“Your Choice of Captor”—an Excerpt from The Intention Economy

Doc Searls

Issue #220, August 2012

“Find out just what any people will quietly submit to and you have the exact measure of the injustice and wrong which will be imposed on them.”—Frederick Douglass

“The term 'client-server' was invented because we didn't want to call it 'master-slave'.”—Craig Burton

The Argument

The World Wide Web has become a World Wide Ranch, where we serve as calves to Web sites' cows, which feed us milk and cookies.

Wholly cow

The Internet and the Web are not the same things. The Internet is a collection of disparate networks whose differences are transcended by protocols that put every end at zero functional distance from every other end. The World Wide Web is one application that runs on the Internet. Others include e-mail, messaging, file transfer, chat and newsgroups, to name just a few. But the World Wide Web is the big one—so big that we tend to assume it's the whole thing, especially since the Web is where we spend most of our time online and when it has absorbed so many other formerly separate activities. E-mailing, for example.

Sir Tim Berners-Lee, who invented the Web in 1989, later said it aspired to be “a universal linked information system, in which generality and portability are more important than fancy graphics techniques and complex extra facilities. The aim would be to allow a place to be found for any information or reference which one felt was important, and a way of finding it afterwards.” He did not intend to create a vast online shopping mall, an industrial park of advertising mills, or home to a billion-member “social network” owned by one company. But that's what the Web is today. True, somewhere in the midst of all that other stuff, you can still find the simple, linked collection of documents that Sir Tim meant for the Web to be in the first place. But that collection is getting harder and harder to find, mostly because there's no money in it.

Thus, the Web we know today is largely the commercial one that appeared in 1995, when Netscape and Microsoft created the first retailing Web servers along with the first widely used Web browsers. The commercial Web's early retailing successes—notably Amazon and eBay—remain sturdy exemplars of selling online done well. A key to their continued success is personalization, made possible by something called the cookie: a small text file, placed in your browser by the Web site, containing information to help you and the site remember where you were the last time you visited.

Those ur-cookies have since evolved (among other things) into breeds of Trojan marketing files. Variously called “Flash cookies” (based on Adobe's proprietary Flash technology), “tracking bugs”, “beacons”, and other names, they track your activities as you go about your business on the Web, reporting back what they've found to one or more among thousands of advertising companies, most of which you've never heard of (but some of which we visited in the last chapter).

The online advertising business says the purpose of these tracking methods is to raise the quality of the advertising you get. But most of us care less about that than we do about being followed by companies and processes we don't know and wouldn't like if we did.

While much complaining is correctly addressed to the creepy excesses of the online advertising business, little attention has been paid to the underlying problem, which is the design of the commercial Web itself. That design is client-server, which might also be called calf-cow. Clients are the calves. Servers are the cows. Today, there are billions of commercial cows, each mixing invisible cookies into the milk they feed to visiting calves.

Client-server by design is submissive-dominant, meaning it puts servers in the position of full responsibility for defining relationships and maintaining details about those relationships. And, since this is all we've known since 1995, most of the “solutions” we've come up with are more sites and site-based services. In other words, better cows.

What are your names?

Back before computing got personal, and all the computing that mattered was done in enterprises, one of the biggest problems was a proliferation of namespaces. (In technical terms, a namespace is an identifier or a directory for them.) Different software systems each had their own namespaces. For the enterprise, this meant an employee, or information about an employee, might be known by different names and attributes, within each of the separate software systems used in human resources, marketing, sales, accounting, and so on. For an employee, this meant maintaining up to dozens of different logins and passwords. For the HR and IT departments, it meant integration hell, or the impossibility of any integration at all. To this day, the namespace problem is one of the most vexing in all of enterprise computing.

Out on the Web, that's solved for sellers, because each tends to have one customer-facing system. But for us customers, it's still a mess, because the old corporate namespace problem is now ours, multiplied by the number of relationships we have on the Web. Thus, we are required to keep track of as many different logins and passwords as there are Web sites. This makes the problem as big as the sum of all Web sites. At last count (as I write this), there are over 200 million registered domains, about half of which have the commercial .com suffix. Since some domains have many retail sites (eBay and Etsy, for example), the total number of commercial sites is much higher. Search for “privacy policy” and Google will tell you it appears on more than a billion Web pages. Even if one login and password might get you to all of eBay and Etsy, we are still talking about hundreds of login-password combinations. Enterprises don't care, because it's not their problem. They care only about their relationship with you. Not about your relationships with every other company. That leaves you and me with an umpty-million (or -billion) namespace problem.

Login rolling

There are partial workarounds. You can set up browsers to automatically fill out forms and auto-complete commonly typed strings of words and numbers. There are programs that remember passwords for you. But the most popular “single sign-on” (SSO) methods are provided by grace of your relationship with Facebook, Google, Twitter, or Yahoo. Those ubiquitous “Connect with Facebook” buttons, for example, are the user-facing side of a program called Facebook Connect.

When Facebook announced Facebook Connect in December 2008, Mark Zuckerberg wrote this in the company blog [blog.facebook.com/blog.php?post=41735647130]:

Over the summer we announced [blog.facebook.com/blog.php?post=24577977130] an extension of the Facebook Platform called Facebook Connect [www.facebook.com/help/?page=229348490415842]. Facebook Connect makes it easier for you to take your online identity with you all over the Web, share what you do online with your friends and stay updated on what they're doing. You won't have to create separate accounts for every website, just use your Facebook login wherever Connect is available.

To call your Facebook identity your “online identity” is delusional as well as presumptuous, because none of us interact only with Facebook on the Web. But that by itself isn't the only problem. The larger problem with Facebook Connect is unintended data spillage. For example, what if you don't want to share “what you do online with friends”, or if you think you're just taking Facebook's shortcut when you log in for the first time at some other site? In other words, what if you only want Facebook Connect to be what it presents itself as: a simple login option for you at another site—with no “social”. Or, if you do want to be “social”, how about being selective about what Facebook data you're willing to share—exposing some data to some sites and different data (or no data at all) to other sites? In other words, what if your “privacy preferences” aren't just the one-set-fits-all selections you've made at Facebook?

The site I Shared What?!? [ISharedWhat.com], created by VRM developer Joe Andrieu, does an excellent job of simulating what you reveal about yourself and others when you use Facebook Connect. Here's what it just told me:

You've just shared: your basic details, your news feed, your friends on Facebook, the activities listed on your profile, the interests listed on your profile, music listed on your profile, books listed on your profile, movies listed on your profile, television shows listed on your profile, all the pages you have “liked”, your shared links.

That's after I jiggered my privacy settings in Facebook to reveal as little as possible. The results were the same both times, before and after. I'm no dummy, but—as of this writing—I have no idea how to keep from spilling rivers of personal data when using Facebook Connect. So I just avoid it.

But I'm the exception. As of December 2010, a quarter-billion people were logging into 2 million Web sites using Facebook Connect, with 10,000 more Web sites being added every day.

Privacy is the marquee issue here, but the deeper problem is control. Right now you don't have much control over your identity on the Web. Kim Cameron, father of the cross-platform Identity Metasystem when he was an Architect at Microsoft, says [www.identityblog.com/?p=838] your “natural identity”—who you are and how you wish to be known to others—gets no respect on the commercial Web. Every cow thinks you are its calf, “branded” almost literally. In the World Wide Dairy, all of us walk around with a brand for every Web site that gives us milk and cookies. Our virtual hides are crowded with more logos than a NASCAR racer.

Who you are to the other cows is not of much interest to any one cow, unless they “federate” your identity with other cows. Think of federation as “large companies having safe sex with customer data”. That's what I called it in a keynote I gave at Digital ID World in the early 2000s. It still applies.

Tough teats

A similar problem comes up when you have multiple accounts with one site or service, and therefore multiple namespaces, each with its own login and password. For example, I use four different Flickr accounts, each with its own photo directory:

The first is mine alone. The second I share with other people at Linux Journal. The third I share with other people at the Berkman Center. The fourth I share with other people who also write for the same blog.

Flickr in each case calls me by the second person singular “you” and does not federate the four. To them, I am four different individuals: one cow, four calves. (Never mind that three of those sites have many people uploading pictures, each pretending to be the same calf.) My only choice for dealing with this absurdity is deciding which kind of four-headed calf I wish to be. Either I use one browser with four different logins and passwords, or I use four different browsers, each with its own jar of cookies. Both choices are awful, but I have to choose one. So I take the second option and use one browser per account—on just one laptop. When I use other laptops, or my iPhone, my Android, or the family Nokia N900, an iPod Touch, or an iPad, I'm usually the first kind of calf, using one browser to log in and log out every time I post pictures to a different account. Which I mostly don't do at all, because it's one big pain in my many asses.

Crazy as all this is, it hardly matters from the cow side of the cow-calf relationship. In fact, the condition is generally considered desirable. After all, the World Wide Ranch is a real marketplace: one where cows compete for calves. Hey, what could be more natural?

The media, even online, are no help either. Business publications, both online and off, love to cover what I call “vendor sports”, in which customers are prizes for corporate trophy cases. That's why business writers often regard “owning” customers as a desirable thing. For example, in “Rim, Carriers Fight Over Digital Wallet”, from the March 18, 2011, Wall Street Journal, Phred Dvorak and Stuart Weinberg write, “RIM and carriers like Rogers Communications Inc. in Canada, and AT&T Inc. and T-Mobile in the U.S., disagree over exactly where on the phone the credentials should reside—and thus who will control the customers, revenue and applications that grow out of mobile payments.” The italics are mine.

In the dairy farm model of the marketplace, captive customers are more valuable than free ones. Since this has been an ethos of mass marketing for a century and a half, the milk-and-cookies system of customer control has proven appealing to businesses outside the online world as well as within it. As of today, both worlds are worse off for it as well.

So, then

For free markets to mean more than “your choice of captor”, we need new systems that operate on the principle that free customers are more valuable—to both sellers and themselves—than captive ones. Improving slavery does not make people free. We need full emancipation. That's the only way we'll get free markets worthy of the name.