On this thread I would also like to mention keybase.io - a Web of Trust application - as an existing, widely used (though mostly by techies) key management solution with which to prove your identity.
One thing I do not like of Keybase (and the reason I did not yet try it) is that it is a commercial company, but nowhere can I found how this is set up, or how they do raise money, etc. Best info I could find was in this blog post and in their Jobs section they state this:
Keybase is a small, well-funded company of idealists who love what we’re building. Our team and investors come from a variety of early roles at OkCupid, Reddit, Tumblr, Facebook, and more. We enjoy:
bringing privacy & security to the masses
making apps & interfaces
ping pong & peanut M&M’s & LaCroix water & team outings.
This is a very strong point. While I cannot mention names of companies, I know first hand that, in combination to any third party collected data through mobile apps, there are indeed methodologies and partnerships with other direct to consumer companies like car companies (which then have access to limited DMV data and car purchase data), insurance companies (which have access to home address data), DVR companies (which have access to television viewing patterns) political agencies (voting data linked with technologies where pollsters input information door to door, scary stuff). Then the financial companies with credit scores, etc. Years back I participated in a number of meetings with different types of consumer based companies, all trying to figure out ways to link x, y, and z by combing different data sets from different companies.
Data collection existed before the web, if we were to achieve a perfect web of trust, it would make the internet ironically the only true safe space, which would be great but if achieved what difference would it make if the rest of the world is still gathering consumer data, trading it, improving it, etc?
I think the early idealism of the web viewed the internet as such a safe space, and instead, perhaps the web in its own way just exposed exponentially what has been going on all along, just magnifying at scale the underbelly of the beast so to speak.
Wow! Nice perspective, I’m impressed with your broad knowledge here and the ability to present a bigger picture with the technical pathways that allow it.
How do you see adoption happening? Would you see this emerging from within the big Four, through regulation? through competition?
Nice thinking, and I can’t tell you how much I appreciated the hand drawings to humanize your presentation I think what you are suggesting or something like it will soon emerge. Have you read Roger McNamee’s book? He is calling for a “universal authentication” system and advocating for that at a pretty high level, touching government and big tech.
I do think it can be used to add a measurable value to the users attention or interaction with the sponsored media, but I see the only way remittance can happen is if value (revenue share) is measured against user attention. I can see if users don’t add data that value is x, and if users add personalized data that value is increased, with the revenue shared per ad view.
I’m only basing that on the practical reality of how media buyers buy, another side of the equation. It has to make sense to the advertisers otherwise it will fail to find adoption, even if regulation exists to support it, if the economics are impossible or only available to the bigger brands who can afford the larger media buys, that itself can have unintended consequences back on the publishers, who really need saving right now.
Example: say someone can purchase my 3rd party data, that doesnt mean I will see their ad. data is bought in bulk. That data is then sold in bulk against media buyers ads, and that collective bulk adds maybe a $1CPM to the ad buy, maybe more depending on the targeting.That’s sometimes 25% of the full ad buy revenue share.
Most platforms cant determine the viewability, or the metrics of the viewability is meaningless (Facebook vids for example counting a view after :03 of video viewing) The economics probably wont make sense in terms of defining the value against what the advertiser paid versus what the user actually saw. The data provider is often just one of the layers in the exchange, there is still the publisher fee (not based on data but audience size) and the agency fee. Monetizing data direct to user is not a pathway I see that is easy, considering the variety of media buyers and networks.
Also, refreshing for me, i see that you and many in this community focus on the social media side of data and advertising - while my focus for the past few years has been less on social, and more on web publishers, especially the premiums, like news organizations or top 40 sites in each vertical, or niche networks of niche blogs. I’m worried for the online publishing industry, so I focus on that side, which offers unique targeting that is surgically contextual that social networks cannot. Additionally, social networks have robbed creators of the ability to actually own and control their own channel, so saving that through web publishers is important, especially if we want to take on the big four ( Our current platform addresses the problems within Google and Facebook in relationship to publishers)
what you’re suggesting or something like it nests nicely in what we’re working on, we stay away from data entirely, don’t need to collect it at all but I see where if the user has control of their data and opt it in, it raises the value of their attention shared, which is a revenue share of the ad buy, stored as a digital asset.
With regards to Online Identity and The coming Automation of Propaganda I see a much bigger incentive arising for the big Four to adopt standards-based approaches that establish a ubiquitous and global online identity system. This helped with government regulations that are undoubtedly coming to address future trends in misinformation and fake news.
Identity is how we recognize, remember, and ultimately respond to specific people and things.
On Identity Systems:
An identity system is a collection of tools and techniques used to keep track of people and things.
Every person uses an identity system. It is used to discern friends and family, people we trust from complete strangers, for instance. It comes natural to us. Yet on the internet there exists no good system to determine identity yet. With our pervasive use of the internet it is vital that we get such a system in place, and a system that implements identity the right way, as:
“[There] are legitimate abuses of identity feared by civil libertarians and freedom-minded people everywhere. When we talk about identity systems, we are necessarily talking about how we keep track of people and things. Do it badly and we risk accidentally building our own Panopticon prison. Fortunately, by understanding how identity functions, we can avoid, mitigate, and minimize such abuses.”
Most of this info is accurate and i will not get into specifics but I take issue with the post aschrijver makes concerning laws and regulations:
Here is my beef: Regardless of your adversary and threat model and all that, law enforcement has little incentive maybe none to respect the fourth amendment in regards to obtaining encryption keys.
Police in all developed countries in the world use the babe ruth technique.
That’s when they hit you with a baseball bat and tell you to sign a confession while your hand still works and cough up your private keys and passphrase.
To blindly assume oh my data is secure and rely on keyserver or anything you do not control is too risky for me I don’t think it is good advice.
Learning how to do public key encryption is more valuable than moving trust to a third party and idk what is gained placate the users sense of complacency?
You are right not to trust keybase though, they are a honeypot they have keys that no one submitted, they scraped them and added them without the users permission.
Seems dishonest to me and I dont understand why anyone would ever need a keyserver.
Check this:
Broodwich: Bob email me your public key
Bob: Aight you got mail
Broodwich: Sends comm encrypted to bobs key with broodwich public key encryped inside and funny joke
Bob: Adds Broodwich public key to keyring, writes back another joke and encrypts to broodwich and send back
How does a keyserver provide anything but risk or at least one more rooster in the henhouse?