Doc Searls's Blog, page 2

It’s a battle of the holidays at the Sam’s Club here in Bloomington: Christmas on one aisle and Halloween on the next one, back-to-back. Hey! Come in and stock up on stuff that occupies otherwise useful space for 350 partially overlapping non-seasonal days of the year!

At least this stuff (at Sam’s Club in June) tends to get used up, and not stored in your attic:

Unless you’re in Indiana, I suppose. Wondering what percentage of customers store their un-launched fireworks at home, I’ve found nothing about Indiana or the U.S., but I did find Consumer Behaviours and Attitudes to Fireworks in the UK. An excerpt: “Once bought, two-fifths (43%) of people store fireworks in the house, a fifth (20%) in the garage and a sixth (15%) in the shed.” So there ya go.

A top few (said by the site to be the most interesting) of the thousands of IIWs since 2005 that I’ve posted on Flickr.

I wrote for Linux Journal from 1996 to 2019, and have been involved with IIW since I helped start it in 2005. So, in an effort to help substantiate a future Wikipedia article on IIW, I wanted a list of all my Linux Journal contributions mentioning “IIW” and/or “Internet Identity Workshop.” (Never mind that my founding role with IIW may disqualify that list from citation. I still wanted it.) So I asked Gemini and ChatGPT separately to provide me with one, and in chronological order. Gemini gave me just three. ChatGPT gave me the whole list, which I already knew by looking through the /linuxjournal/ directory on my hard drive. (I just didn’t want to hand-organize them chronologically.) So, surfacing the effort, here ya go:

Let’s go bust some silosCan we relate?Getting beyond Brad’s ParadoxAn open source approach to fixing public media fundingEOF – Driving Markets from Our Own KernelsWho Controls Your Data?Cluetrain at FifteenThe True Internet of ThingsDealing with Boundary IssuesIdentity: Our Last StandNew Hope for Digital IdentityCookies That Go the Other WayHow Can We Bring FOSS to the Virtual World?

FWIW, https://www.linuxjournal.com/search/ at Linux Journal no longer works. Images are also gone from most of the pieces themselves. But it is truly great that Linux Journal is still alive, and the archives are there and link-able. Hats off to Slashdot Media for keeping it up.

For a time in the ’00s, I wrote a newsletter for Linux Journal that isn’t anywhere online. I think I’ll put that up somewhere at searls.com, eventually.

In case you didn’t click on the photo collection above, the link is here.

A Goodwill price sticker before and after I failed to peel and scrape it completely off.

Please find pricing labels that stick well enough to do their job, and the customer can get off without too much work.

Thanks!

P.S. In an unrelated matter, Grammarly suggested rewriting that second sentence this way:

Please find pricing labels that adhere well enough to perform their intended function, yet can be easily removed by the customer without excessive effort.

Which is better? (Note: I’m posting this thing in a rush between runs to a Costco an hour away from here.)

I’m in the little circle southwest of Indianapolis.

In Fulfillment: Winning and Losing in One-Click America, Alec MacGillis notes that the city at the center of a circle containing the largest population within a one-day drive is Dayton, Ohio. You can kinda see that in the map above, which I discovered through Brilliant Maps. They got it from the highly precient Defining US Megaregions, published by the Regional Plan Association in 2009, long before interstate highways across the US became flanked by transport transfer buildings big enough hold five Costcos, and trucks hadn’t yet threatened to outnumber cars on major highways.

When we got a place in Bloomington four years ago, we thought the town was basically isolated. But we quickly found that we were kinda close to a mess of major league cities. Indianapolis was closest, less than an hour up I-69. Lousiville was a bit under two hours away. Cincinnati was about two and a half hours. Columbus was three hours. Chicago was a bit under four hours. Same with St. Louis. Detroit was five hours, and Milwaukee a few minutes more. Cleveland was five and a half. All of these cities were options for a day trip, and we’ve been doing our best to visit them all.

On trips to these cities, we’ve noticed that open country between them is part of what makes them cohere as a region: a feature rather than a bug— especially as the truck traffic between them gets thicker:

Trucks, mostly, passing one of many “cross-dock,” “transload,” “parcel hub,” and “distribution centers” alongside I-70 on the northwest corner of Dayton, Ohio. Shot this when I was driving through earlier this month.

There is something new about all this.

What’s old are Designated Market Areas, or DMAs, also known as TMAs, or Televsion Market Areas:

These are (or were), defined by what collections of TV stations households watched most. My company was once hired by the three major network stations in the Greenville-New Bern-Washington DMA, to help pull viewers in Nash, Wilson, and Wayne Counties away from stations on the same networks in the Raleigh-Durham-Chapel Hill market. All stations on both sides had built 2000-foot towers to maximize their signals across their overlapping regions. It was quite the war. (One we lost, but that’s another story.)

By now, TV watching has drifted from “What’s On” to “What’s Where.” And there are a zillion choices of “where”: Everything on YouTube, TikTok, Instagram, on-demand subscription streaming services such as Netflix, HBO, Prime, Disney+, and your nearby cities’ TV stations. Inside that broad and growing mix, TV stations’ slice of the pie is smaller every day.

Regions now are defined more by commercial connections. Across those transport “corridors,” forests and farmlands contextualize the cities with wide rural frames. In McLuhan’s terms, the medium sending the message is the countryside flanking transport corridors between the cities. I suspect this is true of all these megaregions, in different ways. Even the highly urbanized Northeast megaregion has lots of wild and open rural areas to unify the cities between them.

And what organizes the flow of all that commerce? Logistics. Which is digital. And full of AI—for decades.

My thoughts on all this are just starting rather than finishing. I think a good place to do that together is by reading the study that got this started.

What I like best about Keith Teare‘s latest essay, Who Owns The Front Door to AI? If it isn’t you, its game over, is that it sounds like he’s setting up the case for personal AI.

But he’s not. He’s describing how our AI-assisted lives will get sucked through better interfaces deep into one or more of AI’s giant castles, as “the chat interface replaces the browser as the primary user interface for computing on the web.”

His case is not pretty, but it is clear, thoughtful, knowing, and well-described. He concludes, “Bottom line: Winners will own a trusted front door with standards and auditing and settlements behind it—and help teams actually change how they work and consumers find what they want without dethroning content owners. Everyone else will keep shipping demos into a narrowing feed.”

Note that the winners are giants. You and I? We’re just consumers. Our agency in this system will be no greater than what these giants allow us. Each giant will be (hell, already is) a hotel with a know-it-all concierge who can get us what we want, within the hotel’s confines. But the space is not ours. So, what Cluetrain said in 1999—

—will remain untrue.

And the only way our reach will exceed their grasp is with our own personal AI. Simple as that.

Eleanor and Allen Searls, at their wedding in Minneapolis on this day in 1946.

Happy for my sister and me, who are both still alive and well. I’m also happy for the thirty-three years Eleanor and Allen made a life and a family together. They were great people, great parents, great teachers, great friends to many, and much more. Both are still missed. Some links:

Their weddingEleanor SearlsAllen Searls

Later… I also did some digging through 2011 correspondence with local realtor Tom Dunn, who said the wedding took place at the late Grace Methodist Church. This Facebook post says the church was at “2125 Thirty Third Avenue North,” but that does not appear to be a valid address. But the photo matches this one in the Hennepin County Library’s digital collection. It’s 2501 NE Taylor Street in Minneapolis. The closest match on Google StreetView is this one here. Tom sent literature on the property, which was then for sale. About the building, it says, “The Church community at the property began in the 1880s when the first sanctuary was built. Then, between 1915 and 1918, a new sanctuary was constructed alongside.” The church was being sold off because its congregation merged with a larger one in 2011.

Still, it could be that Mom and Pop got married at a different Methodist church in Minneapolis. Possibilities:

2125 Thirty Third Avenue North, Minneapolis. According to this 2017 piece in Medium, it is “a church building now housing the Spirit and Truth Worship Center. The original occupant was Grace Methodist Episcopal Church, subsequently Grace United Methodist Church. The original part of the building, on the left of this photo taken from Penn Avenue, dates from 1920.” Here are some historic photos, via the United Methodist Church.Grace United Methodist (often called “Grace–Lowry”) is the building at 2510 Cleveland St NE, on the corner of Cleveland & Lowry, one block west of Taylor St NE. The congregation still meets there today under the name Northeast United Methodist Church. Google’s latest StreetView, in 2023, shows building renovation going on.

I’m sure there is correspondence from that time in my sister’s archives or mine that will shed more light on the question. No rush, though. What matters is that the wedding happened, and so did the kids and the grandkids.

What does the Internet make of us? was hard to find until I found it. Now it’s easy to find. What did Google learn, and how did it learn it?

The law professors to whom I made The Case for MyTerms two weeks ago seemed to buy it. What, if anything, will happen next?

When I read The Power of the Swarm: How Collective Intelligence is Reshaping Our World, I thought PI meant personal AI. It means predictive. Which is fine, but we need the personal kind, just like we need personal computers, phones, and shoes. Just saying.

The Consent Management business, which give us cookie notices and all of us hate, is hot and growing. Will MyTerms give it a better reason than consent (which actually fails) to live and grow?

Wholly shit! Github.org, now redirected to Github.com, just turned into a thing that says “Join the world’s most widely adopted AI-powered developer platform.” Is Micorsofting now a verb?

We know more than we can tell.

That was how Michael Polanyi distinguished between tacit and explicit knowing. We may know tacitly how we form speech, ride a bike, or sense when to shake hands with someone, or hug them. But we can’t explain all the signals and mechanisms involved. Not exactly.

In the natural world, privacy is almost entirely based on tacit understandings. Clothing, for example, is a privacy technology that both covers private regions of the body and signals what the person might or might not welcome in respect to those regions. Plus much else, none of which can easily or completely be described explicitly and in detail.

The digital world, however, is entirely explicit. There is no tacit there. As users of tech, we have tacit understandings of how digital things work, but for programming to happen, for logic to operate, we need bits, bytes, and data upon which logical operations can work.

And that is the problem with privacy in the digital world. We don’t have any ways yet to make our privacy requirements explicit. That’s the main reason why it has been almost impossible for marketers to resist spying on us constantly. That’s what has given us the “consent”-based fecosystem we have today, which manifests with shit like this:

These “agreements” do less than nothing to give us privacy, or even the faintest sense of it. Even if a site provides a choice such as this—

—we have no record of our decision, and no faith that it will be respected (unless it’s to allow tracking, which we are right to assume happens anyway).

The status quo here was established in the industrial age, and was best explained by this guy:

Friedrich Kessler (1901-1998) was a self-described legal realist whose most widely cited work was Contracts of Adhesion—Some Thoughts About Freedom of Contract (Columbia Law Review, 1943). In it, Kessler argues that contract law is individualistic by nature, and “closely tied up with the ethics of free enterprise capitalism and the ideals of justice of a mobile society of small enterprisers, individual merchants and independent craftsmen.”

That economic system, however, was sidelined by giantism in the industrial age, which was already huge in Kessler’s time. He goes on to explain that freedom of contract had become “a one-sided privilege.” Specifically, “Freedom of contract enables enterprisers to legislate by contract and, what is even more important, to legislate in a substantially authoritarian manner without using the appearance of authoritarian forms. Standard contracts in particular could thus become effective instruments in the hands of powerful industrial and commercial overlords enabling them to impose a new feudal order of their own making upon a vast host of vassals.”

That was where we were in 1943, and where we remain today. (Bruce Schneier started writing about the “feudal Internet” twelve years ago.)

The pro forma standard form contract, Kessler explained, forced the weaker party—the ordinary consumer or customer—into “subjection more or less voluntary to terms dictated by the stronger party, terms whose consequences are often understood only in a vague way, if at all.”

He called these agreements “contracts of adhesion,” and “á prendre ou ai laisser” (in English, “take it or leave it”). These contracts are ones the weaker party adheres to and the stronger party can change. So it’s glue for you and me, velcro for the world’s sites and services.

Also, as long as all the sites and services of the world are separately in charge of all their agreements with consumers and customers, the digital world is this:

This is not only a locked-up hell of too many logins, passwords, and second-factor authentication gauntlets. It’s a place where we have an equal number of adhesive “agreements” that aren’t, and which the feudal lords can change while we cannot. Their velcro, our glue.

Are we stuck here? Do we have to be?

No, because there is nothing about digital technology that requires it. And there is lots about digital technology to give us ways of very explicitly designing and programming far better ways to make the digital world work. Also, Kessler explains, the work of the legal realist is “constantly testing out the desirability, efficiency and fairness of inherited legal rules and institutions in terms of the present needs of society.”

I submit that our most pressing present need is to move past surveillance capitalism and into an intention economy where the demand side of the marketplace can better signal its wants, needs, and ability to engage in mutually beneficial ways, and to obtain clear commitments to respect for those. And to do that in ways that are explicit and on which programmatic decisions can be made that all parties know—explicitly—and understand.

If we have that, the supply side can stop spending $trillions on wasteful and unwelcome surveillance-fed guesswork. And we can do that by starting with personal privacy.

I also submit that there is only one way for people to secure a measure of privacy online, and that is through contract. People need to be able to proffer their own privacy terms as first parties to sites and services performing as second parties—and to do that at scale.

And now they can, using a new standard called P7012 IEEE Draft Standard for Machine Readable Personal Privacy Terms, nicknamed MyTerms. (Much as IEEE 802.11 is nicknamed WiFi.) The IEEE approached Customer Commons with the idea for making personal privacy terms machine-readable in 2017. Today the draft is done and due to become official by early next year.

Freedom of contract can be far more useful to both customers and companies than what companies today get out of adhesive contracts and “consents” (such as the one above) that are typically written to obey the letter of privacy laws (such as the GDPR, the DMA, and the CCPA) while violating their spirit.

Here is how MyTerms works:

Lots of business can be built on top of this simple system, which at the ground level starts with service provision without surveillance or unwanted data sharing by the company with other parties. New agreements can be made on top of that, but MyTerms are where genuine and trusting (rather than today’s coerced and one-sided) relationships can be built.

When companies are open to MyTerms agreements, they don’t need cookie notices. Nor do they need 10,000-word terms and conditions or privacy policies because they’ll have contractual agreements with customers that work for both sides.

On top of that foundation, real relationships can be built by VRM systems on the customers’ side and CRM systems on the corporate side. Both can also use AI agents: personal AI for customers and corporate AI for companies. Massive businesses can grow to supply tools and services on both sides of those new relationships. These are businesses that can only grow atop agreements that customers bring to the table, and at scale across all the companies they engage.

Here are some of the possibilities that open up, and I explained at ProjectVRM:

CMPs—Content Management Platforms—can provide sites & services with easy ways to respond to MyTerms choices brought to the table by visitors. Let’s call this a Terms Matching Engine. The current roster of terms we’re working with at Customer Commons (abbreviated CuCo, hence the cuco.org shortcut) starts with  CC-BASE, which is “service provision only.” It says to a website, “just give me your service, and nothing more.” In other words, no tracking. Yet. Negotiation toward additional provisions comes after that. Those can be anything, but they should be in the spirit of We’re starting with personal privacy here, and the visitor sets the terms for that.There is a whole new business (which, like the VPN, grammar-help, and password management businesses, people would pay for) in helping people present, manage, remember, and monitor compliance with their terms, and what additional agreements have been arrived at. This can involve browser add-ons such as the one pictured  on the ProjectVRM r-button page. CMP companies can make money there too, adding a C2B business to their B2B ones.Go beyond #2 to provide real VRM. Back in the last millennium, Iain Henderson pointed out that B2B relationships tend to have hundreds or thousands of variables over which both parties need to agree. Nitin Badjatia, another CRM veteran (and a Customer Commons board member like Iain and myself), has also pointed out that companies like Oracle have long provided AI-assisted ways for B2B relationships to arrive at contractual agreements. The same can work for C2B, once the base privacy agreement is established. There can be a business here that expands on what gets started with that first agreement.Verticals. There can be strong value-adds for regulated industries or companies wanting to acquire and signal accountability, or look for firmer ways to establish a privacy regime better than the called consent, which doesn’t work (except as thin ass-covering for companies fearing the GDPR and the CCPA). For example: banks, insurers, publishers, health care providers.For people (not just corporate clients), CMPs could offer browser plugins or apps (mobile and/or computer) that help people choose and present their privacy terms, track who honors them, notify them of violations, and have r-buttons mean something. Or multiple things.

Here is an example of r-buttons in a browser:

Real relationships, including records of agreements, can be unpacked when a person (not a mere “user”) clicks on either the ⊂ or the ⊃ symbols. There are golden opportunities here for both VRM and CRM vendors. And, of course, companies such as Admiral and OneTrust working both sides—and being truly trusted.

I wrote the original version of this post for the March 2018 issue of Linux Journal. You can find it here. Since images from archival material in the magazine no longer load, and I want to update this anyway, here is a lightly edited copy of the original. Bear in mind that what you’ll read here was at the idea stage seven years ago. Now we’re at the action stage. Let’s make this happen.

Since the turn of the millennium, online publishing has turned into a vampire, sucking the blood of readers’ personal data to feed the appetites of adtech: tracking-based advertising. Resisting that temptation nearly killed us. But now that we’re alive, still human, and stronger than ever, we want to lead the way toward curing the rest of online publishing from the curse of personal data vampirism. And we have a plan. Read on.

This is the first issue of the reborn Linux Journal, and my first as editor-in-chief. This is also our first issue to contain no advertising.

We cut out advertising because the online publishing industry has become cursed by the tracking-based advertising vampire called adtech. Unless you wear tracking protection, nearly every ad-funded publication you visit sinks its teeth into the data jugulars of your browsers and apps, to feed adtech’s boundless thirst for knowing more about you.

Both online publishing and advertising have been possessed by adtech for so long that they can barely imagine how to break free and sober up—even though they know adtech’s addiction to human data blood is killing them while harming everybody else as well. They even have their own twelve-step program.

We believe the only cure is code that gives publishers ways to do exactly what readers want, which is not to bare their necks to adtech’s fangs every time they visit a website.

We’re doing that by reversing the way terms of use work. Instead of readers always agreeing to publishers’ terms, publishers will agree to readers’ terms. Specifically, we’re doing it with a new standard called IEEE P7012—IEEE Draft Standard for Machine Readable Personal Privacy Terms, aka MyTerms.

The first of these terms will say something like this:

That scrawled statement appeared on a whiteboard one day at IIW when we were talking about terms readers might proffer to publishers. Let’s call it #NoStalking. Like others of its kind, #NoStalking will live at Customer Commons, which will do for personal terms what Creative Commons does for personal copyright.

Publishers and advertisers can both accept that term, because it’s exactly what advertising has always been in the offline world, and still in the too-few parts of the online world where advertising sponsors publishers without getting personal with readers.

By agreeing to #NoStalking, publishers will also have a stake it can drive into the heart of adtech.

Teeth for enforcing this idea will erupt from the jaws of the EU on 25 May 2018. That’s the day when the General Data Protection Regulation (GDPR) takes full enforcement effect. The GDPR is aimed at the same data vampires, and its fines for violations run up to 4% of a company’s revenues in the prior fiscal year. It’s a very big deal, and has opened the minds of publishers and advertisers to anything that moves them toward GDPR compliance.

With the GDPR putting fear in the hearts of publishers and advertisers everywhere, the likes of #NoStalking may succeed where DoNotTrack (which the W3C has now ironically relabeled Tracking Preference Expression) failed.

I want to make clear here that we are not against advertising. In fact we rely on it. What we don’t rely on is adtech. Here is the difference:

Real advertising isn’t personal, doesn’t want to be . To do that, adtech spies on people and violates their privacy as a matter of course, and rationalizes it completely, with costs that include becoming a big fat target for bad actors.Real advertising’s provenance is obvious, while adtech messages could be coming from any one of hundreds (or even thousands) of different intermediaries, all of which amount to a gigantic four-dimensional shell game no one entity fully comprehends. Those entities include SSPs, DSPs, AMPs, DMPs, RTBs, data suppliers, retargeters, tag managers, analytics specialists, yield optimizers, location tech providers… the list goes on. And on. Nobody involved—not you, not the publisher, not the advertiser, not even the third party (or parties) that route an ad to your eyeballs—can tell you exactly why that ad is there, except to say they’re sure form of intermediary AI decided it is “relevant” to you, based on whatever data about you, gathered by spyware, reveals about you. Refresh the page and some other ad of equally unclear provenance will appear.Real advertising has no fraud or malware (because it can’t—it’s too simple and direct for that), while adtech is full of both.Real advertising supports journalism and other worthy purposes, while adtech supports “content production”—no matter what that “content” might be. By rewarding content production of all kinds, adtech gives fake news a business model. After all, fake news is “content” too, and it’s a lot easier to produce than the real thing. That’s why real journalism is drowning under a flood of it. Kill adtech and you kill the economic motivation for most fake news. (Political motivations remain, but are made far more obvious.)Real advertising sponsors media, while adtech undermines the brand value of both media and advertisers by chasing eyeballs to wherever they show up. For example, adtech might shoot an Economist reader’s eyeballs with a Range Rover ad at some clickbait farm. Adtech does that because it values eyeballs more than the media they visit. And most adtech is programmed to cheap out on where it is placed, and to maximize repeat exposures wherever it can continue shooting the same eyeballs.

In the offline publishing world, it’s easy to tell the difference between real advertising and adtech, because there isn’t any adtech in the offline world, unless we count direct response marketing, better known as junk mail, which adtech actually is.

In the online publishing world, real advertising and adtech look the same, except for ads that feature this symbol:

Only not so big. You’ll only see it as a 16×16 pixel marker in the corner of an ad. So it actually looks like this:

Click on that tiny thing and you’ll be sent to an “AdChoices” page explaining how this ad is “personalized,” “relevant,” “interest-based” or otherwise aimed by personal data sucked from your digital neck, both in real time and after you’ve been tracked by microbes adtech has inserted into your app or browser to monitor what you do.

Text on that same page also claims to “give you control” over the ads you see, through a system run by Google, Adobe, Evidon, TrustE, Ghostery or some other company that doesn’t share your opt-outs with the others, or provide any record of the “choices” you’ve made. In other words, together they all expose what a giant exercise in misdirection the whole thing is. Because unless you protect yourself from tracking, you’re being followed by adtech for future ads aimed at your eyeballs using source data sucked from your digital neck.

By now you’re probably wondering how adtech came to displace real advertising online. As I put it in Separating Advertising’s Wheat and Chaff, “Madison Avenue fell asleep, direct response marketing ate its brain, and it woke up as an alien replica of itself.” That happened because Madison Avenue, like the rest of big business, developed a big appetite for “big data,” starting in the late ’00s. (I unpack this history in my EOF column in the November 2015 Linux Journal.)

Madison Avenue also forgot what brands are and how they actually work. After a decade-long trial by a jury that included approximately everybody on Earth with an Internet connection, the verdict is in: after a $trillion or more has been spent on adtech, no new brand has been created by adtech; nor has the reputation of an existing brand been enhanced by adtech. Instead, adtech damages a brand every time it places the brand’s ad next to fake news or on a crappy publisher’s website.

In Linux vs. Bullshit, which ran in the September 2013 Linux Journal, I pointed to a page that still stands as a crowning example of how much of a vampire the adtech industry and its suppliers had already become: IBM and Aberdeen‘s The Big Datastillery: Strategies to Accelerate the Return on Digital Data. That link goes to the Internet Archive snapshot of the page. Give it time to load. If it doesn’t, go here. Or just click on this .jpg I just made from the .pdf verion of the thing:

The “datastillery” is a giant vat modeled on a whiskey distillery. Going into the top are pipes of data labeled “clickstream data,” “customer sentiment,” “email metrics,” “CRM” (customer relationship management), “PPC” (pay per click), “ad impressions,” “transactional data,” and “campaign metrics.” All that data is personal, and little if any of it has been gathered with the knowledge or permission of the persons it concerns.

At the bottom of the vat, distilled marketing goop gets spigoted into beakers rolling by on a conveyor belt through pipes labeled “customer interaction optimization” and “marketing optimization.” Those beakers are human beings.

Farther down the conveyor belt, exhaust from goop metabolized in the human beakers is farted upward into an open funnel at the bottom end of the “campaign metrics” pipe, through which it flows up to the top and is poured back into the vat.

Look at this image as an MRI of the vampire’s digestive system, or a mirror in which the reflections of IBM’s and Aberdeen’s images fail to appear because their humanity is gone.

No wonder ad blocking became the largest boycott in human history by 2015. Here’s how large:

PageFair’s 2017 Adblock Report says at least 615 million devices were already blocking ads by then. That number is larger than the human population of North America.GlobalWebIndex says 37% of all mobile users worldwide were blocking ads by January 2016, and another 42% would like to. With more than 4.6 billion mobile phone users in the world, that means 1.7 billion people were blocking ads already—a sum exceeding the population of the Western Hemisphere.

Naturally, the adtech business and its dependent publishers cannot imagine any form of GDPR compliance other than continuing to suck its victims dry while adding fresh new inconveniences along those victims’ path to adtech’s fangs—and then blaming the GDPR for delaying things.

A perfect example of this non-thinking is a recent Business Insider piece that says “Europe’s new privacy laws are going to make the web virtually unsurfable” because the GDPR and ePrivacy (the next legal shoe to drop in the EU) “will require tech companies to get consent from any user for any information they gather on you and for every cookie they drop, each time they use them,” thus turning the Web “into an endless mass of click-to-consent forms.”

Speaking of endless, the same piece says, “News sites — like Business Insider — typically allow a dozen or more cookies to be ‘dropped’ into the web browser of any user who visits.” That means a future visitor to Business Insider will need to click “agree” before each of those dozen or more cookies gets injected into the visitor’s browser.

After reading that, I decided to see how many cookies Business Insider actually dropped in my Chrome browser when that story loaded, or at least tried to. Here’s what Baycloud Bouncer reported:

That’s ten dozen cookies.

This is in addition to the almost complete un-usability Business Insider achieves with adtech already. For example,

On Chrome, Business Insider‘s third party adtech partners take forever to load their cookies and auction my “interest” (over a 320MBp/s connection), while populating the space around the story with ads—just before a subscription-pitch paywall slams down on top of the whole page like a giant metal paving slab dropped from a crane, making it unreadable on purpose and pitching me to give them money before they life the slab.The same thing happens with Firefox, Brave, and Opera, though not at the same rate, in the same order, or with the same ads. All drop the same paywall, though. It’s hard to imagine a more subscriber-hostile sales pitch.Yet I could still read the piece by looking it up in a search engine. It may also be elsewhere, but the copy I find is on MSN. There, the piece is also surrounded by ads, which arrive along with cookies dropped in my browser by only 113 third-party domains. Mercifully, no subscription paywall slams down on the page.

So clearly, the adtech business and its publishing partners are neither interested in fixing this thing, nor competent to do it.

But one small publisher can start. That’s us. We’re stepping up.

Here’s how: by reversing the compliance process. By that I mean we are going to agree to our readers’ terms of data use, rather than vice versa. Those terms will live at Customer Commons, which is modeled on Creative Commons. Look for Customer Commons to do for personal terms what Creative Commons did for personal copyright licenses.

It’s not a coincidence that both came out of Harvard’s Berkman Klein Center for Internet and Society. The father of Creative Commons is law professor Lawrence Lessig, and one of Customer Commons’ parents is me. In the great tradition of open source, I borrowed as much as I could from Larry and friends.

For example, Customer Commons’ terms will come in three forms of code (which I illustrate with the same graphic Creative Commons uses):

Legal Code is being baked by Customer Commons’ counsel: Harvard Law School students and teachers working for the Cyberlaw Clinic at the Berkman Klein Center.

Human Readable text will say something like “Just show me ads not based on tracking me.” That’s the one we’re dubbing #DoNotByte.

For Machine Readable code, we now have a working project at the IEEE: 7012 – Standard for Machine Readable Personal Privacy Terms. There it says,

The purpose of the standard is to provide individuals with means to proffer their own terms respecting personal privacy, in ways that can be read, acknowledged and agreed to by machines operated by others in the networked world. In a more formal sense, the purpose of the standard is to enable individuals to operate as first parties in agreements with others—mostly companies—operating as second parties.

That’s in addition to the protocol and a way to record agreements that JLINCLabs or some other protocol will provide.

And we’re wide open to help in all those areas.

Here’s what agreeing to readers’ terms does for publishers:

Provide real GDPR compliance , by recording the publisher’s agreement with the reader not to track them. Note that contract is one of the six lawful reasons the GDPR lists for processing personal data. See item (b) here. Note that (a) is for consent, which is clearly now a fail. Put publishers back on a healthy diet of real (tracking-free) advertising . Which should be easy to do because that’s what all of advertising was before publishers, advertisers and intermediaries turned into vampires. Restore publishers’ status as good media for advertisers to sponsor , and on which to reach high-value readers. Model for the world a complete reversal of the “click to agree” process . This way we can start to give readers scale across many sites and services. Pioneer a whole new model for compliance , where sites and services comply with what people want, rather than the reverse (which we’ve had since industry won the Industrial Revolution). Raise the value of tracking protection for everybody . In the words of Don Marti, “publishers can say, ‘We can show your brand to readers who choose not to be tracked.'” He adds, “If you’re selling VPN services, or organic ale, the subset of people who are your most valuable prospective customers are also the early adopters for tracking protection and ad blocking.”

But mostly, we get to set an example that publishing and advertising both desperately need. It will also change the world for the better.

You know, like Linux did for operating systems.

Now, eight years after the MyTerms working group started drafting its standard, the draft is finished and likely to be published early next year. Meanwhile, there is nothing to stop work based on that standard, which is simplified here.

By the way, third-party tracking is disallowed in all thirteen of Customer Commons’ current set of draft agreements (which we hope to publish soon). The base agreement, currently nicknamed CC-BASE, says “service provision only.” This is what we experience in the natural world. If your business is selling clothes, we expect to see clothes, not to get infected with spyware. If one wants some spyware later, that offer can go on the table later.

MyTerms is the table on which future agreements are set, under the complete control of the individual operating as the first party—and at scale across all the sites and services the individual engages.

The only way we will ever get full agency in the digital world is through contracts. Full stop. And full start.

I grew up under the red star, and right now I’m just to the right of it, on the third and top floor of the smallest residential building in northern Manhattan.

When it hit, my wife and I both said, “That’s an earthquake.” We’ve experienced many in California, and know the feel.

But none of the quake sources online noted it in real time, or close.

Now the details are in. Nothing big, just interesting.