Independence – Customer Commons

Choosing Your Terms

January 23, 2024

customertech, Independence, Privacy, Terms, VRM

AI prompt (with Microsoft Image Creator): “A person chooses ‘NoStalking’ from a collection of privacy-providing terms on the Customer Commons website”

Customer Commons was designed to be for personal privacy terms what Creative Commons is for personal copyright licenses. So far we have one privacy term here, called NoStalking. It’s an agreement a person chooses when they want another party not to track them away from their site or service, but still allows ads to be displayed. Since it’s a contract, think of it as a Do Not Track agreement rather than as just a preference signal (which is all Do Not Track ever was—and why it failed).

The IEEE’s P7012 Working Group (with four Customer Commons board members on it) has been working for the past few years on a standard for making terms such as NoStalking readable by machines, and not just by ordinary folk and lawyers.

The questions in front of the working group right now are:

How the individual chooses a term, or set of them.
How both the individual (the first party) and the site or service (the second party) might keep a record of all the terms for which they have agreements signed by their machines, so that compliance can be monitored and disputes reliant on auditable data.
How the standard can apply to both simple scenarios such as NoStalking and more complex ones that, for example, might involve negotiation and movement toward a purchase at the end of what marketers call a customer journey, or the completion of that journey in a state of relationship. Also how to end such a relationship, and to record that as well.

At this stage of the Internet’s history, our primary ways of interacting with sites and services are through browsers and apps on our computers and mobile devices. Since both are built on the client-server (aka slave-master or calf-cow) model, neither browsers nor apps provide ways to address the questions above. They are all built to make you agree to others’ terms, and to leave recording those agreements entirely the responsibility of those other parties.

So we need an independent instrument that can work within or alongside browsers and apps. On the Creative Commons model, we’re calling this instrument a chooser. However, unlike the Creative Commons chooser, this one will not sit on a website. It will be an instrument of the person’s own. How it will work matters less at this stage than outlining or wire-framing what it will do.

Here are some basic rules around which we are basing our approach to completing the standard:

The individual is a self-sovereign and an independent actor in the ecosystem.
Organisations are present in this ecosystem as voluntary providers of products and services.
The individual provides no more data than is required for service.
All personal data is deleted at the termination of the agreement, unless expressly over-ridden by national regulations.
Any purposes not overtly mentioned as allowed are not allowed.
Service provision will always require an identifier; this method assumes the individual can bring their own; potentially supported by a software agent and related services.
Agreements are signed before any data exchange.
Precise data required for each purpose is out of band for the agreement design and selection.
That agreements are invoked at precisely the most relevant time: when an individual (in this case, the first party) is ready to engage any site or service (the second party) that is digital itself or has a digital route to a completed engagement. This point is important because it is precisely the same time as the second party normally invokes its own terms, and can update them in compliance with the first party’s requirements. This is the window of opportunity in which agents representing both parties can come to a set of acceptable terms. Note that there can be plenty of terms that favor the individual’s privacy requirements that are also good for the other side. NoStalking is a good example, because it says (in plain English) “Just give me ads not based on tracking me.” (In a way Google’s new privacy sandbox complies with this.)
To be clear – the Chooser is what is handling that back and forth negotiation to an acceptable solution for both parties before it hands off to agreement signing.

More to follow.

The dawn of i-commerce

May 24, 2021

Doc Searls

customertech, i-commerce, Independence, Intentcasting, Intention Economy

E-commerce is fine, as far as it goes. That is: as far as the seller-based industrial model can take it. Where it doesn’t go is to customer independence and agency.

We will never get either of those as long as everything we can do in online markets is on commercial platforms where others provide all the means of engagement, all the terms and conditions, all the rules, all the privacy, all the prices, all the identities, all the definitions of loyalty, all the choices for everything.

Nothing wrong with any of those, by the way. In fact, they all may be necessary, but still insufficient; because we still need our own means for signaling demand across the whole world of supply, outside of platforms, and not just inside of them.

Back in the physical world, we have a good model for full customer independence and agency: all the open places—main streets, crossroads, byways—where natural markets thrive and all of us have our own wallets, cash, credit and choices of ways to browse, inform, identify ourselves (or not), express loyalty, negotiate prices, form agreements, keep records, and not be tracked like marked animals.

As a professional online casino expert, I understand that finding a reliable and safe online casino can be quite challenging. With the multitude of online casinos sprouting up every now and then, it’s crucial to know which ones are worth your time and money. Today, we’ll be taking a look at one of the newest payment methods in the online casino industry, GrabPay Casino Online. This payment method has been growing in popularity because of its convenience and security measures. Are you curious about GrabPay Casino Online? Read on to know more about it and how it works with one of the most trusted online casino review sites, Casino10.
Understandably, one of the significant concerns of online casino visitors is safety. With grabpay casino online at Casino10, you can be assured of this. GrabPay is a mobile payment platform owned by Grab Holdings Inc. It’s a service provider in Southeast Asia that allows for mobile transactions securely. With various security protocols and SSL encryption, your financial information is in safe hands. GrabPay also verifies every transaction made, minimizing the risk of unauthorized payments. Casino10 has partnered with GrabPay to provide an easy way to deposit money into your online casino account. Using GrabPay at Casino10 is simple, quick, and safe.
Apart from safety, another advantage of using GrabPay at Casino10 is the convenience. You don’t have to wait for transfer periods since deposits using GrabPay are instant. This means that you can begin playing your favorite online casino games as soon as you deposit your cash. GrabPay also supports the local currency of Southeast Asia, so you don’t need to worry about currency conversions since Casino10 offers this feature. With the ease of depositing to your Casino10 account using GrabPay, you’ll have more time to play and enjoy your games.

W dzisiejszych czasach coraz więcej ludzi decyduje się na granie w kasynach online. To wygodny sposób na relaks w domowym zaciszu, bez potrzeby wychodzenia z domu. Dla graczy z Holandii, poszukujących legalnych i bezpiecznych kasyn online, KasynoOnline10 jest idealnym miejscem. W tym artykule przedstawiamy przewodnik po kasynach online dla graczy z Holandii, wraz z naszymi rekomendacjami dotyczącymi najlepszych stron do grania – kasynoonline10.com. Kasyno online Holandia to świetny sposób na rozrywkę i relaks. Jednak przed rozpoczęciem gry, ważne jest, aby upewnić się że wybrane przez nas kasyno online jest bezpieczne i legalne.
W Holandii legalna jest tylko jedna strona hazardowa – Holland Casino. Natomiast gracze z Holandii, którzy chcą grać w kasynie online, muszą szukać zagranicznych stron, które spełniają wymagania holenderskiego prawa dotyczącego gier hazardowych. W tym celu warto skorzystać z recenzji i rekomendacji, takich jak te oferowane przez KasynoOnline10. Istnieje wiele zagranicznych kasyn online, które akceptują graczy z Holandii, ale nie wszystkie są bezpieczne czy godne zaufania. Dlatego, przed dokonaniem wyboru warto sprawdzić czy dana strona posiada odpowiednie licencje i certyfikaty.
KasynoOnline10 dokonuje recenzji i testów kasyn online, aby zapewnić swoim użytkownikom pełne bezpieczeństwo podczas gry. Rekomendacja naszej strony to więc gwarancja bezpieczeństwa i rozrywki. Kiedy wybierzemy odpowiednie kasyno online, czas na wybór gier. Wiele zagranicznych stron oferuje szeroki wybór gier, od tradycyjnych gier karcianych i slotów, aż po gry z krupierem na żywo. Warto wybrać stronę, która oferuje wersje gier w języku polskim, dla większej wygody i łatwości korzystania. Z KasynoOnline10 znajdziemy najlepsze rzeczywiste kasyna online w których możemy zagrać w populgerne sloty, jak Dead or Alive 2, Book of Ra, czy Blood Suckers.

The Internet, as a peer-to-peer, end-to-end environment, should support marketplaces where we are fully independent and operate as free agents without fear of surveillance or unwanted control by others, just like we’ve long enjoyed in the physical world.

When we have those marketplaces online, they will comprise a new category of commerce. Our name for that category is i-commerce.

It’s also what we expect the Intention Byway to bring into the world, starting with geographical and topical communities, each a commons of customers—and of companies ready to engage with independent customers. As we scaffold that up, we expect an intention economy to emerge.

That doesn’t mean e-commerce will go away. It does mean making i-commerce is a worthy and challenging prospect, and it’s our job to help make that happen.

A New Way

April 27, 2021

Doc Searls

Byway, customertech, Independence, Intentcasting, Intention Economy, Intentron

Updated 23 October 2023

The Byway is a new path for buyers and sellers to reach out and engage safely and independently, without relying on Big Tech platforms. The same path can work between people and any organization, as well as each other.

From The Intention Economy (Harvard Business Review Press, 2012):

Over the coming years, customers will be emancipated from systems built to control them. They will become free and independent actors in the marketplace, equipped to tell vendors what they want, how they want it, where and when—even how much they’d like to pay—outside of any vendor’s system of customer control. Customers will be able to form and break relationships with vendors, on customers’ own terms, and not just on the take-it-or-leave-it terms that have been pro forma since Industry won the Industrial Revolution.

That is an ocean-boiling aspiration, and we can’t make it happen in the red—meaning blood-stained—parts of the ocean; for example, by fighting Big Tech from the inside (where all of us who use computers and phones controlled by Apple, Google and other giants live). What we need instead is a blue ocean strategy. We have that in Bloomington, Indiana, where (Customer Commons board members) Doc and Joyce Searls are currently embedded as visiting scholars with the Ostrom Workshop of Indiana University.

The original design for the Byway was described by Doc and Joyce at The Mill in November 2021. For more on that one, download the slide deck presented there, or this earlier and shorter one. Another approach was (and still could be) toward an online community such as Amherst, MA’s Small Town, which is based on Mastodon, picos, and a matcher tool using Intently (an intentcasting service well proven in the UK). A third approach might combine parts of Beckn, SSI, DIDcomm, pi JLINC, Dazzle , Solid (and/or other approaches to sharing personal data in highly controlled ways) and whatever other protocols and technologies extend personal agency in the digital world. Whatever we do will also involve new and extant open-source code and open standards as well.

in the works at the moment (October 2023) is an approach that starts with creating a new ecosystem for local journalism, supporting better ways for people to inform and trust each other, and making markets that really are conversations rather than just abstracted targets for sellers and their

So stay tuned for more about life after cookies—and outside the same old bakery.

What’s a Good Customer?

March 31, 2021

Doc Searls

customertech, Developments, Independence, infrastructure, Intentcasting, Internet of Things, Marketing, messaging, VRM

For awhile the subhead for our site was,

How good customers work with good companies

It’s still a timely thing to say, since searches on Google for “good customer” are at an all-time high:

The year 2004 was when Google began keeping track of search trends. It was also the year “good customer” hit at an all-time high in percentage of appearances in books Google scanned*:

So, What exactly is a “good customer?”

The answer depends on the size of the business, and how well people or systems in the business know a customer. For a small business, a good customer is a person known by face and name to people who work there, and who has earned a welcome. For a big business, it’s a customer known to spend more than other customers.

In all the cases we’re talking about here, the perspective is the company’s, not the customer’s. If you do a Bing or a Google search for “good customer,” most of the results will be for good customer + service. If you put quotes around “good customer” on either search engine and also The Markup’s Simple Search (which brings to the top “traditional” results not influenced by those engines’ promotional imperatives), your top result will be Paul Jun’s How to be a good customer post on Help Scout. That one offers “tips on how to be a customer that companies love.” Likewise with Are You a Good Customer? Or Not.: Are you Tippin’ or Trippin’? by Janet Vaughan, one of the top results in a search for “good customer” at Amazon. That one is as much a complaint about bad customers as it is advice for customers who aspire to be good. Again, the perspective is a corporate one: either “be nice” or “here’s how to be nice.”

But what if customers can be good in ways that don’t involve paying a lot, showing up frequently and being nice?

For example, what if customers were good sources of intelligence about how companies and their products work—outside current systems meant to minimize exposure to customer input and to restrict that input to the smallest number of variables? (The worst of which is the typical survey that wants to know only how the customer was treated by the agent, rather than by the system behind the agent.)

Consider the fact that a customer’s experience with a product or service is far more rich, persistent and informative than the company’s experience selling those things, or learning about their use only through customer service calls (or even through pre-installed surveillance systems such as those which for years now have been coming in new cars).

The curb weight of customer intelligence (knowledge, knowhow, experience) with a company’s products and services far outweighs whatever the company can know or guess at. What if that intelligence were to be made available by the customer, independently, and in standard ways that worked at scale across many or all of the companies the customer deals with?

At ProjectVRM (of Harvard’s Berkman Klein Center, and out of which Customer Commons was spun), this has been a consideration from the start. Turning the customer journey into a virtuous cycle explores how much more the customer knows on the “own” side of what marketers call the “customer life journey”†:

Given who much more time a customer spends owning something than buying it, the right side of that graphic is actually huge.

I wrote that piece in July 2013, alongside another that asked, Which CRM companies are ready to dance with VRM? In the comments below, Ray Wang, the Founder, Chairman and Principal Analyst at Constellation Research, provided a simple answer: “They aren’t ready. They live in a world of transactions.”

Yet signals between computing systems are also transactional. The surveillance system in your new car is already transacting intelligence about your driving with the company that made the car, plus its third parties (e.g. insurance companies). Now, what if you could, when you wish, share notes or questions about your experience as a driver? For example—

How there is a risk that something pointed and set in the trunk can easily puncture the rear bass speaker screwed into the trunk’s roof and is otherwise unprotected
How some of the dashboard readouts could be improved
How coins or pens dropped next to the console between the front seats risk disappearing to who-knows-where
How you really like the way your headlights angle to look toward bends in the road

We also visited what could be done in How a real customer relationship ought to work in 2014 and in Market intelligence that flows both ways in 2016. In that one we use the example of my experience with a pair of Lamo moccasins that gradually lost their soles, but not their souls (I still have and love them):

By giving these things a pico (a digital twin of itself, or what we might call internet-of-thing-ness without onboard smarts), it is not hard to conceive a conduit through which reports of experience might flow from customer to company, while words of advice, reassurance or whatever might flow back in the other direction:

That’s transactional, but it also makes for a far better relationship that what today’s CRM systems alone can imagine.

It also enlarges what “good customer” means. It’s just one way how, as it says at the top, good customers can work with good companies.

Something we’ve noticed in Pandemic Time is that both customers and companies are looking for better ways to get along, and throwing out old norms right and left. (Such as, on the corporate side, needing to work in an office when the work can also be done at home.)

We’ll be vetting some of those ways at VRM/CuCo Day, Monday 19 April. That’s the day before the Internet Identity Workshop, where many of us will be talking and working on bringing ideas like these to market. The first is free, and the second is cheap considering it’s three days long and the most leveraged conference of any kind I have ever known. See you there.

*Google continued scanning books after that time, but the methods differed, and some results are often odd. (For example, if your search goes to 2019, the last year they cover, the results start dropping in 2009, hit zero in 2012 and stay at zero after that—which is clearly wrong as well as odd.)

†This graphic, and the whole concept, are inventions of Estaban Kolsky, one of the world’s great marketing minds. By the way, Estaban introduced the concept here in 2010, calling it “the experience continuum.” The graphic above comes from a since-vanished page at Oracle.

Beyond E-commerce

March 27, 2021

Doc Searls

customertech, Independence, Privacy, Publishing, Terms & Conditions, VRM

Phil Windley explains e-commerce 1.0 in a single slide that says this:

One reason this happened is that client-server, aka calf-cow (illustrated in Thinking outside the browser) has been the default format for all relationships on the Web, and cookies were required to maintain those relationships. Which really aren’t. Here’s why:

The calves in these relationship have no easy way even to find (much less to understand or create) the cookies in their browsers’ jars.
The calves have no real identity of their own, but instead have as many different identities as there are websites that know (via cookies) their visiting browsers. This gives them no independence, much less a place to stand like Archimedes, with a lever on the world. The browser may be a great tool, but it’s neither that place to stand, nor a sufficient lever.
All the “agreements” the calves have with the websites’ cows, whose terms the calves have “accepted” with one click, or adjusted with some number of additional clicks, leave no readable record on the calves’ side. This severely limits their capacity to argue or dispute, which are requirements for a true relationship.
There exists no independent way individuals can signal their intentions—such as interests in purchase, conditions for engagement, or the need to be left alone (which is how Brandeis and Warren define privacy). As a calf, the browser can’t do that.

In other words, the best we can do in e-commerce 1.0 is what the calf-cow system allows. And that’s to depend utterly on the operators of websites—and especially of giant retailers (led by Amazon) and intermediaries (primarily Google and Facebook).

Nearly all of signaling between demand and supply remains trapped inside these silos and walled gardens. We search inside their systems, we are notified of product and service availability inside their systems, we make agreements inside their systems (to terms and conditions they provide and require), or privacy is dependent on their systems, and product and service delivery is handled either inside their systems or through allied and dependent systems.

Credit where due: an enormous amount of good has come out of these systems. But a far larger amount of good is MLOTT—money left on the table—because there is a boundless sum and variety of demand and supply that still cannot easily signal their interest, intentions of presence to each other in the digital world.

Putting that money on the table is the job of e-commerce 2.0—or whatever else we call it.

[Later… We have a suggestion.)

Cross-posted at the ProjectVRM blog, here.

Thinking Outside the Browser

March 27, 2021

Doc Searls

customertech, Independence, Intentcasting, Markets, Terms & Conditions, VRM

Even if you’re on a phone, chances are you’re reading this in a browser.

Chances are also that most of what you do online is through a browser.

Hell, many—maybe even most—of the apps you use on your phone use the Webkit browser engine. Meaning they’re browsers too.

And, of course, I’m writing this in a browser.

Two problems with this:

Browsers are clients, which are by design subordinate to servers.
There is a lot that can’t be done with a browser.

So let’s start with subordination.

While the Internet at its base is a word-wide collection of peers, the Web that runs on it is a collection of servers to which we are mere clients. That’s because the Web was was built on an old mainframe model of computing called client-server. This is actually more of a calf-cow arrangement than a peer-to-peer one:

So, while we “go to” or “visit” a website, we actually don’t go anywhere. Instead we request a file. Even when you’re watching or listening to a stream, what’s actually happening is a file unfurling itself into your browser.

What you expect when you go to a website is typically the file called a page. You also expect that page will bring a payload of other files providing graphics, video clips or whatever. You might also expect the site to remember that you’ve been there before, or that you’re a subscriber to the site’s services.

You may also understand that the site remembers you because your browser carries a “cookie” the site put there, to helps the site remember what’s called “state,” so the browser and the site can renew their acquaintance. This is what Lou Montulli meant the cookie to do when he invented it in 1994. Lou thought it up because the client-server design puts most agency on the server side, and in the dial-up world of the time, that made the most sense.

Alas, even though we now live in a world where there can be boundless intelligence on the individual’s side, and there is far more capacious communication bandwidth between network nodes, damn near everyone continues to presume a near-absolute power asymmetry between clients and servers, calves and cows, people and sites. It’s also why today when you go to a site and it asks you to accept its use of cookies, something unknown to you (presumably—you can’t tell) remembers that “agreement” and its settings, and you don’t—even though there is no reason why you shouldn’t or couldn’t. It doesn’t even occur to the inventors and maintainers of cookie acceptance systems that a mere “user” should have any way to record, revisit or audit the “agreement.” All they want is what the law now requires of them: your “consent.”

This near-absolute power asymmetry between the Web’s calves and cows is also why you typically get a vast payload of spyware when your browser simply asks to see whatever it is you actually want from the website. To see how big that payload can be, I highly recommend a tool called PageXray, from Fou Analytics, run by Dr. Augustine Fou (aka @acfou). For a test run, try PageXray on the Daily Mail’s U.S. home page, and you’ll see that you’re also getting this huge payload of stuff you didn’t ask for:

Adserver Requests: 756
Tracking Requests: 492
Other Requests: 184

The visualization looks like this:

This is how, as Richard Whitt perfectly puts it, “the browser is actually browsing us.”

All those requests, most of which are for personal data of some kind, come in the form of cookies and similar files. The visual above shows how information about you fans out to a near countless number of third parties and dependents on those. And, while these cookies are stored by your browser, they are meant to be readable only by the server or one or more of its third parties.

This is the icky heart of the e-commerce “ecosystem” today.

By the way, and to be fair, two of the browsers in the graphic above—Epic and Tor—by default disclose as little as possible about you and your equipment to the sites you visit. Others have privacy features and settings. But getting past the whole calf-cow system is the real problem we need to solve.

Now let’s look at what can’t be done with a browser. If you think the answer is nothing, you’re stuck inside the browser box. If you think the answer is something, tell us what it is.

We have some ideas. But first we’d like to hear from you.

Cross-posted at the ProjectVRM blog, here.

Just in case you feel safe with Twitter

January 26, 2021

Doc Searls

Advertising, Companies, Independence, Marketing, Privacy, Publishing, Terms, Tools, VRM

twitter bird with crosshairs

Just got a press release by email from David Rosen (@firstpersonpol) of the Public Citizen press office. The headline says “Historic Grindr Fine Shows Need for FTC Enforcement Action.” The same release is also a post in the news section of the Public Citizen website. This is it:

WASHINGTON, D.C. – The Norwegian Data Protection Agency today fined Grindr $11.7 million following a Jan. 2020 report that the dating app systematically violates users’ privacy. Public Citizen asked the Federal Trade Commission (FTC) and state attorneys general to investigate Grindr and other popular dating apps, but the agency has yet to take action. Burcu Kilic, digital rights program director for Public Citizen, released the following statement:

“Fining Grindr for systematic privacy violations is a historic decision under Europe’s GDPR (General Data Protection Regulation), and a strong signal to the AdTech ecosystem that business-as-usual is over. The question now is when the FTC will take similar action and bring U.S. regulatory enforcement in line with those in the rest of the world.

“Every day, millions of Americans share their most intimate personal details on apps like Grindr, upload personal photos, and reveal their sexual and religious identities. But these apps and online services spy on people, collect vast amounts of personal data and share it with third parties without people’s knowledge. We need to regulate them now, before it’s too late.”

The first link goes to Grindr is fined $11.7 million under European privacy law, by Natasha Singer (@NatashaNYT) and Aaron Krolik. (This @AaronKrolik? If so, hi. If not, sorry. This is a blog. I can edit it.) The second link goes to a Public Citizen post titled Popular Dating, Health Apps Violate Privacy.

In the emailed press release, the text is the same, but the links are not. The first is this:

https://default.salsalabs.org/T72ca980d-0c9b-45da-88fb-d8c1cf8716ac/25218e76-a235-4500-bc2b-d0f337c722d4

The second is this:

https://default.salsalabs.org/Tc66c3800-58c1-4083-bdd1-8e730c1c4221/25218e76-a235-4500-bc2b-d0f337c722d4

Why are they not simple and direct URLs? And who is salsalabs.org?

You won’t find anything at that link, or by running a whois on it. But I do see there is a salsalabs.com, which has “SmartEngagement Technology” that “combines CRM and nonprofit engagement software with embedded best practices, machine learning, and world-class education and support.” since Public Citizen is a nonprofit, I suppose it’s getting some “smart engagement” of some kind with these links. PrivacyBadger tells me Salsalabs.com has 14 potential trackers, including static.ads.twitter.com.

My point here is that we, as clickers on those links, have at best a suspicion about what’s going on: perhaps that the link is being used to tell Public Citizen that we’ve clicked on the link… and likely also to help target us with messages of some sort. But we really don’t know.

And, speaking of not knowing, Natasha and Aaron’s New York Times story begins with this:

The Norwegian Data Protection Authority said on Monday that it would fine Grindr, the world’s most popular gay dating app, 100 million Norwegian kroner, or about $11.7 million, for illegally disclosing private details about its users to advertising companies.

The agency said the app had transmitted users’ precise locations, user-tracking codes and the app’s name to at least five advertising companies, essentially tagging individuals as L.G.B.T.Q. without obtaining their explicit consent, in violation of European data protection law. Grindr shared users’ private details with, among other companies, MoPub, Twitter’s mobile advertising platform, which may in turn share data with more than 100 partners, according to the agency’s ruling.

Before this, I had never heard of MoPub. In fact, I had always assumed that Twitter’s privacy policy either limited or forbid the company from leaking out personal information to advertisers or other entities. Here’s how its Private Information Policy Overview begins:

You may not publish or post other people’s private information without their express authorization and permission. We also prohibit threatening to expose private information or incentivizing others to do so.

Sharing someone’s private information online without their permission, sometimes called doxxing, is a breach of their privacy and of the Twitter Rules. Sharing private information can pose serious safety and security risks for those affected and can lead to physical, emotional, and financial hardship.

On the MoPub site, however, it says this:

MoPub, a Twitter company, provides monetization solutions for mobile app publishers and developers around the globe.

Our flexible network mediation solution, leading mobile programmatic exchange, and years of expertise in mobile app advertising mean publishers trust us to help them maximize their ad revenue and control their user experience.

The Norwegian DPA apparently finds a conflict between the former and the latter—or at least in the way the latter was used by Grinder (since they didn’t fine Twitter).

To be fair, Grindr and Twitter may not agree with the Norwegian DPA. Regardless of their opinion, however, by this point in history we should have no faith that any company will protect our privacy online. Violating personal privacy is just too easy to do, to rationalize, and to make money at.

To start truly facing this problem, we need start with a simple fact: If your privacy is in the hands of others alone, you don’t have any. Getting promises from others not to stare at your naked self isn’t the same as clothing. Getting promises not to walk into your house or look in your windows is not the same as having locks and curtains.

In the absence of personal clothing and shelter online, or working ways to signal intentions about one’s privacy, the hands of others alone is all we’ve got. And it doesn’t work. Nor do privacy laws, especially when enforcement is still so rare and scattered.

Really, to potential violators like Grindr and Twitter/MoPub, enforcement actions like this one by the Norwegian DPA are at most a little discouraging. The effect on our experience of exposure is still nil. We are exposed everywhere, all the time, and we know it. At best we just hope nothing bad happens.

The only way to fix this problem is with the digital equivalent of clothing, locks, curtains, ways to signal what’s okay and what’s not—and to get firm agreements from others about how our privacy will be respected.

At Customer Commons, we’re starting with signaling, specifically with first party terms that you and I can proffer and sites and services can accept.

The first is called P2B1, aka #NoStalking. It says “Just give me ads not based on tracking me.” It’s a term any browser (or other tool) can proffer and any site or service can accept—and any privacy-respecting website or service should welcome.

Making this kind of agreement work is also being addressed by IEEE7012, a working group on machine-readable personal privacy terms.

Now we’re looking for sites and services willing to accept those terms. How about it, Twitter, New York Times, Grindr and Public Citizen? Or anybody.

DM us at @CustomerCommons and we’ll get going on it.

We need a Theia

November 28, 2020

Doc Searls

Advertising, customertech, Independence

Some prophesies come true.

For example, Shoshana Zuboff’s third law: In the absence of countervailing restrictions and sanctions, every digital application that can be used for surveillance and control will be used for surveillance and control, irrespective of its originating intention.

She forecast that in 1989, with In the Age of the Smart Machine. Then she reported on its effects in 2018, with The Age of Surveillance Capitalism.

The business model of surveillance capitalism is tracking-based advertising, which the trade calls adtech. It works by spying on individuals using social media, and by placing tracking beacons in people’s browsers and apps. In social media, the idea is to drive up “engagement.” In browsers and apps, the idea is to use surveilled personal information to aim ads.

As a direct result of adtech, bulwarks of civilization, such as democracy and journalism, are being weakened or destroyed by algorithmically-driven tribalization and and other engaging but icky human tendencies. Also, by funding the spread of false (but engaging!) information during a pandemic, adtech has contributed to the deaths of countless people.

All just so we can be advertised at. Personally.

Facebook and Google are easy and correct to blame, but in fact the whole adtech fecosystem is a four-dimensional shell game with thousands of players. It’s also so thick with complex data markets and data movements that there is also no limit to the number and variety of vectors for fraud, malware and spying by spooks, criminals, political operatives and other bad actors. It’s a dark world where anyone can create or steal mindshare, hack beliefs and opinions, sow doubt, spread hate, turn friends and families against each other, drive otherwise calm people into mobs and violence—all while journalism and democracy fail to restrict or sanction the cause. Take away adtech and most of that shit doesn’t happen.

So, what to do?

Allowing people to opt out of tracking on a site-by-site, service-by-service and app-by-app basis—the “system” we have now—only makes things worse.

Opt-in might seem like a better approach, except it can’t work: not when it looks and works differently for every person for every site, service and app—and when we each still have to agree, in every case, to unfriendly 10,000-word terms and privacy policies obviously designed to screw us and protect them.

And yes, it might be nice to try out a system by which a person might request tracking. But that will only work if sites, services and apps agree to that person’s own terms and privacy policies, and both sides have their own system for keeping records of agreements and means for auditing compliance. But why start there when in the meanwhile civilization is being trashed by adtech?

Defenders of adtech say it funds the “free Web,” free search and other graces of life on the Internet. But that’s like saying billboards give us gravity and shopping malls give us sunlight. Also, most of the money Google makes is from search advertising, nearly all of which is driven by context (the search terms themselves) rather than by surveillance-based assumptions about the person doing the search. If you search for mattress sellers in your town, your search terms are far more useful than whatever else it is that Google’s robots might know about you by having followed your ass all over the place.

Fact is, every business on the Internet can live just fine without adtech. Including every publisher out there.

It’s still early, folks. If digital technology is going to be with us for unforeseeable decades, centuries or millennia, that means our Digital Age is roughly about as far along as Earth was when it got clobbered by another planet, now called Theia, about 4.5 billion years ago.

Humans weren’t here to watch, but it now seems likely (at least to science) that we owe to Theia our water, our days and nights, our seasons, and our Moon. Have we none of those yet on Digital Earth? I suspect the answer is yes.

Perspective: 4.5 billion years may seem like a long time, especially when you consider that it’s more than a third the age of the Universe, which came into existence about 13.8 billion years ago; but neither span seems very long when you also consider that the Universe will last another trillion years or more. Meaning the Universe is just a startup.

So: what’s our Theia?

To answer that, it will help to look at what has failed so far.

Let’s start with Do Not Track. Conceived in 2007 by Sid Stamm, Chris Saghoian and Dan Kaminsky, Do Not Track was a polite request not to be tracked away from a visited website. Here in the physical world, we send a similar request when we wear clothing to conceal the private parts of our bodies, when we draw curtains across the windows in our homes, or when we walk out of a building in faith that nobody will follow us.

But, in the absence of manners and norms for respecting privacy in the dawning years of the Internet, it was easy for the Interactive Advertising Bureau (IAB), adtech’s trade association, to rally the whole online advertising business, including its dependents in online publishing, into ignoring Do Not Track. Even the major browser makers were cowed into compliance, in effect working for sites and services rather than for you and me. (At the W3C, the Web’s standards body, Do Not Track was ironically but predictably re-branded Tracking Preference Expression.)

After that happened in 2013, people took matters into their own hands, turning ad blocking into the biggest boycott in human history by 2015.

But even that wasn’t enough, because the adtech industry fought ad blockers too—and still do. (They also never got the signal that people who block ads might be worth more as customers than those who don’t.)

Then came the GDPR in Europe and the CCPA in California, which arrived in 2018 and 2020, respectively. Alas, both have thus far proven better at adding friction to the browsing experience (with those annoying opt-out roadblocks on the front pages of most websites, and which all of us know damn well are almost all about screwing us) than at stopping tracking itself.

To see how bad tracking still is, in massive spite of the GDPR and the CCPA, check out Blacklight (by The Markup) and PageXray (by Fou Analytics). Surveillance Capitalism remains the norm.

Finally, there are the privacy browsers: Brave, Epic and Tor. While these each provide privacy protection (as do, in different ways, Safari, Firefox and tweaks of Chrome), none are a Theia. Not yet, anyway. Because adtech is still here.

What will make our digital world economy inhabitable by real human customers, and not mere “users,” “data subjects,” “consumers” other labels given them by marketing, the tech industry and regulators who can’t imagine a customer operating at full agency? How will we get an Intention Economy that grows around that agency, much as life grew around a planet that has days, nights, seasons and water, rather than rock, dirt and clouds?

Whatever form our Theia takes, it needs to support solutions to market problems that only customers can provide. Is it one or more of the solutions listed at that link? Or is it something completely new?

One thing is clear, however—at least to me. It has to blow up adtech.

Image Credit: NASA/JPL-Caltech

Going #Faceless

February 13, 2020

Doc Searls

Companies, customertech, Independence, Privacy, Tools

Facial recognition by entities other than people and their pets has gotten out of control.

Thanks to ubiquitous surveillance systems, including the ones in our own phones, we can no longer assume we are anonymous in public places or private in private ones. This became especially clear a few weeks ago when Kashmir Hill (@kashhill) reported in the New York Times that a company called Clearview.ai “invented a tool that could end your ability to walk down the street anonymously, and provided it to hundreds of law enforcement agencies, ranging from local cops in Florida to the F.B.I. and the Department of Homeland Security.”

If your face has ever appeared anywhere online, it’s a sure bet to assume that you are not faceless to any of those systems. Clearview, Kashmir says, has “a database of more than three billion images” from “Facebook, YouTube, Venmo and millions of other websites ” and “goes far beyond anything ever constructed by the United States government or Silicon Valley giants.”

Among law enforcement communities, only New Jersey’s has started to back off on using Clearview.

And Clearview is just one company. Laws will also take years to catch up with developments in facial recognition, or to get ahead of them, if they ever can. And let’s face it: government interests are highly conflicted here. Intelligence and law enforcement agencies’ need to know all they can is at extreme odds with our need, as human beings, to assume we enjoy at least some freedom from being known by God-knows-what, everywhere we go.

Personal privacy is the heart of civilized life, and beats strongest in democratic societies. It’s not up for “debate” between companies and governments, or political factions. Loss of privacy is a problem that affects each of us, and requires action by each of us as well.

A generation ago, when the Internet was still new to us, four guys (I was one of them) nailed a document called The Cluetrain Manifesto to a door on the Web. It said,

We are not seats or eyeballs or end users or consumers. We are human beings and our reach exceeds your grasp. Deal with it.

Since then their grasp has exceeded our reach. And now they’ve gone too far, grabbing even our faces, everywhere we go.

Enough.

Now it’s time for our reach to exceed their grasp.

Now it’s time, finally, to make them deal with it.

We need to do that as individuals, and as a society.

Here’s a three-part plan for that.

First, use image above, or one like it, as a your personal avatar, including your Facebook, Twitter or Whatever profile picture. Here’s one that’s favicon size:

Second, sign the Get Out Of My Face (#GOOMF) petition, here. (With enough of us on it, this will work.)

Here at Customer Commons, we have some good ideas, but there are certainly others among the billions of us whose privacy is at stake.

We should discuss this, using the hashtag #faceless. Do that wherever you like.

Here’s a rule to guide both discussion and development:

No complaining. No blaming.

That stuff goes nowhere and wastes energy. Instead we need useful and constructive ideas toward what we can do—each of us, alone and together—to secure, protect and signal our privacy needs and intentions in the world, in ways others can recognize and respect.

We have those in the natural world. We don’t yet in the digital one. So let’s invent them.

Customers as a Third Force

August 16, 2019

Doc Searls

Independence, Intention Economy, Personal, Research, Tools, VRM

Almost all arguments in economics are advanced by two almost opposed positions, each walled into the castles of their ideologies, both insisting that their side has the solutions and the other side causes the problems—while meanwhile between the two flows a river of customers who, if they could be heard, and could participate with more than their cash, would have solutions of their own.

Customer Commons’s job is giving those customers full agency for dealing with both the businesses and governments of the world, and in the process proving that free customers are more valuable—to themselves and the businesses of the world—than captive (or tracked) ones.

It’s a long fight, dating back to the personal agency we lost when industry won the industrial revolution. And it’s one we continue to lose, in many ways, through these early decades of the digital revolution.

If it weren’t losing, we wouldn’t have books such as Shoshana Zuboff‘s In the Age of Surveillance Capitalism, Brett Frischmann and Evan Sellinger‘s Re-Engineering Humanity, Jaron Lanier,’s You are Not a Gadget (and pretty much everything else he’s written), plus what Nicholas Carr, David Weinberger, and many others have been saying for years.

The problem with most of what’s been written so far is that it assumes customers will remain victims unless companies or governments (and mostly the latter) rescue them. There is little sense that customers can also bring solutions to the market—ones that are good for every party involved.

One notable exception is Brett and Evan’s book, mentioned above, which closes with a hopeful nod toward some of our work here at Customer Commons:

Doc Searls and his colleagues at Customer Commons have been working for years on standardized terms for customers to use in managing their relationships with websites and other vendors… [his] dream of customers systematically using contract and related tools to manage their relationships with vendors now seems feasible. It could be an important first step toward flipping the scientific-management-of-consumers script we’ve become so accustomed to.”

My own work here started with Linux Journal in 1994, and gained some notoriety with The Cluetrain Manifesto (co-written with David Weinberger, Christopher Locke and Rick Levine) in 1999. Then, after notoriety didn’t seem to be working, I launched ProjectVRM at Harvard’s Berkman Klein Center in 2006, and in 2012spun out Customer Commons, which since then has quietly been developing on the personal data usage terms Brett and Evan mentioned above.

These are terms that each of us can proffer, and which the businesses of the world can agree to—as an alternative to the reverse, which has become a bane of online existence, alas made worse by normalization of insincere and misleading cookie notices on the Web, caused by (what we regard as a misreading of) the GDPR: a sad example of policy failing to fix a market problem. (So far. In another post we’ll visit ways the GDPR and California’s CCPA might actually help.)

The term third force has multiple uses already, the most common of which seem especially relevant our work here:

“A group of people or nations that mediates between two opposed groups…” — Free Dictionary
(A humanistic psychology that) focuses on inner needs, happiness, fulfillment, the search for identity, and other distinctly human concerns. Psychology: An Introduction, by Russell A. Dewey, PhD

Since customers and citizens are opposed to neither business nor government, but constantly look for positive outcomes in their dealings and relationships with both, third force works.

— Doc Searls