In this day and age where web apps can be built in a day and released to millions, it’s vitally important that we leave time to consider the implications our products have on the world. I’m thankful that the folks at Outside Lands took notice and cared enough about their fans’ privacy to review and improve their Lost & Found web site when I wrote a blog post voicing my concerns that it exposed too much information
Anyone who has worked with me knows that I’m a proponent of rapid iteration. The best way to learn if a product is something people want is to actually get a simple version of the idea out the door for them to use. In fact, Hackathons themselves can be thought of as applied product brainstorming – the group doesn’t know which ideas will work best, but after 24 hours, you all have a pretty good idea which products will survive in the real world.
When I learned that the Outside Lands Lost & Found web site was developed at a hackathon, I felt sad to think that my blog post, taken out of context, might negatively impact their ability to host another in the future. As a strong proponent of such events, this was never my intention, and I certainly hope this doesn’t happen. The folks behind this hack took a good idea and got it out quickly – there’s a lot of merit in that. Maybe they didn’t consider all the issues, but when the problem was brought to their attention, they fixed it and continued to iterate. This is how successful hacks become successful web sites.
I feel strongly that as software developers, it’s our responsibility to be aware of the privacy implications of the products we put out in the world. In a day and age when personal privacy is being challenged at every turn, it’s important that, even if we ourselves aren’t concerned about the privacy of our own information, we respect the rights of our users to control the privacy of their own.
This applies even if you’re releasing presumably “harmless” data as in the first iteration of the Lost & Found site, which exposed the type of credit card a person owned and where they went to school; without that person’s consent, you have no right to expose it publicly, even if it makes your product easier to use or simpler to build.
A part of this is just having an awareness of the issues – if we come from a place of respect for our users’ wishes, that respect will carry through to the products we create. But it’s also important that we recognize that protecting our users’ right to privacy is a vital part of releasing our products to the world – and that doing so is our responsibility as developers.
I’m certainly not advocating that we start inviting the EFF to hackathons (though I’m not against the idea, given the right construct!) – simply that we make considering privacy implications a step in the path towards public release, much as we might consider a production hardware upgrade. Am I retaining more information than I should about my users? Am I making it clear to them what information is being stored? Am I releasing information publicly that they wouldn’t want me releasing?
It seems to me that privacy has become a grey area over the years, with more and more people (especially us developers) no longer considering it an important right to defend. I personally don’t know what’s best for humankind as we forge ahead in this ever interconnected world we live in, all I know is that privacy matters to a lot of folks, so I’m going to do my best to respect that.
What do you think? I’d love to hear your perspective over on Hacker News.