Hi there, internet friend!
You signed up to hear from me about #PrivacyTech as it relates to webdev and indiehacker stuff, so here I am.
And today I bring you a story of wickedness, revelation, repentance, and hope. My story.
🎵*Lighten up; Cue Funkytown*
You know, way back in the day, when I was doing the startup thing (I was an employee on one that got sold, then "Founder & CEO" of 3 with no cash, no users, no business model, but sure to be the next billionaire, amirite? 😎), tracking users was not something you decided to do.
It was the very air you breathed.
- "Google Analytics?" First line of code. ✔
- "Mixpanel?" Definitely. ✔
- "Behavioral email?" Is there any other kind? ✔
- "Livestreaming the user's screen plus heatmap of every mouse action and keyboard activity?" 😍 Oh my, can I have two please!? ✔✔
Of course nobody would also feel emboldened to "do things that don't scale" like stalking each new user and newsletter subscriber across linkedin and social media as they came in, which is why I didn't add that to the list 🙈
But I mean, what's wrong with a little insight / telemetry / analytics / business intelligence, right?
(Who can even be against intelligence?! 🧠)
Isn't that just some healthy harmless hustlin' 💼?
Gotta be lean and data-driven and have 'em metrics. 📈
"You can't improve what you can't measure," right?
Besides, if you're not spying on your users, your competitor certainly is.
Then that happened. 💩 Oops.
I wish I had a more original origin story or that I could count myself in the ranks of those who knew it all along and finally had their day in "I told you so" court.
As it turns out, the last of my startups ran out of Start-Up Chile money and I just stopped spying on users because I stopped having them.
So no big conversion (the "come to Jesus type", not the "took the bait" kind, you marketer you) moment there on the product-building ethics side.
But my personal internet habits certainly did take a big hit. For one, no more nude-swapping 😩😭 (damn you, Snowden!!)
Plus a lot more self-censorship , adblocking, switching to Tor Browser for health searches, and that nagging feeling of "I'm on someone else's turf now."
Since then it became clear that "data is the new oil" and that corporations, governments, gangs, and petty thieves are all out to drill us dry of it.
I have been lucky so far not to have been the target of laser-targeted phishing, or have a roommate kidnap me to steal my cryptotulips 🌷, or be booted out of Australia because of a tweet. (A childhood friend did.)
But those are all risks we run these days, and sooner or later we're all bound to get unlucky surprises because of one data breach or another.
I mean, being an indiehacker is… wait, that requires a pause:
Being an indiehacker—which means I've quit the "let's get VC money and work to death" scheme and joined the "let's build a bootstrapped low-maintenance SaaS/infoproduct thing and live the good life" scheme—being that person is hard enough, right?
Or you wouldn't see nearly as many devs trading hours for cash like we (I?) do.
And it's that hard even with all the audience building, marketing automation, and behavior-tracking tools we have free(mium)ly at our disposal.
How then are we supposed to say no to all that, fly blind without any instruments and still turn a profit?
How could I extend my newly-found desire for privacy to my users while at the same time understanding them well enough to build, test, and refine a product into something they want and will pay for? How would I even reach those product-defining users in the first place?
For a long time I felt like that was just impossible or impractical.
I figured that modern marketing had fallen outside an ethical boundary that I was no longer willing to cross.
(I mean, I had trampled all over it in the past, but now I knew it was right there, staring me in the face every time I put my user hat back on, and I couldn't feign ignorance.)
And entrepreneurship without marketing is kind of difficult, so I just decided the whole thing wasn't for me anymore.
I mean, sure, maybe you can start a business based on stuff like:
- 🎉 Zero-Knowledge Proofs 🎉, or
- 🎊 Differential Privacy 🎊, or
- 🤯 Mixnet Routing 🤯
But I can't. I mean, who am I fooling?
You know what made me think "hey, there might be a chance to reconcile privacy and indiepreneurship after all"?
I send emails to my newsletter in plaintext, and I don't track clicks. All of my content is secured with HTTPS/TLS. I don't use trackers anymore - I recently removed Google Analytics from my site when I realized it didn't really matter to me. My course (detailed later) did not have any form of DRM , and I even shipped the "source code" (markdown files) to my purchasers. In a technically savvy audience, like mine, people notice this sort of thing, and they respect you for it.
I couldn't stop nodding while I read through that whole paragraph. When he got to the last sentence I was like "damn right I notice!"
I'm sophisticated. 💅
Now you may be thinking "I know tons of open source developers who have blogs and don't use Google Analytics," and I do too.
Not a lot of them can put that sentence in a blog post titled "How I Made $131,521.20 Self-Publishing a Book About Ruby on Rails" though.
You know who can? Nate Berkopec, that's who.
And where I'm from, a hundred thousand dollars is a damn fine amount of Geld to make on an indie product, let alone without selling a single customer's soul to Surveillance Capitalism™.
Yes, it takes a lot of hard work and becoming a recognized expert in your field (in Nate's case, Rails performance tuning), but he didn't have to get a PhD or twist any prime number's arms to make a living either.
We the web-developing 99% can do it too! 💪
Not everyone will care about your surveillance-free TODO list app.
In fact, I can guarantee you almost nobody will.
Not until you make it better than all other TODO list apps and people start using yours despite it being surveillance-free, and not because of it.
Like a Tesla 🏎⚡️
Greenheads were paying through the nose for crappy modded electric Porsches way before Tesla came around. They were in it for electrification.
Most everybody else couldn't care less though. Until…
Until it was just the best car, period. The safest. The coolest. The torque-est. The moral-est. The highest resale value. The best in clap every clap dimension. You'd be a fool to put your money anywhere else.
That's the level of perfection you need to achieve to get people to pay for your privacy-preserving gizmo. Right?
(You know where this is going…)
NO, that's not right! (Too many Rich Hickey talks, sorry.)
Let's rewind a little and look at the relevant parts. Here's Nate again:
In a technically savvy audience , like mine, people notice this sort of thing, and they respect you for it.
And me, after watching Who Killed the Electric Car (2006):
Greenheads were paying through the nose for crappy modded electric Porsches way before Tesla came around.
So yeah, getting to "despite privacy" as in "despite electric" is going to take orders of magnitude more brains, effort, capital, and luck, if it's at all possible.
That's what you need if you want to create a mass-market household-name zotta-rich success that you can run to the bank with.
But that's not what we're after, right? We're the scrappy, side business, secondary-hopefully-one-day-primary income stream, put-the-kids-through-college kind of entrepreneur.
In fact, if you ask me, I'd be happy to just make a living improving people's privacy instead of making it worse; time-revenue coupling or not. That's how much I'm into it.
I'm the kind of person who's put their foot down and said "screw it, my next smartphone will be a Purism, no matter how long I have to save to afford it!"
The "because privacy" kind. We exist, we advocate, we find each other online and make friends.
And, more to the point, we sometimes pay through the nose for crappier experiences on all other fronts because of that one dimension we find so important.
So yeah, I set you up with the whole "if I know nothing about my users" thing.
Indeed, you do have little chance building stuff for people other than yourself.
Thankfully, you don't have to.
The "privacy-discerning developer" is a community big enough to sustain more than a few small businesses at this point.
And by being a part of it, we have front-row insight into what we need and will pay for.
So you can scratch your itch and eat it too!
Chances are you're still going to fail multiple times, but no amount of user surveillance would save you from that anyway.
You can't hillclimb a turd. 🚫🧗💩
On the other hand, by committing to, identifying with, and making a big fuss about not surveilling users (while it still seems oddly generous and not just the mandatory minimum) you'll probably gain you users you wouldn't have gotten otherwise.
Those are the kinds of products I want to use, promote, and build.
(Click away, in this house, we don't track links.)
- Kill the Newsletter is a great free service that gives you a random email so you can follow newsletters by RSS while keeping your privacy: https://www.kill-the-newsletter.com
- This newsletter has its own RSS feed though, so no need ;) https://buttondown.email/agentofuser/rss
- You can also check out the archives and subscribe here: https://buttondown.email/agentofuser
As you might've noticed, I have no idea if you opened this email or not.
No tracking, right? 😇
So if you want to willingly make me happy, please reply and tell me you saw it and maybe stuff like what you liked and what you want to hear about next. Thanks!