My first reaction was defensive. I took it personally. I thought: Do you really think I’m a scammer? I pour my soul into meticulously crafting products to delight users, not to trick them. Why would I trash all that effort and disrespect my own goals by doing something as stupid as stealing data? It felt insulting that people assumed malice when I was just trying to build something useful.
But after sitting with it, I realized those initial comments—the ones I wanted to dismiss as paranoia—were actually right. Not about me, but about the environment we operate in.
There are enough shady companies, data brokers, and bad actors out there who abuse user trust with impunity. We’ve all seen big corporations bury invasive tracking in their terms of service. As a builder, I don't operate in that world; I’m just focused on making things work. But for users, that betrayal is their baseline reality. They have been trained to expect the worst.
I realized I hadn’t factored that into the launch. I didn’t explicitly state "Your data remains yours" because to me, it was obvious. Why would I want your data? But in an industry that has systematically mined, stolen, and abused user boundaries for a decade, you can’t blame people for checking for the exits. They aren't being "ninnies"; they are being wise.
If I were using a new tool that had access to my workflow, I would want explicit assurance that my IP wasn't being siphoned off. I just forgot to view my own product through the lens of a weary stranger rather than the optimisitc builder who wrote the code.
This is especially true now because the landscape has changed. There was an old PG essay about how ideas are cheap and execution is everything. That’s shifting. AI has made execution cheap. That means ideas are prime again.
Because execution is distributed and fast, first-mover advantage, brand, and reputation matter more than ever. Your prompts and your workflow are your IP.
So, privacy isn't just a compliance box; it's a competitive requirement. I don't think we need full-NSA-level paranoia for every tool, but we do need to recognize the environment we are launching into. The "security purists" were right to push back: I didn't think about that aspect enough, and in 2025, trust is the only currency that matters.
al_borland•3w ago
As for the rest, I think this line is key:
> But I was thinking more like a private user who already trusts what I use by default (because I built it)
Of course you trust what you wrote, but do you trust what everyone else writes? Put yourself in the shoes of your potential customers. Most people don’t know you, your values, your intent… all they have to go by is what you tell them. Also remember, people lie. So don’t just tell them, prove it.
And to your point with AI, the ability for someone to make something that was seemingly done with care and to delight, just so they can steal data, has never been easier. Your take away was execution is cheap, but maybe the take away should be data harvesting is now cheap, and that data is more valuable than ever, so people are right to be wary of anything that is accessing their data.
keepamovin•3w ago
On the data side, your data is not valuable to me. Your money is. I’ve never made a product that sells user data or uses it for ads.
I enjoy making good technology that people want to use and pay for. Maybe one day we will make some data- or ad-supported business. I don’t know. It never seemed like the right idea, and I wouldn’t know where to start.
But I believe for that kind of thing, to make the kind of money I make, you have to have a gigantic scale, and the things I make have not really had a gigantic scale. They’re more specialist, technological products rather than mass-market, viral whatever.
It’s the same dynamics and economics I think that led me to learn that open source is not really a fit for the products I enjoy making; shareware-style trial and license is more of a fit.
So when I release a paid product in that style and people come at me like, “oh my God, what are you doing with my data?” I kind of think, what the actual fuck. What am I doing with your data? It’s nothing. I don’t care about it. I’m merely the Postal Service for it or whatever.
I feel like, don’t people know that I’m not making data products? And I think importantly, if I were, then I would establish trustworthy expectations with clarity about that. I would do it cleanly: yes, this product is free because we’re mining your data to sell it. If I was going to do that, I would just say it, you know. Because I think the people you lose through that honesty is not bad. There’s plenty of apparently data products that are free but making money through selling user data, but really I find it odd how much people think about that stuff when looking at the kind of products I make that are always paid, no-data products — especially when I don’t think about user data at all except “how can I make it secure so people can’t hack it.”
So I guess my learning here has been more like: there’s a lot of customers out there with, like, technology PTSD. Which means, even though I’ve kind of missed it in the news, there must’ve been a lot of shady data practices and rip-off scamming kind of things going on, and people are scared about that. But the weird thing to me is, like, do people really believe that kind of stuff is so lucrative that you could make more money doing that than selling paid products? I mean, what the actual fuck?
So there’s a part of this that still doesn’t make sense to me logically, but I accept that people have this kind of PTSD about data brokers and shady practices. And I think it’s important to be really clear about how you’re protecting them from that, essentially. And I didn’t give any thought to that before, because of course I would have no interest in doing that bad stuff, so why would I think I would need to say it? But it turns out the environment we live in, you kind of have to assure people