An interview with Zoho's Chief Evangelist
For a long time now, Zoho has been a vocal advocate for user privacy and information security. As a part of our efforts to get this message out, Zoho's Chief Evangelist spoke to Pat Moorhead from Moor Insights & Strategy about surveillance and how it's changed over the years. This was a series of five interviews, and we're bringing you the key highlights. You can read about consumer surveillance in part one and business surveillance in part two.
Here's part three where Raju and Pat talk about adjunct surveillance and what motivates companies to go to extreme lengths to mine your data.
What is adjunct surveillance?
In previous sessions, we spoke about consumer surveillance where companies like Facebook and Google spy on their users and then use that data to target them with ads. Business surveillance is quite similar, except it involves companies that deal with B2B organisations, like Microsoft, Salesforce, and Oracle. Not only do they spy on their users to target them with ads, but they also sell that data to other companies.
Adjunct surveillance, though, is when one company monitors user behaviour through another business tool. For example, if you use Gmail, you know they track your activities across the internet when you're signed in. However, if you use another business tool, like Salesforce CRM online, it might have a Google Analytics code embedded on its webpages or in its product. If that's the case, then Google can still follow your activities, even if you're not logged in.
Let's look at another example. You visit a blog and they have social sharing buttons on the post, say a Facebook Like or Follow button. As soon as you click it, Facebook will have that information, and you wouldn't even realise how Facebook knows which websites you've visited. That is adjunct surveillance—a third party monitoring you through your software. In this case, that blog becomes an adjunct property.
It sounds illegal, but at the time of writing this, it's not. Zoho believes it should be.
This practice isn't restricted to technology, either. For instance, there's no guarantee that your telecom provider isn't selling your data to surveillance companies. Not so long ago, Google made a deal with an American healthcare company to gain access to patient medical records.
Google is actually buying our medical data without our permission. This happens with financial data as well. Every transaction we make on our credit cards is valuable data, all sold without our explicit knowledge or permission. That happens through adjunct properties.
Are cookie-based ads a form of adjunct surveillance?
No. Let's say you're on Amazon. You add a pair of shoes to your cart but leave without purchasing. If you see an ad for that exact shoe on a news website you visit two days later, that's a cookie-based ad. Amazon pays Google Ads to show you that as a reminder to complete or make your purchase.
But let's say you're a fan of Gardening Australia, and you visit Bunnings on a random Saturday afternoon. Your smart speakers and TV are so efficient that they can share your streaming data through the internet. Your handheld devices and the apps that run on it will share your location data. Surveillance companies aggregate that information from your devices. That's adjunct surveillance. They then sell it as a service to whoever wants to show you ads. In this example, Bunnings could use the surveillance company's services to show you ads about tomato seedlings.
To understand how exactly these ads work, you can approach it from the other side. Have a look at advertising tools and create ads to target an audience. Then you'll see targeting and filtering options that include location, device, browsing history—even down to the exact channels streamed on YouTube. Even if you employ a rigorous filtering system, you'll still have a significant number of people to advertise to. That just goes to show how many consumers are having their data mined and to what extent.
Now we know that this surveillance extends to other industries as well. So if you go to the hospital with a broken leg, there are companies out there who can get access to every detail of your treatment, including test results. What is Zoho doing to rise above such adjunct surveillance?
Since Zoho is a B2B company, and we primarily sell software to other businesses, we block all third-party surveillance on our websites and products. For example, we have 45+ products and thousands of pages online, but you won't see Google Analytics code on any of our webpages or mobile apps.
We have to take these strict measures because even seemingly innocent things aren't safe. For instance, if you like a specific Google font and you think you can use that on your website, you're bringing home a Trojan horse. As soon as you download the font from Google's servers, you give them access to your devices and your IP address. Most of us don't realise the severity of these data mining events because we take it for granted. A Google font is innocent, right? Well, it isn't!
That's why it's important to be aware and avoid these things.
As a company, we at Zoho guarantee that as long as our customers are using Zoho products, we'll make sure no one can track them through our services. We will never sell our customers' data to third parties or use it for ads, either.
Of course. That's just not Zoho's style, isn't it?
That's right, it's not how we do business. There're a lot of companies out there that double-dip, so to speak. They charge customers to use their products, but they also sell their customers' data to third parties for extra revenue.
That's where philosophy kicks in. What's the purpose of running a business?
For us, it's pretty straightforward. We have two clear priorities: we want to take care of our customers and our employees.
A lot of other companies have a third priority: investors. They have to keep their investors happy and so they're under immense pressure to find new ways of making money. It's as if they're on a quarterly treadmill that's constantly increasing its speed. We have none of that.
That's why business models are crucial. With data being the new oil, there aren't many businesses that take Zoho's approach. It's refreshing.
Business models are crucial, yes. You have to have the courage to say no at some point, and that comes only if your business model allows it. A lot of businesses don't have that capability because of their finance-driven nature.
Even though Apple's stance on privacy is commendable, their market cap is about USD 2 trillion. That's similar to India's GDP. When the value of a single company is the same as an entire country, then clearly, something's not right. Besides, these market cap numbers will keep changing as well. So no matter how good a company is, investors pressure them to make tough decisions. Back in the '50s and '60s, the average lifetime of a company was 60 years. Now, though, it's 17 years, thanks to financialisation—putting profits before people. That's why a good business model is critical. It defines the company and its core values.
That's the end of part three of Raju's conversation with Patrick Moorhead. We hope you found this conversation useful! Here's a recording of the video, if you'd like to watch it.