Putting Privacy Settings in the Context of Use (in Facebook and elsewhere)
A few days ago, Gilad’s eyes opened wide and he called me over to look at his computer. He was on Facebook and he had just discovered a privacy loophole. He had maximized his newsfeed to get as many photo-related bits as possible. As a result, he was regularly informed when his Friends commented on other people’s photos, including photos of people with whom he was not Friends or in the same network as. This is all fine and well. Yet, he found that he could click on those photos and, from there, see the entire photo albums of Friends-of-Friends. Once one of his Friends was tagged in one of those albums, he could see the whole album, even if he couldn’t see the whole profile of the person who owned the album. This gave him a delirious amount of joy because he felt as though he could see photos not intended for him… and he liked it.
There are multiple explanations for what is happening. This may indeed be a bug on the part of Facebook’s. It’s more likely a result of people allowing photos tagged of them to be visible to Friends of Friends through the overly complex privacy settings that even Gilad didn’t know about. Either way, Gilad felt as though he was seeing photos not intended for him. Likewise, I’d bank money that his kid sister’s Friends did not think that tagging those photos with her name would make the whole album available to her brother.
Facebook’s privacy settings are the most flexible and the most confusing privacy settings in the industry. Over and over again, I interview teens (and adults) who think that they’ve set their privacy settings to do one thing and are shocked (and sometimes horrified) to learn that their privacy settings do something else. Furthermore, because of things like tagged photos, people are often unaware of the visibility of content that they did not directly contribute. People continue to get themselves into trouble because they lack the control that they think they have. And this ain’t just about teenagers. Teachers/professors – are you _sure_ that the photos that your friends post and tag with your name aren’t visible to your students? Parents – I know many of you joined to snoop on your kids… now that your high school mates are joining, are your kids snooping on you? Power dynamics are a bitch, whether your 16 or 40.
Why are privacy settings still an abstract process removed from the context of the content itself? Privacy settings shouldn’t just be about control; they should be about the combination of awareness, context, and control. You should understand the visibility of an act during the moment of the act itself and whenever you are accessing the tracings of the act.
Tech developers… I implore you… put privacy information into the context of the content itself. When I post a photo in my album, let me see a list of EVERYONE who can view that photo. When I look at a photo on someone’s profile, let me see everyone else who can view that photo before I go to write a comment. You don’t get people to understand the scale of visibility by tweetling a few privacy settings every few months and having no idea what “Friends of Friends” actually means. If you have that setting on and you go to post a photo and realize that it will be visible to 5,000 people included 10 ex-lovers, you’re going to think twice. Or you’re going to change your privacy settings.
In an ideal world where complex access control wouldn’t destroy a database, I would argue that you should be able to edit the list of people who can see a particular artifact at the time of upload. Thus, if I posted a photo and saw that it was visible to 100 people, I could manually go through and remove 10 of those people without having to create a specific group that is everyone but the unwanted people. I know that this is a database disaster so I can’t ask for it… yet. Y’all should make large-n combinatorial functions computationally feasible eventually, right? ::wink:: In the meantime, let me at least see the visibility level and have the ability to adjust my broad settings in the context of use.
Frankly… I don’t understand why tech companies aren’t doing this. Is it because you don’t want users to realize how visible their content is? Is it because your relational databases are directed and this is annoying to compute? Or is there some other reason that I can’t think of? But seriously, if you want to stop the social disasters that stem from people fucking up their privacy settings, why not put it into context? Why not let them grok how visible their acts are by providing a feedback loop that’ll let them see what’s going on? Please tell me why this is not a rational approach!
In the meantime.. for everyone else… have you looked at your privacy settings lately? Did you really want your profile coming up first when people search for your name in Google? Did you really want those photos tagged with your name to be visible to friends-of-friends? Or your status updates visible to everyone in all of your networks? Think about it. Look at your settings. Do your expectations match with what those setting say?