I like free stuff.

We all do… and that’s just what ad-ware delivers. However, this has been going on before the internet (Ahem… just why did you think those old product registration cards wanted to know if you played golf and made more than 50K?).

The internet has made the trading of data in exchange for services incredibly easy to monetize. The internet big-boys are banking on consumers continuing to prefer freebies over privacy; at least if growth in ad spending and Microsoft’s hungry bid for a Yahoo takeover is any indication.

The “data aggregator technology” that consumers seem to enjoy most is webmail. The most direct admission of what’s going on that I could find came straight from Gmail’s “About Privacy” page : “All major free webmail services carry advertising… All email services scan your email.” They then go on to explain how you can trust them and how you’re really going to enjoy enhanced advertising that helps you find what you need… but, just a reminder, if you don’t like it, according to Gmail you have no choice. They seem to have a vested interest in making people feel

like there’s no alternatives, even while buying out secure email company, Postini, just last year.

“All major free webmail services carry advertising… All email services scan your email.”

“But that not true! I DO value my privacy!”

All the tech-savvy types seems to be betting on an inevitable public backlash, but if Wired Magazine is to be believed, “People prefer money

over data, always.” If their sited study is to be believed, folks won’t even pay 25 cents to keep companies from knowing about their sexual

habits!

On a personal note, I just want to know… who the heck are these people? I’m paying $7 per month for ID theft insurance and I subscribe to private SSL encrypted email. The readers of this blog probably take both personal security measures as well as having data compliance procedures if they are in business. We may know more than the average internet user, but is the outlook for consumer privacy really that bleak?

There is a solid niche in data privacy protection.

Yes, getting consumers (and business, for that matter) to protect themselves has been slow going, but it’s a solid, increasing trend. I think the current economic negativity actually helps internet security providers in the same way that worried folks like to buy insurance. Perhaps another way of looking at it is that the current oversupply of privacy and security services available to business and consumers accurately anticipates the real coming trend.

I don’t think we’re fooling ourselves here, folks. From the Government invasion of Corporate privacy, to the Google invasion of Corporate privacy, to the rapidly multiplying state, federal and international compliance laws, the market for business privacy products is assured. Consumers have been presented with similar political and economic dangers, plus the additional threat of ID theft, and they will follow suit as it becomes more imperative to there wallets and lives. Maybe they don’t learn fast, but they will learn.

Email is like a post-it note in the lunch room: even though it may be intended for a single person, anyone with access to that room can take a look. This is particularly true of business email servers, as they are frequently the target of office snoops.

Two alternatives have emerge: first, encryption software, then web-based messaging services. However, both of these so-called “solutions” have languished in relative obscurity–at least in the business world–because of the barrier they created between the business and potential customers.

Email Encryption Software

Software solution tend to be very secure… if you could only get your contacts to install it! Good luck convincing your customers–or even your employees–to use any system takes time, effort, or learning, as it violates the first law of usability: “Don’t Make Me Think.” For instance, PGP–freely available for 10+ years–is probably the most popular email encryption software, and yet is rare in business because of the burden it places on contacts to download and install it before you can communicate.

The bottom line is this: consumers’ Gmail accounts are familiar and feel safe, and employees often see security measures as an obstacle to productivity. Even if you can get control of your wayward, web-mailing workers, customers just want to click “send”, and quickly will depart your website if prevented from doing so.

Web-based Messaging Services

Have you ever sent a message to a company via a form on their web-page? How about MySpace… do you have an account? If so, you’ve used a web-based messaging service.

Web-based messaging services take another approach, requiring only that you visit a web-page to communicate. Similarly to web-mail, you must sign in to retrieve your messages; but unlike web-mail, the message stays on a single, privately owned server rather than circumnavigating the globe in a network of SMTP server and routers (in a test, my email passed through 13 routers to reach Gmail–that’s 13 different places my message may now be stored, scanned and read!) . But although the “send us a message” page on corporate websites has become ubiquitous, two-way communication with the outside world remains illusive as consumers have been reluctant to abandon email. They are, however, being gradually converted to web-based messaging by some very popular social networking services…

I find it ironic that social networks like MySpace and Facebook–which thrive on the exploitation of aggregate customer info–are blazing the trail for public acceptance of web-based messaging. In fact, some of the appeal of MySpace to consumers is quite similar to the desires of business: a relatively spam-free way for anyone to contact you, and an automatically expanding network of trusted individuals with whom you have two-way communication. There’s just one thing it doesn’t have… a way to securely send a private message to any email address.

Secure Web-based Messaging To Any Email Address

This is the holy grail of electronic communications. Hushmail was one of the first popular messaging services using SSL web-pages which enabled their members to communicate securely with one another, and send links to non-members to view the same message in their web-browser. Their success was groundbreaking; unfortunately, the original clunky interface has changed little since the early days and, while cheap, has little appeal to serious business users.

The concept is still valid though, and plenty of other companies (LuxSci, Postini, ZipLip, and our own PrivacyHarbor, for example) are willing to add the business-class capabilities which Hushmail lacks. And, since services like Facebook demonstrate that consumers are willing to use private messaging services, the goal is clear: create a service that feels like familiar email, that can both receive and send secure messages to anyone (be they coworker or customer), and that satisfies the privacy and productivity concerns of business.

Predictions…

You’re going to see more and more companies begin to use web-based secure messaging services that feel and work like regular email. I predict that the success of these services will be found in there ability to emulate popular social networking sites in a more secure fashion, rather than in their ability to impress the email compliance departments of large corporations.

reddit | digg | del.icio.us

Un-encrypted email is bad for business.

After a line like that, you probably thought I was going to talk about email compliance. Actually, there’s another reason to ditch SMTP email if you value your market share: targeted ads. Unsecured email is easily scanned for keywords by the web-mail companies that offer free email accounts. This results in in spam and targeted ads from your direct competitors whenever you send a message from or to one of these web-mail accounts.

Your email essentially “sends” competitors ads to your contacts

For example, suppose you’re a Real Estate agent with your own paid-for email address. You’ve been contacted by someone with a Gmail address that’s interested in a property. Gmail now has both email addresses, yours and theirs, associated with “real estate”, and knows your city. If you reply with similar information, they now have enough data to start constructing what’s called a “email profile.” This means that the mere whisper of your email address on Gmail will now influence the ads a reader sees …likely from other Real Estate agents in your territory!

Below is an animation I whipped up to show the basics of how Gmail users are shown targeted ads.

Free email + ads = $$$

The personal information of millions of internet users has great value. To a hacker, unencrypted customer information is a potential candy jar, but to a web-mail provider, the aggregate data of millions of users is a best-selling product. Besides encryption saving your collective *assets* from compliance privacy laws, the second primary reason to use secure email is to shield customers from targeted advertising.

Despite the general hubbub and scrutiny from the FCC, large web-media companies are paying lip-service to customer fears while continuing to act unconcerned about privacy because of the great profit potential of targeted advertising. A great incentive exists to continue exploiting information because of the increasing sophistication, and profit of these method of marketing. Until enough customers clamor for it (the carrot) or stricter laws are passed (the stick), it will continue to be the model for free and cheap service on the internet.

For a full explanation of how targeted advertising works, read the Electronic Privacy Information Center’s FAQ on the quintessential keyword scanner: Gmail.

Why do consumers put up with all this?..

There are two basic categories of email users: business and consumers; each have a different perspective on email privacy.

As a business you have clear commercial interest in your communications. Given the choice, your business would prefer that corporate knowledge (i.e. email content) remain exclusively in the service of your commercial interests and not be re-purposed by web-media companies for competitive advertisements—directed toward your customers!

On the other hand, consumers tend to have a personal, temporary, non-focused, nonexclusive, noncommercial privacy interest (free stuff). Outside of the nuisance factor when they receive unsolicited ads for things they just “happen” to have recently communicated about, most consumers are are easily won over the freebies and all those great “trust seals” (It reminds me a bit of trading beads for land).

reddit | digg | del.icio.us