May 12, 2021
How Skyflow Could Have Helped Me Build Features at Google
One of the main reasons I joined Skyflow was because I had experienced the privacy-versus-personalization tradeoff first-hand in a prior role at Google.
The crux of the tradeoff is that to personalize products, tech companies need more user data. But the more user data is collected, the more user privacy is at risk. Skyflow’s vault technology can solve this tradeoff and deliver the best of both worlds--personalization and privacy. Let’s look at a simple example from my time at Google.
Our team came up with a growth hack: the app would promote RCS to users when it detected that they were texting someone who had it enabled too. For example, suppose Alice was texting Bob. The app would check if Bob had RCS, and if he did, the app would prompt Alice to enable RCS. By doing so, Alice’s conversation with Bob would get upgraded to a richer messaging experience instantly.
Building this solution seemed straightforward. On the backend, Google maintained a list of all phone numbers that had RCS enabled. The app would send Bob’s number from Alice’s phone to the backend. The backend would check if Bob’s number had RCS enabled. If it did, Alice would be prompted to enable the feature.
But this is where we ran into a problem we never were able to solve.
Gaps in Privacy
The fundamental issue was in sending Bob’s number from Alice’s device to Google’s backend. Even though our intent was not malicious, it was still a violation of Alice’s privacy because of the risks it created. Traces of the data might remain in the backend in logs and a bad actor might be able to figure out who Alice was texting or even reconstruct Alice’s entire social graph.
Our privacy team’s advice was to ask for Alice’s explicit consent which would cover this data processing under GDPR. However, not only would this be a terrible user experience and an ineffectual growth strategy, it wouldn’t actually protect Alice’s privacy.
Ultimately we had to abandon this feature. This led me to a more fundamental question: why did Google have to store a list of phone numbers using RCS in the first place? Just the act of storing sensitive data and retaining access to it created privacy liabilities.
Privacy meets Personalization
Users expect products to be personalized, intelligent and adaptive. To create these experiences, tech companies need to store sensitive PII. However, by storing it alongside their other data, they make themselves vulnerable to potential privacy violations. Meanwhile, users have no choice but to hope that companies are responsible stewards of their data.
Skyflow solves these problems by allowing companies to store PII in a vault, separate from other non-sensitive data. The vault applies a range of privacy-preservation techniques to the data which allow for it to be useful without compromising privacy. With a Skyflow Vault, my team at Google would have been able to figure out how many of Alice’s contacts had RCS without ever being able to access the actual phone numbers. This would have been the right way to build this feature in a truly privacy-preserving manner.
As government bodies pass legislation to give users more control over their data, you will need to come up with new methods to ensure privacy while still offering useful and popular features. A vault like the one we created at Skyflow provides secure ‘neutral ground’ where sensitive data can be stored and processed in a zero-trust manner.
I think this architectural shift will be fundamental to how products are built. Skyflow’s technology will enable a future where products can be personalized while respecting and protecting the privacy of user data.