Training our own AI models

Original Article ↗ Hacker News Discussion ↗

Default opt-in and “opt‑in by default”

  • Central complaint: calling users “opted in by default” is viewed as deceptive; people stress this is just opt‑out.
  • Many see default inclusion as a dark pattern, especially given PostHog’s previous privacy-friendly positioning.
  • Some argue defaults are powerful (organ donation analogy), so making AI training the default is inherently coercive.
  • A minority note that at least the change wasn’t buried in T&Cs and that opt-out is available, but this doesn’t change the fundamental consent issue for most commenters.

Privacy, consent, and anonymization

  • Multiple comments argue that training on customer analytics/session replay data is high-risk, especially when it may include sensitive or proprietary information.
  • “Anonymization” is seen as underspecified and technically hard, particularly for custom events and replays that can embed confidential data.
  • Concerns that models trained on telemetry tied to code could leak competitive or internal info; some worry models could later be sold despite blog language.

Regulation and EU vs US treatment

  • Strong perception that EU users are better protected due to GDPR; US users are defaulted in only because law allows it.
  • Some see this as clear evidence that regulation works; others note regulation may entrench incumbents that already exploited data before rules tightened.
  • Thread includes detailed GDPR questions about Article 13 duties and whether EU subjects whose data hits US infrastructure are properly covered; outcomes remain unclear.

Customer reactions and alternatives

  • Numerous commenters say this decision moved PostHog off their shortlist or will trigger a gradual migration away.
  • Some will self-host or build in-house analytics to retain data control; others consider switching back to Mixpanel/Amplitude or similar.
  • A few suggest simply opting out instead of rewriting analytics, but many view the policy choice itself as disqualifying.

Broader AI, business-model, and trust themes

  • Many frame this as classic “enshittification”: VC-backed growth pushing a pivot from developer-friendly analytics to AI monetization.
  • Some argue “everyone does this” and that frontier LLMs wouldn’t exist with strict consent; others respond that long-standing bad practice is still unethical.
  • There’s support for companies hard-coding “oaths” or charter clauses forbidding training on customer data, backed by real financial penalties.
  • PostHog’s playful/quirky branding is seen as grating when paired with what many view as an anti-user move, eroding trust.