The Web of Trust

Posted 4 years ago by Trevor Connolly No Comments

How to overcome your user’s privacy concerns in the age of Big Data, the NSA, and Cyber Warfare.

We live in an age of opportunity. Technology is pushing forward in pursuit of making everyday life simpler, more convenient, and more informational. Behaviors once reserved for only SciFi movies — such as remotely controlling our home security or A/C systems, talking to a robot-voice on the Internet, or wearable technology that informs us about the environment around us in real-time — are no longer of the future, but rather, Today. Our web services have enabled us to make big changes in the way we interact with our world. The opportunities that technology affords us are endless.

Yet, there is a threat. Despite these opportunities, people are growing increasingly leery of how they allow their personal information to be shared online. Privacy issues have been widely chronicled over the past year: Edward Snowden & The NSA, how Google and Facebook view your rights in their collection of data for marketing, and just recently, Heartbleed. As more and more of our life is moved online, our distrust, our vulnerability, to the Internet is multiplied. This is the biggest threat to our age of opportunity.

“With great power comes great responsibility.”— Voltaire

As Voltaire, President FDR, and comic-book legend Stan Lee (via Uncle Ben from Spiderman) have all so famously been quoted, power does indeed also burden us with an equal amount of responsibility. In today’s world, that means the people who have shaped the Internet have a great responsibility to implement solutions to the privacy scare that surrounds virtually all Internet services.

The truth is, this privacy stuff is scary. That is why Facebook founder Mark Zuckerberg reached out to President Obama this past month and why Google CEO Larry Page asked users to not “throw the baby out with the bathwater.” The future of our connected communication to the Internet is predicated on us trusting the Internet with our most private information. The Internet of Things is not possible without trust in the Internet. The Connected Car is not possible without trust in the Internet. The future of social media, e-commerce, cloud services, and pretty much any other imaginable connected innovation are all impossible without trust in the Internet. The leaders of the largest contributors to the web realize the potential for mass exodus if we don’t get a firmer handle on how the Internet protects our privacy. As builders of the web, it’s on us to take the lead in designing a more trustworthy experience.

Design Trust into the Product

We can do this in our UX approaches.

Be transparent
Many people are weary of giving their personal information to a site or app they do not already trust, especially when you start asking for things like social security numbers, driver’s license number, or a student ID number. Their fear is that this information will be a) shared with third parties somehow, or b) carelessly stored.

However, we can build trust into these forms by simply adding hints or icons that, when hovered or clicked, tell the user why that information is needed and how you plan to use & secure it.

By being transparent with your needs, usage, and the user benefit, the user will feel more trusting that you have nothing to hide and are, in fact, going to secure their information and provide great service.

Show the user how they benefit
Another way to build trust is tell the user how it helps them. Often times people complain about the way Google or Facebook collect your personal information, but they still participate in the services Google and Facebook offer. Why? Because it benefits them. If Google or Facebook had tutorials or hints to show the user how their information allows the interface choose information specifically tailored to their interests, users wouldn’t be so wound up about their information being collected.

Make it part of the flow
As the personalized internet grows, collecting data on each individual user becomes a more crucial part of the business model. Netflix has a good method for discovering what movies you might like. The algorithm Netflix uses suggests movies and shows based on ones you’ve already seen and how much you liked them. Companies like Spotify, Amazon and Facebook do this, too. The trick is to not force the user to tell you what they like, but to build it into the interaction. Rather than interrupting the user from searching for movies, Netflix waits until the user decides they need suggestions. Then, you can politely ask what they have like or dislike, or liked and disliked from the past, to help suggest more which they may like. In the case of Amazon, Spotify, and Facebook, this is compounded, as they assume that things you’ve interacted with before help determine what you’ll want to see in the future. The main point is they don’t encumber the user to collect this data, they just accept it when the user offers it, and then use it to provide a better experience.

Hand Over the Controls
One idea that hasn’t been explored too in-depth is to let the user’s decide how their information is shared and collected, if at all. More commonly, you see this type of optional tactic used by credit card companies or subscription email services that have already encountered a user-base who was sick of their email, spending habits, phone number, etc. being passed around. Perhaps letting the user have full-control over their data will make them feel more safe. Facebook has excellent privacy features for who can and can’t see your Facebook stuff, even allowing you to control it down to the post and the specific people who can see it. However, they don’t give the same options for how they collect information about you. Maybe we’ve reached the point where the control has shifted away from a universally applied Terms & Conditions page to a user-personalized, customizable Terms & Conditions that allows the user to determine what is and isn’t agreed upon. Turning off certain features might mean the user doesn’t recieve the full benefit of the system. Say for instance if I don’t want Spotify tracking what songs I listen to, then I won’t get new recommendations for songs to listen to or shows to go. But at least I’m the one making the decision. You could even combine a suggestion from above and inform the user of the benefit one last time after they’ve chosen to turn it off, just to double-check they still want to.

Stop It.

Just stop it. These are some bad privacy habits that all web-companies need to ditch immediately.

Collecting unnecessary data
One thing that can make people suspicious is collecting information that isn’t tantamount to the task at hand. If you don’t need to collect a phone number to register for a new shopping app, don’t ask for it. If the business model doesn’t depend on knowing a user’s real first name or last name, is it really important for you to gather it? In most cases, companies collect this data for the “down-the-road” scenario in case they might ever need it. Stop it. Collect only what you need at registration. Adding more barriers to sign-up isn’t a great model, and if you need to ask the user for more information later, they’ll most likely already be invested enough in your product offering to give it to you, especially if you let them know exactly why you need it and how you’ll use it and store it.

Storing Deleted Images
With the rise of social media and our connected lives, the distinction of privacy is shifting. What used to be considered “private” may now be considered “public”. If you read this article from Nathan Jurgensen on Wired.com, you find that the definitions of public and private really depend on eachother.

“If we want to understand privacy in the digital era, we need to recognize that publicity doesn’t kill it. Rather, publicity depends on privacy—and vice versa.”

What Jurgensen is saying is that since our understanding of what is public behavior has changed with the rise of the internet, our need for a private space has changed as well. Who really owns that deleted photo of me in my “Spring Break ‘09 Album”? Is it Facebook or me? Well, the Terms & Conditions will surely say Facebook but I’m not so sure I can’t make the argument that that photo is private property and that Facebook has no claim to it anymore without my explicit consent. There’s no reason why web companies like Facebook should need these clogging up their servers anyhow.

Posting “Legalese” in-place of Humanspeak
For many, the legal language that most Terms & Conditions are written in is illegible. It’s complicated, boring, vague, and yet somehow specific. A better practice would be to prepare a more simplified version of the Terms & Conditions, and link to the appropriate place in the legal language when necessary. This will help the user understand not only the transaction you both are agreeing to, but your intentions once the agreement is made. So long as you have good intentions (a requisite for all companies), this should go a long way in easing your user base.

For those who really want to hide…

Here are some espionage tactics that may become commonplace.

Implement Encryption languages
At SXSW in March, Edward Snowden did his first live feed since he went rogue to advocate for the adoption of encryption languages. Weeks later, Zuckerberg took to Facebook to urge web builders to incorporate encryption methods after a poor conversation about web privacy with President Obama. On April 23, privacy journalist Klint Finley posted a story on Wired.com claiming Google is working on a revamped version of Gmail that will use encryption system PGP (Pretty Good Privacy). PGP uses several encryption keys to lock and unlock sent files, sort of like in a 007 movie. And you can bet Google isn’t the only web company investigating how to use encryption systems. According to Finley, PGP in Gmail is only the beginning:

“PGP creator Phil Zimmermann has teamed up with Ladar Levison of Lavabit — the email service Edward Snowden used — to create a new messaging protocol called Darkmail. Other projects along these lines include BitMessage, SecuShare and Briar.”

What’s all this mean? We may all be feeling very 007 soon.

Use Privacy-optimized Operating Systems
Another idea we can borrow from Snowden is privacy-optimized operating systems. According to Finley, when Snowden first went into hiding he used a privacy-optimized operating system called Tails. Tails, which is open-sourced and developed by anonymous programmers, doesn’t store any data locally, making it perfect for hiding from Facebook, Google, or even the government. However, Finley warns that Tails is not optimal for everyday use, as you’re likely to do something on the internet that gives away your identity. Instead, Finley says Tails should be used for specific anonymous activities.

The Shadows of Privacy

While it is obvious that the online privacy issue will soon have a slew of solutions for the everyday user, we also need to consider the other side of the argument. If we are more protective of our data, what are we really giving up?

“They who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.” – Benjamin Franklin
Government organizations like the NSA will certainly claim that they are actually protecting your privacy by snooping in on your conversations and collecting all your data. We cannot dismiss that their efforts are, at least, as much for our protection from our enemies as much as any other agenda. All privacy requires some infringement on our convenient freedoms. The key is to establish a healthy balance based on our rights.

Conclusion

Our concerns about our privacy online will only go up from here. As builders of the Internet, we must adopt new practices in our designs to allow user’s to leave behind only the digital footprint that they wish. This includes designing for trust, eliminating some bad web habits, and in some instances, very radical solutions.

The truth is, our data is valuable. Not only to us as individuals, but to the companies that are shaping the Internet, the companies that build products for the Internet, and to the future of the Internet. Simply asking Facebook, Google, and the rest to stop collecting data not only won’t happen, but it will set back the progress we have enjoyed over the Internet boom. However, as a builder of the Internet, determining what data you need to collect is delicate. It should be considered on a per project basis, and you should collect only the data you need to make your product valuable to your users. The product should ultimately determine what data you need and don’t need, but if you still need some extra advice, the best thing you can do, surprisingly, is listen to Google…

Don’t Be Evil.

References
Out in the Open: Inside the Operating System Edward Snowden Used to Evade the NSA – Klint Finley
Google’s Revamped Gmail Could Take Encryption Mainstream – Klint Finley
Why Privacy Is Actually Thriving Online – Nathan Jurgensen

Tags: , , , , , , , ,

Leave a Reply

free essay