{"id":75855,"date":"2017-06-13T11:03:42","date_gmt":"2017-06-13T18:03:42","guid":{"rendered":"https:\/\/www.backblaze.com\/blog\/?p=75855"},"modified":"2021-08-09T11:34:17","modified_gmt":"2021-08-09T18:34:17","slug":"privacy-vs-convenience","status":"publish","type":"post","link":"https:\/\/www.backblaze.com\/blog\/privacy-vs-convenience\/","title":{"rendered":"Balancing Convenience and Privacy"},"content":{"rendered":"

\"balancing<\/a><\/p>\n

In early January of this year, in a conference room with a few other colleagues, we were at a point where we needed to decide how to balance convenience and privacy for our customers. The context being our team earnestly finalizing and prioritizing the launch features of our revamped Backblaze Business Backup<\/a> product. In the process, we introduced a piece of functionality that we call Groups. A Group is a mechanism that centralizes payment and simplifies management for multiple Backblaze users in a given organization or business. As with many services there were tradeoffs, but this one proved thornier than most.<\/p>\n

The Trade-off Between Convenience and Privacy<\/h2>\n

The problem started as we considered the possibility of having a Managed Group. The concept is simple enough: Centralized billing is good, but there are clear use cases where a user would like to have someone act on their behalf. For instance, a business may want a system administrator to create\/manage restores on behalf of a group of employees. We have had many instances of someone from the home office ordering a hard drive<\/a> restore for an employee in the field. Similarly, a managed service provider (MSP) might provide, and potentially charge for, the service of creating\/managing restores for their customers. In short, the idea of having an administrator manage a defined collection of users (i.e. a Group) was compelling and added a level of convenience.<\/p>\n

Great. It\u2019s decided then, we need to introduce the concept of a Managed Group. And we\u2019ll also have Unmanaged Groups. You can have infinite Groups of either kind, we\u2019ll let the user decide!<\/p>\n

Here\u2019s the problem: The Managed Group feature could have easily been used for evil. For example, an overeager administrator could restore an employee\u2019s files, at anytime, for any reason\u2014legitimate or nefarious. This felt wrong as we\u2019re a backup company, not a spyware company.<\/p>\n

This is when the discussion got more interesting. By adding a convenience feature, we realized that there was potential for user privacy to be violated. As we worked through the use cases, we faced potential conflict between two of our guiding principles:<\/p>\n