Friday, December 2, 2011

How to preserve privacy in the cloud

I thought I might ask you guys for some input on how we should formulate our rules of engagement, privacy policy, terms of use, whatever you want to call it, when it comes to our cloud services. And in order to do so we first need to know exactly what data might be shared between you, the user, and our servers.

I think that any user should always be presented with the ability to keep his or her data private, as much as that is possible when it comes to putting data on the Internet. That's why, for example, our cloud services are not essential to your music experience. The services are there if you want them, but you should never need them.

But if you start to utilize our cloud services you will have to send us some of your data. So what data will we get?


Every Song You Listen To
First of all there's the ability to send us what songs you are listening to. We do this because then we can send that data to Facebook (when they open their new API from closed beta) and Last.fm (when the OmniAuth gem works).

To begin with this feature is disabled by default. But when you enable it (when you send data to us) we will send out data to other services you might have connected by default. We think that this is a fair balance. It makes it easy for the average user (they only have to enable it in a single place) while at the same time enabled the more savvy users to keep control over where their data is sent.

We also think it would be cool to build some nice graphs for you guys so you can see which artists you listen to the most or which genres you ditched last year. Kind of like Last.fm but directly inside the music player.

Listening patterns are also a vital part of information for our Project Mind Reader, so its algorithms can determine which song you would most likely want to hear.

Every Song You Share With Others
When you share a song in Stoffi it is sent to our servers where they send it out to any of your connected services, such as Twitter or Facebook.

Again, this is information that our mind reader would benefit greatly from. Songs that you share are naturally more likely to be candidates to songs you want to hear.

The Devices You Are Using
I wanted to add the ability for you to track the devices you are using Stoffi on. For example when you want to remotely control something you are presented with a group where your work laptop is, and a group where your desktop at home as well as your personal laptop is. Because even though you actually remotely control profiles, it is always nice to know which device belongs to which profile.

This way you can also monitor how different devices interact with your account. If an unknown device is connected to your account you can track it down, see which application its running (Stoffi Remote? Stoffi Music Player? Some other app that some guy in Korea made?), where it's located and when the access occurred.

But of course, if you know this then we know this. We will in effect be able to track your devices and determine their location, just as you can. We could encrypt the sensitive information (such as the IP address) but then that information might help if your account is compromised and you need us to restore it.

Again, this will only happen if you connect Stoffi to our cloud services, which is totally optional. But I would still like to get some thoughts from you guys.

The Ability To Change Your Mind
A pretty big thing to point out here is that I plan to provide the ability to completely wipe your data of our servers. Either by just removing your account, or by removing certain kinds of data (just like when you clear cache in your browser).

I believe that the combination of having all data sharing off by default and providing the ability to completely remove any data associated with your from our servers will be big steps toward building some trust. Trust, which we need if we are to ask you to give us your personal information.