Category: News (page 1 of 4)

Helping publishers and advertisers move past the ad blockade


Those are the three market conversations happening in the digital publishing world. Let’s look into what they’re saying, and then what more they can say that’s not being said yet.

A: Publisher-Reader

Publishing has mostly been a push medium from the start. One has always been able to write back to The Editor, and in the digital world one can tweet and post in other places, including one’s own blog. But the flow and power asymmetry is still push-dominated, and the conversation remains mostly a one-way thing, centered on editorial content. (There is also far more blocking of ads than talk about them.)

An important distinction to make here is between subscription-based pubs and free ones. The business model of subscription-supported pubs is (or at least includes) B2C: business-to-customer. The business model of free pubs is B2B: business-to-business. In the free pub case, the consumer (who is not a customer, because she isn’t paying anything) is the product sold to the pub’s customer, the advertiser.

Publishers with paying subscribers have a greater stake — and therefore interest — in opening up conversation with customers. I believe they are also less interested in fighting with customers blocking ads than are the free pubs. (It would be interesting to see research on that.)

B. Publisher-Advertiser

In the offline world, this was an uncomplicated thing. Advertisers or their agencies placed ads in publications, and paid directly for it. In the online world, ads come to publishers through a tangle of intermediaries:


Thus publishers may have no idea at any given time what ads get placed in front of what readers, or for what reason. In service to this same complex system, they also serve up far more than the pages of editorial content that attracts readers to the site. Sight unseen, they plant tracking cookies and beacons in readers’ browsers, to follow those readers around and report their doings back to third parties that help advertisers aim ads back at those readers, either on the publisher’s site or elsewhere.

We could explore the four-dimensional shell game that comprises this system, but for our purposes here let’s just say it’s a B2B conversation. That it’s a big one now doesn’t mean it has to be the only one. Many others are possible.

C. Reader-Advertiser

In traditional offline advertising, there was little if any conversation between readers and advertisers, because the main purpose of advertising was to increase awareness. (Or, as Don Marti puts it, to send an economic signal.) If there was a call to action, it usually wasn’t to do something that involved the publisher.

A lot of online advertising is still that way. But much of it is direct response advertising. This kind of advertising (as I explain in Separating Advertising’s Wheat and Chaff) is descended not from Madison Avenue, but from direct mail (aka junk mail). And (as I explain in Debugging adtech’s assumptions) it’s hard to tell the difference.

Today readers are speaking to advertisers a number of ways:

  1. Responding to ads with a click or some other gesture. (This tens to happen at percentages to the right of the decimal point.)
  2. Talking back, one way or another, over social media or their own blogs.
  3. Blocking ads, and the tracking that aims them.

Lately the rate of ad and tracking blocking by readers has gone so high that publishers and advertisers have been freaking out. This is characterized as a “war” between ad-blocking readers and publishers. At the individual level it’s just prophylaxis. At the group level it’s a boycott. Both ways it sends a message to both publishers and advertisers that much of advertising and the methods used for aiming it are not welcome.

This does not mean, however, that making those ads or their methods more welcome is the job only of advertisers and publishers. Nor does it mean that the interactions between all three parties need to be confined to the ones we have now. We’re on the Internet here.

The Internet as we know it today is only twenty years old: dating from the end of the NSFnet (on 30 April 1995) and the opening of the whole Internet to commercial activity. There are sand dunes older than Facebook, Twitter — even Google — and more durable as well. There is no reason to confine the scope of our invention to incremental adaptations of what we have. So let’s get creative here, and start by looking at, then past, the immediate crisis.

People started blocking ads for two reasons: 1) too many got icky (see the Acceptable Ads Manifesto for a list of unwanted types); 2) unwelcome tracking. Both arise from the publisher-advertiser conversation, which to the reader (aka consumer) looks like this:


Thus the non-conversation between readers blocking ads and both publishers and advertisers (A and C) looks like this:


So far.

Readers also have an interest in the persistence of the publishers they read. And they have an interest in at least some advertisers’ goods and services, or the marketplace wouldn’t exist.

Thus A and C are conversational frontiers — while B is a mess in desperate need of cleaning up.

VRM is about A and C, and it can help with B. It also goes beyond conversation to include the two other activities that comprise markets: transaction and relationship. You might visualize it as this:


From Turning the customer journey into a virtuous cycle:

One of the reasons we started ProjectVRM is that actual customers are hard to find in the CRM business. We are “leads” for Sales, “cases” in Support, “leads” again in Marketing. At the Orders stage we are destinations to which products and invoices are delivered. That’s it.

Oracle CRM, however, has a nice twist on this (and thanks to @nitinbadjatia of Oracle for sharing it*):

Oracle Twist

Here we see the “customer journey” as a path that loops between buying and owning. The blue part — OWN, on the right — is literally the customer’s own-space. As the text on the OWN loop shows, the company’s job in that space is to support and serve. As we see here…

… the place where that happens is typically the call center.

Now let’s pause to consider the curb weight of “solutions” in the world of interactivity between company and customer today. In the BUY loop of the customer journey, we have:

  1. All of advertising, which Magna Global expects to pass $.5 trillion this year
  2. All of CRM, which Gartner pegs at $18b)
  3. All the rest of marketing, which has too many segments for me to bother looking up

In the OWN loop we have a $0trillion greenfield. This is where VRM started, with personal data lockers, stores, vaults, services and (just in the last few months) clouds.

Now look around your home. What you see is mostly stuff you own. Meaning you’ve bought it already. How about basing your relationships with companies on those things, rather than over on the BUY side of the loop, where you are forced to stand under a Niagara of advertising and sales-pitching, by companies and agencies trying to “target” and “acquire” you. From marketing’s traditional point of view (the headwaters of that Niagara), the OWN loop is where they can “manage” you, “control” you, “own” you and “lock” you in. To see one way this works, check your wallets, purses, glove compartments and kitchen junk drawers for “loyalty” cards that have little if anything to do with genuine loyalty.

But what if the OWN loop actually belonged to the customer, and not to the CRM system? What if you had VRM going there, working together with CRM, at any number of touch points, including the call center?

So here are two questions for the VRM community:

  1. What are we already doing in those areas that can help move forward in A and B?
  2. What can we do that isn’t being done now?

Among things we’re already doing are:

  • Maintaining personal clouds (aka vaults, lockers, personal information management systems, from which data we control can be shared on a permitted basis with publishers and companies that want to sell us stuff, or with which we already enjoy relationships.
  • Employing intelligent personal assistants of our own.
  • Intentcasting, in which we advertise our intentions to buy (or seek services of some kind).
  • Terms individuals can assert, to start basing interactions and relationships on equal power, rather than the defaulted one-way take-it-or-leave-it non-agreements we have today.

The main challenge for publishers and advertisers is to look outside the box in which their B2B conversation happens — and the threats to that box they see in ad blocking — and to start looking at new ways of interacting with readers. And look for leadership coming from tool and service providers representing those readers. (For example, Mozilla.)

The main challenge for VRM developers is to provide more of those tools and services.

Bonus links for starters (again, I’ll add more):

How music lovers can fix the broken music business and stop screwing artists

In Taylor Swift, Spotify and the Musical Food Chain Myth, musician Doria Roberts (@DoriaRoberts) details a problem that we’ve been hearing about for the duration:  artists have been getting screwed by the music industry, which now includes streaming services such as Spotify, paying tiny fractions of a penny for every tune everybody hears through them. She writes,

…not only have physical CD sales been down, but also the digital money I used to get from legal downloads all but disappeared. Instead of getting weekly payments ranging between $200-$750 from my distributor, I started getting an average $11.36, once a month from all streaming services combined. Yes, $11.36/month is what I get from all of them. That is not a sustainable business model for a truly independent artist.

And it will get worse as streams gradually become the main source for music. Signs and portents in that direction:

Doria also offers some answers:


As a consumer and a fan, you are at the top of this food chain, not the bottom. You are not subject to the whims of popular culture; you are the arbiter of it. If you want to see less “fluff” in the music industry, if you want to see your artists remain authentic, creative and prolific beings and, if you want them to come back to your hometowns:

1. Start buying our music again. Digital, hard copy, doesn’t matter, just pay for it. If you can pay $4 for a coffee, you can pay $9.99 for something meaningful that you’ll enjoy forever.

2. Stop using streaming services that only pay us $.0006 per listen if you don’t already own our music either via a legal download or a hard copy. Educate yourself. If you think the profits that oil companies make are obscene, I urge you to do some digging about what some of these streaming companies are really about. [Editor’s note: Spotify claims to have paid Taylor Swift over $2 million dollars in streaming royalties. Her label says that’s not even close to the truth.]

3. And, this is important: Set your DVRs on your favorite show nights and go to our concerts. If I had a dime for every time a person told me they weren’t able to make my show because it was the finals of DWTS or The Voice, I wouldn’t be writing this post. I’d be sitting in a bungalow in Costa Rica sipping something fruity and delicious.

Simple solutions sometimes require difficult choices. Oh, and this goes for independent movies, books, indie/feminist bookstores, small venues and small businesses, too. Just know this: you have the power to change the cultural landscape around you. Use that power wisely.

In reply below, I wrote,

All the course-reversing suggestions are good, but also assume that the only possible choices are the ones we have now. This has never been the case. We can invent new choices — new solutions for this already-old problem.

I believe the best solutions are those that make it very easy for consumers to pay whatever they want for whatever they like (and not just music).

One outline for this is EmanciPay, at ProjectVRM: . My own idea for an expression of EmanciPay is a user-side system set up to automatically pay (or pledge to pay) a penny per listen to any song heard anywhere, including one’s own music collection. That’s a high multiple of whatever coercive rates are being extracted on the supply side of the marketplace today — and in the whole future, which will suck.

Way back in ’98, when the DMCA birthed the ancestor of today streamed music royalty regime, it framed coercive rates with this context: “in the absence of a willing buyer and a willing seller.”

So let’s quit working only the seller-side of the marketplace. Let’s equip the willing buyer.

If anybody wants to work on the code for that, contact me (I’m not hard to find). We’ll get a posse together and go do it. Given the sum of existing code in the world already, it shouldn’t be too hard.

If we really are at the top of the food chain, we need better ways to pay for what we eat. If we don’t come up with those, all we will have are government-regulated ways to screw both the artists and the media. (Ask Spotify and Pandora how much they’re profiting in the current system.)

What we have today with streaming is guided by language like this (from the last link above):

…rates for the statutory licenses for webcasting and for ephemeral recordings must be the rates that most clearly represent the rates that would have been negotiated in the marketplace between a willing buyer and a willing seller. —

The boldface is mine. Here’s my point: Regulators and their captors in the record industry have believed from the start that listeners to streams cannot be willing buyers.

I want to prove them wrong.

The time wasn’t right when we started writing about this back in the late ’00s.  But now it is. Let’s do something about it.


On its 10th Anniversary, Firefox gets even more VRooMy

I just upgraded Firefox from 33.0.1 to 33.1 — the 10th Anniversary edition. When it came up, I was greeted by welcome notes and a tour that begins with this:

Firefox screen shot


And that’s just one of the new privacy-respecting goodies that come with the latest version. watch this video:


Here’s the script (with a different voice for each line), which I just transcribed:

Who owns the Internet?

The answer is no one.

The answer is everyone.

Which is why thousands of volunteers around the globe give  their time and talent

To create an Internet experience that’s owned by everyone.

And  doesn’t own you.

Where your information isn’t being bought and sold.

Where power is in your hands.

Not in a corporate database.

That’s why ten years ago we created Firefox.

Nonprofit. Non-corporate. Non-compromised.

Choosing Firefox isn’t just choosing a browser.

It’s a vote for personal freedom.

It’s how we keep your independence online burning bright.

ProjectVRM has been about two things from the start: engagement and independence. All browsers are tools for engagement. But only one stands for independence.  Hat’s off to the Mozilla and Firefox teams for standing on the side of everybody. And happy 10th anniversary.

Bonus link: a search for more on Firefox v.33.1.

State of the VRooM, 2014

As of today, ProjectVRM is eight years old.

So now seems like a good time for a comprehensive (or at least long) report on what we’ve been doing all this time, how we’ve been doing it, and what we’ve been learning along the way.

ProjectVRM has always been both a group effort and provisional in its outlook and methods. So look at everything below as a draft requiring improvement, and send me edits, either by email (dsearls at cyber dot law dot harvard dot edu) or by commenting below.


After eight years of encouraging development of tools and services that make individuals both independent and better able to engage, ProjectVRM (VRM stands for vendor relationship management) is experiencing success in many places; most coherently in France, the UK and Oceania (Australia and New Zealand). There are now dozens of VRM developers (though many descriptors besides VRM are used), and investor interest is shifting from the “push” to the “pull” side of the marketplace. Government encouragement of VRM is strongest in the UK and Australia.  ProjectVRM and its community are focused currently on “first person” technologies, privacy, trust, identity (including anonymity), relationship (including experience co-creation), substituability of services and the Internet of Things. Verticals are personal information management, relationship (VRM+CRM), identity, on-demand services, payments, messaging (e.g. secure email), health, automotive and real estate.  There are many possibilities for research, possibly starting with the effects on business of individuals being in full control of their sides of agreements with companies.

Here are shortcuts to each section:

  1. History
  2. Development
  3. Community
  4. Influence
  5. Issues
  6. Verticals
  7. Investment
  8. Research
  9. Questions

1. History

ProjectVRM is one of many research projects at the Berkman Center for Internet and Society at Harvard University. It started when I began a four-year fellowship at Berkman in September, 2006. In those days Berkman fellows were encouraged to work on a project. I had lots of guidance from Berkman staff and other veterans; but what best focused my purpose was something Terry Fisher said at one of the orientation talks. He said Berkman did its best to be neutral about the subjects it studies, but also that “we do look for effects.”

The effect-generating work for which I was best known at the time was The Cluetrain Manifesto, which I co-authored seven years earlier with Chris Locke, David Weinberger and Rick Levine. By most measures Cluetrain was a huge success. The original website launched a meme that won’t quit, and the book that followed was a bestseller.(It still sells well today). But I felt that its alpha clue, written by Chris Locke, still wasn’t true. It said,

we are not seats or eyeballs or end users or consumers.
we are human beings and our reach exceeds your grasp. deal with it.

There is a theory in there that says the Internet gives human beings (the first person we) the reach they need to exceed the grasp of marketers (the second person your).

So either the theory wasn’t true, or the Internet was a necessary but insufficient condition for the theory to prove out. I went with the latter and decided to to work on the missing stuff.

That stuff couldn’t come from marketers, because they were on the second person side. In legal terms, they were the second party, not the first. This is why their embrace  of  Cluetrain’s “markets are conversations” couldn’t do the job. Demand needed help that Supply couldn’t provide. What we needed, as individuals, were first party solutions — ones that worked for us.

The more I thought about the absence of first party solutions, the more I realized that this was a huge hole in the marketplace: one that was hard to see from the client-server perspective, always drawn like this:


While handy and normative, client-server is also retro. Here’s a graphic from Virtual Teams: People Working Across Boundaries with Technology (Jessical Lipnack and Jeffrey Stamps, 2000,  p. 47) that puts it in perspective:


Client-server is hierarchical, bureaucratic industrial and agricultural (see the image below). But it’s also most of what we experience on the Web, and also where the entirety of the supply side sits. So, even if Cluetrain is right when it says (in Thesis #7) “hyperlinks subvert hierarchy,” subversion goes slow when the people running the servers are in near-absolute control and hardly care at all about links. In less abstract terms, what we have on the Web is this:


As clients we go to servers for the milk of text, graphics, sound and videos. We get all those, plus cookies (and other tracking methods) to remember who we are and where we were the last time we showed up. And, since we’re just clients, and servers do all the heavy lifting  (and with technology what can be done will be done) the commercial Web’s ranch has turned into what Bruce Schneier calls Our Internet surveillance state.

By 2006 it was already clear to me that we could make the whole marketplace a lot bigger if individuals were fully capable human beings and not just calves — if we equipped Demand to drive Supply at least as well as Supply drives Demand.

To help people imagine what will happen when Demand reaches full power, I wrote a Linux Journal column a few months earlier, titled “The Intention Economy.” Here’s the gist of it:

The Intention Economy grows around buyers, not sellers. It leverages the simple fact that buyers are the first source of money, and that they come ready-made. You don’t need advertising to make them.

The Intention Economy is about markets, not marketing. You don’t need marketing to make Intention Markets.

The Intention Economy is built around truly open markets, not a collection of silos. In The Intention Economy, customers don’t have to fly from silo to silo, like a bees from flower to flower, collecting deal info (and unavoidable hype) like so much pollen. In The Intention Economy, the buyer notifies the market of the intent to buy, and sellers compete for the buyer’s purchase. Simple as that.

The Intention Economy is built around more than transactions. Conversations matter. So do relationships. So do reputation, authority and respect. Those virtues, however, are earned by sellers (as well as buyers) and not just “branded” by sellers on the minds of buyers like the symbols of ranchers burned on the hides of cattle.

The Intention Economy is about buyers finding sellers, not sellers finding (or “capturing”) buyers.

In The Intention Economy, a car rental customer should be able to say to the car rental market, “I’ll be skiing in Park City from March 20-25. I want to rent a 4-wheel drive SUV. I belong to Avis Wizard, Budget FastBreak and Hertz 1 Club. I don’t want to pay up front for gas or get any insurance. What can any of you companies do for me?” — and have the sellers compete for the buyer’s business.

This car rental use case is one I’ve used to illustrate what would be made possible by “user-centric” or “independent” identity, which was also the subject of the cover story in last October’s Linux Journal, plus this piece a year earlier, and various keynotes I’ve given at Digital Identity World, going back to 2002. It is also the use case against which the new open source Higgins project was framed.

Even though I’ve been thinking out loud about Independent Identity for years, I didn’t have a one-word adjective for the kind of market economy it would yield, or where it would thrive. Now, thanks to all the unclear talk at eTech about attention, intentional is that adjective, because intent is the noun that matters most in any economy that gives full respect to what only customers can do, which is buy.

Like so many other things that I write about (including everything I’ve written about identity), The Intention Economy is a provisional idea. It’s an observation that might have no traction at all. Or, it might be a snowball: an core idea with enough heft to roll, and with enough adhesion to grow, so others add their own thoughts and ideas to it.

So that’s the purpose I chose for my new Berkman project: to get a snowball of development rolling toward the Intention Economy.

The project has been lightweight from the start, consisting of myself* and other volunteers. Our instruments are this blog, a wiki, a mailing list and events. In gatherings of project volunteers at Berkman and elsewhere, we narrowed our focus to encouraging development of tools for independence and engagement. That is, tools that would make individuals both independent of other entities (especially companies) and better able to engage with them. These shaped the principles, goals and tools listed on our wiki.

The term VRM came about accidentally. I was talking about my still-nameless project on a Gillmor Gang podcast in October 2006. Another guest on the show, Mike Vizard, started using the term VRM, for Vendor Relationship Management — or the customer-side counterpart of CRM, for Customer Relationship Management, which was then about a $6.2 billion B2B software and services industry.  (It’s now past $20 billion.) The Gillmor Gang is a popular show, and the term stuck. It wasn’t perfect (we wanted a broader focus than “vendors,” which is also a B2B term, rather than C2B). But the market made a decision and we ran with it. Since then VRM has gained a broader meaning anyway. Every thing (hardware, software, policies, legal moves) that enables an individual to interact with full agency in any relationship is a  VRM thing. “RM” turns out to  be handy for sub-categories as well, such as GRM (government relationship management) and HRM (health relationship management).

ProjectVRM has always been unusual for Berkman in two ways. One is that it has been focused on business — the commercial side of the “society” in Berkman’s name. The other is that it put the development horse ahead of the research cart. So, while we always wanted to do research (and did some along the way, such as with ListenLog), we felt it was important to create research-worthy effects first.

My first mistake was thinking we would have those effects within a year. My second mistake was thinking we would have them within four years — the length of my fellowship. It has taken twice that long, and still requires one more piece. More about that below, in the Research and Opportunities sections.

In its early years, when it was pure pioneering, ProjectVRM had a lot of volunteer organizational help. There were weekly conference calls and meetings, and events held in Cambridge, London, San Francisco and elsewhere. But the main gatherings from the start were at the Internet Identity Workshop (IIW), an unconference I co-organize at the Computer History Museum in Mountain View. (Our next VRM Day is 27 October. Register here.)

IIW also started with Berkman help. It was first convened as a group I pulled together for a December 31, 2004 Gillmor Gang podcast on identity. Steve Gillmor called the nine participants in the show “The Identity Gang.” The conversation continued by phone and email, with growing energy. So we convened again, this time in person with a larger group, in February 2005 at Esther Dyson’s PC Forum in Scottsdale, Arizona. It was there that John Clippinger asked if we would like “a clubhouse” at Berkman. I said yes, and John had Paul Trevithick create a Berkman site for the gang. As interest collected around the site and its list, three members — Phil Windley (then CIO of Utah), Kaliya Hamlin (aka “IdentityWoman“) and I morphed the gang meetings into IIW, which met for the first time in Fall of 2005. Our 19th is coming up on 28-30 October. (Register here.)  It tends to have 180-250 participants from all over the world. While identity remains the central theme, as an unconference its topics can be whatever participants choose. VRM is always a main focus, however. And we always have a “VRM Day” at the Museum the day before IIW. The next is on 27 October. It’s free.

The Identity Gang  also grew out of other efforts by a number of individuals and groups:

I’ll leave it at those for now. Others can add to it and help me connect the dots later. What matters is that ProjectVRM has both roots and branches that intertwine with the digital identity movement. I unpack more in the Community section below. Meanwhile it is essential to note that Kim Cameron’s Seven Laws of Identity had a large guiding influence on ProjectVRM. This is partly because they were all good laws, but mostly because they came from the individual’s side:

  1. User control and consent
  2. Minimal disclosure for a constrained use
  3. Justifiable parties (“disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship”)
  4. Directed identity (“facilitating discovery while preventing unnecessary release of correlation handles”)
  5. Pluralism of operators and technologies
  6. Human integration
  7. Consistent experience across contexts

As you see, all of those should apply just as well to VRM tools and services.

We have had two interns in our history, both hugely helpful. The first was Doug Kochelek, an HLS law student with a BS and a EE from Rice. He came on board at the very beginning, in September 2006. He’s the guy who worked with Berkman’s Geek Cave to create the wiki, the blog and the list. He also shook down many technical problems along the way. The second was Alan Gregory, a 2009 summer intern and a law student at the University of Florida. Alan helped with research on the chilling effects of copyright expansion on Web streaming, which was a focus of a research project we did with PRX called ListenLog — a self-tracking feature installed in PRX’s Public Media Player iPhone app. (Here’s a presentation Alan and I did at a Fellows Hour.) ListenLog was the brainchild of Keith Hopper, then of NPR, and was years ahead of its time. Work on those projects was funded by a grant from the Surdna Foundation.

To keep its weight light and its work focused on development and relevant issues, ProjectVRM does not have its own presence on Twitter or Facebook. Its social media activity is instead comprised of postings by individual participants in the project, and the memes they drive. #VRM, for example, gets tweeted plenty, and has come to serve as shorthand for individual empowerment.

In 2007 we did a good job of publicizing what VRM and ProjectVRM were about, and got a lot of buzz. It was  premature, and our first big lesson: it’s not good to publicize anything for which the code isn’t ready. In the absence of code, it’s easy for commentators (such as here) to assume that what we’re trying to do can’t be done.

So we got more heads-down after that, and avoided publicity for its own sake.

not_iball1Still, the idea of VRM is attractive, especially to folks at the leading edge of CRM. This is what caused nearly an entire issue of CRM magazine to be devoted to VRM ,in May 2010. It too was ahead of its time, but it helped. So did two books that came out the same year: John Hagel’s The Power of Pull, and David Siegel’s Pull: The Power of the Semantic Web to Transform Your Business. John also helped in June 2012 with The Rise of Vendor Relationship Management.

That essay was a review of  The Intention Economy: When Customers Take Charge, which arrived in May from Harvard Business Review Press. The book reported on VRM development progress and detailed the projected shifts in market power that I first called for in my 2006 column with the same title.

While  The Cluetrain Manifesto has been a bigger seller, The Intention Economy Intention-economy-cover has had plenty of effects. Currently, for example, it is informing the work of Mozilla’s commercial arm, headed by Darren Herman, who this year hired @SeanBohan from the VRM talent pool. (Here’s a talk I gave at Mozilla in New York last month.) On the publicity side, the book was compressed to a Wall Street Journal full-page Review section cover essay titled “The Customer as a God.”

So far ProjectVRM has one spin-off: Customer Commons, a California-based nonprofit. Its mission is “restore the balance of power, respect and trust between individuals and organizations that serve them.” CuCo is a membership organization with the immodest ambition of attracting “the 100%.” In other words, all customers. And it is modeled to some degree on Creative Commons CustomerCommonsLogo4(a successful early Berkman spin-off), by serving as the neutral place where machine- and person-readable versions of personal terms, conditions, policies and preferences of the individual can be maintained. Among those terms will be those restricting or preventing unwanted tracking, and among those policies will be those establishing the boundaries we call privacy. Customer Commons is a client of the Cyberlaw Clinic, which is helping develop both. But much more can be done. We’ll visit that in the Opportunities section below.

2. Development

The list of VRM developers is now up to many dozens. While most don’t use the term “VRM” in marketing their offerings (nor do we push it), the term is gathering steam. For example, while updating the developers list a few minutes ago, I found two new companies that use VRM in the description of their offerings: InformationAnswers (“Where CRM meets VRM.”) and PeerCraft (“The main purpose for PeerCraft is to support Vendor Relation Management.”)

Some developers on our list are now familiar brands, though none started that way, and most did not exist when ProjectVRM began. Some of the successes (e.g. Uber and Lyft) have not been directly engaged with ProjectVRM, but are listed because they are what we call “VRooMy.” Other successes (e.g., and GetSatisfaction) have been engaged, one way or another. One that got a lot of notice lately is Thumbtack, for picking up a $100 million investment from Google. That’s atop the $30 million they got earlier this year.

In fact many VRM developers are now having an easier time getting money, thanks to a trend on which ProjectVRM has had influence: a shift of market interest away from “push” (e.g. advertising) and toward “pull” (e.g. VRM). (More about investment below.)

Several years ago, a bunch of VRM developers (and I) worked on developing SWIFT’s Digital Asset Grid. (SWIFT is the main international system for moving money around, and is headquartered in Belgium.) The code is open source, as is other VRooMy work in the financial sector. (Such as the stuff being done by the Romanian company I wrote about here.) OIX also maintains a set of “trust frameworks,” one of which is at the heart of the Respect Network, which I’ll unpack below.

While there is a lot of development in the U.S., and there are VRM startups scattered around the world, the three main hotbeds of activity are the UK, France and Oceania (Australia and New Zealand). Each is a community of its own, cohering in different ways. It’s helpful to visit each, because they represent unique contexts and resources for moving forward.

The UK

In the UK, government is central, through a role one official there calls “being a giant consumer of personal data from citizens.” It gets that data either from individuals directly or from companies that provide individuals with what are called variously called personal clouds, data stores, lockers and vaults. While all these companies perform as intermediaries, they work primarily for the individual. To differentiate this new class of company from traditional third parties, ProjectVRM calls them “fourth parties”. (That term is alien to lawyers, but is catching on anyway. For example, there is a new VRM company in Australia with the name “4th Party.”)

Leading the UK government in a VRooMy direction from the inside is in the Efficiency and Reform Group of the Government Digital Service (GDS) in the Cabinet Office.  In this presentation by Chris Ferguson, Deputy Director of the GDS we see the government pulling in big companies (e.g. Google, Equifax, Lexis-Nexis, Experian, Paypal, Royal Mail, BT, Amazon, O2, Symantec) to legitimize and engage fourth parties serving individuals (e.g. Mydex, Paoga and Allfiled).

Two outside groups working with the UK government are Ctrl-Shift and OIX (Open Identity Exchange). Ctrl-Shift is a research consultancy that has been engaged with ProjectVRM from the beginning. OIX is a Washington-based international .org focused on ‘building trust in online transactions.’


VRM is a familiar and well-understood concept in France. There are meetups (such as this one) and many VRooMy startups, such as Privowny (led by French folk and HQ’d in Palo Alto), CozyCloud, and OneCub. A big organizational driver of VRM in France is, a think tank that brings together large companies (e.g. Carrefour, Societe General, Orange and LaPoste) with small companies such as the ones I just mentioned. They do this around research projects. For example, ProjectVRM informed Fing’s Mesinfos research project (described here).


If we were to produce a heat map of VRM activity, perhaps the brightest area would be Australia and New Zealand. I’ve been down that way three times since June of last year, to help developers and participate in meetings and events. As with the UK, government in Australia is very supportive of VRM development, and with empowering individuals generally. (We met with three agencies on one of the trips: one with the federal government in Canberra and two with the New South Wales government in Sydney. One of them called citizens “customers” of government services, because “they pay for them.”) Startups there include Flamingo, Meeco, Welcomer, Geddup,4th Party, Fifth Quadrant, Onexus and the New Zealand based MyWave.

Recent changes in Australian privacy policy also attract and support VRM development. Australian companies (and government agencies) collecting personal data from people on the Web (or anywhere) are now required to make that data available to those people to use as they please. (Or so I understand it.) This gives Canberra-based Welcomer, for example, a reason to exist. Welcomer makes “private data dashboards” that “show collected summaries of the personal data held by organisations and by individuals including the person themselves. The dashboard gives a summary of personal data with the ability to link through to the source data (where required).”

This summer, the first commercial community to grow out of ProjectVRM work, the Respect Network (which Privacy By Design (PbD) calls the “World’s First Global Private Cloud Network”) held a world tour to launch the community and stimulate funding for members’ common goals, standards and code development. I was on the tour (London, San Francisco, Sydney, Tel Aviv), and wrote a report on the ProjectVRM blog. (Naturally, I shot pictures. Those are here. I also spoke at each venue. One of my Sydney talks is here.)

3. Community

To understand where ProjectVRM fits in the world, and how it works, I like the Competing Values Framework by Kim S. Cameron (no relation to the one above), Robert E. Quinn, Jeff DeGraff and Anjan Thakor:

Screen Shot 2014-09-01 at 5.48.45 PM

While there are many VRM developers operating in the lower half of that graphic, what ProjectVRM does is in the upper half of that diagram.  We have a collaborative clan of flexible and creative individuals in an adhocracy, working together on long-term transformational change.

Pretty much everything that gets criticized about our efforts falls in the lower half. That’s because we have no hierarchy and don’t work to control what anybody does. And progress on the whole  has been slow. (Though there are exceptions, such as Uber, Lyft and Thumbtack.)

That graphic is just one of many helpful ones in David Ronfeldt‘s Organizational forms compared, which he’s been updating since first publishing it in May 2009. One reason it is helpful is that the hierarchical short-term stuff is obvious and easily understood, while collaborative long term stuff is much harder to grok. It’s like the difference between weather and geology. Which makes me think that graphic should be flipped vertically: slow stuff on the bottom, fast stuff at the top. That’s what the Long Now foundation does with this graphic, which I’ve always loved:

layers of time

The change we want most is down in the culture, governance and infrastructure layers, even though our focus is on commerce. This also explains why we run into trouble when we play with fashion. The last thing we want is for VRM to be cool. (This is also a lesson I learned and re-learned over two decades of watching Linux, free software and open source for Linux Journal.)

The following graphics are all from David Ronfeldt’s scholastic gatherings. Each in its own way helps explain how our community works — and how it doesn’t. First, from one of Bob Jessop‘s many papers on governance and metagovernance (this one from 2003):

jessop figure

That’s our column on the right.

Then there is this, from Federico Iannacci and Eve Mitleton–Kelly’s Beyond markets and firms: the emergence of Open Source networks (First Monday, May, 2005):


That’s us in the middle. We’re a stable and decentralized heterarchy that coordinates by mutual adjustment.

Then there is this from Karen Stephenson‘s Neither Hierarchy nor Network: An Argument for Heterarchy (in Ross Dawson’s Trends in the Living Networks, April, 2009):


Again that’s us on the right.

Something I like about those last two is the respect they give to heterarchy, which has been a focus for many years of Adriana Lukas, another VRM stalwart who has been with the project since before the beginning. Here’s her TED talk on the subject.

Finally, there is this graphic, from  Clay Spinuzzi‘s Toward a Typology of Activities (2013):


In Spinuzzi’s Losing by Expanding: Corralling the Runaway Object, an object is identified as “a material or problem that is cyclically transformed by collective activity.” With our tacit, inductive and flexible approach, this also characterizes the way our community works.

One can see all this at work on the ProjectVRM mailing list, an active collection of 615 subscribers. We also meet in person twice a year at IIW, starting one day in advance of the event, with “VRM Day.” This adds up to a total of at least eight days per year of in-person collaboration time.

Most of the rest of the VRM community meets locally, or through the organizing work of organizations such as Respect Network (U.S. based, but spanning the world) and Fifth Quadrant (Sydney based, and focused on Australia and New Zealand).

There are many other organizations with which ProjectVRM is well aligned. Among them are:

If things go the way I expect, Mozilla will also emerge as a center of VRM interest and development as well. (For example, I expect VRM to be a topic in October at MozFestival in the U.K.

4. Influence

Nearly all VRM influence derives from the work of its volunteers and its developers. “Markets are conversations,” Cluetrain said, and we drive a lot of those. But they rarely get driven exactly the way I, or we, would like. Conversations are like that. EIC awardSo are heterarchical networks. Everybody wants to come at issues from their own angle, and often with their own vocabulary. We see that especially with analysts and think tanks. None of them like the term VRM. (In fact lots of developers avoid it as well. I don’t blame them, but we’re stuck with it.) Ctrl-Shift, for example, calls fourth parties PIMS, for Personal Information Management Services. Kuppinger-Cole, which gave ProjectVRM an award in 2008 (that’s the trophy on the right), insists on the term “Life Management Platforms.” (I pushed it for awhile. Didn’t take.) Here in the U.S., Forrester Research calls the same category PIDM for Personal Identity and Data Management. We don’t care, because we look for effects.

As for the influence of others on ProjectVRM, there are too many to list.

5. Issues

Privacy is the biggest one right now. (A Google search brings up more than five billion results). We’ve done a lot to drive interest in the topic, and have brought thought leadership to the topic as well. (Here is one example.) On behalf of ProjectVRM, I’ve participated in many privacy-focused events, such as the Data Privacy Hackathon earlier this year, and at GovLab gatherings such as the one reported on here. I’m also in Helen Nissenbaum‘s Privacy Research Group at the NYU Law School, where I presented ProjectVRM developers’ privacy work on February 26 of this year.

Tied in with privacy online, or lack of it, is users’ need to submit to onerous terms of service and meaningless privacy policies. Those terms, also called contracts of adhesion, have been normative ever since industry won the industrial revolution, but have become especially egregious in the online world. Today there is a crying need both for better terms on the sites’ and services’ side, and for terms individuals can asset on their side. From the beginning ProjectVRM has been focused mostly on the latter.

Trust is another huge issue, also tied with privacy. ProjectVRM has both encouraged and influenced the growth of “trust frameworks” such as the Respect Trust Framework and others (there are five) at OIX, as well as Open Mustard Seed and OpenPDS under IDcubed at the MIT Media Lab.

VRM+CRM has been a focus from the start, but the timing has not been right until now. At the beginning, we expected CRM companies to welcome VRM. Press and analysts in the CRM space were encouraging from the start (CRM Magazine devoted an entire issue to it in 2010), but the big CRM companies showed little interest, until this year.

Sitting astride or beside VRM and CRM is a category variously called CX (for Customer Experience), CRX (for Customer Relationship Experience), EM (for Experience Management) CEM or CXM (for Customer Experience Management) and other two and three-letter initialisms. Another happening in the midst of all these is “co-creation” of customer experience. The purpose here is to bring customers and companies together to co-create experience in a lab-like setting where research can be done. This is what Flamingo does in Australia. In a similar way, MyWave in New Zealand (with developers in Australia) “puts the customer in charge of their data and the experience” for a “direct ‘segment of one’ relationship with businesses.”

With the Internet of Things (IoT) heating up as a topic, there is also an increased focus, on the “own cycle,” rather than the “buy cycle” of the customer experience. I explain the difference here, using this graphic from Esteban Kolsky:


In our lives the own cycle is in fact the largest, because we own things — lots of them — all the time and are buying things only some of the time. In fact, most of the time we aren’t buying anything, or even close to looking. This is a festering problem with the advertising-driven commercial Web, which assumes that we are constantly in the market for whatever it is they push at us. In addition to not buying stuff all the time, we are employing more and more ways of turning advertising off (ad blockers are the top browser extensions). For advertising and ad-supported companies, including millions of ad-supported publishers on the Web, this is a mounting crisis. According to an August 2013 PageFair report, “up to 30% of web visitors are blocking ads, and that the number of adblocking users is growing at an astonishing 43% per year.” In The Intention Economy, I called online advertising a “bubble” and I stand by the claim. It’s just a matter of time.

As the stuff we own gets smart, and as more of it finds its way onto the Net service becomes far more important to companies than sales. And VRM developers are laying important groundwork in service. I wrote about this in Linux Journal last year, drawing special attention to the pioneering work led by Phil Windley, who has been a VRM stalwart since before the beginning. In fact it’s Phil’s work that makes clear that things themselves don’t need to be smart to exist on the Internet. All they need is clouds that are smart, which Phil calls picos for persistent computing objects. In this HBR post I explain how the shared clouds of products can be platforms for relationship between company and customers , with learnings flowing in both directions.

Meanwhile, VRooMy companies like trōv are helping individuals do more with what they own — taking their valuables, and making them more valuable.

6. Verticals


This was the first for VRM, and it’s still a primary interest. We need tools on the individual’s side for managing many relationships. There still is not a good “relationship dashboard,” though there are a number of efforts in this direction. But as soon as we have code on the VRM side that matches up with code on the CRM side (including, for example, call centers, which are also interested in VRM), we’ll rock.


Even though ProjectVRM’s mission is centered around relationship and conversation, transaction is a big part of it too — just not the only part, as business often assumes. Our first efforts, starting in 2006, were around making it as easy as possible for individuals to donate money in one standard way to many different public radio stations.

We have been involved in many meetings and discussions around payments and secure data transactions, and some projects as well. We worked with SWIFT on the Digital Asset Grid, and have been in conversations with banks (e.g. Chase) and VISA Europe for a long time as well. With the rise of alternative currencies (e.g. Bitcoin), distributed accounting (e.g. Blockchain), digital wallets and other new means for transacting and accounting, there are many ways for VRM developments to play.


In what is being called “post-Snowden time,” many new secure and encrypted email approaches have evolved. While some are listed on the ProjectVRM developers list, we haven’t been very involved with them — at least not yet. But we are involved with developers working on privacy-protecting tools that can either be embedded in existing email systems or offer alternative communications “tunnels.”

Personal information Management

There are two breeds of development here.

One is fourth party services and code bases for managing and sharing personal data selectively online. There are now many of these. Some support self-hosting as well. (ProjectVRM has always been supportive of free software, open source, and the “first person technology” and “indie” movements.) One organization, the Respect Network, was created to provide a framework for substitutability of services and apps.

The other is code the individual uses to manage his or her own life, and connections out to the world. This is where calendar, email, IM, to-do lists, password managers and other convenience-producing apps for the connected world come together. There is no leader here, though there are many players, including Apple, Microsoft and Google.  So far, this area has only seen centralized and siloed players, with inherent security and data mining disadvantages. But recently, commercial and open source conversations about a decentralized approach to this opportunity have been taking place.

A test case for VRM that applies to both kinds of solutions is this: being able to change my address, my last name or my phone number for many services in one move. This is exactly what the UK government is calling for from citizens’ personal information management systems (what Ctrl-Shift calls PIMS). A citizen should be able to change her address for the Royal Mail, the Passport Office and the National Health Service, all at once. Bonus links: Making things open, making things better, by Mike Bracken in the Gov.UK Government Digital Service blog, where Mike’s prior post, Reading the Digital Revolution featured this illustration by our old friend Paul Downey:


Apple’s HealthKit and HomeKit, which go live with the release of iOS 8on 9 September, also have some VRM developers excited, because it will make this kind of integration at the individual end easy to do in two verticals: Health and Home Automation.


Early on with ProjectVRM, I avoided health as an issue, because I wanted to see real progress in my lifetime — and I felt that the situation in the U.S. was fubar. But other VRM folk did not agree, and have pushed VRM forward very aggressively in the health field. Dr. Adrian Gropper and Dr. Deborah Peel of Patient Privacy Rights have done a remarkable job of carrying the VRM flag up a very steep and slippery hill. Berkman veteran John Wilbanks is another active ProjectVRM volunteer whose work in health is broad, deep, influential and at the leading edge of the pioneering space where personal agency engages the wild and broken world of the U.S. health care system. Brian Behlendorf, the primary developer of the Apache Web server (which hosts the largest share of the world’s Web sites and services) and the CONNECT open source code base for health service collaboration, is also an active participant in ProjectVRM.

A number of VRM developers are working with, or paying close attention to, Apple’s HealthKit. In the words of one of those developers, “It’s very VRooMy.” HealthKit developments go live when Apple rolls out iOS 8 on 9 September.


While a number of car makers are eager to spy on drivers, Volkswagen has put a stake in the ground. In March, Volkswagen CEO Martin Winkerhorn gave a keynote at the Cebit show that drew this headline: “Das Auto darf nicht zur Datenkrake warden.” My rusty Deutsch tells me he’s saying the car shouldn’t be a data octopus.

Toward that end, Phil Windley’s Kickstarter-based  Fuse will give drivers and car owners all the data churned out of their cars’ ODB-II port, which was created originally for diagnostics at car dealers and service stations. With an open API around that data, developers can create apps to alert you to schedule maintenance, monitor your teen’s driving and much more.

Real Estate

The only products that cost us more than cars are homes. Here too we have a VRM advocate in Cambridge-based Bill Wendell of Real Estate Café. He has always been way ahead of his time, but it’s clear his time is coming. (Here’s Bill leading a session on VRM in Real Estate at IIW 18 in May.)

7. Investment

There is an upswing of investment in start-ups on the “pull” — the individual’s — side of the marketplace. Many wealthy individuals, some quite new to tech investing, perceive an opportunity in “pull” side tools, so interest is building, especially in angel funding. There are currently at least three initiatives coming together to invest in VRM or intention based start-ups in Silicon Valley and Europe. This is one of the outcomes of the last IIW (in May of this year), where investment emerged as a big theme, with a number of VC’s for the first time participating in IIW sessions. I’m involved in planning a VRM specific fund, which is still in its preliminary stages. If it moves forward (which I believe it will), it should come into shape by next year.

In some cases government is also involved. In the UK, for example, the SEIS (Seed Enterprise Investment Scheme) program offers huge tax incentives to angel investors.

8. Research

There are many questions we can probe with research, but only one I want to work on in the near term: What happens when individuals come to websites with their own agreeable terms?creativecommons-licenses

Such as, “I’m cool with you tracking me on your site, but don’t follow me when I leave.” And, on the site’s side,  “We’re cool with that.” In proper legalese, of course — but expressed on both sides in code and symbols that work like Creative Commons’ licenses (there on the right).

The Cyberlaw Clinic is already involved, though its work with Customer Commons on a broader set of terms than the one I just mentioned, and Berkman’s own  Privacy Tools for Sharing Research Data could assist with and follow the process, both through the term-creation process and as the terms get implemented in code and materialize on the Web.

We would be dealing with cooperative efforts that require this already. One is Respect Network’s Respect Connect “Login with Respect” button.  As I explain here, the terms of OIX’s Respect Trust frame require the setting of, and respect for, the boundaries of individuals. This can be done, even within the calf-cow framework of client-server.

Respect Connect  is based onXDI, which the Respect Trust Framework also specifies. XDI is a protocol that employs “link respect-connect-buttoncontracts.” Drummond Reed, the father of XDI (and CEO of the Respect Network) describes link contracts as “machine-readable XDI descriptions of the permissions an individual is giving to another party for access to and usage of the owner’s personal data.” Very handy. And binding. In code.

Mozilla has also made efforts in this same direction, most recently with  Persona (there on the right). signinWe can help them out with this work, and I am sure other and other browser makers will also want to get on board — which they should, and with Berkman’s convening power probably will.

At the end of the project we will have both standard terms for posting at Customer Commons and reference implementations hosted by Berkman, or shared by Berkman over Github or some other data repository.

And we would bring to the table many dozens of developers already eager to see increased agency and term-proffering power on the individual’s side. I can easily see privacy dashboards, on both the client and the server sides of websites.

(Thinking out loud here…) We could host focused discussions and invite participants (including law folk — especially students, from anywhere) to vet terms the way the IETF vets Internet standards: with RFCs, or Requests for Comments. Some open source code for this already exists with Adblock Plus’s white list for non-surveillance-based advertisers. I would hope they’d be eager to participate as well. We (ProjectVRM, the Berkman Center or Customer Commons) could publish lists of conformant requirements for website and Web service providers, and lists (or databases) of conformant ones.

This work would also separate respectful actors on the supply side of the marketplace from ones that want to stick with the surveillance model.

While there are lots of things we could do, this is the one I know will have the most leverage in the shortest time, and would be great fun as well.

It is also highly cross-disciplinary, with many lines of cooperation and collaboration within the university and out to the rest of the world. Right at Berkman we have the  Privacy Tools for Sharing Research Data project and its many connections to other centers at Harvard. Its mission — “to help enable the collection, analysis, and sharing of personal data for research in social science and other fields while providing privacy for individual subjects” — is up many VRM development alleys, especially around health care.

9. Questions

What if we fail?

What if it turns out that free customers are not more valuable than captive ones for most businesses? That’s been the default belief of big business ever since it was born.

What if the free market on the Net turns out to be “Your choice of captor?” Client-server lends itself to that, although we can work around its inequities with moves like the one proposed in the Research section above.

What if the only VRM implementations that succeed in the marketplace are silo’d and non-substitutable ones? To some degree, that’s what we have with Uber and Lyft. While they are substitutable (as two apps on one phone), we don’t yet have a way to intentcast to multiple ride sharing providers at once, or to keep data that applies to both. Maybe we will in the long run, but so far we don’t.

Apple may be VRooMy with HealthKit and HomeKit, but both still operate within Apples silo. You won’t be able to use them on Android (far as I know, anyway).

And what if the Internet of Things turns out to be a world of silos as well? This too is the default, so far. Phil Windley mocks the Apple of Things and the Google of Things by calling both The Compuserve of Things — and making the case for substitutablility as well.

And what if customers just don’t care? This too is the default: the body at rest that tends to stay at rest. For VRM to fully happen, the whole body needs to be in motion — to move from one Newtonian state to another. It’s doing that in places, but not across the board.

Finally, what if we succeed? VRM is about making a paradigm shift happen. So was  Cluetrain before it. On the plus side, the Net itself lays the infrastructural groundwork for that shift. But the rest is up to us.

Whether we  fail or succeed (or both), there will be plenty to study. And that’s been the idea from the start too.


* Disclosures: I was paid modest sums as a fellow early on, but otherwise have received no compensation from the Berkman Center. I make my living as a speaker, writer and consultant. I have consulted a number of companies listed on the ProjectVRM development work page, and am on the boards of two start-ups: Qredo in the U.K. and Flamingo in Australia. In my work for them my main goal is to see VRM succeed, and I don’t play favorites in competition between VRM companies.

Good news for VRM and financial transactions

FinTPTomorrow, 24 January, is code launch day for FinTP, described by its parent, Allevo, as “the first open source application for financial transactions.” The code is being released under the GPL v3 license on Github.

FinTP’s development is intended, among other things, to support VRM product and service development. This began in 2011, when Allevo folks discovered that VRM developers were collaborating with SWIFT‘s Innotribe on what would become the Digital Asset Grid (described as “a new infrastructure providing a platform for secure, authorised peer to peer data sharing between known, trusted people, businesses and devices”).

Since FinTP is open source, VRM developers — especially those dealing with financial transactions (and there are many) — should check it out and consider getting involved as well. (On my own wish list: EmanciPay.)  The FinTP community is FINkers United, and looks like this:

FinTP community

Read more at the Allevo blog.

By the way, SWIFT has an annual Startup Challenge it would be wise for VRM developers to check out — especially those dealing with banking and financial transactions.



Driving VRM with car data and APIs

Go read OnStar gives Volt owners what they want: their data, in the cloud, by Sean Gallagher, in Ars Technica. It’s a VRM story. The vendor is Chevrolet, the vended product is the Volt, and the relationship management is a DIY hack by one customer. The story begins,

You probably don’t think of your car as a developer platform, but Mike Rosack did. A few days after buying his Chevy Volt, Rosack started slowly mining his driving data. But he eventually revved up his efforts and created a community platform for drivers to track their own efficiency. Today more than 1,800 Volt owners compare stats with each other, jockeying for position on Rosack’s Volt Stats leader board.

volt dash with r-buttonThe Volt uses OnStar, a GM subsidiary known through its advertising for providing a way for drivers to call for roadside assistance; but which is actually a sophisticated cell-based data system through which cars communicate constantly with the mother ship’s cloud. While OnStar generously shares data back to customers through an app called RemoteLink, much more can be done with it, since it’s data and comes out through an API. Now here is where the story gets VRooMy:

Rosack initially wanted to do more with his own driving data than just view it on his phone. So he built what eventually became Volt Stats to capture this data, then started sharing it with other Volt owners. There was just one small problem: Volt Stats relied on Rosack’s reverse engineering of an interface for OnStar’s RemoteLink mobile application (iOS and Android). When OnStar moved to shut down the Web services interface Rosack had plugged into in mid-October, Volt Stats arrived at a screeching halt.

Rather than leaving Volt Stats stalled on the roadside, GM and OnStar accelerated efforts to give developers a new public Web API to create services on top of OnStar data. The companies even worked with Rosack to get him onboard and get Volt Stats re-launched. Now, Volt Stats is back online and other would-be car data hackers will soon be able to connect their Web applications to GM owners’ vehicle data (provided, of course, that they have privacy policies that meet with the approval of GM and OnStar lawyers).

OnStar had already developed an API for GM partners such as the car-sharing service RelayRides, who need to get access to some of the remote control and telematics elements of the service. But this new interface takes advantage of technologies such as OAuth and JAX-RS and it’s a step toward turning OnStar into a broader platform for the “Internet of things.” It’s also a way to give car enthusiasts a new kind of access to something they’ve always thought of as their own—their cars’ data.

Now come the VRM questions:

  • Where and how might customers store that data? Are current PDS (personal data stores) compatible and ready for it?
  • How might customers use that data — especially outside and between multiple vendors’ apps, APIs and relationship silos?
  • Might we see an  ⊂ (r-button) on the dashboards of car? How might that work? And if it does, how do we make it standard?
  • What usage and new market-driving scenarios might we start to imagine here?
  • How might customers assert their own privacy policies and terms as demand begins to drive supply?
  • What other interfaces do cars have that might be brought into the picture?
  • How can what happens here model what we do with the rest of the “Internet of things?”
  • What are the meshy wireless things we can do among ourselves and our cars, outside any vendor’s box? (Would love Robin Chase‘s thinking here.)

These are questions especially for VRM developers. Look for answers (and more questions) here and on various blogs.

VRM happenings in the U.K.

The tweets have been rolling in…

Identity Assurance: Mydex’s unique contribution. An interview with @dejalexander @MydexCIC …

@321CtrlShift interview with my colleague @dejalexander on @MydexCIC and #IDAssurance  #VRM

Very thoughtful @SimonTucker blog post about today’s DWP announcement  #IDAssurance #VRM


For those who wondered how #VRM would first break in the popular press:  #DailyMirror #Midata #CtrlShift

So let’s unpack those.

First, the DWP (Department for Work and Pensions) announcement. What Mydex and others will provide is online identity assurance. (Note: not “providing” an identity.) To explain, gives us Online identity scheme providers selected to design new DWP framework for verifying claims by benefits seekers.

This is one step in a march of reform led by the U.K. government, and moving in a generally VRooMy direction through the Midata program. Here are some links, starting in late 2011, and listed roughly chronologically:

The piece in the Mirror focuses on health and retail discounts. VRM is much broader than that, but it’s a good start.

[Later…] More below, from William Heath.

Your actual wallet vs./+ Google’s and Apple’s

Now comes news that Apple has been granted a patent for the iWallet. Here’s one image among many at that last link:


Note the use of the term “rules.” Keep that word in mind. It is a Good Word.

Now look at this diagram from Phil Windley‘s Event Channels post:

event channels

Another term for personal event network is personal cloud. Phil visits this in An Operating System for Your Personal Cloud, where he says, “In contrast a personal event network is like an OS for your personal cloud. You can install apps to customize it for your purpose, it canstore and manage your personal data, and it provides generalized services through APIsthat any app can take advantage of.” One of Phil’s inventions is the Kinetic Rules Language, or KRL, and the rules engine for executing those rules, in real time. Both are open source. Using KRL you (or a programmer working for you, perhaps at a fourth party working on your behalf, can write the logic for connecting many different kinds of events on the Live Web, as Phil describes here).

What matters here is that you write your own rules. It’s your life, your relationships and your data. Yes, there are many relationships, but you’re in charge of your own stuff, and your own ends of those relationships. And you operate as  free, independent and sovereign human being. Not as a “user” inside a walled garden, where the closest thing you can get to a free market is “your choice of captor.”

Underneath your personal cloud is your personal data store (MyDex, et. al.), service (Higgins), locker (Locker Project / Singly), or vault ( Doesn’t matter what you call it, as long as it’s yours, and you can move the data from one of these things into another, if you like, compliant with the principles Joe Andrieu lays out in his posts on data portability, transparency, self-hosting and service endpoint portability.

Into that personal cloud you should also be able to pull in, say, fitness data from Digifit and social data from any number of services, as Singly demonstrates in its App Gallery. One of those is Excessive Mapper, which pulls together checkins with Foursquare, Facebook and Twitter. I only check in with Foursquare, which gives me this (for the U.S. at least):

Excessive Mapper

The thing is, your personal cloud should be yours, not somebody else’s. It should contain your data assets. The valuable nature of personal data is what got the World Economic Forum to consider personal data an asset class of its own. To help manage this asset class (which has enormous use value, and not just sale value), a number of us (listed by Tony Fish in his post on the matter) spec’d out the Digital Asset Grid, or DAG…


… which was developed with Peter Vander Auwera and other good folks at SWIFT (and continues to evolve).

There are more pieces than that, but I want to bring this back around to where your wallet lives, in your purse or your back pocket.

Wallets are personal. They are yours. They are not Apple’s or Google’s or Microsoft’s, or any other company’s, although they contain rectangles representing relationships with various companies and organizations:

Still, the container you carry them in — your wallet — is yours. It isn’t somebody else’s.

But it’s clear, from Apple’s iWallet patent, that they want to own a thing called a wallet that lives in your phone. Does Google Wallet intend to be the same kind of thing? One might say yes, but it’s not yet clear. When Google Wallet appeared on the development horizon last May, I wrote Google Wallet and VRM. In August, when flames rose around “real names” and Google +, I wrote Circling Around Your Wallet, expanding on some of the same points.

What I still hope is that Google will want its wallet to be as open as Android, and to differentiate their wallet from Apple’s through simple openness.  But, as Dave Winer said a few days ago

Big tech companies don’t trust users, small tech companies have no choice. This is why smaller companies, like Dropbox, tend to be forces against lock-in, and big tech companies try to lock users in.

Yet that wasn’t the idea behind Android, which is why I have a degree of hope for Google Wallet. I don’t know enough yet about Apple’s iWallet; but I think it’s a safe bet that Apple’s context will be calf-cow, the architecture I wrote about here and here. (In that architecture, you’re the calf, and Apple’s the cow.) Could also be that you will have multiple wallets and a way to unify them. In fact, that’s probably the way to bet.

So, in the meantime, we should continue working on writing our own rules for our own digital assets, building constructive infrastructure that will prove out in ways that require the digital wallet-makers to adapt rather than to control.

I also invite VRM and VRooMy developers to feed me other pieces that fit in the digital assets picture, and I’ll add them to this post.

GoDaddy VRooMed?

GoDaddy CEO Warren Adelman says “We listened to our customers. GoDaddy no longer supports SOPA.” (Here’s the GoDaddy blog post.)

Lauren Weinstein says that’s not the same as opposing SOPA: “they’re the same ethically vacuous firm as always, with their public facade changing like a chameleon, blowing in the wind of Internet public opinion.”

I still see it as a good sign when a company in a direct personal service business changes its mind because its customers made clear that change was required.

What I’d like to know now is what GoDaddy customers said to the company personally. (Not just that customers pulled their accounts in protest.) When I know that Warren Adelman and the company turned around because of direct personal pressure, in real conversation with paying customers who wished to remain so — and not just because of negative PR or customers bailing — then I’ll be glad to call it a full VRM move by customers.

Some links:

Circling Around Your Wallet

To get our heads all the way around Google+, it helps to remember Microsoft’s Hailstorm initiative from ten years ago. Think of Google+ as Hailstorm done right, or at least better. (That is, for Google.)


What Microsoft wanted with Hailstorm was less “social” than personal. (“Social” in 2001 was years away from getting buzzy.)  What Google wants with Google+ is very personal, or Google wouldn’t be so picky about the “real names” thing.

One difference from Hailstorm is that Google isn’t playing all its cards yet. Microsoft laid all theirs on the table with Hailstorm, and its identity service, Passport. What they wanted was to be the iDP, or IDentity Provider, for everybody. Is that what Google has in mind too? In 2005 John Battelle said Google was “angling to become the de facto marketplace for global commerce.” That might be a stretch, but it’s the vector that counts here, and Google+ points in that direction.

Let’s connect the dots.

  • Google’s “real names” policy (they actually say common names) for Google+ is freaking people out, sparking “nym wars“, on the other side of which are, Kathy Gill, Kevin MarksSkud (who unpacks the whole thing extensively) and many others. (Here’s the latest from Kaliya.)
  • Google+ has just started. The big type on the current index page says “A quick look at the first pieces of the project.” Brad Horowitz, who runs Google+, in an interview with Tim O’Reilly (Google’s main defender at this point) says the project is “unfinished”, in “limited field trial” and not “launch ready”, meaning some people aren’t being served, and getting going for others is still “hard”. Specifically, Google+ cannot serve “tranches” of users who, for example, a) work inside enterprises that “bet their businesses on Google”, b) are minors, c) are brands, and d) wish to use pseudonyms or otherwise uncommon names. (That last group includes many early adopters of Google+ who are now being rejected.)
  • The common names policy wasn’t there for Gmail or any (or many) of Google’s many other services. Why this one? An answer came from Eric Schmidt, who told Andy Carvin that Google+ was being built “primarily as an identity service.”
  • Google has many services, none of which are truly “finished,” and some of which are just getting started. On the finished end of that spectrum is Google Checkout. At just-started end is Google+. Not out yet but announced is Google Wallet. What matters is that they can all both iterate and connect.
  • Google makes most of its money from advertising. That’s different than being an “advertising company.” Google was launched as a search company, and found a way to make money through advertising. They surely wish to diversify their income streams. One way is to support actual commercial activities, at the point of engagement between buyer and seller: to support the Intention Economy that starts with buyer volition, and not just the Attention Economy of which advertising is a part. In other words, to work where the demand chain meets the supply chain.
  • The first source of revenue in markets is customers: ones that have real names on their drivers licenses and credit cards. Pseudonyms, handles and nicknames — such as IdentityWoman, @Skud, FactoryJoe and Doc — might appear on business cards, but not on the bank- or government-issued plastic cards in those folks’ wallets.
  • To Google, Twitter and Facebook, pseudonyms, handles and nicknames are for users. Real names, or common names, are for customers. And real names tend to be what we have on our credit cards and government-issued identification cards and documents, such as drivers licenses and passports. When a seller wishes to authenticate us, that’s what they ask for.
  • Note carefully: Most users don’t pay. All customers pay: that’s what makes them customers.
  • Facebook is already the de facto iDP for perhaps hundreds of millions of people. (Pete Touchner unpacks that nicely in a slide deck, especially starting here.) The ubiquitous Facebook Connect button testifies to that. (As does Marc Zuckerberg calling the name you use in Facebook “your online identity.” But…
  • Facebook Connect lacks infrastructural legs that Google can put under the market’s table — legs like Google Checkout, Android and Google Wallet, as well as Google’s own physical network, back-end processing power and engineering knowhow, spread across many more business and technical disciplines than Facebook can pull together.

Back in May, I posted Google’s Wallet and VRM here. In it I posed eleven reasons why Google Wallet is potentially a development of profound importance. Here’s one:

Reason #9: Now you can actually relate. When a customer has the ability to shop as well as to buy, right in his or her wallet — and to put shopping in the context of the rest of his or her life, which includes far more than shopping alone — retailers can discover advantages other than discounts, coupons and other gimmicks. Maybe you’ll buy from Store B because you like the people there better, because they’re more helpful in general, because they took your advice about something, or because they help your kid’s school. Many more factors can come into play.

Such as when your circles intersect.

The earliest thrust for Google Wallet has been NFC (Near Field Communication), for doing mobile payments. From a Google post back in May:

Because Google Wallet is a mobile app, it will do more than a regular wallet ever could. You’ll be able to store your credit cards, offers, loyalty cards and gift cards, but without the bulk. When you tap to pay, your phone will also automatically redeem offers and earn loyalty points for you. Someday, even things like boarding passes, tickets, ID and keys could be stored in Google Wallet.

At first, Google Wallet will support both Citi MasterCard and a Google Prepaid Card, which you’ll be able to fund with almost any payment card. From the outset, you’ll be able to tap your phone to pay wherever MasterCard PayPass is accepted. Google Wallet will also sync your Google Offers, which you’ll be able to redeem via NFC at participating SingleTap™ merchants, or by showing the barcode as you check out. Many merchants are working to integrate their offers and loyalty programs with Google Wallet.

With Google Wallet, we’re building an open commerce ecosystem, and we’re planning to develop APIs that will enable integration with numerous partners. In the beginning, Google Wallet will be compatible with Nexus S 4G by Google, available on Sprint. Over time, we plan on expanding support to more phones.

Two months after that, in July, Google acquired punchd, “a better solution for loyalty cards”. (More here.) And now it seems that one of the first retailers with the NFC devices required at checkout is going to be Radio Shack. (Google’s list of signed-up “single tap™” partners is quite long.)

Pause now to think about supply and demand.

Most of Google’s commercial work so far has been on the market’s supply side, especially with advertising. (Nearly all their customers are sellers, not buyers.) Google Wallet, however, works on the demand side, because it goes on your phone, which lives in your pocket or your purse.

Your electronic wallet is the point of contact between your demand chain and the sellers’ supply chain. With electronic wallets, we get many new ways for these two to dance. And, therefore, many more commercial opportunities.

Wallets are also instruments of independence. (As are, say, cars.) As the Intention Economy grows (and electronic wallets will help with that), so must the things we as individual customers can do with them — and behind them, back up our demand chain, in our personal data stores. This is where we need to be the point of integration for our own data, which should include data collected by and about us.

Don’t think about how and why we should sell our data, especially to marketing’s guesswork mills (of which Google is the largest). Think about what services we might buy, to help us apply intelligence to the use of our data.

Think about new and different ways in which we might save and spend our money — ways that have nothing to do with today’s defaulted vendor-run gimmicks (loyalty cards, “sales,” coupons, “rewards”…) meant to trap us, herd us and shake us down for more money. Think about having more control over how, why, and where we spend (or actually save — as in a bank) our money. That’s what we start to see when we think about electronic Wallets beyond the near horizons of point-of-sale connections and better come-ons from sellers. That’s what Google will start to see when they start talking with us, and not just with big companies looking for more and better ways to sell.

If our electronic wallets are to become instruments of independence, we need a choice of interchangeable ones that work the same with every seller — much as we have a choice of cars that work the same way with every driveway, highway, gas station and parking lot. This means Google’s can’t be the only wallet. (I’m sure they know and welcome that.)

Presumably, Google Wallet will be open source. In fact, that would be a good way to fight Isisa new competitor to Google Wallet, funded by AT&T, Verizon and T-Mobile — and whatever Apple comes up with if it wishes to fight Google Wallet and/or Isis. Says Mashable (at that last link), “Isis was born last year, and aside from allowing mobile payments, it’ll also give you the ability to redeem coupons via their mobile payment service. It’s planned to debut in several unnamed major cities next year and will monetize by charging marketers a fee for sending offers to consumers’ phones.”

Earth to Big Boys: We’ll pay for value, including services that make our wallets serve us, and not just the marketing mills of the world.

When we have full independence, we will also have the ability to engage as equals in agreements and contracts. The legal dance online will need to resemble the legal dance offline, which is in the background. In the same way that we don’t need to “accept” a written “agreement” to enter and shop at most stores in the physical world, we shouldn’t need to do the same online. We should be able to bring agreeable terms with us, match them with those of sellers, electronically, without the intervention of lawyers or forms to sign, and do business. In other words, freedom of contract needs to obsolete contracts of adhesion, and the calf-cow system of asymmetrical non-relationships we’ve had online since the dawn of the cookie.

Listening to Brad Horowitz talk with Tim O’Reilly, I sense that Google is also tired of the old cookie-based paradigm of e-commerce. Helping make the customer independent, starting with his or her own wallet, is a great way to start breaking that paradigm.

The problem, as Google is discovering though the “nym wars”, is identity. People take that one personally.

To get a better angle on the issue, let’s look more closely at Microsoft’s Hailstorm. Here’s what I wrote about it at the time. Here’s a much longer piece by Clay Shirky, also from back then.

Microsoft saw Hailstorm as (among other things) a way to compete with AOL, which was the Facebook of its time. Hailstorm’s main feature was Passport: a then-new single-sign-on authentication service. The idea was to have Passport login buttons appear everywhere, like Facebook buttons do now (though far less securely than Passport, which didn’t spill your social guts by default). Such buttons provided Single Sign-On, or SSO.

Joe Wilcox’ unpacked Hailstorm and Passport in March 2001 for CNET. An excerpt:

HailStorm is a group of services, using Microsoft’s Passport authentication technology, meant to provide secure access to e-mail, address lists and other personal data from virtually anywhere via PCs, cell phones and PDAs (personal digital assistants). The catch? Users of the services will be required to pay a fee to use them. Analysts said that if the HailStorm model is widely adopted–and if people will pay a premium for security–the days of ad-subsidized Internet services, such as free e-mail and messaging, may be over.

“HailStorm is absolutely the test of can you make money on the Web,” saidGartner analyst Chris LeTocq. “But to get there, you have to offer people something they are willing to pay for. That will be the test for Microsoft.”

Microsoft executives are confident that the time is right for HailStorm. “There’s been a lot of stuff (on the Internet) in the last couple of years that was free and interesting, but people weren’t actually willing to pay for it,” said Charles Fitzgerald, director of business development in Microsoft’s platform strategy group. “We want to pursue a model that lets us deliver a lot more value in an economic fashion so that we all can get paid every two weeks like we’re used to.”

One big difference: Google isn’t looking to make money with fees here. In fact they say clearly that they are not. But Google is looking to make money their old-fashioned way, which is with “second and third order effects” that will manifest in due time.

Here’s what’s the same: Passport was an identity service. Which Eric Schmidt says Google+ is now.

Microsoft failed because they thought their platform (Window plus .Net) was bigger than the Net and the Web. (In the now-gone Hailstorm white paper, they talked about “moving the Web” in a new direction.) Google knows better.

Still, the game is the same. That game is turning users into customers.

In competitive terms, Facebook and Google will both have users. But Google will have the customers — even if they’re not customers of Google’s services directly. Google will be helping customers use their wallets, while Facebook will be stuck at SSO.

But Google vs. Facebook, or anybody vs. anybody, is the wrong way to look at the market opportunities opening up in the Intention Economy. Because the Intention Economy isn’t a supply-side game. It’s a demand-side game. The slate is fresh, but not blank. Two groups are already there:

  1. VRM developers, working to equip customers with tools of both independence and engagement. (Automobiles, rather than seats on railroad cars.)
  2. Fourth parties, working on behalf of customers, helping them build out their personal demand chains. These can include any service company an individual employs — that is, pays, to help work with the third and second parties of the world (numbered from the customer perspective). We’re talking here about banks, insurance companies and anything called an agency, plus all the new companies coming into the personal services and personal data store businesses. These might include parties the individual doesn’t pay, but that clearly are in business mainly to help individuals (first parties) rather than second and third parties. That qualifies Google, should they wish to join.

There is a lot happening with VRM here that we’re not ready to talk about yet. (No, none of it involves Google Wallet, at least not yet.) But demand chain (Craig Burton‘s term) hints strongly at where we’re going.

Investors take note.

Older posts

© 2015 ProjectVRM

Theme by Anders NorenUp ↑