Facebook Looks To Resolve Dashboard Privacy Flaw. Will It Be Enough?

One week ago we wrote about a new dashboard privacy flaw that exposes users’ application activities. While it isn’t a major issue yet as the new design hasn’t been rolled out to all users, Facebook is in the process of rolling out their new homepage design to a large (unknown) number of users. So what is the privacy flaw and what is Facebook doing to resolve it? Read on to learn more.

The Problem As Of A Week Ago

Under the new Facebook design, users are able to view the application activity of their friends from the application dashboard area. The problem was that users could not opt-out of having their information displayed, and the result was that information some users wouldn’t want to have displayed was showing up. For example, those users visiting dating applications had their activity displayed in users’ application activity feeds (pictured below), something they probably wouldn’t want their friends to know.

What’s Being Done

After being alerted to the problem, Facebook has announced additional steps to protect users. The first is encouraging some application developers to hide user activity. In an update posted last night, Facebook states:

If you think your application might be of a nature that your users wouldn’t want to share with friends (your application lets users discuss health issues, for example), we encourage you to enable the Hide User Activity option on the Advanced tab of your application settings in the Developer application

Will developers choose to turn off what could potentially be a significant viral channel to improve the overall experience? In the past developers have opted to be “more viral” when given the opportunity, however Facebook could theoretically choose to force some developers enable the option. We’ll have to wait to learn more about this and see how it evolves.

Additionally, Facebook has stated that users will have some control over application activity visibility:

We’re also working on giving users the ability to control how their application activity is featured in the dashboards, and it will go live shortly after the dashboards launch to users.

The Fundamental Privacy Flaw Remains At Large

While Facebook is clearly taking steps to protect users, the company has not yet clarified how they will ensure that users don’t have unwanted notifications show up in their friends’ application activity feeds. It’s a dynamic similar to the one which arose during the previous Beacon fiasco. We’ll explain the dynamic through a few use cases:

  • Users are given the opportunity to opt-out – In theory, Facebook could allow users to protect their information by giving them the opportunity to opt-out of application activity notifications. The only problem with this is that many users may not be aware that their activity is being published by default. In other words it’s a lack of transparency with users as this was not a fundamental component of applications when they were first installed. Enabling such a feature for all previously installed applications should require some form of disclosure.
  • Users are given the opportunity to opt-in – Another option for Facebook is to allow users to opt-in to application activity stories, including all applications previously installed. Unfortunately, most users will not opt to display their application activity.
  • Users approve application stories moving forward – A third option is for Facebook to disclose that these stories will be generated for all future applications that a user installs. Users will have to approve automated activity stories generated by any applications that the user previously installed.
  • Responsibility falls on the developers – The last option is for Facebook to force developers to make a decision as to whether their applications are “of a nature that [their] users wouldn’t want to share with friends”. I can only imagine the problems arising from this option though.

In the use cases above, only one party receives the majority of the benefits: the developer or the user. While developers are looking for more exposure, Facebook has acted in the past in ways which protect the overall user experience. In our opinion this means developers will have a decreased exposure in comparison to the previous notification system (which also happened to degrade the user experience).

While users may rejoice once Facebook officially rolls out the new design (and dashboard system), developers may not be as happy. Those developers hoping to retain the same level of application virality following the redesign could be disappointed. While the application activity streams appeared to be some form of resolution to the lack of notifications for non-bookmarked applications issue (see here for more details), Facebook will be forced to make decisions which retain a quality user experience.

For now we will have to wait to see what use case Facebook opts for when it comes to the redesigned application dashboard. Even if it may be one that we didn’t think of. Can you think of any use cases that benefit both developers and users in this overall transition? (You could potentially argue that a better over user experience will result in a better developer platform but we’d love to hear from you in the comments!)