Commentary: How to create an insecure, privacy-blind startup
Until you can no longer get away with it
Building a startup is like going on a hunting trip deep in bear country. You didn’t bring much food that bears are interested in, so you only take basic prevention measures to ward off bears. You don’t see any bears when you get there, and after staring at the woods for hours trying to see deer (while being afraid of bears and looking for them as well), you also don’t see any bears. Your view of the risk of bears decreases each day you don’t see one.
You also struggle to find deer and become more focused on finding deer so that you can eat something. It is amazing how few deer are in these woods, so there can’t be many bears, either. Your view of how many large animals there are becomes simple: there aren’t that many; they must be scared off easily.
But the nature of your trip is that you are in the place where bears live, and you are hunting and thus creating things that bears are interested in. All of your activity might be of interest to bears. The risk of bears rises as your perception of the risk increases.
At some point, these two risk models will meet as you haul a deer carcass back to camp - the same camp that has not moved and has become undisciplined with regard to hanging food up where bears can’t reach.
It only takes one bear to kill you, no matter how many people are around you, how long you have been hunting, or how many deer you have killed. But it doesn’t feel like the risk is increasing.
It is so hard to build something that people want; it becomes hard to imagine that hackers might be interested in what you have until it is too late to “add security”. Part of being a mature hunter is to have the discipline to be aware of threats to your camp whenever you are hunting. Building secure systems is part of building mature systems.
Some helpful links for bear handling: