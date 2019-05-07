I was obsessive about privacy, even though thousands rather than billions of people would ever interact with the software. Every member had to be explicitly invited. There was no option to post publicly—an idea that seemed nonsensical at the time, before news feeds and timelines were a thing.

At first it was just a personal site. I invited my family and friends to see my own kids’ pictures and stories. Some of my friends in the tech sector thought it had legs, and urged me to turn it into a service. As I thought about how to do that, I became profoundly concerned about sharing photographs online. I bit my nails over exposing even a single image in a way that someone might not have wanted or expected.

It’s easy to control access to a webpage. That’s why links to non-public posts on Facebook won’t work for a user who isn’t logged in and also friends with the user who posted it. But images work differently; they get embedded in the page as URLs to the picture file, and anyone can copy that URL and share it via email, on a forum, or even embed it in their own web page. You can try this with any photograph you’ve uploaded to Facebook: Copy the image location and text it to someone; they’ll be able to see it immediately. It’s just one tiny example of how the web’s plumbing encourages disclosure by default.

So I wrote some software to handle every image request, to make sure the person requesting it was authorized to see it. Of course, it would still be possible to copy/paste and save text or pictures on the page, but at least I was doing everything in my power to limit access on the service I controlled. Effectiveness might have been less important than intention: Privacy, in the sense of creating a match between intended and actual disclosure of personal information, was a first-principle design value to maintain and enhance, rather than an outmoded idea to rebuff.

That’s a different approach than Facebook ever took. As my colleague Alexis Madrigal explained, Facebook’s spread across Harvard, and then colleges, and then the globe. It invited compulsion from the start. That usage pattern necessitated a growth-at-all-costs mentality that made keeping people coming back to the site (and then the app) the service’s principle use, rather than an activity pursued by means of the service, like keeping up with friends and family. Facebook grew because that’s what Facebook did. It was never conceived to do anything else.

I shopped my family-album website prototype around for funding a bit, without success. The economics of software businesses were different back then. A successful internet startup was a lot less successful then compared to today. Flickr, the popular image-sharing site, was acquired by Yahoo! for a modest $20 million or so in 2005. The ceiling was much lower. Even the relatively simple technical design I’d developed had commercialization consequences. Today, it’s become standard practice to deliver an entire website via encrypted connections (indicated by a URL starting with “https” instead of “http”). This is done to prevent site operators from guessing what might be sensitive. Passwords and credit cards are obvious, but in some places, even just the fact that you accessed a website can be a fact you might want to keep private. Encryption makes that possible. It also requires more computational power to operate, which means more servers, which means more costs. Today, startups cost almost nothing to launch. They scale their infrastructure as needed on cloud services. Those didn’t exist back then; delivering a whole service via encryption had computational and therefore financial costs.