I have been in the former camp because it seems to me that people are increasingly sharing private information and getting benefit [...]]]> Debates about privacy are often polarised between those of the Scott McNeally “you have no privacy, get over it” school of thought and those who feel deeply uncomfortable with this notion. 

I have been in the former camp because it seems to me that people are increasingly sharing private information and getting benefit from doing so, and that (appropriately annonymised) the data has commercial value whose (appropriately sensitve) exploitation can bring value to everyone.  The way advertisers can now narrowly target on Facebook is a good example – it is good for Facebook and by extension its users and it is good for the advertisers who can now reach their customers more cost effectively.

The counter argument is usually a sense of deep unease about how the data might get used and the point that once the genie is out of the bottle you can’t get it back in and bad things might happen.

danah boyd’s speech to SXSW on Saturday helped me understand this counter argument much better.

For those that don’t know danah does a lot of primary research talking to people about how they use social media so when she says “Privacy Is Not Dead. People of all ages care deeply about privacy” I take notice.  Particularly when it is sandwiched between an admonishment of privileged straight white male technology execs who think differently (that’s me) and an assertion that privacy may have a different meaning to my current understanding.

According to danah, privacy is about having control over information flows and understanding the social setting in order to behave appropriately and avoid embarrassment.  When either of these things are challenged they scream privacy foul.  Reading between the lines of danah’s talk slightly it seems to me that the first thought is about avoiding embarrassment and the desire for control might stem from a desire to be able to fix things later should a difficult situation emerge.

The key to your consumers feeling good about your privacy policy is therefore trust – trust that they understand how your site works from a social perspective and that you won’t change the rules on them in ways that might create problems.

Three quick illustrations of privacy FAILs illustrate the points, the first two from danah’s talk and a third from the UK market:

• Google Buzz – Google introduced a service into gmail that took data from a private system (email) and by default made it public thereby changing the rules and creating potentially embarrassing situations
• Facebook Newsfeeds – we have gotten over this now, but when Facebook first started putting status updates into Newsfeeds it created an uproar – because they had changed the rules of the site to make updates much more public which shifted the context and changed the social game (my point isn’t that this was a bad move – we have gotten to like Feeds now)
• Phorm – this UK company planned to sell a software service to ISPs that would allow them to target ads based on surfing history, people were outraged at the lack of control this implied and the business struggled to make progress

The web and in particular the social media sites within it are of course evolving extremely rapidly which I think explains why privacy is such a hot topic.  If feeling good about privacy requires an understanding of the social setting it is easy to see why people are nervous.

The final point I want to bring out from danah’s talk is the notion that privacy isn’t binary.  Offline there are a myriad of privacy status’s between nobody knows and published in a newspaper and online services need to recognise the complexity of how people think about information sharing.  The Facebook newsfeed example makes this point nicely – they made information that was already publicly available more visible and people were upset, in the way they might be if information from a handwritten note that was passed round the class was copied onto the blackboard.

From the perspective of a startup if privacy might be an issue for your users this analysis tells suggests to me you need a clear set of principles about how and why information will be shared and to inspire trust by having integrity as a core value and not springing surprises on people.  Be aware also that as your site grows the rules of information sharing are likely to change and creating a shift in the privacy ‘environment’ that will need managing.

A UK court ruled yesterday that The Times newspaper has the right to name Richard Horton as the (until now anonymous) author of the Night Jack blog about policing in the UK (the blog was here, but the content has been deleted).

The ruling has been covered in the FT and on [...]]]>

A UK court ruled yesterday that The Times newspaper has the right to name Richard Horton as the (until now anonymous) author of the Night Jack blog about policing in the UK (the blog was here, but the content has been deleted).

The ruling has been covered in the FT and on Gawker (where they also comment on a similar recent case in the US).

I know a lot of people will be upset by this development, but I welcome it.  Blogs are a public medium and if someone wants to say something in public they should be prepared to stand up and be counted.

This is, of course, a complex issue and we will doubtless lose some valuable social and political commentary as a result of this ruling (not least the Night Jack blog), but for me that sacrifice is worth making to protect society from people hiding behind anonymity for more nefarious purposes.  In particular I’m thinking of slander, libel and unsubstantiated claims against public figures and companies.

They put it this way on Gawker:

nobody ought to have a right or privilege to publish whatever they please without the consequences of their ideas redounding to them

The un-named etailer made the mistake of asking customers to register with the site before they checked out – I can fully understand the impulse [...]]]> There is a great story on Jared Spool’s blog of how a desire to build a relationship with customers can be counter-productive (thanks to Joe Andrieu for the pointer).

The un-named etailer made the mistake of asking customers to register with the site before they checked out – I can fully understand the impulse behind this – build a list of registered members, improve their future purchase experience, and hopefully improve their loyalty and repeat business stats.

The result, however, was very different.  Total mayhem in fact.

Firstly, when it came to it customers didn’t like having to register:

We conducted usability tests with people who needed to buy products from the site. We asked them to bring their shopping lists and we gave them the money to make the purchases. All they needed to do was complete the purchase.

We were wrong about the first-time shoppers. They did mind registering. They resented having to register when they encountered the page. As one shopper told us, “I’m not here to enter into a relationship. I just want to buy something.”

Some first-time shoppers couldn’t remember if it was their first time, becoming frustrated as each common email and password combination failed. We were surprised how much they resisted registering.

Without even knowing what was involved in registration, all the users that clicked on the button did so with a sense of despair. Many vocalized how the retailer only wanted their information to pester them with marketing messages they didn’t want. Some imagined other nefarious purposes of the obvious attempt to invade privacy. (In reality, the site asked nothing during registration that it didn’t need to complete the purchase: name, shipping address, billing address, and payment information.)

Lesson 1 is don’t make people feel like you are making them trust you or that you assume they want to be your friend.

I’m not here to be in a relationship – that sums it up for me.  If I think about the good relationships I have with offline retailers they didn’t start on the first visit – they started some way down the track, once we had started to get to know one another.  The first visit was all about efficient execution of the purchase process.

Secondly, even if people don’t mind registering in theory, in practice it is a massive hassle:

Except for a very few who remembered their login information, most stumbled on the form. They couldn’t remember the email address or password they used. Remembering which email address they registered with was problematic – many had multiple email addresses or had changed them over the years.When a shopper couldn’t remember the email address and password, they’d attempt at guessing what it could be multiple times. These guesses rarely succeeded. Some would eventually ask the site to send the password to their email address, which is a problem if you can’t remember which email address you initially registered with.

(Later, we did an analysis of the retailer’s database, only to discover 45% of all customers had multiple registrations in the system, some as many as 10. We also analyzed how many people requested passwords, to find out it reached about 160,000 per day. 75% of these people never tried to complete the purchase once requested.)

The form, intended to make shopping easier, turned out to only help a small percentage of the customers who encountered it.

Read the punultimate paragraph in the above quote again – those are some jaw-droppingly-big numbers.

Asking people to register makes the mistake of assuming you are important enough to the customer that they will remember the details they have used.  The second lesson therefore is the folly of that (arrogant) assumption.  (Note this pattern will shift as OpenID and Facebook Connect gain traction.)

Joe quotes Doc Searls as saying “a free customer is more valuable than a captive one” – I’m a big believer in that.  Trying to capture people (or forcing them to register) makes you less attractive.  In the real world we have always known that being needy is a turn-off – yet somehow this doesn’t always get translated online.

And the punchline?  When the un-named retailer changed the process so people weren’t forced to register sales lept up by $15m in the first month and $300m in the first year.

I think this service will be a big deal.  After all the hoo-ha about privacy and nervousness about how people will [...]]]> The blogosphere is awash with talk of Google Latitude, their new service that allows friends to see each other’s location on Google maps on their mobiles.  The screenshot below says it all.

I think this service will be a big deal.  After all the hoo-ha about privacy and nervousness about how people will use it dies down everyone will come to see that a service like this has real utility.  New behavioural protocols will be required, and that will be uncomfortable to start with, but people will get over this, they always do.  Look at telephones, mobiles, Facebook and now Twitter.

It doesn’t look like it has an API though.  I hope one is coming as this would be a great tool for social networks like WAYN.

That is the good news.

The bad news is that outside of search the existing models are coming under strain due to banner blindness and lack of tolerance for interrupt advertising. [...]]]> Online advertising continues to grow fast fueled by increasing consumption of entertainment online and growth in ecommerce (up 38% YoY according to NMA).

That is the good news.

The bad news is that outside of search the existing models are coming under strain due to banner blindness and lack of tolerance for interrupt advertising. The industry response so far has been to focus on targeting the ads better, which makes sense, but I’m not sure it will take us far enough.

As I have been saying regularly on this blog and elsewhere, the best potential answer to this problem that I have heard is a shift to permission based advertising based on a user controlled profile. Something I have been calling VRM.

By profile information I mean things like surfing history, search query
history and user entered data about their likes, dislikes, wish lists
and so on.

Reading NMA this morning the following excerpt made it clear to me that at this stage there is far too little trust between the advertising industry and consumers for this stuff to work. This is from the Privacy Special in the NMA of 17/7/08 (no link due to their paywall):

Privacy storm brewing
-
May 2006
121Media closes its ContextPlus ad-serving service, amid the threat of legal action, and becomes known as Phorm
-
June 2007
Privacy International labels Google data retention policies ‘hostile to privacy’
-
March 2008
After BT is joined by TalkTalk and Virgin Media as potential Phorm users, public outcry sees Phorm‘s share price drop by a third in a day; Tim Berners-Lee, inventor of the web, warns privacy is being eroded online. He claims that he would change his ISP if it worked with Phorm.
-
April 2008
The Information Commissioner’s Office says Phorm is legal so long as it is strictly opt-in; Google rejects calls from the EU’s Article 29 Working Party for it and other search engines to not keep cookie data beyond six months, following its volunteering in 2007 to ‘anonymise’ data held longer than 18 months.
-
July 2008
Privacy protesters threaten to picket BT‘s AGM and give police evidence of earlier Phorm trials on its network; Phorm and BT maintain, despite past slipped deadlines, the ISP will start rolling out Phorm shortly.

This shows the absence of trust very clearly, and the cost of that absence for BT and Phorm.

My strong instinct is that the only way consumers are going to get over this lack of trust is for a) the advertising industry to start sounding like it cares, and b) if we find a way for people to experiment with letting people target ads against them in a low risk fashion.

The best way I can see for this to work is to build consumer internet apps which generate profile information as something of a by-product and then to give users the option to edit their information and also to opt in for ads to be targeted against it.

As a 53-year-old oil and gas engineer living in Calgary, Alberta, Brian Hunter might seem neither a likely Facebook enthusiast nor an investor [...]]]> Reported in the FT this morning Canadian oil and gas engineer Brian Hunter is using Facebook to co-ordinate frustrated retail investors in the £33bn Canadian asset backed commercial paper (ABCP) market:

As a 53-year-old oil and gas engineer living in Calgary, Alberta, Brian Hunter might seem neither a likely Facebook enthusiast nor an investor activist.

Yet Mr Hunter has taken on both roles with gusto over the past two months, harnessing the soc­ial networking site as a potent weapon for disgruntled – but otherwise voiceless – investors in Canada’s non-bank asset-backed commercial paper market.

And it looks like he has been successful, from IA news:

The biggest single roadblock to a proposed restructuring of $32-billion of asset-backed commercial paper was removed on Wednesday after Canaccord Capital Inc. tabled an offer to buy back the stalled notes held by more than 1,400 individual investors.By meeting the demands of its retail clients, Canaccord virtually guarantees a favourable result when ABCP noteholders vote on the workout at the end of the month.

In general I welcome this sort of development. To often through history the voice of small investors and other disparate groups the world over has not been heard as they lacked the resources required to co-ordinate themselves and get their message heard in the media. That has all changed now as anyone with time on their hands can use free tools like Facebook for the co-ordination function and if they are successful in bringing other people behind their cause the media will pick up on it. For example, Brian Hunter spends twelve hours a day on Facebook managing his campaign, which otherwise costs him nothing.

What we have here is an example of oft talked about liberating side of the internet. It is great to give a voice to the little guy who has too often been shouted down by powerful vested interests.

But there is a dangerous side to this as well. It is cool that people like Brian now have a platform to make themselves heard, but the response should be based on the merits of their case, not the fact that they have managed to create a buzz in the media.

I know next to nothing about the Canadian ABCP situation and the motive of this post
is to make a general argument about the use of the internet as a
platform for protest rather than comment on an individual case, but there are elements of Cannacord Capital’s response to Brian’s Facebook campaign that suggest they may be thinking more about their reputation generally than the rights and wrongs of whatever happened in the ABCP market. To be specific, I’m talking about the action by a broker to cover the losses of it’s clients when a market hits problems and the fact that a call from the Cannacord CEO to a potentially suicidal investor was made public.

As the internet changes the dynamics of minority protest, the response to those protests will need to change. Up until now most protesters failed to get press attention and were ignored, while those that were lucky enough or connected enough to generate some column inches stood a much better chance of seeing their demands met. Going forward I think we should all judge cases much more on merit – and that includes both the media and the responding companies/institutions. Otherwise we risk being overwhelmed by over-vocal people with a grievance.

Further, as the little guy is no longer at such a disadvantage then the natural bias in favour of the underdog needs tempering.

All this will take time, and progress will not be even, but provided we avoid the pitfall described above I think this development is positive and society will come to function better as a result of improved communication between its various constituents.

To finish, I’m going to move to an even higher level of abstraction. The trends I’ve described above are part of a more general shift to improved flow of information and increased transparency, which is increasing the benefits of open-ness, transparency, and honesty versus old ideas of control and manipulation of news flow. With that, however, comes a responsibility to act with integrity, and that means avoiding or trying to ignore hype and hysteria and look through to the substance behind the facade.

In this post I have tried to explain how that plays out in the protest arena, but very similar arguments apply in the area of privacy. Collectively we have a lot to gain if everyone shares information about themselves on the web, but that will only work if we make a conscious effort to look at the whole of a person as expressed online and avoid the picking out the pieces that help us make our case – e.g. using small examples of poor judgement as a reason for not hiring someone should be avoided.

A couple of days ago I wrote a post Why are we concerned about privacy? in which I argued that sharing personal some personal data in return for better services was a good trade off. Alan Patrick and I had a privacy versus sharing debate in the comments which left me thinking [...]]]>

A couple of days ago I wrote a post Why are we concerned about privacy? in which I argued that sharing personal some personal data in return for better services was a good trade off. Alan Patrick and I had a privacy versus sharing debate in the comments which left me thinking that to move this topic forward we needed to talk more clearly about the data that would or wouldn’t be shared as well as the risks and benefits that sharing would bring.

One of the difficulties with this subject is that everyone has a passionately held opinion, and it is starting to look to me like that has gotten in the way of good communication. My hope is that in taking the debate to the next level of detail we might find some common ground. (Where is the fun in that I hear you cry!!!)

Yesterday’s FT had an article Fraudsters target social networkers sets out the privacy position pretty well and offers a good basis for moving the discussion forward. They opened with the following two paragraphs:

Millions of people signing up to Facebook, MySpace and other social networking sites could be leaving themselves, and their companies, open to online crime, IT security experts are warning.

The practice of posting up personal information such as birth dates, addresses and phone numbers is proving to be a goldmine for identity fraudsters.

This is worrying, and I have made a mental note to check my Facebook profile for offending items. Everyone should be careful about things like this. Possession of the sorts of data that you use to identify yourself – date of birth, name of first school, home telephone number, favourite football team, mother’s maiden name etc. will be a big help to anyone who is trying to pose as you – i.e. steal your identity.

But, and this is the critical point, that is not the sort of data that I am talking about sharing. That data is much less useful to someone who wants to target ads than information about your hobbies, which sites you visit, what sort of holidays you take, when you take them, etc. That is the sort of information I am thinking about sharing, and unless I am missing something there isn’t much there that someone could use to steal my identity.

It is important to protect against spam though and that might come through some kind of profile/filter system which masks my IP address from the advertiser. That way I can choose to block any offending advertisers from having access to my information just like I block emails from the domains that spam me. As a further level of security the company that hosts and manages my profile for me could keep a blacklist of offending companies as well and refuse them access carte blanche – much as hotmail blocks email from known spammers.

Hopefully being careful about the data that is shared combined with a blacklist functionality should be enough to assuage most people’s fears. We won’t know, though, until someone puts it to the test. It would be very interesting to see a service which offered extra functionality to those who shared their data and permitted targeting. Then we would see how much people really care. Whilst the debate remains in the abstract there is little incentive for people to examine whether their fears are valid in the context of the gains on offer.