Share/E-mail This Story

Email This



More Isn't Necessarily Better When It Comes To Preferences

from the keep-it-simple-stupid dept

Facebook has unveiled a new set of privacy settings that have been getting some positive reviews in some quarters. While I'm always happy to see a company that's not afraid to experiment with new privacy protections, I think Facebook has some more work to do on this one.

One problem has been identified by Chris Soghoian: if you're in an academic network, you can theoretically limit access to your profile based on each viewer's academic status at your institution. So if you're an undergrad, you can set things up so that your friends can see those pictures of you doing body shots, but your professors and TAs can't. The problem is that apparently, peoples' status is self-reported, and can easily be changed. So a nosy grad student could temporarily switch his status to "undergrad" and to get access to an undergraduate's photos. This seems like a problem.

The more fundamental flaw, I think, is that there are now way too many options. The exact options I see on my Facebook account are different from the ones Chris sees, presumably because he's a student and I'm not. But on my version of the preferences, there are a dozen categories of information, each of which have 6 to 8 different options. For example, there are separate privacy settings for "profile," "basic info," and "personal info." Do you have any idea what is in each of those categories? I don't. And then you have to decide whether each category will be available to "Only Me," "Some Friends," "All Friends," and "Friends of Friends." And you have to decide which of your "networks" will be able to see that information. And you can provide a list of people to exclude.

This is a bewildering array of options, and it's likely to retard the usefulness of Facebook's privacy features. When it comes to user preferences, a handful of carefully chosen options is better than allowing users to adjust every conceivable setting. A well-designed user-interface should economize on the user's valuable time and attention by giving him a reasonable number of options that encompass the most likely use cases. If you give users a huge number of options, most of them will give up in frustration, leaving them in a much worse position, privacy-wise, than if you'd given them a smaller menu of easy-to-understand options to choose from.



Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    illegalprelude, Mar 20th, 2008 @ 9:39pm

    I very much agree with this. Facebook is starting to offer way too much options and even me as a techie, look at it and just dont wanna sit there and figure out what the hell is going on. Its the same problem when you add a new application to your profile, it asks you to "send out alters to others, add to your box" do this, do that etc etc etc.

    Why soo difficult

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Mar 20th, 2008 @ 10:29pm

    Myspace was bad for one reason

    And Facebook is becoming bad for another. Although, Facebook I think is more useful than Myspace.

    Either way, I still don't have a page on either. Well, not a serious one. And not one with my name or professional email on it.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Mar 20th, 2008 @ 10:31pm

    dude...

    isn't creating confusion in facebook's interest? if it becomes too complicated, then people will simple stop caring and just go with the flow (eg. making more information available). this lets facebook make more ad money and capitalize on that social network "snooping on acquaintances" value.

    Of course, this assumes that there's a trade-off between a desire for privacy and the hassle of actually getting it, versus the versus the real threat of having the information out there. at some point its too much a hassle to care anymore. if i set my privacy settings wrong, i have no idea what other people see until it bites me. if i wear a tinfoil hat i'll probably double check things, but what, i'll probably have to register a second facebook account to check unless i rely on friends to tell me. most people won't and won't notice they'll be sharing more than they thought. And, to boot, all the in the name of more power for the user!

    creating confusion is the only way they can get beacon (or whatever their ad plan is) to work without pissing people off.

    i think the problem is that no one knows what these categories mean. right, what is the difference between basic and personal info? this is lawyer crap, where you throw an innocuous term in a contract, one that everyone generally understands to mean one thing, and then only once you reach the definition of that term later on do you realize that term has a substantially different meaning in the contract. sneaky lawyer crap.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    will, Mar 20th, 2008 @ 10:43pm

    great idea, why did i have to think of it?

    i think one of the most useful things for any of these social networking sites would be this:

    more than one password allowed. what i mean is this, an admin account with full access and one or more user accounts with access limited by the admin acount.

    why? a few reasons,

    1. a business using the site could give employees a user account to do whatever they like but NOT change the password or delete the entire page. this way when they got pissed off or left they couldn't screw things up for there old company.

    2. an individual could give friends access to there account so they could load pics and such but they couldn't screw up the entire thing to badly as your admin password would supercede there user acount and you could go in and lick them out without having to worry about your stuff.

    3. (and this is the biggest reason) phishing. if you set up an admin account with full access and then give yourself a user account with access MINUS password change or deleting capabilities you could use the site without worrying about getting phished. just use the "user" account whenever you log in and if a few days later you notice your page has been phished just log in using the "admin" account and change the "user" password and the phishing site is now locked out again! EASY!!!!

    so why don't facebook, myspace, etc. do this?

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    buckykat, Mar 20th, 2008 @ 11:19pm

    too many options is impossible. admittedly, i haven't seen this facebook thing, but take the package compizconfig-settings-manager for an example. it has more options than pretty much any settings utility i've ever seen. (think the entire windows control panel, but just to change fancy display settings.) it's pretty awesome, as it lets you set every preference just the way you want it. i have five sliders to change exactly how the windows wiggle.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    It Wasnt me, Mar 20th, 2008 @ 11:50pm

    i dont have a facebook acc so i cant judge on that yeah too many options is just a hastle.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This