[csallen]

>> I guarantee that 37signals would not sanction such a ridiculous statement. Most SaaS companies wouldn't touch such claims with a 40' pole. The industry lives and breathes on the feeling that the data is confidential. We're currently looking at some hosted helpdesk ticket solutions, and I can tell you that if there was even the slightest hint that the vendors casually browsed our data we would rethink the whole adventure.

This encapsulates exactly why I think your position is naive. You're confusing reality with what-companies-say-to-make-money. It's as if you're completely unaware of the concept of marketing. You seem to be in a position to make purchasing decisions for your company, so let me explain: marketing is a tool used to make money. Again: MARKETING IS A TOOL USED TO MAKE MONEY.

37signals knows that people want to feel like their data is confidential. So they plaster pictures of locks and words like "safe", "secure", "24-hour surveillance", and "biometric locks" on their signup page. This is called marketing. It creates a feeling -- and nothing more -- so that people like you will click "Buy". It's like the airline commercials that depict flights as being comfortable and quiet. It's like oil company commercials that talk about how great it is to be green. It's like McDonald's commercials that show thin and healthy people eating Big Macs. It's smoke and mirrors, and you're falling for it.

The reality is that you have a choice: belong to the 99% who simply want to buy into a "feeling", or belong to the 1% who read the privacy policy and ask questions.

But if you're going to choose to be in the 99%, then do us all a favor and stop complaining about it.

[huggyface]

With all due respect, both of your responses have been completely obnoxious. You seem to be taking some unmerited grizzled vet position that might sell to children, but here it reads like a junior developer talking tough.

See, we actually sell software as a service. Data security for our clients isn't marketing, it is the absolutely lifeblood of the company (just as it is a critical principal for this industry). 37signals knows that it was a foolish oversight to casually comment on content trawling, which is a good sign. Your ridiculous arguments in their favor do no one any good.

[csallen]

If you take issue with someone's argument, it's customary to point out the specific flaws and explain why you disagree. Simply slinging ad hominems and calling the argument ridiculous doesn't cut it. An example of how to respond:

>> See, we actually sell software as a service.

Great, I sell software as a service too. This is an irrelevant fact that doesn't make you or I any more or less correct.

>> Data security for our clients isn't marketing, it is the absolutely lifeblood of the company

"Data security" is a vague term that has as many different definitions as there are people to talk about it. Your mistake is in assuming that your definition (in which seeing a file name in a log is unethical behavior and/or a security breach) is the one and only correct definition. Many many web developers disagree with your definition.

Secondly, security is marketing. You yourself have said, and I quote: "Even if you do casually trawl the data of your users, for the love of all things unholy don't talk about it." So not only do you recognize the importance of data security itself, but you recognize that even the appearance of data security (or lack thereof) can affect a company's bottom-line. From there, it should be easy to understand how companies use the appearance of security as a marketing technique.

>> 37signals knows that it was a foolish oversight to casually comment on content trawling

It seems to me that they've repeatedly defended their decision on both their blog and in this thread, and haven't removed the reference from their post. You're on your own, here.