Whether you agree or not, I think we are approaching a situation where our trust in fledgling start-ups, popular or not, is in decline. Just browse the names: Twitter, Path, Instagram, Google, Facebook, etc., etc. Not exactly obscure companies, many of whom are well-liked by their users.
I would be as worried as a founder as a consumer, because the joy of being an early adopter might be waning in light of this. The address book security breach has made it undesirable to just try out all apps you see and worry about security later. Before, I basically only had to worry about non-SSL and plain text passwords - something that rarely mattered.
I don't know if using "we don't send your information unencrypted and unsafely, and we certainly don't sell your private information nor nab your contact list" is going to do more good than harm to a new company. It sounds a little creepy.
Maybe we should organize a pillory service with a track record in crimes against privacy and security instead as an alternative to Crunchbase. The FTC, bless their hearts, have limited resources and don't seem to be doing to much to make Facebook do what they do, and a track record does not need to be kept up to date, as great as it would be. It doesn't need to be an exhaustive list; having the biggest companies like Google, Facebook, Amazon, Tumblr, Microsoft, Dropbox, and Twitter would suffice in most instances, because, honestly, as much as I loathe Facebook, I have an awful memory and have to rely on my bookmarks to remember just how bad they are.
Perhaps this database can be extended to follow founders or CTOs involved directly or indirectly in these screw-ups, when they leave their company, so they don't pull the same stunt the next time.
This could be done with something as basic as a GitHub collaboration.
Who knows, maybe this can even be turned into a start-up - it seemed to work for Chris Dixon.
For a very early stage startup caring about privacy does not immediately translate to displaying a privacy policy.
For us it was a day 1 decision: we will not do anything remotely creepy with your data. We will guard what you give us carefully and collect only what we need to operate our service.
This is a fundamental and important part of our ethos.
Still, it took us more than 6 months to get an externally visible privacy policy in place, because lawyers are expensive and not displaying a policy did not kill us.
> we will not do anything remotely creepy with your data
That is exactly what I'm trying to advocate for in my post. However, I don't agree that you should wait until you can afford a lawyer to put up a policy. Think of it this way: If a regulator comes knocking at your door accusing you of some privacy violation are you better off saying, "I couldn't afford a lawyer which is why I have no policy," or "I couldn't afford a lawyer but I did my best to comply with the law as I understood it?"
I think the later is obviously the better position. In addition you get the trust building benefits to boot.
The issue is that the Privacy Policy is (or certainly can be viewed as) a legal document. Therefore I'm strongly inclined to believe you're better off with a lawyer approved document.
I'd love to have our privacy policy be "we will not do anything remotely creepy with your data" (in fact maybe we'll add that to our current document), but that is so ambiguous I think users will not be satisfied, and lawyers will have a field day.
The lack of a privacy policy isn't good enough evidence for people not caring about it. It just means people haven't written one up. I'd question whether a privacy policy that says "we'll collect any information about you we can and sell it to everyone we can" would be an example of caring about privacy.
A privacy policy would only take the bare minimum of interest and attention. 20 minutes with a free policy generator and a simple link on the site is all it takes. A lack of a policy might not be the best "evidence," nor is a policy assurance they will respect your privacy, but it is a start.
Hey I made CleanIcons.com and I was just wondering what kind of privacy policy you are expecting for the site? I am using a third party purchasing service (gumroad.com) and I am selling icons that I made. I guess I could have a privacy policy that says I will not sell your email to people? Is that what you are expecting?
Have you considered the possibility that "privacy" is mostly a Hacker News moral panic, an obsession of the sententious personality that only really leaks out into the outside world when it can drive eyeballs or pageviews?
You're overestimating the influence of Hacker News, and underestimating the historical concern that people have had about their personal information being used to power commercial business.
I would be as worried as a founder as a consumer, because the joy of being an early adopter might be waning in light of this. The address book security breach has made it undesirable to just try out all apps you see and worry about security later. Before, I basically only had to worry about non-SSL and plain text passwords - something that rarely mattered.
I don't know if using "we don't send your information unencrypted and unsafely, and we certainly don't sell your private information nor nab your contact list" is going to do more good than harm to a new company. It sounds a little creepy.
Maybe we should organize a pillory service with a track record in crimes against privacy and security instead as an alternative to Crunchbase. The FTC, bless their hearts, have limited resources and don't seem to be doing to much to make Facebook do what they do, and a track record does not need to be kept up to date, as great as it would be. It doesn't need to be an exhaustive list; having the biggest companies like Google, Facebook, Amazon, Tumblr, Microsoft, Dropbox, and Twitter would suffice in most instances, because, honestly, as much as I loathe Facebook, I have an awful memory and have to rely on my bookmarks to remember just how bad they are.
Perhaps this database can be extended to follow founders or CTOs involved directly or indirectly in these screw-ups, when they leave their company, so they don't pull the same stunt the next time.
This could be done with something as basic as a GitHub collaboration.
Who knows, maybe this can even be turned into a start-up - it seemed to work for Chris Dixon.