German startup Gigalocal screws privacy, tweets personal information
September 20, 2011 | By Peter Bihr |
A few weeks ago, I tried out Gigalocal. It’s a platform that lets users announce jobs they would like to see done, and how much they’re willing to pay for it. (“Clean my apartment for 20 Euros”-style jobs.) I signed up so a journalist friend of mine could try out the process in a controlled environment, and without having to clean someone else’s apartment. Yet, there was a bit of a problem.
The minute I put up a test job offer for my friend (“I’d like a cold soft drink, now, delivered”), the service tweeted the job. Makes sense, I guess, as it makes it easier to track jobs out and about waiting for jobs. (If the users of said service have smartphones, that is.) But they didn’t keep it to the job description.
Gigalocal tweeted my full address, down to the house number.
That’s right. They didn’t restrict the location info to the neighborhood (close enough to figure out if that job’s a good fit for you), or next subway stop, or street level, or a 500m radius. No, they tweeted the full address.
I canceled my account and mentioned in the cancellation form that I find publicly tweeting addresses quite unacceptable, as I hadn’t been aware before that the company might do that.
Here’s the reply (translation below):
Grundsätzlich kann jeder User seine Daten selbst schützen. Niemand ist gezwungen seinen Wohnort anzugeben. Ein User kann einen Gig überall erstellen, seine aktuelle Position wird vom GPS Modul (Smartphone) oder durch die IP (Website) vorgegeben. Diese Ortung hat man schon wenn man auf Google Maps geht und dem Browser erlaubt den Standort zu erkennen. Jedem User steht es frei wo er seinen Gig erstellt, er kann ihn also gerne 4 Straßen weiter erstellen und sich dort mit dem Gig Erfüller treffen.
Translation: Generally, every user can protect their own data. Nobody is forced to input their home address. A user can submit a gig wherever they like, their current position is read through the GPS module (smart phone) or IP address (website). This triangulation takes place even if you just go to Google Maps and allow the browser to read your location.
Every user is free to set up their gig wherever they like, so they can set it up 4 streets down and meet up with the job fulfiller there.
I was shocked. Shocked at this level of ignorance in building a user service that requires granular privacy. (Home addresses!) Shocked at how the staff didn’t even seem to consider they might have made a grave mistake. And shocked at myself for being even surprised by the two aforementioned failures.
Gigalocal, here’s a hint: You want your “job fulfillers” to know if a job is close enough to make it worth the trip. You don’t want to show the world people’s home and office addresses. And you never, ever want to tweet personal information without asking permission first.
Now go back to the drawing board and don’t come back before you know what you’re doing.