Josh Dilworth

UPDATE: And, scene. 

There’s an elephant in the room.

Lost in all the hubaloo over the weekend is a more interesting point. We need to do a better job of our homework — MG is right.
 
It is of course very reasonable to expect that your address book data is on more than 50 servers right now (per Chris Dixon).
 
How did we get here?
 
In the walled garden that is iOS, aren’t basic privacy protections one of the conveniences we’re supposed to enjoy in exchange for agreeing to 45 pages of incomphrehensible new terms every few months? In Apple we trust.

Apps cannot transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used.

Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected.

Apps that target minors for data collection will be rejected.

So, why were Path and so many others ever accepted in the first place? Is my address book not deemed to be “about” me? Were Path and others not “requiring” me to share that info?
 
This all boils down to the lowest common denominator. Some of you reading this are very sophisticated about terms of service, availability of data, and advanced settings. Good for you. Most people don’t care, and don’t bother. And that should be totally okay.
 
Heck, even this post was boring as shit to write.
 
Path wasn’t doing anything nefarious, not by a long shot, but it’s the latest in a series of wakeup calls (which, incidentally, make pageview hay) whose collective message is — hey everyone, technology companies know a shitload of stuff about you, and some of them are bound to be evil motherfuckers.
 
Have you been watching the USPS commercials for…wait for it…mail?  They’re the hilarious last gasp of a dying American tradition. Their main argument of course is that mail can’t get hacked (which it can, and does).
 
And it might be less funny if the commercials were airing during reruns of the Golden Girls, but they’re actually running in primetime. And as idiotic as the USPS has proven itself to be in recent years, we can safely assume that they didn’t drop $103 million on ads last year without a hunch that mainstream audiences might be receptive to the idea that electronic mail (and the Web generally) just isn’t safe.
 
Nick Bilton is not your guardian angel, not by a long shot. This starts and ends with Apple, not Path. We’re just slowly working our way upstream.
 
Millions of people put their faith in Apple (misguided or not) and in so doing trust Apple to do the job of vetting apps for basic usability and trustworthiness on their behalf. I don’t want to have to worry about privacy.  I shouldn’t have to worry about privacy.
 
I have spent a shitload of money on a long series of iPhones, and the same goes for my annual expenditures in the App Store. I have always assumed a sort of implicit contract between me and Apple — I give them all of my money, and they give me great technology experiences. End of story.
 
Every once in awhile they take me out to the woodshed, but I like how notoriously choosy they are about what makes it into the App Store (fart apps notwithstanding), and I figure that they’ll always be more hardcore than I am, so it’s a halfway decent bet to outsource to them my own responsibility around personal privacy and data security.
 
Can you accuse me of being lazy, and wanting to abdicate responsibility for a key personal freedom at a critical juncture of the Web’s maturation? Sure, why not? Go for it.
 
But if I had actually read those damn 45 pages of Terms, it turns out that Apple actually does promise to hold up their end of the bargain.
 
In it, they tell me that Apple itself is actually allowed to collect more or less anything it damn well pleases, personal and non-personal information alike:

Personal information is data that can be used to uniquely identify or contact a single person.

You may be asked to provide your personal information anytime you are in contact with Apple or an Apple affiliated company. Apple and its affiliates may share this personal information with each other and use it consistent with this Privacy Policy. They may also combine it with other information to provide and improve our products, services, content, and advertising.

Here are some examples of the types of personal information Apple may collect and how we may use it.

It goes on and on — read it all here (skip to Section D).
 
Third Parties get their own section, and here’s where it gets interesting.
 
At first Apple says all the right things:
 

Protection of Personal Information

Apple takes precautions — including administrative, technical, and physical measures — to safeguard your personal information against loss, theft, and misuse, as well as against unauthorized access, disclosure, alteration, and destruction.

But elsewhere it’s a different story — “not my problem, buddy”:

Apple websites, products, applications, and services may contain links to third-party websites, products, and services. Our products and services may also use or offer products or services from third parties − for example, a third-party iPhone app. Information collected by third parties, which may include such things as location data or contact details, is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties.

In summary, Apple tells developers not to do it (“it” being extracting and storing personal information like my contacts) and then tells users that it’s got it under control and that Apple can be trusted, and then the Terms pass the buck on actual governance of said guidelines and promises — a lot like creating a law and never enforcing it.

Of course, the real takeaway here is that there is absolutely no way to manage and monitor all of the privacy policies that I’m a party to, especially if and as they change. Mr. Graham, perhaps a new RFS is in order?

If not, consider this my own:

I should be able to manage my data the way I manage my health, or my wealth.

The solution is likely some bit of automation, collective intelligence, and expert guidance (i.e. lawyers). I should be able to store those agreements and recall them at anytime. When new agreements are issued, key terms should be revealed and discussed. Opt-in and opt-out permissions should be centralized, and maybe even I’ll get to see how my choices compare to the broader population (a potential privacy breach in and of itself, hehe).

Sadly, I can’t see the business model. What’s likely is that government intervention will eventually mandate some sort of data and Terms compliance that spawns a cottage industry of tech solutions for individuals and big enterprises alike, much like Sarbanes-Oxley did almost exactly 10 years ago.

Of course, for Apple it’s always quite simple — just update your Terms as needed (theirs were last updated in October of 2011). There is absolutely zero audit trail of previous policies and no demarcation of changes made, nor any effort to help normal people understand what’s going on.

If I’m a law student, I’m doubling down on Privacy Policies and personal information law as an area of focus — this stuff is going to be how much of the Web’s future gets hashed out, and Congress has already shown a willingness to get involved. Soon tech companies might be as regulated, if not moreso than, say, Visa and Amex.

I have not yet looked into Google’s equivalent policies but I’ll be really curious to find out how they treat these same issues.

Of course, I already know that Google tracks everything I do, aggressively (to their credit they at least made a big to-do about their recent change in Terms, and what was new in them).

Transparency and posturing aside, that glass is already broken, isn’t it? Heck, Do Not Track Plus has 20K users already after launching their Chrome plugin last week. We just assume the worst now, don’t we?  Guilty until proven innocent.

Overall, MG and Alexia are absolutely right that this is not about Path, and that the apologies are getting ridiculous.

This is really a story about shifting winds in a storied sandbox, and as many mixed messages as any normal human can manage to sift through — confusion on purpose, and obfuscation at the very most basic levels of how the technology business operates.

I get it that we’re still figuring things out — but this is a particularly inefficient and annoying cocktail to drink.

We are proud to be launching Totem tonight. Yes, we’re going to finally DO IT LIVE.

Totem is a separate company, but one that has been incubated at JDI.  I’ve long believed that we can be a better firm by innovating alongside our clients, putting everything that we’ve learned along the way to good use. At the very worst, Totem will be a convenient value-add for the firm. At best, it can meaningfully supplement and diversify our services revenue — something I think is important for the long-term viability of JDI.

We need to always hire and retain the very best talent. Working on our own ventures is the best retention money can buy, and an education in and of itself. It keeps us sharp, and tests our patterns recognition skills.
 
This process has also, I should note, given us considerably more empathy for each of our clients, and the unique challenges they face every day. It has upended many of our preconceptions, and it has forced us to reexamine many of our own PR processes.  It has been an opportunity to eat our own dog food for awhile, and see how it tastes.
 
Of course, side projects like this would never get off the ground if we didn’t work them into our world in a way that computes — that’s straight out of the Jim Coudall playbook, and best embodied these days by the excellent folk at Zurb, of whom we are jealous. Totem is a client that has a team and a budget and weekly meetings and all the fixin’s — to me that was also one of the biggest lessons learned. An untethered skunkworks is always attractive at the outset, but intrapreneurship only happens from within, not without.
 
“Side project” is a bit of a misnomer, I should point out — we’ve taken Totem deadly seriously. It is full-featured. Although it is a beta, anyone can sign up at launch. It scales. It is ready to rumble from a service, support, marketing, and business development perspective. We would never do this if we weren’t going to do it right, and we intend for Totem to be around for a very long time.  When we started, we weren’t sure if we’d go the distance with Totem. Early feedback and experimentation told us the pain point was real, and when it came time to check our gut, we were all-in.
 
I’m really proud of how scrappy we have been along the way, in hard, soft, and opportunity costs alike. We have enjoyed several distinct advantages, and just as many, if not more disadvantages. Luckily, we had time on our side — Totem has been almost 2 years in the making. Now that we’re to market, that luxury is no longer afforded us.
 
Each of you would have thoroughly enjoyed observing me on press pre-briefings this week, by the way — I was a nervous wreck. I’ve spoken to press, on and off the record, nearly every day for over a decade. And yet, when it came my turn to practice what I preach, it was as if I was starting from nothing, all over again.  Encouragingly, the press were more enthusiastic than any of us expected. We seem to have hit a nerve. They’re really happy that someone is finally addressing a pain point that drives them bonkers on the daily.
 
So what is Totem, if you don’t already know?

Totem is an awesome press page builder. We wanted it to be simple, and elegant. It is targeted at startups, small and medium sized businesses, and the agencies that serve them.
 
http://www.totemapp.com

Screencast here:

http://www.youtube.com/watch?v=rBP8GsOyoDU

 
And to be extra meta about it, here is Totem’s own totem, so you can see the product in action:

https://totem.totemapp.com/
 
Why did we build Totem?
 
It’s a classic scratch your own itch startup, truth be told — when on-boarding clients we uniformly found that they had no press page, or a poor one. For a long time we helped build those pages, or offered detailed guidance and examples so clients could roll their own. We were also ways frustrated, because press pages we so often the victims of procrastination. And yet, the press, analysts, and influencers are among your earliest and most powerful audiences, whether you’re a large company or a small one. Why have the press, who we court so emphatically, been catered to so poorly, for so long?
 
The reality is that press pages often involve too many middlemen — designers, developers, and webmasters. And the people who understand what makes a great press page are seldom the ones building them, much less keeping them updated in real-time. We surveyed over 100 press and asked them what they really wanted, how, and where. Totem is reverse-engineered to make press happy — that’s the only goal that matters. The last thing you want to do it make it harder for someone to write about your company or product. We should always be putting our best foot forward.
 
If you’re an agency, Totem gives you a strategic new item to add to your services menu, and it makes for better pitches (with no attachments) and appreciative press. Showcase your clients, showcase your results, and free yourself  to focus on what you do best.
 
Totem, is, we hope, above all else simple. Of the many things we learned along the way is exactly who hard it is to make something so simple. It is so much harder to take away than it is to add in. I have always known this intuitively, and as much was always true in the editing room back in film school. But the effect is even further magnified when it comes to software development. I hope that totem feels lightweight, and intuitive.
 
So yeah, you can now sign up and make a press page in :5 or less. For $99 — a one-time fee, not a monthly or yearly charge — you can upgrade to Pro, which means customizability, custom domain, and the removal or the totem logo/branding. Longer-term, we think there’s a clear roadmap of value leading to Totem 2.0 and 3.0. But right now we feel lucky to have come this far, and it’d be incredible to see traction enough to justify further investment.
 
For those of you who have been willing guinea pigs, you rock, and we are in your debt. You’ll be upgraded to the new version of Totem tonight, and invited to your project as collaborators, so that you can add coverage with the bookmarklet, upload new assets and make structural changes, too.
 
Please do help us spread the word — our goal is the make sure that everyone who should have a press page has an awesome one. We’re the press page company. Whenever you see that “Press” or “Media” tab on a website — we want to power it.
 
We have a lot of people to thank — starting with our friends Justin Britten of Prefinery and Flip Kromer of Infochimps, for volunteering to build the prototype in under 48 hours, under Justin’s mantra that if it a minimum viable product can’t be built in a weekend, you’re in over your head. Thanks to BJ Heinley for our brand and identity and endless encouragement. Thanks to Ben Friesen and Swingset Imagination for our beautiful new website. Thanks to Ellis Neder and Sway Design for the press page template itself, which everyone loves. Thanks to Corey Ward and Justin for everything between then and now — the other 90% of development that we never saw coming, and all the little bits of magic that make Totem feel special.
 
Thanks to John Robert for PM’ing this thing like a pro, and to Zach for services, support, and a million and one fires put out along the way. And of course, thanks to all of our colleagues at JDI, whose support, feedback, and elbow grease got us this far. I ultimately had very little to do with executing Totem myself — I think that’s a testament to the team we’ve built.

 
If you get a chance, please read and share our launch coverage, and follow us on Twitter and Facebook? Pretty please?
 
https://twitter.com/#!/presstotem
and
http://www.facebook.com/Totemapp
 
Thanks as always to you, too – for your feedback, encouragement and patience.
 
And we’re off….