Readwise Privacy Policy. Yikes

I’ve decided against using Readwise but while lurking in their subreddit tonight I came across this. Figured some privacy conscious MPU’ers might be interested in reading this if nothing else…

https://reddit.com/r/readwise/comments/10607d0/2fa_is_really_necessary_for_reader_better_privacy/

  • In the future, we may sell, buy, merge, or partner with other companies or businesses.
    In such transactions, user information may be among the transferred assets.

That’s more or less the case for pretty much every company/product/service out there, whether it’s stated in their privacy policy or not :frowning:

4 Likes

That’s a sad state of affairs. :thinking:

Same when your dentist sells her practice, etc.
No one would buy a service company without its users.

I guess I’m curious because it seems to me that when a company is beloved like Readwise is right now - it’s all forgivable. No 2FA and selling your data potentially down the road, no biggie - this is common practice.

But when it’s a note taking app, everyone has to have end to end encryption and privacy. A lot of us - myself included - seem to cherry pick our “must haves” and our “dealbreakers” to justify the “cool apps” to ourselves.

Example:

Readwise has a potentially shady security hole. Eh, all apps do.

Evernote doesn’t have end to end encryption - oh, I need end to end, that’s why I choose Obsidian.

Our biases for siding with the cool apps, when you look across the spectrum of the things we tell ourselves - a lot of it doesn’t square up. If app A does it it’s fine, if app B does it in another thread - huge red flag, I’d never use that app because of it. Just find it odd I guess

I do it too. Just taking note of it.

4 Likes

It’s just the state of things.

In general, that’s actually mild than in comparison to most online/cloud applications out there. Most say they can take your info and data to use for anything to include selling it third parties now. This just says if we get bought user accounts are part of the deal.

Although I understand where you are coming from, and I don’t like Readwise’s position on this, might there be a difference between book highlights and personal notes? My potential exposed highlights would be pretty dull but I wouldn’t want every thought, reflection, and note exposed.

5 Likes

I don’t think that’s what being said though: Any service that has any of your information will have a clause like this because if they merge or are purchased or purchase another service, the resulting entity has to be able to deal with the existing information assets, if only to be able to keep providing the service.

Ideally this section would also include a requirement to notify about an impending change and the option to remove your informaiton from the service. Even more ideally would be regulation that requires serivce providers to make such disclosures and gives you the right to remove your information.

We have to. To whom and for what I’ll share my information varies greatly depending on the nature of the information, the value that I get from the service, the necessity of sharing it, the necessity of the service, and why the receiving party needs it. We (or at least I) have no choice but to evaluate services individually based on (at least) those criteria.

3 Likes

A widely adopted cross-application e2ee standard for the web would be fantastic. It would let glue services like Readwise, IFTTT, Zapier and Evernote move data around without being able to see it, without having to create the approach themselves and negotiate with each integration to implement it. It’s going to take some time, but I believe we’ll eventually have that.

It’s poorly worded as it could relate to a transaction of just the information or one of Readwise the company

1 Like

I’m not a lawyer, but that last sentence doesn’t bother me - as others have pointed out any company that is sold would need to transfer customer data. Unless you make super-special widgets that the world can’t function with out, the customers are kind of important. [Also from a user point of view, it would be a rubbish experience if your favourite company was sold to another business and you were abandoned as a customer!]

I don’t like the first sentence, but there aren’t many companies that aren’t collecting browser info, so I’ve pretty much given up on trying to control that.

Whether it’s reasonable or not, I do take into account the behaviour of the companies/staff themselves with this stuff. The privacy policy was written by their legal advisors. It doesn’t necessarily reflect day-to-day reality, but how the company behaves and how its staff interact with customers gives a good indication (I think) of whether there’s a problem (or going to be one in the near future). It’s also good to ask who is funding a young company (or an established one Twitter) because investors may well have different priorities to the core business.

1 Like

I think privacy – and my need for privacy in any given tool – is a spectrum. It’s not about how cool the app is getting them a pass, it’s about the sensitivity of the data that the tool has.

My Reader data would be incredibly boring. If I were to think of the most damning data they would have that I might not want to be “out”, it might be, say, an article from a conservative news source that held a novel argument against a liberal position that I found intellectually interesting, so I highlighted it. That’s the worst. If I was famous, and that data became public, I might have a bad day but it wouldn’t be too bad.

Contrast with Day One or Photos, where I might keep me deepest darkest secrets and nude photos respectively. I am not sure what the market would be like for my nude photos, but I do know I would rather people have access to my highlights than them!

And yes, sure, in a perfect world, every tool would have end to end encrpyption and rock solid privacy policies and etc., but the people who advocate for this forget, IMO, what you end up trading for that. These things do not come without cost. Again, to take the very opposite end of the spectrum, it’s self-hosted, it’s open source, it’s … not an area where I see a lot of tools that inspire me.

3 Likes

Would/is it? If that’s true they wouldn’t sell it. Check the connections that the Readwise app is making. Why would they be sending your boring data to Facebook and elsewhere?

Not picking on you; I just hear that a lot and I think a lot of us underestimate how few datapoints it takes to turn a boring piece of data into an interesting one.

3 Likes

Exactly. Private notes could easily be within Readwise itself.

Reading a book on how to lose weight, going through a divorce, dealing with family issues - taking notes and highlights within Readwise on all that. I’m just saying we quickly drop our guard and make justifications and generalizations, sometimes when we shouldn’t.

I hear in the same forum - “I’d love to use Craft but it’s not end to end encrypted” and then “who cares if Readwise sells my data.” Granted maybe not all from the same people each time, but it’s interesting to read how we sway our opinions based on the app in question and not necessarily our unwavering commitment to our standards we think we’ve set for ourselves. Can different apps have different standards? Sure. But when we start connecting them, does that change anything?

Just interesting to look at. I don’t mean to sound like I’m any better off. I do this too.

2 Likes

The value of your data in Readwise is that it keeps your subscription valuable and recurring. That would be the case for Readwise or an acquiring software company.

This is what I almost posted last night. I think one can start seeing a forum as a single entity with a life story that makes its opinions seem contradictory, but it’s just a bunch of individuals with a shared, broad interest and they are all over the place in the collections of software they use and why they use it.

Still, as you note the trends are interesting. The way I look at it, earlier entrants in a software category make more compromises to innovate. Those following up are able to take more specialized approaches that still check a lot of boxes, because they can copy their competitors.

Evernote—>Obsidian is a great example of this. Obsidian would have sucked in 2010. Now they can be great because they’ve learned from Evernote’s design, tech approach, business mistakes, etc., plus those of many other apps. There’s going to be a really good, locally-stored Readwise competitor some day that will benefit from all the design and integration work Readwise has done.

So, right now it’s possible to pick a notes app that matches your individual preferences (non-cloud) almost exactly, but if you want a highlights gluing/retention app that works with everywhere you read, you have to choose between the one that works or waiting to start using that kind of software. People here make both choices.

3 Likes

When I say boring, I don’t mean not valuable. I mean boring, of little consequence, even if Reader was literally selling my data, which isn’t a big risk because almost no company is literally selling user data directly.

I shouldn’t have responded here to start with – I find the privacy debate generally uninteresting and unproductive.

Fair enough. I think you said no companies sell or use data directly. Isn’t that exactly what they do? (Rhetorical)

1 Like

Sorry, missed a word: almost no company is literally selling individualized user data directly, not even the biggest privacy boogeyman companies.