Most companies would bury this change in a deceptively boring T&Cs update, but we value transparency, so here's what you need to know in an internet-friendly numbered list:
Users on our EU cloud instance are opted out by default
So too users with agreements that prevent training (e.g. BAA, MSA, or similar)
All other users on our US cloud instance are opted in by default
We will anonymize all data before it's used for training
We will only use data that already exists in your PostHog instance
We will do all the model training ourselves, which means...
We won't sell or send your data to third-party model providers
You can opt out at any time via your org settings in PostHog (admin access required)
Training won't start until June 29, so there's plenty of time to decide
If "we will opt everyone in because otherwise we won't get enough data because we know users won't opt in" is your business model, maybe it's time for a rethink.
Defaults matter.
Opt-in vs opt-out organ donorship has a large impact.
Most people on any web app won’t stray from the defaults.
Which we probably need to consider changing now that some truly bizarre and evil shit is being done on donor organs:
yea except one is a "dark pattern" to exploit customers for corporate profit while the other is to benefit society.
There is no such thing as opt in by default - and burning that amount of customer goodwill because you want something instead of say, giving a discount to people who are willing to do it is a choice for people who have a lot more market share and their customers would have more trouble leaving.
> Most companies would bury this change in a deceptively boring T&Cs update, but we value transparency, so here's what you need to know in an internet-friendly numbered list:
These feels like a really bad defense. It’s great you provide transparency but I don’t want my analytics system writing my code. There are already so many other first movers that are better that I would rather connect to your analytics.
> All other users on our US cloud instance are opted in by default
This is slimy.
It's slimy because your government allows it, this doesn't have to be the case.
1. Lobby your representatives to improve your data protection laws, even if you think it's pointless to do so
2. Stop attacking EU data protection laws, even if they inconvenience you
As can be seen from this announcement, data protection laws do make a difference.
Not really, it's slimy because it should be obvious that it's the morally wrong thing to do. There's no tangible benefit to the users, only risk.
The fact that they only opt-out EU users, because regulation forces them, tells you all you need to know about the moral compass of PostHog.
This shouldn't even require regulation, but apparently expecting companies to act morally is a bloody pipe dream. Profit over morals and concerns for your costumers, apparently.
yes, of course!
Cant wait to see posthog crash and burn, i have hated their service for years now.
why?
[dead]
“Opt-in by default” is an oxymoron. If it’s default then I haven’t opted into anything. It’s been enabled by default.
This frustrates me too, if something is "opt-in", that means by default you're not included and can choose to be included. If something is "opt-out", that means you're included and can choose not to be.
But then it gets used to describe the reverse, and we have to add words to clarify.
I once saw a post here with a correctly described opt-in telemetry before, and the top comment here was attacking them for the reverse, thinking it was including them by default, so there's little winning, it's one of those words that has just come to mean it's opposite.
Very true. I was considering PostHog, but this sours them in my eyes. Very deceptive wording.
Isn't it kind of like mandatory tip? If you haven't given it voluntarily, i.e .its automatically opted-in and you maybe can't even not give it. its the same.
Thanks for posting. I had been in the fence for the past few months of switching. The new AI products combined with the weird UIs had been irking me for a while. This is the final nail in the coffin. Opt-in is a terrible business model imo.
“Opt-in by default” = opt-out?
Guess its "Opted-in" by default
[delayed]
Opt means to make a choice or select an alternative. They are either incompetent or lying on purpose.
Every day I'm more glad about EU legislation, that's all I have to say for now
Yeah, the legislation is morally defensible on its own terms. But when you look at the full system, something funny happens:
EU legislation is blocking data extraction and platform lock-in tactics that Big Tech already used to become monopolies.
And since the big platforms don't have to unwind their advantages or pay back for the methods that are now restricted and considered illegal, they can peacefully extract rents from their entrenched positions for even longer, while everyone else is prevented from using the same ladder they climbed.
What a great reminder to build my own analytics and self host. PostHog just lost a customer. They could easily send a email to each customer asking if we want this. The assumption means they have no product intuition about their own customers, let alone the customers of their customers. Bye.
Not trying to be snarky but why not just opt out instead of vibe coding your own analytics platform? I'm uncomfortable with people using my data to train AI, but those concerns revolve around where my data goes, and whether I'm notified/aware. Posthog is giving me good answers to those questions here.
Perhaps if they hopped on a quick call for five minutes with some customers, they'd realize quite how little appetite there is for putting up with being opted into things automatically in the US but not in the EU.
As an aside, this also means the EU rules are working.
This is the fastest way possible to ensure I will never do business with you, or stop doing business with you if I already am.
You can’t “opt-in” to something that is the default. The choice is made for you — and when the choice is made for you? You haven’t opted in or out?
I would have guessed that was just a bad title here but no, article states it as "opted in by default".
I fixed the title, sorry for the typo!
I initially used Posthog as an alternative to Google Analytics with more privacy. Now they want to use the data for a business purpose. Working hard towards enshitification?
> I initially used Posthog as an alternative to Google Analytics with more privacy.
This does not make any sense.
> Now they want to use the data for a business purpose.
They raised VC money and they want a return so this was predictable.
It makes perfect sense actually
PostHog better transition to an AI company soon because they are one of the SAAS's which are absolutely cooked by vibe coding. What it does is extremely amenable to LLMs and it's also non-critical for a business, making it an excellent candidate for replacement by in-house solutions. And if it means never having to use their website again that's even better.
I wonder if they regret opensource, considering people will be using LLMs to replace them which have surely trained off of their code.
Today I was thinking, if I start a company in the LLM tooling space, I would put in the company mission in the incorporation documents that client data will not be used to train.
The temptation and the value is too great, and the opt-in opt-out consent thing ends up being a fuckery where the company tries to trick the user into allowing them to take a look into the data, presumably because they are selling the product at a loss and need an alternative revenue model.
Just make it impossible from the get-go, the fine print would be that the data can be shared off-band explicitly, in an email, or if explicitly copy pasted in a support chatbox, but there would be no mechanism for us to read the data from the databases much less from the client.
I don't mean it would be an air-tight mechanism like Signal or ProtonMail, if a court order would ask us to produce client info, we would still reserve the right to produce the data, but exceptionally, and definitely not for training models.
More companies need to make, for lack of a better term, "oaths" of what they won't do as a company. My pitch on it is to tie it to financial penalties the company agrees to pay, somewhere in the "enough to incentivize a significant portion of our user base to sue us" territory, such that it would be financial suicide to violate them.
Most companies would bury this change in a deceptively boring T&Cs update, but we value transparency, so here's what you need to know in an internet-friendly numbered list:
Users on our EU cloud instance are opted out by default
So too users with agreements that prevent training (e.g. BAA, MSA, or similar)
All other users on our US cloud instance are opted in by default
We will anonymize all data before it's used for training
We will only use data that already exists in your PostHog instance
We will do all the model training ourselves, which means...
We won't sell or send your data to third-party model providers
You can opt out at any time via your org settings in PostHog (admin access required)
Training won't start until June 29, so there's plenty of time to decide
If "we will opt everyone in because otherwise we won't get enough data because we know users won't opt in" is your business model, maybe it's time for a rethink.
Defaults matter.
Opt-in vs opt-out organ donorship has a large impact.
Most people on any web app won’t stray from the defaults.
Which we probably need to consider changing now that some truly bizarre and evil shit is being done on donor organs:
https://news.ycombinator.com/item?id=48212992
Again, this is because it's uninformed.
Consent matters.
yea except one is a "dark pattern" to exploit customers for corporate profit while the other is to benefit society.
There is no such thing as opt in by default - and burning that amount of customer goodwill because you want something instead of say, giving a discount to people who are willing to do it is a choice for people who have a lot more market share and their customers would have more trouble leaving.
> Most companies would bury this change in a deceptively boring T&Cs update, but we value transparency, so here's what you need to know in an internet-friendly numbered list:
These feels like a really bad defense. It’s great you provide transparency but I don’t want my analytics system writing my code. There are already so many other first movers that are better that I would rather connect to your analytics.
> All other users on our US cloud instance are opted in by default
This is slimy.
It's slimy because your government allows it, this doesn't have to be the case.
1. Lobby your representatives to improve your data protection laws, even if you think it's pointless to do so
2. Stop attacking EU data protection laws, even if they inconvenience you
As can be seen from this announcement, data protection laws do make a difference.
Not really, it's slimy because it should be obvious that it's the morally wrong thing to do. There's no tangible benefit to the users, only risk.
The fact that they only opt-out EU users, because regulation forces them, tells you all you need to know about the moral compass of PostHog.
This shouldn't even require regulation, but apparently expecting companies to act morally is a bloody pipe dream. Profit over morals and concerns for your costumers, apparently.
yes, of course!
Cant wait to see posthog crash and burn, i have hated their service for years now.
why?
[dead]
“Opt-in by default” is an oxymoron. If it’s default then I haven’t opted into anything. It’s been enabled by default.
This frustrates me too, if something is "opt-in", that means by default you're not included and can choose to be included. If something is "opt-out", that means you're included and can choose not to be.
But then it gets used to describe the reverse, and we have to add words to clarify.
I once saw a post here with a correctly described opt-in telemetry before, and the top comment here was attacking them for the reverse, thinking it was including them by default, so there's little winning, it's one of those words that has just come to mean it's opposite.
Very true. I was considering PostHog, but this sours them in my eyes. Very deceptive wording.
Isn't it kind of like mandatory tip? If you haven't given it voluntarily, i.e .its automatically opted-in and you maybe can't even not give it. its the same.
Thanks for posting. I had been in the fence for the past few months of switching. The new AI products combined with the weird UIs had been irking me for a while. This is the final nail in the coffin. Opt-in is a terrible business model imo.
“Opt-in by default” = opt-out?
Guess its "Opted-in" by default
[delayed]
Opt means to make a choice or select an alternative. They are either incompetent or lying on purpose.
Every day I'm more glad about EU legislation, that's all I have to say for now
Yeah, the legislation is morally defensible on its own terms. But when you look at the full system, something funny happens: EU legislation is blocking data extraction and platform lock-in tactics that Big Tech already used to become monopolies.
And since the big platforms don't have to unwind their advantages or pay back for the methods that are now restricted and considered illegal, they can peacefully extract rents from their entrenched positions for even longer, while everyone else is prevented from using the same ladder they climbed.
What a great reminder to build my own analytics and self host. PostHog just lost a customer. They could easily send a email to each customer asking if we want this. The assumption means they have no product intuition about their own customers, let alone the customers of their customers. Bye.
Not trying to be snarky but why not just opt out instead of vibe coding your own analytics platform? I'm uncomfortable with people using my data to train AI, but those concerns revolve around where my data goes, and whether I'm notified/aware. Posthog is giving me good answers to those questions here.
Perhaps if they hopped on a quick call for five minutes with some customers, they'd realize quite how little appetite there is for putting up with being opted into things automatically in the US but not in the EU.
As an aside, this also means the EU rules are working.
This is the fastest way possible to ensure I will never do business with you, or stop doing business with you if I already am.
You can’t “opt-in” to something that is the default. The choice is made for you — and when the choice is made for you? You haven’t opted in or out?
I would have guessed that was just a bad title here but no, article states it as "opted in by default".
I fixed the title, sorry for the typo!
I initially used Posthog as an alternative to Google Analytics with more privacy. Now they want to use the data for a business purpose. Working hard towards enshitification?
> I initially used Posthog as an alternative to Google Analytics with more privacy.
This does not make any sense.
> Now they want to use the data for a business purpose.
They raised VC money and they want a return so this was predictable.
It makes perfect sense actually
PostHog better transition to an AI company soon because they are one of the SAAS's which are absolutely cooked by vibe coding. What it does is extremely amenable to LLMs and it's also non-critical for a business, making it an excellent candidate for replacement by in-house solutions. And if it means never having to use their website again that's even better.
I wonder if they regret opensource, considering people will be using LLMs to replace them which have surely trained off of their code.
Today I was thinking, if I start a company in the LLM tooling space, I would put in the company mission in the incorporation documents that client data will not be used to train.
The temptation and the value is too great, and the opt-in opt-out consent thing ends up being a fuckery where the company tries to trick the user into allowing them to take a look into the data, presumably because they are selling the product at a loss and need an alternative revenue model.
Just make it impossible from the get-go, the fine print would be that the data can be shared off-band explicitly, in an email, or if explicitly copy pasted in a support chatbox, but there would be no mechanism for us to read the data from the databases much less from the client.
I don't mean it would be an air-tight mechanism like Signal or ProtonMail, if a court order would ask us to produce client info, we would still reserve the right to produce the data, but exceptionally, and definitely not for training models.
More companies need to make, for lack of a better term, "oaths" of what they won't do as a company. My pitch on it is to tie it to financial penalties the company agrees to pay, somewhere in the "enough to incentivize a significant portion of our user base to sue us" territory, such that it would be financial suicide to violate them.
[dead]