The Erosion of Privacy on Facebook: Read the News and Audit Your Account

Could Facebook have grown its community to hundreds of millions of users so quickly if it had not promised to protect the privacy of its users? I suspect the answer is "no." Users trusted Facebook, and they signed up in droves.

Evidently, the company feels it has grown big enough that it can rescind its earlier promises about data privacy and weather whatever micro-storm of protest ensues. As has been much reported, the company is changing its privacy policies and—just as importantly—its UI for controlling privacy settings.

The policies now lean toward disclosure rather than containment. The new UI controls require one to click, click, click with the perseverance of a busy switchboard operator to regain most of the privacy one enjoyed a few months ago. Alas, it's impossible to regain all of it.

Facebook wants to ensure that it and its partners have access to as much personal information as possible. That's how they'll make money.

Their loosey-goosey manner of opening the floodgates leaves users vulnerable to all sorts of hacks, exposing private data not just to Facebook and its partners, but also to any hacker or marketer with sufficient diligence and cunning. (See Wired Magazine's article, Rogue Marketers Can Mine Your Info on Facebook.)

Users, understandably, are unhappy. Fifteen organizations have banded together to file a complaint to the FTC. User defections are becoming more common and well publicized. Facebook management is scrambling to the respond.

For a quick summary of what's changed, what's new, and how exposed your own Facebook account is, consult the following.

Analysis

Electronic Frontier Foundation

Facebook's Eroding Privacy Policy: A Timeline

Updated: Facebook Further Reduces Your Control Over Personal Information

Quote from this second article:

Today, Facebook removed its users' ability to control who can see their own interests and personal information. Certain parts of users' profiles, "including your current city, hometown, education and work, and likes and interests" will now be transformed into "connections," meaning that they will be shared publicly. If you don't want these parts of your profile to be made public, your only option is to delete them. . . .

But even for an innocuous interest like cooking, it’s not clear how this change is meant to benefit Facebook's users. An ordinary human is not going to look through the list of Facebook's millions of cooking fans. It's far too large. Only data miners and targeted advertisers have the time and inclination to delve that deeply.

New York Times

Facebook Privacy: A Bewildering Tangle of Options (a chart showing the hierarchy of Facebook's new privacy settings)

Office of the Privacy Commissioner of Canada

Report of Findings into the Complaint Filed by the Canadian Internet Policy and Public Interest Clinic (CIPPIC) against Facebook Inc. Under the Personal Information Protection and Electronic Documents Act (2009)

Wired Magazine

Public Posting Now the Default on Facebook (December 2009)

Quote:

Facebook estimates that 80 to 85 percent of its users have stuck with the default privacy settings, which means hundreds of millions of users will soon be publishing to the entire net, by default when they type into their status box. The previous defaults for status updates were “Friends of Friends” and networks, including geographic ones with millions of users, while photos defaulted to everyone.

Audit Tools

Profile Watch: Scans your privacy settings and rates your exposure on a scale of 1 to 10.

ReclaimPrivacy.org: Scans your Facebook privacy settings and provides detailed analysis of your exposure, along with links to the Privacy Settings page on which you can make adjustments for a particular score.

If you know of other useful audit tools, please let me know.

Thanks to Sarah Evans for the link to Profile Watch and to Chris Marino for the link to Reclaim Privacy.

Photo credits:

http://www.flickr.com/photos/calliope/ / CC BY 2.0

A Gentle Critique of McAfee Product Marketing

Fifteen-second summary of the marketing lessons discussed in this post:

1. Write, chat, and speak in plain English.
2. Don't put populating fields in your CRM system above serving your customers.
3. Create demos that really demonstrate.
4. Build Web sites with tiers of information, so if customers want to dig for details, they can.

If you've already practicing what these lessons preach, feel free to click away and find useful instruction elsewhere.

But if you harbor a sliver of a doubt about your own organization's ability to do all the things I've listed above, then read on . . .

The Story

One of my systems needs to go into the shop for repairs. It's an old system, and it's got a ton of files on it. Some of the files are confidential, so I'd like to encrypt them. I don't need to encrypt the whole disk, just certain files and folders.

I know that there's disk encryption software out there, and I'm sure that David Strom (a writer I know and like) has written about this sort of thing, and I thought about digging up his old columns. But I'm a customer of McAfee's. Their AV software came installed on my laptop, and I'm pretty happy with it. So I decided to start there. Actually, I decided to look at McAfee, Symantec, and PGP.

Let's take these in reverse order. PGP emphasizes whole disk encryption and encryption for email (not something I'm looking for at the moment). Their disk encryption software, which I'm sure is very good, starts at $99 (though that page is a little hard to find; looking for it just now, I ended up on a page for a similar product costing $149). Not egregiously expensive, but more than I was looking to pay. After all, I just want to encrypt a few folders.

A quick glance at Symantec's Web page describing their security products for Home systems leads me to conclude that they offer a bunch of nice features, but not disk encryption.

Which brings us back to McAfee. Of the three vendors, McAfee's positioning for the home computer market seems to be the strongest. Their Web page design is bright and clear, and Web copy doesn't suggest that you need to place an order of 100 units or more to begin to be interesting to their sales organization.

Here's their Web page for their encryption product, which it turns out is called McAfee Anti-Theft.



I think this page is well done. (None of my quibbles concern McAfee's UI design but rather their UX design.) To call attention to just a few things I like about this page:

• It's clear and legible. There's a product shot and a check list of key features.


• There's a bright "Buy Now" button with a legible footnote explaining exactly what it is you're buying.


• The ribbon-like design treatment in the upper right reinforces the suggestion of trust conveyed by the gold badge. It looks like they've won a badge for merit.


• More technical details, such as the fact that the product supports AES encryption, appear below. (As they should. Headlines up top. Details down below.)
  

You'll notice that below the photo of the box, there's a View Demo button. That's where my trouble with trying to purchase McAfee Anti-Theft began.

The demo animation runs for roughly 2:30 (two minutes, thirty seconds). Of that, 1:30 is a slide presentation basically recapitulating the information that appears on the Web page. OK, fine. I realize you're selling to the home market, and you need to spell things out really clearly. The last minute presents a demo showing how to set up a "vault," assign it a password, and drag files into it.

The last minute of the demo—the real demo part of the "demo"—is good as far as it went. But it only showed a file or two being dragged into the vault. I wondered if I could drag whole folders. I mean, yes, almost certainly in 2010, I would expect that a product like this would accept folders, as well as files. But the demo didn't show any folders being dragged in. The Web copy doesn't mention "files and folders"; it repeatedly just says "files." The 2-page data sheet, which I opened as a PDF, does not include the word "folder." Which made me wonder: can you drag in whole folders? Wouldn't that have been an easy thing to show or mention, if it did?

Every now and then you buy a product assuming it will do X and Y, and you discover that no, it only does Y.

OK. This is a pretty straightforward question. Can I drag whole folders (preferably a multi-layer hierarchy of folders) into a McAfee Anti-Theft Vault. Yes or no? Yes, folders, or no, just files?

I click around the site. Suddenly there's a chat window popping up on my screen. OK, fine. I'll start a chat. This should be easy.

Here's a transcript. (With names changed: I have no interest at all in impugning any individuals here; I'm simply concerned with site architecture and process. I have a great deal of sympathy and admiration for people who work in call centers and help desks, and my admonition to myself [which I admit to sometimes failing to heed] is to always be unfailingly polite.)

Chat Conversation	Commentary
Please wait while we find an agent to assist you... Hello, welcome to McAfee Chat. My name is John Doe. Please briefly describe your goal or question so I can connect you with the best resource to meet your objectives.	Wow. Who wrote that? It's so stilted. It reads like it came out of a committee that drew a diagram on a white board analyzing customer requests ("some of the users will have goals and others will have questions, so our copy should reflect that"). It reminds me of a story a tech-writer friend told me about starting at a company where a fellow writer greeted her with the words, "I'll be happy to show you the supply cabinet where you can obtain all the supplies which you'll utilize." And it makes me admire companies like eBay who make a concerted effort to make their Web copy clear and friendly. McAfee's chat greeting is a cold bucket of corporate-ese splashed on a user who on the Web site was treated as an ordinary home computer user trying to protect his tax returns or pictures of favorite grandchildren. But this opening copy, though awkward, is important. The person I'll be chatting with is not someone who has answers; he's not even someone who is supposed to have answers. He's less of a support rep and more of a concierge who will direct me to someone who really does (supposedly) have answers. Two thoughts here: First, McAfee should make this process quick. This hand-off provides no direct value to the user; it's simply an implementation detail for McAfee. Second, let's explain this role in a friendly way. Something like: "We have a lots of different groups at McAfee. First we're going to connect you to a Customer Service Concierge who will find out what you're looking for, then transfer you to the right group. We'll make this quick." But for now, I need to describe my goal or question. Then I'll be connected to the best resource.
John Doe(the name I'm giving the rep in this blog post): How can we help you today?	That's better. "How can we help you?" Friendly and to the point.
Customer: Quick question. With the Anti-Theft product, do I have to drag files into the vault one at a time, or can I drag entire folders and subfolders? John Doe: Were you considering purchasing protection today?	Uh-oh. To answer my question, you shouldn't need to know whether or not I'm about to purchase. I'm happy to talk to a sales rep at some point, but a lot of inside sales people don't know technical details. But OK, fine. I'll go along with this.
Customer: Yes. John Doe: Ok, what I can do for you is transfer you to one of our Sales Agents and they can assist you in processing your order and make sure you get the appropriate product Customer: Before I buy it, though, I'd like an answer to my question. Customer: I'm comparing it to PGP's product, which apparently lets me encrypt folders. John Doe: A Sales Agent will be able to assist you with your questions as well John Doe: My purpose is to direct you to the best resource that can help you with your inquiry. By asking a few questions I can determine what kind of assistance you need, in this case our sales team Customer: OK. John Doe: OK, I will need to collect some information in order to manage your request appropriately. Can you please provide your first and last name email address and your phone number	So I'm in a chat session in which a customer service rep needs to collect more contact information so McAfee can answer a question about a basic feature of a product. Chat sessions imply instant service; that's why users join them. If I had wanted to get talk to a salesperson on the phone, I would have called Sales. But already we're talking about "processing my order." I still don't have an answer to my question.
Customer: I don't want a phone call. I just want an answer to my yes-or-no question. You can email me at [ email address ]. John Doe: As per your question you have to simply drag the files to the vault. Is anything else I can do for you? Customer: I know I can drag individual files. Can I drag entire folders? Customer: If I have a folder hierarchy with 120 files, do I have to drag them all individually? The demo on the Web site is pretty cursory, and it shows only individual files being placed in the vault. John Doe: If you need assistance with that you have to contact tech support, as I mentioned I am only an operator to direct you to the appropriate department to assist you. You can visit www.mcafeehelp.com or contact them at 1866-622-3911	They won't answer my question by email or by transferring me to another chat agent. They have to have a phone number. Or I can call Technical Support. What's wrong with email? Why offer the chat session at all? Why not just post numbers for Sales and Tech Support? Somewhat stunned.

Oh, if only that 2:32 video had been 2:37 and showed a folder being dragged. Unless, of course, it couldn't.

So I called McAfee sales. I spoke to a service rep. She asked if I was a customer. I said I was, but that it shouldn't matter: I was calling about a different product, and I just had a simple question. She said she needed my email address before she could continue. I gave her a valid email address. It turned out not be the one in their records. I asked her if she could direct me to someone technical who could answer my question. It's a yes/no question, I reminded her. She told me to look for technical information on the Web site. I told her I wasn't going to buy her product and said good-bye.

As I mentioned earlier, I was almost certain that David Strom had written about disk encryption products for personal computers. I surfed to his site, www.strominator.com, clicked on a few tags, found the relevant article, saw that he uses PGP Disk but also recommends some free open source products.

I found an open source product that supports AES encryption of files and folders. Installed it. Encrypted my files. Yes, the interface is not as friendly as the interface to the McAfee product, but it's the end of the day now, and my files are encrypted. I still don't know if the McAfee product can encrypt whole folders in addition to individual files.

And now, nor do I care. I've solved my problem. And my biggest expense was time dealing with McAfee marketing and customer service.

A Lesson

I understand the temptation of sales and marketing folks to capture every interaction in a CRM. Budgets are tight, and accountability is more important than ever.

But workflows shouldn't put collecting CRM data over fast, friendly service. A single rep with a good, old-fashioned FAQ or knowledgebase would have made my day more pleasant and McAFee $29.95 richer. That's chump change, I realize, but I wonder how often interactions like this play out across all the various call centers at McAfee.

A Reminder that Digital Doesn't Mean Forever

I enjoyed Alberto Manguel's earlier book, The City of Words, so now I'm reading his new book, The Library at Night. In a chapter called "The Library as Space," Manguel reminds us just how fragile digital data can be:

"The tools of the electronic media are not immortal. The life of a disk is about seven years; a CD-ROM lasts about ten. In 1986, the BBC spent two and a half million pounds creating a computer-based, multi-media version of the Domesday Book, the eleventh-century census of England compiled by Norman monks. More ambitious than its predecessor, the electronic Domesday Book contained 250,000 place names, 25,000 maps, 50,000 pictures, 3,000 data sets and 60 minutes of moving pictures, plus scores of accounts that recorded "life in Britain" during that year. Over a million people contributed to the project, which was stored on twelve-inch laser disks that could only be deciphered by a special BBC microcomputer. Sixteen years later, in March 2002, an attempt was made to read the information on one of the few such computers still in existence. The attempt failed. Further solutions were sought to retrieve the data, but none was entirely successful. "There is currently no demonstrably viable technical solution to this problem," said Jeff Rothenberg of the Rand Corporation, one of the world experts on data preservation, called in to assist. "Yet, if it is not solved, our increasingly digital heritage is in grave risk of being lost." By contrast, the original Domesday Book, almost a thousand years old, written in ink on paper and kept at the Public Record Office in Kew, is in fine condition and still perfectly readable."

It's sobering to think of all the business and family records transferred to CD-ROM, supposedly permanently, so that paper originals could be done away with. A great deal of copying lies ahead. . . .

Photo of the Domesday Book in public domain.

The Biggest Problem in Social Media is Content

Producing it, that is.

Without content, Facebook fan pages are as empty and hapless as a shuttered shopping mall.

Without content to link to, tweets are endlessly chatty and will likely fail to produce measurable returns.

Without a steady stream of content, blogs are updated irregularly, or with the turning of the seasons. Or perhaps those intermittent posts uncannily coincide with a product marketing manager's dental appointments, when he or she finally has some down time with a laptop and a mouth too numb to return calls.

We've all seen the pattern: Company X is won over to the importance of social media. They figure out what their blog will be about, who will write the drafts, what the approval process will be, and so on.

With much fanfare, the blog is launched. And the initial post sits there. And sits there. And who has time to write a second post? Or update the Facebook page? Or tweet?

To help company X (and companies Y and Z, as well, because this problem seems common), here are some suggestions for getting content on line.

Leverage What You Have

Has your company just launched a product, published a white paper, or hosted an event? Write a short description and link to the relevant Web page, PDF, or Flickr photo set.

(Speaking of Flickr photo sets, make sure someone on your team has a digital camera. Then set up a Flickr account and link to it from your blog, your tweets, and so on.)

Put Blogging on the Agenda

Track the production of blog posts, Facebook updates, and other social media content just like you track the production of anything else. Like any accountable activity, each content production task should be assigned a name and a date.

While your team is discussing projects, events, and announcements, ask what can or should be shared through social media. What could be published on a blog or Facebook page? What news or links could be tweeted?

Get in the habit of asking what social media content can be wrung from any major activity or milestone.

Let Us Join Your Great Conversations

Over lunch, you and a colleague had a great discussion about something relevant to your industry.

Share it with us. Ask for our comments. When we post comments, respond.

Make Jotting Ideas Down a Habit

Create a folder on your desktop for blog ideas. Or if you use a note-taking application like Evernote, set up a Notebook for blog ideas. Or simply carry a notebook or a stack of index cards.

When an idea pops into your head, jot it down. Then spend 15 minutes a day, sorting through your ideas and filling them out, converting your hasty note or outline into a short post of 250-500 words. It's best if you make that 15 minutes early in the day, before you're interrupted or trapped in meetings.

The nice thing about this approach is that you're suddenly able to accomplish big things (writing that content you haven't found time to write) by taking a bunch of little steps. You never have to face the daunting prospect of a Blank Page Expecting a Complete, Well-formed Piece of Writing (cue organ music and the Wilhelm scream). You're simply jotting down idea you've already thought of and that's practically begging you to record it, or you're developing an idea you've already written down and simply producing a short, pithy elaboration. And you're writing regularly. And your blog and your Facebook page are living up to your expectations. Wow.

What Have You Read or Seen that Inspired You?

Tell us. Ask questions about it.

Make Lists

Like this one. You can't only make lists. But a list now and then is a fine idea.

And The Most Important Thing Is . . .

Get going. Now.


Shopping mall photo credits:

http://www.flickr.com/photos/akasped/ / CC BY 2.0

Gandhi's Convertible Terms

A well known saying of Gandhi's is, "We must be the change we wish to see in the world." Often this is shortened to, "Be the change you wish to see in the world."

The shorter version makes the relationship between you and your effect on the world sound provisional. You have a choice. You can be the change (that is, you can be the way you would like the world to become), or you can not be. Perhaps you lack the motivation or rigor be that change right now. The world, in that case, will drift on its way . . .

Elsewhere in his writings, Gandhi links actions and ends more explicitly—and he doesn't let us off the hook. Gandhi says that means and ends are convertible terms. (In logic, convertible terms are terms that can be swapped.)

Your means are your ends; your ends are your means. Since you are always engaged in some kind of means (since you are always taking action, even if that action appears to be inaction), you are always shaping ends, and the nature of the former directly determines the nature of the latter, regardless of excuses, manifestos, talking points, or tweets.

In other words: Be the change you wish to see in the world? You are the change, right here, right now, whether you like it or not.

So how are you being right now? Because that's the way you are shaping the world.

Application for Business

No moment is a wasted moment. No interaction with a prospect or customer is unimportant. You are always shaping the company you hope to create some day.

Most people realize now that a company's brand isn't its logo or its Web site copy; it's the sum of its customer experiences. That recognition applies here, as well.


Photo of Gandhi statue at the S.F. Ferry Building by Yves Remedios. Creative Commons License, some rights reserved.

Using Social Media to Manage by Objectives

The New York Times recently ran an interview with Mark Pincus, the C.E.O of Zynga. It's an interesting interview. Pincus talks about the importance of employees feeling like they're in charge of something: everyone should be C.E.O. of something. He also talks about hiring people who are still hungry for success and managing people by asking them to articulate a few key objectives for the week.

Regarding his method of managing, Pincus says:

John Doerr [the venture capitalist] sold me on this idea of O.K.R.'s, which stands for objectives and key results. It was developed at Intel and used at Google, and the idea is that the whole company and every group has one objective and three measurable key results, and if you achieve two of the three, you achieve your overall objective, and if you achieve all three, you’ve really killed it.


We put the whole company on that, so everyone knows their O.K.R.'s. And that is a good, simple organizing principle that keeps people focused on the three things that matter — not the 10.


Then I ask everybody to write down on Sunday night or Monday morning what are your three priorities for the week, and then on Friday see how you did against them. It’s the only way people can stay focused and not burn out. And if I look at your road map and you have 10 priorities for you and your team, you probably don't know which of the three matter, and probably none of the 10 are right.


I can look at everyone's piece of paper, and their road map shows every item you were going to do and your predicted results and actual results, and then the results are in red if you missed them, yellow if they're close and green if you passed them. I think road maps are a great principle just for managing your life. It keeps everybody focused, and it lets me know what trains are on or off the tracks.

For me, the phrase that leapt off the page here was "piece of paper." Sure, one could track all these objectives on paper, but I think it makes more sense to post this information on blogs or wikis, where the objectives would be visible to all and where tagging could be used to tie individual objectives to larger departmental or organizational objectives. In other words, instead of using paper, use Jive or MindTouch or Thought Farmer. That makes the objectives amenable, too, to importing into BI tools or simple graphing tools sometimes included in these platforms. And if some objectives are sensitive or confidential, role-based access controls could be used to make them visible only to authorized managers.

There's been lots of talk about how social media platforms help workers share information and expertise. The oft-cited example is a worker discovering which colleagues in other departments have relevant expertise. Social media platforms help people discover and nurture such connections.

I hope that in the coming years, more organizations realize what powerful tools these platforms can be for strategic planning: for collecting information for use in strategic plans and for disseminating and tracking strategic objectives. Let's use these platforms for sharing information up and down the organization, as well as across, and for making strategic objectives visible and understandable to all.

Software Development by the Numbers

A couple of years ago, I was working with a software start-up that had designed an integration framework that could be used for transporting and transforming data for Rich Internet Applications (RIAs). As we prepared for our product launch, we talked to analysts about RIAs, and we evaluated partnerships with software vendors who were building toolkits for RIAs. We listened to podcasts about RIAs. We watched developer presentations. We had RIAs on the brain.

Around this same time, I attended an event hosted by the American Marketing Association in Boston. During the festivities, I struck up a conversation with someone who turned out to be a principal at a local Web application design firm. They had been in business for nearly a decade and had some big name clients.

"Getting much interest in RIAs?" I asked.

"What's an RIA?" he answered.

Wow, I thought. Is my client way too much out in front, or is this nice gentleman's Web firm a tad bit behind? Was I paying too much attention to analyst blogs and Adobe's development plans? Had I entered the "reality-distortion field" of analyst pronouncements and vendor slide shows? These new Web technologies were undoubtedly cool, but how many people were really using them?

Who's Building What

A new survey conducted by Forrester Research for Dr. Dobb's answers these questions, and more. The survey of over 1,000 Dr. Dobb's readers reveals:

• Over a quarter of the programmers surveyed said they were developing RIAs. The survey authors note that "RIAs are slowly replacing HTML when it comes to Web site development."

The survey also found that:

• Nearly 80% of programmers are using open source software for development or application deployment.
• Over 33% of developers use Subversion for source code control. The next most popular source code control tool, Microsoft SourceSafe, has a market share about one third that size.
  
• The most popular databases for application deployment are (in order) SQL Server, Oracle, MySQL, and PostgresSQL.
• Most developers still write code on Windows PCs (only 5% use Apple), and Linux and Windows are the primary operating environments for deploying applications.
• Only about 4% of developers are deploying applications in the cloud (a surprisingly low number, I think, given all the talk about cloud computing).
  
• Less than 15% of programmers spend all their time writing in a single programming language.
• Agile processes are increasingly popular: 45% of developers are using Agile processes, and of those, 20% say agile is a key part of their project's success. How about project overhead? Dr. Dobb's found that "only 2% of Agile developers feel that their methodology creates significant busywork, compared with 27% of developers doing waterfall development."
• An impressive 60% of developers don't consider their work just a 9-to-5 job. They apply their skills in side projects and for other organizations.

Forrester sees the world of software development as being in transition. (In a sense, it's always been in transition.) Their advice?

Spend more time understanding what your developers are doing both and work and outside of it, and solicit their ideas about how these technology could speed up development and cut costs for the organization.

Good advice.

If you're a developer or working on a project that involves software development, I strongly recommend that you read the full article, which was written by Jeffrey Hammond of Forrester Research, and which you can find online here.

Photo of numbers Creative Commons License, some rights reserved, by hegemonx.