Photo credit: Rob Pongsajapan.
Last week I had the pleasure of attending the Lift conference and helping to run a workshop on user privacy. This was a workshop with a difference. My colleague Franco Papeschi came up with the idea of a privacy “game” (“Denopticon“) which would help participants explore the issues around privacy, personal information and data sharing. The game started with participants filling out an ID card with personal information about themselves. Participants earned points for finding out and recording personal information from others and additional points for fulfilling various secret missions. It was enormously fun and I hope to help run it again at other events. But besides being fun, it helped the participants, and the moderators, think about the key issues around user privacy.
This was against the backdrop of enormous upheaval in the area of user privacy on the Web. I remember when privacy on the Web used to boil down to “turning off cookies.” Now-a-days if you turn off cookies, you might as well use your computer as a doorstop, and anyway the privacy conversation has so moved on. In a world where more and more of our communication is happening through social networks and socially connected applications, the whole concept of privacy is being turned on its head, to the extent that some (such as Christian Heller) are claiming that we are now living in a “post-privacy” world. And, of course, Google’s Eric Schmidt is on record saying “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place,” which (if he truly believes this) I think betrays an almost pathological misapprehension about the human condition.
The truth is, we need privacy, as a society. Anyone who claims we don’t is (forgive me) either terribly naïve, stupid, or a sociopath. Privacy, and a reasonable expectation that some of our actions and communications are and will remain private, is a social lubricant that allows for healthy exercise of denial and other mechanisms that keep us sane. Anti-privacy pundits are quick to reply that “the kids” don’t care about privacy – but this notion doesn’t bear up under the facts. (For evidence, an article from today’s NY Times reporting on the increasing awareness of youth to privacy issues.) In fact, there seems to be a backlash against the “private is public” mentality which has led to over-sharing and social networking fatigue. (Do I really care that you’ve won the medal of the badge of being the mayor of the Duncan Donuts at 33rd and 8th? Maybe that’s something better kept private.)
Over-sharing as promoted by servers like Foursquare may be annoying but it’s basically harmless. You may be opening yourself up to stalking or having your house burgled but that’s a choice you’re willing to make for the benefits that social sharing bring, right? OK, but what happens when you’re not just making that decision for yourself? What happens when your sharing impacts your family, your sexual partner, your children? Emerging usages of social networks will require more trustable, private environments. With their ability to share structured data, social networks could be a great environment to interact with your stock broker or financial advisor. What about health service communications – such as your blood sugar levels or the results of your AIDS test? What about parent-teacher communications? The list goes on – all of these intrinsically private types of communication could benefit from the rich communication mechanisms that social networks bring to bear. But people would (rightly) be reluctant to use Facebook or other existing social networks in these ways.
Unfortunately, although social platforms like Facebook are adding richer privacy controls, there remain problems both with the implementation of these controls and in making them understandable to regular users. I think Facebook has actually made a lot of progress in making privacy options visible and usabile – at least on their Web site. In fact, my personal trust level of Facebook’s privacy mechanisms has increased enough that I’ve begun sharing family photos and other information with family members on the platform. I’ve been very frustrated by the lack of privacy controls on their mobile clients and mobile web site, but it seems to me they are on the right track. There are challenges on the horizon, though.
Another challenge is going to be implementing trustable privacy in the post-Facebook world. How would my family photos use-case work if my family members were not all on Facebook but were members of a series of federated social networks? These are some of the problem spaces we’ve been exploring in the W3C Social Web Incubator. The OneSocialWeb project is building an open source platform that uses XMPP to bring some of these ideas to life.
One thing is clear: privacy is becoming a key industry topic and a flashpoint in the intersection between mobile, social and the Web. The common wisdom is shifting away from the idea that “people don’t care about online privacy” which is good, but it throws a spotlight on the mess that privacy on the Web has become. Cleaning up that mess is going to take some effort.
Liked this post? Follow this blog to get more.