Openness – The Key to Monetizing Mobile

(Or Why I think 3P-Based Infrastructure and Value-Add Channels are Sexy)

Over the past decade, rapid advancements in mobile technology and mobility in general, have changed how we live and how we do business.  It has changed us from an “on-demand” world to an “always connected” world.  No doubt, mobile is here to stay and it is big business; but it’s just getting started.  We are just approaching the point where open standards and open channels can deliver the real benefit of a business ecosystem.

Modern mobility started as a walled garden.  The carriers and handset companies controlled everything due to very real bandwidth constraints, network limitations and industry knowledge.  Voice improved, but data experiences were still lacking.  Good money was made on mostly disconnected enterprise app development for Palm, Blackberry and Windows Mobile devices. Over time, control shifted to the OS companies, where vertically integrated handsets and operating systems were designed to support better consistency in the user experience. Unfortunately, controlling the user experience has lead to more restrictive monetization models, locking out most developers from making meaningful money.  Effectively, we shifted the gatekeepers from the carriers to companies like Apple – but at the expense of the channels that provide value-add functionality and content.  One step forward.  One step backward.

Users appreciated the improved experience, so brought their devices to work.  BYOD was born, and with it, arose app development, security and curation platforms.  Emerging leaders in this space include Adobe, Antenna, Good and Appcelerator, to name a few.  In an effort to simplify and improve profitability, market consolidation is underway. While this may simplify things in the future, it is currently wreaking havoc on IT.  Platforms have added complexity without improving the user experience.

The answer to many of these problems is staring us in the face.  Apple had the original right idea – “the real Web on your mobile phone.”  The infrastructure just wasn’t quite ready back then and the user experience was limited to the user interface – which is a naïve view of modern mobility.  An “app for that” was born and now we are living with the fallout.

Improved bandwidth, ubiquitous connectivity, attention to user experience and now, an emphasis on simplifying security, management and app access are all here – everything needed to lay the groundwork for an incredibly rich mobile ecosystem.  It’s an ecosystem, which can be monetized by the greatest number of development, product and service delivery channels.  We’ve made great strides forward, but in order to realize the monetary benefit throughout the entire ecosystem, a new openness must ensue; the kind of openness that is exemplified by the Web economy.

Just as Microsoft created an open and engaging development community that fueled the PC economy, one, or more of these infrastructure leaders must apply the same model to mobility.  How?

  1. Deliver an exceptional user experience.  Include optimal performance, privacy and security management, and the ability to personalize the experience by device, location and personal preferences.
  2. Include meaningful channel monetization opportunities.  Offer standards-based tools, support and best practice advice for developers, integrators and service providers that can be put to use with existing skills and expertise.
  3. Provide a platform that supports choice.  Choice for both app and Web-based solutions.  Choice that supports both free and paid content.  Choice that supports both consumer and enterprise needs.

Once these three criteria are met, as in industry we no longer have to build walls in the name of bandwidth, user experience, or preserving the “free Web” business model.  With the openness of Web standards, we can increase user choice and satisfaction, while unlocking mobile monetization for the entire ecosystem.  (Although the thoughtful few that move first will reap the biggest benefits).

While most people don’t view infrastructure as sexy, I believe that adding the 3Ps to mobility not only makes infrastructure cool, but also enables new channels and all classes of business to fully monetize mobility.   Now, who in business doesn’t think making money is sexy?!

Privacy and the Human in the Loop


When considering any system sometimes we forget that there’s a ‘Human in the Loop’. I’ve just finished reading a great white paper by Lori Cranor (A Framework for Reasoning About the Human in the Loop), and whilst this paper talks about security, it’s kissing cousin is Privacy. So a lot of the ideas presented here are interchangeable.

In this paper Lori talks about keeping humans out of the loop when it comes to security unless it’s absolutely unavoidable. In which case she talks about a framework that can be used to identify problem areas before a system is built.

Here are the components in her framework:

  1. Communication: How are you communicating with the user (Notices, Warnings Status lights)?
  2. Communications impediments: Can communications be interfered with (malicious 3rd parties)?
  3. Personal variables: Human behavior and relevant knowledge about the system?
  4. Intentions: Can the system be trusted and are users motivated to take appropriate action?
  5. Capabilities: Are users capable of taking the appropriate action?

So what has all of this got to do with the proposed Do Not Track standard? Well actually, a lot. Systems live and die based on the ‘Human in the Loop’ so if the solution is poorly designed or cannot be trusted there is little chance of it succeeding.

The current proposed Do Not Track standard has an incredibly simple Human Interface. The user goes to the browser menu, selects Privacy and then checks the box marked ‘Ask Web Sites Not To Track Me’. That’s it. That one check box is all the human intervention required. So what could possibly go wrong? Well a lot.

The standard makes it very simple for a user to communicate an intention to a Web server – and then (dare I say it) deliberately removes the need for a Web server to communicate that it ‘acknowledges and understands’ the users intention. Right there is the fatal design flaw. (Image if HTTPS worked this way). A malicious 3rd party can easily change the users intention to an alternative undesired outcome i.e. ‘Track Me’. As there’s no need for the Web server to acknowledge what it received you can easily make the case that it can simply ignore everything and continue as normal. In short there’s NO verification (as in Trust but Verify) required. So Do Not Track fails both item 1 & 2 in the framework.

As we go on we see that there are similar problems with all of the other framework items as well. Humans have really NO idea how their private data is being used on the Web. They love all the FREE services but fail to understand that ‘pie is not free at the truck stop’. Their data is shared in an attempt to market new services to them. So Do Not Track fails item 3.

Lets look at the final two items. Intentions and Capabilities – again we have a ‘swing and a miss’ scenario. If I cannot verify what I sent then I cannot trust the system. I have to trust the content provider and due to the lack of transparency when it comes to privacy (NOT security) the Human has no idea what is really taking place under the covers. Finally – capabilities. Can I take appropriate action IF I find out my privacy is being abused. Not really – I can go to another Web site but that might be the same as jumping from the fire pan in to the fire. I cannot change my browser settings any further so essentially i’m stuck sharing my data if I want that free service.

However the user can fight back – and FaceBook is a good example of that. Approximately 25% of a FaceBook users use a fake profile. That’s 250 million people all lying about who they are. And herein lies (pun intended) the real Privacy issue – where’s the motivation for both parties (Human and Content Provider) to deliver meaningful value?

It’s like everyone is stuck in the mud with the current status quo where everything is free and everything (my privacy) is for sale. The only solution that i’ve seen that comes really, really close to meeting Lori’s framework guidelines is the RePriv idea from Microsoft. Why? Because it adds accountability back into the system.

As the old saying goes – 50% of all advertising is worthless – the trick is in figuring out which 50%. A better designed system as Microsoft proves in the RePriv paper showcases that it can be done and the benefits are significant for the ‘Human in the Loop’.

Why the proposed Do Not Track standard is going to fail – it’s all about Trust



As the saying goes “A civilized society cannot function without trust”, ergo it’s also appropriate to extend that premise to the Internet – “A civilized Internet based society cannot function without trust”.

So how do we define trust? There’s a great definition to be found on the Web – link – in short:

“Trust is a person’s willingness to accept and/or increase their vulnerability by relying on implicit or explicit information.”

So how does this all related to the proposed Do Not Track standard? Well the idea is a simple one – the user goes to his/her browser, clicks on the Menu, selects the Privacy option and then checks the box marked ‘Ask Web sites Not to Track Me”. You are now sending a message to a content provider that you are unwilling to “Trust” their behavior when it comes to sharing your data. You are reducing your vulnerability by transmit explicit information.

Now imagine you find out that even though you are sending this explicit information that the Web content provider is not only still tracking you but also sharing your data with other parties. Instantly your trust in them is diminished and the lack of value they offer you is also greatly diminished. Trust is therefore ‘Contextual’. You have relied on a Web content provider to NOT do something and they have now failed.

This is exactly where Do Not Track is heading. The very second you transmit that explicit value to a content provider and they do not honor it the whole standard instantly collapses. Ironically they cannot afford to stay in business and offer free services WITHOUT the ability to share your data.

So what does Do Not Track need in order to overcome this problem. What would help content providers ‘WANT’ to honor that setting? Well for one it needs to be marketed as a true standard where one can have ‘confidence’ in the fact that if you chose the DNT setting that you will not be tracked. Secondly it needs to be extended to support additional ‘Contextual Fields’ that the user can share with the content provider. Binary solutions (like the current standard) lack the context needed to deliver value (without breaking the rules). For DNT to truly work it needs a mechanism whereby I can share more data and increase my trust levels in return for a better experience.

This becomes the win – win we so often talk about. Right now it’s a win – lose. If I enable that Privacy setting and the content provider honors it then all 3rd parties are prevented from seeing my data. This means that only the very largest content providers survive and overnight a huge part of the ad industry is wiped out. Ergo the incentive to cheat is so ridiculously high that DNT will fail instantly. If it’s a choice between sharing data and staying in business and not sharing data and going out of business what would you do?

Do Not Track is NOT a privacy solution, it’s NOT a Trusted solution – in short it offers no value to an industry that is built on sharing your data. What we need is a solution that increases the value of my data that I’m willing to share – we call that solution Choice® 

A Contextual Approach to Online Privacy – It’s all about ME



In my last blog (Privacy By Design – The Secret Inside the Internet) I wrote about how the very design of the Web allows us to extend it to support a contextual approach to privacy online. In this post we’ll talk about how you can enable it.

But first a little context (pun intended).

The Internet has introduced disruptions at an unprecedented scale and variety. In doing so it has created a “target rich information environment” that is on par with the Wild, Wild West of yesteryear.

Unfortunately what hasn’t kept up is our approach to Privacy. In fact if anything, it’s completely the opposite of private. Now it appears that everything is for sale. So the challenge becomes one of suitable constraints on the flow of my personal information. Unfortunately this is out of alignment with those companies whose profit comes from the unrestricted flow of my data.

So how do we align these seemingly opposing forces?

As humans when we interact we use situational controls to share our context – however up until now there’s been no easy way to add this level of control to the user on the Internet. In fact they’ve been missing entirely on the client side (the browser) – as we seem to be increasingly driven by algorithms on the server side.

Well lets look at the two constituents – Me (the client/browser) and the Enterprise (the Web server) that I interact with. What I want is:

  • Convenience
  • Privacy
  • Control

What the Enterprise wants is:

  • Control
  • Commerce ($$$)

So the commonality between the two is “Control”. To resolve this problem we have to introduce a control mechanism for the consumer that allows him/her to conveniently share their privacy settings with the Enterprise in a way that fosters “Trust”. Remember Trust drives commerce.

The control mechanism is a database that contains my “Me” data. The information (context) that I wish to “exchange” in return for increased levels of trust and a better experience. The database is then integrated into the browser via a plugin. Now all we have to do is use the secret discussed in the last post (headers) to add the data going to the Web server.

Now we have a convenient method to store my data on the device, and a way to easily control what gets shared with the Web server. 

What’s left? The transparency problem. (Or as Prof. Helen Nissenbaum puts it on her essay in “Protecting the Internet as a Public Commons” – the transparency paradox.)

  • Achieving transparency means conveying information handling practices in ways that are relevant and meaningful to the choices individuals must make. Transparency of textual meaning and transparency of practice conflict in all but rare instances

So how do you solve the Transparency Paradox?

You don’t.

It can’t be solved – so don’t go there. Even the Wild, Wild West eventually moved on and so will we. No matter what we say to the consumer their ability to determine the risk level from those documents is going to be different. So keep it simple and start establishing levels of Trust that we as humans do understand.

Then the control mechanism comes into play. As we establish more trust we can share more, and if that trust is abused we can remove trust. That’s what’s really been missing on the Web. The ability to turn off what I share vs. what we have now – without effecting the “User Experience”. If I turn off cookies now my experience come to a halt. Whereas if I’m sharing contextual data via headers the experience can be better or the same – but what it won’t be is worse than it is now.

So there you have it – use a database to store your Me data that you want to share. Have built in controls that allow you to enable or disable data that gets shared as the trust levels increase between you and the Enterprise Web site.

And it’s only been right in front of us for the last 30 years or so.


The Value of “Me” (Part V of the series)



Well in the last post I promised that I would make the jump to a solution that increases the value of Internet, and gives me a choice in how and what I share on the Internet. So lets get straight to it.

First a recap. the solution will have four key attributes that promote the following: Confidence, Privacy, Choice and Innovation. In addition it must support the following features:

  1. It will be privacy enhancing and voluntary
  2. It will be cost effective and easy to use
  3. It will be secure and resilient
  4. It will be unambiguous
  5. It will be interoperable
  6. It will be transparent

We’ve decided that we’re going to use a Web based solution and add something to the HTTP protocol that increases the opportunity for greater choice, trust and respect. So why not add an Identity wallet to the browser. (that wasn’t so bad was it). Ok, so what would be in this identity wallet. “Stuff”… (just kidding). It would be very like the wallet you carry on you. It could include personal information, device information (whether you’re on a Mobile phone or not) and it could have location information.

Nothing that is not doable with off the shelf technologies. Simply create a secure database, allow the user to customize it with data, allow it to “talk to the operating system” and collect device information and then protect it all. So far it’s meeting features 2 – 6 above (because I have control over the database). But what about #1? How do we make it privacy enhancing – well by sharing that data. You see unlike DNT which doesn’t allow me to add anything to the Web conversation I now have my real identity that I can add to the transaction. All I have to do is figure out a way to get the data to the content provider.

Well fortunately the current HTTP spec shows us exactly how we can do that. We simply add the data as a “Header” to the request going to the Web server. Returning to my analogy of the train leaving the station with just a flag set (indicating that I don’t want to be tracked) this time I’m attaching additional information that I’m prepared to share “as long as you respect my privacy”.

Now lets re-examine item 1. The solution has to be privacy enhancing. To me this implies that you actually have to share something over and above what you would normally be sharing. DNT has no effect on the browser or what gets sent to the server (other than the single header). There’s no way other than conventional means (filling out a form) for me to communicate additional information which can be used to “increase the value of the transaction”.

And that’s the crux of the argument. The goal here is to increase the value of the transaction, the level of trust, and the level of privacy. Remember I still have NO control over what happens when my data arrives at the Web server. So both methods (DNT and this) are in the same boat here. The difference is that by offering more information to the content provider maybe he can deliver more value to me without the need to compromise my privacy.

Think of this secure database as a “Context Manager”. I add and subtract information, I can choose who I want to share it with, and everything is convenient, easy to use and efficient. While in transit the data is secure and if I feel that the content provider is misusing my information then I can stop him seeing my data by simply unchecking a box.

This Context Manager in essence becomes the “over drive gear” for the Internet. It allows for the following:

  • Additional privacy protections for individuals who can use it to gauge if their personal data is being handled fairly and transparently
  • Convenience for individuals who can use this Identity “Contextual Manager” (aka wallet) to manage fewer passwords
  • Efficiency for content providers – they get to unlock additional value in the transaction by knowing more about me in return for a greater respect of my privacy
  • Ease of use by automating the deliver of the contextual data over an approved and accepted standard
  • Security by not only securing the data on the device but also in transit even over an unencrypted HTTP session
  • Confidence that my digital identity’s are adequately protected
  • Innovation, by lowering the risk associated with sensitive services and by enabling providers to plugin in their own wallets for your use with their services.

And finally the biggest feature of all…Choice, as service providers offer individuals different – yet interoperable – relevant media services.



The Power of Contextual Menus on a Mobile Device


This was an interesting exercise. I went to Google Docs in my desktop browser and looked at the contextual menus in the page.. They were File, Edit, View, Insert, Format, Tools, Table, Help. I wanted to see how long it would take to recreate those exact same menus in a Web page that work on both Android and iPhone (Google Docs requires a Mobile app to do this).

Here’s the result: 9 lines of HTML code, and about 2 minutes to create. Now the really cool thing is that I can change these menus in real time based on someone switching to another service or even another Web site. You could even pre-load from a cache on the device.




And the same code runs exactly the same on iPhone


The Innovators Dilemma – Improving the Internet so I have a choice in how it recognizes Me


In my last blog – Privacy: My Expectations vs.. My Reality I started with a famous quote from Wernher von Braun – you can recover from a production flaw but never from a design flaw.

The design flaw that I hinted at was the Internet’s (HTTP) reliance on Cookies to add “state” to a users browser. This is almost in direct conflict with Privacy. And I know the purists are shouting at me now, but think about it, if I don’t want to be tracked then I should simply be able to turn off anything and everything that could possible use my data, and that includes no more cookies. (Of course the Internet would collapse without Cookies).

So how do we change the current design of the Internet to solve this dilemma?

Before we try and answer that problem, let’s revisit another blog post (Privacy: Do Not Track & the real Elephant in the room) where I quoted two Norwegians and their definition of Privacy.

Selmer and Blekeli in 1977: Privacy is the legitimate interest of a person to control the collection and use of information that relates to him/herself. (Source: “Data og personvern” p. 21, Universitetsforlaget, Oslo)

So now we have the underpinnings of the problem we need to solve:

How do you improve the Internet so that I can control the collection and use of information that relates to “Me” – and do so while co-existing with the current Internet.

Now let’s double check with the current White Houses Administrations proposal to ensure that we’re still all in agreement. Here’s the paper you need to read “National Strategy For Trusted Identities in CyberSpace” Page 2 is the critical page. And here it is:

Individuals and organizations utilize secure, efficient, easy-to-use, and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation.

The realization of this vision is the user-centric “Identity Ecosystem” described in this Strategy It is an online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities—and the digital identities of devices The Identity Ecosystem is designed to securely support transactions that range from anonymous to fully-authenticated and from low- to high-value The Identity Ecosystem, as envisioned here, will increase the following:

  • Privacy protections for individuals, who will be able trust that their personal data is handled fairly and transparently;
  • Convenience for individuals, who may choose to manage fewer passwords or accounts than they do today;
  • Efficiency for organizations, which will benefit from a reduction in paper-based and account management processes;
  • Ease-of-use, by automating identity solutions whenever possible and basing them on technol- ogy that is simple to operate;
  • Security, by making it more difficult for criminals to compromise online transactions;
  • Confidence that digital identities are adequately protected, thereby promoting the use ofonline services;
  • Innovation, by lowering the risk associated with sensitive services and by enabling service providers to develop or expand their online presence;
  • Choice, as service providers offer individuals different—yet interoperable—identity credentials and media

So lets summarize the problem…

The innovators dilemma is to figure out how to extend the current HTTP protocol so that it can offer Me: Privacy, Convenience, Efficiency, Confidence, Control and a Choice in how my information is collected and used.



Well here’s the good news – fortunately we only have a production flaw NOT a design flaw to deal with. Let’s head over to read the document that tells us how the Internet works and see if there’s anything there that can help solve the problem using a little teamwork e.g. the browser manufacturers, the W3, Web servers and Content providers all working together to give me a Choice.

The document is RFC 2616 and here’s the important part that points to the answer:

The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. It is a generic, stateless, protocol which can be used for many tasks beyond its use for hypertext, such as name servers and distributed object management systems, through extension of its request methods, error codes and headers. A feature of HTTP is the typing and negotiation of data representation, allowing systems to be built independently of the data being transferred.


I’ve highlighted the answer to the Innovators Dilemma.

HTTP is an “extensible” protocol which means that we can extend it to support new ways of doing things. And the way to do that is with something called an X header. In technical parlance this “is a standards based method to extend the protocol with non-standard based data”. The non standard data in this case is secure, encrypted information about me that I chose to allow the browser to share with a trusted Web site or 3rd party provider.

Now how do we integrate all of this? Well we start with the two Norwegians definition of Privacy and use that to determine the control method. If I have to be in control then there’s only one place to add the controls – the Browser. We add a secure database that holds my information – we then allow the user to control every aspect of that database. In essence you can chose to share whatever you want, with who ever you want.

Now lets go to the second part of the problem – the content providers/web servers. Well there’s good news here to. If I trust them, then I can elect to share my data, if they abuse that privilege then I can turn off sharing – I always have control over the process.

So how do they get my data?

They read the incoming X headers (the approved way to transmit non standard data over a standard protocol). Now again I can hear the purists shouting – “that’s going to put a big load on the servers”. And to that I say nonsense – servers are incredibly fast these days and the burden of reading an extra 100 bytes of data on every request even if it is encrypted is insignificant. And if it is – then buy a bigger server. Those bytes are the least of your problems.

So there you have it – the answer to the Innovators dilemma on how to improve the Internet – add your identity to the browser, do it in a way that allows you to control that identity, and then share it using current standards with any Web server. It meets all the White House guidelines, it works with every Web server, firewall, filter and router. It requires zero changes to the current infrastructure other than to ship a new browser with essentially a wallet built in.

In essence this will transform the Internet in to something it should have been in the first place – a “contextually aware data communications platform”. Only this time I will finally have a Choice in the collection and use of that information that relates to “Me”.



Privacy: Clash of the Titans – Where Humans battle Algorithms


Well it seems like a epic battle is about to get underway. To the North are the Humans – demanding that their Privacy be protected and to the South are the Algorithms – constantly “searching” to undermine my Privacy in the name of a better experience.

Years ago when I was studying for my Airline Pilot’s license, one of subjects was the Inter Tropical Convergence Zone, colloquially known as the “ITCZ”. It’s that area on the planet (Source: link) that circles the Earth, near the equator, where the trade winds of the Northern and Southern Hemispheres come together. The intense sun and warm water of the equator heats the air in the ITCZ, raising its humidity and causing it to rise. As the air rises it cools, releasing the accumulated moisture in an almost perpetual series of thunderstorms.




Well that’s exactly what’s happening right now. Especially with the announcement this morning by the WSJ (link) that Google is tracking iPhone users. There is now intense heat coming to bear from the “Humans” regarding their privacy. Something is going to give. People want a Choice when it comes to their Privacy. Sort of like “Freedom of Speech”. You just can’t take it away from people and expect them to not be upset.

For those of you who are interested in Privacy I suggest you head over to this link It’s the’s Web site on Public Tracking. Take a spin through the mailing lists. It’s fascinating. Everything is hinging on one binary number… 1 This is the setting that users will be able to control in their browser to stop Web sites tracking them. Unfortunately as we’ve seen today Google et al is ignoring those settings.

This cannot end well for the Algorithms – and here’s why. The Humans (Lawyers and Privacy Rights Activists) will write legislation to reign in the ability to track. As scissors always beats paper so will the legislation. However here’s where the law of unintended consequences comes into play – Privacy on the Internet is NOT binary (as I have written about before – link). Setting a Do Not Track header to 1 is not enough context to make a really informed decision about what a customer wants.

Ask anyone these days – Privacy is about Choice not about a number. Any solution MUST offer me a Choice otherwise it will fail. In the meantime get ready for some serious thunderstorms – the ITCZ is heating up.


Digital Privacy Twister


Yes, Twister.  The fun, bright colored game where you get twisted up with all your friends and would-be teenage loves.  Actually, the rules of Twister are more clear than the twisted Privacy policies that dot the Web these days – which in my opinion, are less about privacy and more about making money.  The only choice I typically get is no privacy or don’t use my Web service.

It is impossible to ignore the increase in coverage regarding digital data privacy.  Today’s Wall Street Journal headline about Google bypassing iPhone Privacy Settings may just be the fateful move that brings everyone playing Digital Privacy Twister crashing down to the mat.

But before jumping to any “Google is the new Evil Empire” conclusions, have a look at this hurried, yet thoughtful post by Technology Media blogger, John Battelle, A Sad State of Internet Affairs:  The Journal of Google, Apple and “Privacy”.  Battelle, rightfully questions whether or not the default “privacy settings” in iOS are designed to protect yours and my privacy rights or protect Apple’s advertising revenues.

Sadly, the rules about Internet Privacy are simply not clear and even those being debated and proposed by the best minds in the space have to consider the impact changes will have on established business models and legitimate uses for data sharing between organizations. Privacy is about balancing the rights of you and me, as citizens (not just consumers) and a business’s right to make money.  If you mandate technology changes to stop privacy abuses, then how that impacts legitimate data use and sharing MUST be considered or you start ripping apart the very fabric of the Web – the mat holding all the brightly colored website dots together.

Maybe we are too smart for or own good.  I bet if you asked your children, they would say something wonderfully simple like, “Just ask me my permission.” or, “I’ll tell you if I trust you.”  Or perhaps, “Your a stranger.  Until I know you better I won’t tell you my name or where I live.”  Instead of trying to re-weave the Web and break what works, why not just ask the user.  Give them the Choice to share or not to share with any given site.  Give them a Choice about what to share – location, but not name.  Device information, but not cell phone number.  Privacy is not binary.  Privacy cannot be “solved.”  Privacy is a right.  Ask permission (in a simple, straightforward manner) and then respect it.  Period.

Digital Privacy should be about delivering the appropriate Web Experience base on what is shared, not taken.  An anonymous experience or a rich experience, or something in between. It should be MY choice and should not be all or nothing.  People like choice.  When you deny that choice based upon less than transparent practices and policies, people get really angry. Angry people stop doing business with you and tell all their friends.



Privacy is a Balance


As I watch the news unfolding about Path (link) and the controversy over accessing my address book, I can’t but shake my head in amazement that people are still missing the point. It’s not that they accessed my data without my permission that’s the problem – it’s that I have no choice in what I choose to share that’s at the heart of the matter.

Think about it for a moment, Michael Arrington is an investor in Path. Now Michael probably has an address book only second to Ron Conway’s. Can you just imagine the number of aspiring entrepreneurs who would love to access that database. And it’s probably all sitting up on someone’s servers somewhere.

Now to their credit Path immediately issued an apology and deleted everyone’s data from their servers. So far so good. Now comes the problem – they then updated their app so that it asked “permission” to access your address book. As someone would tweet – #fail.

They are still missing the core problem – I want to allow Path access to “some of the people in my address book” – but only those who Path turn into something of value for me. And therein (as the Bard says) lies the problem. Privacy is NOT binary, it’s contextual. Not only do I want a choice in what I share, I want to ensure that sharing the data results in a better outcome for both parties.

What the current approach to Privacy has #failed to do is deliver not only a choice, but it has failed to make it contextually aware of not only Who I am, but Where I am. My Privacy has value – it must have because at the moment this topic is becoming radioactive – and yet my only “Choice” is binary. Either share it or not. Well how about offering me something in return? Why do you get to keep the value and I don’t. Seems like an unfair choice to me.

Ultimately Privacy is a balance between ensuring Privacy and allowing information to be shared for a better outcome.




And that’s why we invented the new Choice™ browser. It gives you a choice in what and to whom, you want to share your personal data with.