privacy is hard
by Christopher Blizzard
I got this dialog on Facebook today and I was completely stumped. Totally. I read the paragraph over and over, trying to figure out what I meant. I read it to friends, didn’t help. Thought about it some more. It turns out that what I really wanted to do was both of these things. I want it out of my profile and I want it not to be able to read my data, either. But you can’t. It’s a false dichotomy. You can pick one or the other, but not both. In the end I picked “Remove” – removing access to the data. (Maybe.) In hopes that it would at least posting new stuff to my timeline on facebook.
This stuff is hard. No one has really figured out how to describe these interactions. More evidence that privacy decisions in our world are a completely unnatural act. We’re just missing the language and cultural context, not to mention the tools.
My guess, apparently correct, is that remove includes block.
I’m gonna go out on a limb and suggest that this was just a coder who understood the mechanics of the feature but had no idea how to explain it to users in a meaningful way.
That kind of thing happens a lot. Remember Steve Morse’s forms toolbar in Mozilla? Some people just shouldn’t be designing UI.
Interesting! My guess (I didn’t check, but based on what Asa said I guess I’m wrong) was the opposite – that block included remove.
Neither reading is obviously wrong, though – nor is the third possibility, that they’re actually mutually exclusive, but I think that’s very unlikely.
There are two issues, the first is that the labels are backwards for what it’s actually doing. The second is that they are trying to explain this with a paragraph instead of a 2×2 table:
Remove | Block
Visible on my profile: Yes | No
On my apps page: Yes | No
Can access my information: No | No (implied)
So block actually removes, and “remove” simply blocks it. Unless “Block” in this case simply blocks you the user from interacting with this app anymore (probably how this is handled internally to prevent XSS attacks from old content the app generated for you back when you trusted it).
The ugly bit is the “implied” part. Hopefully they aren’t that stupid (again, having received nothing but publicity for their other dumb handling of user privacy :-)).
Methinks things like this happen because we (well, I do at least) get seduced by cool technologies, applications, ways to connect things – which are cool – but then we forget what the use case is, what the benefit to the user actually is. I think that is the starting point, then from there design it/describe it to the user with that benefit in mind.
If what you’re after is disabling it from posting to your timeline, you should be able to control it (and all your apps) here: http://www.facebook.com/editapps.php?v=allowed. (Apologies if that URL doesn’t work; I tested it, but Facebook can be a bear with them sometimes.)
Facebook has not always gotten app permissions/privacy right (and that dialog does SUCK) but the app controls in general are decent at this point.
Privacy is an oxymoron when used in the context of Facebook anyway. You don’t really know how far your data is traveling, despite your “privacy” settings. That’s the main reason I stopped using it.
Another possibility for the addition of a “Block” option is because data is transitive in Facebook. You might remove an app from your own profile, but if one of your friends has it installed, they may be able to transmit your data to that application even though you’ve removed it. This behavior’s been demoed with a couple of example apps.
*Robcee super vampire punches blizzard in the donkey*
I want to argue the opposite: privacy is very easy, but we’ve just not been trained well on which decision we we want to make. The result is that the simple dialog gets scratched and rewritten to be less abrasive, and by the time it has been reworded not be jolting, no one knows what it means.
Part of the problem seems to be there are two actions which ideally would each have their own dialog unless one almost always happened only in conjunction with the other, but even without that we could do:
Rob J. Caskey
[ ] Don’t tell Rob what I am doing
[ ] I don’t want to see Rob anymore
[Remove]
I just watched the video linked above, and while very good, I think it misses the real point about privacy with respect to facebook: you can have as many controls on how you restrict your data as you want, but in the end, you’ve still entered a whole bunch of personal information about yourself and how you relate to other people into facebook. Any amount of privacy control you place on it is an illusion.
hilarious. yea. social web apps and associated walled gardens are a mess when it comes to privileges and privacy. that dialog is a piece of work!
I should have pushed the video link a little harder. It’s a really good Clay Shirky video with some other examples that echo this better than I have. A good use of your time.