About a year ago, The Verge ran an amazing, and frightening article on web marketing scams. If you missed it the first time, it’s worth a read. If you read it before, read it again. The unmitigated audacity of the people who perpetuate these scams, and the damage they inflict on the victim would be a brilliant lesson in ethics, if the perpetrators actually had an understanding of ethics.

The power of the Internet, and technology in general, is often seen as shortcut to success. “All I have to do is start a blog, or a podcast, or write an iOS app, and then I’ll be rolling in the big Internet Bucks.” This conveniently overlooks the huge number of people doing these things. This conveniently overlooks the huge number of people’s blogs/podcasts/apps that are bad. This conveniently overlooks the infinitesimally small percentage of “overnight successes,” and the even smaller percentage of those the term truly defines.

These scammers play both sides, thinking they’ve found a shortcut to success by selling fake shortcuts to unsuspecting, and somewhat technology un-savvy individuals. Selling products to the technologically clueless is nothing new, but these scammers take it to another level, promising them the world for the price of a few overpriced eBooks and WordPress plugins, often replicating things one can find for free. However, the truly evil, and by all accounts, most lucrative part is the scammers reselling their mark’s contact information to other scammers.

Upon reading “Scamworld” for the first time, my reaction was a mix of jealously and rage. The jealousy has since faded, as I know that I am ethical enough that I could not let myself take advantage of others ignorance, and would not sell off customer information to the highest bidder. The rage lives on, however, metered by only my belief in a form of Karma, and an assurance that one day, the scammers will get their due.

There are no shortcuts in life. We know this, and we often choose to ignore it. There are people, and it’s likely we know at least one, who is constantly seeking a way to skip doing the hard work. Convinced of their own innate deserving, they’ll lie, cajole, cheat, and steal to win. Technology is an enabler to them, offering myriad new avenues of dodges and scams, hidden traps for the unwary to fall into. The only way for the honest to make it is to keep plugging at our work, our honest work, and try to dissuade our fellow travelers from taking the shortcuts.

Another day, another security breach.

This time, if you’re out of the loop, it was Evernote, one of those services that holds a lot of people’s very personal data. They claim the only thing the hackers got away with was usernames, e-mail addresses, and encrypted passwords. [1] It’s the latest in a string of high-profile hacks into large, data-rich companies like Apple, Facebook, and Microsoft. Evernote handled it well. They’ve reset everybody’s passwords, pushed out application updates to help users with the job, and were up front and honest. Though I don’t use Evernote for much, I’m comfortable maintaining my relationship with the company.

It does however, have me thinking a bit more about my data and protecting it. Mat Honan’s hack is hopefully still fresh in everybody’s memory, but it’s the sort of thing that’s unlikely to happen to an individual. What’s more likely are hacks designed to just pull a lot of aggregate data about people. That’s where the money is. After that, the database just needs to be shopped to the highest bidder, who can then decide how to use the data. The attacks can then begin on high value targets which occupy a neat intersection between “easy” and “lucrative.” Most of us need not worry about that, but that’s not a reason to put our guard down.

Think about this: you doesn’t even need to decrypt a password from an encrypted databases. You can just compare the hashes to lists of known passwords and their hashes. Find a match, and you’re off to the races, able to log in anywhere that person used the same password. It’s like buying a bunch of combination locks for your home, all set to the same combination. Crack one, and you’ve cracked them all. If you’re lazy enough to use a password like “abcde12345” for your Evernote account, your gMail, and your bank, you’re in trouble—and were in trouble before the hack happened too.

We understand physical security well enough, but the paradigms behind it don’t work as well in the digital space. Computer security is still in its infancy. It’s hard to copy a real key. It’s easy to look up the hash of a password. There was a time when data security meant having two floppy disks with the same file on it. If one went, you still had the other. If you were really paranoid, you could encrypt it, or use a password. The most sophisticated forms of computer security in common use rely on a physical token. For example, I use two-factor authentication with my Google account. Logging in on a new machine, I have to not only input my (huge, complicated, 1Password-generated) password, but also provide a number from the Google Authenticator app on my iPhone. It’s an extra layer of security, only bypassable if someone has my phone, as well as my Google password.

Ultimately, I don’t think our data is any less safe now than it was before we started living “in the cloud,” it’s more that the nature of the dangers has changed. We’ve given up worrying about losing data for the worry that data will be in the wrong person’s hands. It’s up to us to decide if that’s a tradeoff we want to make, and it’s a decision that will have to be based on both the companies we trust to hold and secure our data, and also what data we ask them to secure. I don’t know if most of us put a lot of thought into what data we put out there, but it’s something we all should think about more.

You can serve two groups of people: everybody, or somebody.

There’s nothing wrong with either, but certain things have to be sacrificed depending on which you choose. If you choose to serve everybody, you have to sacrifice uniqueness, for example. The more distinct you are, the more people you’re likely to turn off. You have to present a front of being all things to everyone, so that everyone can find some reason to use your product or service. You have to sacrifice quality to a degree—the more features you offer, and you need a lot of features so everybody can have something to want—the less time you get to spend polishing them. This can be overcome by throwing more people at the product, but you must have mass acceptance before then, so you’re actually making enough money to pay them. The result is something like Facebook or McDonald’s, a nebulous, noisy cloud of something that serves everyone, but nobody really loves.

When you choose to serve a particular somebody, or a group of somebodies, you get a little more freedom. The very act of choosing to serve someone’s niche is the start of this. Your product can be distinct, even quirky, playing to what your niche audience loves. This is easiest to do when you’re choosing to serve your own niche. If you’re your own ideal customer, you should know what you like after all. Without the external pressure to do more, you can take your time, focusing and polishing and honing everything so that it works perfectly, the way you want it to work—the way it should work. The problem is that a niche is small. Eventually, you’ll fill the whole niche, and the only places to go are to keep to that niche—occasionally glomming onto the one or two new people who fit—or you can expand beyond.

Doing the former is hard to sustain. Doing the latter risks destroying what made your thing so compelling in the first place.

There’s no right path here. It’s all a question of priorities. For me, however, I think anyone’s priority should be to make something great for a few people—one person at first. Make the thing you want, and then figure out if that’s what other people want. Bring it to them, with the vision and passion of an auteur. Own it, and control it, and cling to it, because it is your baby, and while you can share it, you don’t want to give it away. Far too often, it seems, we sacrifice the quality of something because we want it to be big, especially in technology. Have you ever cringed when a service or product announces a new feature? Was it because you knew you’d never use it? Has a service or product taken a feature away from you? Was it because you used it? Why fall into that trap with your own stuff?