

I heard you like numbers... Numbers from 37signals - themcgruff
http://37signals.com/svn/posts/3076-i-heard-you-like-numbers

======
mpk
"And a Basecamp user uploaded the 100,000,000th file (It was a picture of a
cat!)"

Aren't you supposed to treat user data as confidential and not examine the
contents?

~~~
themcgruff
The file was named cat.jpg and that was logged, which was what we saw. We do
not look at user’s files.

~~~
huggyface
Terribly bad judgment to post that. Like apparently numerous others, that bit
caught my eye and made me pause and reflect on the downside of SaaS.

Even looking at the filename seems pretty suspect, as an aside. What if the
filename was BankruptcyPreparation.docx, or TerminationOfBobDobbs.pdf, etc?
The metadata about a file should be confidential as well.

~~~
csallen
I won't comment on whether or not it was wise of them to post that
information, except to say that plenty of other services have posted much more
revealing data without backlash of any kind.

What I will question, however, is the assertion that looking at user filenames
is suspect. That's _easily_ fair game, and to claim otherwise is as ridiculous
as claiming your dentist has no right to see your dental records, or your bank
shouldn't know how much money is in your account.

If you're that protective of your data, then it's up to you make wiser
decisions. For starters, don't name your files SuperSecretPrivateInfo.doc and
then give them to other people to store. Take a look at their extremely
readable privacy policy. Send them an email with questions. If you care so
much, take action and stop blaming other people for your own laziness.

~~~
huggyface
Plenty of other services have shown indiscretion about their client's data.
That doesn't validate this case, especially considering that many of us look
to 37signals as essentially the poster boy of leading behaviors.

We expect more from them.

I am not trying to be argumentative but want to respond to a point you made as
I think it is critically important for many HNers running or aspiring to run
SaaS solutions-

"If you're that protective of your data, then it's up to you make wiser
decisions. For starters, don't name your files SuperSecretPrivateInfo.doc and
then give them to other people to store."

For real? I guarantee that 37signals would not sanction such a ridiculous
statement. Most SaaS companies wouldn't touch such claims with a 40' pole.

The industry lives and breathes on the feeling that the data is confidential.
We're currently looking at some hosted helpdesk ticket solutions, and I can
tell you that if there was even the slightest hint that the vendors casually
browsed our data we would rethink the whole adventure.

~~~
walkon
Cat.jpg from an unknown user of Basecamp. This tells us nothing about anyone.
Get over it.

~~~
sunchild
It tells us that they looked at customer data, and that's a really, really big
deal to people who are doing serious business that involves private
information that is: (1) regulated by government, and/or (2) has significant
commercial value.

You can waive your arms and talk yourself blue in the face about your security
protocols, but in the end it all comes down to trust. This kind of slip-up
erodes that trust.

~~~
walkon
> It tells us that they looked at customer data

Have you ever supported a product that has external users? Eventually have to
see their data in some way, shape, or form. Whether it be a username, email
address, ip address, user-agent strings, filenames, etc; there are times when
troubleshooting, verifying functionality, validating report data, etc where
you will have to look at at least some subset of actual customer data
somewhere. It is simply unrealistic to think otherwise.

How would you go about providing customer support or auditing without looking
at the customer data required to complete such tasks?

(edited to add quote)

~~~
sunchild
And announcing the content of the one millionth file upload is serving the
customer how?

------
thesash
Inspiring numbers for a bootstrapped, private company, and a strong reminder
that if you're building a business there are viable alternatives to the SV
funding cycle

~~~
mibbitor
They got funding from Jeff Bezos.

~~~
anon808
As I understand, the owners sold a portion of their equity to Bezos. The
company didn't raise money from Bezos to fund operations. Big difference.

~~~
eCa
Exactly. This was _after_ three of their four major products had been
released:

[http://37signals.com/svn/archives2/bezos_expeditions_invests...](http://37signals.com/svn/archives2/bezos_expeditions_invests_in_37signals.php)

They didn't need his money, they wanted him.

------
cobrabyte
These numbers are mind-boggling. I'm a subscriber to a few 37signals products
but never knew they had so much usage.

Thanks for posting the stats.

~~~
foobarbazetc
Those numbers tell you almost nothing. That's the entire point of the post.
Big meaningless numbers.

