Google knows what I’m doing 88% of the time. I’ve voluntarily given Facebook details of many aspects about my personal, work and school lives. These two companies probably know more about me than I do. And I’m not scared. I doubt Mark Zuckerberg will be emailing a—hypothetical, I assure you—compromising photo from my Facebook profile to potential employers. Nor will Larry Page be sending them my—hypothetical again—embarrassing search queries. What does worry me, though, is that I might do it myself or someone else might do it for me.
I will ignore the possibility that this might be malicious on the part of the other person and only consider innocent over-sharing. Why might this happen? One possibility is lack of understanding of the availability of posted material: either party might not realize that the information posted is widely available—and possibly cached forever. Another is mismatched expectations of privacy: where one party thinks the information suitable for a wider audience than the other. What can be done to help keep private information private?
A common refrain is that users should be responsible for safeguarding their own privacy; if they do not want something to be public, they shouldn’t share it. This attitude is unrealistic. We all want to be able to share with our friends, family and co-workers. And this sharing is moving online. A modified version of this stance is that users need to take advantage of existing technology to control the spread of information. Facebook, for example, has extensive privacy settings; users should learn to use those. This is just as unrealistic. In the current iteration of social networks, privacy is an afterthought. The controls are complicated and force users to make choices that conflict with their desires and often with the proper functioning of the website. Sticking with Facebook as my example, a user is asked a question such as this: “Who do you want to see your photos? Friends? Friends of friends? Network? Everyone?” The choices here reflect the years-old design of the network rather than the way users actually think about who they wish to share with. What’s worse, is that these choices will be different on every service a person uses. Some users cannot understand the way a social networking site works and of the rest who can, how many have the time?
Privacy isn’t something that should be laid on the shoulders of users. Designers have to build privacy into their products. This means considering privacy at the outset and anticipating the type of control that people might want over who can see their posted information. It means anticipating where there might be conflicting expectations of privacy. People don’t have to wear masks to avoid the cameras on the Google van: it blurs their faces automatically. Properly designed, privacy control should be almost invisible; it should blend into the proper functioning of the product.
Of course, there is no way of ensuring that information shared with any other person will remain private—online or not. You still have to trust that your friends will honour your choices. Currently, there is no barrier to over-sharing. I may be overly optimistic, but I don’t think that much of a barrier is needed to rely on your friends to respect your preferences. Somewhat ironically, this privacy may not be possible without large companies collecting and managing access to data. In order to create barriers to manage privacy, you may need to trust an intermediary to enforce them but, as I said before, it’s not Facebook or Google that scares me.