I'm one of the founders of Homejoy. I'm still very passionate about the home service space. After leaving Homejoy, I started FlyMaids, where we're exploring a few different angles on the space.
We recently acquired the customer and service provider data from Homejoy.
We're a small team that has been focused on moving quickly while bootstraping. We tried to quickly test different approaches, but we realize now that we did so in an unclear manner. We recognize the need to use the data we acquired responsibily. As a result, we're taking the site down, and we're going to do a better job with our testing moving forward.
I'm starting to read "passionate about" as "wanting to make money of". I have to make an effort to read it in the classical sense. I fear the same will happen with "share". And when my kids talk about sharing at school I will only think of flooding with memes or of selling things.
Now, I'm not a native english speaker, so I can't say if aarontcheung is misusing the term or not. Is this change happening to the english culture as a whole? Or am I reading way too many silicon valley articles?
I hear a lot of people using "passionate about" to mean "committed to" because it prevents others from trying to convince you that you're making a mistake.
just another bullshit marketing term. I cannot believe these type of people really think that those reading it will go "wow this guy really cares about some low paid worker cleaning my house well, I will go with them".
"i can't be 100% sure but i think people choose to work here because they believe homejoy is not just another cool startup; it’s a mission; it's a passion. we're building things that enable and will change the way people live and work. this is not an overnight venture; we know it'll take a long time, and we’re all committed to it."
Yeah, that's not miopic, self-important and delusional at all.
Aaron, I was a homejoy customer. I am frustrated and concerned that my credit card # was sold to another company without my consent. How can users opt-out of having their data sold to flymaids (or any future ventures)? The fact that flymaids' site is a poorly-built clone of a competitor's site also makes me scared that my data is not being protected.
Yes, Stripe makes it SUPER simple for accounts to change hands.
I bought a small business from a brokerage site.
He transferred the Stripe account to me no problem. It was as simple as me making a Stripe user account and then him adding me to the account he used for the business and then me removing him.
The entire process took minutes. It took about 3 weeks for PayPal.
As long as you're using their JS solutions so credit card data never ever goes through your servers (even temporarily), PCI-DSS compliance on Stripe just means serving the payment page over SSL.
That could just be the last four digits. When you create a token with Stripe, you do still get those back. Conceivably, they're showing 12 asterisks and the naked last four, while retaining the token Homejoy used with you so they can recharge -- although in order to do that, they would need Homejoy's Stripe API secret.
I was also thinking through which rules would apply here. (What entity owns a Stripe account? What constitutes a transfer of data? How does this case differ from say, an acquisition?)
The medium article only shows info you can get from a Stripe card_id request. Not using https on that page is troublesome, but I don't think there's any evidence to suggest FlyMaids (or even HomeJoy) ever had access to actual CC information.
It seems more likely that this depends on Homejoy's ToS/Privacy Policy. (Although it's certainly possible the transfer was done in a way that violates Stripe's policies, I'm just not familiar with those)
My guess is the account never changed hands. Stripe can't really prevent a legitimate owner of an account from doing something stupid with it. At least, not until after the fact.
Doesn't look like it is stored (only) with Stripe. The profile section of the site (per the blog post screenshot) displays some of the credit card info.
It's also intentionally difficult to gain access to the customer's card number on checkout. All the server is allowed to receive is a unique token representing the customer to complete the transaction with. Pretty clever, but I suppose not impossible to workaround.
Why did you copy Handy's site verbatim? Why did you not give customers the option to opt-in to your new venture? Why did you post the logos of news organizations that had never written you up?
> We recently acquired the customer and service provider data from Homejoy.
That's all you really need to know about FlyMaids and Homejoy. If I ran a startup into the ground I would never ever betray my customers by selling their data!
> When you run a business into the ground, some decisions about what you sell get taken over by courts, at the direction of your creditors.
This is true, but a lot of this "story" still seems strange, especially in light of the fact that all of the sites that appear to be associated with Cheung's new venture have been taken offline.
There are a number of well-funded players in this space, some of which might have an interest in acquiring Homejoy's data. How did the twenty-something co-founder of the failed business come to acquire the data? Did outside investors provide funding for the new venture and its acquisition of the data? Were any of those investors also investors in Homejoy? Why weren't former Homejoy customers simply informed that another company had acquired their information in an honest, transparent fashion (the way most companies handle transactions of this nature)?
It's worth pointing out that the email Cheung sent to former Homejoy customers about FlyMaids stated that FlyMaids "work[s] with Homejoy's best cleaners."
If that is true, it would appear this new venture is essentially just Homejoy reincarnated, begging questions about Homejoy's liabilities. Assuming the lawsuits against Homejoy haven't settled, I'd imagine the attorneys behind those lawsuits might have an interest in what's going on.
The founder says he acquired the data through an assignment for the benefit of creditors. I'm not an expert in ABCs, but my understanding is that the assignee in this process has a fiduciary duty to creditors and therefore must attempt to maximize the liquidation price of the company's assets. So I'm still curious as to how the twenty-something co-founder of the failed business acquired the data.
That aside, if we assume the data was acquired appropriately, it makes the questionable behavior[1] all the more baffling.
You're trusting that they or their acquirers will honor the contracts that they have with you. In the case of Homejoy, my assumption is that the claims/promises they made constitute a contract with their users that limits their ability to make use of your data outside the described scope. IANAL, but I think there's a reason we don't regularly hear about things like this - it's actually hard to do without getting sued.
Why? Because the two thing you need to run a professional housecleaning service are access to people's houses and their credit card numbers. Maintaining this access demands far more judgement, care, and integrity than Aaron Cheung is ever likely to have.
A contract requires mutual consideration. Whatever someone says in their dying breath doesn't constitute a contract. A last will, perhaps, but not a contract. (To my knowledge, estate law does not apply to corporations.)
This shouldn't be downvoted. It's far from unreasonable to attribute these moves to following the "hack/hustle" ethos we hear all the time in Startupland. "Passion" + "exploring" + "small team" + "moving quickly" + "bootstrapping" + "quickly test". It's all there, folks.
Yet without HTTPS anyone changing or entering new credit card info is at risk on this site. There's also personal information like where to find spare keys and stuff; it should be a lot more secure than this.
Any time you use last-4 as something secure, you're doing it wrong.
As mentioned above, last-4 is sent by email frequently, and email passes, unencrypted, through intermediate servers all over the Internet. Any compromised host can observe all of the email that passes through it.
Any process that uses last-4 to unlock a password or otherwise as a secure token is broken by design.
I wanted to follow up and address some concerns mentioned in this thread, and acknowledge that I definitely made mistakes.
How did you get my information?
We acquired Homejoy’s domain and customer information through an ABC process. Our intention is to improve and then relaunch Homejoy’s cleaning service. We were testing a new model using Fly Maids, one of our testing brands. As evidenced today, we made some mistakes.
Why is your email and website so misleading?
When we contacted customers, we didn’t tell them we were Homejoy relaunching because we wanted to gauge reception to our new model without the influence of Homejoy’s brand.
As a result, we scared many customers, who expected the worst had happened to their data. We should have told customers upfront who we were, what we were testing, and used original content.
Do you have my credit card info?
No, as of Oct 28 2015, we deleted all credit card info, including the last 4 digits. Also, the Homejoy Stripe account has been permanently shut down so no one can get access to it in any manner.
At no point did we ever charge a Homejoy customer’s credit card.
How do I delete my account information to ensure that it is not used in any way?
Please go here http://goo.gl/forms/YPdJlYJ9Pn
If I was party to a lawsuit in which a company like Homejoy was the defendant, and a similar situation happened, I'd definitely be interested in finding out how one of it's co-founders "acquired" the customer database / IP, for how much, if it went to public tender, and if not, why not -- and I'd certainly be asking a judge to join whatever the new entity is called to the case as a co-defendant with shared liability.
It's at the very least dishonest if not of questionable legality to shut down your old company to try to avoid lawsuits and / or debts, start a new company and sell yourself your old assets. I really hope that isn't what you're doing / did. Because that would be pretty low-brow kind of stuff.
1. You now acknowledge you intentionally lied to customers by saying you were redirecting them to a "partner", but it's the same company under a different name.
2. You don't hold that data under a payment provider like Stripe, and yet you claim to have PCI-DSS compliance but are violating it and risking a lot of customer credit card data!
You now say you have deleted that data, but how are we meant to believe you? Where was that data stored? Locally or with Stripe? Why didn't you encrypt it?
How did you "acquire Homejoy’s domain and customer information through an ABC process"? How does that even work?!
Regarding the last point on continued access to account information: opting-out from this is much worse than opting-in. Think of all the people who used homejoy and don't read HN - wouldn't they want the same?
I was not a Homejoy customer but from a general point of view I reckon you need to communicate to all the customers in your file and clearly let them know the truth about everything. That is the only way that you can redeem yourself from this.
>Aaron Cheung, I would appreciate it if you didn't taint YC's brand with your questionable business practices.
You could say the same about bigger "success" stories (let's say Airbnb). They're actively ignoring laws that make their business look better. Regardless of how you feel about whether the laws are just or not, how does that reflect on YC to have one of their biggest success stories blatantly ignoring laws?
In my experience, life is easier when you admit your mistakes without business speak, and just take the blame (for example: "I" instead of "We"). I've written a lot of mea culpas for mistakes which impacted customers, and the more direct and transparent I was, the better responses I always got.
You made a mistake, you know you made a mistake. Admit it, apologize, and move on. Your excuses or context probably aren't going to help your cause.
When that mistake might be very costly litigation-wise, and anything you say/do might be brought up in court, it's time to break out the business speak and obfuscate like there is no tomorrow.
Maybe. That sort of nonsense may decrease the odds of losing a lawsuit. But you increase your odds of having a lawsuit, because you leave more people mad at you.
That might be a good choice for a large company, as they already have lawyers on staff, can afford to pay for a lawsuit, and have enough money to advertise away the reputational stain.
I'm not sure it's a good idea for a startup, though. Unless you are well funded, just dealing with a lawsuit could be fatal given the reputational cost, the legal bills, and the amount of founder time that will get soaked up. Personally, I'd try to be human and humane about it.
Agreed, I think it would be better to be frank and honest in this situation. Just trying to provide some kind of rationale for why he responded in such a business-like manner.
I'm actually tempted to write a response so harsh I'd probably be banned from hacker news.
Instead I genuinely hope that YC will force companies taking the 7% into a no selling on data policy; I'm not saying that is easy to write but I am saying this situation without response smears YC, something I'm sure could be avoided in future.
"Instead I genuinely hope that YC will force companies taking the 7% into a no selling on data policy"
I did a paper on (sort of) this in law school. My focus was on civil law systems and I'm not claiming I'm the world's foremost expert on this topic.
With that out of the way, it's not that easy. When a company goes bankrupt, it doesn't have a say on what happens to its assets. Furthermore, a liquidator doesn't have to honor commitments made by the company. (this is also why 'software escrow' in the cheap form that is implemented so often is, imo, legally on shaky ground - this was the actual topic of my paper).
So what are the options? One is to put the 'ownership' of customer data (what that means exactly is a whole discussion in itself) into a separate company. But that company can't be owned by the 'real' company, it's tricky in many way. And costly. And makes things (very) difficult, operationally. And it takes away the ownership of a critical asset, making it near impossible to get investment (because who will invest in a company that doesn't 'own' its customer data?) Etc. I don't think anyone follows through on their claims of being 'careful with customer data' to this extent, but then again, of course I don't know the operations of every company in the world.
Basically, once you are in a database of a company, and if that database is worth anything, you are up shit creek when that company goes bust - good intentions and promises do not matter one bit. A new guy comes in who doesn't care about his 'reputation' in the field the company was in, who has a legal duty to get the highest price for any assets, and who is not bound by anything the company did or said. It doesn't take a law degree to figure out how that works out for the 'privacy' of the (former) users/customers.
What about a legal agreement with the users that the information will be deleted before a bankruptcy is filed and if they fail to deliver, then the users are owed so much for failure to deliver on the contract (and this debt is created in such a way it takes priority over other debt). Make the debt big enough that anyone owed money for a reason other than this deal (so investors and such) would see a greater payout by deleting the information and selling the other assets with their normal claim to its worth than by attempting to sell the customer data and split the proceeds with all the users.
Also make it legally solid enough that even if there was a lawsuit, the cost of the lawsuit would be higher than the worth of the data.
Brilliant idea, it's essentially you are giving a permanent license to your info; the problem below is a real one though, the investments we are seeing are often clearly hedged against resale of data... A rather scary market when Stripe will just charge credit cards if you have a users token!
I think a "no selling personal data" policy would make sense...user profiles, email addresses, credit cards, mailing addresses, photos, relationships with other users (e.g., if LinkedIn went out of business they shouldn't be able to sell the list of people to whom I am first-degree connected)
On the other hand, I think that proprietarily-generated data would be fair game if anonymized. A massive data set showing how people's usage of a given service varies based on age, geography, type of phone, whatever -- I think selling that to a third party would be morally and ethically defensible. [0]
There are likely a lot of edge cases here (the LinkedIn example above might be one), and it's an interesting topic. With all that said, recycling all of Homejoy's users' account info into a new enterprise without their explicit consent seems pretty plainly wrong to me.
Prediction: the fact that there's still no word from @sama or @paul probably means that they're working hard to provide a clear and decisive written response to this incident -- probably one that amounts to a new YC policy of some sort.
[0]: IANAL and not sure whether the possibility of an eventual sale of such user-generated data would need to be mentioned in the service's T&Cs from the get-go.
Do you realize that the post is less about FlyMaids being "unclear" and more about it being completely dishonest, as well as using user data provided to HomeJoy without the permission of those users?
> Cleaner Connect is not an employer, but simply connects independent service professionals with customers
Your Homejoy co-founder stated lawsuits over worker misclassification were the "deciding factor" in the decision to wind Homejoy down[1]. Assuming cleanerconnect.com is indeed part of your new venture, the above suggests your "testing" involves the same flawed contracting strategy that contributed to Homejoy's demise.
2. Your email to former Homejoy customers encourages them to use a "partner" service. You fail, however, to disclose that you are actually a principal of the "partner" business. Additionally, your comment suggests that FlyMaids is not actually a partner of a company that is supposedly winding down but rather is the acquirer of certain Homejoy assets.
3. As far as I can tell, neither FlyMaids or Homeaglow were ever featured by Oprah, The New York Times, etc., yet this claim is/was being made on their sites.
>3. As far as I can tell, neither FlyMaids or Homeaglow were ever featured by Oprah, The New York Times, etc., yet this claim is/was being made on their sites.
Thank you. I asked the same question below and got some downvotes for it. Falsifying things like that is a big sham. I see on homeaglow, the company claims more features on Rachels (whatever that is).
>We're a small team that has been focused on moving quickly while bootstraping. We tried to quickly test different approaches, but we realize now that we did so in an unclear manner.
Sometimes moving quickly isn't the best although most people say launch fast. Being that homejoy didn't do well,why didn't you take time to research well what you want to do next instead of copying a competitors site word for word?
Also, in the email to the person who wrote the article, you referred to flymaids as a "partner". Why not just come out and say it is your company?
Dude, you weren't unclear. You literally lied by copying customer testimony to mislead. At least apologize or take some responsibility. Id honestly rather you not say anything than this extremely weak response.
"When a management with a reputation for brilliance tackles a business with a reputation for bad economics, it is the reputation of the business that remains intact." -- Warren Buffett.
Why not get out now, lay low for a bit, take a job, learn another industry, and then save up to try again another day?
It is completely unacceptable that you have kept your customer's credit card details. You are completely violating Requirement 3.1 of the latest PCI-DSS (which has been the same since I looked at v2.x of the standard, incidentally):
3.1 Keep cardholder data storage to a minimum by implementing data retention
and disposal policies, procedures and processes that include at least the
following for all cardholder data (CHD) storage:
Limiting data storage amount and retention time to that which is required
for legal, regulatory, and/or business requirements
Specific retention requirements for cardholder data
Processes for secure deletion of data when no longer needed
A quarterly process for identifying and securely deleting stored cardholder
data that exceeds defined retention.
You might be trying to reboot your business, but your Comms didn't say that you were dealing with the same company owners. You also appear to have ripped off a competitors website.
You don't sound very trustworthy or reliable. If you can't keep to at least the PCI-DSS standards, what makes you think anyone can trust you moving forward?
I am going to sound contrarian, but I don't mean to be.
How does this violate PCI-DSS? The data itself is likely stored somewhere secure (who knows) – what's being displayed in the web app is the last four digits of the card and expiration date, this isn't where it's stored.
There is obviously a question of what the retention should be, but it's definitely the case that payment information can be transferred between companies.
The whole situation exudes a lack of trust, but it's not clear to me that PCI compliance is a problem here.
I thought it was pretty clear, but I'm willing to elaborate.
The requirement is that card data is securely removed when it is no longer required. They are no longer billing customers at HomeJoy as the business has been wound up, so the credit card data should have been deleted.
Also: no customer has given them any right to have their credit card billed to an entirely new entity. Credit card information should not be transferred due to sale of customer data to an entirely separate legal business entity because no contract of sale has been established between the customer and that new entity.
Yeah, I get your position (hopefully!), but I think I'd rather hear from a lawyer whether this is OK or not, my guess is that it is OK.
The snippet you pasted says also:
... regulatory, and/or business requirements
A business that is going out of business may treat this data as a business asset and may need to retain it for a certain period even when they are inactive.
Most terms of service do allow for transfer of account information to third parties, and have contingencies for what happens to the data if the company goes under, and as far as I'm aware, selling that customer data is an option unless they've explicitly said they won't.
As long as the credit card data is transferred in a PCI compliant way, it's legal.
You're absolutely right that it would be a serious violation if they were to charge someone without their knowledge, it doesn't look like that's happened yet.
It's also quite possible the underlying business entity is still Homejoy with a name change. ZenPayroll* didn't have to get people's permission to charge them when they changed their name to Gusto, but it obviously helps to communicate that change very clearly!
I am pretty sure we generally agree, though, it's very clear that there are dozens of egregiously bad things being done by Aaron and his team that can only hurt them and their desired future customers.
Yeah, you don't need to be a lawyer to implement PCI-DSS. You are entirely missing the following dot point:
"Processes for secure deletion of data when no longer needed"
Those dot points aren't using a disjunction, they must ALL be followed. The standard is very, very clear on that point: once you don't need the data, you securely delete it.
That makes sense, incidentally. If you no longer have the data anywhere, then nobody can get to it even if they compromise your systems and gain access to your credit card lists.
If your company winds down and you no longer bill your customers, you are absolutely required by PCI-DSS (and good security practice!) to delete that data.
As for HomeJoy being the same legal entity, that's not the way that the email sent from HomeJoy reads. It says that Fly Maids is their partner, not the same organisation.
That HomeJoy hasn't done this says to me they are cavalier with their customers data at best. I would not trust them with my credit card details, nor would I be happy letting them into my home.
I'm not entirely missing the point, but I don't know enough about the PCI-DSS to be too much of a contrarian here :)
Processes for secure deletion of data when no longer needed
Is "needed" defined anywhere?
As far as I can tell this requires companies to create a plan – that plan could be very different between companies.
I highly doubt Homejoy/Fly Maids is maintaining the data themselves, it's probably stored in Stripe, so unless they are actually storing credit card data in a non PCI compliant way, they are probably fine, right?
Let me restate what I think you're saying though:
When they shut down Homejoy, they should have immediately deleted all the data they had stored in Stripe (or what ever payment system they use)?
"That HomeJoy hasn't done this says to me they are cavalier with their customers data at best. I would not trust them with my credit card details, nor would I be happy letting them into my home."
I highly doubt Homejoy/Fly Maids is maintaining the data themselves, it's probably stored in Stripe, so unless they are actually storing credit card data in a non PCI compliant way, they are probably fine, right?
No, Stripe would then be violating PCI-DSS themselves.
How could Stripe know if one of their users is out of business and should delete their data? I'm a bit confused (as you already know!)
Stripe has API calls to get the last four digits and expiration date.
Also, it's not clear that the /payments page isn't secure, the screenshot is of the Profile page.
*edit: see my reply to your other comment, didn't realize you were OP, so I will now assume you did check the payment form for security and it was not there, which is definitely even more shocking.
First, I want to apologise if my tone has been a bit off on a few of my replies.
Stripe is very unlikely to transfer credit card data to an entirely different organisation. They also require evidence of PCI compliance before they will do business with you.
As for knowing when your business is being dissolved: I have to refer you to their terms of service, found at https://stripe.com/us/terms
You agree to give us at least 30 days prior notification of your intent to change your current product or services types, your trade name, or the manner or types of payments you accept. You agree to provide us with prompt notification if you are the subject of any voluntary or involuntary bankruptcy or insolvency petition or proceeding. You also agree to promptly notify us of any adverse change in your financial condition, any planned or anticipated liquidation or substantial change in the basic nature of your business, any transfer or sale of 25% or more of your total assets or any change in the control or ownership of you or your parent entity. You will also notify us of any judgment, writ or warrant of attachment or execution, or levy against 25% or more of your total assets not later than 3 days after you obtain knowledge of it.
You are guessing, however, that they are using Stripe or another credit card provider to store that data. But given Stripe need to handle charge backs and other things, I can't see them not knowing about HomeJoy, given how public the windup was.
Yep this all makes sense. I still think there's a chance it wasn't transferred at all. Since the founder of Homejoy runs the new site it could be that they're still the same entity and business with the same stripe account. Maybe this has its own implications.
Unfortunately it sounds like the worst case for them is that enough people report them to their payment provider and they get fined. Clearly what they face there is probably not worse than the huge violation of trust their former customers will feel.
By the way thanks for digging into this so much. The Stripe TOS are darn clear here.
Not the entire card, just the last four digits and expiration date. Is there anything that says that's not allowed? The PCI is about storage of the data.
It's bonkers to display it over an insecure connection, but I don't think that it's disallowed.
At the very least, read requirement 4. The simple fact is that they were allowing customers to enter their credit card details and submit that data over HTTP.
If they were using stripe how did they pass details through onto HTTP? as far as I remember their webhook won't even communicate with an unsecure page. They must be using some other payment gateway.
I didn't follow every link you included, and didn't expect to argue about this – also, I didn't realize this was your post, my bad!
You can ignore my comment about the /payments page, I'll assume you checked that, so yeah, that's insane if you can update payment information on an insecure page.
Welp, might as well ask if no-one else is: What do you mean by 'exploring a few different angles on the space'? How is you new service going to be better than Home Joy or different? Essentially, considering what happened to Home Joy, why is it going to be different this time around? Great job on Home Joy the first time 'round, btw.
For user's to automatically log in, it appears that you didn't move data to FlyMainds as much as FlyMaids is the new face to the old HomeJoy site and database.
Typically investment contracts employ non-competes to prevent founders from starting new businesses in similar spaces. Clearly this person's previous actions aren't the most ethical but I'm curious what his strategy is around this.
It's jargon, but people definitely are like that. There are a horde of people who just want to do Bitcoin or VR or video games, for example. They're less concerned with the specific company than something about the tech, the users, or the market.
Oh, I understand being passionate about video games, or VR, or Bitcoin, or even, maybe, although it's a stretch, helping people keep their houses clean. And wanting to work in that area.
When you say you're passionate about a "space" though, I think you reveal that all you're really saying is you think you can make a lot of money in that "space". Which isn't passion at all. Well, maybe passionate about making money. Which is more like at best ambition or at worst greed, not actually passion.
While I think this is a stupid move on the founder's end and there's no debate about that, I disagree with your understanding of what "passion" is. People seem to think most passionate people are born with some sort of pre-assigned passion, but it's something that arises out of your experience and action. Just like Thomas Edison was "passionate" about what he built (but he was super greedy and an asshole too), this guy probably became obsessed with this "space" after having worked on it for such a long time, even though 5 years ago he probably didn't care about home cleaning at all.
I do not think anyone is born with a pre-assigned passion. I just still doubt you can be "passionate" about a "space". That the word "space" is used in this entrepeneurial jargon is not a coincidence. The word "space" is a lack of things, not a thing itself, a vacuum, an absence, an opportunity. An opportunity to make money, specifically. I don't think the firm belief that there's a lot of money to be made in a certain "space" is actually a "passion". Not that there's anything wrong with that, not everything needs to be a "passion". Except in the silicon valley entrepeneurial mythos, where nothing is just a business, everything is a "passion" and will change the world (presumably for the better).
You're being too cynical. Why does everything have to do with money? He didn't say he thinks there's money in this. You are the one who did. And there is not even a guarantee that there's money in this "space" either. Rather, this on-demand home-cleaning category is quite gloomy if you look at what's happening to all the companies that belong to it. Maybe you think all "opportunities" are related to money, but to many entrepreneurs it's just a secondary objective.
I agree that greed isn't passion, but "space" here is industry jargon for things like "business domain" or "market" or "customer segment". He could by lying (that is¸ saying he's passionate about something he's not) or wrong (confusing greed or familiarity or obsession for passion).
I think what genuinely defines a passion is, would you do it for free if nobody was going to pay you for it.
On such terms "Passionate about" statements are almost universally crap.
There is nothing wrong with just working for the money, all this instistence people must be "passonate" about their work smells an awful lot like cultish propaganda. It not enough to do your job and get paid, you must LOVE your job!
For me, however, the weasel-worded "we realize now that we did so in an unclear manner" is completely different than "we realize now we made a big mistake".
I find it so hard to believe that anyone could possibly think going live with a total clone of a competitor's website for "testing" is a good idea.
Maybe, _maybe_, for offline testing with small focus groups. But even then, what's the point? You could just show them the competitor site and ask what the dis/like..
Immature know-nothing who thinks he's slick but is obviously making improper (unlawful?) use of private financial information. In no other business would you give a kid millions of dollars and expect him to not waste it on shiny objects like aero chairs and not toss him on his ass when ranting Start Up Speak. I'm so passionate about my comment I think I'll change the world.
PR is difficult - especially on Hacker News. Sometimes people respond excessively harshly (which I think unfortunately makes people less likely to engage the community at all).
Bad press sucks and can be hard, it'll pass though - good to be cautious with this kind of thing in the future (which you probably will be).
I was a Homejoy customer too and don't think this is that big a deal all things considered.
>I was a Homejoy customer too and don't think this is that big a deal all things considered.
It is a big deal. He copied a competitors site word for word. He has 3 other cleaning companies and it appears people who signed up with homejoy have their info. moved to these companies. Customers need to know when their data is going to be used and they have to give consent. Perhaps this fresh article will show the severity of the matter-
http://www.businessinsider.com/aaron-cheung-brings-homejoy-c...
We recently acquired the customer and service provider data from Homejoy.
We're a small team that has been focused on moving quickly while bootstraping. We tried to quickly test different approaches, but we realize now that we did so in an unclear manner. We recognize the need to use the data we acquired responsibily. As a result, we're taking the site down, and we're going to do a better job with our testing moving forward.