Hacker News new | past | comments | ask | show | jobs | submit login

There are ways to use ads without violating privacy nor breaking the law (remember that this practice is illegal under the GDPR).

Either way, if you must do ad tracking, do so on your homepage. Once the user is logged in and has paid you money for a service there shouldn’t be any ads nor tracking.




> "without violating privacy"

Yes, that's covered by this being a mistake in implementation as I said.

> "there shouldn’t be any ads nor tracking"

Again, based on what exactly? Finding new users that are similar to your existing customers is a completely valid strategy.

Most people in this thread are making wild statements from the typical emotional/outrage driven pile-on when anything happens.


> Finding new users that are similar to your existing customers is a completely valid strategy.

What on earth does “valid” mean here? It’s certainly not acceptable (to me as a customer) if it involves exposing your existing customers to these risks. Those ends can not justify those means.


Valid as in it's a common, reliable and efficient way to gain new customers.

Customers weren't intentionally exposed to that risk nor was it part of a trade-off, it was an implementation mistake for many reasons, something I've repeated 3 times now. What is so complicated to understand here?


Customers were intentionally exposed to the risk, because they intentionally added this third-party code. If they’re not thinking in terms of risk management when they add third-party trackers to their site they do not have an adequate security process. There is a trade-off to security whenever you allow code like that in your product. They can’t just wave it off as a mistake, because it’s a mistake that is very telling about their priorities.


The mistake was allowing code into that specific part of the product.

Under your definition, there can never be mistakes at all; which is impossible.


It’s very simple: if you include un-vettable third-party code in your system, and system also handles sensitive data, you are dealing with a huge risk. You need to make sure that the code is unable to touch the sensitive data. As it turns out, it’s a lot harder than not having untrusted code and sensitive data in the same system in the first place. The direct mistake was probably that the wrong code was included on the wrong page, but if the risks involved had been taken seriously, such a small mistake would not have been able to have such a catastrophic effect.


Based on respect, common sense and the GDPR?

> Finding new users that are similar to your existing customers is a completely valid strategy.

But this can be achieved with tracking in the homepage without embedding trackers in the actual product right next to sensitive data?

> Most people in this thread are making wild statements from the typical emotional/outrage driven pile-on when anything happens.

This doesn't make these statements any less valid though? Most people are indeed outraged that a paid professional product is ratting them out to Facebook which makes total sense as nobody would've expected that.


> "But this can be achieved ... without embedding trackers in the actual product right next to sensitive data?"

Yes, it was an implementation mistake. How many times do I have to repeat that? See, this is the outrage that doesn't even read the actual comment.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: