Embed Size (px)
DESCRIPTION
Practice privacy by design, not privacy by disaster! See the talk here: http://caseorganic.com/articles/2014/02/12/1/designing-for-privacy-in-mobile-and-web-apps-at-interaction-14-in-amsterdam Almost every application requires some gathering of personal data today. Where that data is stored, who has access to it, and what is done with that data later on is becoming increasingly important as more and more of our data lives online today. Privacy disasters are costly and can be devastating to a company. UX designers and developers need to have a framework for protecting user data, communicating it to users, and making sure that the entire process is smoothly handled. This talk covers best practices for designing web and mobile apps with the privacy of individual users in mind. Privacy has been an even bigger issue with location-based apps, and we ran into it head-first when we began work on Geoloqi (now part of Esri). Designing an interface that made one's personal empowering instead of creepy was our goal. The stories from our design decisions with our application will also be included in this talk.
Citation preview
caseorganic.com
Part I: Present Day
caseorganic.com
What is Privacy?
caseorganic.com
The ability to have control over where your content goes and who it is accessed by.
caseorganic.com
The ability to choose what content you share, view and access without being tracked.
caseorganic.com
Privacy is the ability not to be surprised.
caseorganic.com
caseorganic.com
Privacy can also be a feeling or perception of security.
This perception of security can be designed.
caseorganic.com
caseorganic.com
Privacy on the WebOld Web:
Social silos don't exist. Where you go on the web is not tracked New Web:Logged into FB, Google: everything you look at is tracked
caseorganic.com
“We invest much of our lives into virtual ‘condos’ that anyone can walk into and do what they like.”
-@rahulsen79
caseorganic.com
We're all sharecropping
indiewebcamp.com/sharecropping
caseorganic.com
Changing user interfaces
twitter.com
caseorganic.com
How can we design for privacy?
1. Temporary Solution (Privacy by Design) 2. Longer term Solution (Data Ownership)
Privacy by Design: Ann Cavoukian, Ph.D. Information & Privacy Commissioner, Ontario, Canada. http://www.privacybydesign.ca/
caseorganic.com
Part II: Privacy by Design
caseorganic.com
Smartphone Cameras
caseorganic.com
Google Glass
caseorganic.com
What was different?• Design and product launch
• Developer on-boarding fail • Secrecy/Mystery/Exclusivity
• Closed system
• Too many features
• Price
caseorganic.com
Results•Reduced play•Confusion•Pseudo-elite status•Fear•Speculation
Questions people ask me when I’m wearing Google Glass
caseorganic.com
caseorganic.com
Compare to iPhone Developer Launch
Development tools available before new hardware/OS released
• $99 fee • Launch: many apps • People had phones already
Trying to "Calm" the device
Headbanding: “moving one's Glass before entering an establishment"
caseorganic.com
caseorganic.com
Half of privacy is perceived The idea of privacy is socially created and attached to behavioral norms.
Behavior can change when norms change.
caseorganic.com
SuccessNarrative (formerly Memoto)
http://getnarrative.com/
caseorganic.com
Why? •Designed to be "calm"•Built upon previous products (iteration)
•Clearly defined. (Lifelogging device).
•Not at eye level. Small friendly rounded corners
•Not immediate (download later)
caseorganic.com
Part III: Building privacy into mobile and web apps
#dataprivacy
caseorganic.com
1. Get a privacy policy
Privacy policies are regret management tools.
Only 30% of mobile app developers have one.
caseorganic.com
Minimum Viable Privacy Policy:
Who you are (identity and contact details),
Categories of personal data the app wants to collect/process,
Why the data processing is necessary (for what precise purposes),
Whether data will be disclosed to which third parties
Data withdrawal rights and account deletion policy
https://www.iubenda.com/blog/2013/06/10/the-need-for-privacy-policies-in-mobile-apps-an-overview/
caseorganic.com
2. Simplify and ConsolidatePrivacy policies should be easy to understand
Create two sections – Plain Text and Legalese
caseorganic.com
Terms of Service; Didn't ReadMEDIUMReserves the right to use your name and content for any purpose forever, even if they get acquired in the future.
WikiaCommunities don't own their content and can't transfer it off their site.
tosdr.org (thanks bret.io!)
caseorganic.com
How many of you have read the entire iTunes privacy policy?
caseorganic.com
What about Creative Commons?
caseorganic.com
3. Allow people to access /export their data
caseorganic.com
4. Privacy by design vs. privacy by disaster
Privacy consideration should be incorporated into every aspect of your app.
Web, legal, user experience, messaging, marketing and development.
Act now or be forced to act later.
caseorganic.com
5. Consolidate and simplify settings and permissions
Make controls easy to access.
On/off switches, simple settings.
caseorganic.com
6. Contextual Privacy
Instagram, Facebook, Foursquare do this well.
Expose privacy controls with every piece of content that can be created or shared
caseorganic.com
7. No one is perfect
Hosting user data is a privilege, not a right
Apologize immediately if you make a mistake. Fix the problem immediately
caseorganic.com
8. Authentication and Permissions
• Allow for temporary
authentication
Show data options and
time
caseorganic.com
When in doubt give control
8. Authentication and Permissions
caseorganic.com
9. Community Involvement
caseorganic.com
10. Be Clever: Accomplish your goals in the least amount of moves*
*even/especially if it takes more time to think about the solution.
caseorganic.com
Part IV: The Future of Privacy and Data Ownership
caseorganic.com
Easier to Consumevs. Create
caseorganic.com
caseorganic.com
Own your own data
Build your own website
Use social networks for distribution
Web frameworks will emerge that will make this easier
caseorganic.com
What happened?
caseorganic.com
Blogs | RSS Readers
caseorganic.com
2003: RSS/ATOM WARS
caseorganic.com
Pingbacks/Trackbacks:a way to tell if someone linked to your site
caseorganic.com
Pingback Spam
caseorganic.com
Picking up from where 2003 left off
. Need a way to own our data1. Learn and improve on what we're doing!
2. Just implement something
caseorganic.com
POSSEPublish (on your) Own Site, Syndicate Elsewhere
Tweet is published to your own site and sent by your domain to Twitter
indiewebcamp.com/POSSE
caseorganic.com
PESOSPublish Elsewhere, Syndicate (to your) Own Site
indiewebcamp.com/PESOS
caseorganic.com
Webmentions
indiewebcamp.com/PESOS
caseorganic.com
Webmentions
caseorganic.com
Indiewebcamp.com
caseorganic.com
Why do we need an IndieWeb?
Afraid of losing your photos and files1 Frozen account due to violated TOS2 Lost content due to acquisition3 Silos profiting off your data 4 The ability to create again
indiewebcamp.com/why
caseorganic.com
caseorganic.com
Freedom!The freedom to decide what content and what types of content to publish, and to store over time
Control your UI/UX – you decide
Own your content forever
indiewebcamp.com/why
caseorganic.com
Homestead, don't Sharecrop!A home for your data
• Your blog becomes a creative outlet for you + learning place for new stuff
• Hyperlinks on the open web, giving web back its richness
www.onebigfluke.com/2012/07/focusing-on-positives-why-i-have-my-own.html
caseorganic.com
Thank you! caseorganic.com
Interaction '14Amber Case@caseorganic
