Proof That Startups Don’t Care About Privacy

**TL;DR:* Hackers complain angrily when privacy violations occur but ignore it when creating their own stuff. I have proof – albeit thin and unscientific – but proof enough nonetheless. Oh, and wake up and smell the opportunity!*

A confluence of events are driving me to distraction this week. I thought I stumbled onto an idea that was sure to elicit attention. I was so fired up about it in a Hacker News post I stated “I want to shout it from the mountain tops.” If you know me then you know that it must be something spectacular as I am an unassuming introvert by nature. As it turned out, apparently, I’m mistaken in thinking others would share my enthusiasm for my revelation.

Disclaimer: I want to state up front that this isn’t a self-pity post. I don’t take it personally nor do I have any sort of stake in the success or failure of swaying anyone, I’m just mystified, so I thought it was worth pursuing.

The gist of my revelation, which I wrote in some detail, is there is a tremendous opportunity for entrepreneurs if they would pay attention to privacy. People care deeply about privacy and fight to protect it but conversely will openly share personal information if they trust you. And trust can be gained by being transparent with what you do with their information. As a bonus that advice just happens to fall right in line with privacy best practices, laws and regulations.

Now, if my experience is an indicator, even after an overly dramatic headline and build-up, you probably stopped reading at the end of the last paragraph. However, if I have piqued your interest I would encourage you to hear me out – it may take a while.

To start with, there is no doubt privacy is a very big deal in the news at present. A search for “privacy” in Google News right now shows the following top 4 stories:

• Google bypassing privacy setting in Safari (450+ stories)
• iOS apps invading privacy (800+ stories)
• FTC recommending strong privacy protection for children (350+ stories)
• US law makers grilling DHS over social media monitoring (350+ stories)

And that is just what I see right now. It’ll be a completely different set of stories next week and was different last week. You would have to be delusional not to recognize that privacy is a hot topic in the media.

Conversely however, when I write an article focusing on privacy issues the blog barely sees any traffic. To put that statement into context I’ve received nearly 15,000 hits for my off-the-cuff rant about salary negotiations, but a story that I believe is much more relevant and could really help entrepreneurs has garnered a little more than 300 views.

As I mentioned, and I want to be clear, I’m not upset about this but it is incongruous with my expectations. I really thought privacy + startups would be a hot topic and I still strongly believe it should be. To that end I did a couple of other things this past week to see if it was just people’s lack of interest in my blog or if it was really the topic of privacy altogether.

First off, I made an “offer” post on Hacker News. I’m going to be out in San Francisco at the end of the month and I offered to meet anyone in that area who wanted to chat about, or learn more about, privacy. That post didn’t get as much as one vote, which kind of surprised me. Free advice, and no one wanted it or, maybe I’m reading too much into it and possibly, like the aforementioned blog post, people just missed it. Things do fall of the “new” page at HN quickly these days.

But still I couldn’t let it go so I tried another approach. I checked to see if there was a privacy group on Stack Exchange and if there was, what were they talking about. It turns out there was a proposal in Area 51 that looked like it gained some traction but ultimately failed citing its similarity to security which already has a robust exchange. And, the way it was proposed, the moderators were right. So I decided to start a new one, not in the technology section, but in the professional section and explicitly call out that this wasn’t going to be about information security. Granted I’m no Seth Godin but the proposal, while not quite dead yet, is certainly on its way. That just added to my growing body of evidence to support my theory.

Still to draw conclusions from the evidence I had collected so far wouldn’t be fair or accurate. I needed some less personal evidence. To that end I hacked up a quick Python script this morning that collected all of the past “Show HN” posts (all that the Hacker News API could get anyways), parsed the URLs from the text and visited them to see whether any of these sites that collected personal information had a visible privacy notice.

The results weren’t surprising to me and while the data is certainly not a scientific sample I think it is enough to finally prove my thesis. I collected 36 posts, which yielded 19 domains. Of those 19, twelve were sites that collected personal information. And among those, only four had an easy-to-find privacy policy. That’s right, only 25% of those sites had a clear privacy policy!

Here are the domains I checked:

• proxxler.com - Has policy
• peopleplotr.com
• tiki-toki.com
• linkrdr.com
• cleanicons.com
• verelo.com
• siasto.com
• gemfury.com - Has policy
• weddingdeck.com - Has policy
• indieintern.com - Has policy
• zapkast.com
• appcod.es

I guess the only remaining question is “why.” Why don’t these sites have a basic privacy policy when there are many, many, many free privacy policy generators to be found. Surely at least one of those is going to get the job done. My only thought is that it is ignorance or laziness. A startup should really be neither if it wants to succeed and privacy is an important issue to have some familiarity with if you are collecting personal data. There really is no excuse for ignoring it and serious benefits to employing some thought to it – and I still want to shout that from the mountain tops!

If you’ve read this far, thank you! And if you are in San Francisco I want to reiterate my offer to anyone who wants to continue this conversation. I’m going to be at RSA on February 27 through March 2 and will have the mornings free. If you want to show me the best place in the area to get a cup of coffee, I’ll buy, and then you can tell me I’m brilliant or dead wrong. And, while I’m at it, I guess I should extend this offer to anyone in the Boston area and points north. This is where I live and work so I’ll be happy to meet anytime. Feel free to contact me.

Join the discussion on Hacker News