logoalt Hacker News

hluskayesterday at 10:10 PM2 repliesview on HN

The article did not accuse you of anything and went so far as to say “There's nothing unlawful going on, and there's no reason to think RudderStack (or any company mentioned in this story) is doing something nefarious.”

I’m struggling to understand why you would feel the need to comment. Or why you even think the BBC would have contacted you. This is one of those moments in PR where a response with no reason makes reasonable people wonder why.


Replies

soumyadebyesterday at 10:34 PM

My concern is that terms like "data management company" (and another article described us as an "analytics company") are broad enough that many readers could reasonably infer we're collecting, storing, or monetizing sensitive end-user data.

I wanted to clarify that distinction because we've already had people reach out asking whether we were involved in collecting or using this data.

Its bad PR for us

wavemodetoday at 12:14 AM

I disagree. The article very clearly makes it sound like there is some reason RudderStack ought to be listed by name in the privacy policy of the Stardust app. When in reality, it would make no more sense to list them by name, than it would make sense to list AWS or CloudFlare or any other technical infrastructure through which customer data passes.

> Mozilla uncovered numerous privacy problems across various apps, but Stardust was the only one found sharing detailed reproductive health data with another company.

> The report found that Stardust sends users' health information to a data management company called RudderStack, which isn't named in its privacy policy. That data includes pregnancy status, birth control, moods, alcohol consumption and specific symptoms like tender breasts and stomach cramps.

> Companies often share data with outside services to process information and analyse user behaviour. There's nothing unlawful going on, and there's no reason to think RudderStack (or any company mentioned in this story) is doing something nefarious.

> However, experts say it's inherently risky when your data spreads to more places. It creates another opportunity for security breaches or legal requests for information. Besides, you may just be uncomfortable with another company seeing your health data.

> A Stardust spokesperson says the company only uses RudderStack as a "technical pipeline" to route data into its own analytics systems, and the app doesn't share anything that could allow RudderStack to identify your name or contact information. "Additionally, RudderStack is contractually prohibited from selling or using it for its own purposes," and RudderStack doesn't store the data long-term, the spokesperson says.

> "People deserve better," says Shoshana Wodinsky, a privacy research analyst who conducted Mozilla's tests. At the very least, she says, you should know what's happening.

show 1 reply