You can't leak users' data if you don't hold it

Core Principle: Don’t Collect What You Can’t Protect

  • Many commenters strongly endorse the idea that not storing data is the only foolproof way not to leak it.
  • Related concepts raised: “data is toxic,” data minimization, and even “data abstinence” (only store something if there’s no other option).
  • Several see this as aligned with GDPR’s intent: make stored personal data legally “radioactive” so hoarding it is risky, not free.

Limits and Critiques of Matter’s Design

  • Some find the app’s very premise (mediating memories through an app) emotionally or socially dystopian, regardless of privacy architecture.
  • The marketing site is criticized as vague and buzzword-heavy, with unclear explanation of what the product actually does.
  • Concern that data is effectively being “outsourced” to cloud providers like Apple/Google (e.g., iCloud), which users must also trust.
  • Confusion over whether storing encrypted photos off-device counts as “not holding data”; some see this as standard encrypted storage, just without keys.

Acquisitions, Updates, and Trust

  • A major thread: even if the current team doesn’t hold or exfiltrate data, an acquirer or future management could ship an update that does.
  • Points raised: closed-source clients, app-store distribution, and auto-updates undermine claims that users “don’t have to worry” about intentions.
  • Open source and reproducible builds are cited as partial mitigations; independent audits and loud in-app notices are suggested.

Law, Incentives, and “Data as Toxic Asset”

  • Many argue for stronger legal liability for breaches, regardless of “best efforts,” to push companies toward minimal collection.
  • Comparisons to GDPR/CCPA: mixed views on how well they work in practice, but general support for making retention legally expensive.
  • Others warn about punishing hacked companies as if they were solely at fault, and about creating perverse incentives (e.g., hacking competitors).

Practical Challenges of Data-Minimal Apps

  • Financial and health-related apps often must handle sensitive data (payments, KYC, taxes, bank feeds), making full non-retention impossible.
  • Workarounds discussed: use third-party payment pages, external identity providers, client-side encryption, and local-first designs.
  • Tools and patterns mentioned include CRDTs, syncable local databases, passkeys/SSO for auth, and projects like Solid for user-owned data pods.

Apps, Wellbeing, and Addiction

  • Side debate: apps promising “better memories” vs simply living life; some say no app will make you happier compared to offline time.
  • Others note that for many people (e.g., gig workers between jobs) phone use is a realistic way to pass time.
  • Disagreement over how truly “addictive” modern social and game apps are, but broad concern about attention-manipulating designs.