- Image by Mot via Flickr
Last Saturday, the New York Times ran a piece on the inadequacy of modern Internet privacy practices. In short, the “opt-in to a byzantine privacy EULA” approach is universally reviled, and doesn’t begin to address the myriad levels of granular privacy control that many users expect these days, or the myriad privacy loopholes that few are aware even exist.
Backupify has a fairly brief and straightforward privacy policy, as noted in our FAQ:
We don’t do anything with your data once it is backed up. We don’t look at it, we don’t sell it, we don’t analyze it, we don’t modify it. Our privacy policy is that you own your data and you should be in control. We don’t own your data, we just provide software to give you more control over your stuff. We charge for our service, so we never have to resort to analyzing your data so that we can sell advertising against it or anything like that. You will never get email from us unless you opt-in for it.
Backupify was started on the premise that your data is yours and you should not leave it locked up in all of these online systems. We believe strongly in freedom and privacy.
Personally, I think that’s a pretty clear, comprehensible and reliable security policy.
But here’s where it gets complicated: Users have asked us for a search interface for their backups, so they can find certain items within their data archive without downloading and parsing the data themselves, very much like the Navel-Gazer Self-Search we joked about on Monday. The features in that post were snarkily named, but they all contain an element of truth in that they represent functionality somebody has asked for.
So how do we index your data archive when we promise not to look at it? How do we build the E-marketer Goggles we suggested without analyzing your data? Even something as simple as a data retention policy — in which users have asked to delete part of their data archives after a certain retention period — would require that we check the timestamps on certain data elements before purging them. This gets even more complicated when we’re backing up version histories, such that we don’t want to purge older stuff, like WordPress themes, that’s still current.
Add in that some users have asked for these features and asked that they get complete encryption control over the data archive — I’m not sure how we’re supposed to search index your data if we can’t decrypt it — and you see where even our own well intentioned, direct privacy policy starts to look inadequate.
So I’m throwing this to the community at large: How would you write Backupify’s privacy policy? What clauses should it contain? Is it all or nothing, or do you opt-in by feature? Your feedback may well alter the very future of Backupify. Seriously.
Related articles by Zemanta
- Did We Lose the Privacy War? (ask.slashdot.org)
- Search Engine Startpage.com Introduces Anonymous Web Browsing (eon.businesswire.com)
- F.T.C. Wades Into the Swamp of Online Privacy (bits.blogs.nytimes.com)
{ 2 trackbacks }
{ 2 comments }
Personally, I think that leaving the default option of “complete privacy” is a good move. If someone wants to add the meta search functionality on their accounts, they should agree to the new privacy policy for each account it is enabled with the default still being complete privacy. For myself, I will not be using the “search” functionality unless I lose an account and actually need the backup file.
Very cake and eat it too. I agree with Trent. It's not an option I would choose but if I ever needed it for some reason it'd be available with a new privacy policy that says I'm allowing access for that specific purpose.
I received an email from Jason Falls last week responding to my concerns about NDAs and privacy. Which made me reconsider backing up some stuff that I hesitated before. What you do with data is very clear with your policy. Changing it now would make me back away, but giving an option would give me an option, not force me into something I'm not comfortable with.
Comments on this entry are closed.