Continuing the discussion from What is the reason to disable RSS?:
So this thread is specifically to discuss why businesses in general need entirely private sites, as requested by @LinasSimonis
A business consists out of various departments / functional teams.
The sales and marketing teams are only two of these departments/ functional teams.
Very important teams, true, but despite what they tend to think about it, NOT the ONLY important ones.
When a business approaches a developer or a marketer for a website, this is generally either because they want to create a buzz (blog / content marketing), because they want to be found in search results (related to the buzz) and want people to be able to contact them and / OR because they want to develop an online sales channel (so an e-commerce store).
But these use cases are NOT the only ones why businesses would need a website.
Some websites deliver the service to the customer. Examples of these would be membership sites where the content is unique and monetized and should not be shared with the general public and particularly with search engines.
Others want to store their business-related information, including private customer and / or employee information in a place that can be accessed by AUTHORIZED representatives from anywhere in the world.
And they don’t want any unauthorized access to any information, even if it seems like the information isn’t all that sensitive.
Businesses don’t like risk. But they all need to accept risk to some degree, otherwise they would not be able to function.
This is where internal controls come into the picture.
So let’s forget about the internet for a moment.
Let’s just say that you have an old-fashioned brick and mortar warehouse.
How are you going to ensure that people don’t steal your stuff and that it isn’t ruined by the various elements of nature?
With a warehouse, you’d make sure it doesn’t have windows.
You’d make sure that there is only one door.
And you’d make sure that that door has an alarm.
You would post a guard there to make sure that people sign in and out.
Now, this would be the ideal for SECURITY.
But, if you speak to a Health and Safety Officer, this would be their worst nightmare.
I mean, what if there is a fire?!
So, there are additional doors for fire escapes.
The problem is that when you use WP, you just bought a warehouse without knowing how many fire escapes there are.
And going through this new warehouse of yours takes time, because it is not all neatly organized and streamlined. In fact, it is a little bit of a chaotic mess with stairs leading everywhere. And some of these fire escapes are hidden behind stacks of boxes.
Business doesn’t want to use WP (even without the hated Gutenberg) because it is much more efficient for them to develop from scratch on Agile.
That way, since they built it themselves, they know where all the fire escapes are that they need to guard (or at least theoretically, if you have a good team of devs, but I personally think that there is some security benefits to open source over relying on the competence of one person or a small group of people - different topic for discussion, that one…)
There isn’t just one RSS feed. There technically SIX.
Were you aware of that?
A business user wants to keep everyone the heck out of their confidential info.
But this business user just bought an existing warehouse where they didn’t even know that there are six fire-escapes that all pretty much lead to the same place.
Not to mention all of the others, like Gravatar.
WP’s value proposition is “features”.
And this helped them to scale and get a very, very large number of users.
But business users are a bit more savvy. They only want the features that they actually NEED and are going to use. Anything else is bloat and wastes scarce resources to monitor.
CP basically started as a protest of Gutenberg.
And, in that process, you got a couple of extremely talented people who all feel passionate about the same thing.
But they are only a small group.
And while this “common enemy” is very effective at rallying a dev team in the short term, they will eventually get discouraged if users don’t see and appreciate their technical brilliance for what it is.
Business already knows how to operate in “adapt or die”.
So, if they can’t design their own custom systems on a system like Agile, they are willing to adapt by finding and guarding the new fire escapes (in the form of roughly dug tunnels, if you hate Gutenberg) and just learning how to live with it.
So, to appeal to the business market, privacy is a core competency that CP MUST have in order for a business user to even consider it.
A core competency is a consideration that has to be met as an entrance requirement, before you even begin comparing options. So, unless this criteria is met, you won’t even research the solution further.
And v1 (and v2 and probably v3) don’t alleviate these concerns.
In order to achieve a core competence of privacy, CP MUST adopt this as a core programming philosophy.
While privacy and security are related, there is some nuance to it.
So yes, security-first mindset, definitely.
But to be a success, CP needs to DEMONSTRATE that privacy is considered an essential sub-element of security.
And to do that, the rule needs to be “off by default, on by choice”.