Monthly Archives: March 2005

Payment News

Leave a reply

I find that Payment News is a good blog to keep an eye on if your interested in identity issues.

For example today I learn that The Office of the Comptroller of the Currency might actually be a place with the regulatory muscle to do something useful:

The Office of the Comptroller of the Currency … has issued guidance describing response programs, including customer notice, for security breaches (PDF) that involve unauthorized access to customer information.

I have no idea exactly what the regulatory reach of the Comptroller of the Currency actually is. I doubt it reaches the firms traffic in aggregated credit, marketing, and medical profiles of us all.

One of the leaders in the profiling business is a company called Fair Isaac. For example one of their businesses is selling the tools credit card companies use to notice possible fraudulent patterns in the transaction streams. I assume they are the ones to thank when I get a phone call shortly after my daughter first uses her credit card after landing in Japan.

My model of these profile building companies is that they are architecturally ambivalent about their relationship with the people they are profiling. Two reasons for that. First off they are basicly in the business of selling gossip, so they have trouble framing the relationship in a socially acceptable way. Second off, their primary customer trusts them more if they maintainn a degree of distance from those who they are profiling.

So it’s interesting that Fair Isaac has been doing a number of things to publicize the FICO (aka your credit score) as if to make it part of their product line. Don’t you just love that name? “Fair Isaac”

Then we have this delightfully jab:

“Most banks spend more on washing windows than on money lost to phishing,” said Jim Bruene, editor of the Online Banking Report

slashdot

Leave a reply

Hm, suddenly popular


 RewriteCond %{HTTP_USER_AGENT} !^CoralWebPrx
 RewriteCond %{QUERY_STRING} !^coral-no-serve
 RewriteRule ^archives/2005/03/yahoo-fickr/ https://enthusiasm.cozy.org.nyud.net:8090/archives/2005/03/yahoo-fickr/  [redirect,last]

 RewriteCond %{HTTP_USER_AGENT} !^CoralWebPrx
 RewriteCond %{QUERY_STRING} !^coral-no-serve
 RewriteRule ^images/flickr.Jpg https://enthusiasm.cozy.org.nyud.net:8090/images/flickr.Jpg [redirect,last]

My thanks, to the kind folks at Coral content distribution network and Planet Lab, and ah Jeff.

The privacy of crowds

2 Replies

Most solutions to the RSS/Ping/Forward-chaining problem have privacy issues.

Consider the simple big-service-in-the-sky approach; i.e. introduce an intermediary. The intermediary then does the polling for the users and the users check up with the intermediary from time to time. The privacy problem with this approach is that that the intermediary can capture a model of the user’s reading habits. That’s a bummer.

Here’s an alternate design, mostly just to show it’s possible, of a way you might temper that problem.

Groups of users band together to form a crowd and this crowd fills the role of the intermediary. The crowd collaboratively polls all the crowd’s interests. Each node knows the full set of crowd interests, but it has no way to know who injected a particular interest into the crowd. Interests can time out over time, but interested nodes can insert them before that happens.

With a two exceptions each node runs much as it would otherwise. It randomly polling sites whenever it’s model of that site’s status gets too stale. Of course it has a much larger cache since it’s drawing sites from the union of the crowd’s interests. Of course it has the added work of keeping a much larger cache and maintaining synch with it’s neighbors.

Once groups form it’s fine, at least from a privacy point of view, for them to turn around and subscribe to the services of a large scale intermediary like Feedster, Technorati, or Pubsub. Those updates can be pulled into the crowd in bulk. They can even be pushed to the crowd from the intermediary.

The engineering for a thing like this isn’t very complex. Reengineering the existing feed readers would be.

Why is ad targeting so primitive?

Leave a reply

I don’t get it. Consider this wonderful quote via Ars Digital:

Microsoft has been tracking this information for years through its various sites, including MSN, Hotmail and others, keeping a vast database on tens of millions of individuals, each assigned a user ID Microsofties refer to as a GUID, or global user ID.

How refreshingly straight forward that is.

The drivers for this kind of stuff are very strong. The demand for models, even lousy models, of users is high. The cost to accumulate them is very low. All the major web properties must have this kind of data and the skills to do the model building aren’t rocket science. Amazon is quite up front about it. Double click and others have has been doing it for years.

So I don’t get why this doesn’t appear to be more wide spread and obvious a practice. I shop for tires, say, I don’t currently see tire ads appear through out the rest of my day’s browsing. Why not? Don’t get me wrong, I’d love to find some scheme to temper this erosion of privacy; but that doesn’t mean I’m willing to pretend I don’t see how strong the drivers are.

The question faced by all these operations isn’t persay about privacy – they are not in the privacy biz. Posssibly it’s about a combination of social contract and market maturation. But that doesn’t really explain why the feedback loop closed yet? I reveal a clear demand signal, for tires, but the advertisers are not receiving and actting on that signal. The data is there, the demand is there, so where is the breakdown?

Amazon demonstrates that you can close this loop. If I reveal an interest to Amazon they rapidly customize things to address my presumed desire. It’s actually kind of fun to toy with them. They have solved both the technical and the social problem. As far as I can tell eBay hasn’t.

Why haven’t the big site independent advertiser brokers (google, double click, etc) closed this loop. I guess there are three hypothesis. A. They have and I’m just blind to it. B. The market just hasn’t gotten there yet. C. There is some social contract they haven’t figured out how frame up right. The difference between B and C is slight; one is technical engineering and the other is social engineering.

I don’t get it.