Wednesday, October 20, 2010

social networking vs. privacy

the privacy issues surrounding social networking sites are nothing new by any stretch of the imagination, but it seems to me that many people have mismatched expectations when it comes to privacy and social networks - and i'm not just talking about the people who are not yet aware of the issues. even those people who are actively criticizing the privacy implications of the technologies and policies in play at social networking sites seem to be experiencing a fundamental disconnect from the reality of social networking.

the fact of the matter is, no social networking site can be both socially useful and promote privacy in a meaningful way at the same time. if we ignore the practical concerns of how to get funding or similar topics that lead us to call social networking users products rather than customers - even an ideal social networking site must necessarily be a privacy failure.

before i explain why, i think it's important to understand what social networking sites are for and by extension what successful ones (including our ideal one) must do in order to be compelling. the core goal of a social networking site is to enrich our social experiences, either by allowing us to have rewarding social experiences with more convenience (like keeping up to date when you've got a spare moment, even if it's in the dead of night) and less expenditure of resources (time, energy, money, or some combination of the three) than we would otherwise be able to have, or by allowing us social experiences that wouldn't otherwise be possible at all (such as reconnecting with long lost friends).

to that end it should come as no surprise that social networking sites have to focus on facilitating the establishment, maintenance, and strengthening of social connections. it should also come as no surprise that social connections flounder in the absence of openness. that is a social network's undoing from a privacy perspective, because openness is incompatible with the guardedness engendered by the strategies we use to protect our privacy.

now there are a couple of specific complaints that i'm sure come to the reader's mind at this point, chief among them being that sites like facebook should still be able to use an opt-in model for information sharing instead of an opt-out one. you have to understand, however, that the opt-in model is essentially equivalent to being guarded-by-default (you could also liken it to default-deny or even whitelisting). no one can dispute that this would be a superior model from a privacy perspective, but as someone who is guarded-by-default in real life i can assure you that it is not a winning social strategy. by going with an opt-in model you put people in the position of having to make conscious decisions about what they need to be open about in order to get the most rewarding experience for themselves (where such calculating behaviour might be familiar only to a select few) as well as figuring out precisely how to go about being open about those things. in other words the opt-in model forces the user into a kind of simulated social awkwardness, which would not be a compelling user experience at all.

you could be thinking right now that even if an 100% opt-in model would scare users away, a more balanced model than 100% opt-out should be possible - and yes, it certainly is. privacy lobbyists (for lack of a better term) have certainly managed to pressure facebook (and i assume others) to change various features to be more privacy-friendly. that being said, without such pressures (representing a broadly held preference to the contrary), social networking sites should be expected to go with the opt-out model and let those who feel they need to protect the information in question actually make the conscious effort to opt-out. the reason for this is purely practical (and i don't mean in the making things easier for lazy programmers sort of way). there is no single sharing strategy that both optimally meets everyone's social needs and their privacy needs as well. that means any attempt at making more balanced sharing defaults amounts to trying to second-guess what's going to work best for users at the risk of making it more difficult to be open in a way they may have found rewarding. defaulting to opt-out is essentially erring on the side of caution with respect to not compromising the primary goal of an ideal social networking site.

all this being said, when it comes to sharing data with advertising partners or other third party organizations, that has nothing to do with enriching the social experiences of the user. those are entirely business-driven decisions, and while they make sense for the business, they provide no direct benefit to the user and so there is no reason to believe the user would appreciate that sort of openness being facilitated (or rather foisted on them) by default. those sharing practices rightly deserve to be made opt-in rather than opt-out, but i don't expect the business people running the social networking sites to draw this distinction between sharing that facilitates social connection and sharing that facilitates advertising revenue. at least not without a good swift kick in the arse on a regular basis.

(2010/10/21: edited to correct typo spotted by @ChetWisniewski)