10
Designing for Privacy Information is a commodity. Corporations are passing around consumer behavioral profiles like brokers with stocks, and the vast majority of the American public is none the wiser of this market's scope. Very few people actually check the permissions portion of the Google Play store page before downloading a new app, and who has time to pore over the tedious 48-page monstrosity that is the iTunes terms and conditions contract? With the advent of wearables, ubiquitous computing, and widespread mobile usage, the individual's market share of their own information is shrinking at an alarming rate. In response, a growing (and vocal) group of consumers is voicing its concerns about the impact of the effective end of privacy online. And guess what? It's up to designers to address those concerns in meaningful ways to assuage consumer demand. But how can such a Sisyphean feat be managed? In a world that demands personalized service at the cost of privacy, how can you create and manage a product that strikes the right balance between the two? That's a million dollar question, so let's break it into more affordable chunks. Transparency The big problem with informed consent is the information. It's your responsibility to be up front with your users as to what exactly they're trading you in return for your product/service. Not just the cash flow, but the data stream as well. Where's it going? What's it being used for? 99.99% of all smartphone apps ask for permission to modify and delete the contents of a phone's data storage. 99.9999% of the time that doesn't mean it's going to copy and paste contact info, photos, or personal correspondences. But that .0001% is mighty worrisome. Let your users know exactly what you're asking from them, and what you'll do with their data. Advertise the fact that you're not sharing it with corporate interests to line your pockets. And if you are, well, stop that. It's annoying and you're ruining the future. How can you advertise the key points of your privacy policies? Well, you could take a cue from noted online retailer Zappos.com. Their "PROTECTING YOUR PERSONAL INFORMATION" page serves as a decent template for transparency.

Designing for Privacy

Embed Size (px)

Citation preview

Page 1: Designing for Privacy

Designing for Privacy

Information is a commodity. Corporations are passing around consumer behavioral profiles likebrokers with stocks, and the vast majority of the American public is none the wiser of this market'sscope. Very few people actually check the permissions portion of the Google Play store page beforedownloading a new app, and who has time to pore over the tedious 48-page monstrosity that is theiTunes terms and conditions contract?

With the advent of wearables, ubiquitous computing, and widespread mobile usage, the individual'smarket share of their own information is shrinking at an alarming rate. In response, a growing (andvocal) group of consumers is voicing its concerns about the impact of the effective end of privacyonline. And guess what? It's up to designers to address those concerns in meaningful ways toassuage consumer demand.

But how can such a Sisyphean feat be managed? In a world that demands personalized service at thecost of privacy, how can you create and manage a product that strikes the right balance between thetwo?

That's a million dollar question, so let's break it into more affordable chunks.

Transparency

The big problem with informed consent is the information. It's your responsibility to be up front withyour users as to what exactly they're trading you in return for your product/service. Not just thecash flow, but the data stream as well. Where's it going? What's it being used for?

99.99% of all smartphone apps ask for permission to modify and delete the contents of a phone'sdata storage. 99.9999% of the time that doesn't mean it's going to copy and paste contact info,photos, or personal correspondences. But that .0001% is mighty worrisome.

Let your users know exactly what you're asking from them, and what you'll do with their data.Advertise the fact that you're not sharing it with corporate interests to line your pockets. And if youare, well, stop that. It's annoying and you're ruining the future.

How can you advertise the key points of your privacy policies? Well, you could take a cue from notedonline retailer Zappos.com. Their "PROTECTING YOUR PERSONAL INFORMATION" page serves asa decent template for transparency.

Page 2: Designing for Privacy

They have clearly defined policies about what they will and won't do to safeguard shopperinformation. For one, they promise never to "rent, sell or share" user data to anyone, andimmediately below, they link to their privacy policy, which weighs in a bit heavy at over 2500 words,but is yet dwarfed by other more convoluted policies.

They also describe their efforts to safeguard user data from malicious hacking threats through theuse of SSL tech and firewalls. Then they have an FAQ addressing commonly expressed securityconcerns. Finally, they have a 24/7 contact line to assure users of personal attention to their privacyqueries.

Now it should be noted that this is a template for a good transparency practices, and not precisely agreat example of it. The content and intention is there, so what's missing?

Good UX.

The fine print is indeed a little too fine, the text is a bit too dense (at least where the actual privacypolicy is concerned), and the page itself is buried within the fat footer on the main page.

So who does a better job?

CodePen has actually produces an attractively progressive solution.

Page 3: Designing for Privacy

As you can see, CodePen has taken the time to produce two different versions of their ToS. A typical,lengthy bit of legalese on the left, and an easily readable layman's version on the right. Providingthese as a side by side comparison shows user appreciation and an emphasis on providing a positiveUX.

This is all well and good for the traditional web browsing environment, but most of the problemswith privacy these days stem from mobile usage. Let's take a look at how mobile applications aretaking advantage of the lag between common knowledge and current technology to make a profit offof private data.

Mobile Permissions

In the mobile space, the Google Play store does a decent job of letting users know what permissionsthey're giving, whenever they download an app with its "Permission details" tab:

Page 4: Designing for Privacy
Page 5: Designing for Privacy

As you can see, Instagram is awfully nosy, but that's no surprise. Instagram has come under fire fortheir privacy policies before. What's perhaps more surprising, is the unbelievable ubiquity withwhich invasive data gathering is practiced in the mobile space. Compare Instagram's permissions toanother popular application you might have added to your smartphone's repertoire:

Why, pray tell, does a flashlight have any need for your location, photos/media/files, device ID and/orcall information? I'll give you a clue: it doesn't.

"Brightest Flashlight Free" scoops up personal data and sells it to advertisers. The developer wasactually sued in 2013 for having a poorly written privacy policy. One that did not disclose the appsmalicious intentions to sell user data.

Now the policy is up to date, but the insidious data gathering and selling continues. Unfortunately, itisn't the only flashlight application to engage in the same sort of dirty data tactics. The fact is, youhave to do a surprising amount of research to find any application that doesn't grab a bit more datathan advertised, especially when the global market for mobile-user data approaches nearly $10billion.

For your peace of mind, there is at least one example of an aptly named flashlight application whichdoesn't sell your personal info to the highest bidder.

Page 6: Designing for Privacy
Page 7: Designing for Privacy
Page 8: Designing for Privacy

But don't get too enthusiastic just yet. This is just one application. How many do you havedownloaded on your smartphone? Chances are pretty good that you're harboring a corporate spy onyour mobile device.

Hell, even the Holy Bible takes your data:

Is nothing sacred? To the App developer's credit, they've expressed publicly that they'll never selluser data to third party interests, but it's still a wakeup call.

Privacy and UX

What then, are some UX friendly solutions? Designers are forced to strike a balance. Apps need datato run more efficiently, and to better serve users. Yet users aren't used to the concerns associatedwith the wholesale data permissions required of most applications. What kind of design patterns canbe implemented to bring in a bit of harmony?

First and foremost, it's important to be utilitarian in your data gathering. Offering informed consentis important, letting your users know what permissions they're granting and why, but doing so inperformant user flows is paramount.

For example, iOS has at least one up on Android with their "dynamic permissions." This means iOSusers have the option of switching up their permissions in-app, rather than having to decide all ornothing upon installation as with Android apps.

Page 9: Designing for Privacy

http://techcrunch.com/2014/04/04/the-right-way-to-ask-users-for-ios-permissions/

Note how the Cluster application prompts the user to give access to their photos as their interactingwith the application, and reassures them of exactly what the app will do. The user is fully informed,and offers their consent as a result of being asked for a certain level of trust.

All of this is accomplished while they're aiming to achieve a goal within the app. This effectivelymoves permission granting to 100% because the developers have created a sense of comfort withthe application's inner workings. That's what designing for privacy is all about: slowly introducing auser to the concept of shared data, and never taking undue advantage of an uninformed user.

Of course, this is just one facet of the privacy/UX conversation. Informing a user of what they'reallowing is important, but reassuring them that their data is secure is even more so.

Safeguarding User Data

Asking a user to trust your brand is essential to a modern business model, you're trying to engendera trust based relationship with all of your visitors, after all. The real trick, however, is convincingusers that their data is safe in your hands--in other words, it won't be sold to or stolen by 3rd parties,be they legitimate corporations or malicious hackers.

We touched on this earlier with the Zappos example. Zappos reassures its shoppers with SSL,firewalls, and a personalized promise never to share or sell data. All of which should be adopted asindustry standards and blatantly advertised to assuage privacy concerns.

Building these safeguards into your service/application/website/what-have-you is extremelyimportant. To gain consumer trust is to first provide transparency in your own practices, and then toprotect your users from the wolves at the gate.

Fortunately, data protection is a booming business with a myriad of effective solutions currently in

Page 10: Designing for Privacy

play. Here are just a few of the popular cloud-based options:

Whatever security solutions you choose, the priorities remain the same. Build trust, and moreimportantly: actually deserve whatever trust you build.

It hardly needs to be stated, but the real key to a future where personal privacy still exists, is toactually be better people. The kind that can be trusted to hold sensitive data.

Is such a future still possible? Let us know what you think in the comment section.

Kyle Sanders is a member of SEOBook and founder of Complete Web Resources, an Austin-basedSEO and digital marketing agency.


Usable Privacy and Security 5-899 / 17-500 / 17-800 Designing for Privacy Student Lecture by John Wyrick February 22, 2007

Usable Privacy and Security 5-899 / 17-500 / 17-800 Designing for Privacy Student Lecture by John Wyrick February 22, 2007

Documents
Research Article Designing a Facebook Interface for Senior Usersdownloads.hindawi.com › journals › tswj › 2014 › 741567.pdf · Facebook s privacy options: Post to and View

Research Article Designing a Facebook Interface for Senior Usersdownloads.hindawi.com › journals › tswj › 2014 › 741567.pdf · Facebook s privacy options: Post to and View

Documents
EPSRC NEMODE network + Designing Privacy In: Setting … · EPSRC NEMODE network + Designing Privacy In: Setting the Research ... Workshop Proposal - Privacy by Design: The Research

EPSRC NEMODE network + Designing Privacy In: Setting … · EPSRC NEMODE network + Designing Privacy In: Setting the Research ... Workshop Proposal - Privacy by Design: The Research

Documents
Privacy by Design : Big Privacy for Big Data

Privacy by Design : Big Privacy for Big Data

Documents
Designing the User Experience for Online Privacy, at IAPP Navigate 2013

Designing the User Experience for Online Privacy, at IAPP Navigate 2013

Technology
Privacy Acknowledgement: Jason Hong, CMU. Overview of Privacy Why care? Why is it hard? Thinking about and Designing for Privacy –Specific HCI issues

Privacy Acknowledgement: Jason Hong, CMU. Overview of Privacy Why care? Why is it hard? Thinking about and Designing for Privacy –Specific HCI issues

Documents
Cybersecurity: Designing for Privacy · Cyber threats and fraud schemes continue to evolve, but reinforcing best practices and building strategic resiliency plans remain the foundation

Cybersecurity: Designing for Privacy · Cyber threats and fraud schemes continue to evolve, but reinforcing best practices and building strategic resiliency plans remain the foundation

Documents
Privacy Dynamics: Learning Privacy Norms for Social Software

Privacy Dynamics: Learning Privacy Norms for Social Software

Technology
Auditing for Privacy and Security Compliance - American Health Information Management ... · 2009-06-22 · Designing Auditing Programs Estimating the resources needed • Staff,

Auditing for Privacy and Security Compliance - American Health Information Management ... · 2009-06-22 · Designing Auditing Programs Estimating the resources needed • Staff,

Documents
Enhancing Web Browser Privacy and Security Awareness · Designing an Email Application for Tabletop Interfaces in Instrumented Environments Dominik Andreansky 09.Februar 2010 Antrittsvortrag

Enhancing Web Browser Privacy and Security Awareness · Designing an Email Application for Tabletop Interfaces in Instrumented Environments Dominik Andreansky 09.Februar 2010 Antrittsvortrag

Documents
Chapter 3 Designing Safer Chemicals. General Principles General Principles for Designing for Designing Safer Chemicals Safer ChemicalsMethods for Designing

Chapter 3 Designing Safer Chemicals. General Principles General Principles for Designing for Designing Safer Chemicals Safer ChemicalsMethods for Designing

Documents
Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Systems

Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Systems

Documents
Designing a Secure and Privacy-Preserving Data Collection

Designing a Secure and Privacy-Preserving Data Collection

Documents
Designing Privacy-preserving Smart Meters with Low-cost

Designing Privacy-preserving Smart Meters with Low-cost

Documents
Designing of Secure Privacy Preserving Algorithm for ...lightweight secure provenance scheme in detecting packet forgery and loss attacks. Keywords: Wireless Sensor Network, Secure

Designing of Secure Privacy Preserving Algorithm for ...lightweight secure provenance scheme in detecting packet forgery and loss attacks. Keywords: Wireless Sensor Network, Secure

Documents
Designing Network Security and Privacy Mechanisms: …videos.rennes.inria.fr/GIPSy/JP-Hubaux/GIPSy-Hubaux-2.pdf · Designing Network Security and Privacy Mechanisms: How Game Theory

Designing Network Security and Privacy Mechanisms: …videos.rennes.inria.fr/GIPSy/JP-Hubaux/GIPSy-Hubaux-2.pdf · Designing Network Security and Privacy Mechanisms: How Game Theory

Documents
Designing location services for privacy

Designing location services for privacy

Technology
Privacy Information for Advisors. Agenda PIPEDA Advisor Required Privacy Program Our MGA Privacy Program Recommendations for Advisors

Privacy Information for Advisors. Agenda PIPEDA Advisor Required Privacy Program Our MGA Privacy Program Recommendations for Advisors

Documents
Designing for Privacy in Mobile and Web Apps - Interaction '14, Amsterdam

Designing for Privacy in Mobile and Web Apps - Interaction '14, Amsterdam

Design
Making privacy core business For OAIC: Privacy

Making privacy core business For OAIC: Privacy

Documents
Designing For Privacy Safe Data Sharing, via Semantic Web Architecture (a sketch)

Designing For Privacy Safe Data Sharing, via Semantic Web Architecture (a sketch)

Documents
P4: Designing an Effective Privacy Program...1. P4: Designing an Effective Privacy Program. David Behinfar,Chief Privacy Officer University of North Carolina Health Adam Greene, Partner

P4: Designing an Effective Privacy Program...1. P4: Designing an Effective Privacy Program. David Behinfar,Chief Privacy Officer University of North Carolina Health Adam Greene, Partner

Documents
6/3/2015ICPS 20061 Designing a Publish Subscribe Substrate for Privacy/Security in Pervasive Environments Lukasz Opyrchal Miami University, Oxford, OH

6/3/2015ICPS 20061 Designing a Publish Subscribe Substrate for Privacy/Security in Pervasive Environments Lukasz Opyrchal Miami University, Oxford, OH

Documents
Framing the future of privacy: citizens’ metaphors for ... › content › pdf › 10.1007 › s40309-017-0115-7.pdfreforming privacy governance and designing information systems

Framing the future of privacy: citizens’ metaphors for ... › content › pdf › 10.1007 › s40309-017-0115-7.pdfreforming privacy governance and designing information systems

Documents
Designing Privacy into Internet Protocols IAB Privacy Program

Designing Privacy into Internet Protocols IAB Privacy Program

Documents
Designing a Solid Privacy & Data Protection Programme by Enabling Organisational Cooperation & Teamwork

Designing a Solid Privacy & Data Protection Programme by Enabling Organisational Cooperation & Teamwork

Law
Large-Scale Privacy-Preserving Statistical Computations for … · 2020. 9. 15. · designing fast algorithms for the statistical tests applied in GWAS: it implements state-of-the-art

Large-Scale Privacy-Preserving Statistical Computations for … · 2020. 9. 15. · designing fast algorithms for the statistical tests applied in GWAS: it implements state-of-the-art

Documents
Data Science and Designing for Privacy

Data Science and Designing for Privacy

Documents
PRIVACY PAPERS FOR POLICYMAKERS...Privacy Papers for Policymakers 2020 |

PRIVACY PAPERS FOR POLICYMAKERS...Privacy Papers for Policymakers 2020 |

Documents
Privacy Assessment of Software Architectures …showing wide acceptance of their approach. Analyzing, designing, and auditing distributed software architectures with regard to privacy

Privacy Assessment of Software Architectures …showing wide acceptance of their approach. Analyzing, designing, and auditing distributed software architectures with regard to privacy

Documents