Sorry, but that is just a huge blunder. I can see from your comment that you think it's no big deal, but I read that item and immediately blacklisted 37Signals as a vendor that looks at customer files.
Your explanation makes it worse, not better; you shouldn't even be looking at filenames.
While it was stupid of them to publish this, you do realize that engineers working on cloud storage services have access to user data, don't you? However restricted it is, there are always people who have to debug this last mile and look at things, including actual user data, if something is not working on the live site.
Yes, I realize that. In my opinion, there's no qualitative difference between employees of AWS peeking into my data or employees that I hired peeking into my data. It's about trust in the end.
Anyone who has set up company email knows this. A lot of people think that having an in-house team manage a dedicated, on-premises mail server is somehow "better" or "more secure" than hiring Google or Microsoft or Ma&Pa Exchange Hosting to do it. Those people either: (1) have a reason to trust their employees that they don't have when it comes to Google/Microsoft/Ma&Pa, or (2) are living in a fantasy of their own delusions.
You should of emailed the user that their picture was #100'000'000 and if they would give you permission to look at the picture to feature in their blog post. That would of been the ethical way to do it.
Terribly bad judgment to post that. Like apparently numerous others, that bit caught my eye and made me pause and reflect on the downside of SaaS.
Even looking at the filename seems pretty suspect, as an aside. What if the filename was BankruptcyPreparation.docx, or TerminationOfBobDobbs.pdf, etc? The metadata about a file should be confidential as well.
As DHH commented on the post: The file name was only shared because it was funny and not identifiable with anything, and just seen passing through the logs. We do not look at people’s files and we do not share any personal information of any kind.
Had it been BankruptcyPreparation.docx, or any other sensitive file name I would never have shared it. Going forward I won't be sharing dog.gif either.
You're going to get flack for this because you've revealed a very small PR hole in an otherwise great company with great products.
I'll continue to use your products. Even if you were to post BankruptcyPreparation.docx. Here's why: You're not a bunch of fucking idiots.
If 37signals was a mish-mash of security issues and red flags, ya, I might be a bit pissed to see BankruptcyPreparation.docx mentioned.
Some of us would love to hear that 37signals fucked up large and did something imperfect. Not because of narcissism or blind hate, but just because it makes their success digestible, makes them human.
I won't comment on whether or not it was wise of them to post that information, except to say that plenty of other services have posted much more revealing data without backlash of any kind.
What I will question, however, is the assertion that looking at user filenames is suspect. That's easily fair game, and to claim otherwise is as ridiculous as claiming your dentist has no right to see your dental records, or your bank shouldn't know how much money is in your account.
If you're that protective of your data, then it's up to you make wiser decisions. For starters, don't name your files SuperSecretPrivateInfo.doc and then give them to other people to store. Take a look at their extremely readable privacy policy. Send them an email with questions. If you care so much, take action and stop blaming other people for your own laziness.
"to claim otherwise is as ridiculous as claiming your dentist has no right to see your dental records, or your bank shouldn't know how much money is in your account."
The issue is not that they looked at things, the issue is that they chose to tell the world about it.
Are you serious? They merely stated that one of their MILLIONS of customers uploaded a picture of a cat. There was zero identifying information there. How can you call that an issue?
Really: What is it here that makes you so upset? Would you be concerned if your dentist told you, "I filled a cavity last year"?
I am not upset at all; I merely point out that, IMO, they should not have disclosed any of their client's data, no matter how small.
IMO, there is customer data on their servers that they should not disclose without the consent of their customer. If so, the moment you allow a service provider to expose some information without such consent, you are accepting the fact that there are is a border (no matter how vaguely defined) between 'OK to disclose' and 'not OK to disclose' data, and that it is up to the service provider to decide where that border lies.
Because of that, I think a provider should not disclose any information about their clients, no matter how tiny, even if the information cannot be traced to any particular user, unless their terms of service clearly state what they will disclose (or sell to third parties)
Plenty of other services have shown indiscretion about their client's data. That doesn't validate this case, especially considering that many of us look to 37signals as essentially the poster boy of leading behaviors.
We expect more from them.
I am not trying to be argumentative but want to respond to a point you made as I think it is critically important for many HNers running or aspiring to run SaaS solutions-
"If you're that protective of your data, then it's up to you make wiser decisions. For starters, don't name your files SuperSecretPrivateInfo.doc and then give them to other people to store."
For real? I guarantee that 37signals would not sanction such a ridiculous statement. Most SaaS companies wouldn't touch such claims with a 40' pole.
The industry lives and breathes on the feeling that the data is confidential. We're currently looking at some hosted helpdesk ticket solutions, and I can tell you that if there was even the slightest hint that the vendors casually browsed our data we would rethink the whole adventure.
It tells us that they looked at customer data, and that's a really, really big deal to people who are doing serious business that involves private information that is: (1) regulated by government, and/or (2) has significant commercial value.
You can waive your arms and talk yourself blue in the face about your security protocols, but in the end it all comes down to trust. This kind of slip-up erodes that trust.
>> I guarantee that 37signals would not sanction such a ridiculous statement. Most SaaS companies wouldn't touch such claims with a 40' pole.
The industry lives and breathes on the feeling that the data is confidential. We're currently looking at some hosted helpdesk ticket solutions, and I can tell you that if there was even the slightest hint that the vendors casually browsed our data we would rethink the whole adventure.
This encapsulates exactly why I think your position is naive. You're confusing reality with what-companies-say-to-make-money. It's as if you're completely unaware of the concept of marketing. You seem to be in a position to make purchasing decisions for your company, so let me explain: marketing is a tool used to make money. Again: MARKETING IS A TOOL USED TO MAKE MONEY.
37signals knows that people want to feel like their data is confidential. So they plaster pictures of locks and words like "safe", "secure", "24-hour surveillance", and "biometric locks" on their signup page. This is called marketing. It creates a feeling -- and nothing more -- so that people like you will click "Buy". It's like the airline commercials that depict flights as being comfortable and quiet. It's like oil company commercials that talk about how great it is to be green. It's like McDonald's commercials that show thin and healthy people eating Big Macs. It's smoke and mirrors, and you're falling for it.
The reality is that you have a choice: belong to the 99% who simply want to buy into a "feeling", or belong to the 1% who read the privacy policy and ask questions.
But if you're going to choose to be in the 99%, then do us all a favor and stop complaining about it.
With all due respect, both of your responses have been completely obnoxious. You seem to be taking some unmerited grizzled vet position that might sell to children, but here it reads like a junior developer talking tough.
See, we actually sell software as a service. Data security
for our clients isn't marketing, it is the absolutely lifeblood of the company (just as it is a critical principal for this industry). 37signals knows that it was a foolish oversight to casually comment on content trawling, which is a good sign. Your ridiculous arguments in their favor do no one any good.