Your users care less about privacy than you think

Content warning: This post is full of heresy.

The indie software community is marching off in the wrong direction about privacy.

On forum posts discussing analytics tools, the discussion invariably turns to privacy. One of two things happens, and the result is the same:

  • Someone asks for tool recommendations, while expressing a preference for privacy
  • Someone asks for tool recommendations, with no other opinions given, but commenters immediately reply recommending privacy-centric tools from small shops.

I think this is one of the biggest misconceptions when it comes to analytics on forums like Indie Hackers. That community loves privacy, which is great. But members of the community, who are business owners, also project personal preferences on to their users and on to consumers in general, which is a logical fallacy.

Your privacy preferences are not those of your users.

My day job, in which I see the opt-in rates for 100 million users, has convinced me of this. I am not at liberty to disclose precise numbers, but they are beyond sufficient to convince me in a personal capacity that most consumer bases are less concerned than you are.

You still have privacy obligations.

If I’m giving advice to aspiring entrepreneurs, I steadfastly maintain that you do have to comply with privacy regulations that apply where your customers are. The most famous is the European Union’s GDPR. California’s CCPA shows that more are on the horizon, and that this is a tide that can’t be turned back.

If I’m giving advice in my day job, I also steadfastly maintain that customer privacy cannot be compromised. We have tight controls on what information can go where, and who can access what. The reasons are various: regulatory compliance, security, keeping within vendors’ Terms of Service, and fuzzier ones like PR/image.

However, none of the above prevents me from counting a unique user by way of a cookie. But there are privacy-centric analytics tools out there that prevent that, by removing cookies from their design. I think it’s a step too far to be deprived of such a simple metric.

Privacy is a sliding scale, not a binary.

Analytics tools are not either inherently “private” or “not private.”

Analytics tools sit on a sliding scale of “more private” to “less private.”

How private is “insufficiently private”? Well, that’s up to your individual opinion.

Personally, I think tools that track user activity semi-anonymously (including Google Analytics, Adobe, and similar cookie-based systems) are fine.

I individually draw the line at:

  • User session recording without permission (because that tends to “feel creepy” to users)
  • DMP solutions, mainly used in the adtech world, which collect large amounts of traits about you expressly for commercial purposes.
  • Cat-and-mouse games of vendors trying to avoid privacy innovations. Apple’s Intelligent Tracking Prevention is a valid pro-privacy initiative that it sells to customers as a feature of Safari (and therefore, a feature of iOS and macOS). Meanwhile, large vendors like Adobe continue to work around new measures, resulting in a never-ending battle.

The company that gathers no data will be beat by the one that gathers some.

If you and I launch competing products, and you refuse to use analytics while I embrace them, I assure you that I will crush you in competition.

It’s certainly possible to gather too much data about customers. But it’s much more dangerous to your business not to gather enough.