A VRM journey

Adriana Lukas


February 2009

Download PDF Version


About two years ago, in October 2006, I was having a drink with Doc Searls after a client gig in Philadelphia. Doc mentioned this new project he's working on with the Berkman Center - helping customers to find better ways of interacting with vendors and vice versa. The idea was to flip CRM along the lines of: if vendors can manage information about us, why can't we do the same about information about them?

This was the first time I ever heard about VRM (Vendor Relationship Management). It took me two minutes to decide that this is what I wanted to help bring about. After all, one can't rush into these things...

VRM appealed to my unhappiness with the way companies treat their customers, and the skewed balance of power between individuals and institutions. It especially it appealed to my experience of the web changing the rules on the existing powerplays. I have spent the last five years introducing many people to this shift, encouraging them to exercise their autonomy and to pursue independence from third parties, intermediaries and agencies of all sorts wherever possible.

Since then I have participated in the project, many discussions, and dabbled in implementation. I have joined VRM committees, mailing lists and groups. I attended VRM events (IIWs, VRM workshops ) and organised a few myself (VRM Hub Thursday evenings, Scratch your VRM itch, Unlocking the See-Saw ). I have started an open source project to build tools that get us closer to VRM reality. It has been interesting two years and although I have often felt I was repeating myself like a broken record, it has been worthwhile to see people join our effort and to see the VRM memes propagate.

As more new people are coming across VRM, ideas and thoughts covered in previous discussions often get lost in the cacophony of new online conversations. Continuous partial attention and constant flows of new information often means that what has been said and written yesterday gets quickly buried under the layers of today's news. This is the beauty of the web although I can always go back and unearth the old stuff... which is exactly what I have done. I have put together my writing on VRM and related topics.

For those who have followed my blog and had discussion with me over the last two years, this document isn't entirely new. Editing it has helped me join the various dots and I hope it will do the same for others. The 'story' which emerges is one of a journey from the social web and my growing dissatisfaction with some of its aspects, to VRM and to finding new battles to fight. The recurring themes are social networks, online data, individual autonomy and third parties, privacy and, of course, VRM.

The first part deals with the social web and data, privacy and identity - the emergent trinity of online existence. I deal with social networking and social software as it's unavoidable when writing about the social web. This forms a backdrop for my approach to VRM and underpins my disagreements with other implementations.

The second part is an introduction to VRM - a short description written more than a year ago that sums up the simple vision. The details of how it might happen are not simple though. Also there are the VRM principles that I support, and want to see guiding any VRM implementation.

The third part is VRM as I see it: what it means to me and what it doesn't mean to me. VRM is about shift of power to the individual, about building an alternative to transactions, moving away from centralisation, making tools enabling us to take charge (managing and sharing) of our data, giving the individual the option to take back privacy and 'practise' greater autonomy. What it doesn't mean is: having a field-day for intermediaries and third parties, aggregation or automation of such data, matching services, clearing systems, bot-like RFPs and anything that takes the focus away from the individual and his ability to relate with others.

The final part is about the direction I am taking all this. The Mine! Project and what I see as VRM infrastructure, Mine!. This section is a pointer for those who want to follow the implementation.

Social web

Whose data is it anyway?
Data policy I can call my own
Models of Data Imprisonment
Daa Scaffolding
Data in transactions
More Social than Open
Anti-Social software
Social Software and the Blue Pill
Privacy delusions
Creepiness factor
Bringing identity home

Two-platform world  

Introduction to VRM

Bottom line

It's autonomy, stupid

VRM principles


Company camera lenses

Running the show

What VRM means to me

Blogging redux

A source most authoritative...



Open as in...

User-centric isn't user-driven

What VRM doesn't mean to me

Third parties and intermediaries   
Providing vs Enabling


Aggregation, or power, is not in numbers




The Next Stage is Mine!

Power to the Persons
What Mine! is NOT
The Mine! project




Many thanks to Carrie Bishop without whose patience, understanding and skill with scissors (don't ask!) all this would still be lingering on my laptop. Much gratitude also to Alec Muffett for proof reading and correcting my transgression against the English language. And finally, thanks to all who actually finish reading this!

About the author

I started blogging in 2002 on the political blog Samizdata.net, an experience that eventually  shifted my life into a different gear and has led to my setting up The Big Blog Company in 2003. My current blog is Media Influencer.

Apart from working with clients in the UK and the US, my primary focus is in making VRM happen.  I initiated, and continue to organise, the London based group VRM Hub, a community that aims to bring VRM to the social web scene, to businesses and individuals.

I spend much of my time on the Mine! project. The aim is to create tool(s) designed to give an individual user a 'platform' of his own by helping him to capture, manage and share data on his own terms. This endeavour is related to, though independent of, the Project VRM.


Social Web

My web presence, existence, identity, digital footprint - all my online DNA is fragmented. There is
currently nowhere I can pull it all together and take charge of it, let alone benefit from it. The online economy, information transactions, communications and e-commerce rule the day, my attention is traded as eyeball currency, my data 'hijacked' and used 'against' me (marketing, ads, spam, privacy abuse etc), my transactions and purchase history are locked into vendor silos and keys thrown away (CRM).

My dissatisfaction with the social web is reflected in Danny O’Brien's question:

When you want to make a private picture or note available only to your friends, why do you hand it over to a multi-national corporation first?

Whose data is it anyway? 

Talking about ownership of data online in terms of control is fairly pointless. Once your data is out, it’s out. So instead of delving into "ownership" and what it means in a decentralised, distributed and open network where sharing and transparency are default, let’s look at how the data is generated by the individual and shared through interactions with others.

Data generated online is a positive externality for the vendors and platforms that capture our data. Positive externality is something that is not part of the value traded in market exchanges. It is something one of the parties in the trade benefits from, without having to pay for it. For example, pollution is a negative externality as it is: 1 

a) a by-product of manufacturing processes and,
b) is not included in the cost or price of the products.

So, when I am buying something from Amazon or the Virgin Atlantic website, the explicit value exchange is the goods they provide and the money I pay for those goods. My data is external to that value exchange - the vendor is not paying for it and I am not being paid for it. In the current set-up (no pun intended), the vendors benefit by using the data in ways that help their business, from mining to selling it on. On the other hand I have scant legal protection against that and even with all the laws in place such as Data Protection Act and other restrictions on those who capture my data, a large portion of data collected from me is for marketing purposes - usually way above the threshold of data legally required to complete transactions.

The advent of the ‘free’ web has mightily confused the distinction between data as part of a value exchange and data as a positive externality - simply because most platforms with web services have turned what was essentially an external benefit from other exchanges, into the foundations of their business models. The ‘free services’ I receive are ‘paid for’ by my attention and/or my data - both eagerly gathered by various platforms. Advertising is a way to monetise my attention, aka eyeballs, and the race to monetising my data, other than crudely selling it, is still on.

In this context I own my data, in the same way I own my attention, and neither should be considered a payment for (free) web services unless it is specified in the terms and conditions of the exchange or service. It is merely a shift from one business model - online retail such as Amazon - to another where data becomes the value exchanged tacitly and without clear understanding. This is another reason why privacy remains an issue with such web services and platforms - as long as I have to depend on a third party to protect my privacy, it will be exposed by accident or incompetence, force by authorities or abuse - marketing and advertising.

The tensions between the data which is created and managed by us, and the tools we use and which belong to someone else, are becoming obvious on the social web. Mike Arrington’s outrage a few months back when Facebook was turning its back on FriendConnect is justified.

The fact is, this isn’t Facebook’s data. It’s my data. And if I give Google permission to do stuff with it, I’m damned well within my rights to do so. By blocking Google, Facebook has blocked ME. And that, frankly, kind of frustrates me.

Let me put this another way. How dare Facebook tell ME that I cannot give Google access to this data!

Arrington also condemns Scoble’s early attempts at ‘data portability’:

Scoble has been on the wrong side of this issue before, when he tried to scrape his friend’s contact information out of Facebook and export it to Plaxo. In that case, it wasn’t his data and he didn’t have the right to make it portable. It’s MY data, once again, and only I should be allowed to make that decision. He thinks his new position shows that he gets the importance of privacy, but once again he isn’t thinking in terms of who really owns the data and should be allowed to make decisions around it.

Here we go, "ownership of data" again. So when I add someone to my network, together with his photo and other profile details, I do not ‘own’ that data. It seems pretty pointless to debate that as whenever I sign-up to a social network platform, I am agreeing to the terms and conditions of their relationship with me and to what happens to my data, privacy etc. All my agreements are with the platforms and the way I enter those agreements is definitely lacking in balance of power. We do live in the early days of individual empowerment, but even so there is a distinct lack of tools that will allow me to be part of a network whilst independent of someone else’s silo, or allow me to become a 'platform'. 

Data policy I can call my own

Not only I am agreeing to terms and conditions of a relationship with social networking platforms, there is also no corresponding agreement with other users. The terms of service are between me and Facebook, me and MySpace, me and Twitter, me and Flickr, me and Plaxo, me and LinkedIn, me and the "socnet de jour". They do not extend to my relationships with other individuals on the same platform. Relationships are defined the same way as terms & conditions are: from the point of the platform, not from the point of the individual. So, ironically, social networking platforms designed to help me connect with others, to create and maintain relationships with them, are not really allowing me to define those very relationships.

In other words: there is no way to interact with others within the silos based on what I'd call P2P terms and conditions. These could be privacy agreements if we wish, ranging from simply not-bothered-about-what-happens-to-my-contact-details-in-your-social-graph all the way to granulated preferences for different people in my contact list. So - just like in the real world - there are people I’d trust with my address book and there are some I wouldn’t trust with my address. Instead of building complicated systems and using technology to make such nuances in relationships explicit, I need tools to help me manage the complexity of human relationships. I need tools to reflect what is already implicit, in my head and which defines me as a social animal whilst not tying me up in legal pretzels over various policies, permissions and access management nightmares. To paraphrase Kevin Marks' Social Cloud talk at Lift08:

Software cannot match out ability to sort out our friends and contact, establish how much we trust them and how we arrive at that trust. No software can fully map the relationships, let alone replace our natural ability to create and maintain them The implication is that therefore software should support the kind of cloud abstraction we have around the internet, also around our social relationships. You can feed it (the social networking app) relationships that are in the ’software in your head’, feed the stuff related to people in your network to software online. 

Data Imprisonment

As an individual my relationship to my data can be described in matrix of several kinds of imprisonment - and I am interested in building an option where none of these are the case:

Jail with visiting rights - closed platform a la Facebook, MySpace, Bebo, Flickr, Amazon, Expedia, online bank statements and any site that doesn’t allow export of data in interoperable format. My data is under lock and key elsewhere, and I cannot get more than a view of it through the bars of the jail. For instance I would manually enter my profile or other data into a Facebook applications (and now a few ‘trusted parties’), but there is little or no hope that I could get the data back out again, other to save the JPEGs of the resulting output (screen grabs) - which decimate rather than reflect the value of the original input. Further, my data starts losing weight, as any inmate locked up. As the original data is never at my beckoning, all I can play with is its "representation".

House arrest - desktop applications for data management, iTunes, Excel spreadsheet, word processing, etc. Example, my music (ripped, not bought from the iTunes store) is my data is on my computer in a format that is hard to share with anyone. The software is not designed to enable sharing of data - the net result is my data is nominally under my control, but it is just as locked up as Facebook. (No export or no guarantee that exported data is in a mashable format)

Open prison - online data management tools, Wesabe, uploading from iPhoto or Picasa to Flickr.com. This means I can share (better than house arrest) but the data is centralised a little like Facebook (almost as bad as jail with visiting rights) and although the rendering tools are more advanced and, being centralised, can be upgraded without user intervention, there is still a big similarity to glimpsing my data which is held within the jail.

Out on bail - feed readers and online calendars, e.g. OPML, Google Calendar, iCal. The data is more or less yours and mostly under your control for export, import and sharing. But it can’t travel far and there is only so much you can do with it. It certainly can’t be mashed up with data in other formats or on other topics than calendar or feeds. (Dopplr lets you go furthest in combining calendar, Flickr and map data etc).

Out of jail - I hold my data on (explicitly) my resource for sharing; I can share my data beyond just what Flickr, del.icio.us, etc, provide as tools to render my data, and in more places than just those platforms - for instance with a supermarket or gym or others (vendor?) who could benefit from knowing what I am eating and when I am exercising. In short: the Mine! enables controlled sharing beyond the Mine!’s own rendering itself. The bars are removed and your data can go where you desire it to.

Doesn’t that turn Plaxo Pulse, Friendfeed and other such aggregators into a prison parade?

I want my data out of jail. I want to be able to take charge of my data (content, relationships, transactions, knowledge), arrange (analyse, manipulate, combine, mash-up) it according to my needs and preferences and share it on my own terms whilst connected and networked on the web.

Data scaffolding

For some type of data a flow aka activity stream is just fine, Twitter, Flickr, FriendFeed, PlaxoPulse, Facebook etc. Structures sometimes emerge - sets, rooms, groups. For other purposes I may need alternative data structures and new functionality to build them. A good foundation would be a pool of tagged objects, flexible and without pre-determined data taxonomy. Through ownerships of the actual data, as opposed to its representation, e.g. Facebook, Amazon reviews, the individual user will be able to manipulate them at will.

Here are some ways of thinking about data organisation:

  • skeleton - data structures created prior to data input as a skeleton for data with known or standard structures to be stored in later, e.g. medical or financial data or other complex data
  • companion  - created with input of new data e.g. when you upload photos, you create sets; when you bookmark a link, you add tags and notes etc
  • librarian - created on retrieval, the hierarchy or structure emerges at click of button depending on what you are looking and on the flow or the dynamic of the data, e.g. I click on a tag in del.icio.us and get all articles tagged with it
  • shoe-horn - rendered through a single vision – google reader and del.icio.us, pick your means of rendering – by tag, by who person, date, no tag at all
  • builder - created from a pool of objects, with tags and meta-data, with functionality that helps you create whatever hierarchy you want

Hierarchy is often synonymous with order. A feature of hierarchy of information (taxonomy) is that it exists outside the user’s mind. The web has driven home the point that taxonomy is by far not the only order possible.

But what about convenience? If users have to determine not only the data flows but their underlying structure, doesn't that mean more work? To flip the way we tend to think, from the user’s point of view the structure (taxonomy) doesn’t have to precede data. Emergent order is more user-friendly in the long run - think folksonomies and tags vs. directories and folders. In short: order and complexity should come from usage, not design.

Data in transactions

My data is an externality to purchasing transactions, just like attention is an externality to my reading, watching or listening to something else. Marketing lives off my data, advertising lives off my attention. My data (and by extension me) is not respected because companies can trade it as a commodity without paying for it. The way to address this is not to make them pay for the data (and create many snake oil intermediaries in the process) but to make it possible for companies to enter into relationships with the true owners of the data.

So what is to be done? How can one internalise the externality? How do I regain control over something that originates from me and is used in my transactions with others? This is the stuff of VRM. Broadly speaking, it is about finding tools and technology that give the individual sovereignty over his data, so he can exercise choice over who gets to see it and under what circumstances. This will change the balance of power and eventually demonstrate to companies that by respecting people’s data, and by extension, respecting people, they can make more money.

More Social than Open

When it comes to sharing my data and activity streams with my friends and networks, I do not want to be restricted to social network aggregators - they are merely another type of prison for my data. As a user I want to take my information, profile, contacts and context with me wherever I want. If I invest my time in creating profiles and gathering contacts (thus inviting my friends to invest theirs) and in building context - which is more important than data - then I do not want to lock the value in a silo. Especially since if data itself has become a commodity then it can be replicated and distributed without the physical constraints of the offline world. What is now most valuable and rare is context because that still a) has to be created by humans and b) is not machine readable.

To elaborate on Tim O’Reilly’s two key principles of Web 2.0:

- It’s the data, stupid. (Formerly “Data is the Intel Inside”), and...

- Small pieces loosely joined.

I suggest one of the principles of the Social Web is:

     It’s the context, stupid.

Online 'social' applications need to be based and designed around the user, rather than yet another platform and its VC-fuelled growth - which is what every social network to date has been. If you design for the individual, the distributed approach is definitely the way. How can we design an architecture around increasing control over our data? Alec Muffett sums it up:

…should we consider making a VRM pilot and simplify our lives by making the assumption that the database would be wholly centralised? The answer to that was an emphatic NO; the reason being that working from a perspective of “the data is centralised in a fortress” will lead to thinking that will never be able to accommodate a distributed architecture; whereas there is nothing to prevent an architecture which is capable of distribution [from being configured to behave] in a wholly or partly centralised matter, as a convenience. In short: the web-browser would never have been invented had someone elected to ignore the distributed nature of the Web; instead, they would have merely yet again reinvented the file-browser. So: design it distributed, test it distributed but implement it however you choose.

Let's not throw the baby out with the social network bath water. Networking on Facebook, MySpace and other silos is like taking driving lessons. There is no recognisable direction. It seems pointless unless you know that you are just learning and practising. Facebook and MySpace seem a lot like that to me - but once people work out how to drive, know how to operate the machine and how to get from point A to point B, they will be able to decide what their destination is and get around under their own steam - and that’s when the real fun starts.

Social networks are good for communication with friends, if hardly of much use for early bloggers. It is great to find a long lost friend, knowing they exist is better than losing contact with them forever. Social networks enable one-to-many communication for individuals - unheard of before the age of the web unless you were a politician, an author, a celebrity, or had some sort of institutional backing whether through politics or the media. However today I can communicate efficiently and persistently with people in my contact list and let them expand upon that communication if they are interested.

Social networks are the ‘learning wheels’ for our identity online. From that perspective, they are not a waste of time, just as driving in a parking lot of a driving school is not pointless. It is about the ability to manage one’s own data, and network, and eventually one's identity. Even social networks built on closed platforms cannot diminish the first giddy experience of creating a profile that consists of more than just a username and data which serves the platform owner more than the user. It is the control, the flexibility, the fun and play, the ease of communication and technology that makes the whole experience dynamic and mildly addictive. For a while not much else will matter to most users and as a result privacy and security for many is "nice to have", rather than a "must have". I believe that will change as people become accustomed to having more control over their online environment. I want to be able to help when this happens and they'll want something more - to have their own car and their own choice of the destination, so I joined the VRM group hoping to equip people with their own vehicles - tools that enable them to take charge of their data, provide context for it, learn from them and pass them on as they see fit.

Anti-Social Software?

I want two basic functionalities from the online tools which help me organise my life and connect me with people. First, I want to capture and sort out my data, upload photos, take notes, cross-reference information, etc. For that I need applications that are more analytical than the current social media/web tools. Second, once I organise my stuff, I want to share it in ways that are more social than current web 2.0 tools allow me to be.

Existing web applications have serious limitations: an example is my uploading photos to Flickr and structuring them around my needs. Flickr presents a stream of photos and I am not really in charge of how they are organised. For example, I have 100+ wine photos as part of my wine interest; if I upload all of them then that’s what people subscribing to my Flickr will see as they all appear in my Flickr stream. I have the choice of a couple of combinations of friends & family settings to restrict access, but that does not solve my problem - I may want some people to see the wine photos whilst I may not want others to be bored by a bunch of wine bottle shots; plus some people may not be on Flickr, so for them (and me) the privacy settings don’t help.

On another occasion, I needed to share photos with my mother who is not on Flickr. It was a practical need - we went shopping together for items for her apartment and the photo set was meant to help her remember and decide what to buy and exchange notes and comments on the photos. I couldn’t make it work. I tried setting a new account for only those photos but there were too many for a free account and I didn’t feel like paying $24 for this simple use. I tried signing her up to Flickr, as a family contact, and uploading the photos with the family setting. This was awkward as I don’t necessarily want other contacts with the same privacy setting to see those photos or me being forced to change their status permanently. In other purposes I wanted my own photo-storage space, not just for communication or publishing but for my own notes for future reference. I also wanted to share it with friends who might be interested in my wine photos or window-shopping...

But isn’t social networking all about being social? Not quite. At the moment I don’t drive "who gets to see what" beyond simple decisions about who is ‘in’ and who is ‘out’. Social interactions and relationships are far more granular than social networks allow them to be. Usually, this is seen as a privacy issue and leads to complicated access management, e.g. Facebook privacy settings.

Our relationships are determined by others, such as Facebook, Flickr, Plaxo etc, presumably to give us more control or add structure to our social network and the contacts in it - but is lumping people into categories imposed by an application, "social"?  By determining the types of relationships I am able to have – business contact or colleague, family or friend, I am not able to reflect relationships I already have in their complexity and nuances. The best social software is not online, it is loaded on to my cortex, and no software can fully map the relationships, let alone replace our natural ability to create and maintain them. 

Privacy is merely the other side of the coin of complexity in human relationships. My ‘privacy settings’ are inherent in my behaviour. My privacy policy should not be embedded in any software. In that sense, software cannot be social, or antisocial - apologies for the rabble-rousing heading of this section - though it can help me be more or less social. Software privacy settings limit my ability to be truly social i.e. capable of maintaining complex relationships and interactions with others, arguably the purpose of such tools. Truly social software needs to satisfy both requirements of online life - to allow its users to organise their data according to their needs, and to support people’s relationships as defined by themselves.

Social Matrix and the Blue Pill 

Our brains and minds are the best social networking tools. Software cannot match our ability to sort our friends and contacts, establish how much we trust them, and represent how we arrive at that trust. No software can fully map our relationships, let alone replace our natural ability to create and maintain them


At the moment, we are all connected to the matrix, the tubes still being more important than our freedom to move. The many silo-like platforms try to keep us hooked and locked in, whilst giving us enough delusion of capabilities. Alas, there is only so many times you can poke or zombie someone before you start wondering "what’s the point?"

The point is I want to be able to hook or unhook myself at will. I want to be able to connect and create relationships without lock-ins - other than the ones that relationships bring with them naturally.  I don’t believe I will be able to do that unless the tools are built around me, for me and eventually by me.

One of the fundamental building blocks of VRM is the ability of individual users to take charge of their data instead of managing them via a platform and ‘trading’ that data for the functionality that the platform might provide. Once I have it in my hands, I can manage, analyse and whatever else I wish to do with them, applying various functionality directly. And share and interact with others in ways richer than platforms currently allow. It might be messier to start with but closer to human affairs in its complexity. And that is a Good Thing.

Privacy delusions

Privacy is a fine thing and until we are the ones who determine what goes out and what stays in, it will be mostly a delusion. Our privacy is protected in about the same way that a pretty young girl is safe in hands of a pimp, who is held in check by a few hastily drafted rules that are actually very hard to enforce. As long as he’s seen keeping his hands off her, he’s left alone. But she’s still at his mercy and there is not much she can do if he decides to sell her on. Substitute data and information about you and you’ve about got the picture.

On the other hand we have the wonders of connectedness and sharing which are also very fine things. It’s what made the web what it is today (in a good way). For most, to hoard data in isolation would be contrary to the openness and sharing of the web. However, I should have the option and ability to do so if that’s what I choose. It is about a balanced ‘relationship’ where sharing is voluntary, based on trust and entails the power to withdraw the benefits of relationships. At the moment, my data is held to ransom in abusive relationships and the fact that I get ’something’ out of it does not justify the imbalance of power. I should be the one making a decision about what happens to my data and by extension to my privacy. This should not be determined by Facebook or any other web-app, silo or platform. 

I learned a very important point from security geeks - that "security is a policy" - security is what you define and want it to be. If you want to connect an unprotected computer to the internet in order to study how fast it can be destroyed by viruses and overtaken by bots, then your computer is 'secure'. Your requirements for security are met. The same goes for privacy - what is sufficiently private for me may not be for you, and vice versa. 

Also, privacy may be a policy of the individual, but not in a sense of a privacy policy for the individual chosen from a given selection in (say) the style of "Creative Commons". There is a huge difference: for instance, I have a policy about who I let into my house. I don’t need to display it on my doors or attach it to my address or business cards. It is far more convenient and flexible for me to decide there and then, when someone’s knocking at the door. It is my implicit privacy policy that kicks in. Sure, I don’t want junk mail or door-to-door salesmen but just because I can display notices to that effect, doesn’t mean that is the way to deal with the rest of the humankind. Online privacy is about creating tools that help the individual to control access to data to the point where he/she decides practically and directly who gets to see what - without reliance upon a third party or intermediary.

Further, what sense can a uniform set of rules or system make in an environment which is decentralised, where it is near impossible to enforce and communication is distributed and persistent? Building privacy systems, instead of letting people implement their own privacy 'policies', makes privacy an awkward bolt-on when it should be natural and integral to our behaviour. The more people who learn what "privacy" means and understand its merits and the price of its abuse, the better ‘policies’ they can devise for themselves...

Alas, instead, privacy is an issue often regarded as a trade-off that 'consumers' are only too willing to make in return for some benefits to them. I tend to think it is an issue of choice - if there is no meaningful choice and people understand this, they might just as well forgo a bit of privacy in exchange for what appears tangible benefit to them - a discount, a better deal etc, but as tools arise to help people to take charge of their own data, their mindset will shift too. Peoples' tolerance for privacy violations will decrease, just as our tolerance for lack of connectivity or quality is dropping; these are different issues but the same behaviour pattern. For now, we are used to our data not being 'respected' - that the choice we have with regard to our privacy is only a binary choice: either you play and give up your data or you don't and exist in splendid isolation.  The latter is not a way to benefit from the web, whether it comes to social networking or shopping. People do care about privacy and examples of how easily they give up their data in exchange for trinkets are not convincing. so until people feel that they have a real choice such skewed behaviour is not illogical.

Creepiness factor

There is a valid perspective which regards many of the social networking applications to be "stalker's tools".  Let's take Twitter. I explain its benefits using the term ’synchronicity maximised’, to describe the ad hoc organisation of real world encounters, ambient intimacy, connectivity and sharing which makes Twitter so useful and addictive.

I am in New York having brunch with a friend and I twitter about it. This may seem creepy to some, knowns as the ‘creepiness factor’. This usually refers to someone not necessarily violating your privacy according to the law but to the ability of others to gather your public details (as private data would be a privacy violation) and piece together information about you. This allows them to act in ways we don’t expect or foresee. It is the realisation that someone knows so much about us by deliberately gathering information and using it to behave in a way that implies familiarity. It feel like a violation of autonomy and privacy, even though existence of either is a delusion in our mind.

There is a difference between me 'broadcasting' on Twitter that I am having brunch with a friend plus the exact location, and learning the hard way that someone is ’scraping’ or gleaning such information from places that I might have, rather foolishly, considered private or semi-private, such as Facebook or any kind of behavioural targeting so favoured by desperate marketers.  It comes down to me knowing what happens to my data. The creepiness comes from realising that someone is gathering and piecing together information about me for purposes that don’t directly involve me and/or are not necessarily in my interest. Twittering my location is not a problem if I am doing it with awareness of my network and audience.

All this contributes to doomsday talk about privacy and the view that the web is eroding it, and that the younger generation using social networks and other web applications don’t value it or give it away all too easily. Often privacy is considered a legal agreement to be guaranteed only by an enforceable contract. This is correct with regard to information about me held or managed by third parties but it does not address or reflect the way people interact online. Building systems or processes that force people to ‘behave in their best interest’ or to ‘protect their privacy’ does not deal with the problem. Privacy is a policy and not a system. Terms of service and other legal agreements are creatures of systems, platforms and silos. As an autonomous individual I am the best judge of my privacy requirements. When I talk to my friends I know what to tell them and what not to share. If I mess up, I suffer the consequences and learn not to gossip with those who betray confidences.

In contexts that are beyond my immediate social circles and when money or reputation is at stake, I need to understand the consequences of sharing information so I can manage my privacy. But if my privacy is not up to me to manage, there can be no demand for such knowledge to be available. As  a result many people have no idea about how their data is used and abused. So that is part of the challenge in which the web has helped enormously - it is now possible for a dedicated or persistent person to find out what’s going on most of the time although most people tend to underestimate exposure and use of their data by others.

There is little they can do to act on that knowledge; as pointed out above, our privacy options are rather binary. Either you participate in transactions, exchanges, communities, etc., and you give up some of your privacy - or you don’t. However unacceptable I find the former, the latter is not the way to live either, online or offline. The best privacy settings are in my head. At the moment, I have little ability to ‘execute’ my privacy policy. Why assume that such ability has to come from the legal world and why not start building tools that help individuals manage their data and help them to determine their privacy behaviour themselves?

Bringing Identity Home

There is another concept firmly connected with privacy, data and especially with social networking - identity. Identity is one of those elusive concepts that underpin several important debates. Online, to my amazement, I often see logins and passwords to various sites and platforms described as “identity”. I don’t think of them as my identity, but as things that I currently need to access bits of my scattered identity, at best they are my meta-identity. (Btw, by self-defined identity I am not referring to self-asserted identity which also relates to identifiers of the kind I see as meta-identity. I am looking for ways of establishing identifiers that are part emergent, part validated by relationships, rather than by a systemic-level third parties designed to do that. Let’s not have a ‘centralised’ trust, let’s have distributed one.)

In short, let me have a go at owning my identity myself, on my own terms, the web way, without intermediaries, ‘trusted’ parties and hierarchical non-direct ways. Locking me into new ‘better’ platforms, offering ’services’ to manage my meta-identity is like putting a band-aid on a gaping wound. Instead, give me tools, flexible and modular, to reclaim my digital personae and help me piece together my fractured identity. And then allow me to drive it forward with all of the benefits that it can bring me and to those I interact and transact with. Learn to live with the unpredictability and emergent juicy goodness that comes from my independence and lack of your control over me. Finally, let me learn from my mistakes, my first uncertain steps with my own data sovereignty. Without those how can I ever learn to fully value privacy, security and engage in mutually beneficial interactions?

Two-platform world

On the social web, the number of third-party defined spaces for 'containing' bits of my data - photos, content, relationships, transactions and purchase history, movements, knowledge, and privacy, grows by the week. They enable me to create stuff and share it with others online. But I still lack the means to perform simple functions of capturing, managing and analysing my data as well as sharing it on my own terms without the risk of the data being lost or abused.

The good news is that with more tools and ways of distributing, photos, videos, writings, cartoons etc. are being 'liberated' from the channel world of one-way media. The bad news is that they more often than not create more platforms and silos. As far as I am concerned there are only two platforms - the individual and the web.

Introduction to VRM

Bottom line

VRM is about providing customers with tools that make them both independent actors in the marketplace and better equipped to engage with vendors.

Imagine being able to take charge of your information and data, notes and records about past transactions, your purchase history, future plans and ideas, preferences and knowledge about areas of your life. At the moment you are the last person to be able to benefit from all this accessible only via various platforms. Your ‘digital detritus’ is not yours, it is information that others harvest and use for their own purposes. Imagine to be able to do that with the same ease as checking email, posting to a blog, adding a bookmark to del.icio.us, searching Google, commenting on an article, uploading a photo to Flickr, managing your google or ical calendar, leaving a review on Amazon, adding an application on Facebook. All this whilst protecting your privacy to the degree you find comfortable, sharing your activity or data as you wish, not as mandated by the platform providing some functionality in exchange for your data (Facebook, Amazon etc).

Imagine having your customers share with you what they like, want and think of you. At the moment, you are dependent on market research, which is like looking through a keyhole at the rich ‘user-generated’ world. Imagine being able to relate to your customers, consistently and persistently, where they contribute directly to your supply chain where it makes sense - whether it is R&D, product design, distribution and marketing. Interaction with them is modular, intuitive and user-driven, freeing much of your resources spent on marketing and transaction cost.

What’s in it for the individual?
The ability to manage and analyze your data will give you better knowledge about yourself, the kind of knowledge that is the holy grail of most companies’ customer data management. The awareness of your preferences, understanding of your needs will help you to articulate them easier and strengthen your position with vendors.

What’s in it for businesses?
We live in an increasingly decentralized world with more customer choice, yet vendors continue to fiercely collect and control customer data and exploit the opportunities therein. The ultimate goal of VRM is better relationships between customers and vendors, by considering and constructing tools that put the customer in control of their data and ultimately their relationships with other individuals, companies and institutions.

Benefits of ‘letting go’ of customer data:

  • Customers share the burden of storing and protecting the data - eases compliance, privacy & security concerns
  • Increased access to information about customers - direct benefits to the customer to share more data rather than less.
  • New services from previously unavailable access to customer data

It's autonomy, stupid

On the web I decide what I blog, bookmark, read and whom I add to my network. I have the autonomy to do things that ten years ago only institutions could - publish, distribute, build audiences, contribute knowledge, define concepts, ideas and get visibility, create a 'personal brand', sell and buy. VRM can tap into the autonomy and drive of people to create, share, distribute, and more.

Vendors need to adjust their behaviour and the flow and exchange of data between vendors and customers needs more level and balanced. The defining characteristic of such relationships is that both parties are comfortable with it, and mutually benefit from it.

For vendors VRM can find ways to outsource some of the relationship back to customers. Companies own whatever passes for a relationship with their customers and by law are responsible for the entirety of that relationship (CRM, customer databases, privacy policies). Think of the junk mail, the waiting on hold, repeating of the same information to tech support or customer service staff every time you call, of the endless adverts and marketing campaigns blasting you with 'messages'. These are not conversations and relationships, they are a crude foreplay to naked transactions.

Companies have no incentive to change anything other then step up the 'stalking' of your behaviour whenever they can. They already collect data on the web about you, and analyse, mine, capture, and sell them. If they use them for your 'benefit' - as defined by companies - the data is part of market research or direct mail.

VRM is not them versus us; it creates a situation where vendors face a real choice between behaving cooperatively with the customer, or losing them and a situation where customers also face a real choice, not merely a choice between silos.

By giving individuals tools to redress the balance of power, the pressure from customers should help level the playing field. Independence from vendors, platforms or anyone who would like to benefit from your data without permission will be key.  That is why VRM needs to start with equipping the individual with tools based upon existing or new technology and apply an understanding of how people use such tools online.

VRM principles

Doc Searls' blog post, Go from Hell, written what seems like ages ago still resonates:

The Information Age is here, but its future is not just (as William Gibson put it) unevenly distributed. Large parts of it aren’t here at all. The largest of those is actual empowerment of customers — in ways that are native to customers, rather than privileges granted by vendors. The difference is huge.

That’s why yelling doesn’t work. What we need instead is to make tools that work for us, and not just for them. We need to invent tools that give each of us independence from vendor control, and better ways of telling vendors what we want, when we want it, and how we want to relate — on our terms and not just on theirs. As Neo said to the Architect, “The problem is choice”. That problem will be with us as long as that axe is in our heads.

The axe is marketing. Marketing is what The Matrix does.

It’s a waste of time to revolt against the marketing machine. The job at hand is to build the Real World again, from the humans out to the companies that serve them.

And now, the principles:

  1. Relationships are voluntary.
  2. Customers are born free and independent of vendors.
  3. Customers control their own data. They can share data selectively and control the terms of its use.
  4. Customers are points of integration and origination for their own data.
  5. Customers can assert their own terms of engagement and service.
  6. Customers are free to express their demands and intentions outside any company’s control.
  7. These can all be summed up in the statement Free customers are more valuable than captive ones.

In a broader way, the same should be true of individuals relating to organizations. With VRM, however, our primary focus is on customer relationships with vendors, or sellers.


Doc says

VRM needs to support independence from vendors and engagement with vendors; and to do both with tools and methods that operate on the customer's side.

We've lived many generations in an industrial age that put consumers at the mercy of producers. We're not used to thinking about the customer being fully independent of vendors, much less about putting tools for independence in the hands of customers — for the good of the supply as well as the demand side. But it's interesting to start thinking about what it means to actually relate to a marketplace and not merely to respond to pleas for attention and sales.

The other day I was talking with a high-ranking executive at one of the major retail chains. He asked what the payoff of VRM could be for his store. I replied, "Eliminating guesswork about what customers actually want". He said "That's a good one". Think of the billions spent on the guesswork that comprises most of marketing, advertising and PR. And how much less that becomes when customers are no longer just "targets" for hit or miss "messages", when intentions are actually known and served — without the vendor needing to maintain databases filled with useless information about phantoms.

VRM is an alternative and an improvement upon the existing ways of communications and interactions between companies and markets.  It attempts to level the playing field and redress the balance of power between the individual and organisations. It builds on empowerment the internet and the web have already made possible. It aims to shift the power to the individual by giving people tools to manage information about vendors themselves rather than having them managed by companies, or intermediaries and third parties. Customer and user independence from vendors and platforms is central to VRM principles. Its objective may be improving transactions but that's only a third of the story. VRM is based in on all three components of commerce - conversations, relationships and transactions. Businesses can be involved from the outset - they need to expect and respect the drive of individuals to redress the existing lack of balance of power.

Here is why.

At one point he [an executive of a large retail company] talked about “owning the customer”. I asked, “What’s a word for ‘owning’ a human being?” “Oh my God”, he replied. “It’s slavery!” Then he said he was amazed, in respect to what had just become obvious, at how much people at his company talked about customers as if literal ownership were both desirable as well as a fact. Such legacies die hard. And it’s the customers themselves who will have to kill this one.

So if companies can do CRM, why can't customers manage relationships with their vendors - on their own terms, taking the control back where it will a) make things more effective and b) give them more autonomy. This potentially reaches deep and wide into the way markets works and ways companies interact with them.  CRM is the right answer to the wrong question.

The real question was, indeed, how do we as a company manage to treat our customers with some sense of dignity without actually bothering to zoom in on them from the extreme wide angle (customer base, segments) to telephoto (households, individuals). Hence the effort to power up the operational CRM with capabilities of analytical CRM (that is, building some sort of number-based insight into the scary X-gigabyte swarm of operational data).

But the analytical CRM cannot build any meaningful “insight” into who your customers really are while treating the customer data as any other kind of transactional data. We humans are made of shape-shifting bits. We don’t stay transactional very long.

Company Camera Lenses

One of the reasons VRM may not be the best term for the goal - although there is good logic behind it - is that VRM is not just ‘flipping’ CRM, but actually refocusing companies to a picture bigger than the transaction.

Companies look at the world around them, their markets and customers as if through a camera lens, their focus firmly set either to "macro" or "fish-eye". They only care about a narrow shot, zooming close, thinking pixels with replace understanding. (see demographics, data harvesting, analytics etc) or receding far away from it (market research, analyst reports, industry-wide papers etc). The resulting distortion is familiar to anyone dealing with business.

The bigger (and richer) the company, the more expensive a lens it can afford - one of those large telephoto lenses on professional cameras - and the more distance they can be from the object of their focus. Small companies have ‘cheaper’ cameras and end up being closer to what surrounds them, although the camera ensures they are not part of the eventual picture.

To push the analogy further, cameras are now widely available and affordable. Everyone can buy one and use it with reasonable competence. Amateurs can occasionally achieve amazing results with their little digital cameras and photography is no longer the domain of professionals. It is the same with tools that capture data and understanding of trends and behaviours - online simple, modular but effective tools match and outperform the lumbering business IT systems.

Companies are not the only ones capable of taking photos - we all can do that, often better than them. The camera analogy brings out another aspect of companies’ interaction with the world - at arms length, from behind the camera. In my view, they should be part of the picture, swapping the camera with other photo snappers. Relationships with customers could go a long way towards that. 

Running the show

VRM is not the vendors' show. They are already running theirs and it's a universal flop if you ask me. VRM is a customers' show but there is no reason vendors can't have a front seat and follow the plot. And if they don't stomp all over the stage, they are free to join in. And we can be ready to help them.

They join in - or not - but those who do will have an advantage. The customers (enabled by technology, networked, and informed) are recording and managing the information themselves and about vendors.  Once people can communicate, manage their data, identity, purchase history, records, locations and god knows what, then, cool things will start to happen. And it'll be those cool things that will determine the direction vendors should be looking.

What VRM Means to Me

There is a sort of VRM mantra I have developed, as I find myself repeating it over and over to remind people of my position on VRM:

It starts from the individual, companies have to recognise that they don't drive VRM...
It starts from the individual, third parties and intermediaries don't get to shape VRM...

Blogging redux

I use a range of applications to manage my data and meta-data. Over time they have helped me learn to manage and drive my online existence.
Applications such as, WordPress, Wesabe, Dopplr, Flickr, feed readers, and Twitter already help me understand my behaviour and make more informed decisions in some respects.

By tapping into what people already do online, and increasing people's ability to manage and share their data as they see fit, VRM would be a phenomenon similar to blogging in several important aspects.

Blogging is not owned by anyone. It wasn't designed to make money, or even to bypass media or dis-intermediate marketing and advertising.

It has emerged from people like me who wanted to articulate their thoughts and to share them. Not necessarily to influence their audience - for there was none at the very beginning - but instead to let off steam, find a voice that can disagree in ways that beat shouting at TV. It was only by "doing it" that I and my fellow bloggers discovered yet other people with same frustrations, opinions, and desire to interact.

One large echoing and distributed conversation was born, from which many relationships emerged. In a similar fashion I see VRM giving rise to a different way of transacting, following the same tectonic cracks that online disturbed the existing powerplays and institutions. The starting point of VRM implementation is to investigate existing tools and technologies to create ways of doing that and develop new ones if necessary.

It is the independence they give me from vendors - and the potential to redefine my relationship with them - that
as an individual customer excites me about such tools. Think of managing your own health record or managing information about your risk profile, or your needs, requirements and purchase history,  companies you purchased from, their service etc. This has implications for not only customers service and marketing but all areas of customer relations.

As for the existing online tools, I have reached the limits of usefulness for web apps that give me nice functionality but take away my ability to manage data across my entire online ‘identity’ and beyond. 

I want to be able to connect and create relationships without lock-ins (other than the ones that some relationships bring with them naturally). I don’t believe I will be able to do that unless the tools are built around me, for me and eventually by me. Blogging took off when people could set up a page and start publishing in a way previously available only to geeks with HTML skillz. Today I can do more things with my blog than just publish - tag, add videos, plug-in more functionality etc. with the underlying technology invisible to me now. So I want tools and applications that will help me do all that for transactions as well as relationships.

Once people can do that - manage their data, relationships, identities, purchase histories, their records, locations etc - then more interesting things will start to happen. And it will be those interesting things that will ultimately determine the direction vendors should be looking.

It is also worth noting that bloggers did not set out to change the media or teach journalists a lesson and yet, the media is looking to adjust to keep up and evolve in line with changes to content creation, distribution and social impact as driven by bloggers. Similarly, for VRM, the pressure on vendors should be coming from customers ready to reclaim their data and preferences and take charge of the relationships with vendors. With the right tools, users are already savvy enough to take that up.

A source most authoritative...

'Ownership' of data, whatever that means, is merely a starting point. I might 'volunteer' information - to me that just means I share it on my own terms - but the more important point is the ability to establish and maintain relationships. For that I need and want the following 'functionality' to be enabled for me:

  1. take charge of my data (content, relationships, transactions, knowledge),
  2. manage (arrange, mash-up, analyse) it according to my needs and preferences
  3. share it on my own terms
  4. whilst connected and networked on the web.

This is what I mean when I talk about turning the individual into a platform and into the most authoritative source about themselves. It does not happen by creating a database or a data store, however personal. The word store implies passive and static, even with some sort of distribution layered on top. The objective needs to be equip individuals with analytical, and other, tools to help them understand themselves better and give them an online spring board to relationships with others. In VRM context this includes vendors.

It is the user who should define the nature of the data stored, shared, analysed - and what data is called or labelled, whether confidential or premium etc. The critical thing is the user's ability to share it and do all sorts of groovy things with it independently of third parties, and without the data being hijacked and harvested by third parties in the process.

There is a difference between those who emphasise data and those who emphasise relationships. Data can be a vehicle for relationships, but not the other way around. If relationships are seen as more important, then third parties get in the way. If data is considered more important aspect, then intermediaries tend to abound.

Another crucial difference revolves around the meaning of 'personal data'. One kind of personal data  means one's address, date of birth, phone number, social security number etc etc. And the other kind, proliferating with the advent of the social web, is the 'data pertaining to a person'.

The former is usually static data, your address or phone number can change from time to time, and although it is possible to change your name, the date of birth is unchangeable. The latter is dynamic, at any time only a snapshot of the person and the more data can be created and captured, the more granular and valuable it can become. On the web such flows of data often act as a proxy for a relationship. People subscribing to my blog, Friendfeed, Twitter, Facebook updates etc - such data is personal, i.e. related to my person and yet, its existence revolves around sharing it with others.  Personal data stores are for 'personal data' as the name suggests. We have few means, if any, to harness the dynamic data, created by persons.


The web has changed the nature of data in at least two ways. It commoditised data and as a result the context in which the data exists is becoming at least as important as the data itself - and this applies not only online. This is where a 'relationship' comes in; it sustains the data's context and make the data more valuable. VRM should make irrelevant and inadequate any attempt to mine, harvest or analyse data without the context of a relationship. Tomas Kohl says it well:

This isn’t about the internet, Web 2.0 or 3.0. Forget it. We’re talking real world, real relationships, stuff that involves our everyday lives. The internet has helped to equalize some of the relationships we have, very much with the media, the government, and each other, and the debate should now switch from the virtual to the actual. We don’t go to bed and neither do we wake up as avatars.

In a simplified way, this pyramid captures the VRM future for me:
  1. I have far more conversations than I have relationships - already true.
  2. The number of transactions is smaller than the number of relationships, in other words, not all relationships lead to transactions - at the moment, my transactions are not a result of conversations and relationships with vendors.
  3. Conversations and relationships are sound foundations for transactions - already my conversations and relationships with friends and contacts are increasingly affecting my decisions about who to transact with but still a long way to go.
  4. It's not all about vendors; the conversations and relationships are with my friends and contacts - vendors need to become part of my network in order to improve transactions.


A reminder from Doc:

... the idea with VRM is to help customers approach and relate to vendors. Not the reverse. We've got enough of that already. If we do VRM right, CRM (including recommendations, if those make sense in the VRM context) will have something substantial to relate to, and will improve.

Equip individuals with tools that are useful to them, observe what happens, and learn from them. Then lather, rinse, repeat... We could pontificate about where it will go and what VRM should be, but I am starting from the 'other' side, which happens also to reflect my experience - an individual who found the web a source of
autonomy, identity and independence. I am greedy, as I want more of the same and want others to have it too, so I want tools that will help me take charge of my data, information, my knowledge and its sharing - but that's not VRM, merely a stepping stone to it. But I do believe the pressure on the vendors will come from users/people doin' their own web thang, not from wild-eyed VRM evangelists (and I count myself as one such).

As for vendor adoption, I suggest looking for individuals within companies who understand this, and who will see the benefit for themselves, as individuals, first. Once they do, it'll be in their interest to make it work for their company. The challenge will be overcoming silos, processes, lack of real innovation and short-term horizons. And those are issues that no business plan or set of goals from our side can solve. It will be brought about by people who will make it happen because it works for them, making VRM part of their agenda and future.

Businesses, especially large ones (read: with entrenched organisational structures) won't give up control or their position of power without a fight. We can push against them up to a point but that rarely amounts to fundamental shifts. In my experience, the best way is not to try and change a system from within but by instead building a viable alternative outside of it, or parallel to the existing processes. The internet offers that opportunity; with VRM it also offers another pressure point: the customer/individual. Therefore our focus should be enabling and empowering the individual before worrying about businesses and how to 'sell' VRM to them. If a specific application of VRM is found that requires little dependence on any company and is driven by customers and market pressures, then it makes sense to spend time with that business. However, the tricky bit will always be finding the right people within those organisations who will have a vested interest in VRM.  Thinking about 'adoption' in network terms means starting with a dedicated few that will distribute further, rather than in aggregate terms like markets, customers, businesses, and industries.

Technology - including online tools - is built by people wanting to make something work or to solve a problem. The distributed nature of the internet makes it easier for others to use that technology in new, emergent, even unpredictable ways. A group of people cannot design, plan and implement a significant shift in market power in its entirety. VRM should focus on those areas that we have seen working online - identity, user power, tools and applications built around modular and user-defined purposes. From experience of the social web, blogs, wikis, RSS and other developments of online technologies and behaviours, and from understanding of open source and of 'because effects' we can hope to find the right 'pressure points' to get VRM off the ground.

Open as in...

... not locked-in, silo-ed or 'owned'. Open as in open to the user and his ability to use his data. It doesn’t mean indiscriminately open and accessible to everyone. Open as in offering much greater control over data that belong to me, data that I create and manage. Open as in making my data available to me for further use.

People are starting to understand that their interest in, and even their raw attention toward a product has a value. And deciding to expose any data to a potential vendor is a customer choice, not a marketers right. - echovar in Why Marketing is Broken

For example, I'd like to be able to learn from all the data and purchase history I have on Amazon, in a place that I can call my own. I'd like to mine or analyse it myself. Combine it with my reading habits, travels (to make sure I have reading material for those long airport waits), with my calendar for people’s birthday to buy them a book, with my notes on vendors i.e. Amazon's payment and delivery practices, my purchase history, my opinion about their prices, publishing trends and then share that with my friends as I see fit. A widget on a blog will not suffice as I need a space that is secure and private, yet shareable, and where I can run my own affairs.  Applications and tools such as  ‘To Do’ or shopping lists do not begin to cover the range of functionality I want to apply to my data. Amazon and other vendors collect my data for their own purposes. I want to collect it for mine.

User-centric is not user-driven

I once fell for the term user-centric, thinking that it defined users’ wants as a starting point for a design. User-centric is a definite improvement on the system-centric approach where the top-down design forces users into a slot of whatever is built, no matter whether it works well or not.  User-centric instead says - we are going to build a system, put the user in the centre instead of the system.

So far, so good, but this sits uncomfortably with me as a user especially as one that is used to the online tools that have changed many an old way. The tools - blogs, wikis, feeds and feed readers, BitTorrent, Flickr, Dopplr, Twitter etc - are revolutionary not just because of their functionality, their bits of code or their interface; but their design for usefulness, their modularity and constant evolution. There is an element of open-endedness in their design, either accidental or deliberate, recognising that the designers cannot foresee all the uses to which people will put the tools to. The simplicity is the key, the complexity coming from usage rather than the design. In other words, they are user-driven.

A simple test of user-driven design is in the answer to the question - Can the user add value to it? If yes, the value then serves that user and other users. Think Twitter or BitTorrent – applications only as valuable as the user activity on them. The functionality provided depends entirely on whether people use it and more importantly how they use it. For example, Twitter’s reply functionality @USERNAME has come directly from users, they started doing it as part of conversations and Twitter turned it into a reply function. Ultimately, without its users del.icio.us would be pointless, BitTorrent empty and Flickr dead, Twitter silent.


At one of the IIWs in Mountain View, I talked with Bob Frankston about the difference I saw between the user-centric and user-driven. Bob, in his inimitable fashion, used the tuna salad we were having for lunch during the conversation to coin an analogy. A ready-made tuna salad is user-centric - it has been decided what goes into it, in what proportions and what order. It has been designed around me and for me but I cannot add anything to it. Giving me ingredients, utensils and a recipe suggestion and letting me get on with it, leads to user-driven design- it can still be meant to become a tuna salad but I get to put it together, determine the proportions, skip or add ingredients. The process is driven by me and the experience makes me, hopefully and eventually, better at making the dish.

John Dodds also hits the nail on the head:

Sorry folks “individual” and “social identity” are pretty much useless because there are too many subjective definitions and associations pertaining to them out there. The strength of user-driven lies in the verb - there can be no doubt here, the user is in charge and actively driving and thus delineates it from user-centric and all the others. That is what you need a term to do

That said, there are times for user-centric and there are times for user-driven. Not everyone wants to make everything themselves and neither is it the best or most effective way to design all systems or tools. But there are cases when only user-driven will do - and VRM is one of them.

When it comes to driving usage of any tools developed for/under VRM, scaling a network or relying on user-driven design, I make a distinction between the primary and secondary objectives. With most development, there often is just one objective – defined either as the benefit to the application designer that flows from others using it or as some envisaged outcome that benefits everybody but that will emerge only if many people use it towards that end.

Two types of objectives need both to be present to foster a community or scale a network:

  • The primary, which motivates the application designer or the network builder who foresees future outcomes that may be desirable and emerge through user behaviour.

  • The secondary, which taps into the users' needs, objectives and convenience. Here the benefit to the user has to be immediate, the application being useful here and now.

User-centric design often focuses on the primary objective, with no or little attention given to the secondary one. The result is often a range of applications or a system with no relevance or convenience to the user. This in turn breeds misconceptions about users and their motivations, habits, preferences, needs and levels of tolerance. I lost count of the number of times I heard some usability wonk or a UI design agency assert their conclusions about 'average user' without any first hand experience of how people behave and interact online, in the wild. If not for the open web and the ability of users to bypass the ‘professionals’ by building tools and applications for themselves, scratching their own itch, the system/human/user-centric designs would not be unravelling as they are today.

What VRM Doesn't Mean to Me

Third parties & intermediaries

Why do we need 3rd parties? network is node2node, relationships are person2person. 3rd parties are hierarchy hangover.

The reason I have a problem with third parties and intermediaries is their assumption, explicit or implicit, that the individual-customer-user must be provided-for by a third party service, system or platform.  This attitude is born of the assumption that the user is incapable of serving themselves, and that in order for us as individuals to be able to do anything sensible and useful with our data, or in order to be secure, private or whatever else we might desire, we "must" turn to the ’supply side’. Finally, among those subscribing VRM vision, the assumption exists that solutions must come from the vendor side, and/or that vendors will need to be convinced of VRM in order for it to ever reach users and to make VRM happen.

Providing vs enabling

I see the assumption that "the individual needs to be provided for" everywhere other than on the social (or live) web where the demand side can, and often does, supply itself, where ‘users’ can and often do become ‘creators’, where the audience have become distributors, and intermediaries of all kinds are melting away from decentralised networks and direct connections. Alas, even on the web, it’s not all P2P roses -my online existence is scattered across many platforms, Google, WordPress, Flickr, Dopplr, Twitter, and many more. 

Most VRM approaches or implementations I have seen involve a third party as a provider. We must first focus on changing the relationships between individuals and companies or institutions. First comes redressing the balance - manually - by helping individuals relate to companies in ways that change companies' behaviour. I want to avoid using technology to address a non-technology problem, namely using automation or aggregation for the aspects of relationships which should be processed by a human mind. I want to avoid jumping straight into 'industrial' processing of data treasures found on the customer side.  We need a more balanced relationships with vendors and institutions, with different tools and possibly rules of interaction. Then we can look at ways to rationalise the technology and processes that help us create and maintain those relationships. 

The most common solutions for providing individuals with online services are based around centralised databases or platforms. They are suspect on security and privacy grounds even though they may be created by a trustworthy party. So, any framework or structure provided by a third party that is meant to provide a place for individuals to create, gather, manage and share data as well as allowing a degree of aggregation, connectivity, will have to have in-built checks and balances as it may ultimately expose individuals to potential data-mining (whether the more private among us like it or not!). The challenge is to separate the data storage provider and a services/application provider. If I let someone store or back up my data - necessary for now - I would want them to store my data only, and not push or even provide any other apps based on that data. I should then be able to choose and apply whatever application I want, to my data, at my convenience.

Jason Scott of ASCII has a juicy way of putting this:

This is about your data. This is about your work. This is about you using your time so that you make things and work on things and you trust a location to do “the rest” and guess what, here is what we have learned:

And his advice further into the wonderful rant is even juicier:

...but is no less sound for it!


There is no reason why we can’t have a 'human' dimension in our online transactions, equivalent to the human contact we experience offline. The way to get there is to differentiate carefully and correctly - this is going to take some time, methinks - between what bits can and should be automated, what bits can and shouldn’t be automated, and which bits we have been forcing technology to handle inadequately. I believe that the serenity prayer should apply to technology too:

God grant me curiosity to use my brain where irreplaceable,

the skill to invent and develop technology to assist it,

and the wisdom to know the difference.

Doc spelled it out on the VRM mailing list in a thread entitled "The other end of the telescope":

I want to get personal with vendors, because it's my money and I'm the one buying stuff. That doesn't mean we need to be buddies. But it does mean we need to relate on terms that are mine as well as theirs. For those reasons I generally dislike recommendation engines, collaborative filtering, and the rest of it. I dislike annoying guesswork by robots.

I want a pref on Amazon that switches recommendations off. Just help me find what I'm actually looking for, and then make it easy for me to buy it. Amazon is the best in the biz at that. "People who bought X also bought Y and Z" is very different. So is "You bought two books by X before. Here's her new book." That stuff interests me, because it provides me with possibly useful information based on stuff I bought (and not just "people a robot thinks resemble me).

But I still prefer that jive to be opt-in, rather than opt-out.

Aggregation, or power, is not in numbers...

Once people flip the notion of "ownership of data" on its head - i.e. your data (purchase history, notes on products, recommendations) is owned by you, rather than captured and locked in a vendor’s silo, they easily see the advantages flowing from the control, management and sharing of information about themselves. It is interesting that most people reflexively assume that their market power will come from aggregation, along the lines of: 'if enough people want something they can get together and exert some influence over vendors'. Similar to this, perhaps.

It is certainly true that crowds are powerful; mobs even more so. I would like to have a better basis for my relationships (and transactions) with vendors than being part of what amounts to an informed and connected pressure group. We already have the market power of not buying, of not transacting. It is yet another binary choice in a world that's becoming more complex and nuanced because of my evolution from a 'consumer' into a creator and a distributor.

So I don’t think VRM is about redressing the balance of power through aggregation; instead it will be a result of people’s behaviour as facilitated by VRM tools - recasting the demand side as the sum of informed and networked individuals will have continuous impact on the supply. But I do not believe that is where we start when building VRM applications.

I am fond of saying the network is always stronger than the node - but the stronger the node, the more robust and better the network. It starts from understanding the human need for identity, ownership and a degree of autonomy or sovereignty. The human need for belonging has been well catered for on the web already. VRM needs to go deeper and help create a framework where many tools and applications, modular or integrated, will help people to increase their autonomy and drive their identity. And let the Web again work its magic. Think emergent, not aggregated.

Where this is not about pure power play is in accepting that businesses also need to be nodes in the network. We need to work with businesses which understand that having customers on their side is much better than herding them into their silos for the all important, money-making Lock-In.

VRM for business therefore is about flipping the mass customisation on its head, where it belongs. Businesses know individualisation is expensive now, and yet is expected by their customers more and more as they are learn to behave and treat each other as individuals. The pressure on the industrial age mindset which equates standardisation with cost reduction is increasing. All existing processes are forcing one route: that the best way to achieve efficiency is to streamline that one way. Scaling is god, and processes are the priesthood. In this context, focusing on the individual is about providing above and beyond that standard. That can cost businesses a lot, so we need to demonstrate that it doesn't have to cost more, or it can even save money when customers are genuinely part of the process. For that we will need new tools and change of mindset.

(request for proposal)

RFPs  never made sense to me. I feel the same way as Seth Godin does about them. 

If it gets to the RFP stage, you lost.

The RFP is an organizational punt, it's a way of saying, "it's all a commodity, we can't decide, cheap guy wins."

The cheap guy, of course, never wins.

Alright, Seth talks about B2B selling, but isn't that closer to the VRM model of more balanced transaction than B2C? Interpretations of RFP in VRM can range from a simple request or articulation of one's preferences in a distributable format, to a specific technical implementation. I find the term unhelpful as it often pushes people from the common sense practical end of the spectrum to the kind of standards-driven, automation and aggregation-dependent "techno-solution" that has no room left for the relationship part.

Attractive as the 'flipped advertising' idea behind RFPs may be, it seems industrial and impersonal. RFPs turn my needs, wants and requirements into a commodity instead of feeding the relationship. It is an industrial age answer to discovery. It is a channel-world thinking about how to express, propagate, broadcast or distribute your wants and preferences.

So how to go about discovery? It is legitimate to ask how companies will find out about me and my preferences. How can they know that I am in the market for a new camera, insurance policy or holiday? The short answer is: they can learn about them from the relationship they have with me... for now.

On the web, Google is the best solution we have for discovery at the moment, or at least it is the most consistent.  Qualitatively-best is recommendation from my network of friends, but there are few tools amongst them yet to deliver results with any degree of consistency; this is because one's network is only good at discovering what it already knows. It may mean that results get better for older information but I think it all depends on the tools the network members have at their disposal. So far, that's what's been missing.

How would my network discover things? I already have an example of how my network helps me find out about new things or improve my information about existing things. It's called Twitter. Any time I am looking for something, or considering something, I ask my Twitter. I get what amounts to nearly instant replies. Last time I was in Boston, a city I don't know well, I asked my Twitter network for brunch place recommendations near Harvard Square. Within an hour I had several responses that were excellent. Surprisingly, an exhaustive Google search didn't deliver - I couldn't tell if the restaurants I found were any good as reviews were very thin on the ground. Through Twitter, I got enough information to make a good choice. I even got someone asking a food-critic friend for inside tips.

Although this may be an isolated example, one that not everyone can replicate or that doesn't apply to other products or services, it is worth noting. It's happening organically without any  sophisticated data management tools. The Twitter replies tapped into people's most immediate knowledge, from the top of their head. What if they had tools to dig in deeper? For example, if I get a request or a question from a friend or a valued contact, I pull up my del.icio.us archive and do a few minute search for something they want to know about.

Better tools that help us capture, manage and easily retrieve and share our data resources would really increase the amount of information available in our networks as well as our ability to analyse that information. My del.icio.us, helpful resource as it is, is mainly for hoarding links to other sources.  What about information created for myself? That could easily become the most valuable input for friends and vendors in my network.

I don't see Twitter as the solution to discovery. I see it as a approach to discovery using my network, a pointer to a direction other than aggregating automated bots. I don't want to be sending RFPs into the ether to have them spidered, collected and mined for vendors benefit so I can be bombarded with offers. I have no reason to believe that the moment we (the customers) create a new source of data about us that is not tied to a relationship, it won't be harvested, mined and abused by companies in the usual fashion.



VRM should entail the concept of identity as a way of bringing together online 'fractured' identities of users, and put them under their control. Back in April 2007 when VRM was discussed at the IOS (Identity Open Space) in Brussels, I noticed that such concepts really hadn't been considered. My understanding of identity originates from the social and live web and it is not based on the same assumptions as offline identity. I am interested different challenges than adaptation of the
existing identity rituals such as verification, authorisation and authentication to the online space. 

As a creature of the networked environment I do not share many of the axioms of those who try to import the traditional notions of identity into the "online" world. With the advent of the social web and its stumbling towards relationships, the battleground has changed:

Seemingly overnight online user identity (here I mean the entire Web -- every site, every service) became a battleground between Web giants. Google and MySpace are parrying. The OpenID foundation is the Red Cross. Everyone else is taking sides. Identity politics has never been so interesting.

But this is not simply about portable identities and the single-sign-on Web. It is a fundamental shift in the Web economy. It is a bold stride toward relationship monetization -- where user data exchange becomes the most important transactional unit on the Internet.


In the spirit of
user-driven-ness, it should be the user who determines the policies by which his or her data is managed and shared. I don’t see why they need to be standard(ised) as my sharing preferences and tolerance are my decision. What happens after data is shared is partly provenance of the law, but mostly of the relationship I have with those with whom the data is shared. The challenge with the latter is that such sharing can become meaningful only if the user is the most authoritative source of his or her data. 

My desire for modularity and flexibility of VRM tools aside, there is a practical consideration: VRM tools shouldn't need to spend years in standards committees or data-format kerfuffles, in order to be created. For better or worse, standards committees are not the web way of creating things. Standards on the web usually emerge from user pain that is unbearable enough to get addressed. The good thing about the user pain is that it means that users use something enough to feel pain about it; the same cannot be said about standards in committees, which are just painful. 

The Next Stage is Mine!

For those who read, or skipped, this far, this is where I have decided to take the concepts and to move forward from the discussions and writing.

Power to the Persons

I am the last person to benefit from my data on various platforms and from information accumulated about me that others harvest and use for their own purposes. A tool like Wesabe may give me the ability to gather and analyse some of my financial data, but I will need new tools - free from platform lock-in - to repeat that trick with data regarding anything else about which I care and need.

There are two foundation stones that need to be laid:

  1. a place where I store, manage and play with my data 
  2. a method and technology for sharing, exchanging and distributing the data

The Mine! project is an open source effort to create an application that is meant to fundamentally improve data and relationship logistics and to be part of my web 'infrastructure'. Mine! is designed to enable individual users to:

  1. take charge of their data (content, relationships, transactions, knowledge),
  2. manage (arrange, mash-up, analyse) my data according to their needs and preferences 
  3. share data on their own terms
  4. whilst connected and networked on the web.

What Mine! is NOT

The key to getting people understand Mine! is its relevance to them; to do this it helps to say what Mine! is not.

  • Mine! is NOT a Blog or Blogging Tool
A blog is a publishing platform (one-to-many) and although Mine! uses blog-based technologies, it is an information management platform, for the user’s own benefit, and with user-controlled sharing.

  • Mine! is NOT a Personal Data Store
Mine! stores more than mere “personal data”, it stores anything. It can contain and manage static and dynamic data, related to the person by the virtue of being in Mine! One top of that, Mine! enables tagging, analysing, poking, prodding, collating and mashing up data not just “storage”. And it enables sharing via feeds that can be individual generated and targeted.

  • Mine! is NOT a Social Networking Tool
Mine! is not a social network a la Facebook, MySpace etc etc. It is meant for individual deployment and use. In some sense it is “antisocial’ software - there are no walls to write on, zombies to poke, vampires to throw; it is designed to bring control to information sharing. That said, Mine! can provide valuable functionality for e.g. OpenSocial, federated micro-blogging, friends-lists, contacts, FOAF, etc. All of that is in addition to what Mine! is designed for and enabled because the user has new capability.

  • Mine! is NOT a Photo Gallery etc

Mine! is not a photo gallery, nor is Mine just a wine-lover’s tool or traveller’s companion,
but these examples will be used often when explaining what Mine! can do for users.

So, what does the Mine! give you?

  • a home for storing your data,
  • a platform for poking your data,
  • a means to share your data...
  • ...in, for, and to establish relationships with others...
  • so that you are the definitive source of information about you,
  • and have absolute control, and the ability to revoke access

So once more with feeling: Mine! has been conceived as an alternative way to provide data logistics for the individual on the web, one with a higher degree of autonomy and control over one’s preferences that is possible now. It originates from the social web, not from the identity space or any other area. It is a platform for the individual, with the aim to shift the balance of power between individual and platform (or customers and vendors or other types of locked see-saw). It aspires to be an infrastructure for other solutions but it is not defined by any of those solutions - VRM, identity, data store, authentication, data portability or by any other. 

The Mine! Project

The Mine! prototype is being built under the Mine! project according to the concepts described in the paper, and according to availability of time, pizza and beer.

Find out more at the Mine! project blog - www.themineproject.org - where you can find the Mine! papers, mailing list and information about the project's progress.


This paper is a collection of my thoughts on VRM over the last two years, spent discussing them with others in the VRM community and beyond. My understanding of VRM and what it means to me has gone far past the mere "flipping of CRM" - as should be apparent from this paper.

What has drawn me to VRM goes beyond "improving transactions" because markets are about more than that. I have come to believe that in order to improve transactions, we need to enable people to establish and drive relationships with vendors, on their own terms. This proposition is different from building an equivalent of a CRM system on the buyer's side, or of creating transaction-focused tools without paying attention to relationships.

The fundamentals of VRM - the original philosophy as articulated by Doc Searls - are more important than ever. As VRM gains visibility, attracts new audiences, and inspires implementations, the original principles of voluntary relationships, independence from vendors, control of data and terms of their use, and making the individual into the point of integration - will remain a thread connecting the implementations to the vision, and to people's motivation to make it happen.

  1. Definition of externality: Economic theory considers any voluntary exchange to be mutually beneficial to both parties, for example a buyer and seller. Any exchange, however, can result in additional positive or negative effects on third parties. Those who suffer from external costs do so involuntarily, while those who enjoy external benefits do so at no cost. Data is an externality without the third party, where the affected party is also participating in the transaction. So not an exact theoretical match, but perhaps still helpful in understanding how we got to the point where ‘free services’ feel entitled to their users data.