want them there either.

So how do we fix that?

You can track movement toward the answer in these reports:

  1. Helping publishers and advertisers move past the ad blockade 
  2. How #adblocking matures from #noads to #safeads
  3. How NoStalking is a good deal for publishers
  4. What if businesses agreed to customers’ terms and conditions?
  5. How true advertising can save journalism from drowning in a sea of content
  6. What if businesses agreed to customers’ terms and conditions?
  7. How to plug the publishing revenue drain

Right now Customer Commons is working on NoStalking, which simply says this:

Obeying that request has three benefits:

  1. It puts both publishers and advertisers in compliance with the General Data Protection Regulation (GDPR), a European privacy law that forbids personal tracking without express personal permission, has global reach (it applies to European Citizens using U.S. services) and large fangs that will come out in May of next year. I explain more about that one here.
  2. Ads not based on tracking—real ads—are far more valuable to publishers than the fake “relevant” kind. First, they actually sponsor the publication. Second, they carry no cognitive overhead for either the publisher or the reader. Both know exactly what an ad is for and what it’s doing there. Third, they can be sold and published the old fashioned ways that publishers abandoned when they jobbed out income production to revenue-sucking intermediaries. It ain’t that hard to go back.
  3. Real ads are more valuable to advertisers because they carry clear economic and creative signals. Don Marti explains how at DCN.

So here’s a request to the Washington Post and to every other digial publisher out there: talk to us. Let’s fix this thing together. Sooner the better. Thanks.

0
Read More

New Rules for Privacy Regulations

The Wall Street Journal has an informative conversation with Lawrence Lessig: Technology Will Create New Models for Privacy Regulation. What underlies a change toward new models are two points: the servers holding vast user databases are increasingly (and very cheaply) breached, and the value of the information in those databases is being transferred to something more aligned to VRM: use of the data, on a need to know basis. Lessig notes:

The average cost per user of a data breach is now $240 … think of businesses looking at that cost and saying “What if I can find a way to not hold that data, but the value of that data?” When we do that, our concept of privacy will be different. Our concept so far is that we should give people control over copies of data. In the future, we will not worry about copies of data, but using data. The paradigm of required use will develop once we have really simple ways to hold data. If I were king, I would say it’s too early. Let’s muddle through the next few years. The costs are costly, but the current model of privacy will not make sense going forward.

The challenge, notes Lessig, is “a corrupt Congress” that is more interested in surveillance than markets and doing business. Perhaps that isn’t a problem, according to an Associated Press poll (which has no bias, of course!):

According to the new poll, 56 percent of Americans favor and 28 percent oppose the ability of the government to conduct surveillance on Internet communications without needing to get a warrant. That includes such surveillance on U.S. citizens. Majorities both of Republicans (67 percent) and Democrats (55 percent) favor government surveillance of Americans’ Internet activities to watch for suspicious activity that might be connected to terrorism. Independents are more divided, with 40 percent in favor and 35 percent opposed. Only a third of Americans under 30, but nearly two-thirds 30 and older, support warrantless surveillance.

Right. After all, who needs business?

0
Read More

Volvo’s In-Car Delivery Service

In Volvo launches in-car package delivery service in Gothenburg, Volvo’s new service “lets you have your Christmas shopping delivered directly to your car.” Intriguing idea that saves on parking hassles like those people who are waiting/idling around the favored spots.

With just days to go before Black Friday and Cyber Monday – the busiest online shopping days of the Christmas season – Sweden’s Volvo Cars has unveiled a brand new way to take some of the hassle out Christmas shopping.

The premium car maker has launched the world’s first commercially available in-car delivery service by teaming up with PostNord, the Nordic region’s leading communication and logistics supplier, Lekmer.com, the leading Nordic online toy and baby goods store, and Mat.se, a Swedish online grocery retailer, to have Christmas toys, gifts, food and drinks delivered to its cars. …

The Volvo In-car Delivery works by means of a digital key, which is used to gain one-time access to your vehicle. Owners simply order the goods online, receive a notification that the goods have been delivered and then just drive home with them.

Alas, not available everywhere. Yet.

0
Read More

AT&T’s paint job on confusing pricing

attstoreIn AT&T Ridding Some Retail Stores of Cash Register, Counters and Other Clutter, John McDermott of AdAge explains how the company is making its stores “warmer” to improve the “shopping experience” there. Which is all fine, as far as it goes.

Where it doesn’t go is toward fixing AT&T’s pricing. I explain that in a comment under the piece, which I’ll format in a “warmer” way here:

Nice as these showrooms may be, they are still just a paint job on the complicated shell game called “plans.” Right now AT&T is pushing “mobile share” plans, which are confusing in the extreme, and pointless if you’re single. Then you’re here with individual plans, or here if you’re new and solo.

Look closely at the small print. You can pay $30/mo for 3Gb of data or $50 for 5Gb. The overage charge for both is $10 per Gb. So you’re a sucker if you go with the 5Gb plan, and you use only 3 or 4 Gb. I mean, buy the 3Gb and you’ll also pay 50 if you use 5Gb. Confused? Sure. That’s the idea. AT&T, like Verizon and most other mobile carriers, is a confusopolist. See Dilbert for the definition.

AT&T runs these shell games to confuse the customer. Here’s how your mileage may vary::: If you have an iPhone, go to Settings/General/Usage/Cellular usage. See how much Cellular Network Data you’ve used since the Last Reset. Even if you’re a heavy data user, I’m betting it’s way less than 3Gb/mo, which would mean you’re overpaying. But if you want to save by paying for a lower level, there’s only one: $14.99 for 250Mb, or 1/4 of a Gb. The overage charge at that level is $14.99 per 250 MB. That means you pay 4¢ less than $60 per Gb.

Now, how many of us actually look at what we use? And what is the first cost of a bit in any case? (Operations have costs; bits cost ~$0.)

Back when I consulted BT in the UK, an executive there told me the core competence of phone companies was not telephony or communications, but billing. Or, you might say, bilking. Fortunately for the marketplace, Sprint has ceased being a confusopolist and offers unlimited data. If AT&T is truly serious about being good to customers, it should do the same.

Reasonable customers don’t just want a “better shopping experience.” They want a best possible service experience, especially from companies that bill them every month. They also don’t begrudge any business from making money. In fact there are plenty of studies — as well as ample experience in the world — suggesting that people will gladly pay more for better service and human-to-human engagement. For example: Apple stores.

Here’s hoping that AT&T’s new changes are deeper than the paint job they appear to be so far.

Bonus linkage from The Wall Street Journal.

0
Read More

For personal data, use value beats sale value

There’s an argument that goes like this:

  1. Companies are making money with personal data, and
  2. They are getting this data for free. Therefore,
  3. People should be able to make money with that data too.

This is not helpful framing, if we want to get full value out of our personal data. Or even to understand what the hell personal data is.

Stop and think about this for a second:

That data has far more use value than sale value. This use value is almost entirely untapped. Thinking about its sale value requires that you think the same way big companies do. This is as big a mistake in 2013 as it was —

  • in 1980 to think about personal computing in terms of what big enterprises did with mainframes; and
  • in 1993 to think about personal networking in terms of services provided by phone and cable companies.

In 1982 the IBM PC came along, and MS-DOS. And then the Macintosh in 1984. By 1985  there were tens of thousands of personal apps running on personal computers, doing far more than any company could do with its own computers, no matter how big those computers were. This turned out to be good for everybody, including the big companies with the big computers.

Likewise, in 1995 the Internet came along in a big way (ISPs, email, browsing, dial-up, e-commerce), and within months it was clear than anybody could network together with anybody else in the world at a cost that rounded to zero, and with a degree of freedom that was unimaginable within the systems controlled by phone and cable companies.  (Eighteen years later, the phone and cable companies, with help from the copyright maximalists in Hollywood, are still trying to corral the Net’s horse back into the old barn.)

What companies are doing with your personal data today is all happening inside a B2B — Business-to-Business — context. That context is as limited as mainframe thinking in 1980 and telco/cableco thinking in 1993.

The other day in London we were talking with Nic Brisbourne about the massive quantity of opportunity and ready-to-spend money on the demand side of the marketplace — and the ironic absence (outside the still-small VRM world) of interest by developers in equipping demand to engage and drive supply. The market seem stuck inside the same old supply-driving-demand mentality. That’s what you hear coming from the mainframe-think world of Big Data mongering and analytics today.

Mind these words: Big Data talk today is as clueless about what people can do for themselves as mainframe talk was in 1980 and networking talk was in 1993. It’s big business-as-usual, in its big B2B bubble, talking itself into ever-ripening stages of vulnerability to massive disruption by the C’s of the world.

Speaking of which, we also met in Europe with Qiy, MesInfos, MidataIntently, Mydex, Privowny and other VRM efforts (who will be insulted that I haven’t yet listed them here, but we can correct that). All of them are laying the groundwork required for unlocking the full use value of personal data — and not just its sale value, which is tiny at best anyway. Bravo for them, and for us as the beneficiaries of their good work.

2
Read More

The Internet of me and my things

Let’s say this key ring is yours and you’ve lost it.

If somebody scans the QR code with their smartphone, they will see a message from you. The message can say whatever you want (such as, “Help! I’ve misplaced these, please call or text me at this number”), and you can update it any time, because the information is in your personal cloud.

You can host your personal cloud yourself, or you can have it hosted elsewhere, such as at SquareTag, the brand name on the tag you see here. SquareTag is a service of Kynetx, the company behind the personal cloud concept. (Disclosure: I’m an advisor to Kynetx.) But you can use anybody’s. SquareTag is not a silo, and Kynetx is not out to trap anybody. Quite the opposite, in fact. Kynetx is out to give you tools to connect to your world of people and things.

Phil Windley is the co-founder of Kynetx and father of the personal cloud concept. In Personal clouds as general purpose computers, Phil says personal clouds are “the successor to the personal computer,” adding, “In the personal-cloud-as-personal-computer model, owners of a cloud control it in the same way they control their computer. They decide what apps to install, what services to engage, and how and where the data is stored.”

Most of the clouds we hear about today are the big centralized kind managed by companies such as Apple, Google and Amazon. Some of these industrial clouds are pure utilities, doing storage and compute work. That’s the case with, say,  Amazon and Rackspace. Nothing wrong with these, just as there is nothing wrong with electrical systems or storage facilities. Other clouds, however, are out to control you and your life — for both your good and theirs. Apple’s iCloud is one example. You can get it only from Apple, and it is not substitutable (as would be, say, a storage facility). In spite of the fact that Apple makes PCs and other personal devices, the company and its iCloud come from an old-school mainframe assumption: that one central server (or service) should contain and control what is done by many different clients. The technical term for this architecture is client-server. The vernacular term is calf-cow. You’re the calf. Apple is the cow. In the calf-cow system, you are always dependent, never fully independent.

With personal clouds you are independent. Your personal cloud is yours alone, to keep track of any thing, person or event in your life — and to manage your interactions with them. Such as, IF my keys are scanned, THEN display this message.

In an interview five years ago with Phil WindleyCraig Burton called every person an “enterprise of one.” In the past several years Phil and other developers (especially his colleagues at Kynetx) have been working on ways not only to make every person into that “enterprise of one” with connections to keep track of and control every thing of theirs as well. They are doing this through a general purpose platform called a personal cloud. You should have one, and so should the things you care about.

The design of the Internet in the first place is one of a boundless variety of end-points, with no central control of what those ends can do. Each is simply an address. Any end can connect with any other end. We have a similar system in the world called conversation. Anybody can talk with anybody else, or shake hands. They can also engage in business, and form relationships that last for moments or years. With personal clouds, things as well as people are brought into the Internet’s conversational and relational end-to-end system.

Take for example your car. Let’s say you put a SquareTag on the dashboard, next to the vehicle ID number. You can set up your car’s personal cloud so that all somebody scanning it sees is that it’s your car (or whatever you choose for it to say). But you can also scan the tag every time you have the car serviced, be taken to the car’s personal cloud, and enter whatever you like about the service event, or click on a private link that takes you (alone) back through your notes on the car’s service history. You can also set it up so the service station or dealer can connect their service records to yours, so when you look in your car’s personal cloud, you can also see those other service records. All you need for doing that are logical connections between the car’s tag cloud and the clouds of the other places where data is kept. With a squaretag, it isn’t necessary for any of your things to be “smart.” Instead the smarts are located in those things’ personal clouds.

There is no limit to what we can do with personal clouds because all of them are by nature independent, just as atoms are independent. And, just as certain kinds of atoms bond well with other kinds of atoms to form molecules, certain kinds of personal clouds (such as those of things we possess) will bond well with other kinds of personal clouds (such as human beings with possessions).

Likewise each of our personal clouds can, by mutual agreement, be social in the true and literal sense of the word — just as we are in the physical world. We won’t need to be social only inside corporate systems like Twitter’s and Facebook’s. There will still be administrative identities in the world (such as the ones on our drivers licenses and in employers’ HR systems), but among our sovereign selves we can choose to identify ourselves any way we wish. (Which others can, of course, accept or not.)

While personal clouds today are programmed with an open source language (KRL, for Kinetic Rules Language), and executed on an open source rules engine, what makes them interoperable are a new open standard: the evented API. Open standards are what allow closed (or open) things to connect and do things with each other. For example, it doesn’t matter whether you are reading this on a Linux, Mac, Windows, iOS or Android device. Open standards make it possible for all those things to communicate with each other.

We are at the earliest stage of where personal clouds will eventually go. What we can say with confidence, however, is that they will some day be the way each of us controls our lives, our personal data, our possessions, and our relationships with each other and our things.

We are born as sovereign beings, yet live in a networked world. The Internet as it was designed in the first place respected that. For most of the last two decades, however, we forgot that and built industrial-age systems that subordinated individual sovereignty and autonomy to the conveniences of large companies and governments. We built systems for capturing and controlling people and their things. There was lots of good stuff that could be done with these systems, but they were done at the expense of liberty and freedom for individuals and their possessions. Personal clouds not only promise that liberty and freedom, but provide the means for accomplishing it.

What we do with personal clouds is up to each of us — and to the countless new businesses that will show up to help out. When they do, you can bet a whole new boom of possibilities will show up too. The difference with this boom, however, is that each of us will be in charge of ourselves and what’s ours. That’s new. And it will never get old.

 

2
Read More

Discounts are free if your time has no value

“Love it or hate it, Black Friday is all about the deals,” AdAge says, in Target, Amazon, Poised to Win Black Friday. That love/hate conflict speaks to the mixed blessings (and curses) of tying a store’s — or a whole market’s — success to “deals” alone. The bargains, for both retailers and customers, can be Faustian.

Exhibit A: Kmart.

Back around the turn of the millennium, I attended a retail conference where two of the speakers were myself and Lee Scott, then the CEO of Walmart. We represented the bookends of demand and supply: as a co-author of The Cluetrain Manifesto, I represented the customer. As CEO of the world’s largest retailer, Lee represented his whole industry.

The location was Lucerne, and the lunch was boxed. It was a nice day, so my wife and I took our boxes outside and sat at a small table near the lake. Lee came over and asked if he could join us. I said sure, and then used this rare opportunity to pump the dude with questions. My first was “What happened to Kmart?” — which was then closing stores and heading toward bankruptcy.

His answer: “Coupons.” Some large percentage of Kmart’s overhead, he said, was devoted to publishing what amounted to its own currency, and then dealing with numerous effects, which only began with the time wasted by handling that currency at check-out. In addition to inconveniencing everybody involved, couponing also had the effect of “downscaling” the demographics of the customer base to a caste then known to the trade as “coupon-clippers.” (This population has now become so large — and expert — that the reality TV show Extreme Couponing persists into its third season.)

Walmart, Lee explained, minimized its dealings with coupons — and even advertising, which was limited (by decree of the late Sam Walton) to some small percentage of the company’s overhead. Instead they let the company’s tagline, “Everyday low prices,” do most of the work. (That tagline was also Sam’s.)

When I asked Lee if there were any large retailers he thought did an especially good job, he singled out Costco, which also succeeded through simplification. (Yes, they do publish and take coupons, but it’s a side thing, rather than the main thing. As a Costco customer you don’t need coupons to obtain the sense that you’re paying a low price for the goods they sell.)

Retailing has long had its time-sucking frictions. When I was growing up, in the 1950s and ’60s, the big one was stamps. The main driver of the trend was S&H Green Stamps, which had many competing imitators. The original idea was for retailers to differentiate from other retailers by offering sheets of stamps with every purchase, which customers could paste into a booklet, which they would later trade in for an outdoor grill, a door mat, or some other item from a catalog. It’s been said that S&H at its peak issued more stamps than the U.S. Post Office, and that the largest press run in human history was the 1966 Green Stamps catalog. Eventually, however, nearly every store offered the stamps, differentiation ended, and whole fad collapsed.

Today we have a similar fad with loyalty cards. Never mind that most retailers (or so it seems) now have them, but that they have costs to both retailers and customers. Here are just a few:

  • Maintaining two or more prices for items throughout the store
  • Forcing both personnel and customers to attend constantly to the differences in prices on “discounted” items
  • Partially or completely obscuring what the “real” price might be. Is the non-discounted price a surcharge for non-card-carrying customers? Probably, if the “regular” price for a dozen eggs is $3.99, and the “discount” price is $1.99 — when, say, Trader Joe’s (which has a single non-discount price for everything) wants $1.99 for the same eggs.
  • Maintaining “big data” systems for tracking customers and “personalizing” offers for them.
  • Obscuring the real value of goods gets even more than it already might be.
  • Coercing loyalty rather than earning it, causing emotional dissonance that can damage a company’s brand value.

All those practices, and many more, are both normative and highly rationalized within retailing today. Yet the notable exceptions, such as Trader Joe’s, reveal how much time, money and effort by both sellers and buyers in systems that are essentially coercive.

What would happen if we began to respect time as our most essential value? Would we have discounting at all? Not sure, which is why we need to talk about it. There are real costs to discounting. If our time has any value at all, then discounting is not free. And the hidden costs may be far higher than the obvious ones.

0
Read More

Lorem ipsum

Recent Posts