Beyond the Web

Note: This post was updated on the morning of 17 October 2023 (the one when I am writing this) to help me prepare for the latest salon in the Beyond the Web Salon Series, themed Human +/vs. Artificial intelligence, which is happening at noon today, co-hosted by Ostrom Workshop and the Hamilton Lugar School, both at IU. To prep for this event, I asked ChatGPT the twelve questions I put to readers below two years ago and appended its answers to the bottom of this post. The answers seem (at one reading) to be a near-perfect unpacking of the status quo many of us have been laboring for decades to change. They also seem to offer some hope toward progress. 

The Web is a haystack.

This isn’t what Tim Berners-Lee had in mind when he invented the Web. Nor is it what Jerry Yang and David Filo had in mind when they invented Jerry and David’s Guide to the World Wide Web, which later became Yahoo. Jerry and David’s model for the Web was a library, and Yahoo was to be the first catalog for it. This made sense, given the prevailing conceptual frames for the Web at the time: real estate and publishing.

Both of those are still with us today. We frame the Web as real estate when we speak of “sites” with “locations” in “domains” with “addresses” you can “visit” and “browse”—then shift to publishing when we speak of “files” and “pages,” that we “author,” “edit,” “post,” “publish,” “syndicate” and store in “folders” within a “directory.” Both frames suggest durability if not permanence. Again, kind of like a library.

But once we added personal movement (“surf,” “browse”) and a vehicle for it (the browser), the Web became a World Wide Free-for-all. Literally. Anyone could publish, change and remove whatever they pleased, whenever they pleased. The same went for organizations of every kind, all over the world. And everyone with a browser could find their way to and through all of those spaces and places, and enjoy whatever “content” publishers chose to put there. Thus the Web grew into billions of sites, pages, images, databases, videos, and other stuff, with most of it changing constantly.

The result was a heaving heap of fuck-all.*

How big is it? According to WorldWebSize.comGoogle currently indexes about 41 billion pages, and Bing about 9 billion. They also peaked together at about 68 billion pages in late 2019. The Web is surely larger than that, but that’s the practical limit because search engines are the practical way to find pieces of straw in that thing. Will the haystack be less of one when approached by other search engines, such as the new ad-less (subscription-funded) Neeva? Nope. Search engines do not give the Web a card catalog. They certify its nature as a haystack.

So that’s one practical limit. There are others, but they’re hard to see when the level of optionality on the Web is almost indescribably vast. But we can see a few limits by asking some questions:

  1. Why do you always have to accept websites’ terms? And why do you have no record of your own of what you accepted, or when‚ or anything?
  2. Why do you have no way to proffer your own terms, to which websites can agree?
  3. Why did Do Not Track, which was never more than a polite request not to be tracked off a website, get no respect from 99.x% of the world’s websites? And how the hell did Do Not Track turn into the Tracking Preference Expression at the W2C, where the standard never did get fully baked?
  4. Why, after Do Not Track failed, did hundreds of millions—or perhaps billions—of people start blocking ads, tracking or both, on the Web, amounting to the biggest boycott in world history? And then why did the advertising world, including nearly all advertisers, their agents, and their dependents in publishing, treat this as a problem rather than a clear and gigantic message from the marketplace?
  5. Why are the choices presented to you by websites called your choices, when all those choices are provided by them? And why don’t you give them choices?
  6. Why would Apple’s way of making you private on your phone be to “Ask App Not to Track,” rather than “Tell App Not to Track,” or “Prevent App From Tracking You“?
  7. Why does the GDPR call people “data subjects” rather than people, or human beings, and then assign the roles “data controller” and “data processor” only to other parties? (Yes, it does say a “data controller” can be a “natural person,” but more as a technicality than as a call for the development of agency on behalf of that person.)
  8. Why are nearly all of the billion results in a search for GDPR+compliance about how companies can obey the letter of that law while violating its spirit by continuing to track people through the giant loophole you see in every cookie notice?
  9. Why does the CCPA give you the right to ask to have back personal data others have gathered about you on the Web, rather than forbid its collection in the first place? (Imagine a law that assumes that all farmers’ horses are gone from their barns, but gives those farmers a right to demand horses back from those who took them. It’s kinda like that.)
  10. Why, 22 years after The Cluetrain Manifesto said, we are not seats or eyeballs or end users or consumers. we are human beings and our reach exceeds your grasp. deal with it. —is that statement (one I helped write!) still not true?
  11. Why, 9 years after Harvard Business Review Press published The Intention Economy: When Customers Take Charge, has that not happened? (Really, what are you in charge of in the marketplace that isn’t inside companies’ silos and platforms?)
  12. And, to sum up all the above, why does “free market” on the Web mean your choice of captor?

It’s easy to blame the cookie, which Lou Montulli invented in 1994 as a way for sites to remember their visitors by planting reminder files—cookies—in visitors’ browsers. Cookies also gave visitors a way to remember where they were when they last visited. For sites that require logins, cookies take care of that as well.

What matters, however, is not the cookie. What matters is why the cookie was necessary in the first place: the Web’s architecture. It’s called client-server, and is represented graphically like this:

client-server model

This architecture was born in the era of centralized mainframes, which “users” accessed through client devices called “dumb terminals”:

On the Web, as it was in the old mainframe world, we clients—mere users—are as subordinate to servers as are calves to cows:

(In fact I’ve been told that client-server was originally a euphemism for “slave-master.” Whether true or not, it makes sense.)

In the client-server paradigm, our agency—our ability to act with effect in the world—is restricted to what servers allow or provide for us. Our choices are what they provide. We are independent only to the degree that we can also be clients to other servers. In this paradigm, a free market is “your choice of captor.”

Want privacy? You have to ask for it. And, if you go to the trouble of doing that—which you have to do separately with every site and service you encounter (each a mainframe of its own)—your client doesn’t keep a record of what you “agreed” to. The server does. Good luck finding whatever it is the server or its third parties remember about that agreement.

Want to control how your data (or data about you) gets processed by the servers of the world? Good luck with that too. Again, Europe’s GDPR says “natural persons” are just “data subjects,” while “data controllers” and “data processors” are roles reserved for servers.

Want a shopping cart of your own to take from site to site? My wife asked for that in 1995. It’s still barely thinkable in 2021. Want a dashboard for your life where you can gather all your expenses, investments, property records, health information, calendars, contacts, and other personal information? She asked for that too, and we still don’t have it, except to the degree that large server operators (e.g. Google, Apple, Microsoft) give us pieces of it, hosted in their clouds, and rigged to keep you captive to their systems.

That’s why we don’t yet have an Internet of Things (IoT), but rather an Apple of Things, a Google of Things, and an Amazon of Things.

Is it possible to do stuff on the Web that isn’t client-server? Perhaps some techies among us can provide examples, but practically speaking, here’s what matters: If it’s not thinkable by the owners of the servers we depend on, it doesn’t get made.

From our position at the bottom of the Web’s haystack, it’s hard to imagine there might be a world where it’s possible for us to have full agency: to not be just users of clients enslaved to as many servers as we deal with every day.

But that world exists. It’s called the Internet, And it can support a helluva lot more than the Web—with many ways to interact other than those possible in through client-server alone.

Digital technology as we know it has only been around for a few decades, and the Internet for maybe half that time. Mobile computers that run apps and presume connectivity everywhere have only been with us for a decade or less. And all of those will be with us for many decades, centuries, or millennia to come. We are not going to stop living digital lives, any more than we are going to stop speaking, writing, or using mathematics. Digital technology and the Internet are granted wishes that won’t go back into the genie’s bottle.

Credit where due: the Web is excellent, but not boundlessly so. It has limits. Thanks to the client-server model, full personal agency is not a grace of life on the Web. Not until we have servers or agents of our own. (Yes, we could have our own servers back in Web1 days—my own Web and email servers lived under my desk and had their own static IP addresses from roughly 1995 until 2003—and a few alpha geeks still do. But since then we’ve mostly needed to live as digital serfs, by the graces of corporate overlords.)

So now it’s time to think and build outside the haystack.

Models for that do exist, and some have been around for a long time. Email is one example. While you can look at your email on the Web, or use a Web-based email service (such as Gmail), email itself is independent of those. My own email has been at servers in my home, on racks elsewhere, and in a hired cloud. I can move it anywhere I want. You can move yours as well, because the services we hire to host our personal email are substitutable. That’s just one way we can enjoy full agency on the Internet.

Some work toward the next Web, or beyond it, is happening at places such as DWeb Camp and Unfinished. My own work is happening right now in three overlapping places:

  1. ProjectVRM, which I started as a fellow of the Berkman Klein Center at Harvard in 2006, and which is graciously still hosted (with this blog) by the Center there. Our mailing list currently has more than 550 members. We also meet twice a year with the Internet Identity Workshop, which I co-founded, and still co-organize, with Kaliya Young and Phil Windley, in 2005). Immodestly speaking, IIW is the most leveraged conference I know.
  2. Customer Commons, where we are currently working on building out what’s called the Byway. Go there and follow along as we work to toward better answers to the questions above than you’ll get from inside the haystack. Customer Commons is a 501(c)3 nonprofit spun out of ProjectVRM.
  3. The Ostrom Workshop at Indiana University, where Joyce (my wife and fellow founder and board member of Customer Commons) and I are both visiting scholars. It is in that capacity that we are working on the Byway and leading a salon series titled Beyond the Web. Go to that link and sign up to attend. I look forward to seeing and talking with you there.

[Later…] More on the Web as a haystack is in FILE NOT FOUND: A generation that grew up with Google is forcing professors to rethink their lesson plans, by Monica Chin (@mcsquared96) in The Verge, and Students don’t know what files and folders are, professors say, by Jody MacGregor in PC Gamer, which sources Monica’s report.

[Later still, on 17 October 2023…] I just asked ChatGPT all twelve of the questions above. Here is a link to its answers: And here are the answers themselves. I am in a rush as I write this, so forgive the formatting issues. I’ll straighten them out later.

Why do you always have to accept websites’ terms? And why do you have no record of your own of what you accepted, or when‚ or anything?

Accepting websites’ terms and conditions is a common practice for several reasons:

  1. Legal Requirements: Websites often require users to accept their terms and conditions to establish a legally binding agreement. These terms outline the rules and responsibilities of both the website and the user. By accepting these terms, users agree to abide by the rules set by the website.
  2. Liability and Dispute Resolution: Terms and conditions also define the liability of the website and its users. In case of disputes or legal issues, these terms help determine who is responsible for what, and they often specify the jurisdiction and dispute resolution mechanisms.
  3. Protection of User Data: With the increasing concern for privacy and data protection, terms and conditions may also outline how user data is collected, stored, and used. Accepting these terms allows users to understand and consent to how their data will be managed.
  4. Changes and Updates: Websites can update their terms and conditions, and by requiring users to accept them regularly, they can ensure that users are aware of any changes and agree to the updated terms.

Regarding your second question, websites do maintain records of the terms and conditions you have accepted. When you accept the terms, this information is typically stored in the website’s database associated with your user account. This record helps the website manage its legal relationships with users and can be used as evidence if a dispute arises.

As a user, you may not have direct access to these records, but the website administrators and legal teams do. It’s essential for users to keep a record of the terms they accept, especially if they want to refer back to them in the future. Some websites also provide ways for users to review the terms and conditions they have accepted within their user account settings.

If you have concerns about the terms and conditions of a specific website, it’s a good practice to review them and, if necessary, seek legal advice or contact the website’s support team for clarification. Understanding the terms you agree to is essential for informed internet usage.


Why do you have no way to proffer your own terms, to which websites can agree?

Websites typically have terms and conditions that users must accept because they want to establish and define the rules and expectations for the use of their services. These terms protect both the website and the users by outlining responsibilities, liabilities, and dispute resolution mechanisms. Users have the option to either accept these terms or choose not to use the website’s services.

It’s relatively uncommon for individual users to proffer their own terms for websites to accept for several reasons:

  1. Practicality: Websites serve millions of users, and it would be impractical to negotiate individualized terms with each user. It would create a significant administrative burden for websites.
  2. Consistency: Websites aim to have consistent terms and conditions for all users to ensure a standardized experience and to minimize the risk of disputes. Customized agreements for each user could lead to confusion and conflicts.
  3. Legal Complexity: Crafting and managing individualized terms for every user would be legally complex and time-consuming, as each set of terms would need to be carefully reviewed and potentially negotiated.
  4. Protection of the Website: Websites have an interest in protecting their interests, such as their intellectual property, user data, and overall security. They rely on standardized terms to maintain these protections.

However, some websites or online platforms do offer a limited degree of customization, often for business or enterprise-level users. In such cases, businesses may negotiate specific terms of service with the website to cater to their unique needs. These negotiations typically occur at a higher level and are not available to individual users.

In summary, while it may be theoretically possible to propose custom terms to a website, it’s not a common or practical approach for individual users due to the complexities, scale, and consistency required in online services. Users are generally expected to accept the existing terms and conditions set by the website or service provider when they choose to use the platform.

Why did Do Not Track, which was never more than a polite request not to be tracked off a website, get no respect from 99.x% of the world’s websites? And how the hell did Do Not Track turn into the Tracking Preference Expression at the W2C, where the standard never did get fully baked?

The “Do Not Track” (DNT) initiative was an attempt to give users more control over their online privacy by allowing them to send a signal to websites and online services, indicating that they did not want to be tracked. However, it faced several challenges and ultimately did not gain widespread adoption or respect from the majority of websites. Here are some reasons why “Do Not Track” faced difficulties:

  1. Voluntary Compliance: DNT was a voluntary system. Websites and online advertisers were not legally obligated to honor DNT signals. As a result, many websites simply chose not to respect the DNT signal, as it did not have any legal backing.
  2. Lack of Standardization: DNT was not a standardized or universally adopted system. It was more of a guideline or recommendation. The lack of a clear, universal standard made it challenging for websites to understand and implement DNT consistently.
  3. Business Interests: Many websites and online advertisers rely on user data for targeted advertising and analytics. Tracking user behavior is a key part of their business model, and DNT threatened these revenue streams.
  4. Ambiguity: The DNT signal was often ambiguous. It did not specify what exactly it meant by “do not track.” Some users might want to opt out of personalized ads but still allow tracking for other purposes, like website analytics. The lack of clarity made it difficult for websites to interpret and respect the signal.
  5. W3C Standardization Challenges: The World Wide Web Consortium (W3C) attempted to standardize DNT as the “Tracking Preference Expression” (TPE). However, it faced challenges in achieving consensus among stakeholders, including privacy advocates, browser makers, and advertisers. The standardization process was complex, and disagreements prevented the development of a fully accepted standard.

In essence, while the idea of Do Not Track was well-intentioned and aimed at protecting user privacy, it faced numerous challenges, including the lack of legal enforcement, lack of a universal standard, and conflicts with the interests of websites and advertisers. As a result, it did not gain the widespread respect and adoption that was initially hoped for. Ultimately, the issue of online tracking and privacy remains a complex and ongoing debate in the digital world.

Why, after Do Not Track failed, did hundreds of millions—or perhaps billions—of people start blocking ads, tracking or both, on the Web, amounting to the biggest boycott in world history? And then why did the advertising world, including nearly all advertisers, their agents, and their dependents in publishing, treat this as a problem rather than a clear and gigantic message from the marketplace?

The rise of ad and tracker blocking technologies, as well as the associated shift in user behavior, can be attributed to several factors:

  1. Privacy Concerns: Users became increasingly concerned about their online privacy as they realized the extent of tracking and data collection by advertisers and websites. High-profile data breaches and privacy scandals also raised awareness about the risks of online tracking.
  2. User Empowerment: Ad and tracker blockers provided users with a way to take control of their online experience and protect their privacy. Users saw these tools as a means to regain some control over the data they shared online.
  3. Improved Technology: Ad and tracker blockers have become more effective and user-friendly over time. Users found it easier to install and use these tools, which contributed to their widespread adoption.
  4. Slow Page Loading: Ad-heavy websites can be slow to load, which can frustrate users. Ad blockers not only block ads but also speed up page loading, offering a better user experience.
  5. Reducing Annoyance: Intrusive and disruptive advertising, such as auto-play video ads, pop-ups, and animated ads, often annoyed users. Ad blockers effectively eliminated these annoyances.

As for why the advertising industry has generally viewed this shift as a problem, there are a few reasons:

  1. Revenue Loss: The primary concern for advertisers and publishers is the potential loss of revenue. Advertisers depend on ad-driven revenue models, and ad blockers disrupt their ability to reach their target audience effectively.
  2. Challenges to Monetization: Advertisers and publishers rely on ad revenue to support content creation and services. Ad blocking undermines this monetization model, forcing them to explore alternative revenue sources, such as paywalls or subscription models.
  3. Evolving Business Models: Advertisers and publishers are having to adapt to new business models, like native advertising or less intrusive ad formats, to address user concerns and maintain revenue streams.
  4. Measurement and Analytics: Advertisers rely on data and analytics to target their campaigns effectively. Ad blockers disrupt the collection of this data, making it harder to assess the performance of ads.
  5. Industry Resistance: Some advertisers and advertising networks resisted the use of DNT and other privacy measures because they felt it could stifle the effectiveness of online advertising.

It’s important to note that there are ongoing discussions and efforts within the advertising industry to strike a balance between user privacy and revenue generation. Some advertisers have recognized the importance of respecting user preferences and privacy, leading to the development of less intrusive advertising formats and practices.

The situation reflects the evolving landscape of online advertising, where the industry is working to adapt to changing user expectations and concerns about privacy while still finding ways to monetize online content and services.

Why are the choices presented to you by websites called your choices, when all those choices are provided by them? And why don’t you give them choices?

The term “your choices” on websites typically refers to the options or settings that users can select to customize their experience or make decisions about how they interact with the website. These choices are presented by the website, but they are intended to empower users to tailor their experience to their preferences. The website offers these choices to accommodate various user needs and preferences, and the goal is to create a more personalized and user-friendly experience.

For example, common choices presented to users may include:

  1. Privacy Settings: Users can choose their privacy settings, such as whether to allow or block cookies, tracking, or location data sharing.
  2. Notifications: Users can opt to receive or disable notifications, emails, or alerts from the website.
  3. Personalization: Users can select preferences for content recommendations, themes, or layouts.
  4. Account Settings: Users can update personal information, passwords, and communication preferences.

Regarding websites giving choices to other websites, this concept is generally related to the interaction between websites and web services. Websites can offer APIs (Application Programming Interfaces) that allow other websites to access certain data or services. These APIs can provide choices to external websites, allowing them to integrate, display, or interact with data or services provided by the host website. For instance, social media websites often provide APIs that enable third-party websites to embed social media feeds, share buttons, or login options.

Ultimately, the concept of offering choices, whether to users or to other websites, is aimed at promoting user customization and flexibility and facilitating interactions between different web services. Users should be able to decide how they interact with websites and have control over their online experience, while websites offering APIs to other websites can enhance their functionality and expand their reach by allowing external platforms to interact with their content and services.

Why would Apple’s way of making you private on your phone be to “Ask App Not to Track,” rather than “Tell App Not to Track,” or “Prevent App From Tracking You“?

Apple’s use of the phrase “Ask App Not to Track” rather than more forceful wording like “Tell App Not to Track” or “Prevent App From Tracking You” reflects their approach to privacy, which emphasizes user consent and control. This approach aligns with Apple’s commitment to giving users the ability to make informed decisions about their data and online privacy. Here’s why they use this wording:

  1. User Consent: Apple values user consent when it comes to data privacy. By using “Ask App Not to Track,” they emphasize that it’s the user’s choice to allow or disallow tracking. The phrasing respects the user’s autonomy and ensures that they are aware of what’s happening.
  2. Transparency: The wording “Ask App Not to Track” is transparent and clearly communicates what the action does. It makes it clear that the user is making a request to the app rather than imposing restrictions.
  3. User Control: Apple’s approach is to give users control over their data while allowing them to use apps according to their preferences. By “asking” the app not to track, it maintains the balance between privacy and functionality.
  4. Developer-Friendly: Apple’s approach also considers the concerns of app developers. While it empowers users to control their data, it doesn’t automatically prohibit tracking. Instead, it allows the app developer to respond to the user’s request.
  5. Legal and Ethical Considerations: Some regions have legal requirements for user consent in data tracking. Apple’s phrasing aligns with these legal standards and helps apps comply with various privacy regulations.

In essence, Apple’s choice of wording emphasizes the importance of user agency and informed decisions regarding data tracking while maintaining a balance that respects user preferences and the functionality of apps. It’s part of a broader strategy to enhance user privacy without completely limiting the functionality of apps and services.

Why does the GDPR call people “data subjects” rather than people, or human beings, and then assign the roles “data controller” and “data processor” only to other parties? (Yes, it does say a “data controller” can be a “natural person,” but more as a technicality than as a call for the development of agency on behalf of that person.)

The General Data Protection Regulation (GDPR) uses the term “data subjects” to refer to individuals whose personal data is being processed, and it assigns the roles “data controller” and “data processor” to other parties involved in the processing of personal data. This terminology reflects the legal and technical nature of the GDPR and serves specific purposes:

  1. Legal Precision: Legal documents, like the GDPR, often use precise and standardized terminology to ensure clarity and consistency. The term “data subject” is used to clearly identify the individual whose personal data is being processed, distinguishing them from the entities that process the data. It also encompasses a wide range of personal data processing scenarios.
  2. Neutral Terminology: The GDPR aims to establish a balanced and neutral framework for data protection. Using the term “data subject” emphasizes that individuals are the subject of data processing and ensures a focus on their rights and protection without implying a specific role or status.
  3. Flexibility: The GDPR is designed to be adaptable to various situations and industries. Using the term “data subject” allows the regulation to apply to individuals across different contexts without needing to change the language for each specific use case.
  4. Clear Allocation of Responsibilities: By distinguishing between “data subjects,” “data controllers,” and “data processors,” the GDPR creates a clear framework for allocating responsibilities and obligations. “Data controllers” are those who determine the purposes and means of processing personal data, while “data processors” act on behalf of the controller. This division helps clarify who is responsible for ensuring compliance with data protection regulations.

While the GDPR does primarily use the term “data subject” to refer to individuals, the regulation is fundamentally about protecting the privacy and rights of individuals in the digital age. The use of this terminology is not intended to dehumanize individuals but to provide a legal framework that can apply universally to various data processing scenarios and entities. The focus of the GDPR is on safeguarding the rights and freedoms of data subjects while regulating the activities of data controllers and data processors to ensure data protection and privacy.

Why are nearly all of the billion results in a search for GDPR+compliance about how companies can obey the letter of that law while violating its spirit by continuing to track people through the giant loophole you see in every cookie notice?

The discrepancy between the letter and spirit of the GDPR (General Data Protection Regulation) in practice, especially concerning online tracking and consent, can be attributed to several factors:

  1. Ambiguity and Interpretation: The GDPR is a complex regulation, and some of its provisions are open to interpretation. Companies and legal experts may interpret certain aspects of the regulation differently, leading to various approaches to compliance. This can create opportunities for organizations to comply with the letter of the law while potentially violating its spirit.
  2. Consent Practices: The GDPR emphasizes the importance of obtaining informed and freely given consent for data processing. However, the way consent is requested and obtained can vary, and in some cases, it may not reflect the ideal of informed and meaningful consent. Some cookie notices may not adequately inform users about the extent of data tracking, making it easier for companies to maintain tracking while appearing to comply.
  3. Legal Gaps and Challenges: Some of the regulatory language in the GDPR may not have kept pace with evolving technology and practices. This has created legal gaps or challenges in interpreting how the GDPR applies to emerging technologies and tracking methods.
  4. Economic Interests: Many companies rely on data-driven advertising and tracking for revenue. They may attempt to find ways to continue tracking user data while claiming to comply with the GDPR’s requirements to protect their economic interests.
  5. Enforcement Challenges: Enforcing the GDPR consistently and effectively is a significant challenge. Regulators face limitations in resources and may prioritize cases based on their potential impact or severity, allowing some companies to operate in gray areas.
  6. Technological Complexity: Tracking technologies have become increasingly sophisticated, making it challenging for users to fully understand the extent of tracking and for regulators to keep up with emerging practices.
  7. User Awareness: Users may not always be fully aware of the implications of consent, and some may consent to tracking without a complete understanding of the consequences.

It’s important to note that the GDPR is a constantly evolving legal framework, and enforcement and interpretation may change over time. Regulators are working to close some of the loopholes and address issues related to consent and tracking.

Efforts to bridge the gap between the letter and spirit of the GDPR include improving consent practices, enhancing user education, and updating regulations to address emerging technologies and practices. Ultimately, striking a balance between legitimate business interests and user privacy remains a complex challenge in the evolving landscape of data protection and online tracking.

Why does the CCPA give you the right to ask to have back personal data others have gathered about you on the Web, rather than forbid its collection in the first place? (Imagine a law that assumes that all farmers’ horses are gone from their barns, but gives those farmers a right to demand horses back from those who took them. It’s kinda like that.)

The California Consumer Privacy Act (CCPA) focuses on data privacy and provides individuals with certain rights and protections related to their personal data. Rather than forbidding the collection of personal data outright, the CCPA primarily seeks to give individuals more control over the data that is collected and used about them. There are several reasons for this approach:

  1. Balancing Privacy and Business Interests: The CCPA aims to strike a balance between the privacy rights of individuals and the legitimate interests of businesses in collecting and using data for various purposes, such as marketing, analytics, and personalization. A complete ban on data collection could have far-reaching economic implications.
  2. Compliance and Feasibility: The CCPA recognizes that completely forbidding the collection of personal data on the web is not only challenging to enforce but also practically infeasible. The internet is built on data exchange, and a complete ban could disrupt many legitimate online activities.
  3. Data Control and Ownership: The CCPA focuses on the concept of data control and ownership. It empowers individuals by giving them the right to know what data is collected about them, request the deletion of data, and opt out of the sale of their data. This approach aligns with the idea that individuals should have the ability to manage their data rather than prohibiting its collection.
  4. Transparency and Accountability: The CCPA emphasizes transparency and accountability for businesses. They are required to disclose their data practices, respond to data access requests, and obtain informed consent for certain data uses. This approach encourages responsible data handling while maintaining the flow of information.
  5. Legislative Process: Laws like the CCPA are often the result of a legislative process that involves negotiation among various stakeholders, including businesses, consumer advocates, and government officials. Finding a balanced solution that respects privacy while allowing legitimate business practices is often more achievable.

It’s essential to recognize that the CCPA is part of a broader global trend toward enhanced data privacy regulations, driven by concerns about data breaches, online tracking, and user privacy. While it may not completely forbid data collection, it provides important rights and protections to individuals, enabling them to make informed choices about their data. The goal is to give individuals more control and transparency while preserving essential digital services and commerce.


Why, 22 years after The Cluetrain Manifesto said, “we are not seats or eyeballs or end users or consumers. we are human beings and our reach exceeds your grasp. deal with it.” —is that statement still not true?

The statement from “The Cluetrain Manifesto” you’ve quoted emphasizes the idea that people on the internet are more than just passive consumers. They are active participants, individuals with their own perspectives, interests, and the ability to engage and interact in the digital realm. However, the realization of this statement has been uneven, and various factors contribute to why it may not yet be fully realized:

  1. Economic Interests: Many online platforms and businesses rely on user data and engagement to drive revenue through advertising, data analytics, and targeted marketing. This often results in a focus on users as data sources and consumers rather than as individuals.
  2. Data-Driven Business Models: The dominant business models on the internet are often centered around data collection and monetization, leading to practices that can prioritize data tracking over user empowerment.
  3. Privacy Concerns: While there is growing awareness and concern about online privacy, it remains a complex issue. Users may have limited awareness of how their data is collected, shared, and used, and this can result in a lack of control over their online personas.
  4. Technological Evolution: The internet and technology continue to evolve rapidly. New technologies, platforms, and business models are constantly emerging, and these changes can outpace regulatory and societal responses.
  5. Cultural and Societal Shifts: Changing the mindset and practices of an entire industry takes time. Progress is being made, but it often requires a shift in cultural and business practices, which can be slow to take hold.
  6. Regulatory Challenges: Addressing the issues raised by “The Cluetrain Manifesto” requires effective and robust regulations. While there have been regulatory developments like the GDPR and CCPA, implementing and enforcing such regulations is a complex and ongoing process.
  7. User Awareness and Agency: Achieving the vision of people as active and empowered participants on the internet depends on user awareness and the tools they have at their disposal. Efforts to educate users and provide them with greater control are ongoing but face challenges.

While progress has been made since the publication of “The Cluetrain Manifesto,” realizing the full vision of individuals as empowered participants on the internet remains a work in progress. It requires a combination of regulatory actions, business practices, technological advancements, and user awareness to fully align with the statement you’ve quoted. The ongoing discussions around privacy, data control, and user empowerment indicate a growing realization of the need for change, but it will likely take more time and effort to fully realize this vision.

Why, nine years after Harvard Business Review Press published The Intention Economy: When Customers Take Charge, has that not happened? (Really, what are you in charge of in the marketplace that isn’t inside companies’ silos and platforms?)

“The Intention Economy: When Customers Take Charge” by Doc Searls, published in 2012, explores the idea of a marketplace where customers have more control over their data and their interactions with businesses. While progress has been made in the realm of privacy and data control, it’s true that the full vision of customers taking charge has not yet materialized, and several reasons contribute to this:

  1. Complex Ecosystem: The digital ecosystem is highly complex, with many stakeholders, including businesses, advertisers, technology platforms, and regulators. Changing the dynamics of this ecosystem takes time and often faces resistance from entrenched interests.
  2. Economic Interests: Many businesses have economic incentives to continue collecting and leveraging customer data for targeted advertising and personalized services. These incentives can run counter to the idea of customers taking charge of their data.
  3. Technological Challenges: Implementing a customer-centric approach to data control and privacy requires the development of technologies and standards that empower individuals. This is an ongoing process, and it’s not always easy to strike the right balance between user control and business needs.
  4. Regulatory Frameworks: While regulations like the GDPR and CCPA have made strides in empowering individuals and giving them more control over their data, the enforcement and effectiveness of these regulations vary. Additionally, the regulatory landscape is continually evolving.
  5. User Awareness: Many users are not fully aware of the extent of data collection and tracking that occurs online. Education and awareness efforts are ongoing, but it takes time to reach a critical mass of informed users.
  6. Cultural and Behavioral Shifts: Realizing the vision of customers taking charge also requires a shift in cultural and behavioral norms. Users need to be more assertive in demanding their rights and exercising control over their data.
  7. Market Inertia: Change often faces resistance due to market inertia. Established practices and business models can be hard to dislodge, even in the face of changing attitudes and technological possibilities.

While the full realization of “The Intention Economy” vision has not occurred, the book and its ideas have played a role in raising awareness and stimulating discussions about user privacy, data control, and the power dynamic between customers and businesses. Progress is being made in these areas, with regulatory developments, evolving technologies, and changing user expectations contributing to a shifting landscape. However, it’s a complex and ongoing process, and the transformation of the marketplace to fully align with customer empowerment will likely take more time and effort.

And, to sum up all the above, why does “free market” on the Web mean your choice of captor?

The concept of a “free market” on the Web can indeed be characterized as a choice of captor for several reasons:

  1. Economic Incentives: The dominant business model on the Web often relies on advertising revenue, and this model is driven by the collection and monetization of user data. Users may feel compelled to engage with these platforms and services because they are free, but they essentially become the product, with their data serving as the currency.
  2. Lack of Alternatives: While there are alternatives and competition in many online services, a few major players dominate the digital landscape. Users may feel limited in their choices and often find themselves using platforms that prioritize data collection and advertising.
  3. Complex Terms and Conditions: Online services typically provide lengthy terms and conditions and privacy policies. Users may not fully understand or have the time to read and comprehend these documents, leading to a lack of informed consent.
  4. Data Collection Practices: Many online services engage in extensive data collection and tracking, often without users’ clear and informed consent. Users may not have practical alternatives that offer the same functionality without data collection.
  5. Regulatory Challenges: The regulatory landscape for online data privacy is complex and varies by region. Enforcement can be challenging, and not all practices that concern users are necessarily in violation of existing regulations.
  6. User Convenience: Some users may prioritize convenience and features over data privacy. They may be willing to accept certain data collection practices in exchange for the services and experiences offered.

The result is that users often feel compelled to choose among captors, accepting terms and conditions they may not fully agree with in exchange for access to online services. The challenge lies in creating a digital ecosystem that empowers users with genuine choices, where they can have control over their data, privacy, and the online experience without compromising the quality of service. Achieving this balance is an ongoing challenge in the ever-evolving digital landscape.

*I originally had “heaving haystack of fuck-all” here, but some remember it as the more alliterative “heaving heap of fuck-all.” So I decided to swap them. If comments actually worked here†, I’d ask for a vote. But feel free to write me instead, at my first name at my last name dot com.

†Now they do. Thanks for your patience, everybody.

5 responses to “Beyond the Web”

  1. […] I don’t think we can. Not in the client-server ecosystem that the Web has become, and that industry never stopped being, since long before the Internet came […]

  2. Doc,

    As an avid follower since happening upon Cluetrain Manifesto back in ‘99 and as an occasional contributor to Project VRM, your relentless persistence in advocating for the client/slave class continues to inspire hope for a better internet.

    In 1867, Karl Marx referred to individual labourers “seizing the means of (their own) production” a meme that was subsequently embraced, extended and extinguished into transference of ownership from big business to big government in the emergent socialist/communist model, from robber barons to state nationalisation.

    The challenge for a better internet seems similar to the above and simpler to achieve, as every individual participant actual has the same tools at their disposal, merely the matter for us all is to both recognise then employ…

  3. The Web is a haystack, this is the truth

Leave a Reply

Your email address will not be published. Required fields are marked *