Friday, May 21, 2010

Thoughts on "Making Sense of Privacy and Publicity"

This year's SXSW keynote by danah boyd is probably one of the most insightful contributions to the debate on privacy and social networking. For those who have not yet seen it, the rough transcript can be found here. It puts a finger on so many important points, that it should be required reading for anybody who wants to work on consumer web services.

To summarize a key point: in real life things are usually not as simple as they seem. And that's bad news for the technocrats who typically build and run the virtual environments where social interactions are taking place online. Engineers and scientists like to simplify and standardize problems, apply Occam's razor, optimize systems along the dimensions of an assumed known quantitative model etc. The operators of today's large web properties study and analyze their users behavior and think to understand them better than the users understand themselves, but behind the user behavior observable from web logs are layers of significance and meaning which are completely hidden from this behavioral analysis.

In every society, people daily strike many a delicate balance between engagement and guardedness. We learn social rituals, what is appropriate in a given situation and what kind properties to expect from a certain context or environment. The boundaries of what is private and what is public are blurred. Some of the most private, intimate and confidential discussion happen in very public places - on park-benches on a warm summer night or in Washington D.C parking garages. In the offline world, experience allows us to judge how an environment will support our interactions - and in many jurisdictions, altering those properties through hidden means like microphones, telephoto lenses etc. is explicitly illegal as a violation of privacy rights.

In the online world things are a bit more tricky. We don't usually know as well how these virtual environments really behave and their properties are really easy to change by the people who build and run them. To make things worse, the Internet (almost) never forgets. While an intimate discussion years ago on park-bench has faded from the observable universe long ago, the same discussion done by IM may remain visible somewhere in a chat log forever. Users often assume rightfully that their daily lives are mundane enough that nobody will bother to explicitly track them through the digital noise. Safety by numbers and hiding in plain sight often works surprisingly well. Just because something is not explicitly block from access does not mean that the creator necessarily wants everybody to see it.

Assuming that users somehow find a delicate balance on how to operate within the virtual spaces formed by social networking and other web 2.0 richly interactive services, some of the worst things which the operators of these services can do to hurt their users is to change the rules on them. Since we do not know what kind of balance each user has found to make things work for themselves, it is hard to predict how any change might affect them. And since there is a lot of data in the system, changing the rules can even be retroactive: a spotlight suddenly shining into a corner of the virtual world where it was not supposed to, according to the expectations of the user.

Unfortunately the current best practice of software development is based on embracing change. The software as a service model allows to release early and release often, since nobody knows what will really resonate with users. In the end, we get services which are more sophisticated and more integrated with our daily lives than ever before, but at the cost of the eternal beta.

In order not to violate users sense of privacy, any changes which shift the fabric of our virtual online worlds that might affect the visibility or exposure of anything must be considered very carefully for unintended consequences.

As a fundamental principle, there should be no "ex post facto" or retroactive change to the visibility and exposure of anything without the most explicit and informed consent of the user. But even when operating diligently by such a high standard, accidents are bound to happen from misjudging the impact some changes may have in the user's world.

Ultimately as the Internet becomes more social, we need to better understand the social dynamics, conventions and rituals of its usage. But unfortunately that's not something that the introverted computer geeks who have so far built the foundations of the social web are particularly good at.