Facebook: Privacy defaults, tweaks, and user experience
Earlier this week, facebook.com (the MySpace of college students) launched what it called "two cool features," feeds to track friends' online activities:
News Feed highlights what's happening in your social circles on Facebook. It updates a personalized list of news stories throughout the day, so you'll know when Mark adds Britney Spears to his Favorites or when your crush is single again. Now, whenever you log in, you'll get the latest headlines generated by the activity of your friends and social groups.
To management's apparent surprise, not all users thought these feeds were so cool. Protests were launched, using the feeds to spread their outrage, and users threatened boycotts.
Even though all the information available in "feeds" was information users were already making available to the same set of "friends," feeds felt different. Their tracking of changes from minute to minute, and instantaneous, aggregregate notification must have driven home to users just how much information Facebook had. Now, Facebook has added privacy settings to the feeds, and much of the furor seems already to be dissipating.
It's hard to tell whether this is a victory for "privacy" or not, but we can learn a few lessons from the sequence of events:
How we present privacy questions matters. People care about privacy when they see information used/misused in a context that is relevant to them. They didn't mind Facebook's collection of information until they saw it presented in detail that they found intrusive. This is why all the streetcorner questioners who can get passwords for candy bars don't "prove" that privacy is dead -- it's more that they passersby don't think ahead to how that password might be misused. When they see feeds, even of information that was previously public but less easily accessible, some of those same people panic.
This means that when we're trying to give people privacy options in software, it might not be enough just to set a default and let them root around in configuration menus, or even to offer a checkbox. Instead, we should try to offer scenarios to taking people through the consequences of what checking the box means.
Context and granularity matter. When thinking about our information, we don't just have two settings, "public" and "private." Those who spill their lives into Facebook profiles still have expectations of privacy. We might be comfortable sharing information with some people, in some doses, expecting the typical human attention span to shield us from too much probing, but object when that same information is catalogued and read back. This is part of the horror of a wiretap or a secret police file, even if it discloses only innocent activities.
Technology matters. Unfortunately, computers are very good at storing detailed information trails for out-of-context playback. Moore's Law and similar growth in storage capacities make it easier to design publicity technologies than to think through their social and legal implications. Facebook still collects this information, and others could scrape its pages to recreate "feeds." Do we want to be putting all that information into their hands?
Privacy is multifaceted. As a society, we'll need to make social, legal, and technical choices to preserve the privacy that lets us have relationships and communities.
Posted by Wendy at September 08, 2006 12:57 PM
As a current college student who has been following this uproar over the recent Facebook changes I was very surprised at how quickly so many users reacted. I think your suggestion of panic is appropriate; almost immediately I overheard words like "creepy" and "stalker" being used. What is interesting is many of users of Facebook are aware of just how much data is collected and accept this. The cause for panic was not--in my observations--shock or disbelief that so much information was collected and stored; but how trivial the information and the absolute lack of control. I found myself thinking, "Great, now everyone will know when I go back to fix a typo I just noticed". The concern over privacy seems to have become especially salient in this example because these constant refinements we all make to our public personas are intended to be private: when one checks in the mirror for leftover lunch in their teeth, or pauses for a moment to think over what they are about to say, these acts if they aren't private lose their relevance. Users who change details to their Facebook accounts didn't want everyone to know that they were straightening their shirt so to speak, something intended to be private. I applaud Mark Zuckerberg for his quick and appropriate response; however, this incident reminds us all of the need to think critically about what privacy means and whether something is intended to be private.