It's me. For what it's worth I was involved with Instapaper at betaworks (after Marco sold it to betaworks), and Pinterest sold it back to me. Been 12 years with it now!
Hey there – we started requiring passwords many years ago, but the service originally launched without requiring a password or email address. You can read more about it here: http://blog.instapaper.com/post/2318776738
I'm not sure how requiring a minimum password length of 1 character solves anything. Just tried it out and apparently 'a' is an acceptable password.
The article hammers on accessiblity over security and I think you've taken this too far. A minimum password length of 8 is not a 'strange requirement'.
Password requirements don't really protect the business, they protect the user, and if the user isn't interested in protecting their data, why should the company force them to care?
Yeah, I just don't see the risk here. I don't keep my old magazines in a safe. They go under the coffee table, and then they go outside to the recycling bin.
Hey zulrah, we are working on GDPR and plan to have the service available in the EU as soon as possible. Hope to have you back on Instapaper when we become available in the EU again. Really sorry for the inconvenience.
I don't think you can piss on customers for 2 months and then drop a "sorry for the inconvenience".
And for no good reason.
Just assume the improbable cost of some litigation as a company, like tens of thousands of others (including much bigger and much smaller than yours) did, put up a message to European customers and have them click and proceed as usual to the service.
Or, you know, use the headstart of more than a year before the law was put into practice to get the service in order...
I'm not sure why the above is getting downvoted. Sure, it's a bit salty, but if I were paying for instapaper (which I realise is cheap as chips, but the principle still stands) I don't think I'd be very impressed with being locked out for two months.
Genuine question: as an EU citizen, without the use of a VPN or proxy is it still possible to at least log on to the service to cancel your account?
I never understand why people assume that services that charge money will be more responsive to users' concerns than free services. You are worth the revenue that you generate, whether that money comes from you paying or indirect means like advertising doesn't matter to the company at all.
Not an EU citizen, but I'd think it'd be pretty shady if they cut you off and didn't automatically suspend any subscription charges until they can properly serve you again.
> and didn't automatically suspend any subscription charges
Instapaper is not a subscription-based service. The product is completely free on all platforms today.
I think the app was a one-time purchase at launch but it has been free for many years. All of the Premium features were also made free when Premium was discontinued in 2016 shortly after the Pinterest acquisition.
I could understand the outrage if this was a service you were paying for.
But this is a Free service being provided to you. Why do you believe you have the right to dictate how someone else uses their time when you're not paying for it?
I believe that I have the right to demand that someone else doesn't use their time to burglarize my house, and if they and other companies have made a side business of burglarizing peoples houses, I think it's entirely resonable to demand that they and any similar company spend time proving that they aren't planning to continue.
(And yes, I realize the houses in this metaphor rarely have doors in their doorways, much less locks, so it's techinally not burglary, but frankly I don't care.)
The proper analogy would be:
You invite a volunteer carpenter in to fix your cabinets. He asks if he can write down what cereal your family eats instead of taking payment. You say sure! (ie agree to the terms of service).
New law passes. He refuses to come back and fix your cabinets for free next time because he doesn’t want to get sued for writing down the cereal names improperly.
You then scream at him and call him names, and try to ruin his reputation on the internet and accuse him of being a thief.
Maybe if the sanctity of what cereal your family eats is so important to you, you should just directly pay money to a normal carpenter next time?
>He refuses to come back and fix your cabinets for free next time
First, Instapaper is a continuous service. If you store something, you want access to it again. It's not a series of one-off, independent services.
So, no, they didn't just "refused to come back and fix your cabinets for free next time". They gave you a space to write your notes and store your links, and then they denied access to that for 2 months (and counting).
Second, you forgot the part where Instapaper had paid services for years, and that many people who are denied service today, had paid good money and stick with it. They weren't asked if they wanted it to br made free and unreliable either.
>I could understand the outrage if this was a service you were paying for.
So, if Gmail was closed to the free tier European users for 2 months+, they should be OK, because "they didn't pay for it"?
>But this is a Free service being provided to you. Why do you believe you have the right to dictate how someone else uses their time when you're not paying for it?
That's an argument for the 1950s economy, this is 2018. We have other models, such as ads, user profiling, even pure eyeballs as a M&A/IPO monetisation strategies. Just because the user doesn't paid doesn't mean money aren't made from the user using the service. Except if one believe they run it from the goodness of their hearts at a loss, but then they probably also believe in the Tooth Fairy.
Not to mention that Instapaper used to actually charge too. If someone paid for the app or premium later for years, is it ok if they "make it free" and then deny access to their account for 2 months?
> piss on customers for 2 months and then drop a "sorry for the inconvenience".
I thought Instapaper was a free service that Pinterest bought mainly for it's article parsing technology? As an analogy FB's customers are advertisers and media agencies who pay to keep the lights on as is Pinterest's, users are not the customers.
In any case, people (including people who had paid before it was made free) had their data in it -- and lost service for 2 months. Even at free, would you be OK with e.g. Gmail (also free) or FB closing down for 2 months and then coming back with an "oopsie"?
Well, considering there are apparently only two people working on Instapaper, it's not hard to come up with reasons why it might take more than two months or why they might not be conducting a detailed PR campaign about it
Well, considering that GDPR has been voted two years ago and is based on 20-years-old EU privacy laws, even if it took 6 months or 2 years it still wouldn’t be a valid excuse.
Also, giving a bit of detail or a minimal schedule is easier than a PR campaign. It’s called transparency, and it works even if you’re alone on a project.
> Except "20-years-old EU privacy laws" didn't risk 4% of global revenue. It also didn't risk activist lawsuits.
That’s the point. When there’s no risk, nobody cares about their users’ privacy. That’s not an excuse for shutting down now that it’s legally risky to disrespect your users.
I don’t expect that, I’m wondering out loud in the hopes someone may be able to shine a light on something I’ve not considered
From my point of view they store a list of URLs and provide a way to nicely view the content of those URLs. What in that could be causing 2 months of downtime to fix?
To be honest, nothing about GDPR compliance was a surprise. The law was passed in 2016. That's plenty of time get your house in order, and yet here you are over a month past due, with an oops, sorry. What gives?
Hi Brad, Brian from Instapaper here. Just want to reassure you that's not the case here, we intend to operate Instapaper for the foreseeable future. We made this decision because we believe it’s best for both Pinterest and Instapaper.
> All of these features and developments revolved around the core mission of Instapaper, which is allowing our users to discover, save, and experience interesting web content. In that respect, there is a lot of overlap between Pinterest and Instapaper. Joining Pinterest provides us with the additional resources and experience necessary to achieve that shared mission on a much larger scale.
It rarely makes any sense for a large multibillion dollar company to operate a tiny business that has no material impact on its financials. It's like Bill Gates owning a taco truck -- even though it might be a perfectly financially viable taco truck, it's always going to be just a little random thing he has, and pretty much any involvement he has with the truck's operator/management will be disruptive.
Good to know, but to this specific case, if someone (basically) says "This is not a spinoff to let it die, but to flourish on it's own", it's nice to have them explain why they are credible when they (or previous company rep) previously said "This is not a purchase to let it die, to but to flourish as part of the collective". Just give an actual reason why this time will be different. I already know not to trust M&A statements unless they give specific plans.
I'm guessing something changing between 2016 and now. Maybe it was rate of growth, or how well Instapaper fits into Pinterest's product strategy going forward. There's all sorts of reasons it might've made sense at the time to acquire them, and for it to make sense now to let them go. You tend to not get real answers to these kinds of questions from companies, though.
This is the right kind of question to be asking. Huge, influential companies shouldn't get away with making bullshit statements that don't mean anything. At least they shouldn't get away with it as much as they do.
Synergies can turn out to not materialize post acquisition. Not a bad thing if the acquisition can be unraveled. Kudos to Pinterest for not just nuking Instapaper.
He's not active on HN, but he jumps in for quick damage control and "clarification" when people have vaguely privacy-related or operational questions about Instapaper. When followup questions are posed, particularly more difficult ones, he never responds. So I find it very unlikely you're going to get an answer here, because this account is clearly designed to do low-touch public reassurance without much commitment or transparency.
Now take a look at Instapaper's privacy policy: https://www.instapaper.com/privacy. In particular, direct your attention to the following, under "The Way We Use Information":
(P1) We use the information you provide to operate Instapaper's features. We do not share this information with outside parties except to the extent necessary to accomplish Instapaper's functionality.
(P3) We use non-identifying and aggregate information to better design Instapaper, to suggest popular content to users, and to share with advertisers and publishers. For example: ...
(P6) In the future, we may sell, buy, merge, or partner with other companies or businesses. In such transactions, user information may be among the transferred assets.
The "License Grant" section of the Terms of Service is also good reading, because it indicates that they can use user data in perpetuity, even after closing your Instapaper account (presumably until you explicitly request your information being deleted). What do you suppose that is used for? Maybe Brian can enlighten us.
My hypothesis is that Instapaper, either from the outset or somewhere prior to being acquired by Pinterest, developed a monetization model dependent upon selling user data (or derivative analysis/features of user data) to third parties. Most likely this is provided for market research or advertising optimization. Note that in their Privacy Policy Instapaper also states they use cookies "and other tracking technology" (and they specifically do not enumerate the full number of reasons which they do so, aside from normal login and session maintenance) in their Privacy Policy.
Further, I'm going to go ahead and assume this can be explained through basic cynicism. This monetization model was probably never terribly significant for Pinterest, except insofar as it was useful for internal discussions and inspirations for ways Pinterest could improve upon their own user data analysis. When GDPR came along, this probably tipped the scales to make Instapaper a net liability for the company (and not one in line with its financial or brand goals). Thus we have Instapaper being cut lose, yet again.
I read HN regularly, but I'm pretty much a lurker on all social channels. When there's a conversation relevant to me or the products I work on, I like to jump in to represent the relevant company or products.
With respect to follow ups, I usually respond and move on to other things. I do my best to be open and transparent in online communities like these.
Moving onto your privacy concerns there are two things I'd like to say...
* Instapaper has always done hard deletes of user data when you delete articles or your account, it's been done that way since the Marco days.
* We have never monetized using user data, or developed any type of special targeted advertising for Instapaper.
"We have never" does not mean "we will never" does it? The legal terms doesn't seem to preclude it from happening. Most companies don't have agreements with data orgs until they have the juicy data. It's easy to say "we probably won't sell it" until the board sees the value of the accrued data in a couple of years. instapaper could make it more explicit that it's not going to happen in the terms rather than social media posts by an employee.
1. If Instapaper "hard deletes" user data when a user deletes their account, what precisely does the License Grant language mean when it states Instapaper has a "worldwide, non-exclusive, perpetual, royalty-free, fully paid, sublicensable and transferable license" to the User Content "including after your termination of your Account or the Services."? This is from "Instapaper Application License", section (a) of the Instapaper Terms of Service [1].
2. You've just said, "We have never monetized using user data, or developed any type of special targeted advertising for Instapaper." How is this statement congruent with paragraph 3 of "The Way We Use Information" in the Instapaper Privacy Policy [2]? Quoting:
- We may tell an advertiser or publisher that X number of people visited a certain area on our website
- We may tell an advertiser or publisher that X number of people bookmarked Z stories from a particular site or topic.
I'm going to be blunt with you, Brian: I don't believe what you're saying to me right now. At best I believe you're stating things which are superficially true but skating around the spirit of people's intent when they ask about privacy policies and how user data is being used.
Unless you have a fantastic answer for these two questions, I don't see how what you've just said is reconcilable with your privacy policy or terms of service. Literally "selling" user data is not the only way in which user data is monetized. Monetizing user data by providing derivative or curated analytics pertaining to that data is also substantial monetization of that user data. If advertisers developed their own special targeting for Instapaper users on or off the Instapaper platform based on the data you shared with them, then as a matter of fact yes, you did help in developing specialized targeting for advertisements.
To summarize thus far: you have effectively given me a non-answer, in consideration of the statements on Instapaper's TOS and Privacy Policy. And despite taking the time to respond to my comment (presumably because I challenged you directly), you have not responded to the parent commenter who originally asked you the question that started this thread.
EDIT: I'm not sure what's triggering these downvotes, but if someone downvoting has a substantial refutation or insight, it would be nice if you shared with the class instead of just pressing a button. As it stands Brian has not responded to the substance of my point, and it seems virtually self-evident according to the Privacy Policy that Instapaper monetizes user data. It's not much of a leap from there to assume that this revenue was no longer worth it for Pinterest after GDPR came into effect.
Your quotes from the privacy policy do not describe “targeted advertising”. Indeed, the section you quoted from has this preamble:
> We use non-identifying and aggregate information to better design Instapaper, to suggest popular content to users, and to share with advertisers and publishers.
and this afterwards:
> When information is used in this or a similar manner, we do not disclose anything that could be used to identify the individuals on whom the information is based.
I suppose using aggregate data in that manner could technically be described as “monetiz[ing] using user data”, but it’s not the type of activity most people are worried about (nor, incidentally, something that would implicate the GDPR).
As for the ToS license grant, it’s presumably the type of cover-your-ass wording lawyers always put into those agreements. I’m not a fan of the practice myself, but it’s not really evidence that Instapaper does, or intends to, use user data after deletion. Also, it might be intended to address backups, though I’m just speculating.
Yeah, if Instapaper didn't do shady things with user data GDPR wouldn't take more than a couple of days to add support for, instead of the 2+ years it's been.
Your points make me wonder... If you're running a small successful and independent sass, that respects its users, and you want to move on. What do you do, if your only options are selling to a large company that won't respect your users, or shutting down? Is it plausible to find a buyer that will honestly maintain a user-respecting ethos? If not, then it seems that there are no good choices for a founder in this position.
> We won't try to flip your business in 3-5 years. We won't mess with your team and culture. We won't lock you into golden handcuffs or push complex deal terms. We won't ruin your life with months of unnecessary due diligence. We won't renegotiate and grind you on terms.
> …
> We started Tiny to create the buyer we wish we could have sold to.
To my knowledge, no one else makes similar commitments to both keep good things as-is and also to buy and hold indefinitely. At least from the outside, Tiny's model is unique.
I started reading your comment assuming you were stating a small business that was making a pre-commitment not to "sell out". I was pleasantly surprised to see you were highlighting a company that is "safe" to "sell out" TO.
Even though I hate the fallout that impacts me as a user, I'm generally happy to see financial success come to those that made something cool (if you didn't make promises to the contrary). Committing to NOT selling out tends to just tie the hands (and wallets) of those that are giving me what I want, so that doesn't seem to be a good option. But this is a good option, at least as advertised: Sell out to someone that will try to make sure your customers don't resent the results.
Looking over their list of companies I don't believe I've worked with any of them - does anyone have actual experiences to share?
I’ve know the CEO of a Tiny-affiliated company for a few years and consider him a friend. In a previous role, we had a very close partnership with the company. I also worked at the company, albeit only for a few months in a leadership role.
Andrew and the rest of the Tiny crew seem to do a great job of standing behind what they say, from my limited experience.
And (tinfoil /on) if you were planning on winding down, compliance development is exactly the kind of thing that would be stopped. Shutter that, prior to shuttering everything else.
Hey there – Brian from Instapaper here – we have a pretty clear and accurate privacy policy around the data we collect and how we use it, you can find it here: https://instapaper.com/privacy
It's worth noting that GDPR applies to EU citizens regardless of where they happen to be in the world (or if they're using a proxy), so an IP ban does absolutely nothing to help comply with the law.
You'd think a real company would have talked to a lawyer about this.
GDPR makes no mention of EU citizens or residents.
The 2 main groups it applies to are:
1. activities of an establishment of a controller or a processor in the Union (so if the company is in the EU, ALL processing has to be GDPR compliant regardless of where the user is)
2. processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union (if the company is not in the EU, processing of data of people in the EU - note they just have to be in the EU and not residents or citizens - so if you are from the US and on holiday in the EU and you order pizza delivery to your hotel, that personal data has to be handled in a GDPR compliant way, notwithstanding that the pizza company is probably in group 1 anyway but hopefully you get the point. And the converse of that, if you live in the EU and are on holiday in America and order pizza, that personal data does NOT need to be GDPR compliant as you are not IN the EU)
There are a few other scenarios included too.
Edit: It's worth pointing out that 1 seems to have been completed missed in almost all GDPR coverage I have seen, possibly because most of the coverage has been heavily US centric. If the company is established in the EU, it has to comply with GDPR for ALL users, not just people in the EU. This is why Facebook [1] and others changed their terms so that only EU users have a contract with Facebook Ireland, and everyone else now has a contract with Facebook Inc (US) - previously everyone had a contract with Facebook Ireland.
How would that even make sense? A country enacts some arbitrary rule such as "You are not allowed to provide access to social media for its citizens." How do you possibly enforce that for citizens visiting or living in the US? (Short of demanding all users to verify their citizenship to access the site.)
Hi Brian, thanks for replying to my post. I apologise for my reactionary tone above, but do you understand how by declining to share specifics your tweet aroused suspicion?
EDIT: I've just read through your privacy policy and I wish other companies had a privacy policy as clear, straightforward and detailed.
People in this thread saw the title "GDPR Hall of Shame", possibly read it. Now they are trying to discuss stuff relating to "General Data Protection Regulation". My wild guess is people who are commenting on this thread care.
As long as you are telling the truth about only sharing anonymous and aggregate data with publishers and advertisers, I can't see anything in your privacy policy that would preclude you from being GDPR compliant right now.
Hey – Brian from Instapaper here. I've been at Instapaper since the betaworks acquisition in 2013, so I have a lot of context here.
We've made tons of progress since I joined, redesigning the apps, websites, launching highlights, rebooting our business model, text-to-speech, speed reading, re-writing our parser, re-building our full-text search engine. The list goes on.
We currently don't have an image proxy for Instapaper, so yes when you visit the site we load the original images. We have discussed adding an image proxy but felt it would be a lot of overhead in server costs and maintenance for minimal value.
Additionally, I'm not sure it's fair to represent that fetching images from the original sources that a user saved is tantamount to sharing data with third parties, which has a different set of implications.
Of course, that was just my impression and not really an accusation based on facts. I apologize if I got it wrong.
I actually liked it that way, that Instapaper stays the same and reliable while other feels the urge to 'innovate' giving it's loyal users only trouble. Scripts that I have written years ago for uploading articles still work and Instapaper is still my Read-It-Later of choice.
As for images - I had to accept that Instapaper works that way - but always had been little annoyed that it is possible to turn off images but that's not persistent option.
Hi Brian! I was worried when Instapaper was acquired, but so far it's been working fine for the most part. I did get the impression that the whole thing became a lot slower. Is that possible, or is it just my end of things (connecting from NL)?
That said, speed isn't all that important considering that I do most of my reading on my iOS devices and they have that stuff locally. Still!
