The nightmare of easy and simple

The instrumented waste bin I predicted at the San Francisco Personal Data meetup a couple years back is now a thing.  While researching GeniCan I naturally had to go read their privacy policy.  It was there that I stumbled onto a service that lets you generate a privacy policy from a workflow.  You fill in some data and select from several options, it generates a custom policy from an inventory of templates that it fills in and assembles.  It can make policies for your web site, Facebook app or mobile app. Easy. Simple. Free.

Sounds awesome, right?

You were waiting for the “but”?

[Read more…]

Better surveys = better signal

I’ve spilled many bits in this blog about the difference between vendor-driven creepy malvertising ad-tech versus consumer-driven intentcasting and Vendor Relationship management.  The vendor-driven model is the one where you are surveilled from all sides and the data compiled, analyzed, sliced, diced, massaged, correlated and enhanced until the vendor has a good idea to which things you will respond viscerally and then attempt to manipulate you with them.  This model is based on exploitation of human biases and vigilance fatigue. Vendor Relationship Management (VRM) on the other hand is about the consumer broadcasting intent and preferences to a market that can respond accordingly.  This model is based on fulfillment of the consumer’s self-directed interests and desires.

Somewhere in the middle are consumer surveys: direct customer input, wholly vendor driven.  Or at least many people, vendors and customers alike, think these are somewhere in the middle.  Me?  I’m a sucker for surveys since they are about as close to VRM as it gets most of the time these days.  I fill them out in bulk in hopes of detecting some whiff of VRM in one of them, and now and then I’m rewarded for my effort.  But only once in a blue moon.  Sadly, virtually all surveys I’ve seen fail to rise to a level that might qualify as anything close to VRM and most are just plain clueless.

[Read more…]

Roadie further blurs the lines between atoms and bits

The business model behind Roadie sounds simple enough: fill all that unused cargo space in commuter cars with goods for delivery.  But look a bit deeper and it is potentially transformative.

[Read more…]

The Newtrain Manifesto

Next month Deborah Schultz will be presenting a keynote called Smart Data: The Struggle to Enhance Customer Experience in a Digital World at the Direct Marketing Association’s upcoming Marketing Analytics Conference.  In preparation she bounced the topic off of the VRM mailing list asking how the crowd there would challenge this audience.  Naturally, I had a few ideas.

[Read more…]

Listening wasn’t bad enough?

Owners of Samsung’s “smart” TVs are now reporting that streaming apps running on the TVs are inserting Pepsi ads into user-owned content stored locally on their PCs and NAS drives.  In nearly identical stories, GigaOm and Ars Technica report that this happens for Plex and Foxtel apps running on the TVs.

In addition to the obvious privacy implications, this renders visible a new category in the monetization field: legalized theft of intellectual property.

If you recall the arguments around web search, framing and deep linking, the damage claims arose from money made on the value of the content by people who did not own the content and without permission of the content owners.  It was, according to various legal arguments, theft of intellectual property rights, conversion, dilution of the market, etc.

In this case, Samsung is monetizing content you stream locally without regard to who owns the content.  There is every reason to believe the content is yours since every smart phone made today takes movies.  It’s a point of pride for Samsung who tout their high quality cameras and sensors made to do exactly that.  Samsung unquestionably understands the concept of user-generated content and the high probability that the content into which they are inserting commercials is home movies of your cat(s), your kid(s), someone’s birthday party, or your vacation.  Maybe you are showing home movies of your recently departed loved one at the wake and suddenly Samsung inserts the Pepsi commercial.  (One only hopes it is at least the “Pepsi brings you back alive” campaign from years past.)

The point is, Samsung has no way of knowing anything about the content or the context, only that you find it interesting enough to watch therefore it is valuable enough to monetize, and Samsung believes they have the right to do so.

Because they manufactured the display.

I realize suggesting that Samsung believes they have a right to impose these ads on you may sound a bit hyperbolic, so let’s look at their Privacy Policy–AdHub Supplement:

When you use a Samsung service that includes ads provided by AdHub, AdHub receives certain information about your device. This information may include the device’s hardware model, IMEI number and other unique device identifiers, MAC address, IP address, operating system version, and settings.

In addition, the first time you visit a service that displays ads by AdHub, Ad Hub will assign your device a random ID number, which will be sent back to AdHub each time your device gets a new ad from AdHub.

When AdHub displays an ad to you, AdHub logs the fact that your device received that ad, as well as the webpage or other place where you viewed it.

This leaves no doubt that Samsung is assigning unique tracking IDs to each device capable of rendering content and ads.  In order to access the features of the phone, tablet, smart TV or whatever, you are required to have a Samsung account.  This attaches your personally identifiable data to each Samsung smart device and correlates those devices under a single umbrella account.  Everything that is trackable on the devices is personally identifiable back to the device owners.

Whether or not you trust Samsung as custodian of your private data, the real question is how much you trust the advertisers and publishers that Samsung invites into your device through their AdHub.  Though Samsung doesn’t share with them the information collected by Samsung, they do something even better.  Samsung gives these third parties direct access to your device, tells you up front that your data will be collected by these third parties, then disclaims any responsibility for what those third parties might do with that privileged access.  Samsung remains cozily wrapped within a cloak of anonymity and a blanket liability shield:

Third-party advertisers may use web beacons in their ads in order to collect information about users who view their ads, including through cookies, beacons and similar technologies. Samsung does not control the data collection and use practices of these companies.

Samsung next states their right – there’s that word again – to impose these terms on you.  The last part of the policy supplement states that “you can opt out of receiving targeted advertising from AdHub” but notes that that if you do “you will continue to see ads, but they may be less relevant to you because they will not be based on your interests.”  In other words, haven’t opted out of any of this data collection, only whether it is used to deliver targeted ads.  Everything upstream of that, including the personally identifiable data collection and all the various uses to which that may be put, both by Samsung and it’s army of anonymous advertisers, is protected under the contract.  Should you choose to operate the device without registering it to a Samsung account, the piece that makes your use of the device personally identifiable and provides the context of all your other devices, you don’t get to use the features for which you purchased the device.

Let’s be real clear about this.  You unquestionably own all rights to content that you create, including the right to monetize that content or to make the choice to not monetize it.  You are watching the content in the privacy of your own home.  It is running over cables, switches, routers and NAS devices that you personally own.  You are the one paying for the electricity and bandwidth.  But if the smart device on which you render the content bears a Samsung nameplate, they can force you to watch ads as a prerequisite to render that content, whether you like it or not.  Not only is Samsung monetizing your content, they are monetizing your viewing of your content.  

Whatever we may think of this, we need to be asking what’s next?  Will Motorola, Linksys and Netgear claim a right to insert ads into your privately owned, user-created, streamed content because they manufactured the cable modem, switch and router, respectively?  Will Western Digital, Buffalo, or Synology claim a right to insert their ads into your privately owned streamed content because they made the NAS drive?

All of these “smart” components are in the path between where your content is stored and where it is displayed.  All are essential for the content streaming to work.  All have the processing capacity to insert ads into your content, and all come with Terms of Service and Privacy Policies that you agreed to sight unseen.  Samsung may render the content but there is no content to render without all of these other components.  Samsung was merely the first to stake their claim but every device in the chain has no better or worse standing to claim a right to insert ads into your streamed content than does Samsung.  Do you believe none of them will assert that right once Samsung establishes it?  What, exactly, do you believe will stop them?

Let’s do the chess thing and think ahead a move or two.  What happens if someone figures out how to disable the ads and distributes a root kit or firmware patch?  If that qualifies as anti-circumvention under the DMCA it would be a felony.  Will we not have the right to root our TV, just like we do/don’t have the right to root our phone?  What happens if a downstream device like the TV happens to interrupt the stream right in the middle of the ad being inserted by an upstream device like the switch or NAS drive?  Will Linksys start charging Samsung and Synology for access to your in-home network, the same way that ISPs want to charge Netflix, Amazon and Hulu for bandwidth that has already been paid for at both ends?  Because if you are not the ultimate arbiter of what happens on your private home network, then it is up to the courts and corporations to say what happens there.

Let’s think another chess move ahead.  US law sets a pretty high bar before law enforcement officers can invade the sanctity of your home.  True, these are greatly eroded lately, but your home is where you enjoy the most privacy protection against being recorded in video or audio, and physically searched.  But if your TV, phone, game console, robots, toys, appliances, baby monitors and security systems are all live-streaming to corporate entities, law enforcement no longer have to clear that high hurdle.  Most companies, especially small start-ups, won’t stand up to government information requests.  Do you worry that “this call may be recorded for quality assurance”?  Now everything you say in your living room, bedroom, bathroom, car, and your side of every phone call will be recorded for quality assurance and delivered to law enforcement during discovery, even if you aren’t the target of the investigation.  You will have more privacy in your front yard than in your own home.

None of these scenarios are all that farfetched in a world where manufacturing a device confers the right to mediate the content transmitted or rendered on that device in a private setting.  We consumers don’t read the contracts to which we are bound when we buy these devices and it doesn’t seem likely we’ll start any time soon.  We keep buying the devices despite frequent news stories detailing ever more invasive privacy invasions and it doesn’t seem likely we’ll stop buying them any time soon, either.  These practices generate net-new revenue for the device manufacturers so, short of them stepping on one another, there’s no chance they will stop voluntarily any time soon or, for that matter, ever.

When you can be forced to watch an ad before viewing content you personally created, there is no neutral, no middle ground, no shred of privacy left to give up that isn’t already being taken from you without your consent.  The only options left are to accept the commoditization of our intimate lives, or else to actively protest and demand regulatory protection of our privacy rights and strong enforcement.

If you believe that there is anything at all in the world to which you have a right of privacy, this moment in our time is the last chance you will ever have to demand it before the window of opportunity slams shut and you are rendered effectively naked in the panopticon of life.  Anything short of active opposition now is acquiescence.  We need to be angry and we need to hold our elected officials accountable to represent our interests for once.  Unfortunately, it doesn’t seem likely we’ll start doing that any time soon, either.

Open Letter to Chris Cox and Facebook

2015-02-14_13-58-05It was nice of Chris Cox to post an explanation of Facebook’s name policy and apologize to “the affected community of drag queens, drag kings, transgender, and extensive community of our friends, neighbors, and members of the LGBT community for the hardship that we’ve put you through in dealing with your Facebook accounts over the past few weeks.”

Except that the post doesn’t honestly explain Facebook’s name policy.  The real purpose of the policy is to force you to use a name on Facebook that can be matched to the name you use to make transactions – such as the one on your credit card – so they can correlate the ads you’ve been shown to purchases you make in the real world and charge the advertiser more money.  This is why in the old wording of the policy they asked for the same documents they match against – driver license, credit card, etc.

[Read more…]

What is your definition of personal?

Over at the Cloud Ramblings blog, John Mathon provides his list of Breakout MegaTrends that will explode in 2015.  There’s an entry in there about Personal Cloud rising to prominence.  Yay!  John and I often see eye to eye on our visions of the near future of computing and Personal Cloud is definitely huge in that future.  But it seems that once you get past the name “Personal Cloud,” our visions begin to diverge.  I’d like to explain how they diverge, why my vision is better, and beseech John and all the other pundits, analysts and trade journalists out there to adopt a slightly stricter interpretation of what, exactly, constitutes “personal.”

[Read more…]

Marketing Week’s flawed IoT survey

marketing_week_infographicA few hours ago, Marketing Week published an article in their Trends section titled Smart Homes Lack Consumer Connection.  Although I’m an eager proponent of Internet of Things, I don’t find much insight or any actionable conclusions here for a number of reasons that I’ll explain below.  Do you find it insightful or helpful?  Does your answer change after you read this post?

What, no privacy concerns?

When it comes to people declining to install “smart” devices, the breakdown of their reasons as provided in the article is:

45% - Cost
44% - Unimportant
23% - Complexity
21% - Inappropriate data collection
18% - Intrusive
 3% - None of the above

Apparently it is possible to drastically reduce the ranking of privacy concerns by distinguishing between “too intrusive” versus “data being collected and used inappropriately.”   That’s quite a fine line to draw considering the lack of granularity in the other categories and instead of “Privacy – 39%” which would have trumped Complexity, we get two separate line items falling below everything else on the list except for “None of the Above”.  On the one hand it’s great that the study authors found something nuanced to look at.  On the other hand, gaaaaaaa!

What does “cost” mean here?

For example, a plethora of issues appear to be lumped into “cost.”  We all know that “cost” really means “cost versus benefit” and the article fails to distinguish whether people actually like the devices on offer and in their current form – i.e. see the devices as as highly beneficial.  Maybe respondents love the devices but lack the funds to buy them, in which case a plausible ROI demonstration is appropriate.  A good example of this is 40 watt equivalent LED bulbs that used to cost $30 ~ $50.  Now that they sell for < $10 they have gone mainstream.

That seems to be the direction the authors are going when discussing energy saving devices and use the phrase “save money” four times in the article.  On the other hand, “cost” may mean it isn’t worth paying the price for the devices on offer because the additional benefits derived simply aren’t compelling.  A good example of this was when there were no 100 watt equivalent LED bulbs or 3-way LED bulbs.  You had to pay a lot more money for something that wasn’t as functional as before.  Kinda like buying a “smart” bulb and then having to duct tape the wall switch to the On position and use your phone to control it, or having no control over a “smart” device when the Internet goes out.  Too bad the study authors didn’t see the need to find any nuance here.

Relevance

Revolv Hub

This image embodies much of what’s wrong with IoT. Rather than replacing devices with functionally equivalent smart devices that provide enhancements, today’s IoT expects you to buy new types of devices, designs them as though you wish to feature them in your decor, and requires you to control everything over the phone.

Just as a raftload of sins are hidden under “cost” in the study, so too are they aggregated under “not considered important in my life.”  Does that mean “not considered important enough to find a place to put this new device on display so my friends will know how cool I am” (see the Revolv hub photo in the article) or “because I’m a Luddite,” or something in between?

Notification

Every single person who enables the buzzer on the washer and dryer has indicated their desire for those devices to notify them.  Everyone whose telephone is not set to mute, whose doorbell is operational, who use an alarm clock, who use a kitchen timer, have indicated a desire for notifications.  It is impossible to argue that notifications themselves are unimportant, so what is it about these notifications that is not compelling or relevant?  Perhaps it is because the notification destination is almost always the phone and that ambient notification devices are never used?  Of course, use of ambient notification systems would require integrations to a wider variety of devices and Industry seems to be well aware that Internet of Things is not about that.  No, the IoT is apparently about controlling, rather than enabling, all your device integrations.  That may be significant part of the problem but you’d never know it from reading this study which never considers whether the prevailing device architecture is part of the problem.  The article not only fails to provide any insight in this area, but it doesn’t seem to recognize that there’s any nuance to be found.

Actuation

The other side of smart devices is actuation.  The primary time most of us wish for actuation is along the lines of “did I turn off the [insert name of device here] before I left the house?”  We’ve had device-issued notifications forever, even to some extent remotely, but we have not had a lot of “smart” actuation before.  For many people “not considered important in my life”  probably means exactly what you’d think and what the article suggests: we haven’t had this capability up to now and we don’t generally sit around wishing we did.

But “not considered important in my life” could also mean that the functionality of the devices on offer is perceived as laughable.  “You want me to replace a perfectly good wall switch with…my phone? BWAHAHAHAHAHA!”  This is the group into which I fall.  Admittedly this conclusion requires an informed and tech-savvy consumer.  However, targeting the portion of the market who do not understand the problem with this creates an incentive and business model based on keeping them clueless, and which also happens to facilitate the device-as-data-collection-portal paradigm.  Anyone but me have a problem with this approach?  Anyone else believe that devices should first act like the analog thing they replace and then provide enhancements as a secondary function?

It is also possible that “not considered important in my life” means “the device on offer doesn’t have the integrations that would make it compelling and traps me in a walled garden making it unlikely I’ll ever get the desired integrations.”    Call me crazy but when my deaf aunt comes to visit, I might actually want the doorbell, fire alarm, toaster, washer and dryer to talk to the house lighting so she can receive notifications just like everyone else in the home.  Anyone else believe that all devices should have open APIs so that prosumers and integrators can build compelling functionality with the mesh?  Or believe that a mesh of connectivity across all these unlike devices from different vendors needs to exist in order to realize the potential of IoT?  Maybe doing that would make IoT more relevant to the average consumer.  The study or authors, not sure which, or both, don’t seem to care how the “not important” category breaks out or whether the architecture is part of the reason people decline to buy.  Too bad.  We might have learned something by drilling into these issues.

Privacy – it’s in there

Marketing Week screen shotThe one area in which the authors found some nuance was privacy concerns.  It is unfortunate that the result of granularity in this category is to drastically understate the relevance of privacy in consumer minds as compared to the other categories.  The effect is apparent in the summary  that Marketing Week uses when referring to the article from elsewhere on the site: Consumers cite cost and lack of usefulness as barriers to adoption.  No, they didn’t.  If you combine both of the Privacy categories, there is a total of only 6 percentage points separating Cost (45%), Relevance (44%), and Privacy (39%).  Complexity (23%), which is the next closest category, comes in a distant 12 points below Privacy.  The concerns expressed seem to cluster around Cost, Relevance and Privacy as the barriers to adoption.  Odd that privacy would get dropped like that.

Perhaps when your audience is an industry driven by the collection and analysis of consumer data, to suggest that consumers have significant privacy concerns is taboo.  Or perhaps the researchers genuinely wanted to drill down in this area because it is important, created sub-categories for privacy, but that intention got lost in publication.  Hard to say what is going on and since the usefulness of the conclusions varies so widely depending on how you read the intent here, any credence we each give the study will tend to align with our own confirmation bias.  Anyone can interpret the results according to their own views and that, for me anyway, renders the results meaningless.

Does anyone other than me believe that devices should default to not sending data to the vendor and instead allow the device owner to optionally enable vendor access to the data based on receiving something of value in return?  That model would not only significantly improve consumer perceptions of data collection and intrusion, it would actually contribute to consumer confidence in IoT privacy.

Spin doctoring

Marketing Week Screen Shot

The article features an infographic, followed by this opening text.

I’m forced to make a lot of assumptions here because the study isn’t linked from the article and not accessible through Google search or anywhere else that I’ve found.  Since we do not have access to the study or information about its origins, we have to work with what’s in front of us.  Unfortunately, what’s in front of us doesn’t hold up well under close inspection.

Strangely, the first words in the article (at least those that aren’t a headline) are “The study, seen exclusively by Marketing Week, reveals…”  To which study are they referring, and what do they mean by “seen exclusively by”?

Are they trying to imply that someone independently and spontaneously funded this research without Marketing Week’s involvement and then gave Marketing Week exclusive access to it? The headline mentions “new research,” a non-specific phrase which could be plural or singular and suggests no connection exists between the reporter and the news being reported.  The rhetorical device of starting the article copy by back-referencing an unnamed but specific study from among all the available “new research”, and the passive construction using “seen exclusively by” combine to reinforce the suggestion that this is independent news reporting. So too do the references to “Source: Gekko” as the authors of the research.

If all that is true, then who commissioned the research?  And how did it end up as a Marketing Week exclusive and with their branding all over it?  Did Marketing Week vet the provenance of the study before publishing it?  Or did they in fact commission it themselves?  Why not just tell us the origins, scope and charter of the study or make it available, unless the intent is to deliberately put some spin on it?

To be fair, my suspicions of deliberate spin doctoring assume that the article was written by someone whose core competency is the use of English language in the art of persuasion, for example a marketing professional or experienced reporter in that field.  Someone like that doesn’t end up with a product like this by accident.  On the other hand, one could (some might say should) could give Marketing Week the benefit of the doubt and assume that the unusual rhetorical construction isn’t actually deliberate framing but rather a case of sloppy as hell writing and editing that managed to get past all the approvals required for a high-profile feature article.  Hey, it could happen.  Decide for yourself.  Got a different interpretation?  Let me know about it in the comments.

Personal conclusions

My issues with the methodology, the article’s interpretation of the results and the apparent framing lead me to conclude that there’s enough of an agenda showing through to distrust the whole thing.  I would have much preferred if the authors had drilled deeper into the broad spectrum of reasons consumers give for not buying today’s IoT devices.  There are very few devices on offer today that provide a combination of compelling functionality, an open API, operate when disconnected from the Internet, and integrate with anything.  Any study today would therefore be constrained by consumer perceptions of the crippled proprietary devices we have now as being representative of the possibilities of IoT, and thus such a study would be marginally useful at best.  But it would at least be more useful than the study presented.