ProjectVRM

Making a New News Business

March 23, 2026 / / 1 Comment

Watching the old galaxy fade away.

In the dawning decades of our new Digital Age, the news business has shrunk from a galaxy of bright stars to a loose collection of white dwarfs glowing in otherwise dark empty spaces. The empty spaces are called  “news deserts.”

In the meantime (at least in the US), the redstream is the new mainstream, while more and more people get news (or what passes for it) from social media and each other. Countless sources are also faked up by AI.

Less metaphorically, the news business has de-institutionalized. How can we re-institutionalize it in digital ways that can also be trusted?

I suggest we start by spinning up News Commons that work with the fewest possible intermediaries between people and sources, and value exchanges that reward everyone.

Some background:::

1) The Dying Galaxy

Here’s how bright stars have turned into white dwarfs:

  1. Stopped Presses: There are now fewer than 1,000 daily newspapers left in the U.S. Over 50 million Americans now live in news deserts.
  2. Radio Silence: CBS News Radio—the oldest and most august of all the syndcated broadcast news sources— will be gone in May 2026 after a 99-year run. Meanwhile, Public Radio (NPR et al.) faces a “shrinking pie” problem: ratings (dig around here) remain steady or are growing only because stations hold larger shares of a rapidly dwindling over-the-air audience.
  3. Cut Cables: Cord-cutting continues, as viewing moves from cable to Internet, and from live to on-demand streamed entertainment. In the midst of this shift, cable news is morphing from mainstream to redstream. Specifically, CNN is moving rightward under the Ellisons, while Fox News stays as right as they were, and MSNBC under its new MS NOW brand continues to glow dimly at the left end of the ratings. None come close in popularity to any of the top news commentary podcasts. Anyway, cable news is transitioning from a collection of leanings (center, left, and right) to highly partisan amen corners with shrinking audiences.
  4. Thinning Air: Over-the-air TV (what we still call stations, with channel numbers) is now called “linear,” whether it’s from a connected antenna or from a cable screwed into the same jack on the back of a TV. That category is also in decline, a victim of the same viewing shift to streaming services (now less often called over-the-top, or OTT, now that the bottom—linear TV—is fading away).
  5. Babes in New Woods: News is still being consumed, though it’s hardly hard  news or from the media we knew when all the stars were bright and mostly trusted. Especially for young people. Lots of stats at both those links. The bottom line is that none of that flow is from the old stars. At least not directly.

Nearly all coverage of changes in the dimming news galaxy concerns one or more of the five factors listed above. Some of that coverage (most notably from the Nieman Journalism Lab) is about innovations. To mix metaphors a bit, while some of these innovations look like greenfields, none of them look very large. (More credit where due: At least these efforts, as the Quakers say, improve on the silence.)

2) MyTerms (IEEE 7012) and the Agentic Shift

Today, the news world is mostly hidden behind permission walls. Inside those walls, absent personal privacy is exploited to extremes almost nobody will contemplate or admit to.  (Here’s a PageXray of Wired.com—one of the “good” guys.) For a fig leaf over the hard-ons walled garden barons have for personal data, visitors knocking on front doors must yield to demands in the form of misleading cookie notices and in crap like this:

Go to www.cnn.com/privacy, as the notice suggests (or just click on that image), and you will find your privacy well and truly fucked.

The ProjectVRM community has written a lot about this over many years. But now, thanks to our work with Customer Commons since 2012 and the IEEE since 2017, we have IEEE 7012 (MyTerms): a standard that flips the script on privacy-as-bullshit by giving individuals a way to proffer their own damn privacy terms as binding contracts, with agents working for both parties. Specifics:

  • Personal AI Agents: Under MyTerms, individuals operate through agents that can range in complexity from browser plug-ins to private AI agents. These agents have a sole responsibility to the person, proffering and signing agreements, and keeping auditable records of them.
  • Reciprocal Agency: On the other side, news providers use their own agents tto choose from the person’s roster of privacy agreement choices (on the Creative Commons model). This machine-to-machine handshake replaces the deceptive, unfair, and un-auditable non-agreements we get with cookie notices and shit such as we see in the image above.
  • Unlocked Possibilities: Unlike corporate AI agents designed to keep people inside a walled garden (one cause of the zero-click problem), a personal AI agent can get the requested news item after a MyTerms agreement is signed, and then participate in a whole new value exchange system that works for everyone. For example, should a further agreement be reached (such as one for a micropayment or an acceptable subscription (also built atop MyTerms) the personal AI agent can both obtain the requested news and work out forms of compensation. In this new system, personal data will be shared on an as-needed and trusted basis that continues to assure personal privacy. This can be done in ways that preserve the open Web and create settlement systems that work for all involved (and not just for sellers and the platforms that trapped them in the past).
  • Downstream Economic Benefits: When use-value and sale-value are both exchanged on terms that work for all involved, a news ecosystem can be built that rivals the old news galaxy, but with many more bright stars and fewer dark spaces. It will also obsolesce the current all-dwarf system, which is based on customr capture, constant surveillance, and algorithmic guesswork that annoys or offends everyone involved.

3. The New News Commons

To maximize both use-value and sale-value, our goal here is an ecosystem with maximized agency on both sides, and the fewest and simplest intermediaries.

  • From redstreams and bluestreams to wide open mystreams: Partisan news at the personal level (look at all those podcasts and blogs) has proven that decentralized, on-demand media are highly resilient. The task now is to multiply and disintermediate both consumption and production. This is required especially at the local level, where realities on the ground (e.g., weather and potholes) tend not to be partisan. What we want here is a common space governed by shared standards (and Ostrom’s principles) rather than algorithmic guesswork by unaccountable giants and their grudging dependents.
  • The Nonprofit Pivot: Local digital-first nonprofits now represent over 50% of the Institute for Nonprofit News (INN), providing a model for news as a public good.
  • The New Frontier: When you zero-base service and business models on agreed-upon privacy that starts with personal agency and respect for it, anything is possible. (By the way, this is what we’ve had in the natural world since we traded stones for fish. Just because we are still as naked on the Net as we were in Eden doesn’t mean we can’t clothe ourselves and get on with business.)
Feature Dying Star News System Bright Star News Commons
Privacy Corporate “consent” (tracking) MyTerms (User-Proffered Contract)
Agency Dependent “users” Independent readers, listeners, and viewers with loyal agents
Distribution Centralized walled gardens with paywalls and coerced subscriptions Open and independent consumers and producers creating use-value and sale-value exchanges that reward both sides

I could go on, but I want to get this up before I get on another airplane. Meanwhile, contact me by email (first name at last name dot com) or in the comments with ways to improve this. Thanks!

The Only Way to Get Privacy Online

January 13, 2026 / / 2 Comments

No regulation to make organizations respect personal privacy will work.

We’ve had cookie laws since the ’00s, the GDPR since the ’10s, and the CCPA since 2020. None of them has worked.

All those regulations are aimed at reducing the power of organizations to violate personal privacy. None is to empower people. That’s why, under those regulations, all we can do is agree to the terms organizations provide. We have no independent agency.  All we have is what they promise, and their promises aren’t worth the pixels they’re printed on.

The only way we will get privacy is with contracts, which are laws that two parties make for themselves.

And the only way to make contracts work, at scale, is if we are the ones proffering those terms as first parties, and organizations agree to them as second parties. This flips the script on business-as-usual online.

By the old script, privacy is a grace of corporate obedience to selections in cookie notices, many of which provide no choice at all. There is “Accept,” and that’s it. In that case, all you’re accepting is a corporate privacy policy, which is typically just a fig leaf over the company’s hard-on for personal data.

Regardless of what you do with a cookie notice, chances are the company still tracks you like a marked animal.  See here and here. You also have no easy of auditing compliance, because you keep no record of your “choices.” And we have that system because the incentives are worse than misaligned: they are completely broken.

See, if you are a typical website, you get paid for allowing third parties to harvest visitors’ personal data and use it to aim personalized advertising at their eyeballs. This is morally wrong on its face, but easily rationalized because it pays.

In the natural world, a store would never plant tracking beacons on every shopper, or require those shoppers to “choose” privacy protections by stripping naked and then selecting the purposes to which their personal tracking beacons will be put. Shoppers would avoid that store like the plague,

However, on the Net and the Web, we haven’t yet invented privacy, just as we hadn’t in the natural world before we invented clothing and shelter. So, on the Net and the Web, we are still naked as fish. As a result, a plague of near-ubiquitous surveillance has been raging online for decades. It is nearly impossible to avoid getting infected.

Most of that surveillance is for the $742 Billion surveillance-fed fecosystem* called adtech. And the only way we can obsolesce it is with a business ecosystem that works for everyone: customers and companies alike, and together.

We can do that now, with MyTerms.

MyTerms is the nickname for IEEE P7012 Standard for Machine Readable Personal Privacy Terms, which will be published next week after eight years in the works. (I chair the working group.)

It describes a protocol in the diplomatic sense: a way to reach and record agreements. Here is a diagram that shows how it works:

It is also the ultimate product of ProjectVRM, which began in 2006 with a mission: to prove that free customers are more valuable than captive ones—to companies, to markets, and to themselves. It was to ProjectVRM’s nonprofit spinoff, Customer Commons, that the IEEE came in 2017 with the challenge to create the MyTerms standard.

Of course, every agreement needs to be good for both sides. Right now we have five draft agreements for that. SD-BASE says “Service Delivery only.” This one requires that the site or service provide the visitor only what the visitor came for, and not to share personal data with third parties. This will make the site or service more inviting. (Customer Commons also plans to offer a trustmark to sites and services that sign MyTerms Agreements.) Lots of other mutually respectful agreements can also be built on top of SD-BASE: agreements that respect personal agency as well as privacy.

Other initial MyTerms agreements cover data portability, intentcasting, data-for-good, and AI training.

MyTerms will foster businesses and business methods that the surveillance fecosystem prevents. We describe how that will work, and some of the businesses MyTerms will create and improve, in The Cluetrain Will Run from Customers to Companies.

Of course, we need to develop tools and services for making that cluetrain run.  Please tell us what you’ve got or plan.

The place to list those is in a new section of our Developments page. We also need to re-write and condense our privacy manifesto, and welcome help with both.

We also need to thank our many teams over the past two decades for jobs well done, even if many of those jobs didn’t go anywhere, mostly because they were too early.

Now is the time, because the world is fed up with surveillance—and it is easier than ever to develop tools and services using AI.

MyTerms will be announced on 28 January at this event in the Imperial Business School and online. Please come.

*The word fecosystem is apropos, kinda like Cory Doctorow’s ensittification. Spread both words.

Writings on the Failings of Notice & Consent

December 27, 2025 / / 0 Comments

This notice actually appeared on the front door of my house for a while.

As with the notice above, notice & consent online is worse than a fail. It’s absurd.  But it helps to have sources that explain how ceremonies promising privacy online will always fail when those running the ceremonies are also incentivised to violate their privacy commitments (or not to make them in the first place). I’m including coverage of adjacent and dependent topics (e.g. adtech and CRM/CX).  Of course, this is all toward setting the stage for MyTerms. Feel free to add your own.

A list of scholarly (or simply serious) sources:

Don Marti’s writings:

Iain Henderson’s writings:

My own writings:

Also Terms and Conditions May Apply, a 2013 documentary by Cullen Hobeck.

When Branding Means Relating

December 22, 2025 / / 5 Comments

What is your best friend’s personal brand? How about your spouse’s?

Those questions came to mind as I read through The Death of Merchandising in an Online World, by  Dana Blankenhorn, who is reliably wise. In that post, Dana correctly observes that brand value is declining as merchandising shifts from stores to online services, and to influencers who are also stores.

I think there’s also something else going on at the same time: the shift in media from real advertising to the online equivalent of junk mail, which is what you see with nearly every ad you encounter on your browsers and apps. To marketers, browsers and apps are boxes for junk mail, which at its most ideal is personalized by surveillance.  As I put it in Separating Advertising’s Wheat and Chaff, ” Madison Avenue fell asleep, direct response marketing ate its brain, and it woke up as an alien replica of itself.”

I wrote that a decade ago. With AI today, that alien replica is the real thing. Madison Avenue is now AM radio, with a whip antenna and tail fins.

Brand advertising worked best when “the media” were mostly print and broadcast. Sources of both were so few that they all fit on a newsstand and the dials of radios and TVs. To operate a source of either, you needed a printing plant or transmitting towers. Publishers and broadcasters are still around, but now their goods are mostly distributed over the Internet and consumed through glowing rectangles. And they’re competing in a world where the abundance of other sources of content is incalculably vast. In that world, the only places you can still reliably create and maintain brands is by sponsoring live events. Especially sports. That’s why I know fifteen minutes will save me fifteen percent with Geico, even though Geico stopped saying that years ago. I also know that you only pay for what you need with Liberty Mutual. And I’ll never get the Shaefer Beer jingle out of my mind.

On the whole, however, branding has finished running the same course as the broadcasting it paid for.

It helps to remember that the words brand and branding were borrowed from ranching. They applied especially well when people had few choices of media, and few if any ways to avoid ads meant to burn the names of companies and products onto mental hides.

What we really (or at least should) mean by brand today is reputation. How a business obtains that in our still-new Digital Age (now with AI!) is an open question.

I believe the answer will come from the natural world, where markets have been working far longer than we’ve had digital media, broadcasting, or print. It was in the natural world that two very different people—one an athiest and the other a pastor—separately explained to me, not long after The Cluetrain Manifesto came out, that markets are not just about transactions and (as Cluetrain insisted) conversations. They are about relationships.

Marketing prevents those. Or shortcuts them. Especially as it continues to devolve into funnels at the bottom end of which are transactions alone, or entrapment in a company’s “loyalty” system.

The Internet and the Web were both designed to support maximum agency and independence for every entity using them. We can have far better markets and marketing if demand and supply both work with maximized agency, and scale in ways that are good for both. That’s the idea behind market intelligence that flows both ways.

Making and maintaining those kinds of relationships will be VRM+CRM, What those together will make are wholes that exceed the sum of either part.

A MyTerms Summary

December 8, 2025 / / 0 Comments

MyTerms will give strength to the Internet’s fabric of human connections, through agentic agreements between people and the organizations that serve them.

The Internet is peer-to-peer, by design. It supports agreements between equals, for the good of both. On that equality a massive amount of new and better dealings can be built, on stronger foundations of mutual agency and respect.

MyTerms are contracts, which are binding mutual agreements between parties. They replace consents, which are corporate protections to which individuals can only acquiesce. Consents give individuals no record of having agreed to anything and cannot be audited or enforced. They are also annoying for both individuals and companies, with massive amounts of operational and cognitive overhead. In most cases they also don’t obey the settings people make.

With MyTerms, individuals, operating as first parties, proffer a contract they choose from a limited list posted on a public website by a neutral nonprofit organization. The company, as the second party, can choose to agree to that contract or an alternate specified by the individual from the same list. Both sign the agreement electronically and keep matching records that can be audited later if need be. If the company declines to agree, the individual can keep a record of that choice, which they are free to share.

This process is described in a new standard from the IEEE called P7012, which is due for publication in January 2026. Its nickname is MyTerms, much as the nickname of IEEE 802.11 is Wi-Fi.

The most basic MyTerms agreement is for services only. This resets the marketplace to what we have in the natural world, where one can visit an establishment for the services it provides, in faith that one will not be tracked out of it for any reason, and data about oneself will not be sold or given to others. It also commits the individual to respect for the establishment and the services it provides.

With MyTerms, voluntary and genuine relationships can be built on a foundation of mutual respect and willingness to engage. Following a MyTerms agreement, individuals can selectively disclose information about themselves and their intentions, and additional services might be provided, in mutually agreeable and fruitful ways.

In this manner, companies can come to know individuals far better than has ever been possible through unwelcome surveillance and algorithmic guesswork and manipulation. Genuine relationships can also replace the coercive kind typified by “loyalty” programs meant constantly to manipulate customers. (Consider how marketers, without irony, speak of customers as “targets” to be “acquired,” shoved through a “funnel,” “controlled,” “managed,” and “locked in” as if they were slaves or cattle.)

The MyTerms standard also says that both sides will use machine agents to make agreements. These can be as simple as browser plug-ins on the individual side and server plug-ins on the corporate side. They can also be AI agents, which is why it is opportune for the standard to be published in an age when AI is still a new and rapidly evolving—for both companies and individuals.

For maximized agency on both sides, AI agents must be private instruments of full sovereignty, meaning they work privately and exclusively for each party. They cannot be instruments of surveillance or control by outside actors of any kind. Working exclusively will also maximize agency for both sides.

Civilization requires privacy. Simple as that. We worked out privacy in the natural world with technologies such as clothing and shelter, and well-understood ways to signal our intentions. The digital world, however, is still new, and not civilized. We lack the equivalents of clothing and shelter, and in their absence, surveillance has become the norm. So has the theater of consent, with its insincere and ineffective cookie notices.

The only way to obtain personal privacy and make good on the Internet’s original promises is with mutually beneficial agreements that begin with the simple privacy requirements we as individuals present to the corporations of the world. With MyTerms, we can start civilizing the worldwide public marketplace, making it a safe and productive environment for business, and everything else that depends on it.

Gathering the MyTerms Troops

October 13, 2025 / / 0 Comments

MyTerms (IEEE P7012) is on track to be ProjectVRM’s biggest achievement—and maybe the biggest thing on the Net since the Web. I’m biased, but I believe it.

And that track runs through three events next week:

  1. VRM Day, on Monday October 20.
  2. IIW, the Internet Identity Workshop, from Tuesday to Thurdsday, October 21 to 23.
  3. AIW, the Agentic Identity Workshop, on Friday, October 24.

All three are at the Computer History Museum in Silicon Valley. Register at those links. VRM Day is free. The others are relatively inexpensive.

Here is some of what’s going on around MyTerms.

Iain and Nitin will also be at the events next week. So will others from the MyTerms working group, Kwaai, and other allied efforts.

We plan to have VRM Day online by Zoom (or the equivalent—we’ll let you know); but we’ll get the best results if you’re there in person.

Hope you can make it, and see you soon.

 

Protocols for MyTerms

September 6, 2025 / / 1 Comment

MyTerms (IEEE P7012 Draft Standard for Machine Readable Personal Privacy Terms, unpacked here) has a simple conceptual structure that is open to many different protocols and roles for them. Note the arrows in this graphic:

MyTerms flow

Protocols are required for those.

Here is an alphabetized list of some protocols that I know so far, and what I think they might do (given my incomplete knowledge across all of them.). Note that the standard never says “user,” which has subordinate and dependent implications. It calls the first party a “person” or an “individual,” and the second party an “entity.”

  • A2A Protocol — “An open protocol enabling communication and interoperability between AI agents, giving them a common language – irrespective of the framework or vendor they are built on.” More here.
  • ActivityPub — Can publish or reference a MyTerms URI in actor metadata or message extensions so follows/interactions and happen under the person’s terms.
  • AT Protocol — Can include a MyTerms pointer in profile schemas or event metadata so interactions can be logged under the proffered terms.
  • Beckn Protocol — Can carry a MyTerms URI (or the terms JSON) in discovery/order messages and bind acceptance in the async ACK/NACK flow.
  • DIDComm v2 — Can attach MyTerms as a claim/document in DID-to-DID messages; the counterparty signs/acks to bind the contract.
  • GNAP — Can pass a MyTerms URI/hash in the grant/interaction; record acceptance alongside the grant.
  • HCP (Human/Hyper-Capability Protocol) — Called (at that link) “a user-owned, secure, and interoperable preference layer that grants individuals granular, revocable control over how their data steers AI systems,” it can store a MyTerms reference in the person’s preference set, gate releases on acceptance, and optionally include the URI/hash in OAuth flows to enable audit.
  • HTTP Message Signatures (RFC 9421) — Can bind MyTerms to specific HTTP exchanges by signing requests/responses that include a terms reference.
  • HTTPS — This is generic transport. It can attach or link MyTerms in headers/body and have the counterparty echo/ack to the transaction log.
  • JLINC — Designed for MyTerms-like ceremonies, it can carry a MyTerms ID/hash for “data shared under an agreement.”
  • Matrix — Can include a MyTerms pointer in a profile state or an event content so rooms/interactions are conducted under the person’s terms.
  • Model Context Protocol (MCP) — Can send a MyTerms URI/hash in a tool/agent handshake or call metadata, so tools operate under those terms and log acceptance.
  • NANDA (Internet of AI Agents) — Can expose MyTerms during agent discovery/handshake and metadata in registry so agents negotiate under the person’s terms.
  • Nostr — Can include a MyTerms reference in profile/event tags so relays and clients can honor and log acceptance.
  • OAuth 2.0 — Can carry MyTerms as a parameter or in a request object, recording consent/acceptance with the access transaction.
  • OpenID Connect — Can include a MyTerms URI/hash as a claim (e.g., in the ID token) or request object with RP/OP log acceptance.
  • Solid — Can host the person’s MyTerms in their wallet (formerly called a pod) and require apps or services to transact under those terms for resource access.
  • UMA 2.0 — Can treat MyTerms as a policy at the resource server and share only with parties that have accepted the person’s terms.
  • Web Linking (RFC 8288) — Can advertise a MyTerms URI via Link: headers or a /.well-known/ location for discovery and binding.

Please give me additions, corrections, and improvements.  And forgive the need for all of those changes. I think it’s important at this stage to get a list of possible protocols out there, and to get the discussion rolling. Thanks!

On Being Agentic

August 28, 2025 / / 0 Comments

This appears atop a DuckDuckGo search. A few years ago, numbers 1 and 2 would have been down next to number 6.

I wrote a chapter on Agency in The Intention Economy because back then (2012) the word mostly meant an insurance or advertising business. The earlier meaning, derived from the Latin agere, meaning “to do,” had mostly been forgotten.

Now agency is everywhere, and is given fresh meaning with the adjective agentic.

We can thank AI for that. The big craze now is to have AI agents for everything, and to make all kinds of stuff “agentic,” using AI.

Including each of us. We should all maximize our agency with our own personal AI.

With that in mind, and thinking toward upcoming conferences on AI (and our own VRM Day, this coming October 19th ), I just added this section to the VRM Development Work page in our wiki:

Personal AI

Balnce.ai † “Your personal AI, your loyal agents and a network that makes your data work for you.”

Base.org “Base is built to empower builders, creators, and people everywhere to build apps, grow businesses, create what they love, and earn onchain.”

Decentralized AI Agent Alliance “…offers a compelling alternative, giving individuals sovereignty, including ownership of their identity and data.”

GPTbuddy “Human in the loop AI” ([1] @GPTbuddy) is in development by FractalNetworks.

Kwaai “a volunteer-based AI research and development lab focused on democratizing artificial intelligence by building open source Personal AI.” Also, KwaaiNet “AI running distributed on a P2P fabric,” now (July 2025) with Verida “Create and deploy personalized AI agents with secure data connectors, custom knowledge bases, and configurable inference endpoints.”

NANDA: The Internet of AI Agents “Pioneering the Future of Agentic Web.”

The AI Alliance “building and advancing open source AI agents, data, models, evaluation, safety, applications and advocacy to ensure everyone can benefit.”

Please add more, or make corrections on what’s there. If you don’t have editing privileges, just write to me and I’ll make the changes. Thanks!

How CMPs Can Make Hay With Real VRM

July 23, 2025 / / 0 Comments

By now you’ve seen one of these:

Never mind that you’re not running an ad blocker, but merely blocking tracking. Instead, note the small print in the lower right: “VRM by Admiral.”

By “VRM,” Admiral means this:

What we’re looking at here is the $.5 billion Consent Management Platform business, currently dominated worldwide by OneTrust, with a 40% market share. In the US, Admiral is the leading provider to publishers, giving it a high profile there. In Europe, the leaders are OneTrust, Usercentrics, and CookieYes.

So here is a challenge for Admiral , OneTrust, and the rest of them: make VRM  mean Vendor Relationship Management (like it says in Wikipedia).

Our case: real relationships are based on mutual trust, which can only happen if personal privacy is fully respected as a starting point. Consent management by cookie notice can’t cut it.  For real trust, we need people to bring their own terms to every website’s table, and have agreements to those. This is why we, the ProjectVRM community, through Customer Commons (our nonprofit spinoff) and the IEEE P7012 (aka MyTerms) working group, created the draft standard (on track to become official early next year) for machine-readable personal privacy terms. Three years ago, I called MyTerms The Most Important Standard in Development Today. The CMP business can help make it so, by getting on the Cluetrain.

Here are some opportunities:

  1. CMPs can provide sites & services with easy ways to respond to MyTerms choices brought to the table by visitors. Let’s call this a Terms Matching Engine.The current roster of terms we’re working with at Customer Commons (abbreviated CuCo, hence the cuco.org shortcut) starts with  CC-BASE, which is “service provision only.” It says to a website, “just give me your service, and nothing more.” In other words, no tracking. Yet. Negotiation toward additional provisions comes after that. Those can be anything, but they should be in the spirit of We’re starting with personal privacy here, and the visitor sets the terms for that.
  2. There is a whole new business (which, like the VPN, grammar-help, and password management businesses, people would pay for) in helping people present, manage, remember, and monitor compliance with their terms, and what additional agreements have been arrived at. This can involve browser add-ons such as the one pictured  on the ProjectVRM r-button page. CMP companies can make money there too, adding a C2B business to their B2B ones.
  3. Go beyond #2 to provide real VRM. Back in the last millennium, Iain Henderson pointed out that B2B relationships tend to have hundreds or thousands of variables over which both parties need to agree. Nitin Badjatia, another CRM veteran (and a Customer Commons board member like Iain and myself), has also pointed out that companies like Oracle have long provided AI-assisted ways for B2B relationships to arrive at contractual agreements. The same can work for C2B, once the base privacy agreement is established. There can be a business here that expands on what gets started with that first agreement.
  4. Verticals. There can be strong value-adds for regulated industries or companies wanting to acquire and signal accountability, or look for firmer ways to establish a privacy regime better than the called consent, which doesn’t work (except as thin ass-covering for companies fearing the GDPR and the CCPA). For example: banks, insurers, publishers, health care providers.
  5. For people (not just corporate clients), CMPs could offer browser plugins or apps (mobile and/or computer) that help people choose and present their privacy terms, track who honors them, notify them of violations, and have r-buttons mean something. Or multiple things.

Here is what a VRM-friendly person in the UK came up with as a prototypical first by a CMP away from cookie notices:

That was after this post went up.  (Which is great.)

Obviously, we want cookie notices (and other forms of friction) to go away, but we also want CMPs to have a nice way to participate in a customer-led world in which intention-based economies can grow.

And here is an example of r-buttons in a browser:

Real relationships, including records of agreements, can be unpacked when a person (not a mere “user”) clicks on either the ⊂ or the ⊃ symbols. There are golden opportunities here for both VRM and CRM vendors. And, of course, companies such as Admiral and OneTrust working both sides—and being truly trusted.

Give us more. (Like that cookie notice above.)

The Cluetrain Will Run from Customers to Companies

July 15, 2025 / / 8 Comments

For the good of both.

Customers need privacy, respect, and the ability to provide good and helpful information to the companies they deal with. The good clues customers bring can include far more than what companies get today from their CRM systems and from surveillance of customer activities. For example, market intelligence that flows both ways can happen on a massive scale.

But only if customers set the terms.

Now they can, using a new standard from the IEEE called P7012, aka MyTerms. It governs machine readability of personal privacy terms. These are terms that customers proffer as first parties, and companies agree to as second parties. Lots of business can be built on top of those terms, which at the ground level start with service provision without surveillance or unwanted data sharing by the company with other parties. New agreements can be made on top of that, but MyTerms are where genuine and trusting (rather than today’s coerced and one-sided) relationships can be built.

When companies are open to MyTerms agreements, they don’t need cookie notices. Nor do they need 10,000-word terms and conditions or privacy policies because they’ll have contractual agreements with customers that work for both sides.

On top of that foundation, real relationships can be built by VRM systems on the customers’ side and CRM systems on the corporate side. Both can also use AI agents: personal AI for customers and corporate AI for companies. Massive businesses can grow to supply tools and services on both sides of those new relationships. These are businesses that can only grow atop agreements that customers bring to the table, and at scale across all the companies they engage.

This is the kind of thing that four guys (me included)† had in mind when they posted The Cluetrain Manifesto* on the Web in April 1999. A book version of the manifesto came out in early 2000 and became a business bestseller that still sells in nine languages. Above the manifesto’s 95 theses is this master clue**, written by Christopher Locke:

MyTerms is the only way we (who are not seats or eyeballs or end users or consumers) finally have reach that exceeds corporate grasp, so companies can finally deal with the kind of personal agency that the Internet promised in the first place.

The MyTerms standard requires that a roster of possible agreements be posted at a disinterested nonprofit.  The individual chooses one, the company agrees to it (or not). Both sides keep an identical record of the agreement.

The first roster will be at Customer Commons, which is ProjectVRM’s 501(c)3 nonprofit spinoff. It was created to do for personal privacy terms what Creative Commons does for personal copyright licenses. (It was Customer Commons, aka CuCo, that the IEEE approached with the idea of creating the MyTerms standard.)

Work on MyTerms started in 2017 and is in the final stages of IEEE approval process. While it is due to be published early next year, what it specifies is simple:

  • Individuals can choose a term posted at Customer Commons or the equivalent
  • Companies can agree to the individual’s choice or not
  • The decision can be recorded identically by both sides
  • Data about the decision can be recorded by both sides and kept for further reference, auditing, or dispute resolution
  • Both sides can know and display the state of agreement or absence of agreement (for example, the state of a relationship, should one come to exist)

MyTerms not a technical spec, so implementations are open to whatever. Development on any of those can start now. So can work in any of the six areas listed above.

The biggest thing MyTerms does for customers—and people just using free services—is getting rid of cookie notices, which are massively annoying and not worth the pixels they are printed on.  If a company really does care about personal privacy, it’ll respect personal privacy requirements. This is how things work in the natural world, where tracking people like marked animals has been morally wrong for millennia. In the digital world, however, agreements need to be explicit, so programming and services can be based on them. MyTerms does that.

For business, MyTerms has lots of advantages:

  • Reduced or eliminated compliance risk
  • Competitive differentiation
  • Lower customer churn
  • Grounds for real rather than coerced relationships (CRM+VRM)
  • Grounds for better signaling (clues!) going in both directions
  • Reduced or eliminated guesswork about what customers want, how they use products and services, and  how both might be improved

Lawyers get a new market for services on both the buy and sell sides of the marketplace. Companies in the CMP (consent management platform) business (e.g. Admiral and OneTrust) have something new and better to sell.

Lawmakers and Regulators can start looking at the Net and the Web as places where freedom of contract prevails, and contracts of adhesion (such as what you “agree” to with cookie notices) are obsolesced.

Developers can have a field day (or decade). Look for these categories to emerge

  • Agreement Management Platforms – Migrate from today’s much-hated consent management platforms (hello OneTrust, Admiral, and the rest).
  • Vendor Relationship Management (VRM) Tools and services – Fill the vacuum that’s been there since the Web got real in 1995.
  • Customer Relationship Management (CRM) – Make its middle name finally mean something.
  • Customer Data Return (CDR) – Give, sell back, or share with customers the data you’ve been gathering without their permission since forever. Talking here to car companies, TV makers, app makers, and every other technology product with spyware onboard for reporting personal activity to parties unknown.
  • Platform Relief –  Free customers from the walled gardens of Apple, Microsoft, Amazon, and every other maker of hardware and software that currently bears the full burden of providing personal privacy to customers and users. Those companies can also embrace and help implement MyTerms for both sides of the marketplace.
  • Personal AI (pAI)– Till and plant a vast new greenfield for countless companies, old and new. This includes Apple (which can make Apple Intelligence truly “AI for the rest of us” rather than Siri in AI drag), Mozilla (with its Business Accelerator for personal AI) , Kwaai (for open source personal AI), and everyone else who wants to jump on the train.
  • Big meshes of agents, such as what these developers are all working on.

In the marketplace, we can start to see all these things:

  • Predictions made by The Intention Economy: When Customers Take Charge finally come true.
  • New dances between customers and companies, demand and supply. (“The Dance” is a closing chapter of The Intention Economy.)
  • New commercial ecosystems can grow around a richer flow of clues in both directions, based on shared interest and trust between demand and supply.
  • Surveillance capitalism will be obsolesced — and replaced by an economy aligned with personal agency and respect from customers’ corporate partners.
  • A new distributed P2P fabric of personally secure and shared data processing and storage — See what KwaaiNet + Verida, for example, might do together.

All aboard!

†Speaking for myself in this post. I invite the other two surviving co-authors to weigh in if they like.

*At this writing, the Cluetrain website, along with many others at its host, is offline while being cured of an infection.  To be clear, however, it will be back on the Web. Meanwhile, I’m linking to a snapshot of the site in the Internet Archive—a service for which the world should be massively grateful.

**The thesis that did the most to popularize Cluetrain was “Markets are conversations,” which was at the top of Cluetrain’s ninety-five theses. Imagining that this thesis was just for them, marketers everywhere saw marketing, rather than markets, as “conversations.” Besides misunderstanding what Cluetrain meant by conversation (that customers and companies should both have equal and reciprocal agency, and engage in human ways), marketing gave us “conversational” versions of itself that were mostly annoying.  And now (thank you, marketing), every damn topic is now also a fucking “conversation”—the “climate conversation,” the “gender conversation,” the “conversation about data ownership.” I suspect that making “conversation” a synonym for “topic” was also a step toward making every piece of propaganda into a “narrative.” But I digress. Stop reading here and scroll back to read the case for MyTerms. And please, hope that it also doesn’t become woefully misunderstood.

« Older posts

© 2026 ProjectVRM

Theme by Anders NorenUp ↑