The Privacy Pivot

The world has pivoted, but you're still spinning you can't yet see it! πŸ‘€
The biggest brands of tomorrow are the ones that have already prioritised privacy above any other trend. And we're not talking about the hypocrites at Apple Inc, who talk a lot about privacy and yet crave more and more involvement in our daily lives. (The same Apple who are wishing for us to strap a dumbbell to our eyeballs). I'm talking about business that actually give a duck πŸ¦† about their customers. Businesses that are solving real problems for their incredible users. Needing less personal data, not more. Providing more consumer choice, not less. Businesses building things people need, not those that are trying to change what people want.

Profit Will Depend On Privacy

Data leaks are happening every week, secrets are being revealed, and each and everyone of us is being polluted with popups in front of every page we land on. People and business owners are still going about their days assuming business will remain like this and the way they have been with single-database of failure for the last 20 years. Believing that storing a giant pot of "data gold" on top of some unstable fluffy cloud somewhere is socially acceptable and 'cost-effective' for their business. And that it won't attract the likes of "winnie-the-pooh" or any other party with ulterior motives to come after it.

Cloud Liability

In the future it may not be "cost-effective" to store your company data in Amazon S3, encrypted or not, because you may have (unlimited) financial liability leaking excessive information, wrongly trusting third parties and manufacturing consent from customers. Or just being unable to control the availability of your services. Unlimited in the sense companies may lose the majority of customers and be targeted with lawsuits calling on them to cease to trade.
If a complete pivot occurs where privacy becomes the human right it is often talked about being, that the world may indeed even seek vengeance and damages for their personal data being made available online. Just like we're seeing with the number of lawsuits over stalkers and concerns as posted on SN over unlawful use of Apple's AirTags. The internet has a habit of knowing where to point the finger. Not at Jeff Bezos in his outer-space bunker, but at founders, CEOs and tech directors alike. Your company's future may depend on it's ability to guarantee user privacy.

Rise of Edge Computing

Many in the tech industry like to refer to the concept of Edge Computing as bringing computation closer to the end user. The benefits being to increase latency, security & privacy. Processing will be more and more local, mobile phones, servers and network gateways will perform tasks and provide services on behalf of or to replace the cloud systems we depend upon today.
We are witnessing the continued march of our bandwidth requirements, ever-increasing abundant energy, more and more intense computation (be it gaming, AI or others) as well as more devices connecting to our routers each year. All of that means that the efficiencies of centralised data centers will likely reduce, at least when compared to the share of total usage today. It will be accessible to have enterprise-grade redundancy, both in data and energy, in home servers and devices. It will also be unavoidably more private and secure for businesses. For performance AND privacy.
Today, companies are manipulating customers into clicking a button to pretend that they have read a 62 page privacy policy written by some of the most boring people to walk this planet. People whose job it is to make things completely illegible to the average Joe.
As a society we may have normalised this legal charade, but I'm convinced than ever that this won't continue. In a world where the barriers to creating and running software are reducing by the day, we are witnessing the exponential rise of ~opensource alternatives. People are not going to spend more than 30 seconds to register for a new service in the future. They are not going to read your privacy policy. And they won't need to, not when there is negligible data to collect. And open networks will see to each of us us storing both more local & distributed data.
We live in a legislative bubble right now and things need to get an awful lot more simpler if we want to innovate and make a better world for tomorrow! It may be the Information Age (if you want to call it that) but the less data your business collects in the future, the leaner and more nimble you will be. It's about time we start thinking about how to achieve that goal and still meet the day-to-day business objectives. Technologies like Bitcoin, Lightning, Nostr, Tor and other innovations will likely help us get there.

10 Top Startup Tips

With that in mind, here are a few brainwaves on how to think about privacy tomorrow as a business...

1. Differentiate on Privacy not Price

Build long-term trust and loyalty with your customers by respecting and minimising the amount of data collection. Just because competitors are not doing it, doesn't mean your business shouldn't! Much like people will pay top dollar for foods with fewer ingredients and 'fiat' processing, people are increasingly paying for privacy features.

2. Make your Privacy Policy SIMPLE

Let's avoid lazy legal templates that follow the same structure the European Union have laid out for us. If you can't describe the data you process on one writter piece of A4 paper, you're collecting too much user data. Cut it back so people can read it, even with your terrible handwriting.

3. Hook People Without Blind Onboarding

Don't gate features behind a sign-up wall, asking for their email, name, subscription & blood type. Let people truly experience your product without requiring their details. Think about passwordless and email-less authentication, actively avoid offering them as options. If you want to see people level-up their privacy, make the default option via Lightning or Nostr. Really think whether you need user accounts at all. Why couldn't customers just use throwaway account IDs like iVPN or MullVad have for their products?

4. Deliver on your Privacy Promises

If you say you care about user data... show it to customers, show it to employees, make it part of your brand and your training. Either don't collect certain data in the first place, or establish ways to de-anonymise it. Make data optional until the time that a user's account requires it. Rather than introducing 'umpteen' screens of onboarding.

5. Define Privacy as a Company Value

Make privacy a priority in every department of your company. Recruit people based on their perceptions of privacy and willingness to challenge the status quo. Train people on good data retention, managing customer data like it's a hot potato and on maintaining solid security and backup procedures. Heck introduce a bounty program to cut legal jargon from your websites and services if you need to. If it's a priority, it should be uncomfortable how much you focus on it.

6. Challenge Industry Evils

No one ever complained about having less data collected on them or having less information to populate in their profile. If you wouldn't ask your Gran at dinner table for permission on that data, don't manufacture consent from customers. Remove the likes of Google Tag Manager, Hotjar and other toxic trackers. Stop calling them cookies too - they are trackers!
If you need to gather information on how people use your product, do user testing or ask them in a survey! Don't spy on every visitor that lands on your site, just because you may need it someday. So much aggregate data is available today that you need not profile and track individual users that visit your site. If someone is scrolling over a particular pixel on your page, lazy load an advert below in the next section. Do not serve a disgusting pop-up.
Treat others how you'd like to be treated. Avoid third parties and lazily integrating the likes of Google Tag Manager & OneTrust, who have ulterior motives. There are better solutions out there, to be built and bought.

7. Delete Data After 12 Months

Automate the deletion of customer records after accounts are left idle. Actually delete data BEFORE a customer requests it. Clear your customer helpdesk emails, that are no longer needed after 6 months. Coinkite for instance does this, without anyone ever having asked them to.
Think you need to retain customer information? Think again. It may be cheaper to advertise to existing customers than new ones, but think about alternative ways of reaching your customers. Stop being lazy. Include a discounted renewal or follow-up purchase in their order confirmation. If your customers truly love your product, they will purchase it off their own backs. They will remember you, when they require access again. Not because you didn't send them a clickbait advert after 18 months of not using it.

8. Minimise 3rd Parties

Measure analytics in the aggregate like SN and @k00b is doing via Plausible. Strip metadata from photos & assets uploaded. Go without email remarketing firms like SendGrid or Mailchimp. User email addresses are NOT theirs. The only reason companies they exist is because you want to send a simple message every few months. Surely in 2024 you can find other means to achieve that same objective.
If you can't remove a third party, reduce your dependency on monopolistic businesses like Google, Stripe & Mailchimp, utilising smaller payment & email campaign providers wherever possible. Better still, setup your own BTCPayServer or Zaprite account. The custom solutions you dream of are not all as complex to develop as you believe. Everything is up for grabs, with many viable (open-source) alternatives.

9. Build a Privacy Roadmap

Start thinking about features that people in the future would value, if a huge shift in sentiment happened around sensitive data over the course of the next 12 months.
How would customers want you to store their data, how would they want to be communicated about the changes? How would you educate your users on taking the steps to de-anonymise their own accounts? Think of how a completely new set of customers may adopt and pay more for your service when you are solving a problem they have been seeking a private solution for.
Some silly suggestions:
  • build in a "Mission Impossible" or "Men In Black" self-destructing animation & sound effects for ephemeral chat messages.
  • write bog-standard customer emails in a non-HTML text editor and include typos to be more authentic.
  • show the encrypted blobs of data that are being processed by your site each second.
  • allow people to dispose of or radically overhaul their identities at the click of a button.
  • create a dummy-data version of your product that requires no user sign-up and allows people to 'recruit' celebrities and 'report' politicians.
  • allow people to buy lifetime pricing of your products upfront so that you never need to email them again if they wish.
  • create an infinite-loop onboarding experience with a single delete account button at the end.
  • tell people you reincarnated your lawyer as an AI to make things legible.
  • joke with your customers about how you are changing their name because they remind you of your pet chameleon. Be radically transparent about their privacy and have fun with it in the process.

10. Less Compliance. More Defiance.

Challenge 'loose' regulations with your creative energy. Hire lawyers that remove documentation and legal lingo, rather than adding to the pile of steaming mess πŸ’©.
Adopting a cuck mentality is how we have arrived at this point today, with a less private internet. Businesses need to be active and not simply 'interpreting' regulations in the way that they were specifically drafted to deceive. The hope was to achieve the outcomes laid-out, not through enforcement but from fear of litigation. So startups should be mindful of achieving their business objectives with processing less, and retaining less KYC information than ever before. Not more.
Thanks @davidw! It's a great feeling when your semi conscious thoughts spontaneously appear in text at the top of stacker news, written in better detail than you could have hoped to produce yourself! This is the new way to do biz! ... FYI your gramerly or editor seems to be one the fritz, it is DECREASED latency and ANONYMISE not de-anonymise πŸ€ͺπŸ˜‡
lol thanks for spotting and calling out the required edits so respectfully.
Wish I could blame my editor. I just blame lack of sleep & being too trigger-happy on the β€˜post’ pressing. Maybe the mainstream narrative is still affecting parts of my brain, who knows.
Should have done another pass on the post. And will pester @k00b for my extortionate evergreen edit button.
329 sats \ 1 reply \ @k00b 28 Feb
@ek and I discussed it this week. We have ideas for it. It's just a 2-man-week lift.
To be fair, I probably would de-prioritise it unless it's part of a strategy to bring back old content. Not going to move the needle on its own.
Thank goodness there is absolutely nothing else to think about on the roadmap. Must be fun twiddling your thumbs all day with @ek & co, simply waiting for sat-cent parity.
This title is a really good company name imo!
Wonderfull article @davidw! I will take this with my when building stuff among the consultancy stuff I do. I guess the same applies to you? πŸ™
Β© 2024.
Thanks @sebastix. I hope to instill some of these principles in the products I work on. Even if there’s more work & effort to come from it.
Nobody cares to make privacy policy simple. They just make it difficult and more difficult because they don't want people to understand it at all.
This comment is an example of corrosive cynicism, i.e. no-one's going to do the right thing and the situation is just going to get worse. It is the opposite of the constructive attitude that the OP is exhibiting in their post.
You got me here, LMAO..
🀯 a new useful term! Need move these feelings towards healthy cynicism.
I love #2! Also #7. But #2 is so good. I've tried reading privacy policies but I get frustrated because the terms are often incredibly generic. I'd definitely perk up if a company had a very short privacy policy that was clear and simple.
I'd love to know if anyone has ever be targeted with a lawsuit for having a 'readable' but transparent privacy policy.
Was a bit of a rant and perhaps unjustified generalisation about those in the law profession, but every single lawyer I have ever met struggled to think critically about removing information, only wishing to add to it.
Quite often companies just run with the most recent template of a competing firm and then add to it from there.
It should be illegal to make someone approve a contract they can't reasonably read and understand. In some places it is.
0 sats \ 1 reply \ @k00b 2 Mar
AFAICT the biggest obstacles to companies respecting user privacy are:
  1. dealing with spam and other kinds of resource abuse (e.g. reddit blocking vpns)
  2. making money when interactions are below a customer's pay-line
  3. maintain a marketing relationship with past customers
Companies invade privacy because it's the path of least resistance for many of them. IMO if we solve and scale privacy preserving solutions to these problems, private will be the default again.
Good points. Also copy-cat practices, that build on top of the previous 'standards' implemented are also to blame why we're at where we are today.
I also like the push vs pull analogy. Companies have arguably been pulling data from us, since the birth of the internet. Future networks should see to it that we "push" data to providers and remove access when we see fit.