Redesigning Facebook’s Privacy Settings – Part 1

An Exercise in User Experience Design

There has been a lot of discussion recently about Facebook and privacy. Users are angry, upset, and concerned that Facebook is exposing their private information without their consent.

JP Mangalindan from Fortune.com recently contacted me and asked me and several other User Experience professionals and designers how we would redesign Facebook’s privacy settings (if you want to jump ahead and see the end result, view his article here).  I then started working on what turned out to be an incredibly challenging design problem.  I quickly learned that creating a safe and secure environment on the popular social network while still accomplishing Facebook’s desire to increase information sharing is easier said than done.

The challenges include needing to thoroughly understand the current privacy concerns, what needs user have to address these concerns, and how to design an interface that not only puts a new face on the current system, but addresses deeper issues with how privacy is integrated into the user experience.

The Redesign Process

So, how do you go about solving these problems?

The process I went through can be broken down into a series of steps, which mirror a typical User Experience Design process.  Many believe it’s easy to jump to creating a visual design, but by going through the User Experience process, many ideas can be analyzed and iterated upon before committing to a high fidelity solution.

In this post, I will discuss the first three steps in the process that involve research and strategy.  The next post in this series will explore the final three steps showing how I arrived at the final design solution.

1. Start with Research
2. Define the Problem
3. Craft a Strategy
4. Sketch, Sketch, and Sketch Some More
5. Narrow Down Ideas and Wireframe
6. Apply a Visual Design

1.  Start with Research

I started by engrossing myself in as much information as possible regarding Facebook’s privacy settings and the issues users have with its implementation.  There have been thousands of articles written about this issue in the past few weeks alone.

From what I read, some key trends emerged:

1. Trust: Many users don’t trust Facebook. Recent reports of Facebook disclosing IP addresses, private chats, and pending friend requests lead many users to believe that Facebook could (intentionally or unintentionally) disclose any of their information at any time.
2. Anger: Some users are angry that Facebook is seemingly making radical changes to what was once a simple, secure way of sharing information with your friends.
3. Worry: Many users are concerned that they are going to unintentionally disclose personal information, whether to people within their social network or to the wider public, with potentially negative consequences.
4. Confusion: Facebook’s privacy settings confuse many of its users, making them appear difficult to manage.  This confusion is likely causing some users to over share their personal information.
5. Overwhelmingness: New Facebook features are being rolled out at a rapid pace, making users have to adjust to an ever-changing environment.  Users have to put in a significant amount of work into understand all of these changes.

In addition to user concerns, I also looked into Facebook’s approach to privacy and what they’re trying to achieve as a business.  While much of Facebook’s strategy is still unknown, what I found included:

1. CEO Mark Zuckerberg has been quoted as saying that privacy is no longer a “social norm” and that users are moving towards making information public.
2. Matt McKeon’s “The Evolution of Privacy on Facebook” shows a clear shift in approach from localized sharing of information to sharing personal information with the public.
3. Barry Schnitt, Director of Corporate Communications and Public Policy at Facebook, has admitted that page views and advertising are part of the motivation behind making information public.

While my solutions ultimately focused more on user needs, I wanted to create a flexible solution that still allowed opportunities to encourage increased information sharing.

2.  Define the Problem

The research I collected led me to focus on two primary types of privacy issues prevalent on Facebook today:

1. Unwanted public disclosure of information: Outside of friend interactions, there is a layer of third party and public visibility to profile information and activity. There is a level of fear, mistrust, and confusion over what information is shared publicly. By default, this information is difficult to find and users must often opt-out to public disclosure of information.
2. Difficult management of social networks: Users have a hard time managing who sees what within their social network. In our real lives, we disclose different things to different groups of people. On Facebook, by default, everyone is grouped together. It requires a significant amount of work to manage your friends list and monitor your activity to make sure that information is exposed to the right people. Because of this difficulty, personal information is frequently exposed to unintended audiences.

3.  Craft a Strategy

The next step was to define some key changes that need to be made on Facebook in order to address the two primary issues listed above.  It would be easy to state “Just make it simpler!” and redesign the privacy settings page to expose different ways of managing your settings.  However, my research exposed that privacy on Facebook needs to be treated as a system of multiple interconnected pieces.  Focusing only on redesigning the privacy settings page would not solve some of the core issues that people have understanding and managing their privacy.

The strategy I followed focused around three key themes:

1. Increase visibility of privacy information by placing it in context of user interactions
2. Assure users that information they disclose is being disclosed to the intended audience
3. Improve clarity around privacy settings

I then focused on specific ways of addressing the two key problems identified above.

Ways to address unwanted public disclosure of information:

1. Default to opt-into any personal information disclosure that will be seen outside of your friends
2. Provide a prominent visual indicator of the level of public information currently being disclosed
3. Visually indicate changes to public information disclosure and one-click settings to turn it on/off
4. Encourage and contextually incorporate reasons why you should opt-in to disclosing more information and clearly communicate its benefits as opposed to making this decision on the user’s behalf

Ways to address the difficult management of social networks:

1. Make it easier to see who can see what within your network
2. Reduce the amount of work needed to manage friend groupings, or lists, in order to control information access
3. Provide visual feedback while posting information that indicates who can see your activity
4. Provide contextual assistance to guide you in making smart choices before exposing information to part of your network

With a defined direction and an understanding of the high-level elements that would be incorporated into the redesign, I was ready to start figuring out how these ideas manifested themselves in Facebook’s interface.

I should note that ideally, at this stage in the process as well as during the design ideation phases that follow, these concepts should be validated with end users and tested to gauge value and understanding.  Also, the ideas need to be discussed with the business.  Without this, there is the risk of going down a path that ultimately will not be successful.  This project is more of a proof of concept than an actual recommended solution as a result.

The next post will explore the rest of the process in more detail, including how the strategy I have described translated into an interface.