Archive for May, 2010

It’s almost impossible to open a newsfeed today without someone else realizing that Facebook privacy is lacking, or that Facebook itself is taking another stab at getting it right. [e.g. New York Times, PC World, WSJournal…] I’m confident these efforts will be futile.

It’s not due to lack of caring on the part of Facebook; I’m sure they care about individual privacy (Zuckerberg’s passion for openness notwithstanding). And it’s not for some sort of technical incompetence – those guys are smart and savvy. So why the ongoing nightmares?

There are two forces at play that I propose are mutually exclusive and cannot effectively be resolved. First, and foremost, Facebook is a social tool. It is THE social graph. Everything about its structure – from concept to engineering – is designed to make social connections natural and simple. Social connection is a powerful (and valuable) force and Facebook handles it all with ease. Anything that is NOT supposed to be social and shared is going to run directly into a basic disconnect. Yes, we can hide the things we don’t want to share, and we can take efforts to select who sees some things and who does not. But sharing is simple, and hiding is a little harder.

The more sensitive the information we post into the Facebook “system” – the more nervous we are that it might be getting shared in some way we cannot fathom. I would suggest most people aren’t entirely clear about what is being shared and with whom. Confidence and control over Facebook privacy is not going to be simple no matter how technically sophisticated the user, and with 400+ million users, most are not “sophisticated.”

The second force is about user experience design, and most of my background here comes from Netflix. Even with only 12 million users – a mere fraction of Facebook — it was a continual challenge to simplify the Netflix website enough that a large audience would find it clear and useable. We learned that people don’t read much on the screen, they don’t spend a ton of time figuring out features, they don’t understand things that might seem “obvious” and so on. Small increases in the number of options/functions available at any given moment, and usability suffers. We used to have in-house opinions like “take all the cool sophisticated tools and put them under a drop down menu called “advanced features”…. And then don’t build them.” It’s not that advanced features aren’t good and cool, it’s only that very very few people will ever discover them let alone use them, and simple always wins over sophisticated. We tested these principles and we knew them to be true.

And so we return to Facebook: most the privacy controls fall into the domain of “advanced features” – they’re the exception to a social tool; they’re complicated no matter how hard you try or how smart you are. With an audience the size of Facebook’s, users will predominantly never be able to grok them and thus will screw up privacy– and blame Facebook.

Facebook may never truly be able to deliver appropriate privacy because at their core, they are all about social and sharing. Uber privacy will never and cannot ever be their strength. Nor should we demand it be. Facebook isn’t where we should manage our medical history or genetic code. It isn’t where we write our diary. We should probably stop blaming Facebook for failing in a domain where they shouldn’t be expert, or asking them to effectively solve for every privacy concern. Instead we should use Facebook for what it is – a social graph. At some level, Facebook and strong simple privacy are mutually exclusive, and, when we accept that, we will all be much happier.