« The big trade-off: Privacy versus service | Main | e-commerce workshop at the UPU in Bern »

User-generated privacy protection

I'm putting the final touches on my presentation on "How to protect customer privacy with extrusion prevention". This afternoon - I'm flying to Zurich and then taking the train to Bern to present a talk to the UPU - the Universal Postal Union. The UPU has a working group (EPSG) (electronic products and services) with about 20 members who are putting together guidelines and strategies for the Postal e-commerce operations.

An obligatory opening to any talk like this is - the so-called "March of history" slide. You talk about how the industry has evolved over the past 5 or 10 years and impress people with your deep yet entertaining insights into the history your particular technology niche.

The march of history slide turned into the hardest, most time-consuming piece of my presentation; finding myself bouncing off the walls with a lot of unrelated, unimportant insights like e-commerce being driven by search as opposed to online, undifferentiated advertising 10 years ago.

1998: Personalized content keeps vendors busy

Remember when the buzz-word du-jour was delivering personalized content?

1998 was the year Google was founded, and also the year that Firefly and Netperceptions were founded. Firefly was founded by Pattie Maes from MIT and after being acquired by Microsoft for $40M, the Firefly community was shut down; the programmers taken into captivity to develop what was soon to be called Microsoft Passport - later retired in 2004 after a fundamental security vulnerability in Passport led to several well-publicized hacks in 2002. Passport is a good example of a flawed software design - namely basing user authentication on client-side session cookies. The original exploit used to compromise a Passport account involved using a malformed URL to expose a user's cookies to an unauthorized Web site; probably one of the first reported cases of what is now commonly called cross-site scripting and session hijacking. Read more here - MS Passport hacking.

Companies like Firefly and consortia (like the P3P - itself shutdown last year) had this amazing notion that privacy was a form of alternate currency - to be given up by a person in exchange for personalized Web pages. How dumb could we have been! Do we really want the e-commerce site for Illy Coffee run by Poste Italiano to know enough about us in order to pop up an ad for a short espresso and then offer up an ad for a new credit card?

2007: User-generated content drives the Net

Fast forward - Netperceptions assets were purchased by a company that makes elevator weights. Google is now doing $20 Billion a year in Ad Words and Yahoo still has a ton of non-specific traffic to its home page.

Conclusion

In 2007, we see that vendor-standards do not live long - and with the huge mass, long tail, and user-generated content on the Web today, the only thing that will hold water is vendor-neutral-standards.

Posted on February 19, 2007 3:58 PM |

TrackBack

TrackBack URL for this entry:
http://www.software.co.il/mt/mt-tb.cgi/38

Post a comment

Search


About

This page contains a single entry from the blog posted on February 19, 2007 3:58 PM.

The previous post in this blog was The big trade-off: Privacy versus service.

The next post in this blog is e-commerce workshop at the UPU in Bern.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Creative Commons License
This weblog is licensed under a Creative Commons License.
Powered by
Movable Type 3.32