Lightning talk version of my Designing for Privacy in an Increasingly Public World presentation for Design Museum Week, presented Wednesday, April 27, 2022
3. • In 2021, we learned that
Facebook, the most popular
social media platform on the
planet had been hacked
• 533 million user’s phone
numbers and personal data
were leaked online
• Fraud & identity theft on the
rise during the pandemic
• FTC: 1.4 million reports of
identity theft in 2020 — double
from 2019
Data Security & Identity Theft
4. Clearview.ai, a facial
recognition platform offers
services to law
enforcement.
They downloaded over 3
billion photos of people
from the Internet and
social media and used
them to build facial
recognition models for
millions of people without
their permission.
Facial Recognition Illustration: Elena Lacy for
Wired
Photo by Kyle Glenn
5. The New York Times
reported on how the
donation site for Donald
Trump deployed “dark
patterns” to trick
supporters into agreeing
to recurring donations,
earning the campaign a
huge spike in
contributions
Dark Patterns
6. Data Sharing
A 2019 survey by RSA found only 17%
of respondents said it was ethical to
track their online activity to personalize
ads.
Apple rolled out a new iPhone privacy
feature called “App Tracking
Transparency,” which prevents apps
from following you across the internet.
Hugely popular in US: Only about 20%
of iOS users allowing apps to track them
so far.
8. “Arguing that you don't
care about the right to
privacy because you
have nothing to hide is
no different than saying
you don't care about
free speech because
you have nothing to
say.”
— Edward Snowden, former CIA
employee, NSA leaker
Why Care About Privacy?
9. • Even if we’re not concerned with a particular privacy
issue, we’re not designing for ourselves
• If we’re designing for privacy, we’ll consider the
needs of people not like ourselves — people with
different backgrounds and experiences
• That means researching privacy issues, but also
interviewing or talking to people with diverse
backgrounds and lived experiences
Why Care About Privacy?
10. For example, LGBTQ youth should
feel their privacy is secure when
reaching out for help online.
In this sense, privacy issues are
very often also diversity issues.
Privacy is a key consideration for
inclusive design.
Why Care About Privacy?
Screenshot from The Audre Lorde Project’s Facebook page
11. We may need to explain to our clients the impacts of ignoring privacy concerns.
• Civic responsibility: Encourage clients to treat their “end users” as human beings,
who are members of their community
• Reputation management: Remind clients that what companies do can undermine
their brands
• Site abandonment: Using dark patterns may anger people, prompting them to
leave your site for another with a more transparent experience
• Financial consideration: Fine for not following the increasing number of laws and
regulations (GDPR & California Consumer Privacy Act)
Even if there’s an up-front cost to designing for privacy, the long-term costs can be
devastating.
Our Role
13. In her Privacy by Design
manifesto, Dr. Ann Cavoukian
recommends making privacy the
“default setting” in our designs
and says privacy should be
“embedded” into design.
What are some practical ways to
ensure we’re doing that?
Best Practices
“Privacy by Design: The 7 Foundational Principles”
by Dr. Ann Cavoukian
Founder of Global Privacy & Security by Design and the former Information and Privacy
Commissioner for the Canadian province of Ontario
15. Dark Patterns
UX designer Harry Brignull
coined the term dark pattern: a
“user interface that has been
carefully crafted to trick users
into doing things” that you didn’t
mean to do — like buying or
signing up for something.
16. Dark Patterns
“Dark patterns are the
canaries in the coal mine
of unethical design.
A company who’s willing
to keep a customer
hostage is willing to do
worse.”
— Mike Monteiro, Ruined by
Design
17. Here on a major airline site, the customer
has already chosen Basic Economy but
"Move to Main Cabin”— which costs $100
more — is placed as a large red button
where you’d typically find a "Next" button.
Here the pattern is used to trick people
into an upsell.
But the same pattern is used to trick
people into sharing their personal
information in ways they didn’t intend to.
Dark Patterns
18. Strava, a popular app for runners, automatically
tagged other runners when you passed them if they
didn’t change their settings.
This feature had a name: Flyby.
If you clicked on a face, it showed the user’s full
name, picture and a map of their running route —
effectively revealing where they lived.
This happened without you following users and
without them knowing they were sharing their
activity.
After receiving criticism, Strava did change the
default setting to private. But it should have always
been private.
Dark Patterns
20. Be specific about what data is shared—
especially when sharing PII.
Personally identifiable information —
data points such as name, email, phone
number, social security number, mother’s
maiden name, can be used to steal
people’s identities and to commit fraud
87% of the U.S. can be uniquely
identified by just their date of birth,
gender, ZIP code (Those items aren’t
even considered PII.)
Imagine how much damage a bad actor
can do with just 3 data points of PII.
What Data Is Used?
22. Consider this an opportunity to explain the benefits of
sharing their data:
• Does it ensure a better experience in the future?
• Does it personalize ads and offers for them?
And if you can’t explain the benefits, consider whether
you’re designing the right sort of product.
Why Is Data Used?
23. Why Is Data Used?
The home insurance app Lemonade
sets a great standard for transparent
privacy policies.
They include an itemized, detailed
explanation of what personal
information you’re sharing, as well as
why.
They also promise never to sell your
information to third parties.
“TL;DR: We will never, ever, sell your data to
anyone.”
25. Clear Language
In 2019 The New York Times studied 150
privacy policies from various platforms.
They described what they found as an
“incomprehensible disaster.”
They described AirBnB’s privacy policy as
“particularly inscrutable.”
Vague language and jargon allow for
broad interpretation, making it easy
companies to defend their practices in a
lawsuit but hard for us to understand
what’s really going on.
26. Twitter advises you to read
their privacy policy in full
but highlights key aspects
of it up front advising you
to pay attention to those
specific points.
Clear Language
28. User Controls
Google offers a Privacy Checkup with high
level descriptions of how your personal data
is being used and why.
They allow you to turn off activity tracking,
location history, your YouTube history, your
Google photo settings, check which third
parties have access to your information, and
access other key settings all in one sort of
privacy dashboard.
30. Easy to Find
Contextual and easy to find also means
…
Onboarding — Explaining in detail how
you use people’s data when they’re
using your app for the very first time.
“Just in time” alerts – Alerting users in
the moment—when they’re about to
share data in a new way—even if
they’ve already been using your
experience.
31. Easy to Find
Mozilla displays robust
Privacy information by
default in a dedicated tab
when you download and
open their Firefox
browser for the first time.
32. Remind users regularly about their
privacy options
And actively encourage them to take
advantage of them
Reminders
7
33. Reminders
Facebook allows you to set
reminders to do a privacy
checkup every week, month, 6
months or year.
Google also has a feature,
which will send you a reminder
to check your privacy settings.
34. One final point:
Never change users’ privacy settings
without telling them in advance.
And ensure they have the option to opt
out.
Never Change Without Notice
8
35. A few years ago, Facebook made users’ “likes” visible
overnight, which consequently may have outed some people
in the LGTBQ community or revealed people’s personal,
political or religious beliefs.
When I asked an employee how they justified this change,
they responded that the company valued transparency and
wanted people to be transparent about their interests.
Facebook’s founder Mark Zuckerberg had even famously said
privacy was no longer a “social norm.”
Never Change Without Notice
36. We don’t have the right to make decisions about other
people’s personal data on their behalf.
Assuming everyone’s information can safely be made
public is a belief that comes from a position of privilege.
We should never make decisions like this, which can
profoundly affect people’s privacy without their explicit
consent.
Never Change Without Notice
37. We talk a lot about “empathy” in
design.
If we design with empathy, we
won’t design experiences we
wouldn’t want to use ourselves.
And we won’t design using “dark
patterns” either.
Conclusion
Photo by Josh Calabrese
38. Privacy is not about secrecy.
It’s all about control.
— Dr. Ann Cavoukian
If we want to ensure people have control over their
own personal information
If we want to ensure the experiences we design are
user friendly and truly “user-centered”
We’ll keep these best practices for privacy in mind
Conclusion
Photo by Zanardi, Unsplash
Notas do Editor
Design for Privacy & Security – Presentation for Early Careers Experience new employees by Robert Stribley
As presented on 14 March 2022
Privacy Issues – What do we mean by designing for privacy?
Photo by Matthew Henry, unsplash - https://unsplash.com/photos/fPxOowbR6ls
Early April and one half billion users’ personal data revealed hacked, leaked online
https://www.businessinsider.com/stolen-data-of-533-million-facebook-users-leaked-online-2021-4
Facial Recognition
Illustration: Elena Lacy for Wired
https://www.wired.com/story/clearview-ai-scraping-web/
Dark Patterns
NYT – How Trump Steered Supporters Into Unwitting Donationshttps://www.nytimes.com/2021/04/03/us/politics/trump-donations.html
Data Sharing
Apple’s anti-tracking shield - https://www.nytimes.com/2021/09/16/technology/digital-privacy.html
What’s Our Role as Designers?
Edward Snowden
Why Privacy?
Why Privacy?
Our Role
Best Practices
Best Practices
Dark Patterns
Dark Patterns
Delta dark pattern
Dark Patterns
Maintain transparency about what personal data is used
Be transparent about why specific personal data is collected or shared
Illustration from here:
https://www.imperva.com/learn/data-security/personally-identifiable-information-pii/
Be transparent about why specific personal data is collected or shared
Be transparent about why specific personal data is collected or shared
Transparency - Explain the specific purpose behind collecting or sharing personal data – Lemonade as a good example
NYT - We Read 150 Privacy Policies. They Were an Incomprehensible Disaster by Kevin Litman-Navarro - https://www.nytimes.com/interactive/2019/06/12/opinion/facebook-google-privacy-policies.html
NYT - We Read 150 Privacy Policies. They Were an Incomprehensible Disaster by Kevin Litman-Navarro - https://www.nytimes.com/interactive/2019/06/12/opinion/facebook-google-privacy-policies.html
Clear Language
User Controls
User Controls
Easy to Find
Onboarding + Just-in-time alerts
Easy to Find – Firefox example
Reminders
Reminders – Facebook example
Never Change Without Notice
Never Change Without Notice
https://www.theguardian.com/technology/2009/dec/10/facebook-privacy
Never Change Without Notice
https://www.theguardian.com/technology/2009/dec/10/facebook-privacy
Conclusion
Photo by Josh Calabrese, Unsplash
https://unsplash.com/photos/XXpbdU_31Sg
Conclusion
Photo by Zanardi on Unsplash
https://unsplash.com/photos/GJY1eAw6tn8