Doc Searls

Just in case you feel safe with Twitter

twitter bird with crosshairs

Just got a press release by email from David Rosen (@firstpersonpol) of the Public Citizen press office. The headline says “Historic Grindr Fine Shows Need for FTC Enforcement Action.” The same release is also a post in the news section of the Public Citizen website. This is it:

WASHINGTON, D.C. – The Norwegian Data Protection Agency today fined Grindr $11.7 million following a Jan. 2020 report that the dating app systematically violates users’ privacy. Public Citizen asked the Federal Trade Commission (FTC) and state attorneys general to investigate Grindr and other popular dating apps, but the agency has yet to take action. Burcu Kilic, digital rights program director for Public Citizen, released the following statement:

“Fining Grindr for systematic privacy violations is a historic decision under Europe’s GDPR (General Data Protection Regulation), and a strong signal to the AdTech ecosystem that business-as-usual is over. The question now is when the FTC will take similar action and bring U.S. regulatory enforcement in line with those in the rest of the world.

“Every day, millions of Americans share their most intimate personal details on apps like Grindr, upload personal photos, and reveal their sexual and religious identities. But these apps and online services spy on people, collect vast amounts of personal data and share it with third parties without people’s knowledge. We need to regulate them now, before it’s too late.”

The first link goes to Grindr is fined $11.7 million under European privacy law, by Natasha Singer (@NatashaNYT) and Aaron Krolik. (This @AaronKrolik? If so, hi. If not, sorry. This is a blog. I can edit it.) The second link goes to a Public Citizen post titled Popular Dating, Health Apps Violate Privacy

In the emailed press release, the text is the same, but the links are not. The first is this:

https://default.salsalabs.org/T72ca980d-0c9b-45da-88fb-d8c1cf8716ac/25218e76-a235-4500-bc2b-d0f337c722d4

The second is this:

https://default.salsalabs.org/Tc66c3800-58c1-4083-bdd1-8e730c1c4221/25218e76-a235-4500-bc2b-d0f337c722d4

Why are they not simple and direct URLs? And who is salsalabs.org?

You won’t find anything at that link, or by running a whois on it. But I do see there is a salsalabs.com, which has  “SmartEngagement Technology” that “combines CRM and nonprofit engagement software with embedded best practices, machine learning, and world-class education and support.” since Public Citizen is a nonprofit, I suppose it’s getting some “smart engagement” of some kind with these links. PrivacyBadger tells me Salsalabs.com has 14 potential trackers, including static.ads.twitter.com.

My point here is that we, as clickers on those links, have at best a suspicion about what’s going on: perhaps that the link is being used to tell Public Citizen that we’ve clicked on the link… and likely also to help target us with messages of some sort. But we really don’t know.

And, speaking of not knowing, Natasha and Aaron’s New York Times story begins with this:

The Norwegian Data Protection Authority said on Monday that it would fine Grindr, the world’s most popular gay dating app, 100 million Norwegian kroner, or about $11.7 million, for illegally disclosing private details about its users to advertising companies.

The agency said the app had transmitted users’ precise locations, user-tracking codes and the app’s name to at least five advertising companies, essentially tagging individuals as L.G.B.T.Q. without obtaining their explicit consent, in violation of European data protection law. Grindr shared users’ private details with, among other companies, MoPub, Twitter’s mobile advertising platform, which may in turn share data with more than 100 partners, according to the agency’s ruling.

Before this, I had never heard of MoPub. In fact, I had always assumed that Twitter’s privacy policy either limited or forbid the company from leaking out personal information to advertisers or other entities. Here’s how its Private Information Policy Overview begins:

You may not publish or post other people’s private information without their express authorization and permission. We also prohibit threatening to expose private information or incentivizing others to do so.

Sharing someone’s private information online without their permission, sometimes called doxxing, is a breach of their privacy and of the Twitter Rules. Sharing private information can pose serious safety and security risks for those affected and can lead to physical, emotional, and financial hardship.

On the MoPub site, however, it says this:

MoPub, a Twitter company, provides monetization solutions for mobile app publishers and developers around the globe.

Our flexible network mediation solution, leading mobile programmatic exchange, and years of expertise in mobile app advertising mean publishers trust us to help them maximize their ad revenue and control their user experience.

The Norwegian DPA apparently finds a conflict between the former and the latter—or at least in the way the latter was used by Grinder (since they didn’t fine Twitter).

To be fair, Grindr and Twitter may not agree with the Norwegian DPA. Regardless of their opinion, however, by this point in history we should have no faith that any company will protect our privacy online. Violating personal privacy is just too easy to do, to rationalize, and to make money at.

To start truly facing this problem, we need start with a simple fact: If your privacy is in the hands of others alone, you don’t have any. Getting promises from others not to stare at your naked self isn’t the same as clothing. Getting promises not to walk into your house or look in your windows is not the same as having locks and curtains.

In the absence of personal clothing and shelter online, or working ways to signal intentions about one’s privacy, the hands of others alone is all we’ve got. And it doesn’t work. Nor do privacy laws, especially when enforcement is still so rare and scattered.

Really, to potential violators like Grindr and Twitter/MoPub, enforcement actions like this one by the Norwegian DPA are at most a little discouraging. The effect on our experience of exposure is still nil. We are exposed everywhere, all the time, and we know it. At best we just hope nothing bad happens.

The only way to fix this problem is with the digital equivalent of clothing, locks, curtains, ways to signal what’s okay and what’s not—and to get firm agreements from others about how our privacy will be respected.

At Customer Commons, we’re starting with signaling, specifically with first party terms that you and I can proffer and sites and services can accept.

The first is called P2B1, aka #NoStalking. It says “Just give me ads not based on tracking me.” It’s a term any browser (or other tool) can proffer and any site or service can accept—and any privacy-respecting website or service should welcome.

Making this kind of agreement work is also being addressed by IEEE7012, a working group on machine-readable personal privacy terms.

Now we’re looking for sites and services willing to accept those terms. How about it, Twitter, New York Times, Grindr and Public Citizen? Or anybody.

DM us at @CustomerCommons and we’ll get going on it.

 

0
Read More

Solving Subscriptions


Count the number of companies you pay regularly for anything. Add up what you pay for all of them. Then think about the time you spend trying and failing to “manage” any of it—especially when most or all of the management tools are separately held by every outfit’s subscription system, all for their convenience rather than yours. And worse: rigged with gimmicks (e.g. free trials) that depend on you forgetting what the subscription actually costs over time. And then think about how in most cases you also need to swim upstream against a tide of promotional BS and manipulation, much of which is rigged to fuzz you into weary agreement to a “deal” you wouldn’t want if you could get your head around the whole thing.

There is an industry on the corporate side of this, and won’t fix itself. That would be like asking AOL, Compuserve and Prodigy to fix the online service business in 1994. (For those not familiar with the reference, those companies were incompatible competing commercial forerunners of the Internet, which obsolesced all of them. The relevance here is that the Internet is the platform under all other platforms, and the only level playing field under every marketplace.)

There are plenty of services that claim to work on our side: Truebill, Trim, Bobby, Money Dashboard, Mint, Subscript Me, BillTracker Pro, Trim, Subby, Card Due, Sift, SubMan, and Subscript Me are a few. The big e-commerce platforms—Paypal, Amazon, Apple —all have tools at those links. Google does too, in a way, with Google Sheets and Google Doc templates. But of these are too narrow, too closed, too dependent on your personal financial data, too exposed to the surveillance imperatives of corporate giants, too vested in the status quo, or some combination of any or all of those. None are as personal and independent as your spreadsheet, your word processor, your email client. There are basic and common designs to all of those, and standards as well, that make it possible for them to be personal, private, and substitutable

So instead we have a status quo that sucks (see here, or just look up subscription hell), and it’s way past time to unscrew it. But how?

The better question is where?

The answer to that is on our side: the customer’s side. In fact, subscriptions are just one of many market problems that can only be solved from the customers’ side. The main reason they can’t be solved from the companies’ side because they’ll all do it differently. Also, most of them will want to hold you captive, just like Compuserve, AOL and Prodigy did with online services before the Internet solved the problem that was them.

Another is the monopoly bundling problem. We have that today with what we still call “TV” but is now a competing set of bundled subscriptions. The transition to the new status quo began when droves of people started “cutting the cord” to their monopoly cable or satellite utility’s bundle of channels and buying the same and better programming (and bundles) from “over the top” (OTT) subscription services provided over the Net rather than inside cable channels. Netflix was the biggest early OTT subscription provider, but now every source of flat-screen entertainment “content” (no longer just “programming”) is its own separate monopoly of captive content. Apple, Amazon, Disney, HBO, Paramount, Showtime, Netflix, Hulu, and NBC’s Peacock, are just the tip of the bundle berg. Blurring the lines between many of these are monopolies within monopolies, such as you get (perhaps with a bundle, perhaps not) with Disney’s ABC, ESPN, TNT and so on. (Its properties are legion.) Parts of those may or may not be available to you over the Net only if you already subscribe to a cable bundle. That’s what you get, for example with MSGGo, and NESN, which you access to some major New York and New England sports games and related entertainment—provided you can authenticate to their OTT streams over the Net by proving you still have a cable subscription that includes their channel or channels. While you can look across and manage access to some or all of them through Apple TV, Roku and Amazon Fire, you lack your own way to watch and pay for any of these on a direct and á la carte basis.

I’m not saying here that there is anything wrong with subscriptions. I am saying the online world would be a lot more free and productive economically if optionality was maximized with tools and services working on behalf of customers operating in markets where “free” doesn’t mean “your choice of captors.”

We should be able to buy content for sale on both á la carte and subscription bases using our own standards-based tools and third-party services that work for us at scale across all providers. For subscriptions that means being able to make, cancel and keep track of subscriptions in our own normalized ways. I have no doubt that this will produce a much larger overall economy while greatly reducing friction for everyone.

Now to how.

The short answer is with open standards, code, and protocols. The longer answer is to start with a punch list of requirements, based on what we, as customers, need most. So, we should—

  • Be able to see all our subscriptions, what they cost, and when they start and end
  • Be able to cancel or renew, manually or automatically, in the simplest possible ways
  • Get the best possible prices
  • Have clear and standardized ways of seeing á la carte options and in some cases offering our own ways (and prices) to pay for them
  • Be able to keep records of subscriptions and histories
  • Show our actual (rather than coerced) loyalty
  • Be able to provide constructive help, as loyal and experienced customers
  • Join in collectives—commons—of other customers to start normalizing the way subscriptions should be offered on the corporate side and managed on the personal side
  • Be able to hire substitutable intermediaries, or brokers (a service that TrueBill and Trim provide) without buying into their exclusive system

Meanwhile, it’s important to also consider where customers stand in the tug-of-war between subscription and á la carte options in both pricing and payment. Because á la carte is what customers would prefer in cases where use is occasional rather than constant.

Years ago at ProjectVRM we came up with an idea for this called EmanciPay. Dave Winer imagines that as a business he calls An EZ-Pass for news:

Not micropayments. Tolls instead of paywalls. 
If I don’t have an E-Z Pass, no access. If I do, it’s seamless.
Suppose one month I spend $84 to read stories on The Atlantic. They can make me an offer to subscribe. Look dude, you’re wasting money. Let us help you.
That’s a lot nicer than — hey asshole you can’t read this article unless you subscribe.

That third point is especially important: that you may make more money from simplified á la carte payments (based on actual use) than from subscriptions, especially if your goods are valuable but not of a kind that a customer would prefer to deal with as a subscription.

So there are really two goals here. One is to fix how subscriptions work for everybody. The other is to make it as easy as possible to pay for á la carte usage or consumption.


The modified image above is a Doctor Who TARDIS console, photographed by Chris Sampson, offered under a Creative Commons Attribution-NonCommercial-ShareAlike 2.0 Generic (CC BY-NC-SA 2.0) license, published here, and obtained via Wikimedia Commons, here. We thank Chris for making it available.

0
Read More

We need a Theia

Some prophesies come true.

For example, Shoshana Zuboff’s third law: In the absence of countervailing restrictions and sanctions, every digital application that can be used for surveillance and control will be used for surveillance and control, irrespective of its originating intention.

She forecast that in 1989, with In the Age of the Smart Machine. Then she reported on its effects in 2018, with The Age of Surveillance Capitalism.

The business model of surveillance capitalism is tracking-based advertising, which the trade calls adtech. It works by spying on individuals using social media, and by placing tracking beacons in people’s browsers and apps. In social media, the idea is to drive up “engagement.” In browsers and apps, the idea is to use surveilled personal information to aim ads.

As a direct result of adtech, bulwarks of civilization, such as democracy and journalism, are being weakened or destroyed by algorithmically-driven tribalization and and other engaging but icky human tendencies. Also, by funding the spread of false (but engaging!) information during a pandemic, adtech has contributed to the deaths of countless people.

All just so we can be advertised at. Personally.

Facebook and Google are easy and correct to blame, but in fact the whole adtech fecosystem is a four-dimensional shell game with thousands of players. It’s also so thick with complex data markets and data movements that there is also no limit to the number and variety of vectors for fraud, malware and spying by spooks, criminals, political operatives and other bad actors. It’s a dark world where anyone can create or steal mindshare, hack beliefs and opinions, sow doubt, spread hate, turn friends and families against each other, drive otherwise calm people into mobs and violence—all while journalism and democracy fail to restrict or sanction the cause. Take away adtech and most of that shit doesn’t happen.

So, what to do?

Allowing people to opt out of tracking on a site-by-site, service-by-service and app-by-app basis—the “system” we have now—only makes things worse.

Opt-in might seem like a better approach, except it can’t work: not when it looks and works differently for every person for every site, service and app—and when we each still have to agree, in every case, to unfriendly 10,000-word terms and privacy policies obviously designed to screw us and protect them.

And yes, it might be nice to try out a system by which a person might request tracking. But that will only work if sites, services and apps agree to that person’s own terms and privacy policies, and both sides have their own system for keeping records of agreements and means for auditing compliance. But why start there when in the meanwhile civilization is being trashed by adtech?

Defenders of adtech say it funds the “free Web,” free search and other graces of life on the Internet. But that’s like saying billboards give us gravity and shopping malls give us sunlight. Also, most of the money Google makes is from search advertising, nearly all of which is driven by context (the search terms themselves) rather than by surveillance-based assumptions about the person doing the search. If you search for mattress sellers in your town, your search terms are far more useful than whatever else it is that Google’s robots might know about you by having followed your ass all over the place.

Fact is, every business on the Internet can live just fine without adtech. Including every publisher out there.

It’s still early, folks. If digital technology is going to be with us for unforeseeable decades, centuries or millennia, that means our Digital Age is roughly about as far along as Earth was when it got clobbered by another planet, now called Theia, about 4.5 billion years ago.

Humans weren’t here to watch, but it now seems likely (at least to science) that we owe to Theia our water, our days and nights, our seasons, and our Moon. Have we none of those yet on Digital Earth? I suspect the answer is yes.

Perspective: 4.5 billion years may seem like a long time, especially when you consider that it’s more than a third the age of the Universe, which came into existence about 13.8 billion years ago; but neither span seems very long when you also consider that the Universe will last another trillion years or more. Meaning the Universe is just a startup.

So: what’s our Theia?

To answer that, it will help to look at what has failed so far.

Let’s start with Do Not Track. Conceived in 2007 by Sid Stamm, Chris Saghoian and Dan Kaminsky, Do Not Track was a polite request not to be tracked away from a visited website. Here in the physical world, we send a similar request when we wear clothing to conceal the private parts of our bodies, when we draw curtains across the windows in our homes, or when we walk out of a building in faith that nobody will follow us.

But, in the absence of manners and norms for respecting privacy in the dawning years of the Internet, it was easy for the Interactive Advertising Bureau (IAB), adtech’s trade association, to rally the whole online advertising business, including its dependents in online publishing, into ignoring Do Not Track. Even the major browser makers were cowed into compliance, in effect working for sites and services rather than for you and me. (At the W3C, the Web’s standards body, Do Not Track was ironically but predictably re-branded Tracking Preference Expression.)

After that happened in 2013, people took matters into their own hands, turning ad blocking into the biggest boycott in human history by 2015.

But even that wasn’t enough, because the adtech industry fought ad blockers too—and still do. (They also never got the signal that people who block ads might be worth more as customers than those who don’t.)

Then came the GDPR in Europe and the CCPA in California, which arrived in 2018 and 2020, respectively. Alas, both have thus far proven better at adding friction to the browsing experience (with those annoying opt-out roadblocks on the front pages of most websites, and which all of us know damn well are almost all about screwing us) than at stopping tracking itself.

To see how bad tracking still is, in massive spite of the GDPR and the CCPA, check out Blacklight (by The Markup) and PageXray (by Fou Analytics).  Surveillance Capitalism remains the norm.

Finally, there are the privacy browsers: Brave, Epic and Tor. While these each provide privacy protection (as do, in different ways, Safari, Firefox and tweaks of Chrome), none are a Theia. Not yet, anyway. Because adtech is still here.

What will make our digital world economy inhabitable by real human customers, and not mere “users,” “data subjects,” “consumers” other labels given them by marketing, the tech industry and regulators who can’t imagine a customer operating at full agency? How will we get an Intention Economy that grows around that agency, much as life grew around a planet that has days, nights, seasons and water, rather than rock, dirt and clouds?

Whatever form our Theia takes, it needs to support solutions to market problems that only customers can provide.  Is it one or more of the solutions listed at that link? Or is it something completely new?

One thing is clear, however—at least to me. It has to blow up adtech.


Image Credit: NASA/JPL-Caltech

 

0
Read More

What only customers can do

Businesses love to say “the customer comes first,” “the customer is in charge” and that they need to “let the customer lead.”

But the customer can’t come first, can’t be in charge, and can’t lead, without tools of her own: tools that give  her ways to interact in common ways across all the companies she deals with. Ways that give her leverage:

She already has some of those tools. The Internet. The Web. EMail. The phone system. Credit cards. Cars. All of those give a person scale, in roughly the same way that using a common language or a common currency gives a person scale.

For an example of absent scale at work, look at what a customer needs to do when she changes, say, her email address, preferred credit card or last name. She has to go from one website to another, over and over again, logging into all of them separately, like a bee buzzing from one flower to another across a whole garden—only taking a lot more time and wasting a lot more energy.

The reason we have that situation is that companies are still leveraging industrial age norms, in which every company works to “own” the customer, and her experience, separately and exclusively. This is why, even though we’ve been living in a networked world for a quarter century, and we all carry highly advanced digital devices in our pocket and purses, we remain stuck in a world where every company we deal with has its own unique and different ways of dealing with us, and of providing us with ways for relating to them.

The plethorization of separate and unique “customer experiences” (“CX” to the industry) is only compounded with each new company we deal with—and worse, with each new law imposing obligations on companies that will implement compliance differently. We see this today with all the separate ways we “consent” to being tracked by companies doing their separate best to comply with the GDPR and the CCPA as well. Those laws embody the assumption that we still live in an industrial world where all agency over personal privacy resides on the corporate side, rather than on the personal one.

This is why better CRM, CX and GDPR/CCPA compliance approaches actually make the problem worse. Since all are different and exclusive, each one adds unique forms of cognitive and operational overhead on both the corporate and the personal side of every “relationship” that really isn’t.

It’s as if every company required a different language, a different handshake, and a different keyboard layout.

To really come first, to really be in charge, to really lead, the customer needs powers of her own that extend across all the companies she deals with. That’s scale.

Just as companies need to scale their relationships across many customers, customers need to scale their relationships across many companies.

The customer can only get scale through tools for both independence and engagement. She already has those with her car, her purse, her phone, her personal computer, her email, her browsers, her computer, her credit, her cash. (See The Cash Model of Customer Experience.) Every company she deals with respects the independence she gets from those tools, and every company has the same base-level ways of interacting with them. Those tools are also substitutable. The customer can swap them for others like it and maintain her autonomy, independence and ability to engage.

For the last ten years years many dozens of developers around ProjectVRM have been working on tools and services that give customers scale. You’ll find a partial list of them here.

Here is what we have been looking for, from any and all of them together—

  • Ways to manage gradual, selective and trust-based disclosure of personal identifiers, starting from a state that is anonymous (literally, nameless).
  • Ways to manage our many administrative identities (the ones by which companies and other organizations know each of us), as well as our sovereign source identities (how each of us know ourselves).
  • Ways to express terms and policies with which companies can agree (preferably automatically).
  • Ways to change personal data records (e.g. name, address, phone number) for every company we deal with, in one move.
  • Ways to share personal data (e.g. purchase or service intentions) selectively and in a mutually trusting way, with every company we deal with.
  • Ways to exercise full control over our sovereign data spaces (e.g. PIMS) for every thing each ofus owns, and within which reside our relationships with companies that support those things.
  • Ways to engage with existing CRM, call center and other relationship systems on the vendors’ side.

We have most or all of the technologies, standards, protocols, specifications and APIs we need already. What we need now is thinking and development that goes meta: one level up, to where the customer actually lives, working to manage all these different relationships with all these different cards, apps, websites, logins, passwords and the rest of it.

Apps for doing those things should be as substitutable as a car, a wallet, a purse, a phone, an email client. In other words, we should have a choice of apps, and not be stuck again inside the exclusive offerings of any single company.

Only with scale can free customers prove more valuable than captive ones. And only with mastery will customers get scale. We can’t get there with a zillion different little apps, most of which are not ours. We need go-to apps of our own.

One of our jobs at Customer Commons is to stand with the customer as she watches those tools and services being built, and weighs in with input and intelligence of her own. If you want to help us do that, follow @CustomerCommons and DM us there after we follow you back. Thanks.

0
Read More

The business problems only customers can solve

Customer Commons was created because there are many business and market problems that can only be solved from the customers’ side, under the customer’s control, and at scale, with #customertech.

In the absence of solutions that customers control, both customers and businesses are forced to use business-side-only solutions that limit customer power to what can be done within each business’s silo, or to await regulatory help, usually crafted by captive regulators who can’t even imagine full customer agency.

Here are some examples of vast dysfunctions that customers face today (and which hurt business and markets as well), in the absence of personal agency and scale:

  • Needing to “consent” to terms that can run more than 10,000 words long, and are different for every website and service provider
  • Dealing with privacy policies that can also run more than 10,000 words long, which are different for every website and service provider, and that the site or service can change whenever they want, and in practice don’t even need to obey
  • Dealing with personal identity systems that are different for every website or service provider
  • Dealing with subscription systems that are different for every website and service provider requiring them
  • Dealing with customer service and tech support systems that are different for every website or service provider
  • Dealing with login and password requirements that are as different, and numerous, as there are websites and service providers
  • Dealing with crippled services and/or higher prices for customers who aren’t “members” of a “loyalty” program, which involves high cognitive and operational overhead for customer and seller alike—and (again) work differently for every website and service provider
  • Dealing with an “Internet of Things” that’s really just an Amazon of things, an Apple of Things, and a Google of things.

And here are some examples of solutions customers can bring to business and markets:

  • Standardized terms that customers can proffer as first parties, and all the world’s sites and services can agree to, in ways where both parties have records of agreements
  • Privacy policies of customers’ own, which are easy for every website and service provider to see and respect 
  • Self-sovereign methods for customers to present only the identity credentials required to do business, relieving many websites and service providers of the need to maintain their own separate databases of personal identity data
  • Standard ways to initiate, change and terminate customers’ subscriptions—and to keep records of those subscriptions—greatly simplifying the way subscriptions are done, across all websites and service providers
  • Standard ways for customers to call for and engage customer service and tech support systems that work the same way across all of them
  • Standard ways for customers to relate, without logins and passwords, and to do that with every website and service provider
  • Standard ways to express loyalty that will work across every website, retailer and service provider
  • Standard ways for customers to “intentcast” an interest in buying, securely and safely, at scale, across whole categories of products and services
  • Standard ways for customers’ belongings to operate, safely and securely, in a true Internet of Things
  • Standardized dashboards on which customers can see their own commercially valuable data, control how it is used, and see who has shared it, how, and under what permissions, across all the entities the customer deals with

There are already many solutions in the works for most of the above. Our work at Customer Commons is to help all of those—and many more—come into the world.

 

0
Read More

Going #Faceless

Facial recognition by entities other than people and their pets has gotten out of control.

Thanks to ubiquitous surveillance systems, including the ones in our own phones, we can no longer assume we are anonymous in public places or private in private ones. This became especially clear a few weeks ago when Kashmir Hill (@kashhill) reported in the New York Times that a company called Clearview.ai “invented a tool that could end your ability to walk down the street anonymously, and provided it to hundreds of law enforcement agencies, ranging from local cops in Florida to the F.B.I. and the Department of Homeland Security.”

If your face has ever appeared anywhere online, it’s a sure bet to assume that you are not faceless to any of those systems. Clearview, Kashmir says, has “a database of more than three billion images” from “Facebook, YouTube, Venmo and millions of other websites ” and “goes far beyond anything ever constructed by the United States government or Silicon Valley giants.”

Among law enforcement communities, only New Jersey’s has started to back off on using Clearview.

And Clearview is just one company. Laws will also take years to catch up with developments in facial recognition, or to get ahead of them, if they ever can. And let’s face it: government interests are highly conflicted here. Intelligence and law enforcement agencies’ need to know all they can is at extreme odds with our need, as human beings, to assume we enjoy at least some freedom from being known by God-knows-what, everywhere we go.

Personal privacy is the heart of civilized life, and beats strongest in democratic societies. It’s not up for “debate” between companies and governments, or political factions. Loss of privacy is a problem that affects each of us, and requires action by each of us as well.

A generation ago, when the Internet was still new to us, four guys (I was one of them) nailed a document called The Cluetrain Manifesto to a door on the Web. It said,

We are not seats or eyeballs or end users or consumers. We are human beings and our reach exceeds your grasp. Deal with it.

Since then their grasp has exceeded our reach. And now they’ve gone too far, grabbing even our faces, everywhere we go.

Enough.

Now it’s time for our reach to exceed their grasp.

Now it’s time, finally, to make them  deal with it.

We need to do that as individuals, and as a society.

Here’s a three-part plan for that.

First, use image above, or one like it, as a your personal avatar, including your Facebook, Twitter or Whatever profile picture. Here’s one that’s favicon size:

 

Second, sign the Get Out Of My Face (#GOOMF) petition, here.  (With enough of us on it, this will work.)

Here at Customer Commons, we have some good ideas, but there are certainly others among the billions of us whose privacy is at stake.

We should discuss this, using the hashtag #faceless. Do that wherever you like.

Here’s a rule to guide both discussion and development:

No complaining. No blaming.

That stuff goes nowhere and wastes energy. Instead we need useful and constructive ideas toward what we can do—each of us, alone and together—to secure, protect and signal our privacy needs and intentions in the world, in ways others can recognize and respect.

We have those in the natural world. We don’t yet in the digital one. So let’s invent them.

 

 

0
Read More

Where there’s folk there’s fire

That headline was, far as I know, first uttered by Britt Blaser in a March 2007 blog post titled The people’s law trumps the power law. It was thirteen years ahead of its time.

Among many others, Britt was energized by  The Cluetrain Manifesto‘s 95 Theses, which David Weinberger, Chris Locke, Rick Levine and I nailed to the Web in April 1999. Today the one-liner most often quoted from Cluetrain is its the first of those theses: Markets are conversations, which then became the title of a chapter in the book version of the Manifesto, which appeared in January 2000 and quickly became a business bestseller. Today the word “cluetrain,” which didn’t exist before 1999, is tweeted daily by people all over the world and appears (says Google) on more than 1.3 million Web pages.

In the 10th Anniversary (2010) edition of the book, I explained that markets were actually three things:

  • transactions,
  • conversations, and
  • relationships

I learned that separately from two teachers, weeks apart in 2000. Both were responding to Cluetrain‘s markets are conversations line, which became a runaway marketing meme shortly after the book came out. One of those teachers was Eric S. Raymond, a devout atheist and libertarian who almost single-handedly made open source a thing, starting two years earlier. The other was Sayo Ajiboye, a Nigerian pastor I met on a plane.

Both suggested markets are relationships as a corollary to markets are conversations and markets are transactions; but it was Sayo who gave me the assignment I’m still working on here with Customer Commons: to make markets are relationships far more real than what customer relationship management (CRM) and related corporate functions imagined it was, because they were all too busy thinking markets are transactions. Seeing markets as conversations would be a step forward, Sayo said, but not a big enough step. Relationship was key to fully realizing free, open and productive markets in the industrial world, and it could only be fully achieved by working on solutions from the customers’ side.

That’s why I started ProjectVRM at Harvard’s Berkman (now Berkman Klein) Center in 2006, and why it’s still going strong today, both by itself and in the forms of Customer Commons (its one direct spin-off), the IEEE 7012 working group, and lately the Me2B Alliance as well. (The 2 in Me2B is about relationship, as I explain here.)

I’ve written about my encounter with Sayo in a number of places. But the most relevant to our work here is Mashing Up a Commons, published in the June 2006 issue of Linux Journal, three months before I became a fellow with the Berkman Center and started ProjectVRM. Without that encounter, there is a good chance neither would have happened.

Mashing up a commons is still our assignment. I believe it will be the most leveraged thing to happen to markets since the Internet showed up. I first explained why in Free Customers Make Free Markets, posted in November 2007. It closes with the headline above.

The time wasn’t right then, but it is now. Let’s do it.

0
Read More

Why we’re not endorsing Contract for the Web

Contract for the Web—not signing

The Contract for the Web is a new thing that wants people to endorse it.

While there is much to like in it, what we see under Principle 5 (of 9) is a deal-breaker:

Respect and protect people’s privacy and personal data to build online trust.
So people are in control of their lives online, empowered with clear and meaningful choices around their data and privacy:

  1. By giving people control over their privacy and data rights, with clear and meaningful choices to control processes involving their privacy and data, including:
  2. Providing clear explanations of processes affecting users’ data and privacy and their purpose.
  3. Providing control panels where users can manage their data and privacy options in a quick and easily accessible place for each user account.
  4. Providing personal data portability, through machine-readable and reusable formats, and interoperable standards — affecting personal data provided by the user, either directly or collected through observing the users’ interaction with the service or device.

Note which party is “giving” and “providing” here. It’s not the individual.

By this principle, individuals should have no more control over their lives online than what website operators and governments “give” or “provide” them, with as many “control panels” as there are websites and “user accounts.” This is the hell we are in now, which metaphorically iworks like this:

It also leaves unaddressed two simple needs we have each had since the Web came into our lives late in the last millennium:

  1. Our own damn controls, that work globally, at scale, across all the websites of the world; and
  2. Our own damn terms and conditions that websites can agree to.

At Customer Commons we encourage #1 (as has ProjectVRM, since 2006), and are working on #2.

If you want to read the thinking behind this position, a good place to start is the Privacy Manifesto draft at ProjectVRM, which is open to steady improvement. (A slightly older but more readable copy is here at Medium.)

We also recommend Klint Finley‘s What’s a Digital Bill of Rights Without Enforcement? in Wired. He makes the essential point in the title. It’s one I also made in Without Enforcement, GDPR is a Fail, in July 2018.

A key point here is that companies and governments are not the only players. As we say in Customers as a Third Force, each of us—individually and collectively—can and should be players too.

We’ll reach out to Tim Berners-Lee and others involved in drafting this “contract” to encourage full respect for the independent agency of individuals.

0
Read More

Customers as a Third Force

Almost all arguments in economics are advanced by two almost opposed positions, each walled into the castles of their ideologies, both insisting that their side has the solutions and the other side causes the problems—while meanwhile between the two flows a river of customers who, if they could be heard, and could participate with more than their cash, would have solutions of their own.

Customer Commons’s job is giving those customers full agency for dealing with both the businesses and governments of the world, and in the process proving that free customers are more valuable—to themselves and the businesses of the world—than captive (or tracked) ones.

It’s a long fight, dating back to the personal agency we lost when industry won the industrial revolution. And it’s one we continue to lose, in many ways, through these early decades of the digital revolution.

If it weren’t losing, we wouldn’t have books such as Shoshana Zuboff‘s In the Age of Surveillance Capitalism, Brett Frischmann and Evan Sellinger‘s Re-Engineering Humanity, Jaron Lanier,’s You are Not a Gadget (and pretty much everything else he’s written), plus what Nicholas Carr, David Weinberger, and many others have been saying for years.

The problem with most of what’s been written so far is that it assumes customers will remain victims unless companies or governments (and mostly the latter) rescue them. There is little sense that customers can also bring solutions to the market—ones that are good for every party involved.

One notable exception is Brett and Evan’s book, mentioned above, which closes with a hopeful nod toward some of our work here at Customer Commons:

Doc Searls and his colleagues at Customer Commons have been working for years on standardized terms for customers to use in managing their relationships with websites and other vendors… [his] dream of customers systematically using contract and related tools to manage their relationships with vendors now seems feasible. It could be an important first step toward flipping the scientific-management-of-consumers script we’ve become so accustomed to.”

My own work here started with Linux Journal in 1994, and gained some notoriety with The Cluetrain Manifesto (co-written with David Weinberger, Christopher Locke and Rick Levine) in 1999. Then, after notoriety didn’t seem to be working, I launched ProjectVRM at Harvard’s Berkman Klein Center in 2006, and in 2012spun out Customer Commons, which since then has quietly been developing on the personal data usage terms Brett and Evan mentioned above.

These are terms that each of us can proffer, and which the businesses of the world can agree to—as an alternative to the reverse, which has become a bane of online existence, alas made worse by normalization of insincere and misleading cookie notices on the Web, caused by (what we regard as a misreading of) the GDPR: a sad example of policy failing to fix a market problem. (So far. In another post we’ll visit ways the GDPR and California’s CCPA might actually help.)

The term third force has multiple uses already, the most common of which seem especially relevant our work here:

  •  “A group of people or nations that mediates between two opposed groups…” —  Free Dictionary
  • (A humanistic psychology that) focuses on inner needs, happiness, fulfillment, the search for identity, and other distinctly human concerns. Psychology: An Introduction, by Russell A. Dewey, PhD

Since customers and citizens are opposed to neither business nor government, but constantly look for positive outcomes in their dealings and relationships with both, third force works.

— Doc Searls

 

0
Read More

Let’s make May 25th Privmas Day

25 May is when the GDPR—the General Data Protection Regulation—went into effect. Finally, our need for privacy online has legal backing strong enough to shake the foundations of surveillance capitalism, and maybe even drop it to the ground—with our help.

This calls for a celebration. In fact, many of them. Every year.

So let’s call 25 May Privmas Day. Hashtag: #Privmas.

And, to celebrate our inaugural Privmas let’s make a movement out of blocking third party cookies, since most of the spying on us starts there. Let’s call it #NoMore3rds.

Turning off third party cookies is easy. Here’s our guide, for six different browsers.

There is much more we can do. But let’s start with #NoMore3rds, and give us all something to celebrate.

 

0
Read More