Adware & PortalWare vs. CleanWare

In my last post I commented on Chris Fralic’s observation that it is surprising that enabling users to control their own ads doesn’t get much attention. Letting you control your own ads is only half of what makes XooXooX CleanWare different.

But other half of what makes XooXooX CleanWare different is that your shopping preference data is stored and ad selections made client side. When you choose to use CleanWare, you have more control over your privacy. Today I would like to discuss how CleanWare is different from competing ad selection technologies and why it took so long for CleanWare solutions to become available.

Let’s start with the historical context that framed earlier user data privacy choices in the online ad business. I’ll look at two competing paradigms Adware/Spyware and Portalware, that both have been accused of treating your privacy inappropriately.

Adware & Spyware

As an example of the Adware approach we’ll consider the ad selection solutions pioneered by the company alternately known as Gator, Claria, and JellyCloud. The article: “Is the Original Spyware Company Finally Dead?” by Mike Masnick in the October 1st, 2008 edition of TechDirt, discussed how the Adware approach to user data privacy led this company to make two name changes before finally going out of business:

As the whole spyware [industry] (the companies in the space preferred the adware label) got a bad name, Gator first threatened to sue anyone who called its product spyware, and then eventually decided to shed the baggage of the Gator name and renamed itself Claria. — insisting that it was now a legitimate advertising firm. Except, the charges of spyware kept flying in Claria’s direction. The company tried and failed to go public, and then, once again, insisted that it was getting out of the adware business and moving into “behavioral advertising” — which, most people realized was just another term for what it had been doing in the past.

Plenty of folks were shocked when rumors started spreading that Microsoft wanted to buy Claria, though, the public backlash to the “leaked” rumor was so harsh that Microsoft very quickly backed away from those plans. So, without being able to IPO or sell itself — and with a still awful reputation as a spyware provider, the company tried to change once again.

The company insisted (yet again) it was getting out of that old sketchy business, and tried to launch a “portal” that would provide relevant content based on how you surfed. In other words: it was still in the spyware business, just positioning it under a better name. The company did try and fail to sell off its traditional adware business.

Portalware

Portalware is typified by Google, Yahoo and Microsoft, and the implications of their decisions concerning your data is discussed in the recent article by Kevin J. O’brien in the November 17, 2008 New York Times entitled Privacy Laws Trip up Google’s Expansion in Parts of Europe. Here is a brief extract

Data protection advisers to the European Commission in Brussels are questioning Google over how long the company retains user logs — the files containing an individual’s queries typed into Google search fields. A panel of regulators wants Google, as well as Yahoo and Microsoft, to purge the records after six months.

Google says it needs the data for nine months to hone its search engine to reflect the constant changes in contextual meaning caused by news and events. Before October, Google retained the records in the European Union for 18 months. Yahoo keeps records for 13 months and MSN, Microsoft’s search service, for 18 months. European officials are trying to persuade Google and the others to comply, but have not ruled out asking the commission to intervene.

Implications for user privacy

We have just seen reports concerning the two major paradigms for selecting web ads for the last ten years criticized for how they failed to protect user privacy. Can we do better?

Yes, CleanWare protects user privacy better.

So why didn’t Gator, Google, Yahoo and Microsoft design their ad selection technologies to better protect user privacy?

To answer these questions we have to look at the development of the World Wide Web technologies, as well as how web advertising evolved in it.

Competing Ad Selection Paradigms

When the Web was just in its 1.0 incarrnation (late 1990s), strategies for collecting user data and for making the decisions could be separated into two major paradigms shown in the first two rows of the table: Adware/Spyware and Portalware.

Recent Web2.0 technologies have introduced a new possible paradigm: CleanWare.

Let’s compare these paradigms.

Adware/Spyware: Client Side User Data Collection

Before the internet, all personal computers were basically stand alone. Personal computer users worked on their own personal data (e.g. email and documents) stored on their local machine (e.g. in folders and floppies) and worked on them using desktop applications like Microsoft Office. Because there was no data transmission to remote locations, the Graphical User Interfaces (GUIs) of these applications could be relatively responsive.

When the web arrived, most of the user’s data and applications were in the client. And with low speed data connections and only synchronous Web1.0 technologies, server applications couldn’t provide the same level of responsiveness. So Adware/Spyware developers tried to put their data collection engines on the clients where most of the data was. But Clients weren’t beefy enough to do a lot of processing on large amounts of data, so ad selection was best done on Servers, and that is where user’s data was sent. For users one of the real concerns about having an adware application on your computer was that it theoretically had access to everything on your computer and everything you did. It is no wonder that people feared adware as noted in the TechDirt article.

Portalware: Server Side User Data Collection

As responsiveness increased and the world became more interconnected, Portals were able to intercept a lot of data going through the portal, or stored within the portal (e.g. email like Hotmail, Gmail and Yahoo mail). This enabled the second paradigm, which I’ll call Portalware. At least with Portalware, the portals could only get access to some of your data — namely the data you shared with them when you used their services, and which they could track with cookies. But as people store more and more data on servers, this has become a concern as well, as noted in the NYT article. And when there are occasional accidental data leaks these concerns increase.

Life before Web2.0

To be fair, when adware and portalware debuted, they did not have web2.0 technologies available to us today, hardware was slower, broadband less common, screen sizes more limited, online purchases less common, and the widespread use of ads on content pages hadn’t happened yet. That meant software had to be downloaded, installed, and always running in the background on the client, degrading making the user’s computer slow. The background download and updating processes would further slow dial-up performance making web access seem even slower.

And since there were not many ad spaces available for purchase at the time, ads would be displayed in annoying pop-ups, or in special browsers that grabbed a large part of the already limited screen real estate for use displaying ads. Lastly, since few users had experience purchasing products online, and the ad companies were desperate enough for advertisers that advertisers weren’t limited to companies who could give the best customer service, users were often nervous about making purchases on line.

Brave New Web2.0 World:

The limitations that led to the creation of Adware and Portalware are gone now.

Advent of Client CPU Power

Web2.0 technologies don’t require download and installation, and are resident only when the pages they are embedded in are visible — avoiding CPU draining activity when those pages aren’t active. And typical client equipment is fast enough that it is reasonable to run Web2.0 technologies like Flash even on many mobile devices and handsets.

When client CPU performance was poor compared to today, ad selection work just wasn’t feasible on the average home desktop computer, so lots of user behavioral data was being sent to servers to make ad selections. But once on those servers, whether derived from adware or portalware users had no control over what those companies did with it.

Advent of High Speed Data Communications

Today, sending personal data to servers for ad selection is unnecessary since even mobile handsets have the CPU power to perform ad selection client side. At the same time, sending rich data asynchronously from the server to the client is now possible too. Broadband DSL, Cable, WiFi and3G cellular networks all have more than enough bandwidth suitable for displaying content pages containing rich web ads.

Advent of a robust Web Ad market

The web ad market is also now very robust. There is already so much web ad space embedded on the content web pages that people read daily that there is no need for additional annoying ads and pop up ads, such as those which Gator was infamous for.

Today the existing ad space already on content pages can just be made more interesting and more personally relevant — and that is XooXooX’s approach

Enter CleanWare™ — a new paradigm.

I saw the value of doing some kind of opt-in web ad solution years before I started XooXooX, but it wasn’t till I knew that we could do it without downloads and software installed on the user’s computer that I thought it was worth starting a company (XooXooX). Unless we could avoid installating software, I felt there was too large a risk that such a product would get smeared with the adware label and avoid getting picked and the executable profile would get added to aware databases and the software would be removed by some adware removal tool even if it was benign.

Keeping User Data safe — by never leaving the client

So I am really excited now that through our innovative use of Web2.0 technology we can now avoid the need for such an executable. In fact, not only can we now avoid the need for a client side executable running all the time, but we have constructed XooXooX in keeping with the principles of CleanWare. Because XooXooX stores the user’s private data on the user’s own computer in private Data Object storage, it can’t be lost or intercepted on it’s way to a server — because it never goes there. And it can’t be accidentally (or intentionally) revealed or hacked into by computer criminals while it sits on a server with thousands of other people’s data — because it never goes there.

Now it is time for the world to take stock of this new paradigm and decide how important user cata privacy really is.

The value of user controlled web ads

Image from

I recently received an email from Chris Fralic at First Round Capital that prompted me to share some thoughts I have had on the topic of opt-in user controlled ads. Chris mentioned that he has “always been struck by how little attention is given to offering users choice in ads.” I couldn’t agree more.

A review of reported response rates for various kinds of ads show that opt-in postal mailed catalogs, and opt-in email lists perform dramatically better than junk mail and spam (1000-10,000X higher response rates!). This information isn’t exactly a secret, so it seems rather surprising that there has not been more interest in opt-in web ads to boost response rates over today’s existing bulk and targeted non-search page web ads.

Not more ads — but more personally relevant ads

This lack of prior interest is even more surprising when you consider that user controlled opt-in web ads, like XooXooX, don’t increase the number of ads you see, they just increase the relevancy of the ads you already see. That’s an even better proposition for the user than they get with opt-in postal mail or opt-in email where you get these “in addition” to all the junk mail and spam you have always received. Moreover, the effort in evaluating opt-in web ads is much less — there are no cluttered inboxes (physical or email) or messages that require a click or envelope to scan and a click or toss in the wastebasket to delete. You can see Web ads out of your peripheral vision and notice them or ignore them without a click.

What about people who hate all ads?

For our earliest trials we wanted to have some very technical people (who self-identify as “geeks” and “hackers”) testing our software to make sure it was robust and secure under a variety of different browsers and hardware platforms, even though these testers were not typical of our ultimate target audience. Still, there was no point in testing the software with people who are less tolerant of technical problems until there we could be sure that they wouldn’t face such problems. So until we were sure that any serious technical problems had been identified and resolved we limited our trials to members of our own geek squad.

Our first testers spend most of their days online, reading a lot of blogs and other content pages that currently contain web ads in the margins. As a result, they are probably exposed to many more web ads than the average web user. And they tell us the ads in the margins are almost always irrelevant and frequently annoying.

Turning a blind eye to ads

And while our testers tend to do a lot of online purchasing at retailers like Amazon and eBay, they all reported that they had developed a kind of cognitive blinders that allowed them to view the pages they read without even noticing the ads. So, while they agreed that they would do some deliberate Quality Assurance testing of our product, they assured us that they were not really appropriate targets for the production service since whenever they were not doing deliberate testing they would once again ignore the ads, because they just don’t buy based on any web ads.

The Power of Curiousity

Based on this self-reported disinterest in web ads, we didn’t expect them to purchase anything. But a strange thing happened. We actually generated several unexpected purchases during the test, even though completing purchases was not a part of this phase of the quality assurance testing. And even more surprising, a majority of our early testers wrote us that they wanted to continue using XooXooX after the initial test was over, each saying how their blinders had changed.

One tester told me:

“I didn’t think that I would actually notice the XooXooX ads when I wasn’t doing the tests. I pretty much just don’t even see web ads normally. But, because I select the products XooXooX was searching for, I find myself constantly noticing ads that have the identifying XooXooX heart logo in the upper left corner. I check the XooXooX ads out, because I’m curious. XooXooX ads are like a grab bag package I am being given — I am always wondering “what did I get?” It is kind of like when I go onto Amazon.com and there is a new recommendation for me. I get curious what it is. And it is not like either of these require any real effort to satisfy my curiosity. I don’t have to click on anything or bring up another window. I just notice it out of the corner of my eye without any effort. And here’s the strangest part. I’m noticing only the XooXooX ads. I am still blind to the other ads on the pages I see. It is just that now it is a selective blindness.”

Some readers might be tempted to consider this report of changes in selective blindness to be more wishful thinking (and a form of “please the experimenter” bias) than a real scientific result. And to be sure we haven’t done scientific trials to verify such claims. But before readers throw out this anecdotal report entirely, they might want to consider the scientific results reported in a research paper “Unconscious determinants of free decisions in the human brain” by Chun Siong Soon, Marcel Brass, Hans-Jochen Heinze and John-Dylan Haynes that appeared this past April in the journal Nature Neuroscience. A nice summary for lay audiences, titled “Brain Scanners Can See Your Decisions Before You Make Them” was written by Brandon Keim and appeared online in Wired on April 13, 2008. It may be that our unconscious minds will decide which ads we notice, without our being aware of this filtering.

New website, New service released, New blog debut!

During the month of October XooXooX ran its first pre-release tests, and in November we updated our software and overhauled our website and company documents in preparation for our open testing. As part of our website upgrade we have replaced our blog, as you may have noticed!

We hope you will find these changes a great improvement.