Digital Privacy Twister


Yes, Twister.  The fun, bright colored game where you get twisted up with all your friends and would-be teenage loves.  Actually, the rules of Twister are more clear than the twisted Privacy policies that dot the Web these days – which in my opinion, are less about privacy and more about making money.  The only choice I typically get is no privacy or don’t use my Web service.

It is impossible to ignore the increase in coverage regarding digital data privacy.  Today’s Wall Street Journal headline about Google bypassing iPhone Privacy Settings may just be the fateful move that brings everyone playing Digital Privacy Twister crashing down to the mat.

But before jumping to any “Google is the new Evil Empire” conclusions, have a look at this hurried, yet thoughtful post by Technology Media blogger, John Battelle, A Sad State of Internet Affairs:  The Journal of Google, Apple and “Privacy”.  Battelle, rightfully questions whether or not the default “privacy settings” in iOS are designed to protect yours and my privacy rights or protect Apple’s advertising revenues.

Sadly, the rules about Internet Privacy are simply not clear and even those being debated and proposed by the best minds in the space have to consider the impact changes will have on established business models and legitimate uses for data sharing between organizations. Privacy is about balancing the rights of you and me, as citizens (not just consumers) and a business’s right to make money.  If you mandate technology changes to stop privacy abuses, then how that impacts legitimate data use and sharing MUST be considered or you start ripping apart the very fabric of the Web – the mat holding all the brightly colored website dots together.

Maybe we are too smart for or own good.  I bet if you asked your children, they would say something wonderfully simple like, “Just ask me my permission.” or, “I’ll tell you if I trust you.”  Or perhaps, “Your a stranger.  Until I know you better I won’t tell you my name or where I live.”  Instead of trying to re-weave the Web and break what works, why not just ask the user.  Give them the Choice to share or not to share with any given site.  Give them a Choice about what to share – location, but not name.  Device information, but not cell phone number.  Privacy is not binary.  Privacy cannot be “solved.”  Privacy is a right.  Ask permission (in a simple, straightforward manner) and then respect it.  Period.

Digital Privacy should be about delivering the appropriate Web Experience base on what is shared, not taken.  An anonymous experience or a rich experience, or something in between. It should be MY choice and should not be all or nothing.  People like choice.  When you deny that choice based upon less than transparent practices and policies, people get really angry. Angry people stop doing business with you and tell all their friends.



Trends in Enterprise Mobility & The Cloud

Here is a quick slide show from Channel Insider which highlights how technologies are changing the way we work.  Mobile and cloud technologies lead the charge in things to come – whether designed to reduce costs, attract new employees or solve specific business problems. Key stats from the presentation:

  • 90% of surveyed enterprises will invest in productivty-boosting technologies
  • 88% will make avialable to employees “smart” personal devices (tablets, smartphones, etc.)
  • 46% of companies are already utlizing cloud-based services and that number is growing
  • 30% annual savings- what you can expect to save on occupancy expenses with a well-designed workforce mobility program

Enterprises who strategically update their current Web strategies and infrastructure will have a much easier time adapting to new device support, location-based service and policy management, and the privacy  and productivity issues associated with remote and mobile workforce support.  There is no silver bullet to addressing all the IT and management issues associated with these changes, but Planning and Preparation in support of performance, privacy and personalization issues is a very good way to start.

So you want increased Web Performance & Privacy – Then “Know Before You Go”


… To Send a Response


What does that mean?

Well in layman’s terms the Web is nothing more than 2 cans and a piece of string. One can (the device) sends a message (request) to the other can (the server). It then responds to the request. And that’s how the Internet works.

So what if the device sending a request to the server sent along a “little extra data”? What kind of data? How about a little more information about Who I am, What my Device is capable of doing and Where I am.

Well now the server would have more context before it needs to send a response. So instead of sending down extra data it would respond with exactly what I want, what works on my device and is relevant for my current location.

Now lets translate this into Performance gains…

Fewer boxes


So what about Privacy.

Well for that we have a secure database on the device. It encrypts all of your Who, What and Where data. And it allows you to control exactly what gets sent to who. Here’s what it looks like on Android and iPhone.




The database integrates into the browser. It’s job is to send “a little extra data” with the Request. The server takes this information into account BEFORE it:

….Sends a Response

The results is a Faster more Private Web Experience

Privacy: Do You Know Where your USB Ports Have Been Lately?

You can’t control everything, and let’s face it, data privacy policy management is not the most glamorous part of your day.  In fact, if you are not in a regulated industry, there is a pretty good chance you are not even monitoring where your data goes after an employee accesses it, let alone accesses it from a mobile device.

In this NetworkWorld slide presentation “USB Device:  The Big Hole in Network Security” you’ll see that of those businesses surveyed, only 50% have an “approved” USB device for employees.  There are some great products out there to help with securing transportable data, such as the Encryptx/Imation SecureFlash solution.  But how does this help on mobile devices?

Your mobile data privacy policy management depends on knowing what that device (and port) is doing in real-time – while you have the ability to proceed with, or block the download. If it’s going to an approved device, such as a company sponsored smartphone or the Imation SecureFlash drive, let the download proceed.  If it is an unapproved, device, like the employee’s personal laptop (via their phone), you can prevent the download from happening.

Remember, mobile is different.  You need to have access to some real-time context about the device, the user and their location if you want to effectively extend your data privacy policies to mobile users.  So not only can you know where your USB ports have been lately, but also your memory card or any other “attached” device or drive.

A little bit of planning and some real-time mobile context can help you effectively manage the 2nd “P” of mobile Web success – Privacy.

The Complete Solution to making the Web go Faster.

Yesterday I wrote a blog about why web optimization is NOT the complete solution to making the Web go faster.

I promised that in my next post I would talk about the complete solution to making the Web go faster.

So here goes.

Let’s start with a couple of assumptions (I know, always dangerous but bear with me):

  • You have the MOST optimized Web site on the planet. It passes every known test out there
  • Your goal is to make it so that content gets to the device 30% faster with more relevance

There’s ONLY ONE way to get content there 30% faster, and that’s to send “less content”. And there’s ONLY ONE way to send less content and that’s to have MORE CONTEXT about the connecting device. There I’ve said it. You have to reduce the size of your content, and at the same time make it more relevant to the context of the person that is connecting to your service.

So all that remains is the HOW do I do that? Well you need to improve the functionality of the browser. (Whilst preserving the customers privacy which we’ll get to a little later). So how can you improve the browser (and remain true to existing Web standards)?

Step one is to use a plugin, also known as a browser extension. This is the “approved” approach by all OEM browser manufacturers (except Google’s Android smartphone) to extending the functionality of the browser.

Step two – you need more context so you can drive relevance. How do you do that? We can just use an app for this portion. We can create a secure database (wallet) that stores the customers personal information, their devices capabilities and their current location. Each item is stored as a “field” and can be turned on or off with a simple checkbox. This is so the user remains in control of their privacy.

Ok – we now have two industry standard components – a way to interact with the browser, and a way to interact with the device. You join those two together and you have real time context. Only one last problem to solve – how do I get the data to the server using approved standards?

Fortunately the W3C has already thought of that. They have something called an X header – it’s a “standard” way to send “non-standard” data to the server. Great we can use that. We’ll encrypt the headers (approved by the W3C) and send the data to the server. All we need to do then is decrypt it using a simple script and we have everything we need.

Now we’re in great shape. For the first time we have a way to augment the HTTP protocol and add some very powerful information that can be used to help manage performance (among other things).

So instead of having to rely on the Web server to send down a bunch of JavaScript to figure out where the device is, or what the device is capable of, or what the user would like to see an Advertisement about, we now get that information BEFORE we have to send the Web page.

So what does all this look like schematically?

  • Using the X header approach we use one transmission up and one down – total 2
  • Using the current approach we use 8
  • That’s a 75% improvement (and we’re only looking for 30%)



  • We’ve optimized our Web server/service
  • We’ve now used STANDARDS to improve the browser
  • What we can now do is optimize the “relevancy” of the content to make it more personal
  • Finally we have a complete end to end client server solution that uses all approved standards

What does all of this achieve? You’ve cut down on the number of requests a Web server has to process, you’ve reduced the content size to EXACTLY conform to the devices capabilities AND you’ve personalized the CONTENT so the customer finds it compelling. And if you’ve delivered a personalized advertisement, there’s now a much bigger likelihood that the customer will click on it. Which in turn increases the amount of revenue for your Web service. And of course it’s much, much faster.

Optimizing a Web site WITHOUT optimizing for the browsers (user, device and location) is like driving a Ferrari with VW engine. No matter what you do, it’s never going to get there quickly.

Mobile Performance Testing–Old vs. New (Any Questions?)

Old… connect to a device somewhere in “San Francisco” (insert testing place) on a “Carrier”



New… use your own device and test anywhere in the world in real time, on any network carrier.

Cruising down the river Thames



Walking the dog



Network Performance data




Device Data


Why the Browser Matters

I borrowed the title from “Ben’s Blog”, however the content is going to be a little different.

Why does the browser matter?

  1. It’s simple to use. Ask anyone if they know A) What a browser is & B) how to use it and the answer will be “Yes”
  2. It’s cross platform, meaning that no matter what device you’re on, the browser works the same way
  3. It connects to the Web in a way that is universally understood

In short, you have an “app” that is universally understood, works the same way on every platform and delivers content in a consistent and easy to view fashion. No other app can make that claim and that’s why the “Browser Matters”.

But let’s not stop there. Let’s look at the other side of the coin:

Why does the Web Matter?

  1. The Web is simple.
  2. The Web is flexible and forgiving. (The browser ignores things that it doesn’t understand).
  3. The Web is heterogeneous, which means it works on all platforms. (Not just Windows)
  4. The Web is loosely coupled. Most previous computing architectures required tight integration between the “server” program that stores the data and the “Client” program which manipulates it. In contrast there is no need to upgrade the Web browser every time a Web publisher changes a site. Server and Client are loosely coupled.

No other platform can make that claim and that’s why the “Web matters”.

So what does the Enterprise want?

  • One Interface – the Browser (see Why the Browser Matters)
  • One Platform – the Web (see Why the Web Matters)
  • Access to Multiple Data Sets – the Context (because that’s where all the customers data is)

It’s the last one that is the driving factor behind new revenue opportunities and ultimately why the Browser (& the Web is becoming more important and valuable every day).

Ben’s article talks about the importance of the Browser and about a company called Rockmelt which just raised another $30m dollars to improve their browser. He goes on to talk about how Rockmelt is focusing on 4 major items:

  1. People – it’s all about “social”
  2. Information Flow – it’s all about “feeds”
  3. Search – it’s all about “better search”
  4. Multiple Computing devices – It’s all about the cloud (storing my bookmarks, history, configuration in the cloud)

Totally agree, and everyone of those features is already available in the current browsers – well you might have to open up another tab but that’s about it. So if Rockmelt got $30m to improve the browser (because it matters)… what else might need improving while you’re in the code.

Well how about looking back at what the Enterprise wants, One Interface, One Platform and access to Multiple Data Sets (databases). Why is this so important – a single word sums it up – Money

They’re looking to leverage all the data that’s sitting in those databases. They know that customers the world over all know how to use a browser, and because it ships on every device there’s always a way to reach out and touch your customer.

So if all this matters so much what’s missing from the browser?

Well we asked a lot of users this very question and it all boiled down to three things:

  1. Convenience
  2. Privacy
  3. Control

Summarized – Give me a better user experience and don’t abuse my privacy, (let me control it).

So the goal now is to align those three things with what the Enterprise wants. And therein lies the things you need to do to really improve the browser.

So what’s missing?

  • How about a secure database where I can store my data (like a wallet)
  • How about a way to integrate this wallet with the browser so I can send my data to trusted Web sites
  • How about a way that I can “control” what gets sent to whom

Seems so simple, but there’s currently no way to do it. Microsoft has started the ball rolling with IE9 and “whitelisted” Web sites but still no real way to control my private data. And while we’re here, lets talk about Mobile for a moment. To me this is where the biggest opportunity lies. We keep these devices with us 24*7. We use them constantly and surprise, surprise – they’re mobile.

And yet to this day the Web really has no idea what the connecting device is really capable of doing.

So if someone offered me $30m to improve the browser I’d focus on the above. Doing so opens up net new revenue opportunities, it offers a way to improve the customers experience, and it offers a way to improve customers privacy.

And I’d put the other $29m in the bank for a rainy day.

Google’s Page Speed vs. 3PMobile

For today’s test I thought I’d use Google’s new Page Speed service (which supports Mobile) and compare the results to our own 3PMobile Performance Measurement service. To make the test “even” I had Page Speed run a test on (CNN’s mobile site) I then ran the same test on our service using my AT&T phone. Here’s how it baked out.


Page Speed score 57 out of 100 (where’s the detail?)



3PMobile metrics. Items to note:

  • Cell strength icon, real time GPS and disk cache empty
  • Time for the actual test – it’s slow on AT&T
  • Device and carrier information



Now lets take a look at how the browser actually performed. Now it gets much more interesting. You can actually see the elements of the page that are causing the big slow down.

  • The home page and the style sheet account for a huge chunk of time (there’s actually a redirect taking place which is strange because the URL was already set to go to the mobile site
  • There’s a red button which spins the clock
  • And finally what looks like a cookie that takes forever to download (it shouldn’t)
  • Overall these 4 elements account for virtually the entire delay of 30 seconds to load the page


Mobile Performance–the tale of the tape

Running some tests this afternoon and thought that these results were interesting.

In case you’re in a hurry –’s results are nearly a second faster than a desktop browser on a 22mbps cable connection!


  • Test link – Steve Souders Cuzillion
  • Test browsers – latest version of Safari and Firefox
  • Performance apps – Web Inspector (Safari) & Firebug (latest version)
  • Connection – Comcast Cable 22mbps
    • – their network connection link

#1 – Safari on an iMac i7

13 GET requests (2 errors) 20.59kbs of data in 4.63 seconds


#2 – Firefox on an iMac i7

10 GET requests (no errors) 12.6kbs of data in 4.62 seconds


#3 – (link to actual test)

11 GET requests, 14.6kbs of data in 3.67 seconds