Matching User Expectations

About two months ago, I mentioned that one Facebook application had a hole which allowed me to view the photo albums of any Facebook user whose privacy settings allowed it.  I imagine that many users do not realize that access for “Everybody” is the default setting when creating a new album, so while the issue did not technically violate anyone’s privacy, it would probably come as a surprise to many people.

Turns out developers had already built applications whose sole purpose was accessing public photo albums.  Since these albums were set to public access, the applications simply made API calls consistent with the album’s privacy settings.  CNET News now reports that Facebook has taken action to prevent such access via the API.  Since the albums are still public, you could still access them if you had the direct URI, but the difficulty of finding the URI gives users the illusion of control without requiring them to understand the ramifications of the default setting.

The key to this whole story can be found in this statement from the CNET article:

A Facebook spokesperson said the company made the change so the technology more closely matched users’ privacy expectations.

Some people seem to think that Facebook should be more public and open – that users should get over any illusions of keeping information private on the Internet and embrace free exchange of ideas without annoying filters and controls.  People endorsing this perspective may wonder why I spend so much time talking about privacy on Facebook.  For instance, some may view highly targeted advertising as a benefit, since it can provide users with relevant ads that link them to services they would want.

I recall a blogger (I can’t remember where I read this; if anyone has a link, please let me know so I can give credit where it’s due) once remarking that if a site uses someone’s personal information in an unexpected way, that’s an invasion of privacy, but if something useful happens in an expected way, it’s a feature.  Privacy comes back to user expectations.

And that’s one of the major problems I see with privacy on Facebook right now.  I don’t consider myself a “privacy fundamentalist.”  I simply believe users should have control over their information and be aware of how it’s used.  If Facebook users want public profiles or highly targeted advertising, so be it.  But make sure those users are aware of what’s going on – sell them on the benefits while being realistic about the risks.

If social networking sites want to strike a good balance on privacy, they need to match user expectations.  Adding new features may require changing those expectations (the News Feed comes to mind), and that can happen through education, other helpful features, and time.  But iwhen the state of privacy on a site races ahead of what users expect to happen, that’s a problem waiting to happen.

And that’s the way I see Facebook right now.  Vulnerabilities in applications leave personal information at risk.  Application advertising networks process vast quantities of personal information to target ads (yes, Facebook does too, but their relationship to the user is quite different).  Rogue applications can steal personal information.  All the while, Facebook trumpets their extensive privacy controls, and I continue to get shocked reactions when I explain or demonstrate to people what’s actually happening with their personal information.

And that’s why I keep talking about privacy in social networking applications.