Social networking and content sharing web sites like Facebook and Flickr make it easy for users to connect and share details of their lives with others. Unfortunately, it is all too common to hear stories of users unknowingly sharing embarrassing status updates or photos with their professional colleagues, due to misunderstanding or ignoring available privacy settings in these sites. Preventing usability issues with such popular web destinations is critical not just to minimize general frustration or inefficiency in use, but also to protect users’ privacy.
There are a lot of professionals– lawyers, politicians, software developers and program managers to name a few – who “own” various aspects of online privacy in social applications. We believe that usability professionals are well suited to take a more active role to protect users and set standards for online privacy protection, addressing critical questions such as:
Why are usability professionals well-prepared to take on this role?
When developing applications that allow users to manage, organize, or share private information, it is essential to understand users’ expectations and needs for these applications. Willingness to share, for instance, may vary significantly from one application to another based on how the shared information will be used or who may have access to it.
Usability professionals are prepared to use our experience with user research methods to learn about unique needs and expectations and to make recommendations based on more than just a hunch. User research enables us to understand privacy implications before designing applications and lets us answer questions such as:
Example: Flickr uses approachable terminology and a wide range of options intended to support users’ privacy needs.
Further, we are in a unique position to develop new research methods to address opportunities that aren’t fully supported by our traditional toolkit. For example, there is a growing need to create privacy-specific sets of heuristics or guidelines (much like Jakob Nielsen and Rolf Molich’s often-used Usability Heuristics) for efficiently evaluating potential privacy issues in existing interfaces.
Organizations that develop applications with privacy considerations are bound to have a number of people involved in the development process. For example:
These professionals provide necessary areas of expertise to the table, but they may not have direct contact with the users they intend to serve. Based on the research and studies that we conduct as usability professionals, we provide an unbiased source of knowledge about users’ needs and habits for all collaborators during product development. When developing a potentially privacy-invading application, a product team that employs the skills of a usability professional can access users’ points of view and behavioral habits to:
Example: Facebook’s settings are based on understanding the precise amount of control users need to safely share private content about their lives.
Further, usability practitioners are able to ensure that potentially privacy-invading applications literally speak the users’ language. Our knowledge about users prepares us to check that terminology used in settings and instructions is consistent with users’ own vocabulary. Further, we can advocate for usability improvements to necessary documents that are typically daunting for users to read, such as privacy policies.
The Pew Internet & American Life Project has reported that 60% of Internet users are not worried about the information that is available about them online. Even more disconcerting, only a small subset of concerned users actively does something to protect their privacy. A few reasons may account for this lack of action:
It is not necessarily our job to convince users that their privacy is at risk, nor is it our job to train them to become privacy experts. It is our responsibility, however, to ensure that applications limit or prevent errors and minimize risk. There are many things we can do behind-the-scenes to help prevent users from accidentally putting their privacy at risk. For example:
Example: Facebook minimizes privacy risk by automatically limiting the features available to minors.
Further, applying basic usability principles to the privacy domain will go a long way in subtly making users aware of their privacy risk and helping them make informed decisions without expertise or cognitive overload. Some examples:
Example: Google Reader prominently displays the user’s current sharing settings (who the user is sharing with and how many items are being shared) and provides options to modify or undo.