Older blog entries for dmarti (starting at number 548)

Transparency: it's like confusopoly, but for privacy

(See you at VRM Day 2014.)

"Transparency" seems to be the first thing that people come up with when they start thinking about surveillance marketing. If companies that track people can just be "transparent" about what they're doing, the users can decide whether or not to participate!

This doesn't seem like a problem to people in the surveillance marketing business, since it doesn't impose any extra work on them. They're already thinking about surveillance marketing, because it's their job. But for normal people there are only so many hours in the day. How long will a user really spend trying to comprehend a "transparent" explanation of a tracking device on a web site, or in a store, where he or she only spends a few minutes? It's the confusopoly principle applied to privacy.

Jonathan Levitt, in "In-Store Cell Phone Tracking Pits Consumers Against Retailers", writes:

Industry research shows that consumers overwhelmingly reject cell phone tracking. In a recent OpinionLab study of 1,042 consumers, 77.0% said that in-store cell phone tracking was unacceptable, and 81.0% said that they didn't trust retailers to keep their data private and secure.

Users are already explaining their privacy norms. "Transparency" is a euphemism for communicating about how a company chooses not to comply with those norms.

Omer Tene and Jules Polonetsky explain "creepy" technology:

Notoriously difficult to define, “privacy” has been conceptualized as a “right to be left alone” or a “right to informational self determination.” Good luck operationalizing these concepts in a business environment. Creepiness is more visceral—a gut feeling that arises on the verge of a privacy fail—and may be easier to discern.

That creeped out feeling is not just a reaction to the unfamiliar that will go away. Creepy is how we feel about information asymmetry. When you're interacting with someone who knows more about you than you do about him or her, you feel "creeped out" as a healthy warning, even if there's no technology involved.

The solution to creepy isn't transparency, which is impossibly time-consuming even if people wanted to spend time on it. The solution is to fix the underlying information imbalance using privacy tools. Marketing is bringing technology to a privacy fight, so users are bringing technology of their own, starting with browser add-ons such as Disconnect.

Privacy technology? Doesn't that break online advertising?

Privacy is a problem for advertising if you make the mistake of assuming that online advertising must involve information asymmetry and creepiness. Advertising doesn't have to threaten freedom. As online advertising becomes more privacy-compatible, matched to content not individual user, it will actually work better—more like a magazine ad, less like email spam.

Ideally, technology would implement privacy norms, not try to change them unilaterally. Realistically though, much of the technology that people interact with is going to be working for the surveillance marketing complex, so we're going to need some technology on our side. Technical filtering measures are better than the alternatives: transparency and legislation. Transparency is an impractical time-suck; legislation and regulation move too slowly and get captured anyway.

The Microsoft Scroogled campaign didn't actually have any privacy tech behind it and quietly failed. But platforms that give up on the surveillance marketing bubble will have a ready-made Unique Selling Proposition based on privacy.

Bonus links

Arnel Leyva: EU data rules change the marketer-consumer deal

Doc Searls: Cars as crucibles for personal autonomy

Tim Nudd: Everything You Hate About Advertising in One Fake Video That's Almost Too Real

eaon pritchard: never trust a hippy

Andrea Peterson: Don’t buy the hype: The Internet hasn’t killed TV advertising

Richard Byrne Reilly: On Jan. 1, minors in California can start erasing their online history — including photos

Kyle Russell: I Was Assaulted For Wearing Google Glass In The Wrong Part Of San Francisco

Richard Byrne Reilly: Busted: Supercell terminates ad partner for sneakily reselling ad impressions

Kate Kaye: Survey: Advertisers Rank Below Government at Protecting Personal Data

Mark Sweney: WPP boss says ad industry underestimates effect of Snowden leaks

Mahi de Silva/Opera Mediaworks: The evolution (and big secret) of mobile ad targeting

theresa: General Mills Apologizes and Retreats on Forced Arbitration Change in Terms -- A Victory for Consumers

Mark Bergen: Why U.S. Carriers Are Struggling In the Mobile Ads Business

Michael Caccavale: I Saw the Beacon-Packed Store of the Future in 1990. It's Still Flawed

Syndicated 2014-04-20 14:52:49 from Don Marti

Surveillance Marketing pays

Katrina Lerman of Communispace explains how surveillance marketing pays. First of all, people don't like being tracked in general.

We found that consumers overwhelmingly prefer anonymity online: 86 percent of consumers would click a “do not track” button if it were available and 30 percent of consumers would actually pay a 5 percent surcharge if they could be guaranteed that none of their information would be captured.

What would get them over their resistance? Discounts, of course.

On the flip side, consumers may be willing to share their data if there’s a clear value exchange: 70 percent said they would voluntarily share personal data with a company in exchange for a 5 percent discount.

Got it? This is some heavy Chief-Marketing-Officer-level stuff here, so pay attention. Yes, you'll be spending a lot of money on Big Data and all the highly paid surveillance marketing consultants and IT experts who go with it. (Big Data experts are a rare breed, and feed primarily on between-sessions croissants at Big Data conferences.)

But look what you get for that increase in the marketing budget. You get to cut your price to get people to sign up for it.

Somewhere this all makes sense. Maybe Bob Hoffman can explain it.

Syndicated 2014-04-13 14:52:44 from Don Marti

Movie plot

(Entry for Bruce Schneier's Seventh Movie-Plot Threat Contest)

Ann has completed Agency training for a job as a non-official cover agent at an international oil firm. But now she's assigned to the release engineering team at Aloodo, a large Internet company where the source is open, the culture is wild and free, and release engineering, without management's knowledge, installs back doors for the Agency. A change in the company's elaborate list of security checks means the Agency needs one more inside person, fast, and Ann is the only NOC-qualified agent available.

Hijinks ensue as Ann must make it through the technical interview with a flaky radio connection to an Aloodo-employed NOC agent for support. When it fails, she aces the interview by dropping some petroleum science.

Ann struggles to keep up with both her release engineering work and her Agency responsibilities. But when an series of intricate heists has police baffled, she realizes that the gang is using information that could only come from within Aloodo. Do the back doors have back doors? Who are her new co-workers really working for? Is there anyone she can trust?

Syndicated 2014-04-05 13:54:10 from Don Marti

The underground collaboration system we (mostly) already have?

Underground publishing is nice, but what if you want to run something like an underground newspaper with an editing process? Or an underground wiki? Or an underground software or design project?

It seems to me that the tools to do it are already coming into being, and most of them have corporate uses, which means that most of the work to implement this is being done on the clock.

You can start your underground collaboration system with Git, but in order to actually organize on work you need an issue tracker, something like Bugs Everywhere. Fortunately you can use git as the backend for miscellaneous collaboration applications using databranches, so you can have just Git as the only data store. No separate database needed for the meta-info such as status, owner, deadline, comments.

The system doesn't need all of the stuff in How Git Could Grow into an Enterprise SCM System, but it would be nice to have multi-blob files, bup style, and essential to have some kind of network object store. Tahoe-LAFS? Or just run a bunch of parts of enterprise-ish software stacks that will work as DHT nodes, as Tor hidden services? Swift? You could have a variety of network object stores feeding the same projects, since they're all the same to Git.

(A first step in adding network object stores to Git would just be a tool that walks through a repository and inserts Git objects into the DHT, or gets objects from the DHT to fill in the gaps. Eventually the corporate SCM market is going to need Git repositories larger than the smallest hard drives they're willing to buy for their code monkeys, so this is likely to improve.)

Put any references you want to share long-term into Namecoin and there's your publishing. To read the publication, a user would get the reference from Namecoin and populate a local Git repository with the required objects. (Naturally most people would use an RSS-reader-like client to do this.)

For live collaboration action, a group could stand up a Git repository as a Tor hidden service (using Gitbucket would make this not such a tweaky sysadmin task) or use something like piehole, with the etcd instances as hidden services and relying on the DHT to share objects. Then periodically "archive" refs to Namecoin.

The final result is subversive as hell but all the parts are either already done or mainly useful for Enterprise IT.

Syndicated 2014-03-29 14:39:33 from Don Marti

Five more questions on ad fraud

Just saw The Five Questions That Will Eliminate Ad Fraud. I'm not sure if those will do it. How about five more?

Since adtech is based on the idea of cheating writers using computers, is anyone surprised that someone came up with the idea of cheating adtech using computers?

Can you seriously expect any site that lives by ripping off other people's content to be completely honest with its ad networks?

Since adtech intermediaries make money from fraud just as they do on other ads, can you expect them to take fraud seriously, or just give conference talks about it?

Because IAB is run by and for the Big Data intermediaries who make money from fraud, do legit advertisers and content sites need an independent organization?

How can improving privacy protections for users make online ads more valuable?

More: Adtech, privacy, fraud control: pick two?

Syndicated 2014-02-21 16:48:50 from Don Marti

Fun with Facebook ads?

I use dlvr.it to share blog posts and links with Facebook, through the magic of RSS. Every once in a while I go to the Facebook site to read comments on something that dlvr.it gatewayed there for me, but Facebook is not one of the places I check habitually (see How can I break the Facebook habit).

Most of the ads that I was getting to start with were for free-to-play NSFW games, so I changed my profile to "female". Jackpot! All of a sudden I started getting much more professional ads, including IT products and services for big companies, and training classes for online marketing skills (yes, including a Facebook ad for a class on how to advertise on Facebook). What I guess happened is that the more business-focused advertisers put in gender-neutral bids, and while I was "male" on the site, they got outbid by the game companies specifically targeting male users.

(Dudes, I highly recommend going "female" on Facebook if you haven't already, especially if you might be embarrased about people seeing too much décolletage in the ads when they walk by. So there's your personal infotainment tip for today.)

But what did I do? I had fixed a problem, so I broke it some more. I went ahead and stayed female, but increased my age to 88. Big mistake.

Now, I look at the ads, and I'm getting the bottom-feeders of the bottom-feeders. The above ad goes to a page that has nothing to do with a celebrity scandal. It's some kind of laser surgery racket. Oh well, the "dynamic corporate IT professional" ads that I had been getting as a younger woman were good while they lasted. I don't know if I'm now getting the low bidders who didn't want to pay more to reach younger users, or if some of these advertisers are targeting me.

Bob Hoffman points out that marketing ignores people over 50 but that's just legit marketing, from the kind of places that hire people like Bob Hoffman. All those ad spots that the big brands don't buy are still getting snapped up, and the result is pretty icky.

Syndicated 2014-02-13 15:33:45 from Don Marti


The last time one of my kids was sick, I gave her some Children's Tylenol.

Yes, Tylenol is still a thing. Even after the infamous Tylenol poisonings.


Johnson and Johnson, the brand's owner, recalled all the existing Tylenol, started a campaign to tell people not to take it, and, most important, fixed some key security problems.

Bottle seals are expensive.

Redesigning an openable capsule into a solid, coated caplet is even more expensive.

But the company did it. Today, the Tylenol story is the classic business-school example of how to save a product that has a severe security flaw. And I'm giving the stuff to my kids.

Today is supposed to be "#StopTheNSA" day. I'm just glad that the people who came up with that weren't in charge during the Tylenol crisis. Tylenol would have sponsored a big, attention-getting "#StopTheFBI" day, while customers quietly swore off the stuff.

Bonus link: Will the cloud divide America and Europe? by Rajesh Ram

Syndicated 2014-02-11 14:41:15 from Don Marti

QoTD: Doug Weaver

One can argue, and maybe I'm the first one to do it, that all this targeting and audience segmentation might be creating an internet that's worse for the consumer. By downplaying the need for context, we're actually dis-incentivizing the creation of quality content and environments.

Doug Weaver

(no, you're you're not the first one, but you won't be the last.)

Syndicated 2014-01-22 23:53:56 from Don Marti

Fedora Linux on ThinkPad T440s

First of all, go read Havoc Pennington's report on putting Fedora 20 on a ThinkPad T440s. Good stuff, and a big reason I bought this machine in the first place.

The main problems with the T440s from my point of a view as a long-time Linux/ThinkPad user are...

  • New power connector again. Just when I got rid of my last 16V, and had a decent collection of round 20V ones, too. (But the new rectangular connector is also 20V. Maybe there's a source of just the connectors and I can break out the soldering iron and convert a couple of old ones.)

  • No more hard-wired mouse buttons below the space bar. More on this below.

Yes, this is the kind of little stuff that Linux laptop users are down to complaining about, now. When I was starting out we had to recompile the kernel just to get PCMCIA working. (What's PCMCIA? Get off my lawn.)

The Fedora 20 install was easy, as usual. Since I now have several Fedora, RHEL, and CentOS machines kicking around at work, I wrote an RPM spec to depend on or conflict with all the stuff I like to have or not have, so that I don't have to do as many "I thought that was already on here, oh well, yum install" moments.

Clickpad "trouble"

On previous ThinkPads, I only had to use the "synclient" command once to turn off the TouchPad. Now, with no hardware mouse buttons, there's some more tweaking required. Fortunately, people had already hashed it out in the comments on that Havoc's Blog piece (you did read it, right?) so all I had to do was stick the right commands into a script. Since I will never remember how to make a .desktop file, the script will take care of that, too.

So now I have a Synaptics TouchPad that's set up for just three mouse buttons and for two-finger scroll. One-finger motion or accidental palm contact does nothing. Anyone who has claimed that blogging is dead is clearly Wrong.

Human factors

Nice screen. The speakers have always been a weak point for ThinkPads compared to other laptop brands IMHO, but the T440s is a refreshing change. Not hi-fi, but not pathetic either. Still needs headphones for extended listening.

The keyboard is similar to the one on the T430, with island-style keys. At first glance you might think, oh, crap, another laptop vendor hired an Apple fanboy as a product manager. But somehow Lenovo managed to make this keyboard much more usable than the Apple version. Not sure why, possibly because the keys each have a slight depression instead of being pure minimalist RoundRects. Anyway, good keyboard, and the IBM TrackPoint is unchanged.

Everything just works

Yawn. Have not tried the Ethernet or VGA ports, but no surprises so far. Let's put it this way: you're not going to learn anything about reverse engineering, driver development, or hardware vendor politics here. It's open box, click buttons, watch cat video time.

Time for another round of license poker?

The mid-range ThinkPads have been stealth Linux boxes for a long time, so it's not a surprise that this one is, too. Built from well-supported Intel components, and there's little if any drama getting the pre-loaded MS-Windows off, and Linux on.

Speaking of pre-loaded MS-Windows, well, that's a tough business these days. PCs are getting cheaper. But they're not making much money for their makers. Welcome to the value trap, writes The Guardian.'s Charles Arthur. Time for another round of preloaded Linux laptops, to get a better license deal from Microsoft? Any time Lenovo needs to do that, this hardware is ready for it.

Syndicated 2014-01-20 01:28:53 from Don Marti

We're All Gun Nuts Now, So We Had Better Get Good At It

Why are the people of Silicon Valley, including a venture capitalist slash Stanford professor, seemingly ignorant about questions that any gun show shopper would get right the first time? Michael Dearing, in The NSA and the Corrosion of Silicon Valley, writes,

Inside our companies and research centers, talented minds are being conscripted into surveillance. Think about the software developers who wrote the code behind your email service. Or the team who built the guts of a blogging service’s geolocation features. Not one of them chose to work for the NSA. But their work has been co-opted, effectively turned into surveillance tools.

Turned into surveillance tools.

Turned into.

Maybe the gun nuts have just been thinking about this stuff longer than the Valley crowd has. When the question of gun registration comes up, nobody beard-strokingly says, well, we need to reform the government so that the data collected will never be used for a confiscation program. Any Second Amendment fan will jump straight to assuming that the government, or someone inside the government, will go Pol Pot on them and do the worst possible thing with the data.

A good computer programmer doesn't trust the user's input, or servers out on the network. Why trust the government?

Maybe there's a simple answer. First, wishful thinking, and second, ambitious marketing. People normally interact with companies in a guard-up shopping mode. Users know that a company is trying to sell them something, and protect their internal decision-making process. But using what Rebecca J. Rosen calls the Grossest Advertising Strategy of All Time, a company can try to get inside the user's decision-making process.

In most cases, behavioral marketing goals are nowhere near achieved. The basic data that goes into user profiling is often wrong, and even hot "social" data Isn’t Actually A Good Way To Judge Potential Employees.

But what if there's a deeper problem. What if the Valley crowd really does know that whining about NSA reform is useless? Even if the marketing is weak, the surveillance is Good Enough For Government Work. What if, as Christopher Caldwell suggests, the surveillance-marketing complex is going through a public-private bonding period?

Big Data algorithms often escape common sense and easy regulability. Those who create them have a powerful incentive—as the designers of financial derivatives did a decade ago—to render them opaque. Yet the privacy problem that most agitates the authors is the prospect that companies might have to reveal "confidential business strategies to outsiders." The authors' suggestion of a "privacy framework...focused less on individual consent at the time of collection and more on holding data users [corporations] accountable for what they do" sounds awfully convenient for the data users. In fact, it sounds a great deal like the voluntary compliance that was expected of banks in the Alan Greenspan era.

That's going to be a problem when the inevitable "let's disrupt the incumbent" startups come along. The users and makers of privacy tools could already go to jail under the Computer Fraud and Abuse Act. And clearly, regulation will be more of an aid to the marketing-surveillance complex than a hindrance. In the system that passed CAN-SPAM, the most that Congress will come up with is a a complex set of regulations to protect incumbents (who have the budget to hire people to figure out the regulations) from startups (who don't).

So if adtech is so firmly joined to the NSA (and, of course, to other countries' intelligence agencies) to the point where disrupting it is, well, they don't call it "disrupting" when it's the government, do they? If the surveillance-marketing complex is really a thing, and not just a bunch of naive IT vendors being taken advantage of by the big bad NSA, what can we possibly do?

Users won't learn new stuff. They're content to calmly chew their malware. Germans are switching away from NSA-connected companies, but they have experience that most of the rest of us don't.

Are we supposed to become Cypherpunks 2.0? Bruce Schneier says The US government has betrayed the internet. We need to take it back. and Make Wide-Scale Surveillance Too Expensive. But who can do that? That's a lot of coding.

patent drawing for a Eugene Stoner invention

If you're a citizen looking to keep your Fourth Amendment rights, well, look at the people who have kept their Second Amendment rights. Read pieces like Thoughts on militia kit from Bob Owens. And if you're an IT vendor, then think like a firearms manufacturer.

What's the equivalent of "militia kit" for information freedom? Has to include something like Disconnect (interview). Second Amendment defenders don't have to adopt a Merry Men lifestyle to be effective, and many Fourth Amendment fans can get by with basic privacy tools instead of becoming slow-Internet-using PGP/Tor nerds.

Can we strangle surveillance marketing with easy-to-use off the shelf privacy tools such as Disconnect? Maybe. The big problem for surveillance marketing these days is that they can't have adtech, privacy, and fraud control—they have to pick two. If the user base picks privacy for them, then the presence of fraud rings is a big problem for surveillance marketing. It's easier for a bot to hide if it can pretend to be a privacy-sensitive user.

But can users and developers, without advertisers, squeeze out adtech? Probably not. When I mock Fourth Amendment fans for failing to protect their rights as well as the Second Amendment fans do, I'm leaving out an important fact. The Second Amendment doesn't have a whole industry devoted to wiping it out, while the Fourth is under attack from every "online advertising" line item in every Marketing budget in the world. And as long as that's true, you're risking prosecution under the CFAA every time you block or scramble an ad cookie.


The last piece that needs to come together for this privacy thing to work at all is for advertisers to realize that targeted advertising loses the valuable signal that they're buying ads for in the first place. The Fourth becomes as easy to defend as the Second when violating the Fourth loses its economic constituency, not before.

Adtech is just cold calling with too much math, and it's time for the bubble to pop. More on that in Targeted Advertising Considered Harmful.

Syndicated 2014-01-07 14:16:18 from Don Marti

539 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!