Yahoo! User First Conference: Winning on Trust

"It is trust, more than money, that makes the world go round." -- Joseph Stiglitz, In No One We Trust

The week before last, I visited Yahoo! to give the keynote talk at their User First conference, which brought together big companies (Google, Facebook, etc), startups (big ones like USV portfolio company CloudFlare and lots of way smaller ones), academics, and digital rights advocates (such as Rebecca MacKinnon, whose recent book Consent of the Networked is an important read) to talk about the relevance of human/digital rights issues to the management of web applications. I was there to speak to the investor perspective -- why and how we think about the idea of "user first" as we make and manage investments in this space. First, I want to point out a few things that might not be obvious to folks who aren't regulars in conversations about digital rights, or human rights in the context of information & communication services.  First, there has been substantial work done (at the UN, among other places) to establish a set of norms at the intersection of business and human rights.  Here is the UN's guiding document on the subject. Second, in terms of digital rights, the majority of the conversation is about two issues: freedom of expression/censorship and privacy/surveillance.  And third, it's important to note that the conversation about digital rights isn't just about the state ensuring that platforms respect user rights, but it's equally about the platforms ensuring that the state does. The slides are also available on Speakerdeck, but don't make much sense without narration, so here is the annotated version:

As more and more of our activities, online and in the real world, are mediated by third parties (telecom, internet and application companies in particular), they become the stewards of our speech and our information. Increasingly, how much we trust them in that role will become a differentiating feature and a point of competition among platforms.

A little background on who I am: I work at Union Square Ventures -- we are investors in internet and mobile companies that build social applications.  I also have academic affiliations at the MIT Media Lab in the Center for Civic Media, which studies how people use media and technology to engage in civic issues, and at the Berkman Center for Internet & Society at Harvard Law School which studies tech & internet policy.  And my background is working in the "open government" space at organizations like OpenPlans and Code for America, with a focus on open data, open standards, and open source software.

So, to start out: a guiding idea is that the internet (as we know it today) is not just an open, amorphous mass of random peer-to-peer communications.  It's actually a collection of highly architected experiences:

Whether it's the governance structure of an open source project, the set of interactions that are possible on social platforms like Twitter and Tumblr, or the web-enabled real-world interactions that are a result of Craigslist, Airbnb, and Sidecar, much of the innovation and entrepreneurial activity in the web and mobile space has been about experimenting with architectures of collaboration. Web & mobile technologies are giving us the opportunity to experiment with how we organize ourselves, for work, for pleasure and for community.  And that in that experimentation, there are lots and lots of choices being made about the rules of engagement.  (for example, the slide above comes from an MIT study that looked at which kinds of social ties -- close, clustered ones, or farther, weaker ones -- were most effective in changing health behavior). At USV, we view this as part of a broader macro shift from bureaucratic hierarchies to networks, and that the networked model of organizing is fundamentally transformative across sectors and industries.

One big opportunities, as this shift occurs, it to reveal the abundance around us. I first heard this phrasing from Zipcar founder Robin Chase and it really stuck with me.  It's as if many of the things we've been searching for -- whether it's an answer to a question, an asthma inhaler in a time of emergency, a ride across town, someone to talk to, or a snowblower -- are actually right there, ambient in the air around us, but it's previously not been possible to see them or connect them. That is changing, and this change has the potential to help us solve problems that have previously been out of reach.  Which is good, because for as much progress we've made, there are still big problems out there to tackle:

For a (relatively) trivial one, this is what most California freeways look like every day.  In much of the world, our transportation systems are inefficient and broken.

...and this is what Shanghai looked like last week as a 500-mile wide smog cloud, with 20x the established limit for toxicity, rolled in for a visit.  We obviously don't have our shit together if things like this can happen.

...and we have tons to figure out when it comes to affordable and accessible health care (not the least of which is how to build an insurance marketplace website).

...and education is getting worse and worse (for younger grades) and more and more expensive (for college).  There's no question that the supply / demand balance is out of whack, and not taking into account the abundance that is around us.

So: these are all serious issues confronting global society (and the ones I mentioned here are just a small fraction of them at that). All of these issues can and should benefit from our newfound opportunity to re-architect our services, transactions, information flows, and relationships with one another, built around the idea that we can now surface connections, efficiencies, information, and opportunities that we simply couldn't before we were all connected.

But... in order to do that, the first thing we need to do is architect a system of trust -- one that nurtures community, ensures safety, and takes into account balances between various risks, opportunities, rights and responsibilities. Initially, that meant figuring out how to get "peers" in the network to trust each other -- the classic example being Ebay's buyer and seller ratings which pioneered the idea of peer-to-peer commerce. Before then, the idea of transacting (using real money!) with a stranger on the internet seemed preposterous. Recently, the conversation has shifted to building trust with the public, especially in the context of regulation, as peer-to-peer services intersect more and more with the real world (for example, Airbnb, Uber, and the peer-to-peer ride sharing companies and their associated regulatory challenges over the past three years). Now, a third dimension is emerging: trust with the platform. As more and more of our activities move onto web and mobile platforms, and these platforms take on increasing governance and stewardship roles, we need to trust that they are doing it in good faith and backed by fair policies.  That trust is essential to success.

In terms of network & community governance, platforms establish policies that take into account issues like privacy, enforcement of rules (both public laws and network-level policies), freedom of expression and the freedom to associate & organize, and transparency & access to data (both regarding the policies and activities of the platform, and re: the data you produce as a participant in the community).

When you think about it, you realize that these are very much the same issues that governments grapple with in developing public policy, and that web platforms actually look a lot like governments. Which makes sense, because both in the case of governments and web-enabled networks, the central task is to build an architecture around which other activity happens.  You build the roads and the other essential public infrastructure, and then you set the ground rules which enable the community and economy to function. Of course, there is a major difference: web networks are not governments, and are not bound by all the requirements & responsibilities of public institutions.  They are free to create their own rules of engagement, which you agree to when you decide to participate (or not) in that community. This is both a plus and a minus, when it comes to user rights -- the major plus being that web platforms are competitive with each other.  So that when there are substantive differences in the way platforms make and enforce rules, those differences can be the basis for user choice (e.g., it's easier to move from Facebook to Google than it is to move from the US to Canada).

I would like to put some extra emphasis on the issue of data, since it's growing so quickly and has been so much at the forefront of the public conversation over the past year.

We are generating -- and sharing -- more data than we ever have before. Everywhere we go, on the internet and in the real world, we are leaving a trail of breadcrumbs that can mined for lots of purposes.  For our own good (e.g., restaurant recommendations, personal health insights), for social purposes (crowdsourced traffic reports, donating data to cancer research), for commercial purposes (ad targeting & retargeting, financing free content), and for nefarious purposes (spying, identity theft). One distinguishing idea within all of this is the difference between data sharing that we opt into and data sharing that happens to us.  Certain web services (for example USV portfolio company Foursquare, highlighted above) make a business out of giving people a reason to share their data; getting them to buy into the idea that there's a trade going on here -- my data now for something of value (to me, to my friends, to the world) later.  It's proving true that lots of people will gladly make that trade, given an understanding of what's happening and what the benefits (and risks) are. Convincing someone to share their data with you (and with others on your platform) is an exercise in establishing trust. And my feeling is that the companies that best establish that trust, and best demonstrate that they can stand behind it, are going to be the ultimate winners.

I think about this a lot in the context of health.  There is so much to gain by sharing and collecting our health data. And If we don't get this right ("this" being the sensitive matter of handling personal data), we miss out on the opportunity to do really important things.

And there is no shortage of startups working to: a) help you extract this data (see 23andme), b) help you share this data (see Consent to Research and John Wilbanks' excellent TED talk on sharing our health data), and c) building tools on top of this data (see NYU Med Center's virtual microscope project). We are pushing the boundaries of what data people are willing to share, and testing the waters of who they're willing to share it with.

Which brings us back to the idea of competition, and why winning on trust is the future.

We are just just just scratching the surface of understanding whether and how to trust the applications we work with. EFF's Who Has Your Back report ranks major tech & communications firms on their user protection policies.  The aptly-titled Terms of Service; Didn't Read breaks down tech company Terms of Service and grades them using a crowdsourced process.  And, most effectively (for me at least), the Google Play store lists the data access requests for each new application you install ("you need my location, and you're a flashlight??"). You might be saying: "that's nice, but most people don't pay any attention to this stuff". That may be true now, but I expect it to change, as we deal with more and more sensitive data in more parts of our lives, and as more companies and institutions betray the trust they've established with their users.

There is no shortage of #fail here, but we can suffice for now with two recent examples:

Instagram's 2012 TOS update snafu caught users by surprise (who owns my photographs?), and this summer's NSA surveillance revelations have caused a major dent in US tech firms' credibility, both at home and especially abroad (not to mention what it's done to the credibility of the US gov't itself).

So... how can web and mobile companies win on trust? We're starting to see some early indications:

Notice the major spike in traffic for the privacy-oriented search engine, USV portfolio company, DuckDuckGo, around June of 2013, marked by [I] on the graph.

Some companies, like Tumblr, are experimenting with bringing more transparency to their policy document and terms of service.  Tumblr's TOS include "plain english" summaries, and all changes are tracked on Github.

And of course, lots of tech companies are beginning to publish transparency reports -- at the very least, starting to shine some light on the extent to which, and the manner in which, they comply with government-issued requests for user data.  Here are Google's, Yahoo's and Twitter's.

There are juicier stories of platforms going to bat for their users, most recently Twitter fighting the Manhattan DA in court to protect an Occupy protester's data (a fight they ultimately lost), and secure email provider Lavabit shutting down altogether rather than hand over user data to US authorities in the context of the Snowden investigation. And this will no doubt continue be a common theme, as web and mobile companies to more and more for more of us. And, I should note -- none of this is to say that web and mobile companies shouldn't comply with lawful data requests from government; they should, and they do.  But they also need to realize that it's not always clear-cut, that they have an opportunity (and in many cases a responsibility) to think about the user rights implications of their policies and their procedures when dealing with these kinds of situations.

Finally: this is a huge issue for startups. I recently heard security researcher Morgan Marquis-Boire remark that "any web startup with user traction has a chance of receiving a government data request approaching 1".  But that's not what startups are thinking about when they are shipping their first product and going after their first users.  They're worried about product market fit, not what community management policies they'll have, how they'll respond when law enforcement comes knocking, or how they'll manage their terms of service as they grow. But, assuming they do get traction and the users come, these questions of governance and trust will become central to their success. (side note: comments on this post are combined with this thread on, as an experiment)

Momentum on my mind

A few weeks ago, Brian asked Brittany and me:

"do you think it's better to build your career around skills or around ideas?".

Brittany immediately said "skills" and I immediately said "ideas".  We argued about it for a few minutes, and ultimately we both agreed that skills and ideas are both important (duh) and that you can of course build both sides in parallel. But more interestingly was Brian's respnose -- he had previously asked the same question to Albert, who had a more interesting answer, which was:

"you should build your career around momentum"

In other words, you want one thing to flow into the next, accumulating a crescendo of importance, impact and reach, that builds its own center of gravity and energy.  This really struck me, and has been on my mind since then.  Now that I'm writing this, it strikes me as a very natural answer to get from an investor, as momentum is what startups hope to create -- traction, energy, network effects, "the flywheel". Separately, the word momentum has been on my mind a lot lately because of the really awesome and inspiring Momentum chrome extension that replaces your "new tab" screen with an inspirational photo and a simple prompt asking you what your goal for the day is.  Mine looks like this today:

As simple as it is, the Momentum screen has really been great in the week or two I've been using it.  The idea of identifying a single focal point and priority for the day is refreshingly simple and surprisingly calming.  And really nailing your top priority, rather than getting spread thin and scattered across a million other things, is how you build momentum. So, momentum.  Momentum.  mmmmm.

The Regulation 2.0 challenge

Last night, I had the pleasure of joining GC David Pashman's NYU Law class on Internet and Business Law for Technology Companies as a guest speaker.  Over the course of the past semester, David's students have played the role of internet company General Counsel, working on a variety of legal and public policy issues -- everything from terms of service & privacy policies to considerations around patents, copyrights and regulation of the "peer economy". The students workshopped, for example, how a company like Skillshare might consider entering the realm of accredited, degree-granting universities, and how a company like Instagram might respond to backlash from scaring users with an aggressive privacy policy change. The big question that I posed to the group was about Regulation 2.0.  The idea that, given the huge volume of real-time data produced by modern web services and the potential for radical transparency based on that, there is an opportunity to explore  completely new regulatory approaches.  Approaches that, rather than make up-front decisions about an activity (say, ride-sharing or peer-to-peer apartment renting), as we do in a "1.0" regulatory regime, we can instead be more permissive on the front-end, while at the same time introducing increased accountability through transparency.  If this kind of approach worked, it would theoretically be simpler and cheaper to operate, while at the same time allowing for more new kinds of activities to be explored without fear of regulatory shut-down. That is the big idea -- that our regulatory regime can shift from "1.0" regulation to "2.0" regulation, the same way that online communities of user-generated content and transactions (think back to Ebay's peer rating system) have developed internal systems that generate trust and enhance community safety. A few months ago I drew up the basic idea like this:

Assuming you agree that there's potential to forge a more effective, efficient, scalable regulatory regime based on transparency and accountability, that raises two major practical challenges, which I posed to the NYU students: Protecting User Privacy: A transparency-based regulatory regime necessarily depends on some kind of data sharing agreement between web platforms (think Skillshare, Airbnb, Sidecar, etc) and the public (either the entire public, or maybe certain government entities).  How do you square that with the need to protect the privacy of your users?  How do you communicate the trade that users could be making (i.e., transparency in exchange for the freedom to participate) in a way that makes sense? Protecting the Freedom to Experiment: Many new, web-enabled, network oriented businesses start off by operating in legal gray areas.  This is almost a guarantee in some respects, as these companies explicitly exist to forge a new model, establish new norms, and prove that new ways of doing things are possible and ideally beneficial to all participants.  But that puts them in an extremely tenuous situation: exploring new models while protecting users, avoiding undue regulatory or legal scrutiny (especially during early phases).  An approach built on transparency would seem to need an explicit safe harbor in exchange for that transparency, otherwise it's difficult to imagine that companies would voluntary participate. Both of these considerations are borne out in the recent kerfuffle between Airbnb and the NYS Attorney General's office.  The AG is wants the data to suss out "bad actors" on the platform, and Airbnb wants to protect their users privacy (and likely, to some extent, the details of their business model.  But this case is already years in the making.  Can we imagine what it would have looked like to build a new Airbnb in a "regulation 2.0" era where transparency in exchange for freedom to operate was the norm?  Can we imagine that in other sectors that are emergent now (such as digital health)? It's seems clear to me that 1.0 regulation in the era of web and mobile everything is not going to work.  So we need to forge a new model -- one that's innovation-oriented, scalable, and takes advantage of tools & data that never existed before.  This idea of "regulation 2.0" is a direction I've been thinking about a lot -- I think there is a kernel of truth in it that we should try and build around.

Happy Thanksgiving everyone


Competitors at the time

At USV, we talk a lot about how the landscape is changing, as more entrepreneurs and investors get behind the idea of building networks around problems, communities & verticals.  And that means that we are seeing more competitors in each space we look at, especially compared to what it looked like when USV invested in tumblr, etsy etc. (i.e., the halcyon days of yore) I have a suspicion that -- while this is no doubt true -- that there was more competition around these ideas than we remember, especially because many competitors fell off as the leaders emerged, so we don't remember them anymore. It would make for a neat research project to look at modern-day category leaders across a bunch of categories, and map them back to the competitors around them at various times in their history.  Funding milestones would be an easy way to do this. Does any such thing exist?  Seems like something that could be done relatively easily using the Crunchbase API.

The no list (or, do less better)

Saying no to things is something I've always been bad at.  I have always been (and to some extent, have prided myself on being) more of a "why not" guy than a "why" guy. This has many of advantages -- I'm open minded and I end up doing tons of interesting things w interesting people.  But it also has some obvious disadvantages -- like feeling overwhelmed, getting behind on things, getting spread too thin, not doing a good enough job on any one thing. I remember reading that one of the cornerstones of Warren Buffet's approach to life is writing up a list of the 10 things you want to do, prioritizing them, then putting the bottom six on a "avoid at all costs" list. And I believe in my heart that the projects / apps / ideas that are tight, focused and well executed are better than the ones that are broadly ambitious and try to boil the ocean. One of my favorite lines, from one of my favorite books is "half, not half-assed". But still, it's hard to say no to things.  Meetings, phone calls, projects, you name it.  It's just hard. But every time I look at my long to do list, or my inbox, or my calendar, and think -- what can I do to be more efficient and effective at doing all of this?  The obvious answer is to just do less.  That's by far the most simple and most impactful approach. How do you save money? Spend less.  How do you save time?  Do less. Easier said than done, but no doubt important.


Swimming like a shark

Andy and I were talking yesterday about how both of us really struggle on email, especially during busy weeks when we're really focused on something (travel, a project, etc).  I can't tell you how many emails I start with: "I apologize for the long delay here..." I described it as being afraid of the inbox.  I live in fear of the inbox, especially when I get behind.  And then, rather than just dive in, face the fear, and get through with things, I end up procrastinating and then of course it only gets worse. One way to think about it is that you have to keep swimming so you don't drown.  Like a shark.  That's how I think about walking through NYC, or driving in a car -- in the midst of chaos, it's better to be assertive and aggressive, make your own path, rather than get swept up by being tentative and timid. But while that really works for me for driving and walking, I still often live in fear of my inbox. I am not an inbox shark.  I am a tiny minnow getting cast about in the sea.  I suspect I'm not alone. And of course, it's not just email.  There is an overwhelming stream of stuff coming at all of us from every angle.  I'm adding to it this very second by writing this blog post on Tumblr :-). It seems to me -- though I haven't mastered this yet -- that the right way to face it is to swim ahead like a shark, stay in the game, not get afraid, and not feel guilty for all the things you're inevitably going to miss, despite all that.  Easier said than done.

Social Detox

There are a lot of great insights in Benedict Evans' most recent report. It's worth a read. One that stood out to me is this one:

Because a lot of our social network lives at the phone OS layer (contacts), and because mobile social may be "sticky like nightclubs, not like banks", perhaps the switching costs among mobile social networks are low. At USV, we've been talking about this a lot in terms of how a network's policies (e.g., user privacy, share of economics) relate to its ultimate ability to retain users.  And the idea that perhaps the most sticky networks are NOT the ones that are the most heavy handed in terms of attempting to lock in their users (e.g., by making data export/import hard). This would suggest that in many cases (at least in mobile / social), data lock in is less of a "lock" than you might think, and in fact, there may be something cathartic and cleansing about walking away from your data, i.e., "detoxing".

Wanted: Partychat for Google Hangouts

I've been a remote or semi-remote worker for a long time now.  Which has a boatload of pros (flexibility) as well as cons (distance from "the watercooler"). Over time, I've tried lots of things to help forge a stronger connection among my distributed or semi-distributed teams.  As you would expect, it's always a lot harder in the semi-distributed context, where some people are face to face and some people aren't.  In those cases, it's always hard to get the f2f people to adopt technology for casual chatting. My new favorite tool for this is Sqwiggle.   Sqwiggle is a chat / video service for distributed teams.  My favorite feature is that, rather than seeing each person in always-on real-time video, you see black & white snapshots in 10-second intervals.  This removes a lot of awkwardness.  My second favorite feature is the ability to initiate a video conversation unilaterally -- in other words, if I want to video with Zander, I just click on his face and start talking.  No need for "ring him".  The folks at Sqwiggle like to note that this results in much more frequent, but a lot shorter, conversations (like what you get when you're in an office together). At USV, we've set up a "Sqwiggle Bot" in the office -- it's an old iMac, sitting on my desk, which is hooked up to a wide-angle camera and is persistently logged into Sqwiggle.  Anyone who is working remotely (as lots of us always are), can just dial into the bot, and "poof" we're sitting in the office.  It looks like this:

From my home office, it looks like this:


You can see Zander on the right, and Fred's and Albert's offices in the background. So, that's been great, and we're using it more and more. The thing that is more vexing is actually a much simpler problem:  Group chat. Back when I was at OpenPlans, we were heavy IRC users.  The whole team (folks spread across multiple cities, but concentrated in NYC) was always in the #openplans IRC channel, and it was the social hub of the office.  And not just for remote folks -- when it was time for lunch, people would ping the IRC channel.  There was tons of chatting back and forth, via IRC, among people sitting next to each other.  It was, and is, great. There are a few features that make group chat in IRC awesome: 1) regular chat is unobtrusive.  Meaning, you can be in a room, but not get a notification of every single message. 2) username notifications.  when someone wants to get your attention, they just mention your handle, and your client bounces a notification to get your attention. 1 and 2 together mean that you can stay logged in to the channel all day long, not be overwhelmed by it, but still be directly reachable when people want to get your attention. 3) it's hackable. Since it's an open system, you can write all kinds of hacks.  Our SVN repo was tied into IRC, so every time someone committed code, it posted to the channel.  We had a bot that would reply to certain kinds of questions with silly answers.  You can build whatever kinds of things on it you want. In sum, it was (and is) a fantastic tool for staying connected with a large group. If you were to add in persistent history and video-chat, you'd have the perfect tool. it's worth noting that you can do similar things with other tools.  Campfire, by 37signals, does a lot of this. So does Skype. Those are good tools, but what I've been looking for recently, but haven't been able to find, is a way to get a similar experience out of Google Hangouts.  The reason being that the entire USV team is in Gmail all day long, and does a fair amount of one-to-one chatting in gChat (now Hangouts).  So, rather than doing the (likely impossible) work of getting everyone to use a new tool, I really really want a way to accomplish this in Hangouts, which we all already use. What's extra frustrating is that, until recently, you could accomplish something similar in Google Talk using Partychat, since Google talk was built on the open XMPP protocol.  But with the switch from Google Talk to Google Hangouts, Google dropped support for this:

We realise Google's migration to Hangouts breaks @partychat due to removal of XMPP federation support. We are considering workarounds...

— Partychat (@partychat)

May 16, 2013

If you listen closely enough, you can hear the eerie mantra "embrace, extend, extinguish" emanating from the Googleplex... So, I've been trying to figure this out.  And it's been frustrating.  If there is a solution out there, I'm dying to know it.


Exploding business models

It's fascinating to watch the process of business models exploding. What apple did yesterday in announcing free OSX and free iWork apps is a great example of that.  MS has traded on license fees for Windows and Office forever, and for a long time, Apple has followed suit, charging reasonably high (although continuously declining) prices for each. Now, with outrageous revenues from hardware and the app store, they don't need to do that anymore.  In fact, free distribution of OSX and iWork will just expand the ecosystem and grow those revenues. In most cases, it takes some kind of end-run and a lot of scale to make this kind of thing possible.  Apple can do it now because they created a brand new channel & model with the app store, and built a monster hardware business.  If they had tried, before doing that, to "reinvent" the OS business, they wouldn't have had the leverage.  It's interesting to look at other sectors where this is happening: * Music: Soundcloud is letting artists distribute direct-to-fans, end-running the labels and the traditional pricing and distribution model.  At some point, they will reach a tipping point that will force the old model to change. * Education: textbook publishing and open source.  I don't have examples on the tip of my tongue but I can't wait for this one to happen. * Law: lexis nexis & westlaw vs new platforms like Casetext. Now that I look at these examples, they're all cases where distribution has been expensive, and intermediaries monetized the IP directly.  What we're seeing more and more of are models where distribution is cheap/free and IP is monetized indirectly.