Skip to content

{ Tag Archives } privacy

Sunlight Labs’ Inbox Influence: Sunlight or Sunburn?

Last week, Sunlight Labs released Inbox Influence, a set of browser extensions (Chrome, Firefox) and bookmarklets that annotate senders and entities in the body of emails with who has contributed to them and to whom they have contributed.

I really like the idea of using browser plugins to annotate information people encounter in their regular online interactions. This is something we’re doing on a variety of projects here, including AffectCheck, BALANCE, and Rumors. I think that tools that combine personal data, in-situ, with more depth can teach people more about with whom and with what they are interacting, and this just in time presentation of information is an excellent opportunity to persuade and possibly to prompt reflection. Technically, it’s also a pretty nice implementation.

There are some reasons why this tool may not be so great, however. With Daniel Avrahami, Sunny Consolvo, James Fogarty, Batya Friedman, and Ian Smith, I recently published a paper about people’s attitudes toward the online availability of US public records, including campaign contribution records such as the ones on which Inbox Influence draws. Many respondents to our survey (mailed, no compensation, likely biased toward people who care more about this issue) expressed discomfort with these records being so easily accessible, and less than half (as of 2008) even knew that campaign contribution records were available online before they received the survey. Nearly half said that they wanted some sort of change, and a third said that this availability would alter their future behavior, i.e., they’d contribute less (take this with a grain of salt, since it is about hypothetical future behavior).

Unless awareness and attitudes have changed quite a bit from 2008, tools such as Inbox Influence create privacy violations. The data is being used and presented in ways that people did not anticipate at the time when they made the decision to donate, and at least some people are “horrified” or at least uncomfortable with this information being so easily accessible. Perhaps we just need to do better at educating potential donors about in what ways campaign contribution data may be used (and anticipate future mashups), though it is also possible that tools like this do not need to be made, or could benefit from being a bit more nuanced in when and about whom they load information.

Speaking personally, I’m not sure how I feel. On the one hand, I think that campaign contributions and other other actions should be open to scrutiny and should have consequences. If you take the money you earn from your business and donate it to support Prop 8, I want the opportunity to boycott your business. If you support a politician who wants to eviscerate the NSF, I might want to engage you in conversation about that. On the other hand, I don’t like the idea that my campaign contribution history (anything above the reporting limit) might be loaded automatically when I email a professional colleague or a student. That’s just not relevant—or even appropriate—to the context. And there are some friendships among political diverse individuals that may survive, in part, because those differences are not always made salient. So it also seems like Inbox Influence or tools that let you load, with a click, your Facebook friends’ contribution history, could sometimes cause harm.

privacy on twitter vs. privacy on facebook

In a post describing some teens’ use of Twitter and Facebook (Twitter is for friends; Facebook is everybody; some teens are using private Twitter accounts for communication with friends because Twitter is too public), danah boyd poses the following question:

My guess is that if Twitter does take off among teens and Dylan’s friends feel pressured to let peers and parents and everyone else follow them, the same problem will arise and Twitter will become public in the same sense as Facebook. This of course raises a critical question: will teens continue to be passionate about systems that become “public” (to all that matter) simply because there’s social pressure to connect to “everyone”?

I believe that Twitter may actually be much more resistant to both this pressure and subsequent switch to less “public” platforms than Facebook for two reasons: account norms and Twitter clients.

Account Norms, Privacy, and Collapsed Contexts
On Facebook, everyone pretty much gets one account.1 This leaves me with a choice of collapsed contexts (same profile for everyone) or only friending people from a particular context or set of context. There are many fine-grained privacy controls, but this all adds up to a more-is-less experience, at least for me. There are enough many controls that I don’t particularly remember what I’ve set to be visible to whom. When I comment on something in friend’s profile (or am tagged in one of their photos), I don’t know who can see that.

With Twitter, people can have multiple accounts, and for private accounts, they know exactly who can see their posts: only people who I give permission. This is not to say Twitter is not without some privacy pitfalls – e.g. plenty of private tweets get retweeted or replies on others’ public accounts – but I have a much clearer idea of who can see a status update or reply on Twitter than I do of who can see similar content on Facebook at the time of posting. I suspect that many users of private Twitter accounts do so just to avoid the “what if so-and-so sees this?” question. So it seems reasonable that people could have different accounts for their work, family, friends, etc personas, though there’s a point at which it probably would be too many.

Twitter Clients
Having multiple accounts wouldn’t work well without an appropriate interface, and here Twitter benefits hugely from its API and the many, many Twitter clients available. Using more than one Facebook account, especially simultaneously, is an ordeal – multiple web browsers, no aggregation. With the right client, reading from and posting to multiple Twitter accounts is a breeze.

So while there may eventually be an exit from a more public Twitter, I think there is more room to move within the same service, diversifying accounts, than there might be on Facebook. This will only, work, though if people are willing to set boundaries and accept boundaries – and probably not if mom and dad insist on following the Twitter account their kids use to communicate with friends from school, or if colleagues regularly feel insulted when a coworker-acquaintance declines their request to follow an account they use to communicate with close friends.

1I believe this used to be part of the terms of service, but I don’t see it anymore and can’t be sure that it was ever there.

social sites repurposing contacts

A month or so ago, Cory Doctorow wrote a column about how your “creepy ex-co-workers will kill Facebook,” and introduced what he calls “boyd’s law:”

Adding more users to a social network increases the probability that it will put you in an awkward social circumstance.

I think there’s an important corollary: adding more features and content types to a social network increases the probability that it will put you in an awkward social circumstance.

Recent concerns about Beacon are one example. Yes, the privacy issues of an opt-out tool that follows you around from site to site recording your behavior are huge. But there’s also the issue of having this content added to the Facebook at all. Even among my close friends, I don’t want a list of their recent purchases. It’s not something we do in person, and it’s not something I want to do online. A site, though, can cause the same problem by adding content that I share with some people, but not necessarily my current friends. Facebook users presumably friend each other based on the norms for sharing the content that existed on Facebook at the time, adding more content or just changing how Facebook shares the content already there can cause some problems. Some of the content Beacon tried to so forcefully share isn’t that much different than if LinkedIn suddenly started sharing relationship status: you don’t want software deciding to re-purpose one set of social ties into another. For now, Facebook is handling this challenge with extremely fine-grained privacy controls, but that’s a lot of overhead.

The de-placing of facebook
When Facebook was smaller and the bounds were clearer, users had less need of the privacy settings. Two years ago, I had a pretty clear distinction in my head. Facebook was for some social communication and sharing among my college friends and some friends from high school. It had a clear identity, and felt either like a place or very connected to my school as place. I knew who I would “run into” on Facebook, and I knew that the content would be related to college students’ self-expression, communication, and socialization. Within the bounds, it was possible to identify a fairly consistent set of behaviors and information that members were willing to share with each other. Not so anymore. As Facebook adds users and features, it undermines this sense of place. Anyone, including the creepy ex-coworker, might show up. With new features and new applications, I am also less able to anticipate Facebook’s content.

I’m not necessarily criticizing Facebook’s decision to reduce their placiness. Its leadership has decided to trade some of the sense of place for growth, instead becoming an application platform and contact/identity management system. That’s their gamble to take, but I am critical that they seem to be moving in this direction without clearly thinking through some of the consequences for their members.

Other examples of repurposing contacts
Facebook isn’t the only company that has recently re-purposed existing social network information to share additional content. This December, if you use Google Reader and GTalk, Google decided to share all of your shared RSS feed items with all of your GTalk contacts. Your GTalk contacts were already being added to from people you email, so for many users, this exposed their shared items to many people they’d emailed a few times. This decision seems to be based on the incredibly naïve assumption that if you share content with some people, you want to share it with everyone you email. One user reported that this “ruined Christmas.”

Unforunately, as Google and Yahoo increasingly leverage our inboxes to compete with Facebook, we can probably look forward to more of the missteps.

Pursuit of places
I do think it’s possible to grow while keeping a distinct sense of place. After purchasing Flickr,, and upcoming, Yahoo! kept their contact lists separate and retained the identity of each property. Some would probably criticize Yahoo! for not integrating their brand, but I think that time will show they’ve made the right choice. It’s also true that managing the separate contact lists is very similar to the overhead of Facebook’s privacy settings, but there are a some key differences: managing your Flickr contacts does not interfere with the sense of Flickr as a bounded place, and you can (at least currently) be reasonably comfortable that Flickr is not going to repurpose your Flickr contacts outside of the social norms for Flickr users.

This also makes me believe that social startups like dopplr and others can succeed by creating a clear identity as a place. Even if Facebook offered better features (and perhaps more convenience) for sharing my travel status and tips with others, I’d still seek out Dopplr for its characteristics as a space — it’s a much more pleasant experience.