Opinion: Privacy problems on Facebook, Craigslist and Second Life this week give us pause to consider how to set privacy expectations.Social networking's been
growing like crazy over the past year or so and companies everywhere have been scrambling to jump on the bandwagon either as
advertisers or as
creators of social networking sites themselves.
But one thing that often gets lost in the rush is the fact that social networking sites are...well... social. They're communities of people connected to each other interacting in the way that communities do: sharing information, talking, scheming, gossiping, and fighting. They're not just examples of interesting software. They're collections of people.
People can be difficult to deal with. They tend to do the unexpected. They tend to wander into places they've been told not to go. They tend to do things to software that the designers never intended. They have their own agendas, their own foibles, and their own expectations. And their biggest (and potentially most difficult to deal with) expectation is an expectation of privacy.
Yeah, everyone understands at some level that putting your life on Facebook or MySpace or even a blog carries with it certain risk. You're putting your life out in public and have to be ready to deal with the consequences, right?
Well, sort of. For most of us, our privacy and the limits between our public and private lives is something that we try to control as much as we can. After all, nobody's forcing anyone to blog. Nobody's going to reveal their network of friends (unless they want to). Everyone expects that what ends up constructing their online persona is under their own control. In fact, for many of us that's what makes constructing an online persona so compelling: it allows us to be what we want to be.
It's a complicated issue and one that can't be taken lightly, especially for site owners who want to take advantage of the social networking trend. In fact, the consequences of not really understanding the social aspects of online interaction can have damaging effects for brands that ham-handedly tread on their users' expectations of privacy.
Take Facebook for example. The site's become incredibly popular over the past year as a place for people to meet and form networks of friends. But that popularity was tread on pretty heavily recently when they implemented a new "News Feeds" feature that let every one of your friends see what you were doing on the site. The owners of the site probably thought it was no big deal...after all, who wouldn't want to know what their friends were doing?
Apparently users thought otherwise. The outcry was intense and immediate. Users organized against the new feature (over 700,000 of them joining a group called "Students Against Facebook News Feeds") and the site's been forced to backtrack after having suffered a fairly severe drubbing in the media.
Sometimes privacy issues arise out of technical issues, as Second Life just found out. As a result of some apparently lax security procedures over 600,000 user accounts were compromised when the database was penetrated via the company's Web servers. Some seriously negative media coverage ensued and a lot of users who expected that their personal info was safe ended up pretty ticked off.
Finally, the row over the Seattle Craigslist sex scandal illustrates some of the thorniest problems when it comes to deciding the lines of demarcation between public life on the Net and what constitutes privacy. The debate over "rfjason's" "Craigslist Experiment" (where he posted the personal information and pictures of men who responded to his hoax sex ad) has been pretty heated, with Wired News calling the guy a "sociopath" and some of the men he exposed actually physically threatening the prankster. Others have come to his defense, claiming that the men never should have responded with their real-life information and/or pictures.
If you look at all of these events it's clear that we're still negotiating the space between public and private life online. Social networking and social interaction online are still in their relative infancy and jumping into the social fray is not something that should be taken lightly, no matter how "hip" it seems at the time. When you're dealing with real people you're dealing with real lives...no matter how "unreal" their online personas might seem.
So how should you deal with the social aspects of life online if you're thinking about incorporating social features into your site? Here are some lessons to be learned:
1. Be clear about the rules and don't change them. That's where Facebook got in trouble. Setting expectations first and sticking to them is the best way to avoid surprises.
2. Err on the side of revealing less personal information. Even if things happen in a "public" space, assume that all communications are private. Unless someone specifically posts to a public form, assume that their communications are private. And then still keep it to the site...don't publish things outside.
3. Make sure you keep all personal information locked down as tightly as possible. Yeah, this is standard security stuff, but personal information inappropriately revealed in a social context can be just as damaging to a person as their credit card info...just ask the guys RFJason exposed (caution...not work safe!).
4. Forget about control. Once you let the public into your space, you need to give up on the idea that you can control what they do and what they say. Similarly you can also expect that they're going to be talking about your site on their own...and you can't do anything about it. It's part of being a community.
5. Listen. Ever since The Cluetrain Manifesto was published, we've all been encouraged to consider that our relationships with our customers are two-way conversations. In fact, this maxim has been repeated so often that it's practically become a cliche. Well guess what? It's more true than ever. Once you've made your site a social site you're inviting your users in to become part of the conversation...whether you like it or not.