The Privacy Pivot

The world has pivoted, but you're still spinning you can't yet see it! 👀

The biggest brands of tomorrow are the ones that have already prioritised privacy above any other trend. And we're not talking about the hypocrites at Apple Inc, who talk a lot about privacy and yet crave more and more involvement in our daily lives. (The same Apple who are wishing for us to strap a dumbbell to our eyeballs). I'm talking about business that actually give a duck 🦆 about their customers. Businesses that are solving real problems for their incredible users. Needing less personal data, not more. Providing more consumer choice, not less. Businesses building things people need, not those that are trying to change what people want.

Data leaks are happening every week, secrets are being revealed, and each and everyone of us is being polluted with popups in front of every page we land on. People and business owners are still going about their days assuming business will remain like this and the way they have been with single-database of failure for the last 20 years. Believing that storing a giant pot of "data gold" on top of some unstable fluffy cloud somewhere is socially acceptable and 'cost-effective' for their business. And that it won't attract the likes of "winnie-the-pooh" or any other party with ulterior motives to come after it.

In the future it may not be "cost-effective" to store your company data in Amazon S3, encrypted or not, because you may have (unlimited) financial liability leaking excessive information, wrongly trusting third parties and manufacturing consent from customers. Or just being unable to control the availability of your services. Unlimited in the sense companies may lose the majority of customers and be targeted with lawsuits calling on them to cease to trade.

If a complete pivot occurs where privacy becomes the human right it is often talked about being, that the world may indeed even seek vengeance and damages for their personal data being made available online. Just like we're seeing with the number of lawsuits over stalkers and concerns as posted on SN over unlawful use of Apple's AirTags. The internet has a habit of knowing where to point the finger. Not at Jeff Bezos in his outer-space bunker, but at founders, CEOs and tech directors alike. Your company's future may depend on it's ability to guarantee user privacy.

Many in the tech industry like to refer to the concept of Edge Computing as bringing computation closer to the end user. The benefits being to increase latency, security & privacy. Processing will be more and more local, mobile phones, servers and network gateways will perform tasks and provide services on behalf of or to replace the cloud systems we depend upon today.

We are witnessing the continued march of our bandwidth requirements, ever-increasing abundant energy, more and more intense computation (be it gaming, AI or others) as well as more devices connecting to our routers each year. All of that means that the efficiencies of centralised data centers will likely reduce, at least when compared to the share of total usage today. It will be accessible to have enterprise-grade redundancy, both in data and energy, in home servers and devices. It will also be unavoidably more private and secure for businesses. For performance AND privacy.

Today, companies are manipulating customers into clicking a button to pretend that they have read a 62 page privacy policy written by some of the most boring people to walk this planet. People whose job it is to make things completely illegible to the average Joe.

As a society we may have normalised this legal charade, but I'm convinced than ever that this won't continue. In a world where the barriers to creating and running software are reducing by the day, we are witnessing the exponential rise of ~opensource alternatives. People are not going to spend more than 30 seconds to register for a new service in the future. They are not going to read your privacy policy. And they won't need to, not when there is negligible data to collect. And open networks will see to each of us us storing both more local & distributed data.

We live in a legislative bubble right now and things need to get an awful lot more simpler if we want to innovate and make a better world for tomorrow! It may be the Information Age (if you want to call it that) but the less data your business collects in the future, the leaner and more nimble you will be. It's about time we start thinking about how to achieve that goal and still meet the day-to-day business objectives. Technologies like Bitcoin, Lightning, Nostr, Tor and other innovations will likely help us get there.

With that in mind, here are a few brainwaves on how to think about privacy tomorrow as a business...

Build long-term trust and loyalty with your customers by respecting and minimising the amount of data collection. Just because competitors are not doing it, doesn't mean your business shouldn't! Much like people will pay top dollar for foods with fewer ingredients and 'fiat' processing, people are increasingly paying for privacy features.

Let's avoid lazy legal templates that follow the same structure the European Union have laid out for us. If you can't describe the data you process on one writter piece of A4 paper, you're collecting too much user data. Cut it back so people can read it, even with your terrible handwriting.

Don't gate features behind a sign-up wall, asking for their email, name, subscription & blood type. Let people truly experience your product without requiring their details. Think about passwordless and email-less authentication, actively avoid offering them as options. If you want to see people level-up their privacy, make the default option via Lightning or Nostr. Really think whether you need user accounts at all. Why couldn't customers just use throwaway account IDs like iVPN or MullVad have for their products?

If you say you care about user data... show it to customers, show it to employees, make it part of your brand and your training. Either don't collect certain data in the first place, or establish ways to de-anonymise it. Make data optional until the time that a user's account requires it. Rather than introducing 'umpteen' screens of onboarding.

Make privacy a priority in every department of your company. Recruit people based on their perceptions of privacy and willingness to challenge the status quo. Train people on good data retention, managing customer data like it's a hot potato and on maintaining solid security and backup procedures. Heck introduce a bounty program to cut legal jargon from your websites and services if you need to. If it's a priority, it should be uncomfortable how much you focus on it.

No one ever complained about having less data collected on them or having less information to populate in their profile. If you wouldn't ask your Gran at dinner table for permission on that data, don't manufacture consent from customers. Remove the likes of Google Tag Manager, Hotjar and other toxic trackers. Stop calling them cookies too - they are trackers!

If you need to gather information on how people use your product, do user testing or ask them in a survey! Don't spy on every visitor that lands on your site, just because you may need it someday. So much aggregate data is available today that you need not profile and track individual users that visit your site. If someone is scrolling over a particular pixel on your page, lazy load an advert below in the next section. Do not serve a disgusting pop-up.

Treat others how you'd like to be treated. Avoid third parties and lazily integrating the likes of Google Tag Manager & OneTrust, who have ulterior motives. There are better solutions out there, to be built and bought.

Automate the deletion of customer records after accounts are left idle. Actually delete data BEFORE a customer requests it. Clear your customer helpdesk emails, that are no longer needed after 6 months. Coinkite for instance does this, without anyone ever having asked them to.

Think you need to retain customer information? Think again. It may be cheaper to advertise to existing customers than new ones, but think about alternative ways of reaching your customers. Stop being lazy. Include a discounted renewal or follow-up purchase in their order confirmation. If your customers truly love your product, they will purchase it off their own backs. They will remember you, when they require access again. Not because you didn't send them a clickbait advert after 18 months of not using it.

Measure analytics in the aggregate like SN and @k00b is doing via Plausible. Strip metadata from photos & assets uploaded. Go without email remarketing firms like SendGrid or Mailchimp. User email addresses are NOT theirs. The only reason companies they exist is because you want to send a simple message every few months. Surely in 2024 you can find other means to achieve that same objective.

If you can't remove a third party, reduce your dependency on monopolistic businesses like Google, Stripe & Mailchimp, utilising smaller payment & email campaign providers wherever possible. Better still, setup your own BTCPayServer or Zaprite account. The custom solutions you dream of are not all as complex to develop as you believe. Everything is up for grabs, with many viable (open-source) alternatives.

Start thinking about features that people in the future would value, if a huge shift in sentiment happened around sensitive data over the course of the next 12 months.

How would customers want you to store their data, how would they want to be communicated about the changes? How would you educate your users on taking the steps to de-anonymise their own accounts? Think of how a completely new set of customers may adopt and pay more for your service when you are solving a problem they have been seeking a private solution for.

Some silly suggestions:

Challenge 'loose' regulations with your creative energy. Hire lawyers that remove documentation and legal lingo, rather than adding to the pile of steaming mess 💩.

Adopting a cuck mentality is how we have arrived at this point today, with a less private internet. Businesses need to be active and not simply 'interpreting' regulations in the way that they were specifically drafted to deceive. The hope was to achieve the outcomes laid-out, not through enforcement but from fear of litigation. So startups should be mindful of achieving their business objectives with processing less, and retaining less KYC information than ever before. Not more.