World Usability Day 2010: Facebook Privacy Settings

7th January 2011


Facebook is currently the world’s largest social networking and communication-based site, which according to Facebook CEO Mark Zuckerberg has somewhere in the region of 500 million registered users, 50% of whom are logging on to the site daily. It has also been estimated that Facebook now accounts for 25% of all page views in the America.  Despite its’ popularity, Facebook has been criticised for pushing its users to make more personal information public since the site launched in 2004. The creators of Facebook claim that by doing so, the company is able to offer a better service to users as well as the marketers and developers who want to communicate with them. Whilst this may be the case, some users, privacy groups and politicians have publicly criticised Facebook. Lawsuits and more recently, official investigations also being brought against the site. In December 2009 and again in May 2010 Facebook made changes to its privacy settings, causing waves of public concern about how users’ content is stored and who can actually view it.

Social networking sites may be thought to differ from other websites in that activities and content are fully, or at least for the most part, driven by the users. Users are expected to interact, post, join groups and upload content. Users are also expected to visit the site regularly and continue to do things. Presumably then, the usability of social networking sites is extremely important.

In 2007, User Vision conducted a study that looked at the usability of social networking sites such as Facebook, MySpace and the currently in decline Bebo. User Vision proposed that when it comes to personal details, Facebook should make it very clear what is happening, where information is going and who has access to it.

At our World Usability 2010 open day, we revisited the site and assessed whether or not users found the privacy aspects transparent and easy to manage as well as exploring personal attitudes towards these aspects within the social networking site.

We invited attendees to edit the security settings of a Facebook page to test how usable the privacy settings really are. We assessed awareness and attitudes towards Facebook’s privacy settings as well as the usability of altering these elements by asking them to perform 3 tasks and rate these in terms of difficulty. Prior to carrying out the tasks participants were asked about their existing attitudes towards the privacy settings. They were then asked the same questions at the end of the process to highlight any changes in attitudes based on their experiences.

12 out of the 13 people that took part in the test had a personal Facebook page, 3 of which also had a business page. The one participant that did not have a Facebook page said that this was due to concerns over how the data within their profile would be used.

Findings

Prior to the testing, 5 out of 12 participants that had a Facebook page said they felt that their content was private, with a further 4 specifying that their content was private to the extent that it was hidden from ‘non-friends’. 3 participants were unsure about their privacy settings, stating reasons such as losing track of the settings or that their content was likely to be more public than they thought.

Status updates

To test the transparency and usability of the current privacy settings, one task involved manipulating settings to prevent one user on your friends list from viewing all of your status updates. The default setting is ‘Everyone’, as shown in figure 1, with the Customize category being given less prominence at the bottom of the list. Users were generally unaware that this option existed and did not feel that the ‘Customize’ label clearly indicated that they could edit to certain specifications within this area. Users were more familiar with labeling such as ‘edit settings’, though it is likely that the number of levels users need to go down to alter these granular aspects of the settings also contributed to the difficulties in navigation and understanding the process.

 

Facebook status update options

                                             Figure 1: Status update options

 

Further issues included;

  • Users being unsure if privacy settings for status updates could be altered from the users’ page that they wanted to prevent from seeing them.
  • ‘Account’ heading not clearly suggesting that privacy settings are within this area.
  • Too many levels in the menu structure to prevent a particular person from seeing your status updates.
  • The feeling that ‘granular’ settings that allow users to alter settings in a detailed way are hidden.
  • Users did not always expect the Privacy section to be contained within the Account dropdown, instead feeling that they should be separate.

Photo privacy

In the second task users were asked to edit the privacy settings to allow only friends to see their photos. For users altering privacy settings of photos by clicking on the Account dropdown, the main issue experienced was that the ‘Edit album privacy’ option is presented as a link, whilst all other categories are presented as headings with accompanying drop-down options, as shown in figure 2.

 

Facebook customize settings page

                                    Figure 2: Customize settings page 

Public Search Listings

Task 3 required participants to prevent people from being able to view content from their Facebook page when going through search engines such as Google. The ‘Public search’ feature within the Facebook settings is enabled by default. None of the participants immediately knew where to find this feature within the privacy settings, with most unaware that it existed.

The main difficulty is that the ‘Applications and Websites’ section where users can remove themselves from the public searches is in the bottom left hand side of the ‘Privacy Settings’ main page. It is not given the prominence that users expected for a feature that they considered to be very important. Users felt that a clear ‘Search Engines’ options should be included alongside the rest of the privacy setting options.

Figure 3 shows an example of a user’s profile when searching via a public search engine with the default privacy settings in place. A profile photo can be seen, along with a selection of friends and some of her personal interests. The amount of content available to view was unexpected by users, leading them to feel that they lacked control over their Facebook privacy settings.

Public search listing view of Facebook profile page

                              Figure 3: Public Search listing

Since the current settings were shown as ‘Recommended’, users often thought that their content was available to only those on their friends list. Contrary to this belief, a great deal of the content posted and uploaded to Facebook can be seen by ‘Everyone’ by default including wall posts, status updates, photos and relationship status (shown in figure 4). Photos that individuals are tagged in and date of birth can be seen by ‘Friends of Friends’, exposing more information than they were aware of. All 13 users that took part in our test on World Usability Day (WUD) felt that the default privacy settings on Facebook left too much content exposed and that there should be an opt-in process to show content rather than the pre-set default status.

 

Facebook privacy settings page

                                   Figure 4: Privacy settings page

Difficulty ratings

We captured the difficulty ratings for each task along the following 7 point scale:

Difficulty rating scale

 

 

Altering Privacy Settings results

Conclusions


At the start of the test, users were asked if they felt that their content on Facebook was private. 5 out of the 12 users that had a Facebook account felt that it was, with 4 feeling that it was hidden from ‘non-friends’. When asked the same question at the end of the test, ten out of the twelve users no longer felt that their content was private, stating that labels should be clearer and important calls to action made more visible. A recurring theme was that users felt all privacy settings should be clearly placed within one page rather than having to navigate around the site to find separate settings. It was felt that the default settings should be set to allow only ‘friends’ to see uploaded content, with an opt-in approach to sharing content with other users rather than the current opt-out process. At the end of the testing, most of the users felt that Facebook had deliberately made the privacy settings difficult to manipulate. As highlighted, there are a number of issues that need to be addressed in order to make the privacy settings within Facebook more visible and transparent to avoid users unknowingly sharing information.

What can you do next?

Want this article on your website?

Laurene McCaffertyIf you liked this article, feel free to republish it on your own website. All that we ask is that you include the citation below, including links, at the end of the article.


This article was written by Laurene McCafferty. Laurene is a Usability Consultants at User Vision, a usability and accessibility consultancy that helps clients gain a competitive advantage through improved ease of use.

 

Submit this article to:

The starting point for any web project should be a task analysis of the information and features that users need. The second step is to construct information architecture for this content.

Jakob Nielsen.