Enough with the blame game already
I’m getting tired of waking up to headlines of another major data security gap. The whole internet economy is getting tired of it. Big platforms, ISPs, regulators, politicians; everyone agrees that something’s broken and that we need to fix it. Where the discussion stalls is on the details, the responsibilities, and the distributed burden that we’ve all got to share - and of course on who’s at fault.
Too often the group that takes the blame are developers. This is likely because they lack the power or the unified voice to plead their own case and fight back. The irony, of course, is that developers are some of the few actually doing anything about this problem. So let me be clear from the start: all the developers I know share your focus on privacy and security, and they are keenly aware of how a few bad actors are destroying their image, their livelihood, and their profession.
This was the impetus that led to the founding of the Developers Trust Alliance, a developer-initiated project that helps users identify trusted developers and educates developers on how to build better privacy controls into their projects. It is no wonder then that developers are frustrated that while they focus on fixing the problems, the ecosystem around them focuses on circling the wagons and leaving them on the outside with the wolves.
Developers are directly responsible for everything we love about the digital economy. Before Facebook, or Google, or Amazon, developers were crafting software to empower us, entertain us, educate us, improve our businesses, and raise our quality of life. Developers - not ISPs or platforms - are the true source of innovation and entrepreneurship that makes the internet great. They are not faceless corporations or mad scientists, but your friends and neighbors and coworkers. Developers are like you and the average people that you meet on the street every day. They care about what you care about - except then they write software to make what we all care about a little bit better.
Developers have every incentive to behave as good citizens and safeguard user data. Incentives matter. People won’t use apps and services they don’t trust, let alone pay for them. An app that doesn’t get used doesn’t make money. (We like to joke that the term for a developer that doesn’t make money is ‘grad student’).
To the extent that developers ask you to share data with them, it’s almost always to allow them to build something better and more valuable. Developers use shared data to innovate and delight, and to improve their ability to do those over and over again. Developers get rich by creating something users value, not by stealing your data for some nefarious purpose.
It is both unhelpful and unfair when developers get singled out as villains in any data security gap. While developers are free to ask users to share data with them directly, the recent issues have often arisen from platforms that accidentally made available user data they themselves held - via developer tools they themselves provided! While no user data was actually accessed, and developers respected the rules, developers were still mentioned as if they’re the problem. The result is that real people, real businesses, and real futures are being impacted because platforms were lax in how they built the tools they encouraged developers to use.
What our industry needs is a system-wide focus on solving the very real privacy problem. It’s not enough to talk about principles - though that is valuable. What we need now are both goals and action. There are plenty of simple things that can be done today to improve security and transparency. There’s no need to wait. What would help is for the biggest players to empower the developer community in this common fight, rather than needlessly shift the blame.