Skip navigation
Help

online identity

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.

Dave Eggers, the acclaimed author behind A Heartbreaking Work of Staggering Genius and A Hologram for the King, will release his latest novel, The Circle, this fall. The book will revolve around a fictional, but eerily familiar entity, "the Circle," which is described as "the world's most powerful internet company."

The Circle, run out of a sprawling California campus, links users’ personal emails, social media, banking, and purchasing with their universal operating system, resulting in one online identity and a new age of civility and transparency.

0
Your rating: None

datum380

Image copyright kentoh

In a series of articles last year, executives from the ad-data firms BlueKai, eXelate and Rocket Fuel debated whether the future of online advertising lies with “More Data” or “Better Algorithms.” Omar Tawakol of BlueKai argues that more data wins because you can drive more effective marketing by layering additional data onto an audience. While we agree with this, we can’t help feeling like we’re being presented with a false choice.

Maybe we should think about a solution that involves smaller amounts of higher quality data instead of more data or better algorithms.

First, it’s important to understand what data is feeding the marketing ecosystem and how it’s getting there. Most third-party profiles consist of data points inferred from the content you consume, forms you fill out and stuff you engage with online. Some companies match data from offline databases with your online identity, and others link your activity across devices. Lots of energy is spent putting trackers on every single touchpoint. And yet the result isn’t very accurate — we like to make jokes around the office about whether one of our colleagues’ profiles says they’re a man or a woman that day. Truth be told, on most days BlueKai thinks they are both.

One way to increase the quality of data would be to change where we get it from.

Instead of scraping as many touchpoints as possible, we could go straight to the source: The individual. Imagine the power of data from across an individual’s entire digital experience — from search to social to purchase, across devices. This kind of data will make all aspects of online advertising more efficient: True attribution, retargeting-type performance for audience targeting, purchase data, customized experiences.

So maybe the solution to “More Data” vs. “Better Algorithms” isn’t incremental improvements to either, but rather to invite consumers to the conversation and capture a fundamentally better data set. Getting this new type of data to the market won’t be easy. Four main hurdles need to be cleared for the market to reach scale.

Control and Comfort

When consumers say they want “privacy,” they don’t normally desire the insular nature of total anonymity. Rather, they want control over what is shared and with whom. Any solution will need to give consumers complete transparent control over their profiles. Comfort is gained when consumers become aware of the information that advertisers are interested in — in most cases, the data is extremely innocuous. A Recent PWC survey found that 80 percent of people are willing to share “information if a company asks up front and clearly states use.”

Remuneration

Control and Comfort are both necessary, but people really want to share in the value created by their data. Smart businesses will offer things like access to content, free shipping, coupons, interest rate discounts or even loyalty points to incentivize consumers to transact using data. It’s not much of a stretch to think that consumers who feel fairly compensated will upload even more data into the marketing cloud.

Trust and Transparency

True transparency around what data is gathered and what happens to it engenders trust. Individuals should have the final say about which of their data is sold. Businesses will need to adopt best practices and tools that allow the individual to see and understand what is happening with their data. A simple dashboard with delete functionality should do, for a start.

Ease of Use

This will all be moot if we make it hard for consumers to participate. Whatever system we ask them to adopt needs to be dead simple to use, and offer enough benefits for them to take the time and effort to switch. Here we can apply one of my favorite principles from Ruby on Rails — convention over configuration. There is so much value in data collected directly from individuals that we can build a system whose convention is to protect even the least sensitive of data points and still respect privacy, without requiring the complexity needed for configuration.

The companies who engage individuals around how their data is used and collected will have an unfair advantage over those who don’t. Their advertising will be more relevant, they’ll be able to customize experiences and measure impact to a level of precision impossible via third-party data. To top it off, by being open and honest with their consumers about data, they’ll have impacted that intangible quality that every brand strives for: Authenticity.

In the bigger picture, the advertising industry faces an exciting opportunity. By treating people and their data with respect and involving them in the conversation around how their data is used, we help other industries gain access to data by helping individuals feel good about transacting with it. From healthcare to education to transportation, society stands to gain if people see data as an opportunity and not a threat.

Marc is the co-founder and CEO of Enliken, a startup focused on helping businesses and consumers transact with data. Currently, it offers tools for publishers and readers to exchange data for access to content. Prior to Enliken, Marc was the founding CEO of Spongecell, an interactive advertising platform that produced one of the first ad units to run on biddable media.

0
Your rating: None

Asa Mathat / AllThingsD.com

Like any young start-up, the early days of Facebook were thin and scrappy. Its very first server back in 2004 cost $85 to rent. They didn’t spend more than they had in the bank. They were small, tight and still had everything to prove.

To do that, CEO Mark Zuckerberg said, the company needed to test its mettle against its existing competitors. And back then, those weren’t MySpace or Friendster, but the existing social networks inside U.S. universities.

“We first went to schools that were hardest to succeed at,” Zuckerberg said on Saturday morning, kicking off the Y Combinator Startup School event in Palo Alto, California. “If we had a product that was better than others, it would be worth investing in.”

Zuckerberg spoke to a packed house in the Stanford Memorial Hall auditorium, with an audience mostly composed of twentysomethings, the veritable next wave of young Silicon Valley entrepreneurs. The conference is geared toward the young and idealistic, those who may build the Facebooks or Twitters of tomorrow. Hence, Zuckerberg focused on the challenges of turning a rough-and-tumble outfit into the 1-billion-user-strong social giant it is today.

So if you’ll hearken back to 2004, Facebook’s first days were limited to college students alone, those who had verified university email addresses. It was a play for an early conception of true online identity; unlike other existing networks, you were supposed to be yourself on Facebook.

After first growing Facebook inside of Harvard’s network, then, the plan was essentially to go hard or go home — to launch the network at universities like Columbia, Stanford and Yale. These were the schools, Zuckerberg said, that had the most integrated social networks campus-wide. If Facebook caught on here, it’d be safer to assume that scaling to less-integrated schools would be a downhill battle.

That’s exactly what happened. Facebook spread from school to school, moving slowly to cope with the early scaling issues that popular services often face (Twitter and the Fail Whale, anyone?).

Much of the other advice Zuckerberg offered to the young crowd was the usual platitudes — listen to your users, stay simple, be reliable.

But his most important point was clear: Punch above your weight class. If your product is better than anything out there, the users will let you know it.

0
Your rating: None

The prevalence of free, open WiFi has made it rather easy for a WiFi eavesdropper to steal your identity cookie for the websites you visit while you're connected to that WiFi access point. This is something I talked about in Breaking the Web's Cookie Jar. It's difficult to fix without making major changes to the web's infrastructure.

In the year since I wrote that, a number of major websites have "solved" the WiFi eavesdropping problem by either making encrypted HTTPS web traffic an account option or mandatory for all logged in users.

For example, I just noticed that Twitter, transparently to me and presumably all other Twitter users, switched to an encrypted web connection by default. You can tell because most modern browsers show the address bar in green when the connection is encrypted.

Twitter-https-encryption-indicators

I initially resisted this as overkill, except for obvious targets like email (the skeleton key to all your online logins) and banking.

Yes, you can naively argue that every website should encrypt all their traffic all the time, but to me that's a "boil the sea" solution. I'd rather see a better, more secure identity protocol than ye olde HTTP cookies. I don't actually care if anyone sees the rest of my public activity on Stack Overflow; it's hardly a secret. But gee, I sure do care if they somehow sniff out my cookie and start running around doing stuff as me! Encrypting everything just to protect that one lousy cookie header seems like a whole lot of overkill to me.

Of course, there's no reason to encrypt traffic for anonymous, not-logged-in users, and Twitter doesn't. You get a plain old HTTP connection until you log in, at which point they automatically switch to HTTPS encryption. Makes sense.

It was totally painless for me, as a user, and it makes stealing my Twitter identity, or eavesdropping on my Twitter activity (as fascinating as I know that must sound), dramatically more difficult. I can't really construct a credible argument against doing this, even for something as relatively trivial as my Twitter account, and it has some definite benefits. So perhaps Twitter has the right idea here; maybe encrypted connections should be the default for all web sites. As tinfoil hat as this seemed to me a year ago, now I'm wondering if that might actually be the right thing to do for the long-term health of the overall web, too.

ENCRYPT ALL THE THINGS

Why not boil the sea, then? Let us encrypt all the things!

HTTPS isn't (that) expensive any more

Yes, in the hoary old days of the 1999 web, HTTPS was quite computationally expensive. But thanks to 13 years of Moore's Law, that's no longer the case. It's still more work to set up, yes, but consider the real world case of GMail:

In January this year (2010), Gmail switched to using HTTPS for everything by default. Previously it had been introduced as an option, but now all of our users use HTTPS to secure their email between their browsers and Google, all the time. In order to do this we had to deploy no additional machines and no special hardware. On our production frontend machines, SSL/TLS accounts for less than 1% of the CPU load, less than 10KB of memory per connection and less than 2% of network overhead. Many people believe that SSL takes a lot of CPU time and we hope the above numbers (public for the first time) will help to dispel that.

HTTPS means The Man can't spy on your Internet

Since all the traffic between you and the websites you log in to would now be encrypted, the ability of nefarious evildoers to either …

  • steal your identity cookie
  • peek at what you're doing
  • see what you've typed
  • interfere with the content you send and receive

… is, if not completely eliminated, drastically limited. Regardless of whether you're on open public WiFi or not.

Personally, I don't care too much if people see what I'm doing online since the whole point of a lot of what I do is to … let people see what I'm doing online. But I certainly don't subscribe to the dangerous idea that "only criminals have things to hide"; everyone deserves the right to personal privacy. And there are lots of repressive governments out there who wouldn't hesitate at the chance to spy on what their citizens do online, or worse. Much, much worse. Why not improve the Internet for all of them at once?

HTTPS goes faster now

Security always comes at a cost, and encrypting a web connection is no different. HTTPS is going to be inevitably slower than a regular HTTP connection. But how much slower? It used to be that encrypted content wouldn't be cached in some browsers, but that's no longer true. And Google's SPDY protocol, intended as a drop-in replacement for HTTP, even goes so far as to bake encryption in by default, and not just for better performance:

[It is a specific technical goal of SPDY to] make SSL the underlying transport protocol, for better security and compatibility with existing network infrastructure. Although SSL does introduce a latency penalty, we believe that the long-term future of the web depends on a secure network connection. In addition, the use of SSL is necessary to ensure that communication across existing proxies is not broken.

There's also SSL False Start which requires a modern browser, but reduces the painful latency inherent in the expensive, but necessary, handshaking required to get encryption going. SSL encryption of HTTP will never be free, exactly, but it's certainly a lot faster than it used to be, and getting faster every year.

Bolting on encryption for logged-in users is by no means an easy thing to accomplish, particularly on large, established websites. You won't see me out there berating every public website for not offering encrypted connections yesterday because I know how much work it takes, and how much additional complexity it can add to an already busy team. Even though HTTPS is way easier now than it was even a few years ago, there are still plenty of tough gotchas: proxy caching, for example, becomes vastly harder when the proxies can no longer "see" what the encrypted traffic they are proxying is doing. Most sites these days are a broad mashup of content from different sources, and technically all of them need to be on HTTPS for a properly encrypted connection. Relatively underpowered and weakly connected mobile devices will pay a much steeper penalty, too.

Maybe not tomorrow, maybe not next year, but over the medium to long term, adopting encrypted web connections as a standard for logged-in users is the healthiest direction for the future of the web. We need to work toward making HTTPS easier, faster, and most of all, the default for logged in users.

[advertisement] What's your next career move? Stack Overflow Careers has the best job listings from great companies, whether you're looking for opportunities at a startup or Fortune 500. You can search our job listings or create a profile and let employers find you.

0
Your rating: None