Discouraging blanket strategies
Socially oriented services on the Internet allow their often diverse userbase to share content. These masses of users and shared content are also varied enough to discourage individual attention. Controllers prefer to protect themselves from additional complexity and investment into features which provide them with less data. Users, however, feel in need of privacy settings to distinguish their personal risk appetite from that of the norm. They each have their own ideas about the sensitivities of their information, which makes sufficient controls difficult to implement.
Overly simplified privacy settings following all or nothing strategies could result in over-exposure, self-censoring, and unsatisfied users.
These all or nothing strategies could refer to privacy settings which holistically apply to all content, or to binary (or otherwise deficient) choices for public visibility.
- The level of invasiveness depends upon the context of the content being shared.
- Users have differing levels of sensitivity attributed to contexts, and thus different levels to provide their content.
- They trust the controller to different extents.
- Controllers do not want to violate user privacy.
- They want to protect themselves from blame if a user's privacy is violated.
- They want users to produce content which is at least somewhat valuable. (For instance, when nobody can see the content there won’t be an impact in collaborative environments)
Provide users with the possibility to define a privacy level for content being shared with the controller, or with other users. Give them a range of visibilities, so that they can decide the access-level of the content being shared according to different users, or service-defined groups.
Provide users easily-recognizable visual elements to define the privacy level for each content submission. Use controls, such as (drop-down) lists, combo boxes, etc. to provide a range of possible privacy levels.
The privacy levels could be defined in terms of social group of the users in question to the user who is sharing content. For instance, family, closest friends, colleagues, acquaintances, everybody. This is in line with Reasonable Level of Control and Selective Access Control, where a user might be given the opportunity to define their own groups or set individual privacy levels.
The privacy controls themselves also need to be designed in such a way that it is very clear to users what each setting does and what it means for their privacy.
- Grants users complete control over the privacy of the content being shared, which may lower the bar for them to share certain data they otherwise would not.
- Users could find having to set privacy settings every time they share content to be tedious. It would be necessary to define reasonable defaults for privacy settings (least effort for minimal sharing).
- Google Plus.
This pattern may be used by Support Selective Disclosure, as it makes up a foundation for a compound pattern. Discouraging blanket strategies may also be complemented by Selective Access Control and by Decoupling [content] and location information visibility. These patterns support each other to provide more flexible privacy setting management to users.
Discouraging blanket strategies complements Reasonable Level of Control, which features selective and granular sharing and may consider a range of options. These methods complement each other where considering this range.
S. Ahern, D. Eckles, N. Good, S. King, M. Naaman, and R. Nair, “Over-Exposed ? Privacy Patterns and Considerations in Online and Mobile Photo Sharing,” CHI ’07, pp. 357–366, 2007.