Ello, is anyone out there?

“Your social network is owned by advertisers.”

So asserts new social networking site Ello, currently released in invite-only beta stage. In fact, Ello has decided to take a stand on advertising.

Out of a series of seven blog posts that attempt to define Ello to the new user, four of them assert that Ello will not serve advertising to its users (including one titled, “Ello Doesn’t Have Ads.” The posts that don’t list Ello’s creators, beta features, and press information). As explained in one post:

“Collecting and selling your personal information, reading your posts, and mapping your social connections for profit is unethical. Every new feature on an ad-driven network is either a new way to gather more data about you (which can be sold), or show you more ads (which are auctioned), or both.”

These are bold words for a company (registered in Vermont) who, ostensibly, would like to earn a profit. The money, it claims, will come by providing paid access to special features, which will be offered later. In the meantime, Ello promises its users that they are not also its product. But is that true? What does Ello’s Privacy Policy have to say? And what does it all mean?

What you can expect at Ello

I became an Ello member on Friday, September 26 when an awesome friend sent an invite my way. Ello has a streamlined, minimalist interface reminiscent of the early days of Facebook. Despite claims that membership was increasing at one point at 31,000 users/hour, at the moment, as I have already observed in my second post on the site, “most posts on Ello are about Ello.” This isn’t uncommon in new digital fora – Twitter users who go back and look at their first tweet will most likely find some precise and (in retrospect) quaint observation about Twitter.

Ello users can unilaterally add “Friends” (think Twitter, not Facebook) and “Noise” (seemingly a kind of second tier of acquaintances or organizations that you don’t really care about all that much). You can then follow a newsfeed-like menu of Friend activity (and a more abbreviated menu of Noise activity), which must be manually refreshed to include new content. Users do not have to register with their real name, a policy Facebook has received more than a bit of pushback on lately. This means users may choose to remain pseudonymous.

Users who no longer want an Ello account can easily opt out of the service – the button to do so is easy to find on the user settings page. However, users beware – once you hit “delete” you will no longer be able to retrieve your content or reactivate your account, and your username goes back into the grab bag. No space for seller’s remorse here.

Ello also publishes a long list of rules, the violation of which may cause your to be “banned as a user forever.” However, even more notably, there are, in fact, no advertisements to be seen. So far, so good.

The social network behind the curtain

Ello’s Privacy Policy is much longer and more detailed than its blog posts or marketing materials, and has quite a few interesting provisions. As is often the case, the devil is in the details of the fine print. First, despite the assertion quoted above, Ello does not pledge to not collect your personal information. In fact, in a section appropriately titled “Information Ello Collects,” the Company enumerates information that it collects when a user visits Ello, including “information about what pages you access, about the device you are using, information that you send to us directly or post on our web site or on your page, and the address of web sites that refer you to Ello.” Ello also stores the name and e-mail address that you register with. 

Additionally, Ello stores an anonymized version of your IP address and retains the right to collect other “anonymous” records – records where “personally identifiable” data has been removed – that can be used or shared “for any purpose.” The site runs Google Analytics to research user behavior (though this can be turned off with a simple switch toggle – I have already done this) and explains that it will honor “Do Not Track” browser settings.

Regarding the information that it does collect, Ello promises that it will not sell it to any third party, though third parties may still end up with user information through a variety of different means: with user consent, under legal compulsion (it pledges to resist this when possible and to give notice to the user when not prohibited from doing so), and under contracts with third party providers of services (such as those imagined under their business model), and with potential companies with which Ello may become affiliated in the future. Ello exempts itself from any prohibitions on the transfer of user data in any circumstances when it may “prevent serious harm to Ello, its users, you, or anyone else.” Public information (such as posts), of course, is available to the public and (unless you lock up your profile) to the internet at large.

Form over substance, and other things it all means

I have to first take serious issue with Ello’s posturing. While the service asserts in one breath that “collecting and selling your personal information…is unethical,” in the next it opens the door for broad collection of user data for non-advertising purposes. The problem with a social media service that condemns advertising and yet, by its own terms, allows broad collection of user data is that it ignores certain truths about the internet and marketing.

First, a short digression to explain the two key advertising models on the internet. The first, behavioural advertising, creates a profile specifically for you using your patterns and interactions and uses that profile to market relevant products and materials. By contrast, contextual advertising bases its marketing pushes on the content around it: for example, an ad for ski resorts may be on a website that sells winter coats.

Once you have a grasp of the terminology, it is important to recognize certain basic facts. The first, which predates the internet, is that advertising is valuable. Providing individuals with information and deals is beneficial and, when it helps conserve limited resources like time and money, incredibly efficient. A second fact is that advertising and tracking are not necessarily conducted in unison: tracking is not a prerequisite for advertising (in fact, contextual advertising was receiving higher click-through rates through at least 2010) and users can be tracked without any ad-based endgame.

The crux of the do-not-track movement, which Ello seems to be capitalizing on and which represents the blow-back against behavioural marketing, is the “creepy” idea that all your online movements are being watched. Unfortunately, Ello is not the answer to this problem – it removes the value-add of the actual advertisements but without fixing the privacy violations that come with online tracking.

And, once gathered, the uses for Ello’s user data are endless. In keeping with what appears to be its modus operandi, Ello makes a grand claim (“we will not share your data with third parties”) and then proceeds to blow holes in it until it closely resembles a slice of swiss cheese. The use exceptions for third-parties, set out above, are broad – I cannot think of many circumstances in which Ello would not be able to share user data, particularly under consent or through contracts with other companies.

Of course, there are other problems with the Ello privacy policy as well. It makes no promises to actually delete a user’s data after that user has opted out of the network, meaning that the profiles created by Ello may outlast its users. In addition, the hole left open to share this data with “affiliated companies” resonates in the online economy, where companies often respond to competition by buying the competitor. Facebook or another company could become the proper owner of Ello data simply by naming the right price.

Further, the claims that some collected data will be, or even can be, “anonymized” is simply not cognizable. Even if a user’s name is removed, studies have shown again and again the ease with which “de-identified” data can be matched to a specific individual. This reality makes the separation between an individual’s name and his or her data superficial at best.

Looking ahead 

Ello is only the latest in a long string of prospective social media platforms that aim to put the user first in regards to privacy and security. Popular free and open-source social media platforms like Diaspora, pump.io, and BuddyCloud all avoid the likely business-user interest conflicts Ello will find itself in when it seeks to transform its popularity into profitability for the company and investors.

Even with the flaws in Ello’s privacy policy, there are many reasons to embrace the service. It’s simple (though buggy, a fact easily attributed to its “beta” phase) and streamlined, and there isn’t a bunch of irrelevant information fighting for your attention. Its policy not to require real names is friendly to certain groups, including the LGBTQ communities. Additionally, Ello’s security policy is quite good: they invite technologists to help find vulnerabilities (Ello has already found itself under attack) and also pledge not to email to ask users for their password. Finally, for those who hate clutter, Ello lives up to its promises to remove advertising from its users screens. However, Ello’s policies allow for back-end tracking that is much more robust than the clean interface hints at.

But it is important to note that Ello is not everything it markets itself to be. Creating a false sense of security can do more harm than good for users at risk who rely on company assertions and promises to guide their online interactions. In the wake of the Snowden revelations we have seen a sharp increase in the number of applications and services with marketing focuses on privacy and security. When those services do not (or cannot) follow through on these public promises, it is at a cost to users and, in some cases, may place users in danger. Ello’s creators and other app developers should take note to take greater care in positioning in the future to prevent irreparable harm to users.