Posts Tagged ‘Information’

Privacy Paranoia Part II: What are they afraid of?

Tuesday, October 24th, 2006

In Privacy Paranoia Part I, I questioned the assumption that people are intrinsically suspicious of data collection efforts and generally unwilling to volunteer personal information, by walking through a few everyday examples of information sharing.

However, while there are an abundance of scenarios and circumstances under which you and I are happy to reveal personal data, that does not change the stubborn fact that users generally are suspicious of data collection efforts and in many cases would choose NOT to share personal information. (Except for a lack of patience for reading fine print and paying attention to default settings on the software they install.)

Privacy Paranoia Part II addresses this apparent inconsistency which clears the path to Part III, which will address concrete ways to change user attitudes toward data collection.

The general public’s seemingly contradictory relationship with information-sharing can be explained away once we, as web service providers, accept responsibility for the reaction we provoke in our users.

In the real world, information-sharing works as a quid pro quo where both sides agree to terms they can live with and exchange information accordingly.

In the world of online services, we as service providers are attempting to engage our users in this exchange, but we present it as a one-sided deal. You give, we take. The terminology we use as an industry belie our inward focus. We don’t engage in information-sharing with our users. We collect data. We mine data. We warehouse data.

So, the million-dollar question is: What do we need to provide our users in order to engage them in an information-exchange with us?

1. Transparency of intent. As the user, if I know why you need the information you are requesting, I am more likely to give it to you, even if there are opportunities for you to re-purpose my information in ways I don’t intend.

2. Personal benefit (If I need to tell you.)

  • I give complete strangers on eBay my home address, in exchange for having my purchase arrive on my doorstep.
  • I tell my credit card company what I purchased, where I purchased and when I purchased it, in exchange for being free from the constraints of managing cash.

1 and 2 are as far as most people go. And many people have pretty low standards for 2.

3. Reputation. What is the reputation of the person/entity that is requesting this information? Are they going to maliciously misuse my information? Are they going to take care with my information? Are they even capable of understanding what “taking care with my information” means? (As in, are they clueless enough to transmit my credit card number in plain text?)

4. What else could the requester do with this information? How valuable, how sensitive is the information I’m giving out?

Today, few people weigh these factors systematically, not because they don’t want to, but because they can’t. The services, organizations and businesses asking for phone numbers, addresses, gender, income, credit card numbers and social security numbers aren’t holding up their end of the quid pro quo.

1. Transparency into the Hows, Whys, Whens and What-fors
2. Exchanging data rather than Collecting data

As a result, in place of rational evaluation, habit and confusing design rule. Some people run their own email servers and devise dozens of aliases to throw ‘Big Brother’ off the trail. Others happily hand over their data in exchange for the famous free bar of chocolate in the subway.

This makes it very hard to predict how the general public will deal with information-sharing services. The reaction could run the gamut from paranoid revulsion to earnest enthusiasm to blasé indifference. This in turn makes the quality of the data we hope to collect and build a service around, unreliable and uneven. We want everyone to be represented in the data pool, paranoiacs included.

Therefore, if we want to neutralize the randomizing influence of personality, we must find a way to walk people through evaluating questions 1-4 in a rational and considered way; and hopefully the answers they come up with convince them that participating in the information-sharing community is in their best interest.

How do we do that?

Privacy Paranoia Part I: What are we afraid of?

Wednesday, October 18th, 2006

If a stranger asked you on the street “What is your street address?” you would probably be pretty startled at his presumption and walk away. What part of town you’re from is friendly chit-chat, but street address is a tad too specific for comfort. After all, what business could he possibly have with your address? However, If that same stranger is standing behind a counter at a store, wearing a uniform asking the same question, you still might not give him your address, but you’d have a better sense of why he was asking, what he’s likely to do with the information and how it will affect your life (more snail mail SPAM).

You may also wonder if the stranger will abuse his access privileges and re-purpose your personal information for his own interests, possibly at your expense (e.g. identity theft). How likely is this? That depends on a whole host of factors from the brand and reputation of the store, your past experiences with the store, the dress and mannerisms of the stranger, personal biases, etc.

When a security gate asks you to identify yourself with your swipe card, you volunteer personal information (who you are, where you are and when you were there) without even thinking about it. The social contract is clear: If I tell you who I am, you (the disembodied security system instituted by the disembodied corporation I work for) will let me in so I can go to work, make money and support myself and my expensive spending habits. Besides, who cares if everyone in the world knows that I was at work at 9:14 AM in the morning? How could that information possibly harm me in the future?

Finally, when your doctor wants to know if you’re sexually active or abusing drugs, depending on how ill you feel, how desperate you are to feel better and the political leanings of the hospital, you’ll spill your guts, because that’s what you’re supposed to do with doctors.

Once you get past these questions of Who, Why, For What and How, you might ask yourself if the person, business or organization who is asking for your information is even capable of taking responsibility for it.

Clearly, we wear our personal information on our sleeves in a variety of ways in a broad range of situations every day, multiple times a day. Yet, as an industry, we’ve pretty much given up on the idea that users will volunteer personal information to a web service. Instead, we resort to not-so-subtle tricks that we hope our users won’t notice. Clever default settings and EULAs we know our users don’t read. However, this is neither the right way to go about building a user base, nor is it sustainable. It is also, by no means, the only way.

Privacy Paranoia Part II: What are they afraid of?

FreshBooks Aligns Data Collection with its Customers’ Interests

Wednesday, October 11th, 2006

I think FreshBooks is attempting something very interesting.

[Freshbooks is geared toward small businesses and/or independent contractors. From their Manifesto: “Our mission is to deliver fast and simple invoicing and time tracking services that help you manage your business.”]

They are asking their users to optionally classify their profession/industry. In return, participants gain access to business metrics for their industry, based on aggregations of data collected from the Freshbooks user population.

The examples they give are

  • “What is the average invoice size for [your profession]?”
  • “How long does the average [your profession] take to get paid?”
  • “What is the average monthly revenue of other [your profession]?”

I would imagine this will raise many a small business eyebrow. However, they still feel thin and generic to me. I want to know:

  • “How many years of experience do other professionals in my industry have?”
  • “What are their industry credentials? Education? Training? Skill set? Work experience?”
  • “What is the quality of their clientèle?”
  • “Where is there operation based?”
  • “What kind of capital investments have they made?

Collecting data from users is not new. Collecting data from users to provide a service is not new (if you consider targeted advertising a user service). However, there is something unique about what Freshbooks is doing that differentiates it from the various other data collection efforts on the internet. They have figured out a way to provide data to their customers that provides tangible, monetary value to their users; value that their users would probably be willing to pay for, and value that is difficult (expensive!) if not impossible for them to get anywhere else.

Furthermore, Freshbooks’ model turns the tables on data collection and privacy. In place of a parasitic relationship where Internet Company as Big Brother spies on users in order to make big bucks selling Targeted Advertising, a symbiotic exchange is established where users happily provide personal data in exchange for a tangible good in return. Sounds too good to be true? It probably is in the immediate future.

It’s worth noting that

  1. Freshbooks is collecting data from a real service they provide (as opposed to polls and surveys). This minimizes the risk of collecting bogus data.
  2. Because FreshBooks implies they will only tell you about the industry you indicate (thereby encouraging you to provide an accurate categorization or be given useless data) data inaccuracies due to user information distortions should be minimal.
  3. Freshbooks is being at least semi-transparent about what they’re doing with the data they collect. As a result, Freshbooks is establishing a trust relationship with their users, which turns the data they collect from their users into a renewable resource, as opposed to one (advertising) that runs dry as soon as users find out they’re being spied on.I say semi-transparent because:3a. Freshbooks is not being completely forthright about who else they may or may not be selling this data to.3b. Implicit is the fact that Freshbooks can also use this data to optimize their own business and pricing strategies.
  4. Although they are not charging for this data yet, the information (to any given customer) would probably be valued at at least $100s/year. (How Freshbooks might choose to monetize that value is a different story.) By contrast, the dollars that Freshbooks might have been able to get from selling targeted advertising for that customer’s eyeballs is unlikely to approach $100/year.
  5. Freshbooks reassures its users that their data is only used in its “anonymous aggregate form”. However, the term ‘data aggregates’ is so vague as to be largely useless. Freshbooks still doesn’t have a complete story about how they will protect the individual identities of their users.
  6. I’m not clear on how this new program jibes with the FreshBooks privacy statement, which under the heading “Ownership of Data Submitted to Active FreshBooks Subscriptions” suggests that user data is owned by the user, not by FreshBooks. How then does Freshbooks have the right to aggregate and share your data with other users? Does Freshbooks only collect data from users who opt-in to share/view data? If so, that severely limits their data pool. I wonder how many of their 90,000+ users are considered active and will opt-in…?

I’m very interested to hear if this sticks, and if their users are able to jump over the hurdle of giving up a little bit of privacy for a little bit of information. The relevancy of the data will presumably be a factor in continued participation.

What they should be doing:

  • Providing context about what’s missing: It is as important to understand who isn’t participating in providing data, as it is to know who is.
  • Provide context about their users: It is as important to understand the demographics, circumstances and nature of the other participants as it is to know what they raw accounting numbers are. After all, do I, as an small-town consultant really care what the big boys are charging on Madison avenue?
  • Taking a lot of care with the aggregates such that some sort of data-release scandal doesn’t come and bite them.
  • Refrain from using their data for parasitic reasons which undermine the trust relationship they’re building with their users.
  • Provide a way for users to cleanly and completely end their participation in the data collection program.

While time will tell what happens with the execution of this effort, I am excited by the attempt: A business that collects data from their users and returns to them business intelligence, rather than handing over the customer relationships they built to the highest pay-per-click bidder.

Get Adobe Flash player