“Opt-in by default” is an oxymoron. If it’s default then I haven’t opted into anything. It’s been enabled by default.
show comments
sixtyj
Most companies would bury this change in a deceptively boring T&Cs update, but we value transparency, so here's what you need to know in an internet-friendly numbered list:
Users on our EU cloud instance are opted out by default
So too users with agreements that prevent training (e.g. BAA, MSA, or similar)
All other users on our US cloud instance are opted in by default
We will anonymize all data before it's used for training
We will only use data that already exists in your PostHog instance
We will do all the model training ourselves, which means...
We won't sell or send your data to third-party model providers
You can opt out at any time via your org settings in PostHog (admin access required)
Training won't start until June 29, so there's plenty of time to decide
show comments
Waterluvian
PostHog was a system we set up once, generally don't think about, and review from time to time, providing some occasional value. It was mostly harmless to leave around.
But it's apparently yet one more thing we have to be actively suspicious of as it defaults towards an intolerable state. So it's easier to just rip it out of the system and move on.
infecto
Thanks for posting. I had been in the fence for the past few months of switching. The new AI products combined with the weird UIs had been irking me for a while. This is the final nail in the coffin. Opt-in is a terrible business model imo.
freshnode
Why won't companies explain what anonymisation means for them?
Posthog has unfettered logged in access to some sensitive stuff. What steps are they actually taking to scrub sensitive data from my replay before being used to train a model?
frankest
What a great reminder to build my own analytics and self host. PostHog just lost a customer. They could easily send a email to each customer asking if we want this. The assumption means they have no product intuition about their own customers, let alone the customers of their customers. Bye.
show comments
tines
“Opt-in by default” = opt-out?
show comments
brauhaus
Every day I'm more glad about EU legislation, that's all I have to say for now
show comments
jen20
Perhaps if they hopped on a quick call for five minutes with some customers, they'd realize quite how little appetite there is for putting up with being opted into things automatically in the US but not in the EU.
As an aside, this also means the EU rules are working.
show comments
bigstrat2003
This is the fastest way possible to ensure I will never do business with you, or stop doing business with you if I already am.
Henchman21
You can’t “opt-in” to something that is the default. The choice is made for you — and when the choice is made for you? You haven’t opted in or out?
show comments
tartieret
I initially used Posthog as an alternative to Google Analytics with more privacy. Now they want to use the data for a business purpose. Working hard towards enshitification?
show comments
TZubiri
Today I was thinking, if I start a company in the LLM tooling space, I would put in the company mission in the incorporation documents that client data will not be used to train.
The temptation and the value is too great, and the opt-in opt-out consent thing ends up being a fuckery where the company tries to trick the user into allowing them to take a look into the data, presumably because they are selling the product at a loss and need an alternative revenue model.
Just make it impossible from the get-go, the fine print would be that the data can be shared off-band explicitly, in an email, or if explicitly copy pasted in a support chatbox, but there would be no mechanism for us to read the data from the databases much less from the client.
I don't mean it would be an air-tight mechanism like Signal or ProtonMail, if a court order would ask us to produce client info, we would still reserve the right to produce the data, but exceptionally, and definitely not for training models.
show comments
slopinthebag
PostHog better transition to an AI company soon because they are one of the SAAS's which are absolutely cooked by vibe coding. What it does is extremely amenable to LLMs and it's also non-critical for a business, making it an excellent candidate for replacement by in-house solutions. And if it means never having to use their website again that's even better.
I wonder if they regret opensource, considering people will be using LLMs to replace them which have surely trained off of their code.
“Opt-in by default” is an oxymoron. If it’s default then I haven’t opted into anything. It’s been enabled by default.
Most companies would bury this change in a deceptively boring T&Cs update, but we value transparency, so here's what you need to know in an internet-friendly numbered list:
Users on our EU cloud instance are opted out by default
So too users with agreements that prevent training (e.g. BAA, MSA, or similar)
All other users on our US cloud instance are opted in by default
We will anonymize all data before it's used for training
We will only use data that already exists in your PostHog instance
We will do all the model training ourselves, which means...
We won't sell or send your data to third-party model providers
You can opt out at any time via your org settings in PostHog (admin access required)
Training won't start until June 29, so there's plenty of time to decide
PostHog was a system we set up once, generally don't think about, and review from time to time, providing some occasional value. It was mostly harmless to leave around.
But it's apparently yet one more thing we have to be actively suspicious of as it defaults towards an intolerable state. So it's easier to just rip it out of the system and move on.
Thanks for posting. I had been in the fence for the past few months of switching. The new AI products combined with the weird UIs had been irking me for a while. This is the final nail in the coffin. Opt-in is a terrible business model imo.
Why won't companies explain what anonymisation means for them?
Posthog has unfettered logged in access to some sensitive stuff. What steps are they actually taking to scrub sensitive data from my replay before being used to train a model?
What a great reminder to build my own analytics and self host. PostHog just lost a customer. They could easily send a email to each customer asking if we want this. The assumption means they have no product intuition about their own customers, let alone the customers of their customers. Bye.
“Opt-in by default” = opt-out?
Every day I'm more glad about EU legislation, that's all I have to say for now
Perhaps if they hopped on a quick call for five minutes with some customers, they'd realize quite how little appetite there is for putting up with being opted into things automatically in the US but not in the EU.
As an aside, this also means the EU rules are working.
This is the fastest way possible to ensure I will never do business with you, or stop doing business with you if I already am.
You can’t “opt-in” to something that is the default. The choice is made for you — and when the choice is made for you? You haven’t opted in or out?
I initially used Posthog as an alternative to Google Analytics with more privacy. Now they want to use the data for a business purpose. Working hard towards enshitification?
Today I was thinking, if I start a company in the LLM tooling space, I would put in the company mission in the incorporation documents that client data will not be used to train.
The temptation and the value is too great, and the opt-in opt-out consent thing ends up being a fuckery where the company tries to trick the user into allowing them to take a look into the data, presumably because they are selling the product at a loss and need an alternative revenue model.
Just make it impossible from the get-go, the fine print would be that the data can be shared off-band explicitly, in an email, or if explicitly copy pasted in a support chatbox, but there would be no mechanism for us to read the data from the databases much less from the client.
I don't mean it would be an air-tight mechanism like Signal or ProtonMail, if a court order would ask us to produce client info, we would still reserve the right to produce the data, but exceptionally, and definitely not for training models.
PostHog better transition to an AI company soon because they are one of the SAAS's which are absolutely cooked by vibe coding. What it does is extremely amenable to LLMs and it's also non-critical for a business, making it an excellent candidate for replacement by in-house solutions. And if it means never having to use their website again that's even better.
I wonder if they regret opensource, considering people will be using LLMs to replace them which have surely trained off of their code.