[avery42]

I'm not familiar with the story, but this is what I found: https://www.businessinsider.com/aaron-cheung-brings-homejoy-...

> The weird tale begins with an email that John Salzarulo received Tuesday afternoon. A Los Angeles based user, Salzarulo received an email from Cheung that "$20 cleaning is back!" thanks to its local partner.

> "I wanted to reach out personally today to invite you to join a private house cleaning trial with our Los Angeles partner, Fly Maids," Cheung wrote, not disclosing his connection to the company.

> When Salzarulo clicked the email link, the Fly Maids' site logged him into his Homejoy account, which still had his credit card number and notes about where to find the trash can.

I don't know if it's illegal, but I definitely think it's unethical.

[sillysaurusx]

Hmmm.

Thank you for finding that! This opens up a fascinating discussion about ethics.

So, to start from a purely capitalistic viewpoint, it seems like you are free to use your property that you own however you wish, subject to the law. That raises questions like: in this situation, is it legal for the CC numbers to be stored in that way? From the customer’s POV, they authorized HomeJoy to store their CC info, not Fly Maids. But that leads to the question of: those CC numbers are stored somewhere (or the authorization token) and those assets were a part of the sale.

I don’t know. It’s a massive advantage to have your customers in a position of “just click this button to give us money” rather than pestering for CC details.

It’s a little odd, to be sure, but... it seems like unless it’s illegal, it might not be unethical to take advantage of that opportunity. It depends how you feel about capitalism, I suppose. If there was nothing illegal here, which seems perhaps likely, then it seems valid.

From another point of view, it sounds like he was just trying very hard to succeed, and in some sense Fly Maids was the continuation of his previous endeavor. So I sort of understand why it might have felt natural to reach out to the customers you were already doing business with.

But again, all of this has two important assumptions: (a) he legally owned all assets, and (b) used those assets to the letter of the law. If those are mistaken then someone with more experience should definitely call it out.

"When we contacted customers, we didn’t tell them we were Homejoy relaunching because we wanted to gauge reception to our new model without the influence of Homejoy’s brand," Cheung allegedly wrote. "As a result, we scared many customers, who expected the worst had happened to their data. We should have told customers upfront who we were, what we were testing, and used original content."

I dunno. This seems pretty reasonable, honestly. It kind of alarms me that you see this as clearly unethical, because I could see myself making this same mistake, in a different life. If you feel like explaining more of the reasoning regarding the ethics, I’d personally find it interesting to listen.

[mijamo]

Not everything is an asset. You do not legally own the credit card numbers. At most you own the right to use them to fulfill a contract. Just like if I share my screen with an IT support company that does not give them the right to suddenly transfer my screen to an advertising company, except if I have been explicitly told that would happen (and no, terms and conditions are not enough for that, because it is way out of the expected behavior of the contract, just like having terms that make the user pay a billion dollar on each visit would not make it work either).

[sillysaurusx]

If card data isn’t property the way that customer data is, and isn’t transferable during an acquisition, then it’s hard to see how Fly Maid wasn’t in violation of the law here.

It seems like this should be readily answerable: in the event of an aquisition, does the acquirer have the legal right to use the card authorization token from the customers of the acquired startup? Note that Fly Maid did not charge them without their consent; they merely made the option available without them having to enter any CC info.

The reason I’m pressing this is because we’re talking about a YC alum + illegal behavior, which to my knowledge might even be a first.

Hopefully a lawyer might chime in with clarification. If Fly Maid was not authorized to utilize any of HomeJoy customers’ CC info during the course of business, regardless of acquisition, then this seems pretty clear cut.