DEV Community

Helder S Ribeiro
Helder S Ribeiro

Posted on • Originally published at on

In which a programmer/entrepreneur repents from his spyful ways

Hi there, internet friend!

I'm @agentofuser.

You signed up to hear from me about #PrivacyTech as it relates to webdev and indiehacker stuff, so here I am.

And today I bring you a story of wickedness, revelation, repentance, and hope. My story.

🎵*Lighten up; Cue Funkytown*

You know, way back in the day, when I was doing the startup thing (I was an employee on one that got sold, then "Founder & CEO" of 3 with no cash, no users, no business model, but sure to be the next billionaire, amirite? 😎), tracking users was not something you decided to do.

It was the very air you breathed.

  • "Google Analytics?" First line of code. ✔
  • "Mixpanel?" Definitely. ✔
  • "Behavioral email?" Is there any other kind? ✔
  • "Livestreaming the user's screen plus heatmap of every mouse action and keyboard activity?" 😍 Oh my, can I have two please!? ✔✔

Of course nobody would also feel emboldened to "do things that don't scale" like stalking each new user and newsletter subscriber across linkedin and social media as they came in, which is why I didn't add that to the list 🙈

But I mean, what's wrong with a little insight / telemetry / analytics / business intelligence, right?

(Who can even be against intelligence?! 🧠)

Isn't that just some healthy harmless hustlin' 💼?

Gotta be lean and data-driven and have 'em metrics. 📈

"You can't improve what you can't measure," right?

Besides, if you're not spying on your users, your competitor certainly is.

Oh so what you're saying is that there might be some downsides, Mr. Snowden? 🧐

Then that happened. 💩 Oops.

I wish I had a more original origin story or that I could count myself in the ranks of those who knew it all along and finally had their day in "I told you so" court.

As it turns out, the last of my startups ran out of Start-Up Chile money and I just stopped spying on users because I stopped having them.

So no big conversion (the "come to Jesus type", not the "took the bait" kind, you marketer you) moment there on the product-building ethics side.

But my personal internet habits certainly did take a big hit. For one, no more nude-swapping 😩😭 (damn you, Snowden!!)

Plus a lot more self-censorship , adblocking, switching to Tor Browser for health searches, and that nagging feeling of "I'm on someone else's turf now."

Since then it became clear that "data is the new oil" and that corporations, governments, gangs, and petty thieves are all out to drill us dry of it.

I have been lucky so far not to have been the target of laser-targeted phishing, or have a roommate kidnap me to steal my cryptotulips 🌷, or be booted out of Australia because of a tweet. (A childhood friend did.)

Or, you know, have my health insurance company screw me over because they don't like the way I'm breathing.

But those are all risks we run these days, and sooner or later we're all bound to get unlucky surprises because of one data breach or another.

Fine, tracking is bad, but how am I supposed to make money if I know nothing about my users??

I mean, being an indiehacker is… wait, that requires a pause:

Being an indiehacker—which means I've quit the "let's get VC money and work to death" scheme and joined the "let's build a bootstrapped low-maintenance SaaS/infoproduct thing and live the good life" scheme—being that person is hard enough, right?

Or you wouldn't see nearly as many devs trading hours for cash like we (I?) do.

And it's that hard even with all the audience building, marketing automation, and behavior-tracking tools we have free(mium)ly at our disposal.

How then are we supposed to say no to all that, fly blind without any instruments and still turn a profit?

How could I extend my newly-found desire for privacy to my users while at the same time understanding them well enough to build, test, and refine a product into something they want and will pay for? How would I even reach those product-defining users in the first place?

For a long time I felt like that was just impossible or impractical.

I figured that modern marketing had fallen outside an ethical boundary that I was no longer willing to cross.

(I mean, I had trampled all over it in the past, but now I knew it was right there, staring me in the face every time I put my user hat back on, and I couldn't feign ignorance.)

And entrepreneurship without marketing is kind of difficult, so I just decided the whole thing wasn't for me anymore.


Crypto, right? Right!? 😃


I mean, sure, maybe you can start a business based on stuff like:

  • 🎉 Zero-Knowledge Proofs 🎉, or
  • 🎊 Differential Privacy 🎊, or
  • 🤯 Mixnet Routing 🤯

But I can't. I mean, who am I fooling?

I know how to CRUD some stuff, React some JavaScript, and sure, there is that undergrad CS degree I almost finished, but I ain't no Yan Zhu. Not even close.

You know what made me think "hey, there might be a chance to reconcile privacy and indiepreneurship after all"?

This guy:

I send emails to my newsletter in plaintext, and I don't track clicks. All of my content is secured with HTTPS/TLS. I don't use trackers anymore - I recently removed Google Analytics from my site when I realized it didn't really matter to me. My course (detailed later) did not have any form of DRM , and I even shipped the "source code" (markdown files) to my purchasers. In a technically savvy audience, like mine, people notice this sort of thing, and they respect you for it.

"People notice this sort of thing, and they respect you for it."

I couldn't stop nodding while I read through that whole paragraph. When he got to the last sentence I was like "damn right I notice!"

I'm sophisticated. 💅

Now you may be thinking "I know tons of open source developers who have blogs and don't use Google Analytics," and I do too.

Not a lot of them can put that sentence in a blog post titled "How I Made $131,521.20 Self-Publishing a Book About Ruby on Rails" though.

You know who can? Nate Berkopec, that's who.

And where I'm from, a hundred thousand dollars is a damn fine amount of Geld to make on an indie product, let alone without selling a single customer's soul to Surveillance Capitalism™.

Yes, it takes a lot of hard work and becoming a recognized expert in your field (in Nate's case, Rails performance tuning), but he didn't have to get a PhD or twist any prime number's arms to make a living either.

We the web-developing 99% can do it too! 💪

Who "notices this sort of thing"?

Not everyone will care about your surveillance-free TODO list app.

In fact, I can guarantee you almost nobody will.

Not until you make it better than all other TODO list apps and people start using yours despite it being surveillance-free, and not because of it.

Like a Tesla 🏎⚡️

Greenheads were paying through the nose for crappy modded electric Porsches way before Tesla came around. They were in it for electrification.

Most everybody else couldn't care less though. Until…

Until it was just the best car, period. The safest. The coolest. The torque-est. The moral-est. The highest resale value. The best in clap every clap dimension. You'd be a fool to put your money anywhere else.

That's the level of perfection you need to achieve to get people to pay for your privacy-preserving gizmo. Right?

(You know where this is going…)

NO, that's not right! (Too many Rich Hickey talks, sorry.)

Strength in numbers (even small ones)

Let's rewind a little and look at the relevant parts. Here's Nate again:

In a technically savvy audience , like mine, people notice this sort of thing, and they respect you for it.

And me, after watching Who Killed the Electric Car (2006):

Greenheads were paying through the nose for crappy modded electric Porsches way before Tesla came around.

So yeah, getting to "despite privacy" as in "despite electric" is going to take orders of magnitude more brains, effort, capital, and luck, if it's at all possible.

That's what you need if you want to create a mass-market household-name zotta-rich success that you can run to the bank with.

But that's not what we're after, right? We're the scrappy, side business, secondary-hopefully-one-day-primary income stream, put-the-kids-through-college kind of entrepreneur.

In fact, if you ask me, I'd be happy to just make a living improving people's privacy instead of making it worse; time-revenue coupling or not. That's how much I'm into it.

I'm the kind of person who's put their foot down and said "screw it, my next smartphone will be a Purism, no matter how long I have to save to afford it!"

The "because privacy" kind. We exist, we advocate, we find each other online and make friends.

And, more to the point, we sometimes pay through the nose for crappier experiences on all other fronts because of that one dimension we find so important.

Right back at you ♻️

So yeah, I set you up with the whole "if I know nothing about my users" thing.

Indeed, you do have little chance building stuff for people other than yourself.

Thankfully, you don't have to.

The "privacy-discerning developer" is a community big enough to sustain more than a few small businesses at this point.

And by being a part of it, we have front-row insight into what we need and will pay for.

So you can scratch your itch and eat it too!

Chances are you're still going to fail multiple times, but no amount of user surveillance would save you from that anyway.

You can't hillclimb a turd. 🚫🧗💩

On the other hand, by committing to, identifying with, and making a big fuss about not surveilling users (while it still seems oddly generous and not just the mandatory minimum) you'll probably gain you users you wouldn't have gotten otherwise.

Those are the kinds of products I want to use, promote, and build.

Notes & Links

(Click away, in this house, we don't track links.)

Say hi!

As you might've noticed, I have no idea if you opened this email or not.

No tracking, right? 😇

So if you want to willingly make me happy, please reply and tell me you saw it and maybe stuff like what you liked and what you want to hear about next. Thanks!


Discussion (3)

educated profile image

Eagerly awaiting your IPFS/Gatsby tutorial. Your quality of writing is terrific.

How do you feel about basing webpages on javascript? Most is non-Free and to view many pages these days requires enabling javascript in the browser, which opens up security and anonymity issues.

Check out instead of Purism and for Free hardware.

agentofuser profile image
Helder S Ribeiro Author

Wow, that's great to hear :) Glad you liked it!

Yeah I actually asked Gatsby devs early on if they'd have a nojs output option but they said it wasn't in their plans.

The good thing is that Gatsby compiles your website into static html though, so the website is perfectly usable with javascript turned off.

When it's on, it allows faster navigation as the screen changes are done client-side, and it also enables offline access via service workers, which I think is a great thing.

I'm not aware of non-free javascript shipped with Gatsby sites, is that something you've observed?

When you absolutely don't want to have javascript, the static site generator Eleventy ( seems to be popular.

Thank you for the pointers to replicant and minifree. Is there a comparison to Purism I can read? Do you have reservations with their products? I'd like to learn more.

Oh, as for the next tutorial, I've been a bit busy with client work lately, but I've put together a hacky Gatsby starter based on Interplanetary Gatsby, along with instructions on how to run it on CodeSandbox and deploy to Pinata. No need to install anything! It's here:

Again, thank you for the kind feedback, it is very motivating :)

maveninventing profile image
Maven Inventing

Here's a Brazilian privacytech