Hey 👋🏻 Goodbye

April 30, 2021

I got rid of my Hey email address last night. I really liked the “mental model” of how the app organised email, but there was never enough there to push me to fully switch over from Proton Mail. I couldn’t justify paying for 2 email services over the long term, so one had to go eventually. The furore and fallout of the last couple of days helped make the choice easier and sooner.

I’m not going to touch on the “no political discussion” topic, or the apparent executive power-grabs and other Bad Things which have come out recently. I have strong opinions on all that (the bits I’ve seen and read, at least), very little of it positive or flattering to Basecamp management, but it’s not what I’m writing about right now. Maybe later.

One of the less obvious details lurking in this seedy story is that Basecamp as a company seemingly can’t be trusted with customer data. That’s a dealbreaker for me. A list of “funny” customer names might seem innocuous at first glance, but it shows a petty disregard for your customers privacy, or who can access their information (never mind the basic disrespect of being made fun of). Every current and former Basecamp customer who has heard of the kerfuffle over the last few days will have probably asked themselves “was I on the list?”

If this list had been a short-lived “joke” by a bored employee abusing their access and privileges that would be bad enough, assuming management caught it in time and acted decisively in the customer interests. But the list lasted and grew for years. It was an institutional thing with many contributors over time. That in turn raises further concerns about oversight and tacit approval of a company culture which thinks it’s fine to abuse customer data and trust like this.

Apparently management didn’t know until someone raised concerns recently. That doesn’t pass the smell test for me. Something as apparently embedded into a workplace culture as this list isn’t magically invisible to The Boss, especially if it’s well known among the staff. They know what’s happening; they just know it’s better not to say anything so they can have “plausible deniability” when it inevitably and eventually goes too far. I’ve seen this sort of managerial behaviour too many times to believe any company - even one as supposedly enlightened as Basecamp - is immune.

But let’s suppose for a moment they were (as they say) completely ignorant - for years - of the list… what other abuses are they still unaware of? Are there other skeletons hidden in the closet? And how is that in any way supposed to inspire confidence in me, their customer, that they know what they’re doing to protect my data? Especially data as sensitive and far reaching as email?

No thank you. No amount of convenient email organisation is worth that. So: subscription cancelled, data exported, deleted1, and the app has been removed from my devices.

Has it been though? I guess that’s something I’ll need to take on trust… ↩