Hear Ye! Since 1998.

Archived Posts for March 2011

Please note: The posts on this page are at least 3 years old. Links may be broken, information may be out of date, and the views expressed in the posts may no longer be held.
Mar 11

  stuloh It's 27°C outside. YES. #fb

  2:03pm  •  Tweet  •  Tweet This  •  Add a comment  • 
Mar 11
Mar 11

  stuloh Mallesons' IP Whiteboard Blog is excellent http://blogs.mallesons.com/ipwhiteboard (I find it reminiscent of the blog of @ericgoldman)

  11:42pm  •  Tweet  •  Tweet This  •  Add a comment  • 

  stuloh Whoa. Awesome fact pattern RT @ericgoldman: Blog Post: IM Convo Amended Written Contract: CX Digital v Smoking Everywhere http://j.mp/g37zK4

  4:47pm  •  Tweet  •  Tweet This  •  Add a comment  • 
Mar 11

  stuloh The 0.00002% Privacy Solution (WSJ) http://bit.ly/g4xIfK (headlining that stat is a little misleading, but the article is still noteworthy)

  12:02pm  •  Tweet  •  Tweet This  •  Add a comment  • 
Mar 11

Color: a privacy analysis (Part 2)

This is part two of a two-part post about the launch of Color.  The first part talks about the business and is available here.

The privacy practices of Color

Several things struck me about Color after I had used it for a while.  The first is that Color gathers a lot of data.  This data is highly personal (a picture is worth a thousand words and all that).  If I see your photo stream, I can determine not only where you are at a given time, but figure out who your friends are, what places your frequent, and even your routines and habits over time.  The second is that Color automatically shares your photos with anyone, instantly.  Most of those people will be strangers.  Your next door neighbor can see what’s happening in the party you’re holding at your place. (“I really hate my neighbor right now because of all that noise.  Wait, is that a person doing blow in the corner?  Let’s call the cops.”)  This is different to media sharing tools like Facebook, Foursquare, YouTube or whatever, because they are either shared with people you actually know (or their acquaintances), or are shared on a very deliberate basis by the media owner.  Color is just a firehose of information… and it can contain information which is far more revealing than a Tweet.

The privacy issues are totally obvious.  If you take a sick day from work and you’re not actually sick, you better be careful about using Color, because if your boss uses it, he can probably automatically see your photostream.  If you’re snapping photos in an office building, you better make sure you don’t inadvertently snap anything that’s confidential, or your competitors three floors above you might get wind of it without you even knowing.

As a lawyer at a small tech company, I spend a lot of my time thinking and worrying about consumer privacy.  After reading all of that, it’s totally obvious that if you use the app, nothing is private and you have no control over where your photos go.  If you don’t like it, don’t use it.  Well, that’s all fine and good, but for an app that is completely invasive of privacy, it does what is, quite frankly, a bad job of informing the user about it.

Let me say here that there’s nothing wrong with an app that is completely invasive of privacy as long as people know exactly what they’re getting in to, and have some choice over the matter.  And as long as you comply with the law, which may be pretty difficult in some European countries which tend to rachet up compliance requirements the more invasive your privacy practices are.  Color is a U.S. company and will soon be registered under the U.S.-EU Safe Harbor Framework, but despite the Safe Harbor, some European countries’ privacy laws can impose additional obligations that have what is effectively extraterritorial reach (I’m looking at you, Spain).

As soon as you start the app for the first time, you are asked to snap a photo of yourself.  Before you know it, that photo is broadcast to everyone around you.  There is no warning.  You have to figure the last part out later, as you learn how to use the app.  (The app is pretty confusing as well – it uses icons I’m still trying to figure out the meaning of.)

I went looking for the privacy policy.  After literally 5 minutes of pressing everything in the app, I still couldn’t find it.  I checked on the app, and on the website.  In the end, Google came up with the goods.

Let’s do some analysis

The privacy policy is actually not bad.  I like the tone – it’s not only written in plain English, but it’s written colloquially.  This dispenses precision for comprehension and concision, which I think is appropriate in this context.  The formatting could use some work, however – it’s still a glob of text that you have to go hunting through to find out information you’re interested in.

A good privacy effectively communicates answers to three key questions: What info are you collecting from me?  How are you going to use that info?  Who are you going to give that info to?  However, I believe the most important question to be answered is: How are you going to handle my data in a way I’m not going to expect or know about unless you tell me?

There are a few other ancillary things as well: What control do I have over the info you collect- can I get it deleted or updated?  Are you going to tell me if you change your privacy policy?  How do I contact you?

Probably the best way to look at a privacy policy is to pick out all the bits and pieces of information being collected about users and seeing what happens to that information.  I’m looking at the March 21, 2011 version which covers both their app and their spartan website.

Contact details (name and email)

  • How Color uses it: In the second section of the policy, Color only says that it “stores” your data, but doesn’t mention at this point how else it uses the information.
  • Who Color shares it with: The second section also says they won’t disclose this information to anyone, except to courts.  However, this is contradicted later on in the third section, which says that they do share users’ names with other users (which is obvious in the app).  It’s also contradicted by the general disclosures section (the sixth one), where it turns out that they will disclose your name and email to others besides a court.  More on the general disclosures section below.
  • Notes: These are collected right at the start, when you register with the app.

Mobile device unique ID

  • How Color uses it: Color doesn’t mention for what purposes it uses this piece of info.
  • Who Color shares it with: We are told that this info is going to be given to certain unnamed others for “advertising purposes”.  This is ambiguous.  Is Color using it for its own advertising purposes, or are they giving it to third parties who can use it for their own purposes?  Is Color selling this information?  All we know is that marketers won’t contact us directly as a result of this disclosure.
  • Notes: After the privacy firestorm and lawsuit that Apple found itself in after the WSJ broke a report about mobile device identifiers being disclosed without users’ knowledge, companies are going to want to tell their users if they are getting their mobile device’s unique identifier.  However, Color doesn’t really do a good job of explaining what it’s doing with this identifier.

User-generated Content (pics, videos, comments, actions)

  • How Color uses it: Obviously to make the app work.  Color are silent on exactly how they use it in ways that aren’t readily visible – you have to go to the Content license grant in the Terms of Service for that (Color gets a perpetual, irrevocable, world-wide license to “use and reproduce any of your Content … for any reason or no reason, without notice” and “copy, analyze and use any of your Images and comments … for purposes of debugging, testing and/or providing support services”).  That stuff should really alos be in the privacy policy.
  • Who Color shares it with:  Pretty much to anyone.  It notes social networks in particular.  Can we say “viral”?
  • Notes: UGC is, of course, the meat of the app.  Color calls it “Content” so that’s how I’m going to refer to it here.  Traditionally, privacy policies have focused on personal information (variously referred to as “personally identifiable information” or “personal data” depending on which part of the world you’re from).  Personal information is basically any information which could reasonably be used to identify someone (including when used in combination with other information which has been collected).  The thing is, you don’t need a lot of information about someone to be able to identify them.  Netflix recently copped a lot of flak for wanting to release what they thought would be an anonymized data set about their customers (containing their genders, ages, zip codes and movie watching habits).   “Researchers have known for more than a decade that gender plus [5-digit] ZIP code plus birthdate uniquely identifies a significant percentage of Americans (87% according to Lant[y]ana Sweeney’s famous study).”  Lantanya Sweeney is known for her work with anonymization of data sets and her paper on k-Anonymity.
  • Related to this realization that anonymized data is not as anonymous as you’d think is a recent trend in privacy policies to take a more holistic view of what needs to be covered in them.  TRUSTe recently updated its privacy seal requirements to recognize this after the FTC released its report on consumer privacy: “Companies need to be transparent about all consumer data collected, not just those it considers personally identifiable or ‘PII.’”  Users don’t only care about personal information, but they care about all the other information that they give to a company.  Information that is not “private” in the privacy sense, but in the confidential sense.  For example, my photos of my attic (if I had one) are generally not personally identifiable, but I still could regard that information as private, especially if I have some weird stuff in there.  So, privacy policies should not confine themselves in scope to personal information (as legislative requirements generally do), but should cover all types of information gathered from users.  With Color, while not all Content is personally identifiable, it’s still information which people could regard as “private,” so it’s important for Color to mention how it handles this.
  • I wonder if they preserve metadata on Content?  Probably, yeah?  I’m too lazy to check right now.

Location information (some of which is attached to Content)

  • How Color uses it: To show you and others relevant Content.  The services uses your physical proximity to others to determine whose Content you can see.
  • Who Color shares it with:  Pretty much to anyone, just like user-generated content.
  • Notes: Geolocation information is pretty topical among the privacy crowd these days.

Audio recordings

  • I’ve read that the app takes recording of ambient noise, which is another way it tries to determine if you’re interacting in the same environment as those who are near you (people may be 50 feet away, but they may be in the building across the street).  This feature has led some people to make references to Echelon.  Interestingly, the privacy policy doesn’t make any mention of this.

Server log file information and cookies

  • As Color says, this is the “usual stuff”.  I’m not going to dwell on this much.  Color does mention that they don’t have a logon system for the website yet, but one may be introduced in the future.  This is in line with the CEO’s aim of keeping the website as sparse as possible – the focus is on the mobile app.

Mobile phone number

  • How Color uses it: Mainly for the user’s benefit.  If you lose your phone (or whatever mobile device you’re using), you can get Color to reassociate your account with your new phone so you don’t lose all your stuff.  Conversely, this allows Color to permanently ban any device or account they want.  But they won’t use your number to call you.
  • Who Color shares it with:  No one, apparently – subject to the general disclosure section (see below).
  • Notes: Strangely, Color tells us they collect our mobile numbers in the fifth section of the policy, which is kind of duplicative with the second section, where I think it should be.

Your mobile phone’s address book

  • How Color uses it:  Basically to show you relevant Content, and also to facilitate the use of SMS.  “We think you might be interested in seeing your friends’ Content,” Color writes.  Even if you’re not physically close to your friends, Color will still hook you up with them.
  • Who Color shares it with:  Not mentioned, but I hope it’s no one (subject to general disclosures).
  • Notes: This immediately reminded me of Google Buzz’s privacy woes.  If my photo stream is not only shared with those physically proximate, but also anyone in my address book… anyone from my boss to my grandmother could see my Content (as Color points out in its TOS).  For anyone who wants to keep their professional and personal lives separate – especially those who make it a rule not to friend colleagues on Facebook… this is not the app for you.  But I don’t think people are going to realize this.  Color calls the people with whom your Content is shared your “elastic network.”  And it’s super elastic.  There are no privacy controls on anything – it’s just one black box algorithm at work figuring out who to push your Content out to.  That said, iPhones do alert you from the get go that Color is trying to access your address book (scant protection).

General disclosure exceptions

  • The sixth section contradicts the second section (as I mentioned above) and contains pretty standard exceptions regarding disclosure of data.
  • If they get acquired, the acquirer will get your data.
  • If they are subpoenaed or are otherwise required by law, they may disclose your data.
  • If you engage in illegal activities, they can report you to the authorities.
  • Interestingly, they also permit themselves to disclose your information if they get alerted to “extremely offensive behavior”.  I wonder why they need to be able to do this when they have the illegal activities exception?  The interpretation of what is “extremely offensive” is pretty discretionary.  And why would they need to disclose your information?  To name and shame you?

Other issues

  • As Color continues to develop its product, you can bet this privacy policy is going to undergo multiple iterations (the policy itself alludes to them rolling out “more interesting options”).  Color is pretty ambiguous about how it will communicate changes to the privacy policy – “we’ll update you before our practices change” is all they say.  How will they do this?  (I doubt they will popup messaging in the app summarising what has changed, although that’s what they should be doing.)  How major a change to their privacy practices needs to occur before it triggers the notification requirement?
  • There’s not much information in the policy about deleting your account and whether Color retains your Content.  This is all contained in the TOS under the “Your Content is Public” section.

Terms of Service

  • I skimmed through the TOS and it’s written in the same style as the policy, which is unusual.  I’ve seen Virgin do it once on a credit card application form (which was pretty cool actually).  I was amused to see marketing statements thrown into what is essentially a contract.
  • Some gems: “We think this feature makes us different and exciting.”  “this is our sandbox”  “Unique users can view your Content … Anyone: from grandparents to bosses” (as I mentioned the issue is not so much that these people can view your Content, the issue is that they are among the people who are most likely to be pushed your Content).
  • There’s also this weird statement: “Don’t use our Service for commercial purposes.”  If I open up a restaurant, why wouldn’t I try and advertise it through Color?  This is a great way to alert workers and residents in the immediate area about your new shop.  I could also snap a picture of my sandwich board outside which says, “50% special on soup, today only!” and get it pushed out to everyone in the area.

So how does it all stack up?

The privacy policy isn’t bad.  It’s relatively easy to read, but it could contain more information (and more information means structuring the policy better and highlighting the important bits).  A lot of privacy information is actually contained in the TOS.  Like most people, I never read Terms or Privacy Policies top-to-bottom unless I’m getting paid for it (Color’s privacy policy is the exception).  I’m not concerned about most things: even if a company sells my email address, I get so much spam each month anyway that it doesn’t really matter.  However, I am interested in very specific things: if I sign up to a subscription service and it’s not clear how I can cancel my account, I will check the Terms.  On Facebook, I want to know if an app is going to post something to my wall without telling me first, and I will look up a privacy policy for that.  If you put privacy practices in the Terms, people who are just looking for privacy information aren’t going to find it.  This isn’t much practical help to consumers.

However, the only major issue I really have with Color is that there is pretty much zero notice of its privacy policy.  It’s damn hard to find.  There should at least be a privacy warning as soon as you open up the program.  Instead, the very first two things you get are iPhone notices telling you that Color wants to access your location and your address book.  Uh… what are you going to do with those two things?  We don’t know.  Notice given after the fact is not really notice.

The privacy policy contains a nice section at the end entitled “Respecting Privacy.”  It says: “A picture says a thousand words.  Before you use our App, consider whether you (or those whose image you capture) want the world to see the picture or video you took.  And have fun.”  This notice really should be up front and center, along with “we potentially share your photos with everyone – including your boss who’s sitting 20 feet away from you.”  And they could throw in an example for good measure: “your mother, who is in your address book, will see all your party pics.”  This is a visceral privacy notice (to use privacy lawyer Ryan Calo’s terminology).  It could also be presented a short-form privacy noticeJust put something prominent there.

When interviewed by the press, Color has been upfront that their app should not be used if you’re not willing to let the world see your Content.  But that upfrontness is distinctly missing from the app.

One other issue is that of inappropriate Content.  At the moment, social norms keep the Content in check – I have yet to see any inappropriate photos from the 100+ people whose photostreams I have access to.  However, just wait until the teenagers get a hold of this.  Despite this, I’m actually not very concerned about inappropriate content being snapped.  There is a distinct potential for misuse (snapping photos in restrooms or around schools, for example), but no more so than any other online service dealing with user-generated content.  It’s not a new issue.  The speed at which things could go viral is stepped up a notch, but this isn’t in itself a reason to get your knickers in a knot.  In today’s world, all publicity is good publicity, right? … Right?


  10:07pm  •  Internet  •  Law  •  Tweet This  •  Add a comment  • 

Color: an analysis (Part 1)

This is part one of a two-part post about the launch of Color.  Click here for the second part, which examines Color’s privacy practices.

Enter Color

Color isn’t the next Google.  But it could be the next Twitter.

A mobile app called Color launched this week.  It would have been an otherwise unremarkable launch had it not been accompanied by the news that the company, Color Labs, Inc., had received $41 million in funding from Sequoia Capital, the VC arm of Bain Capital, and Silicon Valley Bank.  Assuming Color’s founders still have control of the company, the most conservative estimate of Color’s implied valuation puts it at a little more than $80 million.  This investment appears to have been made on the basis of the strength of its reputedly star-studded ~30-person team (headed by Lala founder Bill Nguyen) and a working prototype, because when $41 million was plowed in, Color had no revenue, no users, and no live product.  Its most “tangible” asset was its U.S.-centric domain name, Color.com, which was reportedly acquired for $350,000.

Sequoia Capital partner Doug Leone was reported to have said, “Once or twice a decade a company emerges from Silicon Valley that can change everything. Color is one of those companies.”  Which is expected when you’ve handed over more money than Google received in its initial funding round.  It’s a big call to make.  If there’s only room for one or two a decade, I can only think of two tech companies founded within the last decade that have reached 11-figure valuations.  For a mobile app to reach these lofty heights, well… let’s just say the gut reaction is immediate.  Color is going to have to be an app that you use multiple times everyday: Email, Google, Facebook, and perhaps Twitter have achieved this.

At a basic level, Color lets you snap photos (and video) with your phone.  The photos get uploaded to Color, which then pushes them out to all Color devices in your physical vicinity (within a few hundred yards), as well as to your friends further afield.  You get to see what other people in your vicinity are seeing – some will be friends, some will be strangers.

Color’s algorithms also attempt to group together bunches of photos taken by different people based on location, lighting, past interaction with people, and even ambient noise (yes, the app apparently turns the microphone on).

That doesn’t sound like something that might be worth $10 billion one day.  But, the VCs backing Color are not mediocre people.  So I think it’s natural that we give Color the benefit of the doubt and assume that the initial app is just scratching the surface of what the team in downtown Palo Alto want to accomplish.  Let’s let our imaginations run wild and see how the premise of the current app could bloom in the future.

The possibilities

Interviews with CEO Bill Nguyen disclose that Color is not really about sharing photos.  It’s about a “new way to build spontaneous social networks – and collect massive amounts of data about what people are doing and where they’re doing it.”  Once we frame it in that light, we start to see a few use cases that may be possible in the future.

The most cited one is people attending the same event, for example a concert or a sports game, who will be able to see the event from different perspectives.  This then extends itself to news reporting, and for search and rescue in natural disaster zones.  Something happens in the world that breaks on Twitter (“massive hailstorm in Sydney happening now”), and you skip over to Color, zoom in on the affected area in Sydney, and then get instant access to photos of the event from different people who are there.

Another use case is to connect strangers who are physically close, but with whom you would otherwise have no reason to come into contact.  For example, apartment buildings or public transport.  I’m a little dubious about this, but as inhibitions regarding privacy drop, some people will definitely make use of this.  To put it bluntly, it’s entirely possible that someone has already gotten laid by someone who they met through Color.

At the moment, Color collects a lot of data.  A lot.  It is basically building up a repository of  media items which are geotagged, timestamped and associated with an individual.  Image recognition will enable people and objects to be automatically tagged, and other semantic meaning can be embedded into the media.

This all reminds me about a book co-written by Arthur C. Clarke and Stephen Baxter called The Light of Other Days.  (A similar premise was depicted in the movie Déjà Vu, featuring Denzel Washington.)  In the book, a technology exists which allows someone to open up a “read only” wormhole into any past point in the spacetime continuum.  In other words, you can pick a time and place and then watch what happened there.  This is one place where Color might be headed.  You can relive a night on the town, or a vacation with friends.  A high school class could explore future historical protests similar to the one in Tahrir Square, or journey through the bloodied streets of Benghazi in real time as seen through the eyes of those at ground zero.  This idea has already been explored in some ways – Microsoft’s Photosynth technology stitches together geotagged photos on Flickr and recreates 3D scenes from photos that were taken at the same location.

That is the promise, but Color has some work to do to get to that stage.  I installed the app when I was at work.  I immediately saw a group of about 30 users and their photostreams.  It was mainly headshots of people – people eating in restaurants, people in the street, people in offices.  But I was most amazed because there were 30 people in my vicinity that were already using Color, and every minute or so, another photo would pop up on my screen – it seemed like user adoption had blown up overnight.  Alas, I later found out that Color’s offices were literally a block away from ours, so I had inadvertently gotten to “know” half of Color’s staff.

The trouble was that I had no context for the photos.  I didn’t know these people, they didn’t know me, and I guess I could have started commenting on their photos, but that seems like a creepy thing to do… like hanging around a clique and trying to break in when you clearly don’t belong.

I tried it at home on a weeknight.  Within sniffing distance of downtown Menlo Park, no one was using it.

What’s that you say about a business model?

Color is apparently one of those businesses where the idea is so appealing that the business model is just a detail that can come later.  “Build it and they will come… we’ll monetize it later.”  The app is free and the company intends to make money via location-based advertising.  Color is going to be competing in a space which is going to be crowded: Foursquare has been working on this for a while, and Groupon is apparently trying to muscle in on it as well.

I have a feeling that Color has the potential to become an important part of the internet, but only in the same way that Twitter has.  Twitter has little revenue to show for its circa $5 billion valuation, and it has been “experimenting” with different business models for years.  Twitter received enough funding and revenue to get it through to profitability (maybe?), but at $5 billion you’d expect it to be earning profits somewhere in the low 9-figure range.  On the other hand, it’s now part of the plumbing of the net.  It’s vital infrastructure.  There is another infrastructure-style site that provides a valuable benefit – Wikipedia, which is a non-profit organization that runs on a budget of only $10-20 million a year.

I believe that Color was invested in at a very overvalued price, but there is a reason for this – the wisdom of which I have mixed feelings.  This trend seems to have been growing over the last year or so as investors clamor to get in to companies at the ground level.  I attended a Y Combinator Demo Day last year and the start-ups there were routinely raising angel funding at $5+ million valuations.

Perhaps it’s a side effect of what’s been happening with Facebook.  Even if you wanted to invest a lot of money in Facebook after you saw The Social Network, you couldn’t.  This seems to have pushed Facebook’s valuation way up.  Private stock is normally valued less than public stock (all other things being equal) because of the benefits that liquidity offers.  Perversely, the opposite seems to be true – it is because the demand for Facebook stock is so high, and the supply so tight, that the lack of liquidity is actually pushing prices up.

It still makes some kind of sense, though.  Let’s say, for the sake of argument, that Facebook is worth $20b and you had the opportunity to invest at a $30b valuation.  The 50% premium may still be attractive since you might not actually have the chance to buy it in the future.  By the time the private stock becomes available, or the company floats, the company’s “true” valuation may have grown to $100b.  You’ve still made money hand over fist because you managed to get in early.

It seems that angels and VCs have cottoned on to this a bit.  It’s a bit of FOMO.  Better to get in now at an overvalued rate, than get in later when the valuation has skyrocketed.  And it’s easier for a company to double $10m in revenue than $100m in revenue.  Of course, investing early at high valuations just pushes both sides of the risk/reward equation up.  (There’s nothing wrong with a bubble from a personal investment sense… just make sure you get out of it at the right time.  I have a friend from high school who made 100x on a sizeable punt on Rambus, having sold out shortly before its stock price crashed.)

But I’m going to move on now – many people have written more about the viability of Color in much more depth, and there are a lot of other interesting issues that they cover, such as the perils of choosing a generic word as a company name (it’s going to be challenging to trademark, not to mention issues with SEO), the app’s UI, who comprises Color’s team, and so on.  In the next part of the post, I want to talk about privacy, because Color raises a few fascinating privacy topics.

Continued in Part 2…

  9:55pm  •  Internet  •  Law  •  Tweet This  •  Add a comment  • 
Mar 11

  stuloh After 16 years in government, Labor was destroyed in NSW elections, losing about 30 of their 51 seats http://t.co/LwJfCMh

  10:23am  •  Tweet  •  Tweet This  •  Add a comment  • 
Mar 11

  stuloh New HY! post: In Silicon Valley, a Lack of Engineers http://bit.ly/hn6Tmp

  9:20pm  •  Tweet  •  Tweet This  •  Add a comment  • 

  stuloh Color has the potential to be a privacy and confidentiality nightmare, especially around some types of corporate environments...

  10:44am  •  Tweet  •  Tweet This  •  Add a comment  • 
Mar 11

  stuloh Secret Fears of the Super-Rich (The Atlantic) http://post.ly/1nXO7

  8:28pm  •  Tweet  •  Tweet This  •  Add a comment  • 

  stuloh RT @cederman: Some snarky color.com backlash. Amusing. https://docs.google.com/present/view?id=ajdtctfhv4hn_264g329gwcc&pli=1

  12:06pm  •  Tweet  •  Tweet This  •  Add a comment  • 
Mar 11

  stuloh Profile on Apple's Jonathan Ive (Daily Mail) http://post.ly/1nEyy

  10:20pm  •  Tweet  •  Tweet This  •  Add a comment  • 

  stuloh Li Wei: the lady who became a billionaire by being a career mistress http://bit.ly/hWIDQm

  10:08pm  •  Tweet  •  Tweet This  •  Add a comment  • 

  stuloh Just voted online in the NSW State Elections. Impressed I can now vote online. Not so impressed at the candidates. http://ivote.nsw.gov.au/

  9:09pm  •  Tweet  •  Tweet This  •  Add a comment  • 

  stuloh Example 2: Color.com, a mobile photo sharing app, raised $41m from big name investors. Yahoo bought Flickr for $35m. http://tcrn.ch/i2Z8Cu

  6:29pm  •  Tweet  •  Tweet This  •  Add a comment  • 

  stuloh Example 1: Flipboard's latest round had a $200m valuation (rumored). Revenues so far: $0. http://bit.ly/g0ZQnf

  6:24pm  •  Tweet  •  Tweet This  •  Add a comment  • 

  stuloh I am beginning to see more and more startup funding news where the implied valuations seem, quite frankly, really overvalued.

  6:16pm  •  Tweet  •  Tweet This  •  Add a comment  • 

Five most common regrets after a lifetime

Bronnie Ware, a nurse working in palliative care, tended to patients in the final 1-4 months of their lives. She asked them to share with her what their biggest regrets in life were – what they would have done differently if they could have changed something. Then she condensed it down into a list of the five most common regrets. In summary form, they are:

1. I wish I’d had the courage to live a life true to myself, not the life others expected of me.
2. I wish I didn’t work so hard.
3. I wish I’d had the courage to express my feelings.
4. I wish I had stayed in touch with my friends.
5. I wish that I had let myself be happier.

The full article is well worth a read. (Thanks Ros for the link!)

  12:15am  •  Life  •  Tweet This  •  Add a comment  • 
Mar 11

  stuloh Just registered for this E-Commerce Law conference at SLS http://bit.ly/hIt5dZ (I highly recommend this one!)

  5:58pm  •  Tweet  •  Tweet This  •  Add a comment  • 
Mar 11
Mar 11

  stuloh Journo shield laws now cover bloggers and tweeters in Oz http://bit.ly/hqnk7C (would've helped Gizmodo with the iPhone 4 leak last year)

  8:59pm  •  Tweet  •  Tweet This  •  Add a comment  • 
Mar 11

  stuloh Current hot thread on an @ACCinhouse email group: "Employee wants to fly his own plane instead of taking commercial flights. Do we let him?"

  12:16am  •  Tweet  •  Tweet This  •  Add a comment  • 
Mar 11

  stuloh So, the NY Times is introducing a paywall... well that sucks.

  2:42pm  •  Tweet  •  Tweet This  •  Add a comment  • 
Mar 11

  stuloh Dan McCarthy's DSO2 print looks even better in person http://bit.ly/dZ4vru

  6:44pm  •  Tweet  •  Tweet This  •  Add a comment  • 

  stuloh Groupon rumored to discuss IPO at $25b valuation - http://bloom.bg/edUClh (cc @LegallyTech - still rash for not selling out at $6b?)

  9:45am  •  Tweet  •  Tweet This  •  Add a comment  • 
Mar 11

Brief thoughts on privacy policies

I came to the conclusion a while ago that a privacy policy is not really a legal document. It’s a document that has legal ramifications, yes, but in the same way that anything a business says has legal ramifications. Perhaps I should rephrase my first statement: I don’t think the privacy policy should be perceived as a legal document.

The privacy policy, for the last decade or so, has been the easy way to comply with privacy laws and regulations. It’s one document which checks all the boxes for most privacy requirements out there. All privacy frameworks require some sort of notice to be given to users about privacy practices. Some are explicit that organizations need an actual privacy policy document, but not all of them. The US-EU Safe Harbor Framework, for instance, only says: “An organization must inform individuals about the purposes for which it collects and uses information about them … This notice must be provided in clear and conspicuous language when individuals are first asked to provide personal information to the organization or as soon thereafter as is practicable, but in any event before the organization uses such information for a purpose other than that for which it was originally collected or processed by the transferring organization or discloses it for the first time to a third party.” (The EC’s FAQ however does mention a privacy policy.)

In Australia, NPP 5 and the proposed replacement UPPs do require a discrete Privacy Policy – but this is in addition to a general notification requirements (NPP 1.3, UPP 3).

In the online world, all you really deal with is information, and so figuring out how personal information and other data flows can be an intricate task. It’s tricky enough for people working inside an organization to figure this out (imagine how the privacy people at Facebook feel when all the engineers are working on 101 new features at once and they are trying to keep up with where all the data is going). So, when it comes to communicating all of this to an outsider, you can imagine the difficulty this presents. This is why you end up with privacy policies many thousands of words long. They’re virtually useless in the real world.

For some time now, people have regarded that privacy is merely a matter of having a privacy policy and making sure that an organization sticks to it. No longer.

The world is gradually beginning to realize that privacy is actually about helping people to understand what is happening to their information. Not just in theory, but in practice. Just because the information there, but buried somewhere in that policy, doesn’t mean it’s going to be helping anybody understand anything.

No one reads a privacy policy from top to bottom (with the exception of, in my experience, lawyers, compliance officers, and Germans). But people do read privacy policies to find out specific things. Are you going to sell my data if I give it to you? Do I own my data? Will you still keep my profile if I decide to delete my account? Unfortunately, this information can be pretty hard to locate – you almost need an FAQ for the privacy policy.

So now we see the gradual introduction of condensed privacy policies, layered privacy policies, and more interestingly “just in time” privacy notices. For example, when you have an iPhone App that wants to grab your location, you get a popup asking if you want to disclose it. The thing is, people only care about certain things, and most of the time it’s obvious.

When I install a Facebook App, my most immediate concern is: is it going to post stuff on my wall without asking me first? And then, what profile information is it going to grab from me? Facebook’s JIT notice doesn’t do a very good job of answering these two questions.

If you use Foursquare, your main concern is: exactly who is going to have access to my location information and how can they use it? And then, if I decide to leave after I try your service for a day, will you delete all my data?

Of course, there’s a tension between what the business guys think will increase conversion rates, and what’s good privacy practice, but that’s another topic for another day.

Anyhow, that brings me back to the privacy policy. Obviously it’s not working, but yet it’s kind of necessary. If the way a business handles information is complicated, there’s no possible way you can explain it in a single screen. So, what to do?

You have to get away from the idea that the privacy policy is a legal document. It’s a help document. It should be accessible.

Why don’t more privacy policies have pictures? Videos? Interactivity? Why aren’t they structured in a way that makes it easy for people to zero in on what’s really important to them?

Instead of burying the important stuff, bury the boilerplate – the stuff everyone already expects (e.g., everyone tracks visitors using web bugs, this is not a surprise to most users). Answer the customer’s most burning questions clearly and you’ll implicitly be conveying that you acknowledge what the customer really cares about. That sounds trust-building to me. If your privacy practices, when disclosed upfront, turn a customer off – then imagine how they will feel if they sign up, use your service, and then find out about it later?

  9:19pm  •  Law  •  Tweet This  •  Add a comment  • 
Mar 11

  stuloh Fukushima plant's containment vessel breached, incident now rated at level 6 http://bit.ly/i3HmxT (cc @LegallyTech)

  8:23am  •  Tweet  •  Tweet This  •  Add a comment  • 
Mar 11

  stuloh Bill for the Startup Visa Act of 2011 introduced http://tcrn.ch/eqO5fs (cc @LawGives)

  2:35pm  •  Tweet  •  Tweet This  •  Add a comment  • 

  stuloh RT @LawGives: Cloud privacy and security receive attention at #swsxi http://t.co/43w5WQQ via @cmswire

  11:20am  •  Tweet  •  Tweet This  •  Add a comment  • 
Mar 11
Mar 11

  stuloh EU website cookie laws. Seriously, Europe, what's up with that?

  11:28am  •  Tweet  •  Tweet This  •  Add a comment  • 
Mar 11

  stuloh Pro tip: if you are an LLM student in the US, this is what not to do - http://bit.ly/i3BHB5

  7:39pm  •  Tweet  •  Tweet This  •  Add a comment  • 
Mar 11

  stuloh RT @LegallyTech: RT @stanfordlaw: Is it in the air or in the water here? Forbes on Stanford Law http://bit.ly/ekAYBZ #entrepreneurialspirit

  9:53am  •  Tweet  •  Tweet This  •  Add a comment  • 

  stuloh Letter from Warner Bros' lawyers firing Charlie Sheen - this is GOLD: http://bit.ly/eRVBbu

  8:33am  •  Tweet  •  Tweet This  •  Add a comment  • 
Mar 11

  stuloh Ugh, terribly complicated tax returns this year, but I found a great Aussie tax agent who does tax for expats who's on top of his game!

  4:57pm  •  Tweet  •  Tweet This  •  Add a comment  • 
Mar 11

  stuloh Upgrading through every version of windows on the same computer http://post.ly/1hvFr

  7:01pm  •  Tweet  •  Tweet This  •  Add a comment  • 
Mar 11

When an hour is worth more than an hour: calculating your hourly rate

Some industries are known for their brutal work hours. For example, if you’re a service provider involved in helping large cap companies with their M&A transactions, it’s likely that you’re not a stranger to the 100+ hour work week. Although the remuneration for these jobs is usually very high relative to other occupations with more reasonable hours, cash compensation is often normalized by converting it to a per hour metric. Take your salary+bonus and divide it by an estimate of the number of hours you work per year. If you work 50% more hours than your peer but only get paid 20% more, your peer is actually making 20% more than you when you convert it to an hourly rate. Of course, absolute remuneration still counts for something – if you are making 20% more per hour, but are limited in the number of hours you can work, you can’t really take advantage of that better rate to make more money. And salaried workers don’t get paid by the hour, so the question is moot – you can’t make more money in your job by working more hours. You have to use the extra time you have to find another source of income.

But back to the idea of calculating an hourly rate. On reflection, I think that this simple calculation doesn’t take into account quality of life considerations. After all, an hour of work spent between 3-4pm is a lot different to an hour of work spent between 3-4am. It’s far less enjoyable when you’d rather be in bed, for one (I always say, I don’t care how much you enjoy your job – it’s hard to enjoy anything at 8am when you’ve just pulled an all-nighter). To account for this, we need to assign a greater value to time which is outside of “normal” working hours. For example, outside of the usual hours most people work, say 7am-7pm, you start to give up things that most people don’t. Dinner with friends, your own free time, sleep, and, potentially in the long term, health. So, if you work from 8am to 11pm, that 15 hour day should actually be considered to be worth more than 15 hours, because at the end of the day you begin to sacrifice things that most others don’t. I think there needs to be a graduated scale, with abnormal working hours being weighted with a multiplier.

One model of this could be as follows:

Time Multiplier Notes
7.00am-7.00pm 1.0 Typical working hours
7.00pm-10.00pm 1.25 Giving up free time for meals, socialising
10.00pm-1.00am 1.33 Giving up free time for R&R, hobbies, etc.
1.00am-7.00am 1.5 Sacrificing sleep
* Additional 25% added for weekend work during these hours.


For example, if you typically work a 70 hour week, with 12 hour days from 9am-9pm and 10 hours on the weekend, then each weekday would actually be considered to be a 12hr 30min day, and work on the weekend would count as 12.5 hours, giving a total of 75 hours. Another example is if you pull a 9am-3am day, the 18 hours actually counts for 22h45m (12h + 3h45m + 4h + 3h). The result is a decrease in your effective hourly rate of compensation.

The numbers I have picked are arbitrary, but my main point is the concept. Ultimately if you genuinely love your job and there’s nothing else you’d rather be doing (as is the case with many entrepreneurs), the hours don’t matter as much. However, weighting hourly calculations this way is a good way to quantitatively factor in other important things in life, like health, relationships, and so on. Different people may choose to weight numbers differently depending on what’s important to them in life. The next time you try and figure out if a job has really been “worth it”, consider the quality of the hours you’ve had to give up.

  11:04pm  •  Life  •  Tweet This  •  Add a comment  • 

  stuloh I wonder what the going price for a second-hand iPad 1 is now?

  12:17pm  •  Tweet  •  Tweet This  •  Add a comment  • 

  stuloh The ACC mailing lists could be an even better resource if you could drop all the Q&As into a system like Quora. Maybe when Opzi releases?

  8:18am  •  Tweet  •  Tweet This  •  Add a comment  • 
Mar 11

When ultramarathons are routine

There is a group of people called the Tarahumara living in Mexico who are well known for their long distance running.

The statement that, “The Tarahumara may be the finest natural distance runners in the world”, made by University of Arizona archeologist Michael Jenk inson, offers some insight into just how good the indians are at running. The Tarahumara routinely run distances only covered by only the most advanced ultramarathon runners today. … While on foot, the Tarahumara do not stroll from one place to their destination, running is used to perform everyday tasks. It is not uncommon for a Tarahumara to travel between fifty and eighty miles everyday at a “race” like pace.

Tarahumara running is based on endurance not speed. This fact is exemplified by their hunting practices. In order to catch such wild animals as deer, wild turkeys, and rabbits, the Tarahumara simply chase after the animal until the animal drops from exhaustion. Their hunting practices are widely known in Mexico and ranchers have been known to hire the indians to chase down wild horses. It is also said that a Tarahumara once ran six hundred miles in five days to deliver a very important message.

Another article.

  7:48pm  •  Sports  •  Tweet This  •  Add a comment  • 

2024: Jan
2023: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2022: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2021: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2020: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2019: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2018: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2017: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2016: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2015: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2014: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2013: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2012: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2011: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2010: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2009: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2008: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2007: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2006: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2005: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2004: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2003: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2002: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2001: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2000: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
1999: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
1998: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec