Interesting bit from the linked comments via "egoodman85":
Hey, just want to clarify something as an Etsy employee. It's not your purchases that are public - it's your feedback on those purchases. I know it's a small distinction, but it's not like we have some sort of desire to publicize our members' purchases. Feedback is public by default just like it is on eBay - to increase accountability and transparency. It's also worth noting that feedback has been public since the site's launch (in fact, the option to make it private was only added recently). The new People Search feature does not change this at all.
FWIW, it's not just "your" feedback, it's also any feedback left by sellers on purchases you've made, which identify your purchase whether you left any feedback or not.
(search etsy for my username for an example)
I see this as a _major_ privacy screwup by Etsy. I don't mind people being able to see the earrings I bought my girlfriend a few years back, but I can _easily_ see people having purchases exposed that they really didn't ever expect to be made public. (and I'll guess there's a whole category of items that stop being bought on Etsy, and a category of purchases that won't be made there any more (who's gonna buy their mistress jewelery on Etsy any more?))
For the record, this is how it's always been on Etsy. However, we pushed a change earlier tonight that removes seller feedback from public view. This seemed like the right thing to do and is appropriate now that we are using the newest PayPal API to ensure payment before an item is sold on the site -- this removed a lot of the reasons for the public visibility of the specifics of seller feedback. Note that your feedback score as a whole is still visible, so we haven't removed seller feedback altogether.
The difference is that now, there are ways to identify people by their email addresses (via the address book upload), and Etsy asks for and displays people's real names. Neither of these were the case before a couple of months ago.
They let you enter your full name easily, but don't let you change it very easily. You have to ask customer service.
Privacy changes on Etsy aren't communicated very well, in my experience. They very rarely communicate changes to all members via email - hence, like the article says, if something changes and you don't visit the site frequently, you will never know. Some features start as opt-in, turn to opt-out, then change to not-opt-outable, and so on.
So someone wrote feedback for the aforementioned dildo?
How's that for satisfied customers.
What confuses me is that the privacy setting says:
PURCHASES
Who can see your purchases?
*
EDIT: I'll try to think out loud here and update as I wrap my head around this.
One of the examples states that he found a woman's results by her favourites. Those have always been an (opt-in) part of the privacy settings as I know.
The question is a) how he tied her favourites to her person on Google, and b) how the former example tied the purchase (or favourite, or buyer feedback) to the person. In (b), I haven't found anything that explicitly says that the woman was identified - just that some woman's dildo-related purchase was somehow visible.
Did they know the person by their user name and identify the person, or were the full names somehow visible, which created the - justified - outrage?
I hope this is a misunderstanding, but there are still some unanswered questions. Etsy deserves the benefit of the doubt, of course.
replacing <user_name> with your own (wait for it) user name, your feedback history will show up.
I have not found any way to disable this.
This is, ipso facto, not contingent on the new privacy settings. It's a problem, but nothing points to it being a new one. I can't form a causal relationship like Ars Technica does based on this.
Being able to react to issues like this quickly is one of the great things about the Continuous Deployment process we have set up at Etsy. You can read more about that here:
Don't you think it's kind of inappropriate to respond to a serious accusation with a marketing statement about the technical architecture of your site?
I mean, sure, before reading this I thought Etsy was cool because of the continuous deployment thing, but now I think two things:
1. perhaps continuous deployment leads to launching features without thinking about their consequences for long enough;
2. Etsy's team is more interested in thumping its chest about continuous deployment than owning up to a serious mistake.
Perhaps you're right. My comment was primarily intended to link to the explanation of the change we made to address some of the concerns people had. Plugging CI was probably not necessary, though this is hacker news and so I thought it was relevant to the discussion.
It sounds more like your continuous deployment resulted in deploying a change without considering the ramifications of it. Can you really consider that a 'win'?
The issue here was stemmed from the fact that seller feedback for buyers made it so the items you buy became linked to your profile through your feedback page. In other words, even if you left no public feedback, a seller could still do something that associated that item with your account on your public profile. This, combined with the fact that folks now optionally have their real names linked to their Etsy account, made it so that a persons real name (if they chose to make it available) could be linked to a particular item through the seller feedback mechanism through no action of their own. This combined with the fact that buyer feedback is less relevant to Etsy now than it was years ago made us decide it was time to remove the buyer feedback from public view.
The seller feedback mechanism we changed last night was something that had been in place since the beginning of Etsy. So, this particular issue we addressed was not a bugfix or a reversion of a previous change.
We've just pushed a change to remove the source of confusion. That option is no longer relevant as we no longer show purchase information in feedback to 3rd parties, so we've replaced the option with a message indicating that your purchases are private on Etsy.
Nice to see a timely response, and that it's closed the privacy leakage at least for now.
The statement linked there doesn't reassure me that Etsy might not "do a Facebook" and back down on privacy complaints for now, only to re-introduce them later on.
Would anybody from Etsy like to state for the record that they understand that they made a serious mistake, and assure current and future users of their site that they _do_ respect our privacy and guarantee not to "leak" information like this, at least not without a very well explained opt-in mechanism in place first?
That's what Etsy has done on past controversial/unpopular changes. They back off or modify it, only to trot it back out, sometimes bit by bit, later on when people aren't paying attention. That is, if they listen to their customers at all. Other times they just say 'we think this will be beneficial to sellers' and ignore their customers' opinions.
Feedback from a seller -> buyer is now hidden from public view. Feedback from a buyer -> seller is marked as public or private by the person giving the feedback. The public or private purchase option is opt-out and right now determines if the items you purchase are seen on your public feedback.
Your purchase history should never be up for grabs in a public manner. That is a breach of trust in my book. I liked etsy but I don't think I will purchase anything from them in the future because of this. Not that I am buying anything incriminating but I don't want to support this type of marginalizing of customer privacy.
This is the type of thing that should most certainly be either not implemented at all or an opt-in type of thing if etsy still decided to go through with creating the feature.
Based on your other comments on this site, I assume that was sarcasm, but I know that a lot of other people would think you were being completely serious.
He's not being sarcastic. It's a non-obvious disclosure of people's information they consider to be private. It's a very good example, actually, of how Etsy is not respecting peoples privacy, regardless of the language in their privacy policy.
So no, Thomas is serious -- as am I. I hate shit like this because these kinds of security and privacy violations are not things the average consumer knows how to protect themselves against. It's non-trivially solved. You and I might be able to do it, but most folks can't, and they shouldn't be punished because of it.
I had high opinions of Etsy after reading about their work environment and ethics, but that is just a terrible move.
The only way to minimize the damages would be to roll back the feature completely and apologize. Or turn it off for everyone and leave the option to turn it back on. But that's a major PR blow.
It's also an example of how it can be a liability to depend on another self-interested corporate entity for your entire business platform. I've been reading some of the comments on the forums from sellers talking about a significant drop in sales.
But Etsy is in part successful due to the success of its sellers and their unique offerings, making it a more symbiotic relationship. Merchants aren't helpless and can put pressure on Etsy to be more open about changes, and ensure that the privacy of their customers is always a first consideration.
I just logged in and set feedback to private, now it says:
+Private
Thank You! Enjoy! Check back with us. We are always adding new items. 420Chopshop .com
I bought a gift for my cousin and now my profile is tagged with 420chopshop (they also sell things that aren't related to marijuana). It seems like you can write anything you want in feedback and there is no way to hide or remove it.
While I don't find it to be a huge issue, it will make me think twice before buying something from Etsy in the future.
There had to be at least one person at Etsy that thought this was a bad idea. As far as most people are concerned, a purchase is a private transaction between two parities that is not to be disclosed (unless explicitly agreed upon by both parties). Whoever made this 'feature' a reality really ought to get fired.
And those people were probably steam-rolled over by a group of 'experts' who decided that 'very few' people would care about this, because, y'know, it's social? And everyone likes social?
I don't know anything about how they run their operation but my guess is that this was a big initiative and most people didn't see this reaction coming because so much information on the site is public already.
Why is etsy trying to do social? Are they going to roll out a daily deals service next? What's their search strategy? Come on, etsy has a nice little niche going, why ruin it by chasing the latest trend?
> This is a lovely glass......ummmmm.....massager. Yeah, that's it! A massager! Use it for aches and pains on your neck, back, or, um, yeah.. ;-) Don't worry, your secret is safe with me ;-)
Most of their team that I've met over the years (my wife used to be a pretty big seller on that site) have shops and actively sell or have sold things so you could see what they bought already through the feedback system.
Etsy is trying really hard to be 'social' lately. Some members like it, others don't. It seems like they swung harder down this path after the recent investment by Index Ventures.
This article seems really misleading, or I'm confused. If it's really just your feedback, then it's just like every other ecommerce site, where reviews are public, and ars should correct themselves.
Otoh, the screenshot in the article makes it look like it's all purchases. So which is it?
"We do have plans to give buyers on Etsy the ability to hide feedback for certain purchases". "Certain purchases", really?
Why not all purchases. I see a train wreck coming.
I think it's a tough situation when nothing has changed overnight, but they might as well cover all their bases and hide all buyer feedback, until they figure out what to do.
The limbo leading up to a decision isn't going to do either party any good.
>To hide feedback for all purchases, don't leave feedback?
I thought the point was that access to seller feedback is public too - even if one doesn't leave feedback if the seller says "thanks" then you're marked publicly as a buyer of that product.
As was clearly pointed out, seller feedback -- over which you have no control -- is also public. And from your CEO's statement: "We do have plans to give buyers on Etsy the ability to hide feedback for certain purchases. We certainly appreciate privacy, and we spend a lot of time on these issues."
Now, I barely use etsy but my gf is a heavy user. I admire your company, but if this is true -- that any purchase I or my gf make can receive public feedback from the seller -- that's really not very cool. Plus your ceo has a "plan" to allow people to disable it. It's hard to believe that your current answer to "I bought a custom dildo and the seller said I was a good buyer" is "tough shit -- email our customer service to hide your name and wait for this change to be deindexed from G/Y/B".
I hope that I've misinterpreted the above article / response, because based on my limited purchasing history at etsy, it's not at all what I would have expected.
Yes, see my comment above. We pushed a change this evening that removes seller feedback from your public profile. Since Etsy was founded you've always been able to see this information. However, upon considering the fact that we no longer have issues wrt buyers not paying due to our new checkout system, combined with the fact that it inadvertently reveals a buyer's purchase information based upon the action of a seller, we decided it made sense to remove this view from your public profile.
As far as the visibility of other feedback goes, such as the feedback you make on a seller, you can mark the feedback as 'private' when you make it to hide the item involved.
Yes, you've been always able to see this information. But did it appear in Google with your full name, or did your account show up when people uploaded their address books? No. It seems Etsy hasn't figured out that dealing with people's real-life identities is a serious matter.
Just wanted to let you know that we have resolved this issue. As of right now, all your purchases and feedback on Etsy are now automatically set to private.
When are companies going to figure out that whenever 'social' gets bolted on to an app there's a backlash? Why do we all keep trying this over & over? Do we actually see this increasing sales? Or is it just a general feeling that since Facebook is worth XX billion, we'll be worth more if our experience is more social?
I don't think it's about the money, as you propose, but more about Etsy craving to be more than just a place where people buy and sell stuff. They probably consider that uncool. Perhaps success has gone to their head a bit.
Be that as it may, I can imagine it's not easy to resist the urge to 'swing for the fences' and 'make a platform play' or 'build a social-commerce ecosystem' when you're killing it in a space you pretty much invented like Etsy is.
The responses to this give me such little faith in this community and the internet in general.
This is a pain, sure, but for everyone to suddenly be saying "if they don't fix this today I'm never using them again" -- don't you think that's a bit rash?
Why can't we raise our concerns about this policy with pointless threats that so little will ever carry through with. This is a relatively small issue, but one that a lot care about, so make it clear it matters to you but to say "if you don't fix it I will never use you again" is lame. Explain why this is bad instead of just saying you'll never use it again. It seems so childish.
It seems like a reasonable response to say "if they don't fix this today I'm never using them again", etsy took information which people had assumed was private and made it public. If they respond quickly and take steps to ensure something like this doesn't happen again then I might consider using them again. One of the fastest ways to influence a profit driven enterprise is to make it clear that there actions mean you will no longer give them money (either by no longer shopping on etsy or listing on etsy).
I also take issue with your statement that "this is a relatively small issue", while the items I personally bought on etsy are fairly mundane I don't want my shopping history to be easily googleable. How would you feel if the local XXX store started posting pictures of all of the customers in the news paper (or even just putting them up on the web)?
Yeah, so they can explain why it's a problem for them. If Etsy know why users are concerned they can work out a suitable solution. For example, how does "Yep. That's pretty horrific. Never buying on Etsy again." help at all?
Hey, just want to clarify something as an Etsy employee. It's not your purchases that are public - it's your feedback on those purchases. I know it's a small distinction, but it's not like we have some sort of desire to publicize our members' purchases. Feedback is public by default just like it is on eBay - to increase accountability and transparency. It's also worth noting that feedback has been public since the site's launch (in fact, the option to make it private was only added recently). The new People Search feature does not change this at all.