from the keep-it-simple-stupid dept
Facebook has unveiled a new set of privacy settings that have been getting some positive reviews in some quarters. While I'm always happy to see a company that's not afraid to experiment with new privacy protections, I think Facebook has some more work to do on this one.
One problem has been identified by Chris Soghoian: if you're in an academic network, you can theoretically limit access to your profile based on each viewer's academic status at your institution. So if you're an undergrad, you can set things up so that your friends can see those pictures of you doing body shots, but your professors and TAs can't. The problem is that apparently, peoples' status is self-reported, and can easily be changed. So a nosy grad student could temporarily switch his status to "undergrad" and to get access to an undergraduate's photos. This seems like a problem.
The more fundamental flaw, I think, is that there are now way too many options. The exact options I see on my Facebook account are different from the ones Chris sees, presumably because he's a student and I'm not. But on my version of the preferences, there are a dozen categories of information, each of which have 6 to 8 different options. For example, there are separate privacy settings for "profile," "basic info," and "personal info." Do you have any idea what is in each of those categories? I don't. And then you have to decide whether each category will be available to "Only Me," "Some Friends," "All Friends," and "Friends of Friends." And you have to decide which of your "networks" will be able to see that information. And you can provide a list of people to exclude.
This is a bewildering array of options, and it's likely to retard the usefulness of Facebook's privacy features. When it comes to user preferences, a handful of carefully chosen options is better than allowing users to adjust every conceivable setting. A well-designed user-interface should economize on the user's valuable time and attention by giving him a reasonable number of options that encompass the most likely use cases. If you give users a huge number of options, most of them will give up in frustration, leaving them in a much worse position, privacy-wise, than if you'd given them a smaller menu of easy-to-understand options to choose from.