Dropsafe

by Alec Muffett

What I think is wrong with #VRM – HT @nzn @glynmoody @windley @dsearls @adriana872

What I think is currently wrong with VRM, so much so that I’ve essentially dropped out of it – sad, since I was there almost since very early on.

Working backwards:

  1. The fundamental requirements for truly personal platforms are not yet with us. Controlling your data unfortunately means being in physical control of it, or at least of the keys which encrypt it. There are no if’s and’s or but’s about this, alas.
  2. Too many people think in terms of data being (say) owned by the supermarket they have bought stuff from; you have the fact of your purchases already, so the data is already also yours – it’s just terribly inconvenient to scan data in from your receipts, so yes it would be better to demand your purchase history from Tesco/Walmart but this may or may not yield fruit because they also own that data.
  3. VRM as a movement has from the outset been usurped by the “if only people would use our new identity technology then this would all be easy” evangelists. Identity is bogus anyway, but this is particularly egregious solution-in-search-of-a-probleming.
  4. VRM as a movement has from the outset been usurped by the “if only people would use my new startup’s technology then this would all be easy” evangelists. Sometimes this is identity-related, but other times this bleeds into Let’s get everyone to give us their search-histories so we can use magic toolbars to offer them value independent of the corporations! But it’s OKAY for us to be middlemen BECAUSE WE ARE THE GOOD GUYS!
  5. VRM as a movement has from the outset been usurped by the “if only people would give us all our data to keep it safe for them! They can trust us” evangelists; this is for when you don’t want to foist a technology upon the masses but instead want all the data, you find some way to be “ethical” about it and do a data grab anyway. See “it’s OKAY for us to be middlemen BECAUSE WE ARE THE GOOD GUYS” again.

I still believe that the only person who ever understood VRM fully was Adriana Lukas because she realised (in the face of my arguments to the contrary) that it was not about storing data passively but instead about people using, mashing-up and sharing data in ways that they already understand – and critically that the definition of “controlling” data is not a techie-geeky DRM/DLP-like one, but instead a new relationship-oriented means of control that is so simple that people rarely understand the power of it.

As I put it frequently at the time: if you break up with someone then there’s no way to expunge all the embarassing things that they know about you; instead the point is that they don’t find out any further embarassing things. The whip hand is over the ongoing relationship and the mutual ability to terminate it, rather than access to previously-shared digital data which can be cached.

This understanding is why I got into Mine development in the first place[1] and why I implemented it twice-over, and why I understand that what has to happen first is the addressing of point (1) – almost all the software technologies exist, none of them require invention, all we need is a good bidirectional communications infrastructure and wide adoption of the ability by some means to selectively and easily unicast data in a direct point-to-point way, to replicate in the truest sense a “relationship” in the digital domain.

What we don’t need is to rely on identity hierarchies, or FOAF, or I-cards, trusted third parties, legal fictions for non-profit do-gooding, or anything else of that sort.


[1] Watch the first video, and the second if you are a geek; they are worth it

Comments

20 responses to “What I think is wrong with #VRM – HT @nzn @glynmoody @windley @dsearls @adriana872”

  1. Adriana

    Them fighting words, Alec, and a lot of them well said! I’ve been trying to get across as much in my time though less brutally. 🙂

    You may find that VRM is now an even broader church, including some people who would not fit either of the categories you describe. And they would not find it hard to disagree with you.

    Speaking of understanding VRM, I recommend Doc Searls’ latest book, Intention Economy heartily – I thought I knew what there is to know about VRM and I am finding it quite informative and insightful, expounding way beyond the standard VRM discussions. http://www.amazon.co.uk/Intention-Economy-When-Customers-Charge/dp/1422158527

    Reply
  2. Dave Walker

    Mmm; there’s a wider lesson in this, around genuine benefit and opportunity being stilled, at least in part, by entrepreneurs and evangelists who mean well but have their own agendas. The history of VRM as it stands, isn’t the first case of this; I wonder if Cloud has enough real traction underneath all the hype (especially given recent outages, which better architecture would have avoided), or if it’ll happen there, too.

    Speaking of Cloud, Minekeys have considerable utility there. Expect them to crop up in surprising places.

    Reply
  3. Adriana

    You are right, Dave, as usual. I suppose I am cynical enough to expect this to be the case and don’t even think about it explicitly anymore. Cloud is a good case in point. Hm, would be lovely to see Minekeys and anything Mine related to crop up anywhere. 🙂

    Reply
  4. Bob Jonkman

    Can you expand or define the acronym VRM at the start of this post? I was steered here by @GlynMoody, who is a font of interesting information, but here I have no idea what we’re discussing…

    –Bob.

    Reply
    1. alecm

      @Bob: you really don’t want to know.

      VRM at its essence ought to be about ordinary people being able to

      a) “take back their data” (ie: demand copies of the data which I assert to be shared-owned, see Tesco above) and/or

      b) be the most authoritative source of data about themselves (ie: see the address-example in the first video of the footnoted link) – to which I would add…

      c) participate in the net as equal players, since to achieve point 1) in the posting above, people have to be connected-to, rather than merely accessing the net.

      Now: with all that context, can you see why it got called “Vendor Relationship Management”?

      No? If not I would not be surprised. The idea sprang from being “the inverse of CRM” and then expanded in scope and attracted a community; Adriana Lukas got involved and I followed shortly afterwards.

      This led to researching the general problem of technologies which were not so much “user-centric” as “user-driven”, the point being that something could be user-centric without the involvement of the user – something that would rather spoil the original aim of the project.

      And then it turned into a bit of a bunfight…

      Reply
  5. William

    Dear Alec

    I find this a bit “People’s front of Judaea”. An ungracious blast cold air at various tender shoots. Also ill-directed.

    There’s a big problem here many of us are trying to solve. Getting a solution is more important than whether it’s called VRM, how VRM is defined or whether you or anyone thinks VRM is good or bad, or whether it is a movement which has or lacks integrity.

    For me, I’m grateful for many insights the VRM community has offered up, but this post doesn’t add much.

    As I understand it (and language may bring in confusion) there’s nothing controversial in your point #1. The individual has to control the keys. That’s a core requirement. Yes: it may need additional new services.

    I don’t see your problem in point #2. There’s your data, my data, and our data, and over time the individual increasingly becomes the point of integration. So what?

    Point #3 surely we all agree it’s not about identity, and that it’s about various ways of proving all sorts of claims. The various proposed vouching services very likely have something to offer

    Who care’s if it’s Joe’s tech, Drummond’s tech or your tech as long as it works to the right functional spec? I suspect we all prefer open source tech. Can’t speak for Joe.

    The hyperlink in point five suggests you’re criticisms here are directed at Mydex, the project I’m working on.

    You are completely wrong: Mydex does not want your data, or anyone else’s data. We don’t want it any more than whoever makes Filofaxes wants to know your engagements or whoever makes laundry bags wants your dirty underwear. Therefore it’s built so we can’t get at it. Not sure if I can make this any clearer.

    You talk of “the masses” in an elitist way: let’s be clear that’s you talking, not us.

    You sneer at “ethical” good guys. We’re trying to do the right thing in the right way. I must ask: do you want businesses to be ethical or not? I know what I prefer. If anyone actually succeeds in creating an ethical business some blogger will snipe at them for greenwashing.

    I love Adriana too (though she drives me nuts sometimes). We all agree it’s about using and sharing.

    Alan Mitchell’s definition of volunteered personal information (which you also pooh-poohed, and with equal lack of grace) explains the economic mainspring of a new personal data ecosystem very elegantly. She’d be the first to agree this problem will get solved by solutions that work and not by carping from the wings.

    It would be great if you could get focussed on the big shared problems instead of schismatic attacks inside a group which is still barely the size of a pinhead in the grand scheme of Big Data. Happy to discuss further over beer.

    Reply
    1. alecm

      William,

      As you may not have seen I was asked for my opinion on VRM by Enzion Xavier and Glyn Moody, and so I provided it, somewhat unvarnished. Hence the blog posting – twitter is simply too brief, sometimes.

      “Tender shoots”? VRM has been going on for what, four years now? Five? My linked debate with Joe about “user-driven search” is from 2008, so those shoots must surely be a bit stale by now.

      In my five points I don’t enumerate “issues” but “opinions” – I rather hoped this was clear from the text; the first two I think we have some agreement upon and I am campaigning re: the first on my own.

      Re: identity: as-per http://dropsafe.crypticide.com/article/2475 I disagree that it is about a need for “proving all sorts of claims”; though some doubtless enjoy the technology of Identity I have never felt it a requirement for VRM much as Geometry does not require the Parallel Axiom; it was rather “assumed” by some parties and then embedded, with consequent impact upon innovation.

      Re: third-party-owned personal data stores: if Mydex does not want data then why aggregate it? To provide a service, yes, but you could seek your own solution that enabled people to self-host and thereby not create a store and with it concomitant risk.

      Re: analogies, a third-party-owned database of other peoples’ data is not exactly like a filofax, is it?

      After all (if you have one in this day and age) you carry a filofax around with you – a characteristic that I actually desire, to carry my data with me. From what I understand Mydex does not actually put the user in physical, local control of their own data – including flushing it entirely down the toilet if they so desire. Am I wrong in this respect?

      You suggest that I write in an elitist manner; you are absolutely correct, I do. I actually believe that I understand this stuff, and hence why I offer opinions on it. Relatively few other people actually do understand this stuff, hence why I write for the masses who do not.

      You ask: Should businesses operate in an ethical manner? I would say “yes”, but I would also qualify that by saying there are some businesses which can be operated ethically and legally but which I still would rather they did not exist at all in their given form.

      As for Alan’s VPI model, when he for instance wrote in 2009: http://goo.gl/KIQvA

      Google is a good example. Its entire operations are driven by information volunteered by users – the search terms they input when using the service. People don’t use Google with the aim of volunteering this information, but it has still proved powerful enough to catapult it to its current status as the world’s biggest advertising-funded company, in less than 10 years.

      …the only response I have is “what’s new?” – I could title this “Equifax: The Next Generation” for it seems nothing to do with putting the user in control other than giving them the Hobson’s Choice of disclosing data for desired freebie services – most probably without full understanding of what is being given away.

      I have no product to push – the Mine technologies, documents and videos are out there for anyone to play with albeit I think there is currently no point – see the body of my argument for why.

      VRM might yet fly; we might document all our relationships in R-cards and all our facts and claims in I-cards and have Higgins stacks on our phones… but I sincerely hope not, because I believe the proper path lies elsewhere.

      Reply
  6. William Heath’s blog » Blog Archive » Response to Alec Muffett’s VRM criticisms

    […] a reply I had to do to a blog post that criticised the work I’m involved in (by Alec Muffett). Dear […]

    Reply
  7. Crosbie Fitch

    Identity is not bogus, but the concept is in danger of being submerged by bogus redefinitions.

    Personal data as a protectible commodity is as protectible as copyright can protect ones published work, which as we should know by now is not worth the parchment the 18th century privilege was written upon.

    VRM is perfectly sound. It’s just very difficult to develop VRM facilities without middlemen and something to incentivise them.

    Reply
    1. alecm

      Yep.

      Reply
  8. Doc Searls

    No arguments with #s 1 and 2. Agreed.

    On #3, mo argument with “Identity is bogus” — or at least with the grounds of the argument you make in your cited post. I have tried from the start to de-conflate VRM and identity. I should have done a better job early on. I think I’m doing a better job now, which is one reason I invite you to re-join the conversation.

    FWIW, there are three reasons we continue to have VRM sessions at IIW: 1) I’m one of the organizers; 2) To a large degree IIW, title excepted, has become a VRM workshop; and 3) It’s a great venue, run as an unconference.

    That identity remains a discussion topic on the VRM list is a feature, not a bug. The recent distinction, by Devon Loffreto, between “sovereign source” and “administrative” identity may end up where you’ve been all along. Or maybe not. But I think the trip is worthwhile.

    Discussion and development are different matters, however, and development matters more. On that front, I have always fully supported The Mine! Project. It’s in my book as well.

    Also on #3 and #4, what you see as usurpation I see as participation, and early trial-and-error efforts. Look at the lists of VRM principles, goals and tools on the VRM wiki. None of the tech from either of your alleged usurpers is specified there. Nor is there anything there about identity. Your influence, however, is there. It might not be exactly what you’d say, but it’s still there.

    On #4, there is nothing on the page you link to that says what you claim it says.

    On #5, I know of no companies operating in the personal data/store/locker/vault space (which is still way out at the left end of the adoption curve) that say, even indirectly, what you say they are saying. One of those companies, Personal.com, has a data ownership agreement that directly contradicts your claim.

    In the book I salute what Personal is doing there. I also say it’s the best they (or anybody) can do if they want to operate that kind of business within the calf-cow model of client-server computing that prevails on the Web today.

    We should be able to assert our own terms, in our interactions with others. The Mine! is a move in that direction. We need many more. It’s still very early.

    So I invite you to come back and help out. We’ve missed you.

    Reply
    1. alecm

      Hey Doc,

      I’ll think about it though I have a lot on my plate nowadays;

      re: point 4 as you spotted Joe and my frank and silly conversation on this topic is at http://blog.joeandrieu.com/2008/07/20/notes-on-user-driven-search/ which was the followup posting to the one I originally cited. My bad on the link. I remember discussion of a toolbar for user-driven search…

      re: point 5: I cannot accept an agent with ability to transact my personal data on my behalf as being trustworthy, and I cannot see the point of a third-party-owned personal data store that cannot transact (or otherwise comprehend) my personal data, because without that ability it would just be a webserver.

      I am currently helping support a campaign (http://goo.gl/13luN) to somewhat fend off the British Government from peering into (and mandating collection of) ISP data which otherwise might be very attractive from a VRM perspective – hence my reluctance to establish yet more honeypots of tasty high-value data into which the state can stick its fingers.

      Reply
  9. Alan Mitchell

    Hi Alec,
    Not sure what you are trying to do here. But just to clarify one point seeings as you mention me personally. You quote me saying that Google makes its money from the information individuals volunteer. That’s a fact. It’s economically important.
    You then fail to quote the rest of my argument: that given the economic value of the information individuals do volunteer and can volunteer, they will want to exert increasing control over who they share their information with, for what purposes, and over who gets what benefits.
    That’s what this is about. A change in the way our economy works, and creating a design that works well rather than badly. I suppose the question is, do you want to do that or not?
    Alan M

    Reply
  10. alecm

    Hi Alan,

    What I am trying to do is explain my opinion when someone asked me.

    I keep saying this.

    Nobody asks AA Gill “what are you trying to do?” when he gives a restaurant a bad review; he’s a restaurant reviewer, it’s what they do sometimes. It’s an opinion. It’s allowed.

    My perspective on “That’s a fact. It’s economically important” is that it’s stunningly obvious to geeks that personal information has value; ask Equifax for instance.

    The stunningly obvious bit needs to be understood by more people than geeks, so well done on that front.

    The means to permit individuals to “exert increasing control over who they share their information with, for what purposes, and over who gets what benefits” is the interesting bit.

    The majority of my experience with the (rest of the) VRM community up to (say) late 2010 was of people bouncing around side-projects:

    – what format should the data be in (flavours of XML and CardSpace and so forth)

    – how do we identify people (which I consider a bit Rev 13:16-17-ish)

    – how do we label stuff for consumption by others (“we need a creative commons-like licensing for personal data!”)

    – branding (“we need a i-button / logo / something like the orange RSS flash”)

    – how do we do stuff to/for the people, rather than help them do it for themselves.

    None of this I found valuable, especially anything smelling even so faintly of the Identity community – Cardspace, XDI, federated identity, whatever – which I still see as a solution in search of a problem.

    I think Doc’s right but I am not sure what the solution will be; however I am pretty sure the solution won’t come out of the VRM community.

    It can’t be imposed – people will have to come across it for themselves.

    I think about the pitch for i-names and then I look at “@alecmuffett” twitter handles and the continuing prevalence of e-mail addresses and I just laugh.

    I laugh at OpenID nowadays, too.

    In the meantime feel free to keep telling marketers about the upcoming opportunities, I hope that works out for you. Everybody deserves a little success.

    Reply
  11. Phil Wolff

    @Alecm, Honeypot sounds like a great VRM brand! Tasty, sticky data. We hold it. Others want in.
    😉

    Reply
  12. NZN

    So my distillation of your position is that what is wrong with VRM in your opinion is that the wrong people are thinking inaccurate ideas about the nature of data and there is not an available opportunity for technology to fix that problem yet.

    “wrong people” being those that fit in 3,4,5 camps.

    inaccurate ideas being those related to how data functions inherently and is related to personally, as derived from 2.

    tech is not ready yet, as derived from 1.

    So I guess this comes down to an assertion that what is wrong with VRM is that it is not adding up to a workable solution. And further, that the solution of real need is not being defined properly so that community efforts may coalesce in a productive manner.

    If I am correct in my search for your intended meaning, then I want to ask you what is wrong with the Mine Project? Where is it stumbling, if so?

    I think you make an important point here: “almost all the software technologies exist, none of them require invention, all we need is a good bidirectional communications infrastructure and wide adoption of the ability by some means to selectively and easily unicast data in a direct point-to-point way, to replicate in the truest sense a “relationship” in the digital domain.”

    Under the assumption that we could generate wide-scale agreement on this point, what is lacking that propels progress on this path?

    Is it as simple as the business model embedded within this framework of relationships? Investment dollars?

    In defense of VRM, I think the lack of granular specificity is conversationally necessary. The problem space of VRM is large, cuts across any and all demographic or Industry categories, and is ultimately about control, whatever that means, by Individuals as personal representatives of their own best interests. There is good merit to going wide in instigating these conversations with any interested Individual or coded effort.

    That said, there is definitely a need to focus less on the problem space and more on the opportunity space. Fixing problems and making things work right are not always the same thing. What we want is a better way of doing things, not more fixes to problems.

    Reply
  13. Dave Walker

    VRM may make a swift comeback by popular demand, if the proposals for NHS patient record handling reform go through – only then it’ll be “Doctor Relationship Management” (and damn, that acronym’s taken).

    The Mine! Project still has me tantalised, for other reasons involving its potential for other purposes – I need to discuss it further. When it comes to managing relationships between entities, “a computer is just the world’s stupidest user”…

    Reply
    1. Adriana

      “When it comes to managing relationships between entities, “a computer is just the world’s stupidest user”…”

      Love it! Especially because it’s so true. I’d be very happy to discuss the Mine! Project further. It’s not dead just, er, on ice as the UI/UX coder I had lined up has fallen through some time ago and I haven’t had a chance to find another. The joy of open source. 🙂 But it’s not over yet… so interested in what you have to say. Perhaps over coffee?

      Reply
  14. Phil Windley

    Without being too defensive…

    You sound like you want to change the world without any companies or technologies being involved. I’m not sure how you bootstrap that.

    Clearly we don’t want a single provider. That’s the reason for protocol. But there *does* have to be one or more protocols involved and those will have to be services by software that someone writes. Some of that will be commercial and some won’t.

    If you object even to the creation of new protocols, then that implies that we’ve already got all the tech we need. If so, then what are we (you) waiting for?

    Reply
  15. alecm

    Hi Phil.

    Who invented the blog? Was it one person? Was there only one technology? Did it change the world?

    – alec

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts