Does your business model thrive as your customer thrives, or does it drain the life from your customers? After a recent1 conversation on the impact of improved privacy tools (i.e., the eventual elimination of third-party tracking cookies), I realized that the most significant effect of these improvements would be to companies with a parasitic business model. A business model which I see no problem in disrupting.
For many years, the web has existed as an advertiser’s dream2 — minimal privacy limitations, technical controls that had little impact, and a strong lobbying arm that has been able to derail many efforts to improve the situation. Now, this is not to say that all advertising is evil, but that it’s ripe for abuse by those that get too greedy. In many cases, this has opened the door to parasitic business models that offer no real value, and in fact, only extract value from the end-user.
A great example of this is data aggregators and location tracking; services that exist to collect, connect, extend, and sell data about users. Too often, this is done without the user having any idea that it’s happening — much less having willfully agreed to it. This business model relies on the ability to collect vast amounts of data on users, and build profiles that can be sold to others, primarily for ad targeting & tracking.
There is no inherent benefit to the user for this activity; it doesn’t enable better services, or allow them to access the applications that collect this data at a lower cost. The value to an application developer is relatively small compared to other revenue sources, as the data they collect has fairly little value of its own. It becomes valuable when it is merged with other datasets that the aggregator has acquired; it is this merging that creates value from noise. So we have a user giving up personal information (often unwittingly) for no benefit, some financial benefit for the application developer (though less than other viable revenue streams), and the bulk of the benefit going to the company collecting and selling the data.
You have to ask, what does this business model add to the end user’s experience? Do they benefit from the relationship, or are they being used in the relationship? If you study the business model these companies employ, it’s clear that only one party benefits, and it’s not the user.
This is just one example of this type of business model that focuses on growth at the cost of the user. As improvements are mode to technical controls around privacy that are now being pushed by browser makers (such as implementing
SameSite=Lax by default), life will steadily become more difficult for businesses in parasitic relationships.
A healthy business relationship should be symbiotic for all parties involved; each party becoming happier & healthier as the relationship develops, and thriving due to the relationship — not in spite of it. These relationships often have a few key traits:
- Each party is fully aware of the relationship; no parties are being intentionally hidden.
- Transactions are mutually beneficial; for example, paying for a service that provides value to the user. The service receives revenue to compensate them for the service, and the user gains the use of something that they see as valuable to them.
- Each party has the opportunity to gain greater value from the relationship as the other parties thrive. To continue the paid service example, as the service receives revenue, it is able to invest more in improving the service, providing even greater value.
These symbiotic relationships are a win for everyone involved, unlike parasitic relationships that are full of quick profit for one party and nothing but loss for the other. While parasitic business models do indeed lead to greater short-term profits, there is no loyalty developed, there is no long-term health in relationships, and the business model can break at any time with changes to technology.
In a symbiotic business model, the relationship develops over time, becoming stronger — customers become more loyal, more interested and invested, more passionate, and turn into promoters and ambassadors. Revenue climbs more slowly, but that growth is more likely to continue and expand long-term. This is a relationship built on mutual respect and benefit.
When you are engaged with a parasitic entity, knowingly or otherwise, there are costs involved. For users, this can be anything from a loss of privacy, revealing secrets, bypassing legal safeguards, or even risking personal safety. For businesses, there are repetitional risks — failing to respect the privacy of users can lead to a substantial backlash. There are also monetary risks for failing to follow legal requirements. And a variety of others — the list keeps going.
There’s only one winner here, just as with any parasitic relationship. Placing these risks and burdens on users is not just risky for a business; it is, in my opinion, highly unethical. Regardless of legal status, it’s morally wrong to exploit users who are acting in good faith and put them at risk for a quick profit — and there are some companies that have turned this practice into a business.
Because of how these relationships are structured, end-users are too often unaware of the relationship and how it impacts them; they aren’t in a position to make an informed decision. Likewise, businesses enter these relationships without an accurate understanding of how data is used, and sometimes without even understanding what data is being collected3 — and may not gain that understanding until it’s been abused and they are in the news.
Some business models should be disrupted, as they are fundamentally against the interests of those they interact with. This is not to say that all advertising, analytics, monitoring, or other similar systems are evil or immoral — but some very much are. It is those, those that have become too greedy, those that have abandoned morals for easy profit, those that harm others for their own benefit, those are the ones that need to have their business models disrupted.
Businesses have an ethical obligation to protect those they have a relationship with (directly or indirectly), not exploit them.
By recent, I mean last November when I started writing this blog post. At the time of the original draft, there was a lot of discussion around Google’s push for privacy improvements in the browser; it’s in this context that this was written. ↩︎
It should be noted that the golden age of digital advertising and the golden age of mass surveillance occurred at the same time. The implications of this fact should be clear. ↩︎
It’s especially true for SDKs provided by third parties; their actual behavior isn’t understood, nor is the privacy impact. Blindly incorporating an SDK into an application can easily result in substantial security and privacy risks. ↩︎