We believe privacy is a fundamental ingredient for us to inquire and take action. Aren't these around which all of our pursuits revolve?
Tell us how you don't want your privacy violated and we won't violate it.
What informed consent means
When you’re confronted with accept terms to proceed theatre, if you proceed legally it means you’ve provided “consent”. It’s obviously absurd, but legal.
Informed consent means you the person know the consequences of your action of sharing information with a service provider like us or one of the apps you use, or the apps we use.
This is our attempt at seeking your informed consent.
Your privacy before you share anything with us
It’s tragic. Climate change inaction level tragic. The state of online privacy today is like that of the California Gold Rush. If you think the effects of that kind of fervour went without harm we invite you to do a bit more research.
So what’s the problem? The so-called “business model” of the internet is broken. Cookies 🍪 on the world wide web were originally intended to give you a sense of continuity as you went from one web page to the next on one website. This was particularly important in case you needed to preserve the ‘login state’ as you went from one private page to the next. To this day, these are still the good kind of cookies that your browser tends to gobble up.
By the time the 90s were done business interests were alive to the possibility of the incredibly rich tracking potential the then nascent world wide web was going to provide. This hasn’t stopped. Indeed data harvesting and brokering is the dominant business model of the web. The rise of bad cookies ⛔.
Online tracking cookies and exotic related tech literally snoop over your shoulder as you browse the web, use your phone or generally go about your day. They’re practically invisible. They’re like the physical fingerprints you leave all over the place, except they’re permanent. They call home to whoever commissioned them with tidbits of interesting things you might be doing online.
In other words, there's a good chance some trackers on your browser know you've been here.
Progressive browsers like Brave, or any of the others that allow you to install the Electronic Frontier Foundation’s Privacy Badger along with an Ad Block extension can limit this infringement of your privacy. Unfortunately you’d have to go to extraordinary lengths and inconvenience to eliminate this hassle altogether. And by the time so-called state actors get involved, there's simply no guarantee to privacy. Period.
Thankfully the function of the internet and the world wide web as you well know is about much more than the business interests of data harvesting.
Before you consider sharing something with us
There’s one critical element to know about when you share information with us or anyone else online. It has to do with the “cloud” and how computer servers behave, and how that interacts with your privacy.
The network of computers known as the internet is built on what’s referred to as peerage. There is no dominant or subordinate ‘computer’ so to speak. By design, it’s a network of peers. In practice, it’s a totally different story. The takeaway? The modern landscape consists of one type of computer on the network called “a server” and another type of computer called “a client”. There is a hierarchy you should be aware of.
When you go to a website the truth is actually the reverse. When you “go” to a website, “the client” your computer, phone or browser makes a request to another computer on the network “the server”. Through the unbelievable beauty of the internet and web protocols that website or web application you requested is sent to “the client” in little pieces and is literally reconstituted to perfection on the client side.
A number of things happen that’s interesting but the key one for your privacy is that the server keeps a log of what it did and to who. This is not inherently a bad thing. You want servers to keep logs so administrators can debug things, maintain the health of, and improve, whatever service is being requested. The flip-side to the server logs is the power imbalance that’s handed to the owners of the servers. And what’s that? It’s their ability to make inferences about your behaviour in relation to their service and the data you entrust to them.
Here’s a trivial example. Facebook’s Instagram or snappy-chatty or whatever else you think is in vogue, knows who your teenager might have a crush 💓 on before the admirer and the admired know about it themselves. How? If we're sticking with Instagram, Facebook has the logs of the incessant checking of profile pictures and other bits of information the admired “shares” that your child admirer can’t get enough of. Every server can do this, and the ones pumped with capital (venture or otherwise) do a terrific job of aiding inference making for the service provider. This is the big data and machine learning you often hear about.
We hope it is clear to you the context in which the information you consider sharing with us exists in.
How we understand concerns about your privacy
In case you’ve missed the obvious point, this is by design. The legalese is typically battle armour that’s virtually always skewed in the favour of the application provider or vendor.
The framework we use to make sense of this now scary word called “privacy” posits three important ingredients that taken together give you privacy.
Secrecy, anonymity and autonomy.
It’s the bar by which we gauge whether or not a web-application or service provider like us is privacy respecting.
What’s secrecy? When you share some information with us, who else knows about it?
What’s anonymity? When you share some information with us, does it guarantee the identity and other identifying characteristics of the individual who’s doing the sharing isn’t disclosed?
Another way of putting it is how well are you protected from disclosing something you didn’t want to?
This is not to say that anonymity means inauthentic. There are plenty of ways to validate the authenticity of a source without disclosing their 'identity'.
Often this is understood as the who, but it could also be any metadata that might be leaking, for example who you made your WhatsApp call to last night and at what time. If Facebook knows this metadata, your WhatsApp conversation might be secret but it isn’t anonymous.
What’s autonomy? In the context of privacy, can you continue to operate unfettered or freely knowing that you have shared something with someone? Are you “locked-in”? Do you feel the need to self-censor because someone is watching?
Privacy advocates point to this aspect of our privacy situation as being the greatest risk to democratic function in our societies. In the context of your work, it could mean that you’re stuck with one application provider because it is near impossible to move to another. In essence, your data might not be portable, and hence you end up in a situation lacking autonomy related to your data.
When all three ingredients are available to you in a human service or a technology that you’ve decided to adopt, your privacy is pretty much guaranteed.
Our privacy practices are inspired by and aspire to meeting this conception of the word.
Unfortunately, our computing environments today are generally designed to leak privacy. Staying on top of this and plugging perceived privacy holes is a futile game of whack-a-mole that is best left to the unbelievably good human beings who are experts in this domain of knowledge.
Fun fact, keeping up to date software is one of the good ways to benefit from the efforts of information security experts.
Our model of respecting your privacy
We use a clear ⚪, blue 🔵 and red 🔴 relative scale to rank ourselves and our service providers on the issue of privacy. These measures are not absolute. Think of these indicators are clear-ish, blue-ish and red-ish.
When we have all three ingredients, secrecy, anonymity and autonomy, we give our service providers and ourselves a clear circle rating ⚪. Virtually impossible in today’s computing environments.
A blue dot 🔵 is earned with two ingredients. The sad part is that this blue zone spans miles and miles. This is the infamous grey area.
If our service providers give us confidence of only one ingredient or less, they get a privacy red alert rating from us 🔴. Not good.
We are committed to moving away from the red zone 🔴 and into the clear zone ⚪ wherever possible.
When we work together we will introduce you to our practices and applications. Our collaboration will result in upgrades of better privacy and security practices that in all likelihood will go both ways. We wholeheartedly look forward to learning with you and imparting what we know.
Your privacy after you share something with us
We are committed to keeping the data you entrust to us in a way that ensures its secrecy, preserves your autonomy and where possible, we will opt for anonymity.
The data that you entrust is never going to be sold by us.
We will not knowingly and surreptitiously collect data from you for which we have no need. We are committed about being transparent with you about any data collection we do about you and your team. You can talk to us about it at any time.
To carry out our mission we unfortunately must use technology that is not privacy respecting.
We’re sad about this fact, but we’re also hopeful.
Information about you is generally going to live somewhere in our technology stack. We want to provide you with a list of our core tools, which we lovingly refer to as our Frankenstack 👹. We'll tell you how we use it so you have a good sense of where your data might end up when you share something with us.
We will also use the most prudent security settings and practices available to us in our stack to safeguard your information. And we will be happy to talk about it with you.
We are technology agnostic. If a better tool emerges in the future that can replace one in our stack that upholds our understanding of privacy, yep, we're committed to jumping onto it. It's obviously not going to be a switch that we can toggle. We'll wind down one as we ramp up the other, as you would expect.
Information about you also lives somewhere in your own technology stack which we will interact with.
We will follow any guidelines you provide for how you want us to handle your data, at rest, for instance how you might want information saved on our computers, or online somewhere, perhaps encrypted, perhaps not.
You may want information we share in transit handled in a particular way. For example, you may prefer emails with links to resources sent to you in the clear, or encrypted. No problem.
For a good reason, you may share sensitive information like passwords with us and require us to purge any copies we have at the conclusion of our engagement. We would do that ourselves, even before you ask. We consider it prudent risk management.
We are committed to keeping this list of our core tools as up to date as possible. The last modified date on the top of this page is a small indicator to you from us. We’re human, like you, so please calibrate perfection expectations accordingly.
Work in progress 🚧
We're going to rethink the layout of this section in the future so it's easier for you to parse mentally.
We are also working on listing the core tools we use and how that might interact with your data. It is not a never-ending list, thankfully, but expect changes and please visit this page again for new updates.
We'll inform you of major changes if you're subscribed to our newsletter.
Knowledge management and planning. We wish all software had this kind of integrity.
That’s the primary computer operating system we use to do our work on a desktop.
It makes privacy so much easier. If we need to encrypt something before we store it in Google Drive and things like that, but mostly for not having to deal with "settings fatigue" around privacy.
Obviously it's not watertight. That's a combination of our habits and tech. We're always working on our habits, because 'habits' and we're pleased with this technology.
Thank you Canonical and you, the incredibly giving community that helps maintain and advance free and open source software like this.
Depending on your orientation this may make you laugh or it may make your cry. Our 2013 mobile device still sings with the privacy comforts of the AOSP keyboard, complete with Material Design themes and the latest Android security patches.
Better believe the power of free and open-source.
It’s our text editor of choice. This document was drafted there.
Our password manager of choice.
The free and open source version of Google Chrome. Our setup is optimized for better privacy, but we’re signed into our Google accounts.
The proprietary version of Chromium. Near identical Chromium setup.
Front’s Meetingbird makes scheduling meetings a breeze.
We're not fans of Apple's constant device "end of life". Our 2018 device will basically stop receiving software and security updates soon, depending on when you're reading this.
It leaves us, and our planet, with a bad taste.
But the privacy settings relative to an off the shelf Android device is welcome.
G Suite Enterprise Edition
Google’s G Suite powers our email, website and is our primary but not the only office productivity suite we employ.
We’re ambivalent about our rating and we’ll tell you why.
The Enterprise Edition of G Suite gives us access to very detailed and rich logs about who accessed what information and when. Kind of like the server logs but Google turned that into a product that generalists can operate.
We think this is of value to the safety of your data when you entrust it to us. For one it’ll make an auditors job a lot easier if something goes awry.
Google obviously has an army of engineers working on security. Their 2FA (second factor authentication) tools, for example, are super easy to use and provide us with the assurances we need about who else might have access to your information residing on their servers that we access.
Google deserves a privacy red alert rating from all of us, obviously. But it is an enabler for the social good work we intend to do.
That’s the nuance about this topic that’s difficult to grapple with, and that’s why this fight for better privacy protections is about our coordinated action against the system. It can't be done alone.
The Rocket Science Group’s Mailchimp is the email marketing software we’ve opted to use. We are paid subscribers. Mailchimp unfortunately is openly in the data hawking business.
We’re using Mailchimp because it’s easy to spin up and we want to know if our newsletter emails to you are hitting the mark.
We hope to earn the privilege of having your opt-in to our newsletters. We're being pragmatic. We're feeling okay about the trade-off between your privacy and the value we intend to share with you that's relevant to your line of work. We think it'll help us develop a better relationship with you. And we will do it with care.
If you feel conflicted about this, us generally being able to know whether you received, read or took action from one of our email campaigns and what Mailchimp might do with your information, we’d like to know.
Of course you can always unsubscribe, but there's a good chance you didn't find the time to read our privacy commitment to you despite our efforts to put this page in front of you.
Please send us an email when it’s convenient to firstname.lastname@example.org and we’ll try and figure out a better way. We are working on a way for you to send us a completely private message using PGP. Stay tuned for that.
Atlassian's Trello powers our project management and CRM capabilities for the time being.
We're subscribed to the Business Class edition, and their privacy page is an awesome example of a snoozer 😴.
Why does a task manager require advertising partners? Why indeed.
You should know that Trello along with half of the internet keeps the data that's entrusted to them with Amazon.
We use Microsoft’s LinkedIn property to post updates on our company page and to connect with you.
We run Windows in virtual machines to test applications and do other things that the Windows operating systems are good at.
Unfortunately Windows 10 is like Chrome OS on the privacy front.
This list isn't complete yet. Thanks for understanding.
Here’s how we’re not going to take action
We are upset about the state of your privacy and ours. Each one of the following options does a disservice to the social good goals "we", which includes you and us, are working towards.
- Acting as if "we have nothing to hide" is an acceptable answer
- Becoming demotivated and debilitated so as not to take any action
- Ditching practicality and taking the high road
- Waiting for regulators to wake up
This is informed consent
If you got this far, congratulations. Give yourself a gold star ⭐. In fact, we’d love to mail a physical one to you. Not real gold, but a real token of our appreciation.
By now we hope you can tell we’re not into accept terms to proceed theatre that you’re all too familiar with. That’s not our thing.
If our competitors can match this, then yes your data privacy will be in good hands, for sure. We'd still call them competitors because competing to get to the social good you’re after more quickly is still up for grabs. We hope that’s okay.
If our competitors can’t match this after you’ve asked them, they’re going to need to level up their proposition to you. And hopefully you opt to work with us to get you to the finish line on the next increment of your mission.
This is our statement about how much we care about your privacy and what we’re doing about it.
Our strategy for dealing with the sorry state of 'privacy' can be boiled down to this: We bring privacy respecting applications and practices to the party everywhere we can.
Want updates through our Social Profit Innovators mailing list?
Mission increment that needs to get off the ground?