Good subject.
In fact the idea of a checklist (if not certification) came up early on, and Adriana Lukas did some work on it, based on an early list of VRM attributes that I published in a blog post.
These were never meant to be final when they were written, but they also haven't changed in a while. So maybe they'll work as a starting checklist.
But, before we proceed, I'd like to dump my brain a bit. In particular, three thoughts.
First is a line from Ed McCabe that has rung in my mind ever since he first uttered it, decades ago: "I have no use for rules. They only rule out the possibility of brilliant exceptions."
I've felt from the start that VRM is a brilliant exception to the conventional wisdom of business as usual. This is why we started simplifying our message by saying that VRM provided individuals with tools and services that made them both independent and better able to engage. Or, to be even more brief, we said we wanted VRM to support those two virtues: independence and engagement. Is that a short enough checklist? Dunno. My sense is that it's short enough to encourage development yet not long enough to serve as a checklist. In fact, I kinda had a checklist half in mind when I wrote this post the other day, unpacking substitutability and freedom of contract: <
http://blogs.law.harvard.edu/vrm/2013/03/09/the-vrm-perspective/>. I'm clear on the former as a virtue, but not on the latter. Not yet, anyway. Too much work left to do.
Second, I think it's okay for future idols to walk on clay feet when it's the only way to get around. Meaning, we need to cut developers some slack, so they can start somewhere else and move toward VRM. I can't count how many developers who have said to me, privately, "Look, we're starting over here on the vendors' side, because that's where the money is and we have no other option. But we're working toward supporting buyers, so please go easy on us while we go through the early money-making stage while quietly developing real VRM stuff we're not ready to talk about yet."
Now, whether or not that's on the level (and I believe in each case it is), we are not so big and established that we need to smack down projects that don't fit the mold we have right now. (In one case, Kaliya schooled me toward not being harsh when I could have been. It was a good call on her part.)
Another way of putting it: we need to have a big tent, with lots of open flaps, through which people and companies are free to come and go. There are upsides to this. One is freedom from withering judgement that might discourage further development and experimentation. (As Esther Dyson says, "always make new mistakes.") Another is better heuristics all around: we learn from each other. The downside is a lack of purity and a bit of time-wasting. But I think we'd have that in any case.
Third is that we need to have room for disagreement, and respect for questions that aren't settled and may never be settled. For example... Can we do VRM without solving vexing identity problems? Do we need to solve "legal" first? Can we have real VRM solutions without ironclad security? Will we always need to live in The Land of Giant Services that hate the very thought of VRM, if they bother to know what VRM is at all? I have optimistic answers to all those questions and many more, but I could be wrong, and I need to accept that possibility. I think we all do, in respect to any VRM challenge.
The other day I wrote a long email to a good soul who has been a bit harsh on VRM. What I wanted to get across was that VRM is still a young field, full of development projects that are pioneering and experimental, and are doing no harm while doing work that can cause a great deal of good, if they succeed. It does no good in the meantime to crap on them. I realized while writing this that I was also talking to myself. We have manners to mind here. We should be clear with each other, and sometimes that means being blunt or strongly critical, but never for the sake of putting people or projects down, or saying "you don't belong here." (Unless they truly don't. In which case we should approach them privately, rather than publicly, here.)
Third is that I'm not sure doing a checklist is up to ProjectVRM. Our charter here is narrow. We foster development. That's it. We are very lightweight, consisting of a wiki, a blog, this list and some gatherings. Our administrative overhead consists of volunteers, including the Berkman Center, which graciously continues to host the project. I doubt, in the absence of funding from a foundation or some other benefactor, that Berkman would (or should) do any more than they're doing now, which I think is plenty.
One reason we started Customer Commons was to take up workloads that ProjectVRM could not. One of those workloads could easily be the checklist, or the certification, we're talking about here. So, my suggestion is to take this up with Customer Commons. But bear in mind that, at this stage at least, Customer Commons is also volunteer-run and operating with very lean financial resources.
Yet, of course, with funding anything is possible. :-)
Anyway, that's my few cents.
Doc
On Mar 11, 2013, at 6:27 PM, Katherine Warman Kern <
">
> wrote:
Doc, I’ve always felt that one purpose of Project VRM should be to certify projects. There is so much “forked tongue� out there, one thing *we* need is a checklist and reassurance that a VRMy project is what it says it is. This could take a lot of time and wary eyeballs. Something I think many interested in meeting the test would be willing to help fund with an application fee. It would be well worth the investment.
K-
From: Doc Searls [mailto:dsearls@cyber.law.harvard.edu]
Sent: Monday, March 11, 2013 8:40 AM
To: T.Rob
Cc: Project VRM
Subject: Re: [projectvrm] Tough day for VRM
Thanks, T.Rob.
You understand the VRM philosophy just fine.
There are two problems here.
One is tracking, as you say. We're about to start a series on ethics at Linux Journal dealing with exactly this stuff. As I understand it, so far, the problem for publishers is that, in order to have any advertising on one's site, one (or one's third parties) needs to track. That's just how it's done. Or so goes the conventional wisdom (or stupidity) of the moment. This needs to be discussed and unpacked.
The other is a polyscopic vision of tracking that has remarkably few consistencies between each of the eyes on the problem. Take a look at the graphic in this blog post here:
That's the set of tracking monitors and ad blockers I have just on Firefox.
I love them all, and regard them all as VRM developers; but here is remarkably little consistency between them.
We lack a common symbology, a common lexicon, a common approach to seeing and talking about the problem.
One issue is just complexity. Take a look at the graphics in this post here:
Those companies and categories are numerous beyond even the comprehension of those in them.
But we need to get on top of them.
This isn't just a matter of having a common "experience" of tracker monitoring and blocking, though that's part of it.
We need to agree among ourselves about how to identify and talk about tracking. We need symbols. Vocabulary and pattern language. Whatever it takes.
It's not up to the adtech business and site publishers of the world. Again that would put too much responsibility in the seller's hands rather than the buyer's: one more job for the cow, rather than liberating the calf by giving him or her ways to be human.
This is one of our jobs, and it's front and center right now.
We should far enough downstream before IIW that we can drill down on it face to face there.
Today I set some time aside to go sign up for some of the VRM-y services I’ve been reading about. There’s a lot of good stuff out there but I did find something puzzling. I run Ghostery. On these sites that practice a VRM philosophy, I expected to find social widgets. Shoot, you almost can’t exist on the web without a slew of “like� and “share� buttons. But what I didn’t expect to find was trackers. But I did and on most of the sites I visited. While it’s true that all these sites had no more than one or two non-social Ghostery hits, why do they have even one?
For example, while on the miicard privacy page, where the text says “From the details you choose to verify your identity to the information you share, miicard puts you in charge at every stage,� Ghostery blocks ChartBeat and Pardot (as well as expected widgets from Facebook, G+ and LinkedIn). http://i.imgur.com/ygMaodd.png There’s nothing I could find on the web site that mention ChartBeat or Pardot as partners nor explain what is shared with them. Although it’s true that it isn’t *miicard* releasing my data (ChartBeat & Pardot collect it directly), it is true that miicard intentionally chose to embed stealth analytics and tracking on the very page that explains how they protect your their privacy and identity. So I have to ask… am I the only who looks at these things when signing up? Or am I completely misunderstanding the philosophy of VRM in my expectation of how my data is collected and shared?
(PS - Sorry miicard to single you out. I found this on most sites I visited today but your privacy page had the largest delta between perception and reality, as seen in the image. I didn’t think a name-and-shame spree would be productive and if the tracking on miicard is deemed acceptable by the community here then it will be on the other sites as well. In that case, I’ll have to go re-read Intention Economy and the VRM web site because I’ll have completely misunderstood the intent.)
<image002.jpg>
