Milk, the company started by Kevin Rose, shut down its first “experiment” Oink yesterday. We’ve also reported that the entire team may have been acquired by Google.
Before moving on though, the company wants to allow its users to download all of the data that they’ve put into the app, which is definitely admirable. There’s nothing worse than spending a bunch of your time on something only to have it disappear.
However, it appears as if Oink didn’t make the data secure, according to a tweet from this loyal user:
@oinkapp @kevinrose If you know the username, you can get the data. For example: oink-prod.s3.amazonaws.com/kevin-export.z…
— Keith Whamond (@keithwhamond) March 14, 2012
In response, the company stated that the information was always publicly available, so it’s not really a big deal:
@keithwhamond All of the data in the past was publicly available and it still is. Nothing changed from yesterday to today.
— Oink (@oinkapp) March 14, 2012
I’m not sure that I agree with this approach completely. There’s a difference between data being shown publicly within the framework of an app like Oink, and opening up the ability to this download structured data en masse.
I gave it a try and lo and behold, I was able to download Kevin Rose’s data that he pumped into Oink:
Simply plug in the username you’d like to download at Oink.com:
Once you get the “success” message, just add the username to this URL:
http://oink-prod.s3.amazonaws.com/USERNAME-export.zip
The download includes data like items a user has added, photos they’ve uploaded, and reviews they’ve given. There’s no knowing what could be done with data like this, but it’s worth stating that there’s no identifiable information (like passwords or email addresses) along with it. It just seems like a slightly sloppy way to shut down a service to me.
Oink didn’t ask if it was OK to open-source the data that it collected to my knowledge, and it’s easy to see why people are taking this as a data breach. For me, I’m just concerned that my photos will start popping up on other sites and services as clip-art.
What are your thoughts? Should Oink make the data private for reach user or is it OK to dump it out to whomever wants it?
Get the TNW newsletter
Get the most important tech news in your inbox each week.