On Privacy and Security, Or What's up with Facebook?
Unless you've been living in a cave thus embracing the life of a true Luddite, you've probably heard about Facebook's recent war against privacy. For the past fews months it seems as if every other day America's biggest social networking site has done something new to chip away at the already ill-defined sense of privacy within it's trenches. Here's something of a brief summary, in case you have been in hiding:
Awhile back, Facebook quietly made your status updates indexable by Google. In a bid to be Twitter, this feature surprised the user base that had never really realized that their statuses were potentially going to be public knowledge. Uproar occurs for a few days then dissipates as people quickly forget about caring.
Later, Facebook introduces a way for other websites to consume your data. That's right, Facebook quietly started sharing your interests and information with websites you may not even know about, generally without telling you.
A couple of days ago, Facebook launched a feature to link all of your interests to actual pages, spamming your wall with new advertising, and sharing your information with those pages as well. In this case there was a opt out option, but it never really explained what the feature was to begin with. Opt out is hardly useful without proper knowledge.
So what's the deal? Not long before all of this, there was a very public kerfluffle when Google launched it's social sharing system Buzz. Buzz made a relatively grievous mistake at launch, automatically making your whole contact list privy to what you were sharing on Google Reader and whatever else you linked into Buzz. It didn't at that time make it clear what was happening, and the fall out was pretty swift. People freaked out at a level that was somewhat astonishing. Yes, it seemed from this example, that people cared about their privacy.
Google and Facebook are hardly the only ones flailing about in this game, although they are the most visible. Netflix slipped into this quaqmire when the company was sued over it's latest recommendation improvement contest for allegedly outing an in-the-closet lesbian mom based on her movie watching history. Money management site, Mint, had problems when it announced that your shopping history, although aggregated and anonymous, might be sold to marketing research firms. Some people canceled their accounts with great speed.
What's interesting to me about much of this is how surprised people are to realize that what they are doing on the web is potentially going to make itself public. I myself have always treated Facebook, despite it's privacy setting options, as data that I would not be devastated about becoming public. That's me though, and I've been playing this game for quite some time. People unfamiliar with the internet, young users and older users in particular, don't really understand what's going on when they post things to the web. New users to Twitter are often surprised to realize that everything they tweet is public knowledge. At the very least people's grasp of exactly who is included in "the public" is pretty slim. Take the young guy who was offered a job at Cisco and promptly lost it when he tweeted: "Cisco just offered me a job! Now I have to weigh the utility of a fatty paycheck against the daily commute to San Jose and hating the work."
That's right kids, your employer and your mom are both part of the public these days. Watch your step.
A lot of these privacy missteps, both on the part of the companies involved and those kids foolishly posting public photos of themselves shot-gunning beer at parties and then wondering why they didn't get that plush job, is simply a failure to grasp what's going on. These are mistakes, and much of the time, the companies are quick to take corrective action. Google responded to the Buzz complaints within hours. Netflix canceled its contest pretty promptly. There's one company though that seems to flaunt it's issues with privacy, and that's Facebook.
Facebook wields a lot of power. It's the first social networking site that's really collected such a vast and diverse user community that truly actively participates. Each user is a font of delicious information about interests from movies, food, books, tv shows. Each status message is another bit of data telling Facebook where you like to go, what you like to do and who you like to do it with. It is a marketing company dream database, and we are all quietly working to make it more impressive everyday. The truth of it is, Facebook does not really think of us as customers of their site but as unpaid employees entering data in a constant stream. Thus why they are so alarmingly cavalier about how they handle that data.
The cynical among us have know this for years, but what's sneaky about Facebook is the front it puts up. It somewhat slyly pretends to care about your privacy. There are account settings where you can set the privacy level for any number of aspects of your Facebook posts, but here's the problem: how easy is any of this to set up? When it comes to UI design, I'd be the last person to give Facebook any awards, but far and away the most confusing part of the deeply complex interface is the part that ought to be the most clear: how to ensure that your data is protected.
There is this concept in usability called an "evil interface". When you've learned enough about design you aren't just capable of delivering designs that are easy to use, you are also capable of designing interfaces to be purposefully obtuse. A naive designer makes mistakes, and evil designer doesn't make mistakes so much as he or she makes your life difficult because they do not want you to accomplish the required task. It is in Facebook's best interest (at least from their perspective) for your data to be public and for them to be able to sell it. Given that, what reason would they have NOT to make the privacy settings confusing.
EFF has a great article about Facebook's Evil Interfaces, that I highly recommend.
We designers are told from the very beginning that we need to design interfaces that are transparent and easy to use for everyone. I'm often in my work struggling to take a step back in order to try and look at things from the perspective of a technology novice. It's an ethical responsibility as much as it is a skill to do everything we can for our users, especially when it comes to something as delicate as private data.
So should you quit Facebook? That's up to you, naturally, but you should be an evanglist for your friends on Facebook. Many of them won't really know what the truth of this is, and Facebook certainly isn't going to tell them. It's up to us really, so spread the word. When I publish this post, I will almost assuredly share it on Facebook.