Don’t wait anymore. They probably not coming ever again unless GDPR is voided.
Do they hate making money? Did they just want to make people panic about GDPR(after it had already been implemented)? Are their lawyers just really bad at their jobs?
Seriously. What is their motivations from your perspective?
1) Don’t think about users’ privacy from the start. 2) Ignore GDPR until the enforcement deadline. 3) Panic and shut down EU until you find something to do.
> If what you are saying is true, why would a business choose to shut down their EU services until some later date?
> Do they hate making money? ...
> Seriously. What is their motivations from your perspective?
Don't assume businesses are making rational decisions just because they're businesses. Their motivations may very well be that their leader irrationally freaked out after reading some anti-GDPR FUD, overreacted, and hasn't yet reevaluated the decision.
I just don't think it's particularly unjustified FUD. It is a big law that made a big splash. Can you really blame anyone who wants to wait and see how it goes down?
There IS a ton of guess work for now. To take either stance with so much certainty is a little dishonest IMHO. And I think you agree! You say yourself "... in all likelihood, on the off chance ..." Is "better safe than sorry" really so unreasonable.
Are there any precedents set for GDPR enforcement yet? No? Then how can you know that?
Easy to say when you're telling someone else to take the risk.
The thing is I don't want to be without such a service for a longer period of time so I'm sadly probably not coming back.
And for no good reason.
Just assume the improbable cost of some litigation as a company, like tens of thousands of others (including much bigger and much smaller than yours) did, put up a message to European customers and have them click and proceed as usual to the service.
Or, you know, use the headstart of more than a year before the law was put into practice to get the service in order...
Genuine question: as an EU citizen, without the use of a VPN or proxy is it still possible to at least log on to the service to cancel your account?
Instapaper is not a subscription-based service. The product is completely free on all platforms today.
I think the app was a one-time purchase at launch but it has been free for many years. All of the Premium features were also made free when Premium was discontinued in 2016 shortly after the Pinterest acquisition.
But this is a Free service being provided to you. Why do you believe you have the right to dictate how someone else uses their time when you're not paying for it?
(And yes, I realize the houses in this metaphor rarely have doors in their doorways, much less locks, so it's techinally not burglary, but frankly I don't care.)
The proper analogy would be:
You invite a volunteer carpenter in to fix your cabinets. He asks if he can write down what cereal your family eats instead of taking payment. You say sure! (ie agree to the terms of service).
New law passes. He refuses to come back and fix your cabinets for free next time because he doesn’t want to get sued for writing down the cereal names improperly.
You then scream at him and call him names, and try to ruin his reputation on the internet and accuse him of being a thief.
Maybe if the sanctity of what cereal your family eats is so important to you, you should just directly pay money to a normal carpenter next time?
First, Instapaper is a continuous service. If you store something, you want access to it again. It's not a series of one-off, independent services.
So, no, they didn't just "refused to come back and fix your cabinets for free next time". They gave you a space to write your notes and store your links, and then they denied access to that for 2 months (and counting).
Second, you forgot the part where Instapaper had paid services for years, and that many people who are denied service today, had paid good money and stick with it. They weren't asked if they wanted it to br made free and unreliable either.
So, if Gmail was closed to the free tier European users for 2 months+, they should be OK, because "they didn't pay for it"?
>But this is a Free service being provided to you. Why do you believe you have the right to dictate how someone else uses their time when you're not paying for it?
That's an argument for the 1950s economy, this is 2018. We have other models, such as ads, user profiling, even pure eyeballs as a M&A/IPO monetisation strategies. Just because the user doesn't paid doesn't mean money aren't made from the user using the service. Except if one believe they run it from the goodness of their hearts at a loss, but then they probably also believe in the Tooth Fairy.
Not to mention that Instapaper used to actually charge too. If someone paid for the app or premium later for years, is it ok if they "make it free" and then deny access to their account for 2 months?
I thought Instapaper was a free service that Pinterest bought mainly for it's article parsing technology? As an analogy FB's customers are advertisers and media agencies who pay to keep the lights on as is Pinterest's, users are not the customers.
At this point it's pretty concerning that you still have nothing to say publicly except "we're working on it", no detail, no schedule, no nothing.
Also, giving a bit of detail or a minimal schedule is easier than a PR campaign. It’s called transparency, and it works even if you’re alone on a project.
Funny thing how DailyMotion isn't getting sued, but YouTube's parent company is.
That’s the point. When there’s no risk, nobody cares about their users’ privacy. That’s not an excuse for shutting down now that it’s legally risky to disrespect your users.
Also, nobody got sued, ignorant reporters notwithstanding. Schrems only filed complaints with the regulators.
Edit: To clarify I'm not saying they do that, I just can't see what part of GDPR they're having trouble with
From my point of view they store a list of URLs and provide a way to nicely view the content of those URLs. What in that could be causing 2 months of downtime to fix?
If I create another software product I will explicitly and permanently make it unavailable to EU residents.
While I'm a bit annoyed at the amount of paperwork and side systems that need to be constructed to ensure proper handling of personal data that I have had to implement, I can only see GDPR as something positive for the people.
My apps are tiny, free, and just not worth the hassle of figuring out what GDPR compliance is (even though they are likely GDPR compliant already since I don't store any info).
I think we're going to see a lot of small indie developers just not publish to the EU until it makes financial sense (which might be never). And that's exactly what happened here: Instapaper is a two-person team and they didn't have the time or resources to ensure compliance, so they just kept letting it slide.
I suspect we'll see much more of this to come for the EU.
Yes, GDPR may be beneficial and all, but thinking that it does not have an associated cost of a higher barrier to entry is a bit myopic.
And if your application doesn't store data, then it's a one time cost essentially. Which is the time spent reading up on the legislation.
How do I naturally during development acquire an Article 27 representative?
"Due to the new General Data Protection Regulation (GDPR), we're currently unable to offer products and services to customers in the European Economic Community. We apologize for the inconvenience."
People have to be able to make informed decisions. It’s hard to tell from the outside if a restaurant is safe, so we have inspections. It’s impossible to tell if a website is trustworthy with your personal data, so we have laws to try and ensure they will be.
You really don’t understand this?
What I do give a damn about is not being able to read some quality publications that rationally decided GDPR is not worth the risk.
Not a week passes without such a reminder that I’m now living behind the Great EU Firewall. I now live in a place where I need to use a VPN to access all of the Internet, for crying out loud.
And that’s not to mention the click through acceptances of terms an every fucking site, that’s “only” annoying as hell (which nobody reads anymore and thus GDPR changed exactly nothing in it’s supposed goal).
EU’s bureaucratic zeal made, via GDPR, my life worse, with no benefit, even theoretical, for me. So please spare us the lecture on how GDPR is good for us. It’s terrible even for consumers.
If you don't respect your users' privacy you don't deserve to do business in the EU. And make no mistake: whether you like it or not, that legislation - or something very like it - is going to jump the Atlantic sooner or later, so why not position yourself ahead of the curve instead of stropping off and taking your ball home?
There are side-effects I don't like about GDPR, like the endless bombardment of overwrought cookie consents on every site I visit (definitely something that degrades the experience of the web), but I do like the fact that my privacy has to be respected by corporations.
It doesn't have anything to do with GDPR, but it's a fantastic example of (likely) well-intended European privacy regulation both is utterly useless and also stands zero chance of jumping the Atlantic.
GDPR is becoming that on steroids: the only thing that changed was for the worse: some sites outright banned EU visitors, the rest started using obnoxious terms screens that are even worse than cookie bars. Nothing really changed.
Anybody with half a brain could have seen this coming. But no, let’s double down on the same thing with GDPR. This time it will surely go down differently...
So you're going to make the decision of what constitutes "respecting my privacy" for every single person in the EU?
This is equivocating.
The issue is not whether you agree with having your privacy protected. The issue is deciding what constitutes "respecting privacy" for every single person in the EU, and threatening people with violence if they disagree.
That’s more than enough time.
> Some clarification from a Pinterest spokesperson: The two employees Pinterest brought on from the Instapaper acquisition will continue working at Pinterest and run Instapaper independently on the side. So sounds like Instapaper wasn’t really working out inside of Pinterest.
Is that what’s happening here? What’s the name of this process?
In the 2016 blog post announcing the acquisition:
> All of these features and developments revolved around the core mission of Instapaper, which is allowing our users to discover, save, and experience interesting web content. In that respect, there is a lot of overlap between Pinterest and Instapaper. Joining Pinterest provides us with the additional resources and experience necessary to achieve that shared mission on a much larger scale.
Is that no longer true? Was it ever true?
He's not active on HN, but he jumps in for quick damage control and "clarification" when people have vaguely privacy-related or operational questions about Instapaper. When followup questions are posed, particularly more difficult ones, he never responds. So I find it very unlikely you're going to get an answer here, because this account is clearly designed to do low-touch public reassurance without much commitment or transparency.
(P1) We use the information you provide to operate Instapaper's features. We do not share this information with outside parties except to the extent necessary to accomplish Instapaper's functionality.
(P3) We use non-identifying and aggregate information to better design Instapaper, to suggest popular content to users, and to share with advertisers and publishers. For example: ...
(P6) In the future, we may sell, buy, merge, or partner with other companies or businesses. In such transactions, user information may be among the transferred assets.
The "License Grant" section of the Terms of Service is also good reading, because it indicates that they can use user data in perpetuity, even after closing your Instapaper account (presumably until you explicitly request your information being deleted). What do you suppose that is used for? Maybe Brian can enlighten us.
Further, I'm going to go ahead and assume this can be explained through basic cynicism. This monetization model was probably never terribly significant for Pinterest, except insofar as it was useful for internal discussions and inspirations for ways Pinterest could improve upon their own user data analysis. When GDPR came along, this probably tipped the scales to make Instapaper a net liability for the company (and not one in line with its financial or brand goals). Thus we have Instapaper being cut lose, yet again.
With respect to follow ups, I usually respond and move on to other things. I do my best to be open and transparent in online communities like these.
Moving onto your privacy concerns there are two things I'd like to say...
* Instapaper has always done hard deletes of user data when you delete articles or your account, it's been done that way since the Marco days.
* We have never monetized using user data, or developed any type of special targeted advertising for Instapaper.
- We may tell an advertiser or publisher that X number of people visited a certain area on our website
- We may tell an advertiser or publisher that X number of people bookmarked Z stories from a particular site or topic.
I'm going to be blunt with you, Brian: I don't believe what you're saying to me right now. At best I believe you're stating things which are superficially true but skating around the spirit of people's intent when they ask about privacy policies and how user data is being used.
> We use non-identifying and aggregate information to better design Instapaper, to suggest popular content to users, and to share with advertisers and publishers.
and this afterwards:
> When information is used in this or a similar manner, we do not disclose anything that could be used to identify the individuals on whom the information is based.
I suppose using aggregate data in that manner could technically be described as “monetiz[ing] using user data”, but it’s not the type of activity most people are worried about (nor, incidentally, something that would implicate the GDPR).
As for the ToS license grant, it’s presumably the type of cover-your-ass wording lawyers always put into those agreements. I’m not a fan of the practice myself, but it’s not really evidence that Instapaper does, or intends to, use user data after deletion. Also, it might be intended to address backups, though I’m just speculating.
Your points make me wonder... If you're running a small successful and independent sass, that respects its users, and you want to move on. What do you do, if your only options are selling to a large company that won't respect your users, or shutting down? Is it plausible to find a buyer that will honestly maintain a user-respecting ethos? If not, then it seems that there are no good choices for a founder in this position.
> We won't try to flip your business in 3-5 years. We won't mess with your team and culture. We won't lock you into golden handcuffs or push complex deal terms. We won't ruin your life with months of unnecessary due diligence. We won't renegotiate and grind you on terms.
> We started Tiny to create the buyer we wish we could have sold to.
To my knowledge, no one else makes similar commitments to both keep good things as-is and also to buy and hold indefinitely. At least from the outside, Tiny's model is unique.
Even though I hate the fallout that impacts me as a user, I'm generally happy to see financial success come to those that made something cool (if you didn't make promises to the contrary). Committing to NOT selling out tends to just tie the hands (and wallets) of those that are giving me what I want, so that doesn't seem to be a good option. But this is a good option, at least as advertised: Sell out to someone that will try to make sure your customers don't resent the results.
Looking over their list of companies I don't believe I've worked with any of them - does anyone have actual experiences to share?
Andrew and the rest of the Tiny crew seem to do a great job of standing behind what they say, from my limited experience.
And (tinfoil /on) if you were planning on winding down, compliance development is exactly the kind of thing that would be stopped. Shutter that, prior to shuttering everything else.
 https://www.xconomy.com/texas/2017/12/05/jungle-disk-buys-ca... / https://www.startupssanantonio.com/jungle-disk-announces-acq...
Not always. Fastmail was bought (back) from Opera by employees and they are doing fine.
That and Opera was turning more into an advertising company, which wasn't a close fit with our existing user base. It's great to be in a position where we don't have split loyalties and "shadow customers" - leaving us able to focus on what's best for the people paying us for the service we provide.
I wish more companies adopted this approach to commerce.
It's a lot of work to spin the company and losing talented people that they might want to keep.
Didn't Marco create it and run it independently for over 5 years?
I guess that gave him some runway to try new things.
Besides, it seems like the team from Betaworks has been working on Instapaper since then.
I'm not sure how your reply relates to the statement I was replying to?
I looked it up on Marco's about page and he did run it for 5 years before selling it in 2013.
I guess I don't see how that's "being passed around... since birth."
Although honestly I am not a fan of the recent UI changes, which are presumably done for monetization. An explanation would be nice as I am mystified. I guess a redesign is a way to make more room for ads without making it completely obvious.
If a company puts a specific operation in its own legal entity, then it usually wants to sell it, or segregate risk, or for tax planning.
When you have duties of protect user's data and you don't comply with it, I'm done. Months ago I changed to Pocket (Mozilla owned) and I'm ok with that. I missed little stuff like the text render and other minimum things.
Just wanted to say that because protecting user's privacy is also a business model.
That Instapaper blocks EU users is fishy to say the least. What it means is that they are probably selling user data and cannot keep doing it without informing users of it.
I can’t express how grateful I am for GDPR.
It seems like you'd have to willfully misunderstand the requirements of GDPR to argue that the only reason for non-compliance is that 'they are probably selling user data'.
However, if you can instead imagine that two employees might not want to manually manage GDPR requests for a userbase of two million users (in their free time, no less!) then you might come up with other likely reasons for non-compliance. For example, I wouldn't want to architect a backup system that deletes user info from my backups whenever I receive a GDPR request.
Also I do know what the GDPR requirements are, as I’ve been in charge of GDPR compliance. While we may disagree on how easy or hard it is to implement it, there’s nothing in it that’s not common sense, which shouldn’t need a law for companies to implement.
Tip: if you’re doing backups, encrypt them with the user’s key and on deletion just throw away the key. Not rocket science.
I will never again trust instapaper, independent company or not.
The compliance risk is what's dangerous and challenging, not the actual "fixing" of systems. Many people in these comments seem to have no experience with business risk management. They think it's as simple as "just make data deletable." But, the technical side is the easy part. It's the getting sued part that's potentially catastrophic. Even if you "win" you still have spent thousands or tens of thousands defending. And even if you do win, you could be sued again the very next day.
GDPR is more than just deleting data, it's a massive business risk to even companies doing it "right."
You can be sued at essentially anytime for any reason, long before the GDPR. If you're worried about a GDPR lawsuit ruining your company then you're either violating the GDPR or you should have shut down already because the risk was already there.
X is guilty of violating Y because they're worried about being sued for Y. Interesting legal principle.
> or you should have shut down already because the risk was already there
X should shut down because of the risk of being sued for Y? What?
No luck at home with Virgin Media's "ehhh we'll look at IPv6 eventually"
2) Giving (reportedly) one day notice that they are shutting down access is definitely a trust hit. They should have known long before that.
I don't use Instapaper and I'm not in the EU, but those of these points are raised elsewhere in this thread, and both seem valid concerns in terms of "trust" regardless of whether you approve/disapprove of the GDPR.
1. There was no certainty GDPR was going to pass.
2. There was no certainty as to what language would be used in the final document.
3. There was no certainty as to how/when it would be enforced.
By the time GDPR was actually passed, the lead time to enforcement was a slap in the face.
And to be honest, the compliance dates felt like a calculated attack to further the EUs moronic crusade against Facebook and Google, knowing full and well they were unrealistic deadlines.
Collateral damage to Instapaper and others is somehow a worthwhile trade off in the name of burning witches.
So I say, let there be consequences.
Good luck guys.
Terrible name, great little product.
Also text rendering is not really good: in Instapaper you get nicely fullscreen text, not really true for Pocket: they keep too much text formating (colors, sometimes also some layouts elements) and quite often I am getting articles that are cut the way that one line contains just one word (and sometimes just few letters out of word).
Last thing is bloat, which is just minor issue: I don't care about trending posts, best offs and recomendation.
Not been able to use it since GDPR came into play, assumed it was down to slow large company -itis.
Peeved by it the point I was planning out my own replacement product for Instapaper. Hopefully everything is back on track soon
I had a look around and in an attempt to pre-empt - no, I'm not jailbreaking my kindle
Luckily the service is still better than Pocket, which has unusable pagination, no ability to sort by length, and is generally just a cluttered mess.
Agree that highlights are a brilliant feature - the next natural step after saving an article is saving the best bits of that article.
Now that they will need income, they must be betting on the numbers being robust enough to support a team of 5.
But I'm genuinely not sure if I'd pony up when they start charging again.
If they come back with the same feature distribution I would keep being a free user.
Might be much better these days but I can't try it out again because they've blocked anyone in the EU
Are people bumping in this b/c of interest in Pintrest, or b/c they find Instapaper an amazingly useful app?
If the latter, what else are you all using it for other than saving long articles on plane flights w/o wifi?
Actually uses the original Insapaper site-specific extraction rules (they were hidden after Marco sold it I think) which can now be found here: https://github.com/fivefilters/ftr-site-config/ We get contributions from users of Wallabag (good open source alternative to Instapaper/Pocket).
It also uses the original Arc90 Readability code ported to PHP to figure out where the article content is without any knowledge of the site.
We sell the latest versions (AGPL licensed) but older versions go up in our public repository: https://bitbucket.org/fivefilters/full-text-rss
Disclaimer: I made this. We've nailed down tasks and now we're focusing on making the read-later/bookmark feature top class. Articles are highlight-able and you can reference articles as tasks (because 'read this article' is a essentially a task) - we find this helps you read more, as most bookmark managers are essentially "here's a thing I like enough to save but will probably never read".
Give it a try.