I’m asking this question after looking into the ListenBrainz API recently, wondering about what thinking went into deciding which endpoints require auth, and which don’t (currently it’s read only endpoints have no auth, any write endpoints obviously require it).
The reason is ask is because I’ve been pondering this point under the Anti-goals section on the ListenBrainz website:
- A store for people’s private listen history. The point of this project is to build a public, shareable store of listen data. As we build out our sharing features, building a private listen store will become possible, but that is not part of our goals.
I totally get this philosophy - I wonder though if the only-open availability of personal data might be acting as a barrier to people feeling like they want to contribute to ListenBrainz, especially given privacy is such a hot topic right now. Does anyone know what the thinking was behind this? It seems as if allowing some control of public vs private sharing could be good for general adoption / looking after people’s privacy, and unless I’m not understanding something right it feels like the real value is in the data dumps etc anyway?
For instance, a person might be quite comfortable knowing their anonymised data was being dumped and made open for the public to use to build awesome recommendation engines, but would still prefer to have their personal data visible and usable only by themselves (to start with), or allowed people (future feature?).