Privacy: Managing the New Currency of the Social Web

29 Jan

privacy imageMollie Vandor is the Product Manager for and Media Director for Girls in Tech LA. You can find her on Twitter and on her blog, where she writes about the web, the world and what it’s like to be a geek chic chick.

The privacy policy might seem like just another box you have to check when signing up for a site. But in today’s web world, privacy is much more than just another barrier to registration, and it will only become more important as we move into the social, semantic world of web 3.0.

Privacy is the core currency of the social web, and like any other type of currency system there’s an exchange rate. In this case, the equation boils down to how much privacy the user is willing to give up in exchange for the features and functionality a site provides. It’s a tricky equation, and the answer varies for every user and for every site. But, with targeted advertising, connected social networks and constant lifestreaming becoming more mainstream by the day, privacy is poised to become one of the core issues that defines the relationship between users and websites. Understanding how and why that relationship works — or doesn’t work — is going to become a hallmark of both smart sites and smart users.

The Common Ground

Like most transactions, privacy on the web is generally governed by a contract, often known as the “privacy policy.” There is some boilerplate language you can expect to see in pretty much every privacy policy on the web. Most sites will save your cookies, track your IP address, and store your login, registration and contact info. Despite the “Big Brother is watching” fears sometimes associated with words like “tracking” and “cookies,” you can rest assured that most publishers respect the fact that with great tracking power comes great responsibility. So, they’re using this information to serve up more appropriate ads, help you log back in if you forget your password, and make sure that they’re legally covered in case you turn out to be a 12-year-old kid in a place you’re not supposed to be surfing.

Publishers are generally pretty cautious in how they use this information, and sites are certainly learning from the very public battles web giants like Facebook have fought when their users feel uncomfortable with their privacy policies. Of course, there are different comfort levels for different users on different types of sites, particularly in the social media sphere. Although many privacy policies start with the boilerplate blah-blah-blah, the modern social network seems to fall into one of three categories when it comes to crafting their particular balance of privacy and functionality.

The Social Network: Share & Share a Lot

Since the Friendster days, social networks have walked a fine line between protecting a person’s personal information and helping their members meet each other. Recently, with the rise of real-time social search and the development of entire app-based ecosystems, that line has become even blurrier as social networks struggle to stay both open and private at the same time.

It’s in the best interests of sites like Facebook, MySpace and LinkedIn to make their users feel safe and secure in sharing their information. The more they can convince you to feel comfortable sharing within their walled-off networks, the more incentive there is for other people to use their particular platform to stay up to date on what you’re up to. However, it’s also in these sites’ best interests to keep connections flowing between members, developers, and the major search engines.

Social networks have always had a vested interest in helping members find each other, often by making certain types of information publicly searchable by default on their sites. There’s also a relatively new and growing demand for social network statuses to show up in third-party search engines, and that demand will only continue to grow as more and more customers come to expect everything on the web to arrive in real-time.

These sites have a good reason for wanting to open their data up to search engines now, and they are expecting that consumers will be more receptive to these real-time deals. After all, if you want to see Facebook updates in your Google results, you’re going to have to accept that, at some point, Google had to index those updates. And Facebook — amongst other sites — seems to be banking on the idea that you might be willing to let that wall down a bit in order to gain those Google results.

As a result, many major social networking sites have recently started splitting the information you give them into different categories, some of which is considered public by default, and some of which isn’t. This distinction appears in privacy policies from MySpace to Meebo, where categories of information tend to be broken up into personal, profile information, and publicly posted content and activity. Users can then control who sees these different categories by defining different groups of connections with different levels of access.

Regardless of the site, these groups all start at public and end at totally private, which is nothing new. However, the definition of “public” has changed. Whereas “public” was once considered to mean “open to all users of a social networking site,” it has now become synonymous with “the entire Internet.” This adds a whole new layer of people with access to the privacy pyramid.

A similar shift in privacy expectations is also occurring as social networks become more open to third-party developers who seek to link their applications to the rich networks of data that large social networks have to offer. With 14.3 million users allowing the Mobsters app to access their MySpace data, and 69 million users playing Farmville, it’s clear that people are willing to open up their profiles and forgo some of their privacy in exchange for the services a third-party app developer has to offer. That’s why many sites are now adding clauses allowing them to connect third-party developers to your personal profile information — provided you approve that connection.

LinkedIn’s privacy policy is a perfect example of the balance many sites are trying to strike between encouraging third-party development and protecting your privacy. It explains that the site will “enable you to share your information and communicate with other Users, or provide (usually at your option) your personal details to third parties offering combined services with LinkedIn.” By putting the onus on the user, LinkedIn and sites like it allow the millions of users who want to exchange their information with developers to do so, while keeping the default settings at a more conservative level of privacy.

The Communication Platform: For Everyone’s Eyes Only

everyone imageTumblr, Yelp, and Twitter are all social sites with distinct characteristics and uses. But when it comes to privacy policies, they all share similar struggles and similar solutions, making them more alike than you’d think. At their core, all three types of sites share the same purpose — to help the user broadcast information to a network of (presumably) interested people, many of whom the user may not know, or may not know very well.

Unlike the social networks discussed above, these sites don’t have to worry so much about creating different categories of connections, since they’re already assuming that you’re likely using them to broadcast on a one-to-many basis. So, these sites tend to protect only the most private of your personal information by default. For example, on Twitter, the standard privacy settings make a user’s name, bio and tweets publicly available, and the privacy policy clearly states that “Most of the information you provide to us is information you are asking us to make public.” However, geotagging is one of the few features that is disabled by default for all Twitter users, meaning that you must actively give the company permission to annotate your content with your location. Clearly, Twitter has decided that most users will accept their content being made public by default, but that location is something their users are not willing to exchange so easily.

Yelp does something similar in that their privacy policy posits that all content you create on Yelp is public, but they do promise to protect your most personally-identifying information when sharing that public content across the web. Yelp’s privacy policy says, “When we distribute your submissions to third parties, we typically include your account name (but not your personal information unless you include your personal information in your submissions).”

Tubmlr takes a similar approach, promising to protect your personally-identifying information while also warning the user that “if you submit information to ‘chat rooms,’ ‘forums’ or ‘message boards’ such information becomes public information, meaning that you lose any privacy rights you might have with regards to that information.” By refraining from specifically defining what a “forum” or “message board” means in the Tumblr universe, the company puts the burden on the user to figure out where their information will be public and where they can expect it to remain private. With monthly unique visits in the millions, it seems that Tumblr’s users don’t mind that very much. Clearly, the users creating content on these communication platforms are expecting an exchange rate that favors finding friends, followers, readers and reviewers to maintaining personal privacy.

Ultimately, these communication platforms do rely on that particular attitude towards privacy being a core attribute of their main user base, and so they provide policies that allow for a lot of information sharing, streaming and searching by default. Of course, users can always restrict the flow of that information by setting their profiles to private or protecting their status updates, but the reality is that for sites like these, it’s often as much in the user’s interest to broadcast to many as it is for the site itself.

The Location-Based App: Where You At?

Like communication platforms, location-based apps have a bit of a luxury when it comes to putting their privacy policies together. They know their users are already open to the idea of giving up a certain amount of privacy in exchange for a certain level of connectivity. After all, why else would you use Foursquare, Loopt, Gowalla, or any other service that exists for the sole purpose of sharing your location with friends? The tricky thing for location-based services is figuring out how to make users feel safe sharing something as private as location with an entire network of people, while also allowing those users to do the things they signed up for in the first place.

That’s why these apps tend to be the most conservative when it comes to the privacy exchange rate — their very functionality hinges on users exchanging information. Loopt explains it well when they write “Loopt uses your personally identifiable, registration, profile, and location information to operate, maintain, and provide to you and other Users all of the features and functionality of the Loopt Services.” Users give information to get access to the service. If a user chooses to disclose less information, they receive fewer benefits of the service.

For example, in Gowalla’s case, the site automatically adds you to the feeds of a particular location when you check in there. Should you choose to turn that feature off, Gowalla says, “your check-ins will not be credited in the spot feed nor will you appear in Top 10 lists amongst other things.” Similarly, you can’t become the mayor of a place on Foursquare unless you upload a profile picture.

Users looking to make the most of a particular location-based app are also increasingly turning to third-party services like Facebook, Twitter and MySpace to share their statuses with their entire social networks. This presents another privacy policy challenge to these sites, as they must address the way user information is shared outside the relatively close confines of their protected, proprietary networks.

Foursquare recently revised its privacy settings to allow users to specify very specific kinds of information to be sent to each site they connect their account to. A user can specify different levels of privacy for their friends on Facebook and their followers on Twitter. They also built a caveat into their privacy policy that allows them to share certain pieces of profile information in search results — both within the network and outside of it. They couched this caveat in the promise that sharing the really personal stuff would still be up to the user, since that information would only be viewable by the user’s friends. Loopt also puts the onus on the user to dictate their own privacy policy by specifying that Loopt will only share personally identifiable information with third parties based on the user’s personal settings.

The location-based apps expect their users — or at least their power users — to be willing to give up a certain level of privacy in exchange for features and functionality. The amount of people doing so tends to be much higher on these sites than it does on the traditional social network. However, these location-based sites also put users in control of the exchange rate, allowing them to easily manage the publicity of their updates and information.


Ultimately, it is up to users to take that kind of control on all social sites. The only truly effective privacy policy is the one a user sets for himself by being conscious of the value of privacy as currency and making informed decisions about these exchange rates. And while that consciousness starts by understanding why different sites treat privacy the way they do, it ends with the user making educated choices about what to share and where to share it. The best privacy policies are not written by coders, copywriters or corporate lawyers. They’re the ones observed by people who know what they want from the web, and what they’re willing to give up to get it. That makes privacy a much more important issue than that innocuous little checkbox seems to imply.

More social media resources from Mashable:

- Why Facebook’s Privacy Changes are Detrimental to Users
- HOW TO: Use Facebook Privacy Controls on Your Fan Page
- How Social Media Creates Offline Social Good
- Zen and the Art of Twitter: 4 Tips for Productive Tweeting
- 3 Ways Educators Are Embracing Social Technology
- 5 Ways Foursquare is Changing the World

Images courtesy of iStockphoto, gulfix, exdez

Reviews: Facebook, Foursquare, Friendster, Google, Gowalla, LinkedIn, Meebo, MySpace, Tumblr, Twitter, Yelp, iStockphoto

Tags: facebook, foursquare, gowalla, linkedin, loopt, myspace, online privacy, privacy, privacy policy, social media, social media privacy, social networks, tumblr, twitter