Apr 06, 2010

UE vs. UE: Facebook Connect's Auto Opt-In

Josh Williams's picture
Josh Williams
Director, Product Strategy

A couple weeks ago, Facebook announced that they may begin to share user data with other sites, regardless of whether people have signed up for those sites yet. This new data sharing isn’t mandatory, but as with other privacy changes Facebook made earlier this year, they’re defaulting people to the more public setting. People will have to be both aware and motivated if they want to prevent their data from being shared outside of Facebook.

The use case goes something like this: Say there’s a site for organic coffee aficionados and for some reason Facebook likes them and decides to grant their Facebook Connect implementation with this new "pre-approved" status. Then one day, a Facebook user stumbles onto the coffee site and instead of being unrecognized, the site reads the Facebook cookie out of the user’s browser, references their Facebook data (which includes name, demographics, friends, photos, status updates, and more) and can now greet this user by name and tell them which of their friends are already here.

For Facebook, it sounds like a logical and appropriate way to leverage the data they have on their 250+ million users. From their perspective, seamlessly sharing user data throughout the (trusted) web will lead to the richest, fullest, and most meaningful interactions the web has to offer. Who wouldn’t want that? They also argue that, with the adoption of tools like Twitter and their status feature, the web has become a public space and this trend is expected to continue. They see privacy as a dying concept, and a future where people’s entire identity hovers visibly around them wherever they go.

From a client perspective, this could be a really powerful change. Sites no longer have to struggle with converting new users into registered users. Instead, they can pull the user right into the conversations their friends are having about the best cup of organic coffee in Western Addition (for example). If the value of a site is immediate and personally apparent from the get-go, sites can stop worrying about converting users and focus on delivering valuable features and content.

But from a user perspective, this could be really creepy and a huge turn-off. “I’ve never been to this site before, so how the $%#@ do they know who I am?!” Instead of applauding the collaboration between the organic coffee site and Facebook, people could easily freak over the sudden public airing of their private bits—sorta like those nightmares where you walk out of your house and realize you forgot to get dressed first.

The general response to the new policy is pretty negative. I have no idea if or how this new implementation of Facebook Connect will ultimately be rolled out, however, I tried to imagine a few ways that they could do it without completely freaking people out or being callous to their users’ needs.

Seal of approval

A few months ago Firefox’s Asa Raskin suggested that maybe it’s time to adopt a set of privacy logos, similar to those used by Creative Commons. The goal is to establish a simple and consistent convention around privacy that could be quickly communicated through a set of recognizable logos. That approach could work for this new sharing approach as well. Sites that Facebook designated as "pre-approved" could be marked so people would immediately know that this site is considered trustworthy and worthy of their data.

In the meantime, sites should do their best to be absolutely transparent about what’s going on. Make it clear that everything is okay and the user isn’t crazy. Clearly state that they didn’t register for the site and their Facebook account hasn’t been compromised by some organic coffee-loving hacker. All the data they’re seeing is being provided safely and securely with Facebook’s blessing.

Take all your want, but eat all you take

This one’s pretty simple—it’s the same rule that Sizzler used to post at their salad bar. Facebook may end up offering a ton of personal data through Connect, but that doesn’t mean sites should take it all. Just collect the data that supports the site’s functionality. The organic coffee site might not care what school I went to or what my job is, but it does want to know where I live so it can direct me to the best coffee spots around town.

Ideally, Facebook would review the requirements for each "pre-approved" site and confirm that the data they intended to access is needed to make their site run.

When you assume you do considerable disservice to yourself

It may be true that people using social media are expressing themselves more publicly than before, but that’s only because, thus far, the tools we use don’t understand nuance. There are infinite contexts within which communication can happen. People say different things to different people in different places at different times. Right now, Twitter has two main options for tweeting—either you say it publicly or you say it to all your friends. It’s a nice and simple set of options that maps well to the technology at hand, but as it evolves so will our opinions about privacy. Making broad assumptions about cultural shifts away from privacy may be useful in justifying a business decision, but it doesn’t do much to establish empathy and good-will with an active user community.

Facebook and Facebook Connect partners should plan to make it abundantly easy to track which sites are accessing which bits of users’ data and provide simple, intuitive ways to throttle the sharing of that information. Facebook’s assumption is that most users are fine living with the factory settings, but I suspect there’s additional peace of mind in knowing that you can change your settings at any time, should you so desire.

My take is that opt-in sharing of personal data is a brash and ill-conceived notion and suspect that Facebook will quietly back away from it for now. But information and identity portability is a logical evolution for social media; opt-in sharing might not be the right execution, but the general idea is sound.

Because you're a Hottie, please log in before commenting:

Post new comment