Katherine Druckman (10s):
Welcome back to reality. 2.0, I am Katherine. Druckman joining me as always is Doc Searles. Today we have two very special guests. One of them is Sean Powers, who I'm sure you've heard before on our show and elsewhere. And the other is Don Marti, who is another returning guest. Don is, well, I'm not sure how we should introduce you. You very man of many talents. You are, in fact, one time, the editor of Linux journal, you were also with Mozilla in the past, you would have been involved in a lot of interesting privacy initiatives, but we can get into that a little bit later if you want to introduce yourself a little more. And today we're talking about some issues surrounding privacy and regulation.

Katherine Druckman (50s):
And with that, I will pass it to Doc and let him get us started.

Doc Searls (53s):
Yeah, I I'll just start by saying that this is, this is once again, as it is every week, the Linux journal in exile, It really is. I mean, it's, there's, there's a, Don was I think the best editor in chief we ever had at Lennox journal. He was fantastic. And I anyway, but the, just to a little bit of history, we, this is my case in the absence of any of enough tech on our side that gave us privacy. We've come to depend on regulation to give us some of that or at least try.

Doc Searls (1m 34s):
And that got brought us the GDPR in Europe in, in 2018 or enforceable at 2018 on our anniversary, by the way, May 25th, 2018. And that's my wife and my anniversary, by the way. And then, and then later the CCPA in California, which gave California residents something that says, say, you can opt out of having your data sold. And that was suddenly, lots of lawyers got employed in California and that law got enlarged a bit with a proposition last year and further lawmaking. The Don knows more about than anybody I know there may be more than people that know more than he does, but operatively speaking, that Don has worked quotable and deep thinking on the subject than anybody else.

Doc Searls (2m 20s):
So, so give us, your friend, has son this done and tell us where, where you think we're at with it? Well, I think I'm the only person I know who uses the CCPA shell command. So if I see a company that I'm not sure about what they're doing with my personal information, I can just say CCPA and then type in their privacy address. And it'll send out a pretty long generic boiler plate letter that I've been working on. My standard, my standard opt-out actually covers the European union,

Don Marti (3m 1s):
California and Kenya, although I can probably stick another couple on there. So for most people though, who haven't taken the time to set up a system for doing opt-outs, that can really be a time suck. So regulation is part of the puzzle, but once you have a legal and regulatory framework in place, there's still a bunch of software development remaining to be done, to make sure that that companies are really reflecting what people want to have done with their personal info.

Shawn Powers (3m 50s):
Can I interject really quick? That, that my part in, in this today will largely be the point of devil's advocate one, because I'm not an expert on the topic, but I've had a lot of experience with frustrations with, with dealing with the, the privacy issues. So I, Catherine's probably gonna edit this part out when I say like, I'm all in favor of privacy and having control over your stuff, she'll edit that out. So I just sound like a guy who wants to give everybody my data or whatever. No, but yeah. So I just want to preface whatever I say from here on out with the idea that there are some frustrations with like the GDPR that I hope that it's the kind of thing that I don't know.

Shawn Powers (4m 34s):
I'll, I'll let it go from there, but just so you know, when I say stuff in the future in this podcast, I'm not anti privacy.

Don Marti (4m 42s):
Yeah. It's all too good. It's too good. Yeah. I think it's, I think it's important to look back at a law that passed in the USA that was not related to privacy or personal data at all. It was a law called the resource conservation and recovery act. And it has to do with a bunch of forms and reports that companies have to turn in to the EPA when they have hazardous materials on the premises.

Don Marti (5m 24s):
And back when Rick Ross came out, people were, were complaining. This thing is imposing so much of a paperwork burden on us. It's so much of a hassle, the cost to all these regular companies of complying with this law are going to be really great. We're going to have, we're going to have to spend so much time on paperwork that we're not going to be able to make anything or sell anything. And what we ended up seeing with Rick rhe is kind of the, the great cleanup of marginal hazardous materials.

Don Marti (6m 8s):
It turned out that there was a bunch of stuff kind of lying around in the back of various businesses that wasn't really doing them that much good, but just creating some little extra hazmat risk. So instead of having to turn in all the paperwork for dealing with a bottle of some stuff, you rarely use a company's made the choice to, to do some, some cleanup and reorganization. So the cost of complying with Rick grow was, was never as great as the most pessimistic businesses made it out to be.

Doc Searls (6m 58s):
So, so, so then what we're proposing is that, but by you sending your long form to everybody, when you hit your CCPA shell command, that's kind of one of the ways that it, that the cost of the cost of collecting and keeping data or in the CCPA terms, putting yourself as a company, a position to sell it is exceeded by the cost of compliance, basically. Yeah.

Don Marti (7m 26s):
Yeah. Every, every marketing budget has different areas that you can, that you can sink your money into. And some of those areas present a greater privacy risk, and some of them are less costly in terms of privacy risk and what we've seen. And, and doc, I know you and I have talked about this subject before on other podcasts is that some of the uses of marketing money that present relatively little privacy risk are also those that result in supporting some kind of ad supported content or other resource.

Don Marti (8m 25s):
So the less money that flows into tracking the more is available for content creation. Now, obviously there's gotta be enough information about the audience that's being reached for that marketing budget line item to justify itself. But once there's a, a shift in the balance of marketing budgeting to avoid some of those privacy risks and compliance costs, then you end up with more of that budget being available for new content and, and even other ad supported resources like bus benches.

Doc Searls (9m 21s):
Yeah. And I mean, it's, it's like I, I wrote a piece called separating advertising, Sweden chaff, which was totally informed by the work you did for me. And way back when, when I was writing the intention economy and, and the schooling me on the fact that plain old brand advertising, which, you know, it starts with, you got to know your audiences, okay. I'm in the sports section because I want to reach the sports fans for example, or if him in the fashions is in, in, in the lifestyle section, say of a newspaper in old terms, but that, but that's at every brand name known to the world was made that way.

Doc Searls (10m 3s):
It's made with the bus cards it's made with, with a brand advertising and television, none of which has tracking based. And in fact has no cognitive overload on it. You know, where it's coming from, you know, how it got there, you know, what it's doing there. And it makes the brands and it supports journalism and it supports content development, whereas direct marketing, which is basically what tracking based advertising is trying to do. It's called advertising. It looks like advertising, but in fact, because it's aimed at people personally, or as personally, as they can make, it is actually a different breed of animal. And it's, it isn't so much, we want to get rid of direct marketing as long as it's permitted, but having to opt out of it on a case by case basis is pretty labor intensive.

Don Marti (10m 45s):
Yeah. And that's, that's one of the positive aspects of the California consumer privacy act is that it recognizes the time burden on individuals, of dealing with individual privacy decisions. And CCPA has two good features to it that, that make it more practical for somebody like me to use than some of the other proposed state privacy laws. And those two features are global privacy controls and authorized agents and global privacy controls.

Don Marti (11m 34s):
If you go to global privacy control.org, it's a very simple signal that you can ask your browser to send to in effect, pre-check all those CCPA opt outs for you and authorized agent authorized agent is a service that you can sign up for. And that service will then go around to the various companies that might be trading in your data and apply that opt out on your behalf. So they're kind of, they're kind of complimentary tools.

Don Marti (12m 15s):
The global privacy control gets websites that you actually visit or log into. And the authorized agent gets some of those companies in the background that you don't have a direct connection to, but they know who you are.

Doc Searls (12m 33s):
So when I look up authorized agents and CCPA, the top result, at least on my browser, this one time I tried it as Microsoft and Microsoft wants to be your authorization. I think, does that make sense? Is that I think it does.

Don Marti (12m 47s):
It's a tremendous opportunity for them. The, the authorized agent research project that, that we did at consumer reports, I did a project with them over the summer and in 2020.

Doc Searls (13m 4s):
And I got it. That was one of those. Yes,

Don Marti (13m 6s):
Yes. You were one of our, you were one of our test subjects. So we opted out of a few companies on, on your behalf. So the, the really interesting thing about that authorized agent project is we had a whole plan where we were going to send out multiple emails and reminders. We're going to hit various lists. And everyone who signed up to participate with consumer reports as a volunteer for, for whatever project, whether it's water quality or, or, or surveys. So we had this, this idea that we're going to get to send out mail to multiple lists and remind people multiple times.

Don Marti (13m 50s):
And we did one email to our first list and instantly filled up the entire study. So considered as a direct mail offer, authorized agents are incredibly appealing.

Shawn Powers (14m 11s):
What you're saying sounds like awesome. Like this is, this is going to be, you know, this is revolutionary and it should really change how we interact with the internet and how we interact with advertisers. But, but my experience is that if I, if I search or say depending on what, remind me of my house, all of the data that, you know, for companies where I am the product like Facebook, you know, the, the, I am the product, right? I mean, I'm, I'm, my data is what they, they make money from. It seems like regardless of how many rules and laws that are in place, either they aren't following the rules or they are getting around the rules by a technicality, or the rules are such that I have to do something that isn't clear to stop all of my data from being used.

Shawn Powers (15m 6s):
I mean, seriously, every website I go to is targeted ads. And maybe it is because the, the, the legal pieces there, but the rest of it isn't. So that, that's a frustration that I have. It seems like, like all of these privacy issues are in place, but they don't do anything. The other side of that though, is I work for a company where I make training and I want to hear feedback from our clients, right? I mean, these are paid clients. They're not, you know, the, the client isn't our product, or do we make a product? They buy the product, we had an interaction or an integration with Slack. You're probably familiar with Slack. And there was a third party company that was collecting feedback from our users.

Shawn Powers (15m 48s):
And there was an integration where though that feedback would come into a Slack channel. So me as a trainer, content creator could see that. And I would be able to either respond or at least see it and be able to change how I did contract because of GDPR. We had to disable that integration because for some reason, the third party company that was getting information, they didn't comply with something that allowed us to integrate and get that information. So all the, all we could get is somebody in the company got a, a sheet of information that was anonymized and stuff.

Shawn Powers (16m 30s):
And I get the point that, but the frustration is we lost a huge advantage and the people didn't have the opportunity to say, yes, I want the person to see this. They were making comments thinking, Sean's going to see this. And Sean couldn't see this because of the rules that were in place that we had to follow. We didn't have a choice. And yet, if, if I do a Google search for turtle, I'm going to get every kind of turtle based ad on every website, in every app, in my phone for months. So there's a frustration there. And I guess, what is the answer? Is, is it a lack of my ability to manage my privacy or, or what's, what's helped me help me will be one.

Don Marti (17m 13s):
All right, well, I'll be done. I guess I'll be done. I guess, I guess I come at it from the point of view of someone who was a Linux user in the late nineties, early two thousands. And I've come along with, I tried to hook up some piece of hardware and it say, this thing doesn't work on Linux. And so you have to kind of combine hardware, hacking and configuration and flipping dip switches and writing X for 86 mode lines and digging around and finding the right modem in it string to make your dial up connection a little bit faster.

Don Marti (17m 57s):
And I mean, I'd have, I'd have my, my screwdriver and my Linux reinstallation media out more often than I want to admit. And that's kind of that, that early days of Linux flavor is kind of where we are with privacy stuff now. So I will CCPA accompany and get back a message from them saying, well, actually we don't have your personal information. And then, so I have to go read the Facebook custom audiences documentation and find out, well, this is how you're supposed to hash somebody's email address to pass it through as a Facebook custom audience.

Don Marti (18m 47s):
And so this company that I'm trying to CCPA actually has the hashed value of my email address, not the original. And so I get it. I get into these, these 30 or 40 message email threads with people, and I've got, I've got enough material from individual CCPA requests to do an entire talk at a privacy conference. So the, the dorking around with privacy stuff is definitely at the early stages. And I, I know that as a dad, I'm allowed to use the expression.

Don Marti (19m 35s):
These kids today have it easy. But when I see these kids today with their Chromebooks who just open up this Linux laptop, and it does all the right stuff, and they've never had to even learn what a mode line is. Then that's where I anticipate that a lot of this privacy stuff is going to be within five or 10 years. So we're halfway there living on a prayer. And we are, we, we, we are at a phase where a lot of things, companies that kind of, that kind of got started as the tail end of the Linux and open source movement have turned into surveillance, marketing companies.

Don Marti (20m 25s):
So it's kind of a it's. I think of it as an opportunity for the next generation of companies to do to this generation of Linux nerds turned surveillance, marketers, what, what our generation did to the, the old MCs or whatever, whatever the previous generation of it was.

Shawn Powers (20m 55s):
So, so what do I do? I mean, not, not to put too fine of a point on it, but you know, what's my, what's my job. I'm, I'm a pretty nerdy guy, right?

Doc Searls (21m 2s):
I, I wanna, I wanted to just interject, sorry for a second. I want to get a fact finding thing with Don, Don and I both live in California. You're in Michigan, Catherine's in Texas. I believe because of VPN to other places that I'm not seeing the CCPA stuff. If I appear to become, if an IP address outside of California, meaning if that's the case, then what you need to do may not be what other people need to do, unless you would have VPN into California, Sean, but I don't know. What do you, what do you think done?

Don Marti (21m 31s):
Oh, I, I think that there's, there's some opportunity for people to, to set up their Euro Sona kind of like a first Sona, but for being European. So, so if you get, if you get a chance to go over to Europe, buy a burner SIM and make accounts on everything that you think you're going to need an account on. But the, the opportunity for somebody outside of California is a lot of it is organizing. So consumer reports has a publication out, which is the model privacy law.

Don Marti (22m 17s):
And some of the features that make CCPA practical to use in California are features that didn't make it into some of the, the other privacy laws coming along in different States. So if you get a chance to grab that model privacy law and get in touch with your state legislators and say, Hey, here's, here's a set of here. Here's a set of stuff that we know should work based on experience in California and elsewhere, then that'll help move your state further along.

Doc Searls (23m 9s):
Is this the consumer reports model, state privacy act you're talking about, that's it. Okay. I got it. Putting these things into the chat, which may make it onto the website.

Shawn Powers (23m 19s):
Okay. There we go. Awesome. Thank you.

Doc Searls (23m 24s):
Yeah, we liked that. Did that help you with what you're going to do, Sean? I'm sorry. I interrupted Catherine.

Shawn Powers (23m 29s):
Not, not, not terribly because I okay. Remember, I'm the devil's advocate here. When I open up Facebook this next time that I checked my messages or whatever I am, I am I supposed to do all of these things in order to make the experience different for everybody? Or is it my personal responsibility to try to stop my data from getting out and, and to be clear on that my data is out there, right? I mean, not only legally, is it out there? I'm sure. I mean, like I said, Facebook has it. Everybody has it, but I mean, data breach has come into this too. Right? There's a lot of shady actors that aren't going to follow the laws.

Shawn Powers (24m 10s):
And so, you know, I mean, my data is not private at this point. Anyway, it's hard to get passionate about privacy when everything is already out there and exposed. And it's like, yeah, I don't want this company to use my data. So I guess I want to know how to, how to stop them from using my data. But at the same time, they might actually be responsible with my data. Whereas, you know, the guy who harvested a data breach is going to do horrible things to me. And is it a terrible attitude to say, well, what does it matter anyway? Yeah, that's a terrible attitude. But at the same time, it's like, am I going to put so much effort into learning?

Shawn Powers (24m 52s):
What the consumer reports advocacy CCPA thing is when at the end of the day, I might make very little difference to my living experience. That's frustrating for me. Yeah.

Don Marti (25m 7s):
It makes it easier for you. Are

Shawn Powers (25m 8s):
You going to then adjust your behavior? I probably would, to be quite honest, if, if I knew exactly what to do, like remember the do not call lists that never really worked either because that only stopped people who followed the rules and you still get robocalls a thousand times a day. I filled out all those forms when there was a place I could go and put my number in for, you know, stopping those calls. I did it. I, I do want, and I desire my data to be my data. But if I'm going to put so much effort into it for no actual end of the day difference, it's, it feels like a waste of time. And that breaks my heart to say that, but I'm just trying to be realistic. Yeah.

Don Marti (25m 48s):
Realistically, there's no such thing as quote my data. And if, if you go to brunch and your friend's spouse, who's a big Instagram user brings a camera to brunch. You're probably not going to raise a big privacy nerds think, and congratulations, your face is all over the, the Facebook empire. Or if you have a relative who decides to use one of those DNAs services, congratulations, you already, Anna is in the system now, too. So people are social animals and we have family relationships with each other.

Don Marti (26m 31s):
We have social and friendship relationships with each other. We have business relationships with each other. There's no, my data, your data, pretty much every piece of data has one on one side and one person on the other side, at least. So when we, when we think about what are we going to do about protecting, protecting privacy? Yes. Part of what we can do is do the privacy nerd thing of building my own individual Linux box and tweaking it out. And part of it has to be in the, in, within a social space or a governance space.

Katherine Druckman (27m 22s):
So what would you recommend as sort of a middle ground? Like let's say, I just, I can't get there in terms of the level of effort, but you know, for, for, let's say your average, I don't know, even, you know, not a Linux user or a Mac user or, or whatnot, what sort of, what is your recommended setup for, in terms of browser extensions or tools, do you recommend everyone use toward you recommend privacy Badger or Ghostery or whatever else there is out there, or the duck duck go tools or any of that?

Don Marti (27m 54s):
Well, I think, I think Apple Safari has done a good job on default privacy settings to get a combination of settings that work for a regular user without having to dink around with them too much. So if you are a Mac user and Safari comes with your Mac anyway, then you're probably in pretty good shape using that one, the big area where you can have a lot of impact on personal privacy is which apps you install on your phone. And so because the native mobile platforms have not been as good historically with privacy protection as the web browser scene has been.

Don Marti (28m 49s):
I would, I would say if you must use Facebook or Instagram for business purposes or family members or whatever, then just use it from Safari. Don't have the app on your phone. That's, that's probably the biggest, the biggest step that most people can take.

Katherine Druckman (29m 11s):
That seems reasonable and easy to do. I think that's half the battle, right?

Don Marti (29m 15s):
Oh yeah. Yeah. Just, just go through your apps and if you don't, if you don't actually need them take that, take the app off your phone. Do you think all the legal legal responses in, in the GDPR is just the one that I remember the initials of? So I'm going to say that most often. And I also like peer reviewed of course, on, on it. So I I'm slightly familiar with it. Do you think that that is, is making a significant change

Shawn Powers (29m 42s):
In data privacy in general? Or is it, is it more the technology that we do, like not using apps and, you know, using the brave browser, whatever, whatever we want to do, do you think that that is going to impact the end user more? I mean, obviously it's a combination, but what significance are these laws versus taking it on, you know, on your own and, and taking responsibility for your own privacy using tools like you mentioned? Yeah,

Don Marti (30m 13s):
It's a two-sided approach. And on one side, the marketing business is trying to get people to change their behavior. We want you to buy a specific product is the common call to action. On the other side, people also have the ability to influence marketing and marketing is out there with stacks and stacks of money. And they can use that for sponsoring stuff you actually want to read, or they can use that in ways that don't benefit you or create risks for you.

Don Marti (30m 58s):
So as an individual, you have, you have some ability to change how those marketers approach the situation they're in and get them to reallocate in ways that are more constructive.

Doc Searls (31m 19s):
So I, I have a question. So, and, and you have been in a good position to answer this time. Safari has a method. When I look at the way Safari provides privacy, it's doing some kind of machine learning and other things like that. Whereas Firefox has his own system. Google with Chrome has his own kind of avoiding the whole problem system. You can use a privacy browser like app Baker tour, which have other protections, but have less functionality, but could you just, it seems to me in the long run, we're going to get to a point where there may be one more or less agreed upon an Orthodox way to do what probably brave Firefox and Safari are all trying to do in their separate different ways.

Doc Searls (32m 11s):
Do you want to contrast those a little bit and see it? And I just wondering if you think we end up in some sort of standardized way that they'll all do it.

Don Marti (32m 19s):
Yeah. I think, I think privacy, regulators and browser developers are all chasing a common goal that they, that nobody really has a complete understanding of. And that goal is how can we get our technology and our rules to best implement people's true preferences with what happens to personal information. And people don't know a lot about the details of what information goes, where, so where browsers are doing the most constructive steps is making it clear that a trust relationship and a, and an information sharing relationship go together.

Don Marti (33m 26s):
So if you go and visit your favorite news site, then at some point they will say logging in to keep reading. And that's a request by that site. Please give us a little bit of information about you so that we have a, a piece of information that we can use to show who our audience is. And this is the same thing that, that happens back in the day of print magazines. You'd fill out your subscription card and you'd say, all right, I'm going to send in a little bit of money to this magazine.

Don Marti (34m 8s):
And really what you're paying for is the printing and the postage. But the content in the magazine you can read is paid for by advertising. And those advertisers buy the ads based on knowing the audience that they reach. So people are used to that relationship of staying, Hey, here I am. This is, this is me. I want to read your stuff. I have enough trust in your site to fill out that subscription part. And, and the, the very promising directions of web advertising are in taking that, that trust relationship and making it smooth off and, and have a good user experience for, for readers who want to, who want to set up that relationship with the site they want to read.

Shawn Powers (35m 19s):
There are some, some issues. Okay. So for example, everybody will be familiar with the button that now pops up on every site that says, this site uses cookies. Are you okay with that? And if you click, no, then you can't stay logged into the site. You have to log in every time you go there and et cetera, et cetera. And if you say, yes, that's your only other option. So you're basically, I mean, we might as well, we don't know what we're saying yes. To like, what are these cookies doing? You know, it's not like it's not like every site gives you a list of, we can do this with it, and that it's either cookies or no cookies. And I'll be honest most of the time, like, I don't want to open up my password manager every time I come and check the weather or whatever it is.

Shawn Powers (36m 1s):
So I'm usually gonna accept those cookies. And so I think that's a direct reaction. I think it's actually my favorite set of initials for today. The GDPR right. Has required that sites tell you that they use cookies or something like that. And so, but that's fairly new, but has it really changed? Do you think that that requirement has changed how the web works in a privacy protecting way?

Don Marti (36m 26s):
Well, here's the, here's the F the web experience that I had last week that I thought was really interesting. I, I, somebody sent me a link to a site and I opened it on my phone. So of course, all these dialogues are going to cover up, basically the entire screen. And first dialogue says, this site uses cookies, please consent to this GDPR stuff. And so I clicked to consent. Then there's another, another dialogue it says, this site wants to send you notifications. Do you want notifications from the site? And since it was literally the very first time I'd ever gotten a link to the site, I obviously clicked, no, I have no idea what I'm about to read.

Don Marti (37m 16s):
Then it says, subscribe to our newsletter to get updates. Again, very first visit to this site. I don't know what's going to be in their newsletter. So I denied the newsletter. Finally, I get past all of these layers of JavaScript created dialogues to the actual HTML page. And it says, this article is for our paying subscribers. So right now we've got stacks of miscellaneous dialogues and permissions that are being spewed out at people very early in the process of engaging with the site and not yet tuned to help establish that trust relationship or to benefit from that trust relationship when it happens.

Don Marti (38m 18s):
So there's absolutely no reason why I should have to have a separate dialogue for logging into this site with your favorite SSO provider and for accept cookies. If I go to site and it says, we don't know who you are. This is as much as you can see until we know who you are. Then I, I would be a lot better off if I could hit one button that would handle the, the consent and the sharing of the actual information, because realistically, that's what I'm consenting to.

Don Marti (39m 6s):
Anyway, I'm consenting to hello site. This is me, here's my info. You can go do things with my info.

Shawn Powers (39m 14s):
Do you think a lot of the, the multiple pop-ups are, okay, now we have to ask before we do anything. So we have to ask all these things, you know, as a, as somebody who has had a website, right. I, I, you know, I have all these features. I mean, possibly it could be, you know, I'm probably, I'm trying to programmatically think through what the best way to do this is right. Like, let's say, I want somebody to allow notifications, but obviously not right at first. Cause I'm the same thing. I'm like, no block this site. Why would I want this weird, random new site to send me notifications? But I think that maybe if, if they accepted a cookie after a timer or something, you know, they could ask me those things.

Shawn Powers (39m 57s):
But I mean, what I'm not sure of is I think that we're going to get numb to all these notifications. Right. We're going to get, we're just going to click. We're either going to be yeses. Yes. Or no worries. Right. We're going to say yes, yes, yes, yes, yes, yes, yes or no, no, no, no, no, no, no. And then when it's like, doesn't work real crap. Now what? Now I don't even know how to get the thing cause I clicked. No, and it's gone now. So I just, I implementation is going to be rough.

Doc Searls (40m 21s):
Let me just jump in on that one a little bit. At least here in California, it is not too much trouble. Maybe just because they go to the trouble anywhere. It says, you know, big green button except our use of cookies and next, which is when I managed my options or something like that. And if you go into those, almost always, it has, here are the necessary cookies. Here are a performance cookies, and then there's one that's advertising cookies. Right. And you switched that to off now. And I, I do that on every single website that does that. Now here's the good part is I have, I still have the use of the site.

Doc Searls (41m 1s):
I don't have to log in every time if a login is required. But so the upside is I have some small amount of faith that they're obeying in the sense that they are possibly auditable. I don't know if, if anybody's doing the auditing or not, but perhaps, but the downside of that is, and this is to me, an important thing is that I have no record at all of that. I mean, other than having taken a screenshot, which by the way I do, I do keep screenshots of all of them, but that's because I'm a geek around this thing and you know, mostly and nobody else should need to be, but that is a working system. It's a terrible system, but it does work.

Doc Searls (41m 41s):
I mean, it does work if it, if it does what it says, it does, you have successfully opted out and all those sites must be a California thing because I've never seen anything like that. Really? You don't, you never see that Libby VPN to a Michigan and said, take a look. I mean, I see. Yeah.

Don Marti (42m 2s):
I think a lot of sites are on their third generation of GDPR UX. There was the stuff that they rushed out in 2018. There was some other stuff that got cleaned up in order to get a little bit better UX. And lately there's been some guidance from the European regulators on what you can make defaults on those consent dialogues and, and how they need to work. So the GDPR dialogues that we, that we started getting in 2018 are different from what we're getting now.

Don Marti (42m 49s):
And I think that as SSO systems and systems like unified ID that integrate the SSO system with the advertising stack, come out, that we're going to see a smoother process. And we're going to see sites being smarter about not setting the cookie until they've got somebody hooked on the article. You're probably going to show up. And instead of saying consent to everything right now, you're going to be able to read a little bit before you decide if you want to make that kind of decision.

Don Marti (43m 32s):
And if, if you remember making a LinkedIn account, when you first log on to LinkedIn, it doesn't tell you type in your entire work history and all your contacts and give us all this info upfront. When you first connect to LinkedIn, it wants to get just enough info to get you logged back in and get you started getting some value out of the site and then they'll nudge you for additional stuff. So LinkedIn is what they ahead of web publishers on how to handle data collection and permission.

Don Marti (44m 18s):
And some of the techniques used in online games where they'll progressive will like get you sucked into the game and then prompt you to invest additional resources or yourself in are also things that we're going to start seeing applied more around the web. So the shareware, right,

Shawn Powers (44m 40s):
Two websites give you a little bit for free and give people,

Don Marti (44m 44s):
Give people enough, enough of a reason to stick with it. And, and platforms that make it, make it easier for, or doing a B testing are going to help out a lot. And, and integrations between consent management and single sign-on are going to help a lot because right now you're the software component that handles letting a user log in with Twitter is different from the component that manages those consent dialogues that lets doc go through and check a bunch of boxes that nobody else in the world actually checks.

Don Marti (45m 38s):
So all of that, all that stuff is, is a promising target for integration. So

Shawn Powers (45m 48s):
Is it fair to say that right now, as far as my data goes or the data that I share with people, you know, the data about Migos, the cat's out of the bag, my data's out there it's so in so many places. So right now for the technology aspect of it, that I'm using is basically just stopping people from knowing it's me because they already have all my information, unfortunately. So I guess if all of these privacy browser extensions in browsers that, that did that, don't let them know who I am. I guess that's how I'm protecting my privacy now. Is, is that a fair thing to say? You know, even though all my data is out there, I'm kind of hiding who I am, right. I like go into the internet with a mask on and they don't know it's me.

Shawn Powers (46m 29s):
So they don't know how to target me. Is that what we're going for with the technology yet?

Don Marti (46m 33s):
Well, a lot of, a lot of the information that's most valuable commercially becomes no longer valuable as it gets stale. So I did a fairly long and involved CCPA, right? To know process with a company that's bragging on. We've got zillions of data points per user, and we're tracking every step of the customer journey and I'm thinking, okay, great. I'm going to, I'm going to do a CCPA right. To know against this company. I'm going to get all my info. I'm gonna find out all of what this company knows about me. And so I was really excited to get my, my PDF, all encrypted and nicely wrapped up and delivered.

Don Marti (47m 21s):
I opened it up and it's my address from 12 years ago and a Boolean for whether I'm dead or not. And it was disappointing. So, so yes, it was disappointing. Yes. There's a lot of, there's a lot of information out there that people pay money for, but they pay money when it's fresh. So, so your current information might be out there in circulation, but as your data management gets better, then you're going to have a better control on the fresh info.

Don Marti (48m 8s):
That's actually worth something.

Shawn Powers (48m 10s):
What about harvesting public data? For example, I tweet everything. I just, I tweet everything. And so that's public data. I mean, you know, it's out there for anybody to see at any time. So, I mean, that's completely fair game for a company to use, to target me, correct. I mean, if I were looking for what I should sell, the Sean, I'd go to, you know, twitter.com for as less Sean Powers because he tweets every day about the stupidest things in his life. So, I mean, there's, there's not a whole lot that a person can do about that apart from not tweeting their life on the internet. Correct. I mean, that's, I mean, that's my own doing

Don Marti (48m 49s):
Well, if you want to, if you want to get a little better class of ads, you might want to tweet aspirationally. So somehow, somehow the Twitter ad algorithm has decided that I have a thriving medical practice and that I'm in the market for a construction loan for my prime urban hotels site. And that I'm in the market for an F 15 X airplane.

Shawn Powers (49m 20s):
I never get good at Twitter ads.

Don Marti (49m 23s):
I tweet about California privacy stuff. Mostly.

Doc Searls (49m 30s):
Yeah. Yeah. I think, I think, I mean that Don is always like several chess moves ahead downstream with everybody. He's got, he's got the move behind the move behind the move. And I think it's impossible for algorithms to figure Don out well. So I think even that probably the difficulty for following Don gets him, this upscale stuff would be something to that.

Don Marti (49m 54s):
Yeah. And I think, I think a lot of the companies that I, I retweet are unusual unusually direct adtech and MarTech tweets. And so when companies talk about targeting and, and servicing targets, well, that's largely what the F 15 edX is about. I think they're there. I, I, I think that it could be the F 15 E that's, the one that's supposed to carry, carry the bombs to be used to strike ground targets that could get mixed up with, with marketing.

Don Marti (50m 44s):
And then the edX is like the, the next version of the E, but, but a lot of, a lot of close air support and marketing uses the same language to describe what they're doing.

Doc Searls (51m 2s):
Yeah. I, I, I'm just looking at my Twitter. I'm getting a,

Katherine Druckman (51m 6s):
I was doing the same. I can't find any

Doc Searls (51m 10s):
Yeah. New York times and progressive insurance, but I may have, I may have turned off everything that might be personal on there, just so I get whatever run of tweet, run of Twitter, any of these guys by now, I've got the Apple card, you could get the Apple card, you know, something.

Katherine Druckman (51m 35s):
Yeah. I think I must not be worth targeting because I'm scrolling and scrolling and I haven't come across a sponsored post for the kind of advertising for the longest time,

Doc Searls (51m 44s):
Time on, on Facebook, as little as I was on it. I got almost nothing but ads for under 30 singles, which is completely absurd, you know, but more of them there are, are better, but I'm pretty sure I have almost everything turned off there as well. So I dunno.

Katherine Druckman (52m 4s):
Yeah. I mean, Twitter's minor offer wrinkle cream wrinkle Crow, boy. So crim

Doc Searls (52m 11s):
To, to Sean's question. No, I think in my hanging out at law schools would have heard often about my complaining about all this stuff is you got to have harms. You got to have like, not just harms big harms and a problem for us fighting the ad tech establishment such as it is, is that the harms they cause are, are so certain small in most cases that they're not worth it. I mean, there there's anybody far as I know you could lay it at the, at their doorstep saying you killed this person or this person got his foot run through a chipper because of something, you know, there's, there's not, there's none of that is there's just annoyance and, and absurdity and silliness.

Doc Searls (52m 58s):
While at the same time, we have, you know, surveillance capitalism operating at full volume and, and organizing us into tribal groups and basically causing all of the bad things that can happen when you basically incentivize the, the, you have algorithmic nudging. In all cases, the algorithmic nudging is far more dangerous and bad than the advertising that has done to support. So attacking the advertising is, is not the most effective way to fight the algorithmic nudging, which is a greater harm, actually, that actually there are harms there and they can be shown, but the advertising itself.

Doc Searls (53m 40s):
Yeah, not so much.

Don Marti (53m 42s):
Well, the big, the, the big social, big social sites, which may be the thing that brings the, the blue America and red America together is agreeing that we need to break up Google and Facebook. The, those big sites are supported by many individual decisions made by marketers who decide, yes, our marketing budget can be safely spent on whatever heinous stuff happens to be on Facebook or YouTube this week.

Don Marti (54m 22s):
And so those, those decisions, those, those, those marketing decisions that are made one at a time feed into that, that large scale political risk. And so the more that people can say, I don't want my information used by big creepy social sites. And the more that we can say ad money spent on reaching me, there is not as well used as money that goes to support say independent blogs or legit news sites, then we can, we can already make a change.

Doc Searls (55m 13s):
So w w we could ask done, where do you think we'll be in five years?

Don Marti (55m 18s):
Well, there's, it's kind of a survival question. If, if surveillance marketing keeps growing and can out-compete a civilized society, then, then we end up in yet another dystopia. But the good thing about internet news is that we, we keep finding out about dystopias and we keep beating them. The, the crypto export dystopia was, was a us against the governments of the world, trying to get control of, of encryption.

Don Marti (56m 4s):
And that didn't happen. The DRM dystopia was independent software against giant copyright holding software companies and media companies. That one ended up not happening. And essentially the surveillance marketing dystopia is the entire free world against a few overgrown mailing lists, brokers with air on chairs. So I think these, these kids today have it easy in the dystopia department.

Katherine Druckman (56m 39s):
Why does everyone have one of those expensive chairs? I mean, that's a whole topic for another podcast, but everyone has at them. I feel like it might. I have to know that they're really good.

Doc Searls (56m 49s):
They're good. I don't like them as well as I like the Ergon chair, which is the one with cushions. It's real cushions that came before it. That was, that was Herman Miller's first hit chair.

Katherine Druckman (56m 60s):
Yeah. And I remember, well, I mean, I don't remember the time it was designed. I studied history of design. It's a long story.

Doc Searls (57m 7s):
Here's a, here's a fun, little minor hack search for Herman Miller Aeron chairs, anywhere on Craigslist. And you will find hundreds of them being sold by, by people. Who've picked them up out of dead companies in hype, in tall buildings, everywhere, because even pre COVID. I mean, there's so many of those things flip flooding the market and they're all 400, $450. It doesn't matter what they're going to be 40 or 50 bucks new. They were twice that or more, but yeah, hot tip. Yeah. A lot of those it's like I, I was, I was at, I dumpster dove, edit a dumpster behind one of those office.

Doc Searls (57m 48s):
Buildings is Santa Barbara that had, I swear the entire, it was a small dumpster, but still, you know, like six foot square absolutely filled with, with HP keyboards and mice, nothing else, just HP keyboards and mice. And I guess the computers went somewhere else. BHB keyboards and mice were all in there. I took about five of them. I've got one upstairs here in the house and borrowing, in fact, my mouse. Sorry. I took us off on a complete tangent. Yeah. That's no, I took over the bigger tangent.

Don Marti (58m 17s):
Yeah, no, I think, I think in five years we're going to be talking about a different internet dystopia story and surveillance marketing will still be there, but it won't be the, the threat that people are making it out to be now. Yeah.

Doc Searls (58m 31s):
It might be. How is the Trump got back?

Katherine Druckman (58m 38s):
That'll be a new, a new social network, I suppose, probably being built right now. Anyway. Well, thanks. I think, I think, yeah, we've we have hopefully given people a lot to think about and as always let's I would encourage everybody to reach out to us with feedback, questions, comments, concerns, everything. You can find us at reaction security numbers. Yes. Give us your purchasing habits, your credit score. Yeah. As soon as all of that, you can find us at reality, two casks.com.

Katherine Druckman (59m 18s):
That is the number two in the URL. You can sign for our newsletter. I did not mention that at the beginning, but I'm going to mention it now. Yeah. So, so please get in touch and we look forward to hearing from you and, and, and coming up with some good questions for Don for next time. And thank you so much, John Marty for joining us and Sean Powers for joining us and doc for always showing up every week.