Blog – Customer Commons

Is Mastodon a collection of commons?

February 8, 2023

Groups of people under bubbles at sunset on the grounds of Versailles

Glenn Fleishman has a lucid and helpful introduction to Mastodon in TidBITS that opens with this:

Cast your mind back to the first time you experienced joy and wonder on the Internet. Do you worry you’ll never be able to capture that sense again? If so, it’s worth wading gently into the world of Mastodon microblogging to see if it offers something fresh and delightful. It might remind you—as it does me, at least for now—of the days when you didn’t view online interactions with some level of dread.

Mastodon isn’t a service but a network of consensually affiliated, independently operated servers running the Mastodon software. It’s the best-known example of the so-called Fediverse…

Then, a few paragraphs later, he provides the best metaphor I’ve yet seen for what Mastodon is and how it works:

You can think of Mastodon as a flotilla of boats of vastly different sizes, whereas Twitter is like being on a cruise ship the size of a continent. Some Mastodon boats might be cruise liners with as many as 50,000 passengers; others are just dinghies with a single occupant! The admin of each instance—the captain of your particular boat—might make arbitrary decisions you disagree with as heartily as with any commercial operator’s tacks and turns. But you’re not stuck on your boat, with abandoning ship as the only alternative. Instead, you can hop from one boat to another without losing your place in the flotilla community. Parts of a flotilla can also splinter off and form their own disconnected groups, but no boat, however large, is in charge of the community.

Since my day job is working as a visiting scholar in the Ostrom Workshop at Indiana University, and Customer Commons has been imagined from its start as a potential commons for customers (or as many commons, flotilla style), I find myself wondering if each of Mastodon’s boats is itself a commons. Or if some of them could be, or already are.

My first experience with Mastodon came early on, in a boat that sank. But now that Mastodon is hot again, I’ve jumped into two boats: twit.social and journa.host. (Find me there and there, respectively.) TWiT.social’s community is gathered around the many shows, hosts, co-hosts, and participants in the TWiT network. Journa.host’s is a collection of journalists. They are very different, though not entirely: journalists abound in both of them.

The question for me here is if any of these boats are a commons. Or if Mastodon itself is one.

To qualify as a commons, a canonical list to check off is provided by Elinor Ostrom. In Governing the Commons (Cambridge, 1990), she outlined eight “design principles” for stable local common pool resource (CPR) management. I’ll make notes following each in italics:

Clearly defining the group boundaries (and effective exclusion of external un-entitled parties) and the contents of the common pool resource. Mastodon is designed to support that.
The appropriation and provision of common resources that are adapted to local conditions. If we’re talking about code, yes. Maybe more. Gotta think about that.
Collective-choice arrangements that allow most resource appropriators to participate in the decision-making process. Depends on the instance, I suppose.
Effective monitoring by monitors who are part of or accountable to the appropriators. Not sure about that one.
A scale of graduated sanctions for resource appropriators who violate community rules. Up to the person or people running each boat.
Mechanisms of conflict resolution that are cheap and of easy access. I think these range from informal to formal, and draw from rules developed for mailing lists and other fora. But, not sure.
Self-determination of the community recognized by higher-level authorities. At the top level, it’s othe Mastodon dev community. At the boat (instance) level, it’s the captain(s) of each.
In the case of larger common-pool resources, organization in the form of multiple layers of nested enterprises, with small local CPRs (common pool resources) at the base level. A thought: the common pool resource is the authors of posts (aka toots) and the posts themselves.

Ostrom and others have also gone deeper and wider than that, for example by examining socio-ecological systems (SESes), defined here in 2004. I’ll leave digging into that up to scholars more schooled than I (or to a later post, after I finish schooling myself). Meanwhile, I think it’s important, given the sudden growth of Mastodon and other federated systems with flotilla-ish qualities, to examine how deep research and writing on commons apply.

This work does matter: Ostrom won a Nobel Prize for it, and it may matter more now than ever.

And help is welcome.

About the photo up top: Lacking a royalty-free visual for a flotilla of boats, I settled on the collections of people you see through bubbles in the photo above, which I shot on the grounds of Versailles. Kinda works, methinks.

Playing Poly

March 15, 2022

Doc Searls

Uncategorized

Poly is a game. Or will be. We’re working on it.

It’s a multi-player game. As are markets. Although Poly does not need to be a game about business (though it could be), the idea is to explore how markets work when customers bring abilities to the market’s table that defaulted business practices prevent.

Examples of abilities are: to express loyalty, to provide market intelligence, to give rich feedback on products and services, how customers actually use those products and services, and what personal boundaries are around their private spaces—on their terms and not just the companies’.

While companies get information about those things today, every company gets that information separately, through its own closed and proprietary loyalty, service, data gathering, and “customer experience” (CX) systems, rather than through personal systems customers can use globally and at scale, exercising their own engagement abilities. Think, for example, about how customers scale market engagement with many different stores by using their cars, mobile phones, browsers, and cash. (For more on that last example, see The cash model of “customer experience.”) All of those are abilities.

Now think about additional abilities, all personal ones: to be savvy, smart, loyal, informative, equipped with extant personal property and accumulated rights and obligations which only they know best, and well-prepared. Think also about how all these abilities vary from person to person yet for each person apply globally. All those abilities are similar to, for example, the strength, dexterity, constitution (or endurance), intelligence, wisdom, and charisma in Dungeons & Dragons. And, from other games, there are abilities for clairvoyance, bullshit detection (or immunity), mathematics, electronic mastery, forseeing, ability to hide, evasion, negation, mirroring, empathy, experience, tracking (e.g. of prices or warranty changes) and others that can also apply to how a good customer deals with businesses.

How might those abilities apply globally to engaging good businesses? Meaning ones that value treating customers smartly and well, and gain from customers exercising the same abilities with many companies?

Modeling how customers and companies can grow markets together is—among other fun things—how Poly can prove or disprove the founding thesis of both Customer Commons and ProjectVRM: that free customers are more valuable than captive ones—to themselves, to the companies they engage, and to markets. There is no way to test this theory inside any one company’s separate closed system.

Note that both customers and companies can still win at Poly, just as both can win in markets. The key with both Poly and markets is that nobody has to lose, even though many do. That’s because, as any economist will tell you, markets create value and wealth in places there is none without them. Start a nail salon or repair shop, and as soon as customers start paying for your goods and services, you’ve created value where before there was none. Get a bunch of sellers a territory, or competitors in a category, and you have a market. What makes a market grow best, however, is not just that customers are paying money for goods and services. It’s that they are bringing that more to the companies they engage: loyalty, feedback, good information, and enjoyable experiences.

While it might not be obvious, markets are self-governing, meaning they make their own rules. And the same goes for Poly, which will be a game of self-governance in which the participants in markets work out their rules.

Yes, there will be winners. But there don’t have to be losers. Markets don’t work that way. Or at least they don’t have to. They can be cooperative (especially between customers and companies) and not just competitive. The same will go for Poly.

Another way to look at markets is as commons. Commons have ways of working that Elinor Ostrom and her colleagues figured out a while ago. They are these:

Define clear group boundaries.
Match rules governing use of common goods to local needs and conditions.
Ensure that those affected by the rules can participate in modifying the rules.
Make sure the rule-making rights of community members are respected by outside authorities.
Develop a system, carried out by community members, for monitoring members’ behavior.
Use graduated sanctions for rule violators.
Provide accessible, low-cost means for dispute resolution.
Build responsibility for governing the common resource in nested tiers from the lowest level up to the entire interconnected system.

Poly will explore and expand on each of these.

At this early stage we are looking at all the variables involved in designing a game: ludology, ludonarrartive consonance/dissonance, game mechanics, core loop, win conditions, game management, uncertainty modeling, Game A vs. Game B, collective vs. personal outcomes, and so on.

We also welcome help. Watch this space for more on that.

The image on top is from Paul Baran’s original 1962 design for the Internet. The dots and lines are his, but without connections between the separate (poly) centers. This is a small hack on what he called a “decentralized” network. The separate groups, with no central direction, are assembled around connected common interests, and form commons of their own as independent actors. I explain independence in Escaping the black holes of centralization.

The Byway has an FAQ

August 15, 2021

Doc Searls

Uncategorized

It’s here, and it’s new.

We’ll soon have an email address to which you can send questions. Stay tuned for that.

The where gets a way

July 10, 2021

Doc Searls

Intentcasting, Intention Byway, Journalism

To make a short story shorter, what I said in this 2018 TED talk was that the best place to save journalism and restore trust in a fractured world was in our own communities. I also said we needed new digital tools: ones that pull us together rather than push us apart.

I didn’t suggest any, because we didn’t have any at the time. But now we do, with the Intention Byway, being developed today at Customer Commons. Think of how we might share community important facts with each other—the stuff of local news—as if by tweeting, but without Twitter. In fact, without a platform.

The Intention Byway is a collection of channels over which anyone can publish relevant facts on topics to which others can subscribe: a way supply and demand for facts can signal each other, and then take conversation forward by whatever means they like. Information on the Byway can feed new and existing news media, as well as each other.

And we’re eager to share more about it with you over the coming months of development.

The dawn of i-commerce

May 24, 2021

Doc Searls

customertech, i-commerce, Independence, Intentcasting, Intention Economy

E-commerce is fine, as far as it goes. That is: as far as the seller-based industrial model can take it. Where it doesn’t go is to customer independence and agency.

We will never get either of those as long as everything we can do in online markets is on commercial platforms where others provide all the means of engagement, all the terms and conditions, all the rules, all the privacy, all the prices, all the identities, all the definitions of loyalty, all the choices for everything.

Nothing wrong with any of those, by the way. In fact, they all may be necessary, but still insufficient; because we still need our own means for signaling demand across the whole world of supply, outside of platforms, and not just inside of them.

Back in the physical world, we have a good model for full customer independence and agency: all the open places—main streets, crossroads, byways—where natural markets thrive and all of us have our own wallets, cash, credit and choices of ways to browse, inform, identify ourselves (or not), express loyalty, negotiate prices, form agreements, keep records, and not be tracked like marked animals.

The Internet, as a peer-to-peer, end-to-end environment, should support marketplaces where we are fully independent and operate as free agents without fear of surveillance or unwanted control by others, just like we’ve long enjoyed in the physical world.

When we have those marketplaces online, they will comprise a new category of commerce. Our name for that category is i-commerce.

It’s also what we expect the Intention Byway to bring into the world, starting with geographical and topical communities, each a commons of customers—and of companies ready to engage with independent customers. As we scaffold that up, we expect an intention economy to emerge.

That doesn’t mean e-commerce will go away. It does mean making i-commerce is a worthy and challenging prospect, and it’s our job to help make that happen.

A New Way

April 27, 2021

Doc Searls

Byway, customertech, Independence, Intentcasting, Intention Economy, Intentron

Updated 23 October 2023

The Byway is a new path for buyers and sellers to reach out and engage safely and independently, without relying on Big Tech platforms. The same path can work between people and any organization, as well as each other.

From The Intention Economy (Harvard Business Review Press, 2012):

Over the coming years, customers will be emancipated from systems built to control them. They will become free and independent actors in the marketplace, equipped to tell vendors what they want, how they want it, where and when—even how much they’d like to pay—outside of any vendor’s system of customer control. Customers will be able to form and break relationships with vendors, on customers’ own terms, and not just on the take-it-or-leave-it terms that have been pro forma since Industry won the Industrial Revolution.

That is an ocean-boiling aspiration, and we can’t make it happen in the red—meaning blood-stained—parts of the ocean; for example, by fighting Big Tech from the inside (where all of us who use computers and phones controlled by Apple, Google and other giants live). What we need instead is a blue ocean strategy. We have that in Bloomington, Indiana, where (Customer Commons board members) Doc and Joyce Searls are currently embedded as visiting scholars with the Ostrom Workshop of Indiana University.

The original design for the Byway was described by Doc and Joyce at The Mill in November 2021. For more on that one, download the slide deck presented there, or this earlier and shorter one. Another approach was (and still could be) toward an online community such as Amherst, MA’s Small Town, which is based on Mastodon, picos, and a matcher tool using Intently (an intentcasting service well proven in the UK). A third approach might combine parts of Beckn, SSI, DIDcomm, pi JLINC, Dazzle , Solid (and/or other approaches to sharing personal data in highly controlled ways) and whatever other protocols and technologies extend personal agency in the digital world. Whatever we do will also involve new and extant open-source code and open standards as well.

in the works at the moment (October 2023) is an approach that starts with creating a new ecosystem for local journalism, supporting better ways for people to inform and trust each other, and making markets that really are conversations rather than just abstracted targets for sellers and their

So stay tuned for more about life after cookies—and outside the same old bakery.

What’s a Good Customer?

March 31, 2021

Doc Searls

customertech, Developments, Independence, infrastructure, Intentcasting, Internet of Things, Marketing, messaging, VRM

For awhile the subhead for our site was,

How good customers work with good companies

It’s still a timely thing to say, since searches on Google for “good customer” are at an all-time high:

The year 2004 was when Google began keeping track of search trends. It was also the year “good customer” hit at an all-time high in percentage of appearances in books Google scanned*:

So, What exactly is a “good customer?”

The answer depends on the size of the business, and how well people or systems in the business know a customer. For a small business, a good customer is a person known by face and name to people who work there, and who has earned a welcome. For a big business, it’s a customer known to spend more than other customers.

In all the cases we’re talking about here, the perspective is the company’s, not the customer’s. If you do a Bing or a Google search for “good customer,” most of the results will be for good customer + service. If you put quotes around “good customer” on either search engine and also The Markup’s Simple Search (which brings to the top “traditional” results not influenced by those engines’ promotional imperatives), your top result will be Paul Jun’s How to be a good customer post on Help Scout. That one offers “tips on how to be a customer that companies love.” Likewise with Are You a Good Customer? Or Not.: Are you Tippin’ or Trippin’? by Janet Vaughan, one of the top results in a search for “good customer” at Amazon. That one is as much a complaint about bad customers as it is advice for customers who aspire to be good. Again, the perspective is a corporate one: either “be nice” or “here’s how to be nice.”

But what if customers can be good in ways that don’t involve paying a lot, showing up frequently and being nice?

For example, what if customers were good sources of intelligence about how companies and their products work—outside current systems meant to minimize exposure to customer input and to restrict that input to the smallest number of variables? (The worst of which is the typical survey that wants to know only how the customer was treated by the agent, rather than by the system behind the agent.)

Consider the fact that a customer’s experience with a product or service is far more rich, persistent and informative than the company’s experience selling those things, or learning about their use only through customer service calls (or even through pre-installed surveillance systems such as those which for years now have been coming in new cars).

The curb weight of customer intelligence (knowledge, knowhow, experience) with a company’s products and services far outweighs whatever the company can know or guess at. What if that intelligence were to be made available by the customer, independently, and in standard ways that worked at scale across many or all of the companies the customer deals with?

At ProjectVRM (of Harvard’s Berkman Klein Center, and out of which Customer Commons was spun), this has been a consideration from the start. Turning the customer journey into a virtuous cycle explores how much more the customer knows on the “own” side of what marketers call the “customer life journey”†:

Given who much more time a customer spends owning something than buying it, the right side of that graphic is actually huge.

I wrote that piece in July 2013, alongside another that asked, Which CRM companies are ready to dance with VRM? In the comments below, Ray Wang, the Founder, Chairman and Principal Analyst at Constellation Research, provided a simple answer: “They aren’t ready. They live in a world of transactions.”

Yet signals between computing systems are also transactional. The surveillance system in your new car is already transacting intelligence about your driving with the company that made the car, plus its third parties (e.g. insurance companies). Now, what if you could, when you wish, share notes or questions about your experience as a driver? For example—

How there is a risk that something pointed and set in the trunk can easily puncture the rear bass speaker screwed into the trunk’s roof and is otherwise unprotected
How some of the dashboard readouts could be improved
How coins or pens dropped next to the console between the front seats risk disappearing to who-knows-where
How you really like the way your headlights angle to look toward bends in the road

We also visited what could be done in How a real customer relationship ought to work in 2014 and in Market intelligence that flows both ways in 2016. In that one we use the example of my experience with a pair of Lamo moccasins that gradually lost their soles, but not their souls (I still have and love them):

By giving these things a pico (a digital twin of itself, or what we might call internet-of-thing-ness without onboard smarts), it is not hard to conceive a conduit through which reports of experience might flow from customer to company, while words of advice, reassurance or whatever might flow back in the other direction:

That’s transactional, but it also makes for a far better relationship that what today’s CRM systems alone can imagine.

It also enlarges what “good customer” means. It’s just one way how, as it says at the top, good customers can work with good companies.

Something we’ve noticed in Pandemic Time is that both customers and companies are looking for better ways to get along, and throwing out old norms right and left. (Such as, on the corporate side, needing to work in an office when the work can also be done at home.)

We’ll be vetting some of those ways at VRM/CuCo Day, Monday 19 April. That’s the day before the Internet Identity Workshop, where many of us will be talking and working on bringing ideas like these to market. The first is free, and the second is cheap considering it’s three days long and the most leveraged conference of any kind I have ever known. See you there.

*Google continued scanning books after that time, but the methods differed, and some results are often odd. (For example, if your search goes to 2019, the last year they cover, the results start dropping in 2009, hit zero in 2012 and stay at zero after that—which is clearly wrong as well as odd.)

†This graphic, and the whole concept, are inventions of Estaban Kolsky, one of the world’s great marketing minds. By the way, Estaban introduced the concept here in 2010, calling it “the experience continuum.” The graphic above comes from a since-vanished page at Oracle.

Beyond E-commerce

March 27, 2021

Doc Searls

customertech, Independence, Privacy, Publishing, Terms & Conditions, VRM

Phil Windley explains e-commerce 1.0 in a single slide that says this:

One reason this happened is that client-server, aka calf-cow (illustrated in Thinking outside the browser) has been the default format for all relationships on the Web, and cookies were required to maintain those relationships. Which really aren’t. Here’s why:

The calves in these relationship have no easy way even to find (much less to understand or create) the cookies in their browsers’ jars.
The calves have no real identity of their own, but instead have as many different identities as there are websites that know (via cookies) their visiting browsers. This gives them no independence, much less a place to stand like Archimedes, with a lever on the world. The browser may be a great tool, but it’s neither that place to stand, nor a sufficient lever.
All the “agreements” the calves have with the websites’ cows, whose terms the calves have “accepted” with one click, or adjusted with some number of additional clicks, leave no readable record on the calves’ side. This severely limits their capacity to argue or dispute, which are requirements for a true relationship.
There exists no independent way individuals can signal their intentions—such as interests in purchase, conditions for engagement, or the need to be left alone (which is how Brandeis and Warren define privacy). As a calf, the browser can’t do that.

In other words, the best we can do in e-commerce 1.0 is what the calf-cow system allows. And that’s to depend utterly on the operators of websites—and especially of giant retailers (led by Amazon) and intermediaries (primarily Google and Facebook).

Nearly all of signaling between demand and supply remains trapped inside these silos and walled gardens. We search inside their systems, we are notified of product and service availability inside their systems, we make agreements inside their systems (to terms and conditions they provide and require), or privacy is dependent on their systems, and product and service delivery is handled either inside their systems or through allied and dependent systems.

Credit where due: an enormous amount of good has come out of these systems. But a far larger amount of good is MLOTT—money left on the table—because there is a boundless sum and variety of demand and supply that still cannot easily signal their interest, intentions of presence to each other in the digital world.

Putting that money on the table is the job of e-commerce 2.0—or whatever else we call it.

[Later… We have a suggestion.)

Cross-posted at the ProjectVRM blog, here.

Thinking Outside the Browser

March 27, 2021

Doc Searls

customertech, Independence, Intentcasting, Markets, Terms & Conditions, VRM

Even if you’re on a phone, chances are you’re reading this in a browser.

Chances are also that most of what you do online is through a browser.

Hell, many—maybe even most—of the apps you use on your phone use the Webkit browser engine. Meaning they’re browsers too.

And, of course, I’m writing this in a browser.

Two problems with this:

Browsers are clients, which are by design subordinate to servers.
There is a lot that can’t be done with a browser.

So let’s start with subordination.

While the Internet at its base is a word-wide collection of peers, the Web that runs on it is a collection of servers to which we are mere clients. That’s because the Web was was built on an old mainframe model of computing called client-server. This is actually more of a calf-cow arrangement than a peer-to-peer one:

So, while we “go to” or “visit” a website, we actually don’t go anywhere. Instead we request a file. Even when you’re watching or listening to a stream, what’s actually happening is a file unfurling itself into your browser.

What you expect when you go to a website is typically the file called a page. You also expect that page will bring a payload of other files providing graphics, video clips or whatever. You might also expect the site to remember that you’ve been there before, or that you’re a subscriber to the site’s services.

You may also understand that the site remembers you because your browser carries a “cookie” the site put there, to helps the site remember what’s called “state,” so the browser and the site can renew their acquaintance. This is what Lou Montulli meant the cookie to do when he invented it in 1994. Lou thought it up because the client-server design puts most agency on the server side, and in the dial-up world of the time, that made the most sense.

Alas, even though we now live in a world where there can be boundless intelligence on the individual’s side, and there is far more capacious communication bandwidth between network nodes, damn near everyone continues to presume a near-absolute power asymmetry between clients and servers, calves and cows, people and sites. It’s also why today when you go to a site and it asks you to accept its use of cookies, something unknown to you (presumably—you can’t tell) remembers that “agreement” and its settings, and you don’t—even though there is no reason why you shouldn’t or couldn’t. It doesn’t even occur to the inventors and maintainers of cookie acceptance systems that a mere “user” should have any way to record, revisit or audit the “agreement.” All they want is what the law now requires of them: your “consent.”

This near-absolute power asymmetry between the Web’s calves and cows is also why you typically get a vast payload of spyware when your browser simply asks to see whatever it is you actually want from the website. To see how big that payload can be, I highly recommend a tool called PageXray, from Fou Analytics, run by Dr. Augustine Fou (aka @acfou). For a test run, try PageXray on the Daily Mail’s U.S. home page, and you’ll see that you’re also getting this huge payload of stuff you didn’t ask for:

Adserver Requests: 756
Tracking Requests: 492
Other Requests: 184

The visualization looks like this:

This is how, as Richard Whitt perfectly puts it, “the browser is actually browsing us.”

All those requests, most of which are for personal data of some kind, come in the form of cookies and similar files. The visual above shows how information about you fans out to a near countless number of third parties and dependents on those. And, while these cookies are stored by your browser, they are meant to be readable only by the server or one or more of its third parties.

This is the icky heart of the e-commerce “ecosystem” today.

By the way, and to be fair, two of the browsers in the graphic above—Epic and Tor—by default disclose as little as possible about you and your equipment to the sites you visit. Others have privacy features and settings. But getting past the whole calf-cow system is the real problem we need to solve.

Now let’s look at what can’t be done with a browser. If you think the answer is nothing, you’re stuck inside the browser box. If you think the answer is something, tell us what it is.

We have some ideas. But first we’d like to hear from you.

Cross-posted at the ProjectVRM blog, here.

Just in case you feel safe with Twitter

January 26, 2021

Doc Searls

Advertising, Companies, Independence, Marketing, Privacy, Publishing, Terms, Tools, VRM

twitter bird with crosshairs

Just got a press release by email from David Rosen (@firstpersonpol) of the Public Citizen press office. The headline says “Historic Grindr Fine Shows Need for FTC Enforcement Action.” The same release is also a post in the news section of the Public Citizen website. This is it:

WASHINGTON, D.C. – The Norwegian Data Protection Agency today fined Grindr $11.7 million following a Jan. 2020 report that the dating app systematically violates users’ privacy. Public Citizen asked the Federal Trade Commission (FTC) and state attorneys general to investigate Grindr and other popular dating apps, but the agency has yet to take action. Burcu Kilic, digital rights program director for Public Citizen, released the following statement:

“Fining Grindr for systematic privacy violations is a historic decision under Europe’s GDPR (General Data Protection Regulation), and a strong signal to the AdTech ecosystem that business-as-usual is over. The question now is when the FTC will take similar action and bring U.S. regulatory enforcement in line with those in the rest of the world.

“Every day, millions of Americans share their most intimate personal details on apps like Grindr, upload personal photos, and reveal their sexual and religious identities. But these apps and online services spy on people, collect vast amounts of personal data and share it with third parties without people’s knowledge. We need to regulate them now, before it’s too late.”

The first link goes to Grindr is fined $11.7 million under European privacy law, by Natasha Singer (@NatashaNYT) and Aaron Krolik. (This @AaronKrolik? If so, hi. If not, sorry. This is a blog. I can edit it.) The second link goes to a Public Citizen post titled Popular Dating, Health Apps Violate Privacy.

In the emailed press release, the text is the same, but the links are not. The first is this:

https://default.salsalabs.org/T72ca980d-0c9b-45da-88fb-d8c1cf8716ac/25218e76-a235-4500-bc2b-d0f337c722d4

The second is this:

https://default.salsalabs.org/Tc66c3800-58c1-4083-bdd1-8e730c1c4221/25218e76-a235-4500-bc2b-d0f337c722d4

Why are they not simple and direct URLs? And who is salsalabs.org?

You won’t find anything at that link, or by running a whois on it. But I do see there is a salsalabs.com, which has “SmartEngagement Technology” that “combines CRM and nonprofit engagement software with embedded best practices, machine learning, and world-class education and support.” since Public Citizen is a nonprofit, I suppose it’s getting some “smart engagement” of some kind with these links. PrivacyBadger tells me Salsalabs.com has 14 potential trackers, including static.ads.twitter.com.

My point here is that we, as clickers on those links, have at best a suspicion about what’s going on: perhaps that the link is being used to tell Public Citizen that we’ve clicked on the link… and likely also to help target us with messages of some sort. But we really don’t know.

And, speaking of not knowing, Natasha and Aaron’s New York Times story begins with this:

The Norwegian Data Protection Authority said on Monday that it would fine Grindr, the world’s most popular gay dating app, 100 million Norwegian kroner, or about $11.7 million, for illegally disclosing private details about its users to advertising companies.

The agency said the app had transmitted users’ precise locations, user-tracking codes and the app’s name to at least five advertising companies, essentially tagging individuals as L.G.B.T.Q. without obtaining their explicit consent, in violation of European data protection law. Grindr shared users’ private details with, among other companies, MoPub, Twitter’s mobile advertising platform, which may in turn share data with more than 100 partners, according to the agency’s ruling.

Before this, I had never heard of MoPub. In fact, I had always assumed that Twitter’s privacy policy either limited or forbid the company from leaking out personal information to advertisers or other entities. Here’s how its Private Information Policy Overview begins:

You may not publish or post other people’s private information without their express authorization and permission. We also prohibit threatening to expose private information or incentivizing others to do so.

Sharing someone’s private information online without their permission, sometimes called doxxing, is a breach of their privacy and of the Twitter Rules. Sharing private information can pose serious safety and security risks for those affected and can lead to physical, emotional, and financial hardship.

On the MoPub site, however, it says this:

MoPub, a Twitter company, provides monetization solutions for mobile app publishers and developers around the globe.

Our flexible network mediation solution, leading mobile programmatic exchange, and years of expertise in mobile app advertising mean publishers trust us to help them maximize their ad revenue and control their user experience.

The Norwegian DPA apparently finds a conflict between the former and the latter—or at least in the way the latter was used by Grinder (since they didn’t fine Twitter).

To be fair, Grindr and Twitter may not agree with the Norwegian DPA. Regardless of their opinion, however, by this point in history we should have no faith that any company will protect our privacy online. Violating personal privacy is just too easy to do, to rationalize, and to make money at.

To start truly facing this problem, we need start with a simple fact: If your privacy is in the hands of others alone, you don’t have any. Getting promises from others not to stare at your naked self isn’t the same as clothing. Getting promises not to walk into your house or look in your windows is not the same as having locks and curtains.

In the absence of personal clothing and shelter online, or working ways to signal intentions about one’s privacy, the hands of others alone is all we’ve got. And it doesn’t work. Nor do privacy laws, especially when enforcement is still so rare and scattered.

Really, to potential violators like Grindr and Twitter/MoPub, enforcement actions like this one by the Norwegian DPA are at most a little discouraging. The effect on our experience of exposure is still nil. We are exposed everywhere, all the time, and we know it. At best we just hope nothing bad happens.

The only way to fix this problem is with the digital equivalent of clothing, locks, curtains, ways to signal what’s okay and what’s not—and to get firm agreements from others about how our privacy will be respected.

At Customer Commons, we’re starting with signaling, specifically with first party terms that you and I can proffer and sites and services can accept.

The first is called P2B1, aka #NoStalking. It says “Just give me ads not based on tracking me.” It’s a term any browser (or other tool) can proffer and any site or service can accept—and any privacy-respecting website or service should welcome.

Making this kind of agreement work is also being addressed by IEEE7012, a working group on machine-readable personal privacy terms.

Now we’re looking for sites and services willing to accept those terms. How about it, Twitter, New York Times, Grindr and Public Citizen? Or anybody.

DM us at @CustomerCommons and we’ll get going on it.