[walkon]

> It tells us that they looked at customer data

Have you ever supported a product that has external users? Eventually have to see their data in some way, shape, or form. Whether it be a username, email address, ip address, user-agent strings, filenames, etc; there are times when troubleshooting, verifying functionality, validating report data, etc where you will have to look at at least some subset of actual customer data somewhere. It is simply unrealistic to think otherwise.

How would you go about providing customer support or auditing without looking at the customer data required to complete such tasks?

(edited to add quote)

[sunchild]

And announcing the content of the one millionth file upload is serving the customer how?

[huggyface]

>Have you ever supported a product that has external users?

And if an apartment dweller had a plumbing leak, the landlord would enter their apartment and fix the leak. They would access on a need basis. They wouldn't do casual sneak and peeks and then post analysis on the entry door that seven residents have bongs in their living rooms.

Seriously, though, mechanisms to deal with exception situations, such as customer support, has nothing to do with "looking because it made for a fun blog post".

I only engage in this conversation because this is important for many HNers -- spin all the justifications you want, or blame users (a good attitude that guarantees business failure), however this was a serious blunder that other businesses should look to avoid.

Even if you do casually trawl the data of your users, for the love of all things unholy don't talk about it.