reb00ted

We can sustainably, fairly, do better. Let's go.

Tech

By Johannes Ernst

https://reb00ted.org/tech/

  • 2021-06-13

    Colorado is now the 3rd US state with modern privacy legislation, with a twist

    This past week, the Colorado legislature passed the “Colorado Privacy Act”, which makes Colorado the 3rd US state with modern privacy legislation, following the CCPA in California and the CDPA in Virginia. It will start going into effect about 24 months from now.

    Its provisions are similar to California’s and Virginia’s, except for this one, which goes substantially further:

    A CONTROLLER THAT PROCESSES PERSONAL DATA FOR PURPOSES OF TARGETED ADVERTISING OR THE SALE OF PERSONAL DATA SHALL ALLOW CONSUMERS TO EXERCISE THE RIGHT TO OPT OUT OF THE PROCESSING OF PERSONAL DATA CONCERNING THE CONSUMER FOR PURPOSES OF TARGETED ADVERTISING OR THE SALE OF PERSONAL DATA … BY CONTROLLERS THROUGH A USER-SELECTED UNIVERSAL OPT-OUT MECHANISM THAT MEETS THE TECHNICAL SPECIFICATIONS ESTABLISHED BY THE ATTORNEY GENERAL…

    In other words, Do Not Track – or something very much like it – is back in Colorado, and ignoring the setting, like companies did widely when Do Not Track was created, is not an option any more. The technical details will need to be figured out between now and when this provision goes into effect, which two and a half years away. So plenty of time to get this right.

    Progress! Which US state is next? The IAPP has a great chart showing the state of privacy legislation in states around the US.

    Here is the full text of the Colorado bill.

  • 2021-01-15

    Are most Facebook users cost centers, rather than profit centers?

    According to CNBC, Facebook made $7.89 in revenue per average global user in the 3rd quarter last year (with a high of $39.63 in the US and Canada, and a low of $2.22 outside US, Canada, Europe and Asia-Pacific).

    According to Yahoo! Finance and my calculation, if its expenses in the same quarter were $13.4 billion, expense per user was $13.4 / $21.5 * $7.89 = $4.92 on average (proportionally allocated given expense / revenue ratio).

    Revenue per user is obviously quite different in different parts of the world, but what about costs? It seems to me that on a per-user-basis, selling and serving all those ads in the US and Canada that led to so much revenue per user is probably more expensive, compared to some places that have less commerce. But as dramatically different as $39.63 and $2.22 on the revenue side? I don’t think so. Not even close.

    In other words, users in the rest of the world at $2.22 of revenue per user are almost certainly not profitable. Even if expenses there were only half of average, it would still not be enough.

    Of course these numbers are averages across the regions, and chances are that the differences between users within one region are also quite striking. I don’t have numbers on those. But I would bet that some users in the US and Canada also bring in less revenue than the $4.92 in average cost per user.

    Who would those unprofitable users be in the US, say? Well, those demographics and those neighborhoods in the social graph in which advertisers see little opportunities to make a sale, because, for example, everybody is unemployed and angry.

    (So if, for example, a certain presidential campaign came by and wanted to specifically target this demographic with political ads … I for one can vividly imagine the leap of joy of some Facebook business guy who finally saw how to get promoted: “I turned a million users from being a cost center to being a profit center”. And democracy be damned. Of course, I’m speculating here, but directionally I don’t think I’m wrong.)

    Which suggests another strategy to unseat Facebook as the dominant social network: focus on picking off the users that generate the most revenue for Facebook, as they subsidize the rest. If that relatively small subset of users jumped ship, the rest of the business would become unprofitable.

    (I jotting this down because I hadn’t seen anybody suggest this strategy. We do need to find ways of ending surveillance capitalism after all.)

  • 2021-01-02

    The terrible privacy of Facebook apps, visual edition

    Update 2021-01-07: Now consenting to let your data be shipped off is becoming mandatory (thanks @michel_slm@floss.social for the link.)

    Let’s take Whatsapp, acquired by Facebook, and Signal, independent. Both apps largely do the same thing (chat), are based on the same technology, and even led/funded by the same guy, Brian Acton (who is funding Signal to atone for his sin of selling Whatsapp to Facebook according to this article).

    Here are screen shot shots of the privacy implications of both apps, according to the excellent disclosures now required by Apple:

    If this doesn’t convince you to use Signal over Whatsapp, and that touching anything that Facebook does is a high-risk activity, I don’t know what will.

  • 2020-12-09

    Presenting at MyData 2020

    The annual MyData conference is starting in just a few hours. Thanks to COVID, I don’t have to get on an airplane to Helsinki!! They instead use QiQoChat, a conference wrapper around Zoom. See you there? (You can still get tickets.)

    I’ll be speeaking in the following sessions:

    • COVID Apps – Is Privacy Possible? With Julian Ranger, exec. chairman of digi.me in the UK, and myself. We’re planning to do a presentation each, and then open discussion.

      Thursday, Dec. 10, 2:45pm pacific (22:45 UTC).

    • Demo Lounge #3. I’ll be demonstrating UBOSbox, our home server product, that lets you take your personal data home from other people’s clouds on easy-to-administer hardware you control.

      Thursday, Dec. 10, 4:30pm pacific (Friday 0:30 UTC).

    • MyData Governance Interoperability Landscape. I’ll be moderating this international panel with panelists Matthias De Bievre (France), Nat Sakimura (Japan), Joni Brennon (Canada), Harshvardahn Pandit (Ireland), Paul Knowles (Switzerland), Antti “Jogi” Poikola (Finland) and Mark Lizar (Canada).

      Friday, Dec. 11, 2:45pm pacific (22:45 UTC).

    This is going to be fun! And a great kickoff for 2021, which I think will become Year 1 of the user-controlled personal data revolution.

  • 2020-11-14

    On Tim Hwang’s book: Subprime Attention Crisis

    My friend Doc Searls has been talking about this book repeatedly in recent months, as have many others interested in rolling back surveillance capitalism, improving privacy and user agency, and cleaning up the unholy mess that on-line advertising has become. Finally I have read the book, and here are a few notes.

    Tim Hwang makes three core points:

    1. Programmatic, on-line advertising is fundamentally, irredeamably broken.
    2. It’s not a matter of whether it will implode, but just when.
    3. Apply the lessons from the 2018 subprime mortgage crisis: advertising inventory is a different asset class, but the situation is fundamentally the same: eroding fundamentals in the face of an opaque, overhyped market, which will lead to a crash with similarly major consequences when it occurs.

    I buy his first point. I mostly buy his second, but there are too many important differences with the market for collateralized mortgages in 2008 for me to buy his third. Ultimately that parallel isn’t that important, however: if he’s right that programmatic on-line advertising is headed for something dramatic, whether it’s like 2008 subprime mortgages or some other crash doesn’t matter in the end.

    Why would anybody say programmatic, on-line advertising is broken? He has many examples, go read the book, but let me mention my personal favorite from personal experience: ads, to me, on Spotify:

    • Spotify, for a long time, advertised joining the Marine Corps to me. I should be flattered how young, vigorous, and gung-ho they consider me, but hmm, I don’t think so. This must be because they have some wrong data about me, and while Spotify got the Marine Corps’ money all the same, the Marine Corps totally wasted their spend.

      While this example is particularly egregious, Hwang has many other examples, which argue that this is a major and pervasive problem.

    • I recently downloaded the personal data Spotify have about me, as I can because we have the CCPA in California. Looking at the advertising subjects they have tagged me with, guess what?

    It was worse than I was afraid of. I loaded the tags into a spreadsheet, and categorized them into three groups:

    • Interests I definitely have. Example: “Computers and software high spender”. Guilty as charged.

    • Interests I definitely do not have. Example: “March Madness Basketball Fan”. What? Never watched basketball in my life. I don’t actually know what “March Madness” might even be and I’m disinclined to look it up.

    • Interests that I might or might not have, Meh so to speak. Example: “Vitamin C category purchasers”. Maybe I bought some one day. I don’t remember.

    How do you think these categories break down? The majority (30/66, almost half) of tags Spotify has about me is in the Meh category. Will I buy more Vitamin C if they advertise it to me? Maybe, but quite unlikely. Consider the ad spend money in this category mostly wasted on me.

    But this is the kicker: 24 of the remaining tags were “definitely not” and only 12 were “definitely yes”. Twice as many categories about me were absolutely wrong as were correct!!

    Only 18% of the total categories were clearly correct, and worth spending ad money on to target me.

    Eighteen.

    From the name of the tags in the Spotify export, I guess most of them were purchased from third parties. (Makes sense: how would Spotify know I’m interested in Vitamin C, or not?) In other words, 18% of the data they purchased about me was correct, 36% incorrect, and the rest more or less random. No wonder Hwang immediately thinks of junk mortgage bonds with numbers like these.

    But as he points out, advertisers keep spending money, however. Why? I suggest the answer is very simple: because of a lack of alternatives.

    If you stop advertising on-line, what are you going to do instead? As long as there isn’t a better alternative, it’s a better plan to pinch your nose and go to your CEO and say, yes, I know that today, not just half but a full 82% of our advertising money is wasted, but it’s better to waste all that money than not to advertise at all. I can understand that. Terrible, but reality.

    So, for me, the more interesting question is: “How can we do better?” And I think the times are getting ripe for doing something better… stay tuned :-)

  • 2020-10-09

    Three Scenarios for Rolling Back Surveillance Capitalism

    Are we stuck with Surveillance Capitalism? I hope not.

    But what are realistic alternatives? Alternatives that keep the amazing wonders that are consumer technologies in 2020, but don’t invade our privacy, don’t spread misinformation, give us back a measure of control over our electronic lives, don’t set us up for manipulation and help rather than hurt our mental health?

    Here are three scenarios how we could get out.

    Scenario 1: Regulation Bites

    Building on the success of GDPR and buoyed by a growing data sovereignty movement supported by the political right and left, the European Union intensifies regulating cyberspace, and in short order:

    • disallows all businesses to move any personal information pertaining to its residents to data centers outside of the European Union;
    • broadly disallows user tracking except for very narrow circumstances; in particular, cross-site and cross-app user tracking becomes prohibited; advertising networks cannot target audiences smaller than 100,000 members any more;
    • requires all social and communications apps to implement full data portability (including loss-less transmission to a new provider) similar to phone number portability.

    The dominant, American social networking giants focus their efforts in the courts to roll back these regulations, but in the meantime, nimble European upstarts simply copy the feature sets of the dominant platforms and implement them consistent with European regulations. Local politicians mention these apps at every opportunity.

    By marketing their products through schools, privacy-conscious German parents switch over an entire new generation of users to the European apps, and when e-government initiatives enable citizens to much more easily and securely interact with governments through the new apps, the network effect starts hurting instead of favoring the American surveillance platforms.

    As integration has become easy, a European startup figures out how to game-ify fact checking on this new open platform, and on-line misinformation drops rapidly. This increases user engagement and user confidence, and few people ever want to go back to the old apps.

    Other countries outside the EU concerned about data sovereignty have been watching carefully and quickly follow the European model, through regulation and targeted industrial policy. Facebook and friends are playing catch-up and are forced to play by the new rules to keep at least some of their user base in those countries.

    And when they started to market their apps internationally, even large swathes of the American population moved over, because they don’t want to be surveilled either.

    Scenario 2: A Global Disinvestment Campaign Leads to a Vibrant Good Technology Market

    With the slogan “Facebook is just as bad as burning oil”, digital rights activists have partnered with veterans of the divestiture campaigns against South African apartheid, tobacco and fossil fuels for an international public relations campaign targeting investment and retirement funds that invest in companies monetizing surveillance.

    Being reminded of the impact of previous disinvestment campaigns and sensing a business opportunity, fund managers globally are rapidly rolling out new niche funds that promise to only invest in companies that use personal data responsibly. Their initial target markets are minorities and parents saving for retirement who are concerned about their kids’ safety when using technology.

    Upstart VCs jump on the opportunity that this new, focused capital represents and funnel it via special-purpose “Good Tech Only” venture funds to eager entrepreneurs world-wide to build next-generation social networking, commerce and virtual/augmented reality companies, without fear that VCs will pressure them to monetize customer data anyway when the company hits a difficult patch.

    Having made a clean break from the surveillance business model, these upstarts are able to innovate rapidly both on business model and technology. For example, enabled by new business models, interoperability with other vendors has now become a value driver rather than a leak in the enterprise’ moat. This completely changes the dynamics of the marketplace.

    As a result, entirely new product categories no longer prevented by vendors’ data hoarding strategies explode on the scene, including, for example, much better targeted advertising because users can volunteer personal data without fear of privacy violations, proactive maintenance of consumer products by an army of service providers no longer inhibited by hermetically sealed cloud castle products, and far more reuse and upcycle of previously discarded products.

    As the Good Tech brand rises, and unprecedented features become available, more and more technology users are willing to make a clean break with surveillance legacy platforms, and shame their friends to move from the legacy social networks into moving to Good Tech as well.

    Ultimately, the legacy vendors practicing surveillance capital face shrinking users bases, less access to capital, and structurally cannot compete with the new generation of Good Tech companies.

    Scenario 3: Frustrated Users and Open-Source Developers Start Cooperating for Mutual Benefit

    It started small, with a few technically-competent digital rights activists pooling their expertise and a little bit of money to operate their own Mastodon server, so they could stay in touch just like on Twitter, but without an unaccountable third party in the loop. (Note: this, of course, already has happened; there are many Mastodon deployments like this all around the world, some of which have already progressed further along the lines outlined below.)

    As interest and user numbers grew, the previously informal collaborations started to be formalized: users not contributing their labor would pay a monthly fee, from which systems administrators would be paid to keep the deployment up and running reliably. Over time, the initial collaborative decision making process for the project morphed into a formal cooperative governance structure in which all stakeholders – users and maintainers – have equal rights. They decided on all matters affecting the project democratically, although different cooperatives employ different styles of governance including direct, liquid and representative democracy.

    Soon users started to ask for additional tools provided to them in a similar manner, like document sharing, calendaring, e-mail, and more. Accountants would ask: “Microsoft charges me $6.99 per month to access Excel. If I pay the same amount to the coop, can’t we host something like Excel ourselves, and I can be certain that my clients’ financials stay private instead of whatever Microsoft does?” Some other users in the coop declared that they had similar needs, and banded together, money in hand, to fund a project. Which attracted open-source software developers who committed to porting open-source collaborative document editing software into the cooperative’s environment and keep it maintained for a monthly fee paid for by its users.

    Of course, the apps operated by the various cooperatives always interoperated, because that’s what users want and no vendor subject to the coop’s rules has the opportunity (or desire) to lock in anybody. So leaving one cooperative to join another became as simple as moving banks today, with no money or data lost in the process.

    Some projects didn’t work out. Some money was wasted. Some coops imploded. Some users left because initially, the quality of the coops’ products was below the quality of social networking products of today’s dominant internet platforms funded by billions of Wall Street dollars. However, because the cooperative structure relates the needs and wants of the users directly to the revenue opportunity of the vendors, with no independent shareholders to satisfy, ultimately the match between needs and features became much better than in pure capitalistic for-profit models, creating legions of fanatically happy users and profitable vendors completely outside the need or desire for surveillance capitalism.

    Some final thoughts

    Of course, there are other scenarios; elements of these scenarios could be combined in different ways or shake out differently, and predictions are hard, particularly about the future :-)

    But there are people working on each of those scenarios today (myself included!), and it is not obvious to me that those projects are doomed. In other words, they have promise! How can we help them be more likely to succeed? Because I want out from surveillance capitalism, and chances are, you do, too!

    (Please get in touch.)