Over the past few days I have been attending the 9th annual conference of the Association of Internet Researchers (AoIR) in Copenhagen. This year’s conference is “Internet Research 9.0 – Rethinking Community, Rethinking Place“, and it has been expertly organized by The IT University of Copenhagen.
While I missed the first day, I was able to attend excellent panels on “Coding Places”, “Privacy Disclosure Identity”, “Beyond Offline vs Online: Effects of Technology”, “e-Health”, and “Gaming”.
One particular highlight was the paper “Designing Privacy Into Online Communities” by Drs. Cathy Dwyer and Starr Roxanne Hiltz. Dwyer and Hiltz criticize the poor design of privacy management on social networking sites, such as Facebook, and suggest three important ways to design privacy into these services:
- Evaluate the privacy level of each component: Just as each component of a system can be evaluated as to its usability and security, so should each component be evaluated as to its privacy.
- Provide privacy feedback: We need a privacy WYSIWYG (“what you see is what you get”), showing users exactly what is visible to friends versus strangers as they tweak their privacy settings.
- Publish privacy norms: Social networking sites should publish aggregated metrics that reveal norms with respect to privacy settings, such as “70% of users make their e-mail address visible to friends; 10% make it visible to strangers.” Knowing this information can help inform users and perhaps influence their behavior.
I also suggest adding a fourth design suggestion:
- Provide privacy reminders: Periodically prompt users to revisit their privacy settings.
Currently, social networking sites seem to assume that one’s privacy preferences when the account was first opened remain static. However, users should be reminded to tweak their privacy settings over time, due to a variety of reasons: you might want to change who can see what based on life changes (perhaps you are now on the job market and want to restrict access to some of those compromising photos), based on new information being shared on the network (as a newbie, you might have only included basic data, but after time, you might start sharing more personal information), or in reaction to changes in the service itself (once Facebook opened itself up to non-college students, the number and type of people able to see your content change dramatically).
It was great hearing about other resesarch addressing the complexities social networking privacy functionality (for those who are overwhelmed by Facebook’s complex privacy options, see my “How to Change your Facebook Privacy Settings” guide). And I was especially excited when Dwyer noted the importance of placing privacy on the same level of other “non-functional” design variables such as security, usability, and reliability. That is “values in design” in a nutshell.
Another highlight of the conference was Saturday’s keynote by Stephen Graham, Professor of Human Geography (a wonderful term) at the University of Durham, who spoke about the links between mobility, urbanism, ubiquitous computing, and surveillance. It was a probing and insightful talk, providing much fodder for future research projects. A great summary of the talk is here.
Finally, we announced that next year’s conference will be in Milwaukee, co-organized by the School of Information Studies at UW-Milwaukee and the Deptartment of Communication at UI-Chicago. More details on this exciting announcement here.
MichaelZimmer.org 
That is a very good addition to their list. Just don’t make them daily, weekly, or monthly reminders. There is enough spam out there.
Yes, that’s been the main concern whenever I suggest this. We need to come up with the right frequency for these reminders, and preferably also tie it to some kind of algorithmic calculation of when things seem to have changed in a user’s habits, which might mean she should revisit her previous privacy preferences (ie, suddenly posting and tagging photos, or a sudden increase in the number of friends, etc)
Thanks Michael for the post about my presentation at AoIR 9.0. I saw this study yesterday on how much time it takes to read privacy policies, and thought that would be another item to add to the list. How many people read the privacy policies for these sites, and how long do they spend reading them? Do people read them more than once?