
Proof That Startups Don't Care About Privacy - jnorthrop
http://jnorthrop.me/2012/02/18/proof-startups-dont-care-about-privacy/
======
kmfrk
Whether you agree or not, I think we are approaching a situation where our
trust in fledgling start-ups, popular or not, is in decline. Just browse the
names: Twitter, Path, Instagram, Google, Facebook, etc., etc. Not exactly
obscure companies, many of whom are well-liked by their users.

I would be as worried as a founder as a consumer, because the joy of being an
early adopter might be waning in light of this. The address book security
breach has made it undesirable to just try out all apps you see and worry
about security later. Before, I basically only had to worry about non-SSL and
plain text passwords - something that rarely mattered.

I don't know if using "we don't send your information unencrypted and
unsafely, and we certainly don't sell your private information nor nab your
contact list" is going to do more good than harm to a new company. It sounds a
little creepy.

Maybe we should organize a pillory service with a track record in crimes
against privacy and security instead as an alternative to Crunchbase. The FTC,
bless their hearts, have limited resources and don't seem to be doing to much
to make Facebook do what they do, and a track record does not need to be kept
up to date, as great as it would be. It doesn't need to be an exhaustive list;
having the biggest companies like Google, Facebook, Amazon, Tumblr, Microsoft,
Dropbox, and Twitter would suffice in most instances, because, honestly, as
much as I loathe Facebook, I have an awful memory and have to rely on my
bookmarks to remember just how bad they are.

Perhaps this database can be extended to follow founders or CTOs involved
directly or indirectly in these screw-ups, when they leave their company, so
they don't pull the same stunt the next time.

This could be done with something as basic as a GitHub collaboration.

Who knows, maybe this can even be turned into a start-up - it seemed to work
for Chris Dixon.

------
dguido
Actually, I have evidence to the contrary. Check this out:

PrivacyParrot: See if a site sells your personal information.

<http://www.privacyparrot.com/>

It uses AI and NLP to parse privacy policies into easily readable statements:
<http://www.privacyparrot.com/privacy-policy-for-twitter.com>

~~~
slowpoke
That's a damn cool little website. Thanks.

------
tworats
For a very early stage startup caring about privacy does not immediately
translate to displaying a privacy policy.

For us it was a day 1 decision: we will not do anything remotely creepy with
your data. We will guard what you give us carefully and collect only what we
need to operate our service.

This is a fundamental and important part of our ethos.

Still, it took us more than 6 months to get an externally visible privacy
policy in place, because lawyers are expensive and not displaying a policy did
not kill us.

~~~
jnorthrop
> we will not do anything remotely creepy with your data

That is exactly what I'm trying to advocate for in my post. However, I don't
agree that you should wait until you can afford a lawyer to put up a policy.
Think of it this way: If a regulator comes knocking at your door accusing you
of some privacy violation are you better off saying, "I couldn't afford a
lawyer which is why I have no policy," or "I couldn't afford a lawyer but I
did my best to comply with the law as I understood it?"

I think the later is obviously the better position. In addition you get the
trust building benefits to boot.

~~~
tworats
The issue is that the Privacy Policy is (or certainly can be viewed as) a
legal document. Therefore I'm strongly inclined to believe you're better off
with a lawyer approved document.

I'd love to have our privacy policy be "we will not do anything remotely
creepy with your data" (in fact maybe we'll add that to our current document),
but that is so ambiguous I think users will not be satisfied, and lawyers will
have a field day.

------
46Bit
The lack of a privacy policy isn't good enough evidence for people not caring
about it. It just means people haven't written one up. I'd question whether a
privacy policy that says "we'll collect any information about you we can and
sell it to everyone we can" would be an example of caring about privacy.

~~~
jnorthrop
A privacy policy would only take the bare minimum of interest and attention.
20 minutes with a free policy generator and a simple link on the site is all
it takes. A lack of a policy might not be the best "evidence," nor is a policy
assurance they will respect your privacy, but it is a start.

------
gregsqueeb
Hey I made CleanIcons.com and I was just wondering what kind of privacy policy
you are expecting for the site? I am using a third party purchasing service
(gumroad.com) and I am selling icons that I made. I guess I could have a
privacy policy that says I will not sell your email to people? Is that what
you are expecting?

------
lamby
Have you considered the possibility that "privacy" is mostly a Hacker News
moral panic, an obsession of the sententious personality that only really
leaks out into the outside world when it can drive eyeballs or pageviews?

~~~
pessimizer
You're overestimating the influence of Hacker News, and underestimating the
historical concern that people have had about their personal information being
used to power commercial business.

[http://groups.csail.mit.edu/mac/classes/6.805/articles/priva...](http://groups.csail.mit.edu/mac/classes/6.805/articles/privacy/Privacy_brand_warr2.html)

Hacker News, 1890?

