Psychedelhic Times

Consumer internet and privacy: Weighing in on the Path controversy

A few years ago when I was in Oracle, our entire product team got a mandate to make the an older version of an application “accessibility compliant”. This included a huge number of super boring tasks like adding alternate text to images so that the visually impaired who rely on screen-readers could better understand the web page contents. In the consumer tech world, where our everyday engagement with personalized socially curated content relies heavily on cool and awesome sounding buzzwords, compliance is dirty word. In the enterprise world however it is taken seriously, even though developers hate the boring tasks and processes surrounding this concept.

I woke up this morning to the controversy surrounding the Path app’s handling of users’ contact data, and it set me thinking about the state of consumer tech in general. Here’s a brief snapshot of recent controversies which have generated quite a few storms in the tech community tea-cup:

• Curebit (YC, 500 Startups): too lazy to design their own app 1
• Path, Hipster and a bunch of other iOS apps: uploading contact directory to their servers without permission 2
• Facebook ($5 billion IPO): countless controversies, most recently about photographs staying on their CDN years after they were deleted 3
• AirBnB: Lead generation on Craigslist; identity and physical theft in a host’s home and stupid handling of the issue subsequently 4
• Zynga ($2 billion IPO): blatant cloning of popular games, and whole lot of other ugly stuff 5
• Pinterest: non-disclosure of affiliate links 6

This list goes on and on. Name any big or popular consumer company and there’s probably a story from the past year about a transgression that, at best, was a minor “violation of users’ trust” and at worst, completely illegal. What’s interesting, though, and this is just a guess, that all that hate these companies generate on communities like Hacker News doesn’t correspond to any major dent in their growth. I’d love to see some stats if my guess is wrong.

It is quite possible to evolve a compliance framework which certifies apps with ratings across major areas like privacy, security, user experience and so on. The details of this framework are hazy in my mind, but the idea is to have a universally trusted and recognized “badge” which rates apps after a combination of automated and manual checks. Storing passwords in plain text? Poor rating. Dark UX patterns? Bad rating. Great privacy compliance? Awesome. The rating should be analogous to “Verisign secured” for financial transactions.

However, regardless of how well this framework functions, at the end of the day if the market and consumers don’t care enough to punish bad behaviour, then it probably isn’t bad enough to raise such a hue and cry. At the end of the day the ends seem to justify the means for all these companies and if we, the people, let them get away with it, we shouldn’t be complaining.

(CC photo from Dave Makes on Flickr)