I'm currently working on adding a groups feature to Intention so that people can share their browsing usage with their friends and get some fun accountability ("dawg, did you really spend 4 hours on YouTube yesterday?").

Here's me in a group with one of my best friends, Test User:


This feature requires something that I've intentionally stayed away from: Transmitting user data.

Currently, my extensions Intention and Hide Feed store all user data locally. That means nothing ever leaves my users' computers, with the single exception of their license key for verification purposes if they purchase Hide Feed's Pro plan. No data collection. No analytics. Nothing.

I love this setup. It means that I can sleep soundly at night knowing that everyone's data is safe and my users don't have to worry about their data being sold or being used for nefarious purposes because it doesn't go anywhere. I've enjoyed being able to show this welcome screen whenever someone installs Intention:


With this new groups feature, I'm charting new territory because it requires data to be transmitted (creating accounts, joining a group, sharing your usage data with friend, etc.). When I've built products with backends and data transmission in the past, I did what everyone else did: throw in analytics, track everything, and collect a ton of data I didn't need. This time around, I want to be thoughtful about how I go about doing this. Here are a few questions that I've found helpful for thinking through how to treat user data.

First Gut Check

It starts with a real simple gut check. Say I'm considering sending some piece of information to an analytics service. I ask myself, "Would I feel comfortable telling my users that I'm collecting this information?" If the answer is anything other than "yup, absolutely", then that's pretty much all I need to know.

Let's use Hide Feed as an example. Maybe I think, "Hm, I want to make this extension even better. I should support more sites, but I don't know which ones. What if I anonymously reported all the sites that my users visit to see which ones are the most popular?"

The intention is wholesome; I want to make Hide Feed more useful for my users. But does it pass the gut check? Would I feel comfortable telling my users that I'm basically uploading their entire browsing history? The answer for me is a resounding no; something clearly isn't right there.

But imagine if my internal barometer were different and I thought, "Yeah, that's totally okay. Their data is uploaded anonymously! They have nothing to worry about!" That's where the next gut check comes in.

Second Gut Check

For the second gut check, I'd ask myself the question, "Would my users feel comfortable with me collecting this information?" It's similar to the first gut check, but there's a meaningful difference: this one is more about what my users think is happening rather than what is actually happening. In the example above, I may be fully convinced that uploading browsing usage anonymously solves the privacy pickle and that users should feel comfortable with what I'm doing.

But if I ask myself whether people would feel comfortable with it, the answer is... err, yeah, probably not. And that's a good enough reason to not do it. Would I be respecting people's privacy if I collected information that they'd feel uneasy sharing? I don't think so.

This is the gut check that tools like FullStory fail. For those not familiar, FullStory is a piece of tracking software allows website owners to see your session with an extremely high level of fidelity. Imagine someone standing behind you with a camera pointed at your screen. When you visit a website, they hit record and don't stop until you've left the site. The resulting video is basically what FullStory provides to their customers. I know this because I tried it last year on one of my sites — it was terrifying and eye-opening to see how I could observe every single mouse movement, click, keystroke, scroll, and all other interactions my users made.

Most people justify these sorts of tools by saying that they're just trying to make their product better — they're learning more about their users so that they can better serve them. But would their users feel comfortable knowing that their screen is basically being recorded? Definitely not. And that matters, regardless of whether their users should feel that way or not.

The "but it's okay if you're doing it to help your users" justification doesn't hold much weight for me because it means actively going against my users' desires — if I truly cared about them, that should be a showstopper. If I discovered a browser exploit that would allow me to turn on my users' webcams remotely, would I be justified in doing it so that I can observe them use my product and use their eye movements and facial changes to identify parts of the product that could improve the user experience?