Non-privacy goes non-linear

I’ve never been able to “get” Privacy as a policy issue. Sure, I can see that there are plausible nightmare scenarios, but most people just don’t seem to care. What a company, or a government, knows about one just doesn’t rate as something to worry about. Perhaps the only angle that might get the pulse racing is identity theft; losing money matters. But no identity theft stories have inflamed the public’s imagination, or mine.

The recent spate of stories about privacy on social networking sites have led me to reconsider – a little. I still don’t think Joe Public cares, but the technical and policy questions of networked privacy intrigue me more than the flow of personal information from a citizen to an organization and its friends.

The trigger for the current round of privacy worries was the launch of Google Buzz. Good Morning Silicon Valley puts it in context with Google, Buzz and the Silicon Tower, and danah boyd’s keynote at SXSW 2010 reviews the lessons and implications.

Mathew Ingram’s post Your Mom’s Guide to Those Facebook Changes, and How to Block Them alerted me to the implications of Facebook’s “Instant Personalization” features.

Woody Leonhard’s article Hotmail's social networking busts your privacy showed that Google and Facebook aren’t the only ones who can scare users about what personal information is being broadcast about them.

I think there may be a profound mismatch between the technical architectures of social networking sites, and the mental model of users.

This mismatch is an example of the “hard intangibles” problem that I wrestled with inconclusively a few years ago: our minds can’t effectively process the complexity of the systems we’re confronted with.

Two examples: attenuation and scale.

We assume that information about us flows more sluggishly there further it goes. My friends know me quite well, their friends might know me a little, and the friends-of-friends-of-friends are effectively ignorant. In a data network, though, perfect fidelity is maintained no matter how many times information is copied. We therefore have poor intuition about the fidelity with which information can flow away from us across social networks.

 It’s a truism that the mind cannot grasp non-linear growth; we’re always surprised by the explosion of compound interest, for example. On a social network, the number of people who are friends-of-friends-of-…-of-friends grows exponentially; but I would bet that most people think it grows only linearly, or perhaps even stays constant. Thus, we grossly underestimate the number of people to whom our activities visible.

My most recent personal experience was when I noticed a new (?) feature on Facebook two days ago. One of my friends had commented on the status update of one of their friends, who is not in my friend network. Not only did I see the friend-of-my-friend’s update; I saw all the comments that their friends (all strangers to me) had made. I’m pretty sure the friends-of-my-friend’s-friend had no idea that some stranger at three removes would be reading their comments.

If you find the “friends-of-my-friend’s-friend” construct hard to parse, then good: I made it on purpose. I suspect that such relationships are related to the “relational complexity” metrics defined by Graeme Halford and colleagues; Halford suggests that our brains max out at around four concurrent relationships.

I’m pretty confident that the Big Name Players all just want to do right by their users; the trouble is that the social networks they’re building for us are (of necessity?) more complicated than we can handle. It hit home when I tried to grok the short blog post Managing your contacts with Windows Live People. I think I figured it out, but (a) I’m not sure I did, and (b) I'd rather not have had to.