Attached is a PDF generated from Notable about my thoughts regarding Facebook and Privacy settings. As I've written previously in posts regarding privacy, the landscape is changing, morphing by the millisecond so anything I post in this context will probably be old news before I click the submit button.
Regardless, from an experience and design and business perspective, I noticed many things that fail to provide the (assumed) user with effective ways of not only configuring settings but understanding the configuration(s) and/or setting(s) in and of themselves.
High Level Observations:
- Why does a user have to go to a dashboard or a full-blown state/mode to configure content display models, content access or screen configuration? In other words, it would be so much more understandable and valuable to users if the settings for privacy where accessible in the context of interacting with the content.
- Why does the "preview" state have to be a state? Why can't it be a "resolution model" which shows me a real-time feedback loop of how what I choose or select impacts the "default view" of my profile from
- multiple perspectives. If you're going to force me into the "Only me, friends, and everyone" model of grouping, at least give me the option to define my own groups and ways of naming them/specifying access control. Facebook has always felt more like an application or platform as opposed to a website made of pages and page turns. Yet they insist on staying "simple and elegant" (which means they are too lazy to think about some fundamental design issues).
- Still seeing a lot of fine print, abstraction, and obfuscation burying more fine print behind links in sub or supporting copy blocks. An organization like Facebook is responding to public outcry. The experience in and of itself is a "brand message" and wholly effects "perception". It's not good enough to simply offer access anymore. What is vital if Facebook plans on retaining users or limiting attrition is to be completely transparent in policy and effect/input by the user.
- How do my privacy settings affect the use of my "social graph" in the form of several syndicatable streams, including Facebook? How does OpenID get affected? How can I manage OpenID/FBConnect privacy settings in this context? Can I?
Also stated before is the fact that social networking sites were not built to retain or protect a person's sense of privacy because they are about public (or specified as private) interactions via a channel called the "internet". In the end, these settings are a knee-jerk and quick panic response by what I assume to be c-class and legal fighting some made-up time limitation with the intent to "get something up" as opposed to provide real value (i.e. Clear understanding) to the user. The troubling pattern I am seeing here is that facebook is in a loose-loose situation. They are trying to control something that is at the core of their value proposition both to themselves and the people who use the website. Without the "social graph" and "data trail" people leave, FB diminishes in value returns in terms of relevancy and experience. By answering to public outcry, facebook has abandoned this core value structure capitulating to advertising and revenue streams due to its market position.
We all know that when the user is happy, the company will be too. I wonder when the companies of tomorrow will start realizing that this "game" has changed. That the user is in control now and that the system is expected to provide this control. It's no longer let's build it and let the user figure it out. It's the user dictates everything and I provide the tools to enable him or her or it to do so. Still, I see many companies, even as new as Facebook, holding tightly to old and failed models, repeating mistakes in favor of the business as opposed to listening to customers. This leaves a great gap for opportunity and competition, if not the death of Facebook to come (at least as we know it today).
My prediction for identity and privacy on the web: user beware and user controls. More and more pieces of our online identity have been moving to the "cloud" which means a syndicated and consistently synced identity that the user chooses where and what information is accessible to whom and when and how. We're not there yet. And the war is with the usual suspects who most of the time want to be given information without giving anything other than a bad user experience back. The value to all gets lost in the battle when the solution seems simple to those with experience: be transparent or don't do anything at all when it comes to my data and my privacy and a risk of me being harmed or vulnerable to harm through use or a system. Liability will always be an issue when it comes to privacy because the entire definition and concept of privacy is dependent on multiple people or parties. There are negotiations, norms, implicit and non-implicit rules of behavior. There are also policies in place that can be leveraged if harm does happen. In the end, it's all about personal responsibility and vigilance by the user to manage what data is provided and when and how.